<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Iterator invalidation in SCCP.cpp : markUsersAsChanged()"
href="https://bugs.llvm.org/show_bug.cgi?id=49582">49582</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Iterator invalidation in SCCP.cpp : markUsersAsChanged()
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>11.0
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>OpenBSD
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Scalar Optimizations
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>todd@opennet.ca
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=24642" name="attach_24642" title="Preprocessed reproducer source.">attachment 24642</a> <a href="attachment.cgi?id=24642&action=edit" title="Preprocessed reproducer source.">[details]</a></span>
Preprocessed reproducer source.
The AdditionalUsers Instruction update loop in markUsersAsChanged() can modify
the Users SmallPtrSet while iterating over it, which invalidates the iterator.
<a href="https://github.com/llvm/llvm-project/blob/release/11.x/llvm/lib/Transforms/Scalar/SCCP.cpp#L546">https://github.com/llvm/llvm-project/blob/release/11.x/llvm/lib/Transforms/Scalar/SCCP.cpp#L546</a>
This causes a reproducible crash under OpenBSD while compiling the attached
.cpp and build script. The backtrace is:
$ sh lastransform-b8f841.sh
PLEASE submit a bug report to <a href="https://bugs.llvm.org/">https://bugs.llvm.org/</a> and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0. Program arguments: /scratch/llvm/build/bin/clang -cc1 -triple
amd64-unknown-openbsd6.9 -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name lastransform.cpp -mrelocation-model pic
-pic-level 2 -mframe-pointer=all -relaxed-aliasing -fno-rounding-math
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature
+retpoline-indirect-calls -target-feature +retpoline-indirect-branches
-fno-split-dwarf-inlining -debugger-tuning=gdb -sys-header-deps -D
HAVE_UNORDERED_MAP -D NDEBUG -D UNORDERED -D _CRT_SECURE_NO_WARNINGS -D NDEBUG
-O2 -fdeprecated-macro -ferror-limit 19 -fwrapv -fgnuc-version=4.2.1
-fcxx-exceptions -fexceptions -vectorize-loops -vectorize-slp
-fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc
-fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup
-faddrsig -x c++ lastransform-b8f841.cpp
1. <eof> parser at end of file
2. Per-module optimization passes
3. Running pass 'Interprocedural Sparse Conditional Constant Propagation'
on module 'lastransform-b8f841.cpp'.
Segmentation fault (core dumped)
The attached .diff resolves the crash by caching the Instructions to visit
first.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>