You are viewing a single comment's thread.

view the rest of the comments →

0
1

[–] HentaiOjisan 0 points 1 point (+1|-0) ago 

(This was all spurred by me trying to figure out if it's in fact possible to securely zero an array in portable C, and coming to the conclusion that you cannot actually do so. The compiler can and will optimize out things. And even things that it doesn't optimize now, it is allowed to optimize out later.)

First time I hear about that. Doesn't something like memset zero an array always? Or calloc instead of malloc, or just a for loop? You can use volatile if your loop is getting optimized out:

volatile char run = 1;
while(run); // Infinite loop always, even if you turn on all optimizations.

I don't understand the problem. As far as I know optimizations occur mostly at the assembly and branching level, deleting unnecessary parts of the code, and, apart from some loops that you usually really want but the compiler skips them, I have never felt that optimizations broke my code at all. And those loops were usually used for timing in microcontrollers, and adding a simple volatile fixed it for me.

I'm not an computer engineer so I might be wrong tho.

0
2

[–] NotSurvivingLife [S] 0 points 2 points (+2|-0) ago 

You are wonderfully naive on that front. Compilers are evil, full stop.

(First off, slight confusion. Volatile only works if it is applied to the original array, where I am talking about "here's an array, can you securely memset it in portable C / C++". There is a distinct difference.)

And volatile doesn't work anyways, as the compiler is allowed to make copies of variables behind-the-scenes and not zero them out. The most obvious example of this is stack on some architectures, but there are other examples also.

And no, memset does not work. The compiler is allowed to - and will - optimize out a call to memset (or equivalent) if the array is not read from afterwards. And even if the array is read from afterwords the compiler will often just optimize out the memset and propagate through the value written directly.

And there are any number of optimizations - not just these ones - compilers make that are actively dangerous for security purposes. From the sounds of it you are talking about code that's not designed to be secure, which is all very well and good in and of itself.

The problem with C / C++ is that their memory models are a subset of the memory models of the underlying hardware.

0
1

[–] HentaiOjisan 0 points 1 point (+1|-0) ago 

Hmm you picked my interest. And thanks for the explanation, I still have a lot to learn about compilers.

So in what situation would an array, that the compiler feels it's not going to be read, actually be read and needed to be zeroed? I can only think in having that array in a hard-coded address and being read from that address instead of the variable itself. And could you point out an example of a code that it's insecure because the compiler omits some part of the code if optimizations are active?

I'm not being sarcastic or anything like that, I really want to know what confuses the compiler in which situations. Could you link some kind of documentation about it? Damn, I'm kinda sad that I didn't choose computer engineering when I started in the university.