[LLVMbugs] [Bug 3375] New: opt crash with use-after-free in MemDep

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Thu Jan 22 13:44:38 PST 2009


http://llvm.org/bugs/show_bug.cgi?id=3375

           Summary: opt crash with use-after-free in MemDep
           Product: new-bugs
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: edwintorok at gmail.com
                CC: llvmbugs at cs.uiuc.edu


Created an attachment (id=2428)
 --> (http://llvm.org/bugs/attachment.cgi?id=2428)
bugpoint reduced testcase

With TOT opt crashes when optimizing clamscan:
bugpoint --enable-valgrind in MultiSource/Applications/Clamav:

If you just use 'make bugpoint-opt' it'll show a crash in simplifycfg, or
lcssa, etc. valgrind shows the problem in memdep.

$ /home/edwin/llvm-svn/llvm/Release/bin/bugpoint x.bc -gvn -memdep -memcpyopt
-sccp -append-exit-code -Xlinker=-lz  -input=/dev/null
-output=Output/clamscan.out-nat -timeout=500 -mlimit=0 --enable-valgrind

Checking for crash with only these blocks: bb68 bb58 bb3.outer bb11 bb6 bb2
bb84 bb26 bb114 bb242... <191 total>: ^C==11910== Invalid read of size 8
==11910==    at 0x6B69E9:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6EFA:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDependency(llvm::Value*,
bool, llvm::BasicBlock*, llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*,
llvm::MemDepResult> >&) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54A85B: (anonymous
namespace)::GVN::processNonLocalLoad(llvm::LoadInst*,
llvm::SmallVectorImpl<llvm::Instruction*>&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54C020: (anonymous
namespace)::GVN::iterateOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54E352: (anonymous
namespace)::GVN::runOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E26A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E4A5: llvm::FPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76DE46: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E045: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x4AF0CA:
llvm::BugDriver::runPassesAsChild(std::vector<llvm::PassInfo const*,
std::allocator<llvm::PassInfo const*> > const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x494F98: llvm::BugDriver::run() (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x4B8865: main (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==  Address 0x650f788 is 1,464 bytes inside a block of size 2,560 free'd
==11910==    at 0x4C2111D: operator delete(void*) (vg_replace_malloc.c:342)
==11910==    by 0x6BA847: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::grow(unsigned int) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6BA96A: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::operator[](llvm::PointerIntPair<llvm::Value*, 1u, bool> const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6300:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==
==11910== Invalid read of size 8
==11910==    at 0x6B69ED:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6EFA:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDependency(llvm::Value*,
bool, llvm::BasicBlock*, llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*,
llvm::MemDepResult> >&) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54A85B: (anonymous
namespace)::GVN::processNonLocalLoad(llvm::LoadInst*,
llvm::SmallVectorImpl<llvm::Instruction*>&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54C020: (anonymous
namespace)::GVN::iterateOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x54E352: (anonymous
namespace)::GVN::runOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E26A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E4A5: llvm::FPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76DE46: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x76E045: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x4AF0CA:
llvm::BugDriver::runPassesAsChild(std::vector<llvm::PassInfo const*,
std::allocator<llvm::PassInfo const*> > const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x494F98: llvm::BugDriver::run() (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x4B8865: main (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==  Address 0x650f780 is 1,456 bytes inside a block of size 2,560 free'd
==11910==    at 0x4C2111D: operator delete(void*) (vg_replace_malloc.c:342)
==11910==    by 0x6BA847: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::grow(unsigned int) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6BA96A: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::operator[](llvm::PointerIntPair<llvm::Value*, 1u, bool> const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6300:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==    by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
Exited with error code '1'


*** Reduction Interrupted, cleaning up...

Emitted bitcode to 'bugpoint-reduced-simplified.bc'

*** You can reproduce the problem with: opt bugpoint-reduced-simplified.bc -gvn


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.



More information about the llvm-bugs mailing list