<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 25/08/2022 21:24, Phillip
Hallam-Baker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMm+LwgOvd4SBxHcZUh-v88QNVfMjEhvSOzSGPMkXnP9gWCaDg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">...<br>
<div class="gmail_default" style="font-size:small">So the
question is how to ensure this does not happen by implementing
disposal mechanisms THAT DO NOT GET OPTIMIZED AWAY.</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">See here is
the thing. I can check my code and check my code but I can
only check the current version of the compiler/optimizer. And
some of the things I know the C# optimizer is now doing are
pretty hard core. Yes, when generating assemblies, it can
optimize across assembly boundaries now.</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">I am pretty
sure most other high level languages suffer from the same
thing unless there is a mechanism to explicitly state 'do not
optimize'. ...<br>
</div>
</div>
</blockquote>
<p>Concur.<br>
</p>
<blockquote type="cite"
cite="mid:CAMm+LwgOvd4SBxHcZUh-v88QNVfMjEhvSOzSGPMkXnP9gWCaDg@mail.gmail.com">
<div dir="ltr">
<div class="gmail_default" style="font-size:small">Has anyone
got pointers to ways to make sure this is done right?</div>
</div>
</blockquote>
<p><br>
</p>
<p>What I have done is taken a random feed and x-or'd it over the
sensitive area, then digest that area and print out some few
digits of the digest into logs.<br>
</p>
<p>It's not perfect, as the optimiser could just run the whole
calculation through registers, leaving the sensitive area
untouched. But at least a calculation is done, and the result
preserved at that point due to writing in the log, so that part is
hard to optimise away.</p>
<p>I think!<br>
</p>
<p>iang<br>
</p>
</body>
</html>