[LLVMbugs] [Bug 9051] New: SCEV use after free

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Tue Jan 25 11:46:21 PST 2011 

http://llvm.org/bugs/show_bug.cgi?id=9051

           Summary: SCEV use after free
           Product: new-bugs
           Version: trunk
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: baldrick at free.fr
                CC: llvmbugs at cs.uiuc.edu


$ valgrind opt bugpoint-reduced-simplified.bc -inline -scalarrepl-ssa
-early-cse -loop-rotate -loop-unswitch -instcombine -indvars -loop-unroll
-constmerge -disable-output
...
 Invalid read of size 8
    at 0x8EED72: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*,
void*) (FoldingSet.cpp:318)
    by 0x7589BD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*,
llvm::Type const*) (ScalarEvolution.cpp:870)
    by 0x757673: llvm::ScalarEvolution::createSCEV(llvm::Value*)
(ScalarEvolution.cpp:3510)
    by 0x75836A: llvm::ScalarEvolution::getSCEV(llvm::Value*)
(ScalarEvolution.cpp:2475)
    by 0x7681AC:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCondICmp(llvm::Loop
const*, llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*)
(ScalarEvolution.cpp:4134)
    by 0x768C4B:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCond(llvm::Loop const*,
llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:3990)
    by 0x769122:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit(llvm::Loop const*,
llvm::BasicBlock*) (ScalarEvolution.cpp:3904)
    by 0x753C7F: llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop
const*) (ScalarEvolution.cpp:3818)
    by 0x753EF6: llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*)
(ScalarEvolution.cpp:3687)
    by 0x766398: llvm::ScalarEvolution::getBackedgeTakenCount(llvm::Loop
const*) (ScalarEvolution.cpp:3653)
    by 0x526FCF: (anonymous namespace)::IndVarSimplify::runOnLoop(llvm::Loop*,
llvm::LPPassManager&) (IndVarSimplify.cpp:501)
    by 0x6FFB66: llvm::LPPassManager::runOnFunction(llvm::Function&)
(LoopPass.cpp:268)
  Address 0x5c08a18 is 8 bytes inside a block of size 520 free'd
    at 0x4C2706D: free (vg_replace_malloc.c:366)
    by 0x8EEF49: llvm::FoldingSetImpl::GrowHashTable() (FoldingSet.cpp:272)
    by 0x8EEDC4: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*,
void*) (FoldingSet.cpp:308)
    by 0x7589BD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*,
llvm::Type const*) (ScalarEvolution.cpp:870)
    by 0x7588CD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*,
llvm::Type const*) (ScalarEvolution.cpp:842)
    by 0x757673: llvm::ScalarEvolution::createSCEV(llvm::Value*)
(ScalarEvolution.cpp:3510)
    by 0x75836A: llvm::ScalarEvolution::getSCEV(llvm::Value*)
(ScalarEvolution.cpp:2475)
    by 0x7681AC:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCondICmp(llvm::Loop
const*, llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*)
(ScalarEvolution.cpp:4134)
    by 0x768C4B:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCond(llvm::Loop const*,
llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:3990)
    by 0x769122:
llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit(llvm::Loop const*,
llvm::BasicBlock*) (ScalarEvolution.cpp:3904)
    by 0x753C7F: llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop
const*) (ScalarEvolution.cpp:3818)
    by 0x753EF6: llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*)
(ScalarEvolution.cpp:3687)

-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list