[Cryptography] Heartbleed and fundamental crypto programming practices

[danimoth]

On 10/04/14 at 03:49pm, Bear wrote:
> "Doesn't affect program output: therefore is a waste of work"  
> is the underlying assumption, correct for most software, which 
> is utterly, utterly wrong for crypto.
> 
> In C and C++, variable locations are stable (and mostly have to 
> be because those languages use explicit pointers) but you have 
> to declare them 'volatile' to be absolutely sure that the compiler 
> will never move them (without zeroing the old location) and that 
> writes to them prior to deallocation will happen as the code 
> commands.  
> 
> In most languages, there is absolutely no standard way to be sure 
> of getting an optimizing compiler to leave final writes alone.
[cut]

If I understood correctly, all crypto software should be compiled with 
-O0 flag...