[LLVMbugs] [Bug 1690] New: LoopUnswitch reads freed memory

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Wed Sep 19 23:33:37 PDT 2007 

http://llvm.org/bugs/show_bug.cgi?id=1690

           Summary: LoopUnswitch reads freed memory
           Product: new-bugs
           Version: unspecified
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: baldrick at free.fr
                CC: llvmbugs at cs.uiuc.edu


Running test/Transforms/LoopUnswitch/2007-08-01-Dom.ll under valgrind
shows
Invalid read of size 2
   at 0x82C8548: llvm::Value::getValueID() const (Value.h:207)
   by 0x82C85BC: bool llvm::isa_impl<llvm::Instruction,
llvm::Value>(llvm::Value const&) (Value.h:256)
   by 0x82C8D20: llvm::isa_impl_wrap<llvm::Instruction, llvm::Value const,
llvm::Value const>::doit(llvm::Value const&) (Casting.h:71)
   by 0x82C8D36: bool
llvm::isa_impl_cl<llvm::Value>::isa<llvm::Instruction>(llvm::Value const&)
(Casting.h:83)
   by 0x82C8D4C: bool
llvm::isa_impl_cl<llvm::Value*>::isa<llvm::Instruction>(llvm::Value*)
(Casting.h:101)
   by 0x82C8D64: bool llvm::isa<llvm::Instruction, llvm::Value*>(llvm::Value*
const&) (Casting.h:116)
   by 0x82C9132: llvm::cast_retty<llvm::Instruction, llvm::Value*>::ret_type
llvm::dyn_cast<llvm::Instruction, llvm::Value*>(llvm::Value*) (Casting.h:225)
   by 0x82C9164: llvm::CallSite::get(llvm::Value*) (CallSite.h:46)
   by 0x8474D02: llvm::AliasSetTracker::deleteValue(llvm::Value*)
(AliasSetTracker.cpp:456)
   by 0x83B3953: (anonymous namespace)::LICM::deleteAnalysisValue(llvm::Value*,
llvm::Loop*) (LICM.cpp:835)
   by 0x849276C: llvm::LPPassManager::deleteSimpleAnalysisValue(llvm::Value*,
llvm::Loop*) (LoopPass.cpp:159)
   by 0x83D6896: (anonymous
namespace)::LoopUnswitch::UnswitchNontrivialCondition(llvm::Value*,
llvm::Constant*, llvm::Loop*) (LoopUnswitch.cpp:763)
 Address 0x42ec734 is 4 bytes inside a block of size 88 free'd
   at 0x4022166: operator delete(void*) (vg_replace_malloc.c:336)
   by 0x853BCF0: llvm::BranchInst::~BranchInst() (Instructions.h:1389)
   by 0x82EBB8C: llvm::iplist<llvm::Instruction,
llvm::ilist_traits<llvm::Instruction>
>::erase(llvm::ilist_iterator<llvm::Instruction>) (ilist:368)
   by 0x852B9A8: llvm::Instruction::eraseFromParent() (Instruction.cpp:68)
   by 0x83D6871: (anonymous
namespace)::LoopUnswitch::UnswitchNontrivialCondition(llvm::Value*,
llvm::Constant*, llvm::Loop*) (LoopUnswitch.cpp:762)
   by 0x83D7578: (anonymous
namespace)::LoopUnswitch::UnswitchIfProfitable(llvm::Value*, llvm::Constant*,
llvm::Loop*) (LoopUnswitch.cpp:409)
   by 0x83D7797: (anonymous namespace)::LoopUnswitch::processLoop(llvm::Loop*)
(LoopUnswitch.cpp:191)
   by 0x83D7A53: (anonymous namespace)::LoopUnswitch::runOnLoop(llvm::Loop*,
llvm::LPPassManager&) (LoopUnswitch.cpp:167)
   by 0x8493062: llvm::LPPassManager::runOnFunction(llvm::Function&)
(LoopPass.cpp:225)
   by 0x854EADB: llvm::FPPassManager::runOnFunction(llvm::Function&)
(PassManager.cpp:1168)
   by 0x854EC7D: llvm::FPPassManager::runOnModule(llvm::Module&)
(PassManager.cpp:1188)
   by 0x854E7B1: llvm::MPPassManager::runOnModule(llvm::Module&)
(PassManager.cpp:1237)

Reproduce using
  llvm-as < 2007-08-01-Dom.ll | valgrind --tool=memcheck opt -licm
-loop-unswitch -disable-output


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list