Did you *really* zeroize that key?
Kevin Elliott
k-elliott at wiu.edu
Wed Nov 6 15:47:27 EST 2002
At 11:58 -0500 on 11/6/02, Perry E. Metzger wrote:
>Someone wrote to me:
>> According to K&R 2nd Ed. p. 211, compilers may ignore
>> "volatile"; volatile objects have no implementation-
>> independent semantics.
>
>K&R is not the C standard. Quoting the C99 standard, section 6.7.3.6:
>
> An object that has volatile-qualified type may be modified in
> ways unknown to the implementation or have other unknown side
> effects. Therefore any expression referring to such an object
> shall be evaluated strictly according to the rules of the
> abstract machine, as described in 5.1.2.3. Furthermore, at every
> sequence point the value last stored in the object shall agree
> with that prescribed by the abstract machine, except as modified
> by the unknown factors mentioned previously.
>
>In other words: no, "volatile" is mandatory and in fact will be
>guaranteed to be implemented as expected. This is very important --
>virtually every operating system requires "volatile" for purposes like
>writing device drivers.
Indeed. And the suggestion that a #pragma be added to the standard
to help prop up compilers that don't support the standard is a
little... circular.
--
_____________________________________________
volatile: because every app deserves SOME interrupt code...
_____________________________________________
Kevin Elliott <mailto:kelliott at mac.com> ICQ#23758827
_____________________________________________
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list