svn commit: r241373 - head/lib/libc/stdlib

[Eitan Adler]

On 9 October 2012 13:16, David Chisnall <theraven at freebsd.org> wrote:
> On 9 Oct 2012, at 17:33, Andrey Chernov wrote:
>
>> Do you check assembler output for _both_ cases?
>> In my testing clang and gcc xor's 'junk' properly in case it have
>> 'volatile' keyword (as in srandomdev()) and elide it without 'volatile'.
>> IMHO this change should be backed out for srandomdev() and adding
>> 'volatile' for sranddev() instead.
>
> In it's original form, it is very dangerous - the whole expression reduces to undefined and so the LLVM IR for the call is:
>
> call void @srand(i32 undef)
>
> The back end is then free to use any value for the call argument, including any register value or 0.

In fact, the backend is free to jump to a random location and
potentially kill kittens. There is *no* guarantee when it comes to
undefined behavior.

> Adding the volatile means that we are doing an XOR with a value left on the stack.  If this is early on in the application, then it is most likely to be 0.  If it's later on, then there may be a value here, but it's still not very likely to be something particularly unpredictable.

volatile only helps by mistake because clang is overly aggressive is
turning off optimizers. The code is still undefined.


-- 
Eitan Adler
Source & Ports committer
X11, Bugbusting teams