[LLVMbugs] [Bug 4187] New: GVN eliminates load across free?

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Sun May 10 14:23:35 PDT 2009 

http://llvm.org/bugs/show_bug.cgi?id=4187

           Summary: GVN eliminates load across free?
           Product: libraries
           Version: trunk
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Scalar Optimizations
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: daniel at zuster.org
                CC: resistor at mac.com, llvmbugs at cs.uiuc.edu


GVN eliminates the second load in this example, which I believe is invalid.
This didn't happen in 2.4, I believe.

--
; ModuleID = '2007-10-11-illegal-access-after-free-and-branch.c'
target datalayout =
"e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:128:128"
target triple = "i386-apple-darwin10"

declare void @klee_make_symbolic(i8* %addr, i32 %nbytes) nounwind ssp;

define i32 @f0() nounwind ssp {
entry:
        %t0 = malloc [3 x i8]
        %.sub = getelementptr [3 x i8]* %t0, i32 0, i32 0
        call void @klee_make_symbolic(i8* %.sub, i32 3) nounwind
        %t2 = load i8* %.sub, align 4
        free [3 x i8]* %t0
        %t8 = load i8* %.sub, align 4
        %t9 = zext i8 %t8 to i32
        ret i32 %t9
}
--

Here:
--
ddunbar at ubuntu:regression$ llvm-as < load-elim.ll | opt -gvn | llvm-dis
; ModuleID = '<stdin>'
target datalayout =
"e-p:32:32:32-i1:8:8-i8:8:8-i16:16:16-i32:32:32-i64:32:64-f32:32:32-f64:32:64-v64:64:64-v128:128:128-a0:0:64-f80:128:128"
target triple = "i386-apple-darwin10"

declare void @klee_make_symbolic(i8*, i32) nounwind ssp

define i32 @f0() nounwind ssp {
entry:
        %t0 = malloc [3 x i8]           ; <[3 x i8]*> [#uses=2]
        %.sub = getelementptr [3 x i8]* %t0, i32 0, i32 0               ; <i8*>
[#uses=2]
        call void @klee_make_symbolic(i8* %.sub, i32 3) nounwind
        %t2 = load i8* %.sub, align 4           ; <i8> [#uses=1]
        free [3 x i8]* %t0
        %t9 = zext i8 %t2 to i32                ; <i32> [#uses=1]
        ret i32 %t9
}
--


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list