Follow

Still sick in bed (not COVID, just normal seasonal virus), so here’s a JavaScript joke

re LB: transcript:

Me: *writes JavaScript benchmark*

V8: *optimizes away entire benchmark with dead code elimination*

Me:

Me: listen here, you little JIT

(author is Zhuowei Zhang)

@thomasfuchs I was just given a lecture by a C/C++ SAST scanner about the beauty of compiler optimizations that wipe out “code that has no effect”. Like, for example, memset() that zeroes a buffer that is then going to discarded with free(). How it’s done in 2021:

// sanitize password from memory #ifdef HAVE_MEMSET_S memset_s(pass, strlen(pass), 0, strlen(pass)); #elif HAVE_EXPLICIT_BZERO explicit_bzero(pass, strlen(pass)); #else memset(pass, 0, strlen(pass)); #endif

I could just have used memset_s() but this is multi-platform code and FreeBSD has explicit_bzero().

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!