[atq2119]

The leaking of sensitive data due to DCE'd memset is an interesting one. Generally, compilers are free to temporarily move data around to a lot of places, such as on the stack for register spilling. Is there any programming language at all which allows sensitive data to be annotated in such a way that the compiler will promise not to leak it to memory indefinitely in some sense? (E.g. all places that the data may be written to are cleaned up before reaching some sort of security boundary)

[nokcha]

>Is there any programming language at all which allows sensitive data to be annotated in such a way that the compiler will promise not to leak it to memory indefinitely in some sense?

Somewhat related: there's a recent paper that develops a language with syntax for marking data as secret; the compiler then goes even further and avoids timing side-channel leaks:

Cauligi, Sunjay, et al. "FaCT: A flexible, constant-time programming language." 2017 IEEE Cybersecurity Development (SecDev). IEEE, 2017. http://www.sysnet.ucsd.edu/~bjohanne/assets/papers/2017secde...

[couchand]

Perhaps Rust, using Pin? I'm not entirely clear on the guarantees made there, perhaps an expert could weigh in on if that's a viable option?