From: Julian Seward <jseward@acm.org>
Date: Sun, 2 Sep 2012 21:19:29 +0000 (+0000)
Subject: Merge from trunk, r12947 (Fix stack bounds check, n-i-bz)
X-Git-Tag: svn/VALGRIND_3_8_1~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07b2ead39bd78757f854832dda58f972b698b764;p=thirdparty%2Fvalgrind.git

Merge from trunk, r12947 (Fix stack bounds check, n-i-bz)


git-svn-id: svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_8_BRANCH@12948
---

diff --git a/coregrind/m_main.c b/coregrind/m_main.c
index 61c7b9a327..9ac8387377 100644
--- a/coregrind/m_main.c
+++ b/coregrind/m_main.c
@@ -1613,12 +1613,24 @@ Int valgrind_main ( Int argc, HChar **argv, HChar **envp )
    VG_(debugLog)(1, "main", "Checking current stack is plausible\n");
    { HChar* limLo  = (HChar*)(&VG_(interim_stack).bytes[0]);
      HChar* limHi  = limLo + sizeof(VG_(interim_stack));
-     HChar* aLocal = (HChar*)&limLo; /* any auto local will do */
-     /* "Apple clang version 4.0 (tags/Apple/clang-421.0.57) (based on
-         LLVM 3.1svn)" appears to miscompile the following check,
-         causing run to abort at this point (in 64-bit mode) even
-         though aLocal is within limLo .. limHi.  Try building with
-         gcc instead. */
+     HChar* volatile 
+            aLocal = (HChar*)&limLo; /* any auto local will do */
+     /* Re "volatile": Apple clang version 4.0
+        (tags/Apple/clang-421.0.57) (based on LLVM 3.1svn)" appeared
+        to miscompile the following check, causing run to abort at
+        this point (in 64-bit mode) even though aLocal is within limLo
+        .. limHi.  But in fact clang is within its rights to do
+        strange things here.  "The reason is that the comparisons
+        aLocal < limLo and aLocal >= limHi cause undefined behaviour
+        (according to c99 6.5.8) because they compare pointers that do
+        not point into the same aggregate."  Adding "volatile" appears
+        to fix it because "The compiler would have to prove that there
+        is undefined behavior in order to exploit it.  But as a
+        volatile variable can change its value in ways invisible to
+        the compiler, the compiler must make the conservative
+        assumption that it points into the same aggregate as the other
+        pointer its compared against.  I.e. the behaviour is possibly
+        defined." (Analysis by Florian Krohm). */
      if (aLocal < limLo || aLocal >= limHi) {
         /* something's wrong.  Stop. */
         VG_(debugLog)(0, "main", "Root stack %p to %p, a local %p\n",