Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

P1315 secure_clear / memset_explicit #67

Open
jensmaurer opened this issue Jan 5, 2019 · 21 comments
Open

P1315 secure_clear / memset_explicit #67

jensmaurer opened this issue Jan 5, 2019 · 21 comments

Comments

@jensmaurer
Copy link
Member

@jensmaurer jensmaurer commented Jan 5, 2019

P1315R1 secure_val: a secure-clear-on-move type (Miguel Ojeda)

Other papers related to abstract machine semantics:

  • N4534 Data-Invariant Functions (revision 3)
  • P0928 Mitigating Spectre v1 Attacks in C++ #725
  • P1382 volatile_load<T> and volatile_store<T> #167
@jensmaurer jensmaurer added this to the 2019-02 milestone Jan 5, 2019
@jensmaurer jensmaurer removed the LWG label Jan 31, 2019
@jensmaurer
Copy link
Member Author

@jensmaurer jensmaurer commented Feb 1, 2019

Ville in http://lists.isocpp.org/lib-ext/2019/02/10157.php: Optimization barriers of any sort are EWG territory.

@jensmaurer jensmaurer added EWG and removed LEWG labels Feb 1, 2019
@jfbastien jfbastien added the EWGI label Feb 2, 2019
@jfbastien
Copy link
Collaborator

@jfbastien jfbastien commented Feb 4, 2019

Ryan McDougall volunteered to present in Kona, the author will be present at one of the upcoming European meetings.

@jensmaurer jensmaurer removed the EWG label Feb 5, 2019
@jensmaurer
Copy link
Member Author

@jensmaurer jensmaurer commented Feb 7, 2019

@brycelelbach
Copy link
Collaborator

@brycelelbach brycelelbach commented Feb 11, 2019

@jfbastien Please send this back to LEWGI when you are done with it.

@jfbastien jfbastien added this to EWGIWednesday in EWGIKonaFeb2019 Feb 16, 2019
@jfbastien jfbastien moved this from EWGIWednesday to EWGIMonday in EWGIKonaFeb2019 Feb 16, 2019
@jfbastien
Copy link
Collaborator

@jfbastien jfbastien commented Feb 19, 2019

Remove all cache related things from the proposal.
SF F N A SA
3 1 3 0 0
Remove encrypting at rest from the proposal.
SF F N A SA
4 1 1 1 0
(A vote: encryption is a novel thing about the proposal)
Want secure_clear to write indeterminate values (as opposed to memset_s).
SF F N A SA
4 1 2 0 0
Want to work with WG14 on secure_clear (e.g. salvage memset_s from Annex K).
SF F N A SA
2 3 2 0 0
We want something along the lines of secure_val (with compiler support).
SF F N A SA
0 0 2 2 3

@jfbastien jfbastien removed this from the 2019-02 milestone Feb 24, 2019
@jfbastien jfbastien added this to the 2019-07 milestone Feb 24, 2019
@jensmaurer jensmaurer removed this from the 2019-07 milestone Mar 21, 2019
@wg21bot
Copy link
Collaborator

@wg21bot wg21bot commented Jun 23, 2019

P1315R2 secure_clear (Miguel Ojeda)

@wg21bot wg21bot added this to the 2019-07 milestone Jun 23, 2019
@ojeda

This comment has been hidden.

@jensmaurer jensmaurer added this to Wednesday in EWG-I in Cologne 2019 Jul 11, 2019
@jfbastien
Copy link
Collaborator

@jfbastien jfbastien commented Jul 18, 2019

EWGI in Cologne:

Spend committee time on this versus other proposals, given that time is limited?
SF F N A SA
2 9 2 1 0
Send the paper to SG1 for input on abstract machine integration and wording (similar too volatile_load / volatile_store). Send it back to us after.
SF F N A SA
4 5 4 0 0

@jfbastien jfbastien added SG1 and removed EWGI labels Jul 18, 2019
@jfbastien jfbastien changed the title P1315 secure_val: a secure-clear-on-move type P1315 secure_clear Jul 18, 2019
@wg21bot
Copy link
Collaborator

@wg21bot wg21bot commented Aug 23, 2019

P1315R3 secure_clear (Miguel Ojeda)

@wg21bot wg21bot removed this from the 2019-07 milestone Aug 23, 2019
@jensmaurer jensmaurer added this to the 2020-02 milestone Jan 22, 2020
@wg21bot
Copy link
Collaborator

@wg21bot wg21bot commented Apr 24, 2020

P1315R5 secure_clear (Miguel Ojeda)

@wg21bot wg21bot removed this from the 2020-02 milestone Apr 24, 2020
@wg21bot wg21bot added this to the 2020-telecon milestone Apr 24, 2020
@jfbastien
Copy link
Collaborator

@jfbastien jfbastien commented Nov 2, 2020

@wg21bot
Copy link
Collaborator

@wg21bot wg21bot commented Dec 27, 2020

P1315R6 secure_clear (update to N2599) (Miguel Ojeda)

@wg21bot wg21bot removed this from the 2020-telecon milestone Dec 27, 2020
@wg21bot wg21bot added this to the 2021-telecon milestone Dec 27, 2020
@jensmaurer jensmaurer changed the title P1315 secure_clear P1315 memset_explicit Mar 5, 2021
@jensmaurer jensmaurer changed the title P1315 memset_explicit P1315 secure_clear / memset_explicit Mar 5, 2021
@AaronBallman
Copy link
Collaborator

@AaronBallman AaronBallman commented Mar 8, 2021

SG22 reviewed this paper at our Mar 05, 2021 meeting.

Should P1315 memset_explicit use alternative 1 plus a statement that the semantics be implementation-defined as a statement of intent rather than an effect on the abstract machine?
SF F N A SA (WG21)
5 5 0 0 1 (Author voted: SF) Consensus

SF F N A SA (WG14)
2 2 0 0 0 Consensus

@AaronBallman AaronBallman removed the SG22 label Mar 8, 2021
@wg21bot
Copy link
Collaborator

@wg21bot wg21bot commented Mar 25, 2021

P1315R7 secure_clear (Miguel Ojeda)

@AaronBallman
Copy link
Collaborator

@AaronBallman AaronBallman commented Mar 29, 2021

Adding the SG22 label per request from EWG.

@AaronBallman
Copy link
Collaborator

@AaronBallman AaronBallman commented Apr 23, 2021

Adding needs-revision because the author is working on an update to the paper currently.

@brycelelbach
Copy link
Collaborator

@brycelelbach brycelelbach commented May 26, 2021

2021-05-25 Library Evolution Telecon

P1315R7: memset_explicit

2021-05-25 Library Evolution Telecon Minutes

Chair: Nevin Liber

Champion: Miguel Ojeda

Minute Taker: Ben Craig

Summary

A fair bit of discussion on what the intended and guaranteed semantics of this function are (the paper says it is implementation-defined) and whether it should apply to trivially copyable types, trivially destructible types and/or implicit lifetime types.  Discussion then moved on to how does calling memset_explicit on an object interact with the lifetime of that object.  Ultimately, those are all things that are better discussed in other groups with their expertise.

We briefly discussed adding a range-type interface, but ended up deciding to remove the C++-specific interface from the proposal.

Outcome

Voted to remove the C++ templated interface from the proposal, leaving the C interface (and LEWG does not need to see that revision). The revision of this paper should be run by the SSRG and back to EWG to decide what to do with it.

@ojeda
Copy link

@ojeda ojeda commented May 26, 2021

the paper says it is implementation-defined

Note: only in some of the alternatives -- it is not clear what WG14 will decide (last time this was polled, people were evenly split between A1 and A2), and we have a pending, new wording suggested too from the reflector.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants