From: "James A. Donald" <jamesd@echeque.com> ... If the optimizer ever optimizes away a write to volatile memory, device drivers will fail. Most device drivers are written in C. If anyone ever produces a C compiler in which "volatile" does not do what we want, not only are they out of spec, but smoke will start coming out of hardware when the device drivers are recompiled.

Good point #1. Excellent point, in fact.

From: "Dave Howe" <DaveHowe@gmx.co.uk> ... Yup, granted. however, saying after a security breach "this wasn't my fault, the compiler was out of spec" isn't going to help much. in the real world, murphys law applies more often than anyone elses; you can virtually guarantee you will meet up *sometime* with an out of spec compiler ...

Good point #2. Excellent point, in fact. So, given 1 and 2, it sounds like a good strategy might be: a. Declare your sensitive variables volatile and zero them normally. b. Check the assembler output because you have to do that anyway :-) c. If (b) exposes an out-of-spec compiler, report it far and wide to all available e-mail lists. Then preferably use a different compiler. If that's not an option, try the va_list trick and go to (b). -- Patrick http://fexl.com