Hi Paul,
> diff --git a/tests/test-explicit_bzero.c b/tests/test-explicit_bzero.c
> index cdb839245..c42aba93f 100644
> --- a/tests/test-explicit_bzero.c
> +++ b/tests/test-explicit_bzero.c
> @@ -126,12 +126,12 @@ test_heap (void)
> /* There are two passes:
> 1. Put a secret in memory and invoke explicit_bzero on it.
> 2. Verify that the memory has been erased.
> - Implement them in the same function, so that they access the same memory
> - range on the stack. */
> + Access the memory via a volatile pointer, so the compiler
> + does not assume the pointer's value and optimize away accesses. */
> +static char *volatile stackbuf;
> static int _GL_ATTRIBUTE_NOINLINE
> do_secret_stuff (volatile int pass)
> {
> - char stackbuf[SECRET_SIZE];
> if (pass == 1)
> {
> memcpy (stackbuf, SECRET, SECRET_SIZE);
I disagree with this change, as it significantly reduces the strength of the
test.
The purpose of the test is to verify that the compiler does not eliminate
a call to explicit_bzero, even if data flow analysis reveals that the stack
area is "dead" at the end of the function.
With this patch, it was turned into a weaker assertion: namely, that the
compiler does not eliminate a call to explicit_bzero if it cannot make
inferences about the pointer argument.
I would suggest to revert this patch, and instead use a #pragma, like you
did in the test-memrchr.c patch.
Bruno
