<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Use after free in DSE"
href="https://llvm.org/bugs/show_bug.cgi?id=28588">28588</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Use after free in DSE
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Scalar Optimizations
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>benny.kra@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>junbuml@codeaurora.org, llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=16755" name="attach_16755" title="IR test case">attachment 16755</a> <a href="attachment.cgi?id=16755&action=edit" title="IR test case">[details]</a></span>
IR test case
The attached test case fails with opt -dse.
opt: llvm/include/llvm/Support/Casting.h:81: static bool
llvm::isa_impl_cl<llvm::Function, llvm::Value *>::doit(const From *) [To =
llvm::Function, From = llvm::Value *]: Assertion `Val && "isa<> used on a null
pointer"' failed.
#0 0x00007f2694ca1d3f llvm::sys::PrintStackTrace(llvm::raw_ostream&)
llvm/lib/Support/Unix/Signals.inc:402:5
#1 0x00007f2694ca2249 PrintStackTraceSignalHandler(void*)
llvm/lib/Support/Unix/Signals.inc:470:1
#2 0x00007f2694ca08a3 llvm::sys::RunSignalHandlers()
llvm/lib/Support/Signals.cpp:45:5
#3 0x00007f2694ca287e SignalHandler(int)
llvm/lib/Support/Unix/Signals.inc:256:1
#4 0x00007f269418c330 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#5 0x00007f26935ccc37 gsignal
/build/eglibc-oGUzwX/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#6 0x00007f26935d0028 abort
/build/eglibc-oGUzwX/eglibc-2.19/stdlib/abort.c:91:0
#7 0x00007f26935c5bf6 __assert_fail_base
/build/eglibc-oGUzwX/eglibc-2.19/assert/assert.c:92:0
#8 0x00007f26935c5ca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#9 0x00007f2694ddce9e llvm::isa_impl_cl<llvm::Function,
llvm::Value*>::doit(llvm::Value const*)
llvm/include/llvm/Support/Casting.h:82:38
#10 0x00007f2694ddce48 llvm::isa_impl_wrap<llvm::Function, llvm::Value*,
llvm::Value*>::doit(llvm::Value* const&)
llvm/include/llvm/Support/Casting.h:122:5
#11 0x00007f2694ddce22 llvm::isa_impl_wrap<llvm::Function, llvm::Use const,
llvm::Value*>::doit(llvm::Use const&) llvm/include/llvm/Support/Casting.h:112:5
#12 0x00007f2694ddcd05 bool llvm::isa<llvm::Function, llvm::Use>(llvm::Use
const&) llvm/include/llvm/Support/Casting.h:133:3
#13 0x00007f2694ddcc45
_ZN4llvm8dyn_castINS_8FunctionENS_3UseEEENSt9enable_ifIXntsr14is_simple_typeIT0_EE5valueENS_10cast_rettyIT_KS4_E8ret_typeEE4typeERS7_
llvm/include/llvm/Support/Casting.h:286:10
#14 0x00007f2694ddcbfd llvm::CallInst::getCalledFunction() const
llvm/include/llvm/IR/Instructions.h:1810:5
#15 0x00007f2694ddd085 llvm::IntrinsicInst::classof(llvm::CallInst const*)
llvm/include/llvm/IR/IntrinsicInst.h:49:27
#16 0x00007f2694ddd03d llvm::IntrinsicInst::classof(llvm::Value const*)
llvm/include/llvm/IR/IntrinsicInst.h:54:34
#17 0x00007f2694ddcff5 llvm::isa_impl<llvm::IntrinsicInst, llvm::Value,
void>::doit(llvm::Value const&) llvm/include/llvm/Support/Casting.h:56:5
#18 0x00007f2694ddcfc7 llvm::isa_impl_cl<llvm::IntrinsicInst, llvm::Value
const*>::doit(llvm::Value const*) llvm/include/llvm/Support/Casting.h:96:5
#19 0x00007f2694ddcf38 llvm::isa_impl_wrap<llvm::IntrinsicInst, llvm::Value
const*, llvm::Value const*>::doit(llvm::Value const* const&)
llvm/include/llvm/Support/Casting.h:122:5
#20 0x00007f2694ddcf12 llvm::isa_impl_wrap<llvm::IntrinsicInst, llvm::Value
const* const, llvm::Value const*>::doit(llvm::Value const* const&)
llvm/include/llvm/Support/Casting.h:112:5
#21 0x00007f2694ddcae5 bool llvm::isa<llvm::IntrinsicInst, llvm::Value
const*>(llvm::Value const* const&) llvm/include/llvm/Support/Casting.h:133:3
#22 0x00007f2694de4888 llvm::MemIntrinsic::classof(llvm::Value const*)
llvm/include/llvm/IR/IntrinsicInst.h:211:14
#23 0x00007f2694de4865 llvm::isa_impl<llvm::MemIntrinsic, llvm::Instruction,
void>::doit(llvm::Instruction const&) llvm/include/llvm/Support/Casting.h:56:5
#24 0x00007f2694de4837 llvm::isa_impl_cl<llvm::MemIntrinsic, llvm::Instruction
const*>::doit(llvm::Instruction const*)
llvm/include/llvm/Support/Casting.h:96:5
#25 0x00007f2694de47d8 llvm::isa_impl_wrap<llvm::MemIntrinsic,
llvm::Instruction const*, llvm::Instruction const*>::doit(llvm::Instruction
const* const&) llvm/include/llvm/Support/Casting.h:122:5
#26 0x00007f2694de47b2 llvm::isa_impl_wrap<llvm::MemIntrinsic,
llvm::Instruction* const, llvm::Instruction const*>::doit(llvm::Instruction*
const&) llvm/include/llvm/Support/Casting.h:112:5
#27 0x00007f2694de4705 bool llvm::isa<llvm::MemIntrinsic,
llvm::Instruction*>(llvm::Instruction* const&)
llvm/include/llvm/Support/Casting.h:133:3
#28 0x00007f2694de1dd8 llvm::cast_retty<llvm::MemIntrinsic,
llvm::Instruction*>::ret_type llvm::dyn_cast<llvm::MemIntrinsic,
llvm::Instruction>(llvm::Instruction*)
llvm/include/llvm/Support/Casting.h:298:10
#29 0x00007f2694e01340 getLocForWrite(llvm::Instruction*, llvm::AAResults&)
llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp:153:21
#30 0x00007f2694e02660 removePartiallyOverlappedStores(llvm::AAResults*,
llvm::DataLayout const&, llvm::DenseMap<llvm::Instruction*, std::map<long,
long, std::less<long>, std::allocator<std::pair<long const, long> > >,
llvm::DenseMapInfo<llvm::Instruction*>,
llvm::detail::DenseMapPair<llvm::Instruction*, std::map<long, long,
std::less<long>, std::allocator<std::pair<long const, long> > > > >&)
llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp:919:5
#31 0x00007f2694e003d7 eliminateDeadStores(llvm::BasicBlock&, llvm::AAResults*,
llvm::MemoryDependenceResults*, llvm::DominatorTree*, llvm::TargetLibraryInfo
const*) llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp:1097:19
#32 0x00007f2694dff9ff eliminateDeadStores(llvm::Function&, llvm::AAResults*,
llvm::MemoryDependenceResults*, llvm::DominatorTree*, llvm::TargetLibraryInfo
const*) llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp:1115:21
#33 0x00007f2694dffdb6 (anonymous
namespace)::DSELegacyPass::runOnFunction(llvm::Function&)
llvm/lib/Transforms/Scalar/DeadStoreElimination.cpp:1156:5
#34 0x00007f2695caecdd llvm::FPPassManager::runOnFunction(llvm::Function&)
llvm/lib/IR/LegacyPassManager.cpp:1526:23
#35 0x00007f2695caf015 llvm::FPPassManager::runOnModule(llvm::Module&)
llvm/lib/IR/LegacyPassManager.cpp:1547:16
#36 0x00007f2695caf7fe (anonymous
namespace)::MPPassManager::runOnModule(llvm::Module&)
llvm/lib/IR/LegacyPassManager.cpp:1603:23
#37 0x00007f2695caf2fb llvm::legacy::PassManagerImpl::run(llvm::Module&)
llvm/lib/IR/LegacyPassManager.cpp:1706:16
#38 0x00007f2695cafd41 llvm::legacy::PassManager::run(llvm::Module&)
llvm/lib/IR/LegacyPassManager.cpp:1737:3
#39 0x00000000004450f1 main llvm/tools/opt/opt.cpp:679:3
#40 0x00007f26935b7f45 __libc_start_main
/build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:321:0
#41 0x0000000000427388 _start (llvm-debug/bin/opt+0x427388)
Stack dump:
0. Program arguments: llvm-debug/bin/opt -S -dse -o -
bugpoint-reduced-simplified.ll
1. Running pass 'Function Pass Manager' on module
'bugpoint-reduced-simplified.ll'.
2. Running pass 'Dead Store Elimination' on function '@_UPT_destroy'
Looks like this crash was introduced r275571.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>