On 26/01/2024 13.29, Jonathan Wakely via Liaison wrote:
> - memset_explicit
> I assume we want this.
I can't see how to specify these effects in the C++ abstract machine.
If your array goes out-of-scope after the memset, there's no way to
normatively prevent the dead-store elimination.
What about defining it in terms of writes to volatile objects?
That isn't even a terrible abuse of volatile semantics, because the observable side effects of writing to that memory really do matter. The entire purpose is to ensure that any secrets in those memory locations are not visible if there are reads that happen outside the abstract machine (e.g. reading those bytes after the object has gone out of scope, because exploit code doesn't care about our stinking "rules" and whether such reads would be undefined). Volatile semantics seem quite appropriate for writes that are non-elidable side effects and reads that happen outside the abstract machine.