On 05/20/2015 12:42 PM, Jonathan Wakely wrote:
On 20 May 2015 at 09:27, Norbert Lange wrote:
I did not check the resulting assembly, but to me it seems gcc removes
anything thats not externally visibly in the destructor.
Which is kinda ironic because I understood its more or less
recommended at my employers to wipe your data in a destructor, helps
in debugging but its also considered defensive programming so the
object cant be misinterpreted as being "alive and valid".
There is no way for a valid C++ program to tell whether the data was
wiped in the destructor, because it is undefined behaviour to inspect
the members of an object after its destructor runs, so the compiler is
allowed to eliminate the writes. A correct program will not notice any
difference whether the writes happen or not.
He's talking about an incorrect program. Wiping the object can detect a
use-after-free or otherwise cause the program to crash earlier rather
than later.
That said, killing those writes is a very useful optimizations.
Detecting such errors should be left to sanitizers, IMO.
See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61982 for a case where
gcc does not kill those writes (a missed optimization).
