[Cryptography] Secure erasure in C.

[Jerry Leichter]

> ...Even with whole-program optimization, the optimizer can't know that some dynamically loaded library won't change the value of deleter. I suppose that if your program is 100% statically linked, and you use a whole program optimizer, then maybe it could still outsmart you.  But you've still raised the bar substantially over the "static" version.
FYI, JVM JIT implementations (a) can make optimizations based on whole program analysis; (b) allow late loading of additional classes.  For example, if A has no subclasses, a JVM JIT compiler can generate code based on that assumption - e.g., it can statically resolve references even to non-final methods in A, knowing that no existing class overrides them.

So how can this work?  JIT compilers have a process called "de-optimization", in which later events - like a subclass of A being loaded - can cause generated code to be deleted, falling back to the JVM interpreter.  It may be re-compiled later, using an updated global state.

There are all sorts of interesting issues here - such as de-optimizing functions which are currently active further up the stack.  (Finding all the places in which a method of A was used so that the calling code can be de-optimized may, in general, be too expensive to be practical.  I think the direct call - and thus the subsequent de-optimization - may only be done for calls to members *within the class itself*.)

                                                        -- Jerry