<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/57897>57897</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Null pointer exception bug in the debug mode for the ‘scf’ Dialect
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          peanutRen
      </td>
    </tr>
</table>

<pre>
    Hello, 
We think we have discovered a potential null-pointer exception bug in the mlir-opt debug mode. This problem leads to a potential compiler crash. 
This bug is related to the `scf.for` operation when converting the scf dialect to the std dialect; please see the attached test case and execution command. 
We think the issue is due to the operation clean-up process in the debugging mode, described as follows. 
During the dialect lowering process, the `scf.for` op in `FuncOP` will be erased by calling `replaceOP’. As a result, the `scf.for` op will become a null pointer. 
This is not a problem in the release mode because all the illegal instructions that appear after the ` matchAndRewrite’  method will be removed once calling finalize(rewriter). As such, these illegal instructions/ops will not appear in the FuncOP.
However, in the debug mode (when  using `LLVM_DEBUG(logSucessfulPatternApplication(dumpRootOp)) to dump FuncOP), the `scf.for` ops will not be removed. Since `scf.for` points to a null pointer, the compilation command will trigger a null pointer exception, leading to a program crash. 
Attached below is a test case to replicate the behavior described above. 
=====================================================
**version**  
```
llvm-project-release-14.x
git hash: f28c006a5895fc0e329fe15fead81e37457cb1d1(https://github.com/llvm/llvm-project/tree/f28c006a5895fc0e329fe15fead81e37457cb1d1)
```
**Operation System**
```
Ubuntu  version: 16.04
Linux Kernel version: 4.15.0-142-generic
```

**test case**
```
// RUN: mlir-opt -allow-unregistered-dialect -convert-scf-to-std %s | FileCheck %s

func @simple_std_for_loop(%arg0 : index, %arg1 : index, %arg2 : index) {
  scf.for %i0 = %arg0 to %arg1 step %arg2 {
    %c1 = arith.constant 1 : index
  }
  return
}
```
**Execution command**
Save the above IR as convert-to-cfg.mlir, then run: 
```
mlir-opt  convert-to-cfg.mlir  -allow-unregistered-dialect  -convert-scf-to-std   -print-ir-after-all  -debug 
```
This leads a crash dump given below. 

**Crash dump:**
```
//===-------------------------------------------===//
Legalizing operation : 'scf.for'(0x6a632c0) {
  * Fold {
  } -> FAILURE : unable to fold

  * Pattern : 'scf.for -> ()' {
Trying to match "(anonymous namespace)::ForLowering"
    ** Insert  : 'arith.addi'(0x6a5eee0)
    ** Insert  : 'std.br'(0x6a67c90)
    ** Erase   : 'scf.yield'(0x6a606b0)
    ** Insert  : 'std.br'(0x6a67d30)
    ** Insert  : 'arith.cmpi'(0x6a5ef90)
    ** Insert  : 'std.cond_br'(0x6a6d090)
    ** Replace : 'scf.for'(0x6a632c0)
"(anonymous namespace)::ForLowering" result 1

    //===-------------------------------------------===//
               other op Legalizing ...
    //===-------------------------------------------===//
  } -> SUCCESS : pattern applied successfully
// *** IR Dump After Pattern Application ***
func @simple_std_for_loop(%arg0: index, %arg1: index, %arg2: index) {
  br ^bb1(%arg0 : index)
^bb1(%0: index):  // 2 preds: ^bb0, ^bb2
  %1 = arith.cmpi slt, %0, %arg1 : index
  cond_br %1, ^bb2, ^bb3
^bb2:  // pred: ^bb1
  %c1 = arith.constant 1 : index
  scf.yield
  %2 = arith.addi %0, %arg2 : index
  br ^bb1(%2 : index)
^bb3:  // pred: ^bb1
  scf.for mlir-opt: /home/mlir/llvm/include/llvm/ADT/ilist_iterator.h:138:
   llvm::ilist_iterator::reference llvm::ilist_iterator<llvm::ilist_detail::node_options<mlir::Block, true, false, void>, false, false>::operator*() const [OptionsT = llvm::ilist_detail::node_options<mlir::Block, true, false, void>, IsReverse = false, IsConst = false]: Assertion `!NodePtr->isKnownSentinel()' failed.
```
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzNWFlz2zgS_jXSC0osHjof9CBL8oxrPElKjncfXSDZFDGBCBYA-phfv90AKVFeepJs7VSNS4moBvrA1yeYqvxt_StIqUbxlo3C3Sjc_BuYLUX1jb0AK_kzsFyYTD2DhpxxVisLlRVcsqqRclIrUVnQDF4zqK1QFUubIxMVigB2kkJPVG1ZDkQ9qRwC9rUUhtVapRJOTALPDbPqSnCmTrWQKDTT3JRBa5bjc8IN0yC5RXOQkfSM5qHJiqBQGp-YqkFzZ8pLCRVKq9B2K6qj24sb8UBcQmY7dmPzjjRKbliNRhmkArhVbi3PSlIGxrKMlniV44Eha5wWNPeElOA9fMQsjGnof5bjV6vuYl-GmqpJUxMcGRjT4ebgOpLFBBl5JgeTaZGSBwwrFPrrxXQKd43uDtcdDJfBEVvBJGIIKFKIT7dNlX3-QqQXISVLgaGFBpWlb3hgKUkSrmqoJc8Ad-7j0TIcrVYB2xh0nQbTSPuhklYo4oTQubBhbdhc-RY_lbIUCW1wtGigs51DCAsSwxtyAQpxAEsJR4wZURmrm4xgxXgqOcqpa-Ca8YLCs7WLnbjNyk2VH-BFCwvngzB2Aluq_AyAhhOGfM5UlcEZg0JUXIo_0SNL7QXoUexBME1WtgCYYatG8a2qjVfgzuntaw_pXRB4OH5F9z2T7O1VRHgEULmLa9aY1i_39__6_Wm3v3n8BdekOj405POikV8wdkFXm7qWInMhhxvy5lQflLKfa7QdPxSWRGtNcMRhR_aMvyAUsAdBGF1vdv5tE7vv8E60T3Hezx8v3GpxPKLDrtku5YUEUNFwEa98sBw1P13Xik2XsylgKlBk8V76Ih-FMkHiUzwFrHNC6X6apXi4Ttwo2f2jP97ImD4YNsbBRD9YZ_88bD_up5TPpwni9geWikmbXZNoGrz65aOwWPdNOUo2rIiXWRjO-Wy5mhVZCEm8KiCaFeiBZQTJYjpbZGmURxhXpbW1QR6Mc_ygkLJJA_Qt_iCF7VenF39aDZhJtz-uYjV4Gn_Uz-ei-vBmLJw8dZDhMW0q2zDWQYXHjOZBOPWr96JqXtlvmDYg-1umQTQLQoQpnhyhwuqaDVvTs-kccX9hjEeLHR4_kZJzw5xwKvGTptJwFHge7L2TrrhP2o42wXybWDWh9jWKZ4aNFlt2i41zW0L2zZH6NhWY3mw0DY04YYd7Qq4nTNYnqRQWgiXu5voYMrJCVDm8unnAEaMhYtwnrlD1jdfCWFsFaJ8geTvWyca86yTikeqLpAszI2IWOTaOBbbECMIayivL-ma0u0eLXfeowTa6as_bkQcjZf--cfe980Dzjuv6lP_s7kD9tsMbsc6KY0BOautYxXTjomNQ39mbQxLYX_p40MlIrbGr2wmKdW2NJCDRN4dBE1xj9UMW9yXS1_qjeEbjXXU8F7keRtvzTpfQ34necyGa_PjfpXh5ET73qGmKP6m2X4YkB2-86JpLvMBoDV_nfJ7EWfgu9qjm3SqZX9EWO4bq9ux2c3f_eNg7gU3FccSgiMRhKu8D4IW0nfOdci_HZQs2ycVFy1f91jYkN2Dglhh38UpVbyfV4FzDT2BqnJ2IERFNNrdK37dDGm3uhb8r3HeVQeezTr9PBZ7n4nL-GQCE56L4MS9GTpD2cVtkq0G-Pc18jPXP_CYA0bmwhvP0f1OZJz_C12Y8jgb9YxbD5g7oxJzJn64U5-Ew88GPst8Nri7Mf86d7UDMouvAIu3_13xh138KK5KmgbuXR0EQ_I3qz7n18Ljd7h8eHJ51mzucxk4cpXA0budR-XbV9NrCQr48sB2VpY0b1rvk682tl70_0cyGetlQK_uok6XYxGb7NI2G-2MXHL0t4dVysukgZzHOqZAbF260P3Tq6Sm-lJ3ZVd_DLGDG36qc5MF-3PK2ge9k9CR3T0nP0rhvFhl1tinqWfLDLfhSJS7McY-XatY7--P_lvIO6fgjmJPvG9-V6q75-gy_LfHyiV--d3cDKV5cZEMX7I6w2X0lssR2_ES3O26VDmgQjpIlJXqXSW67S_zrvZ6mocBmTpeij_dt3y_lYLmQnlLhPe9J1f7amGyd0W7hRqrsm5s9dOPeCxRcGvfwrASCsb-i-QckOl7fUanIbXwHY86vCN_NZ6_qq_Pb32fYnTnQtdaA03PecWe23pAzcbYjr20MFXiX_DhvxNEnVP7Faqo3wvxWqZfqgV4Y4Zx-6cgFmop30nfDyhjW0XyeLJNptIrG-TrJV8mKj62wEtafBu-Z_ddYvcs3RZa7GrcvDpYYbpeXCDs_vY0bLdc_fR1yr4roLcFssVwtxuV6GkWQx0vg6XyZLuI0mafTZZHMo1m-gkXCx5LjAGfW6EBEbCzWcRjH4Qr_LcPVLApmUYF3qVW2miWzcLrMsVzCCfEJSHGg9HGs184GPJ3BRfK2uSxyY8SxAujk88aWSq9r4FVjD1CNncFrZ-1_AI_G-MU">