core/mem: Add zero_explicit

This call is intended to provide the ability to securely scrub memory without compiler interference, in a similar manner to explicit_bzero, memset_s, SecureZeroMemory. The approach taken is a volatile memset followed by a seqentially consistent memory fence, to prevent the call from being optimized away by DSE, and from being reordered. An identical approach is currently being used by the zeroize Rust crate, and is effective in practice. LLVM IR output: ``` ; Function Attrs: nounwind define internal i8* @mem.zero_explicit(i8* %0, i64 %1) #0 { decls: call void @llvm.memset.p0i8.i64(i8* %0, i8 0, i64 %1, i1 true) fence seq_cst ret i8* %0 } ```
2026-04-21 22:05:20 +00:00 · 2021-10-31 21:41:39 +00:00
parent 796a0c3968
commit 672fc9fc4d
1 changed files with 9 additions and 0 deletions
--- a/core/mem/mem.odin
+++ b/core/mem/mem.odin
@@ -10,6 +10,15 @@ zero :: proc "contextless" (data: rawptr, len: int) -> rawptr {
 	intrinsics.mem_zero(data, len)
 	return data
 }
+zero_explicit :: proc "contextless" (data: rawptr, len: int) -> rawptr {
+	// This routine tries to avoid the compiler optimizing away the call,
+	// so that it is always executed.  It is intended to provided
+	// equivalent semantics to those provided by the C11 Annex K 3.7.4.1
+	// memset_s call.
+	intrinsics.mem_zero_volatile(data, len) // Use the volatile mem_zero
+	intrinsics.atomic_fence() // Prevent reordering
+	return data
+}
 zero_item :: proc "contextless" (item: $P/^$T) {
 	intrinsics.mem_zero(item, size_of(T))
 }