Package: runtime/secret

package secret

Import Path
	runtime/secret (on go.dev)

Dependency Relation
	imports 3 packages, and imported by 0 packages

Involved Source Files

	    export.go
	    secret.go
	    stubs.go
	    asm_amd64.s
Package-Level Functions (total 2)

	 func Do(f func())
		Do invokes f.
		
		Do ensures that any temporary storage used by f is erased in a
		timely manner. (In this context, "f" is shorthand for the
		entire call tree initiated by f.)
		  - Any registers used by f are erased before Do returns.
		  - Any stack used by f is erased before Do returns.
		  - Any heap allocation done by f is erased as soon as the garbage
		    collector realizes that it is no longer reachable.
		  - Do works even if f panics or calls runtime.Goexit.  As part of
		    that, any panic raised by f will appear as if it originates from
		    Do itself.
		
		Limitations:
		  - Currently only supported on linux/amd64 and linux/arm64.  On unsupported
		    platforms, Do will invoke f directly.
		  - Protection does not extend to any global variables written by f.
		  - Protection does not extend to any new goroutines made by f.
		  - If f calls runtime.Goexit, erasure can be delayed by defers
		    higher up on the call stack.
		  - Heap allocations will only be erased if the program drops all
		    references to those allocations, and then the garbage collector
		    notices that those references are gone. The former is under
		    control of the program, but the latter is at the whim of the
		    runtime.
		  - Any value panicked by f may point to allocations from within
		    f. Those allocations will not be erased until (at least) the
		    panicked value is dead.
		  - Pointer addresses may leak into data buffers used by the runtime
		    to perform garbage collection. Users should not encode confidential
		    information into pointers. For example, if an offset into an array or
		    struct is confidential, then users should not create a pointer into
		    the object. Since this function is intended to be used with constant-time
		    cryptographic code, this requirement is usually fulfilled implicitly.

	 func Enabled() bool
		Enabled reports whether [Do] appears anywhere on the call stack.


The pages are generated with Golds v0.8.3-preview. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.