From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.7 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 963451F4C1 for ; Mon, 28 Nov 2022 16:17:36 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=clisp.org header.i=@clisp.org header.b="kWE3qjXI"; dkim-atps=neutral Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ozgow-0008Ho-QL; Mon, 28 Nov 2022 11:17:26 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ozgov-0008He-N5 for bug-gnulib@gnu.org; Mon, 28 Nov 2022 11:17:25 -0500 Received: from mo4-p00-ob.smtp.rzone.de ([81.169.146.220]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ozgot-0000ny-28 for bug-gnulib@gnu.org; Mon, 28 Nov 2022 11:17:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1669652230; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:To:From:Cc:Date:From: Subject:Sender; bh=gN+97+BJGO99mKW7swc3kvIsvSG8mgCYWvcwqaf/Rdo=; b=kWE3qjXI0dmRmq759MQ3epzIOD6K5II9PHAi28hKh92A5unKQkdFs9Ixs+OUNL/q1T P0xTD5UTT067sZv6S6pCeLvGdc4XwGWfKB1kbYdSOixWZHjV3fn9ZCmhPrKTaunrVUdg A9YPyRr1EiPE3DmTfaU5TKRTPiiwPVyq4oZmQqK61bjpJm9EppsilroAN64uscrrTwHw rjYE6rIf5d6REfWNMxe4ZXgfDxFLaMZlzTsKbIjefeE/3IbSbGAPju0/Y68SwqlMqL4h kLqeuNbSnFhosildUvewzJbulIc78eig6J2AaB96XBeFc6zWfZBi+8YG61huJvcvZsJz XLMg== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpPAj/KLK0wyfsdMn5+9afOheWekxQ==" X-RZG-CLASS-ID: mo00 Received: from nimes.localnet by smtp.strato.de (RZmta 48.2.1 AUTH) with ESMTPSA id v9c7e6yASGHA2cH (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Mon, 28 Nov 2022 17:17:10 +0100 (CET) From: Bruno Haible To: bug-gnulib@gnu.org, Paul Eggert Subject: Re: [PROPOSED 1/4] memset_explicit: new module Date: Mon, 28 Nov 2022 17:17:10 +0100 Message-ID: <3038533.U3zVgo479M@nimes> In-Reply-To: <20221128045543.1355731-2-eggert@cs.ucla.edu> References: <20221128045543.1355731-1-eggert@cs.ucla.edu> <20221128045543.1355731-2-eggert@cs.ucla.edu> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=81.169.146.220; envelope-from=bruno@clisp.org; helo=mo4-p00-ob.smtp.rzone.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Paul Eggert wrote: In lib/memset_explicit.c: > +#if HAVE_EXPLICIT_MEMSET > + return explicit_memset (s, '\0', len); '\0' should be c here. > +#elif HAVE_MEMSET_S > + (void) memset_s (s, len, '\0', len); Likewise. > +#elif defined __GNUC__ && !defined __clang__ > + return memset (s, c, len); > + /* Compiler barrier. */ > + __asm__ volatile ("" ::: "memory"); I don't think a compiler barrier in a dead-code position has any effect. I would therefore write this as memset (s, c, len); /* Compiler barrier. */ __asm__ volatile ("" ::: "memory"); return s; > +#elif defined __clang__ > + return memset (s, c, len); > + /* Compiler barrier. */ > + /* With asm ("" ::: "memory") LLVM analyzes uses of 's' and finds that the > + whole thing is dead and eliminates it. Use 'g' to work around this > + problem. See . */ > + __asm__ volatile ("" : : "g"(s) : "memory"); Likewise. In tests/test-memset_explicit.c: > +static void > +test_static (void) > +{ > + memcpy (stbuf, SECRET, SECRET_SIZE); > + memset_explicit (stbuf, 0, SECRET_SIZE); > + ASSERT (memcmp (zero, stbuf, SECRET_SIZE) == 0); > + for (int i = 1; i <= UCHAR_MAX; i++) > + { > + char checkbuf[SECRET_SIZE]; > + memset (checkbuf, i, SECRET_SIZE); > + memset_explicit (stbuf, i, SECRET_SIZE); > + ASSERT (memcmp (checkbuf, stbuf, SECRET_SIZE) == 0); > + } > +} I don't understand the purpose of this line: memset (checkbuf, i, SECRET_SIZE); Wouldn't it be better to have memcpy (stbuf, SECRET, SECRET_SIZE); instead? Bruno