The solution I have for securely erasing storage for an instance is to
control where that instance can be allocated, and to make the clearing of
space on destruct to be the responsibility of the allocator (who still owns
the memory and has it in its lifetime), not the object. The object itself
cannot do it, but the allocator can.

Not 100% a fix for secure types though, since they can still be swapped
out, held in registers during process swaps, or seen by external processes.
Two of these three can be fixed with OS-specific calls, the last needs
compiler and OS support to do. Might be a paper at some point.

On Sat, Jan 10, 2026 at 5:22 PM Sebastian Wittmeier via Std-Proposals <
std-proposals_at_[hidden]> wrote:

> Clearing out memory is difficult to make reliable, if the effect is not
> observable.
>
>
> -----Ursprüngliche Nachricht-----
>
> Think secure_string or secure_array clearing out memory in a specific way.
>
>
> --
> Std-Proposals mailing list
> Std-Proposals_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>