Is gcc allowed to eliminate writes in a destructor?

Avi Kivity avi@cloudius-systems.com
Wed May 20 09:49:00 GMT 2015



On 05/20/2015 12:42 PM, Jonathan Wakely wrote:
> On 20 May 2015 at 09:27, Norbert Lange wrote:
>> I did not check the resulting assembly, but to me it seems gcc removes
>> anything thats not externally visibly in the destructor.
>> Which is kinda ironic because I understood its more or less
>> recommended at my employers to wipe your data in a destructor, helps
>> in debugging but its also considered defensive programming so the
>> object cant be misinterpreted as being "alive and valid".
> There is no way for a valid C++ program to tell whether the data was
> wiped in the destructor, because it is undefined behaviour to inspect
> the members of an object after its destructor runs, so the compiler is
> allowed to eliminate the writes. A correct program will not notice any
> difference whether the writes happen or not.

He's talking about an incorrect program.  Wiping the object can detect a 
use-after-free or otherwise cause the program to crash earlier rather 
than later.

That said, killing those writes is a very useful optimizations. 
Detecting such errors should be left to sanitizers, IMO.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61982 for a case where 
gcc does not kill those writes (a missed optimization).



More information about the Gcc-help mailing list