[all-commits] [llvm/llvm-project] 698374: [Polly] Fix use-after-free.

Michael Kruse via All-commits all-commits at lists.llvm.org
Sat Aug 22 08:22:20 PDT 2020 

  Branch: refs/heads/master
  Home:   https://github.com/llvm/llvm-project
  Commit: 6983741eaa84e76802feca9145e39293cc6d15b4
      https://github.com/llvm/llvm-project/commit/6983741eaa84e76802feca9145e39293cc6d15b4
  Author: Michael Kruse <llvm-project at meinersbur.de>
  Date:   2020-08-22 (Sat, 22 Aug 2020)

  Changed paths:
    M polly/include/polly/ScopInfo.h
    M polly/lib/Transform/Simplify.cpp
    A polly/test/Simplify/func-b320a7.ll

  Log Message:
  -----------
  [Polly] Fix use-after-free.

VirtualUse of type UseKind::Inter expects the definition of a
llvm::Value to be represented in another statement. In the bug report
that statement has been removed due to its domain being empty.
Scop::InstStmtMap for the llvm::Value's defintion still pointed to the
removed statement, which resulted in the use-after-free.

The defintion statement was removed by Simplify because it was
considered to not be reachable by other uses; trivially because it is
never executed due to its empty domain. However, no such thing happend
to the using statement using the value altough its domain is also empty.

Fix by always removing statements with empty domains in Simplify since
these are not properly analyzable. A UseKind::Inter should always have a
statement with its defintion due to LLVM's SSA form.
Scop::removeStmtNotInDomainMap() also removes statements with empty
domains but does so without considering the context as used by
Simplify's analyzes.

In another angle, InstStmtMap pointing to removed statements should not
happen either and ForwardOpTree would have bailed out if the llvm::Value
definition was not represented by a statement. This will be corrected in
a followup-commit.

This fixes llvm.org/PR47098


  Commit: 8e06bf6b3a2e8d25e56cd52dca0cf3ff1b37b5d1
      https://github.com/llvm/llvm-project/commit/8e06bf6b3a2e8d25e56cd52dca0cf3ff1b37b5d1
  Author: Michael Kruse <llvm-project at meinersbur.de>
  Date:   2020-08-22 (Sat, 22 Aug 2020)

  Changed paths:
    M polly/include/polly/ScopInfo.h
    M polly/lib/Analysis/ScopInfo.cpp

  Log Message:
  -----------
  [Polly] Ensure consistent Scop::InstStmtMap. NFC.

InstStmtMap became inconsistent with ScopStmt::getInstructions() after
the statement's instructions is modified, e.g. by being considered
unused by the Simplify pass or being moved by ForwardOpTree.

Change ScopStmt::setInstructions() to also update its parent's
InstStmtMap. Also add assertions checking the consistency.


Compare: https://github.com/llvm/llvm-project/compare/901e3317fe7c...8e06bf6b3a2e

More information about the All-commits mailing list