<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/136048>136048</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
Calling `BasicBlock::getFirstNonPHIOrDbgOrAlloca` on a `catchswitch` block yields an invalid (end) iterator.
</td>
</tr>
<tr>
<th>Labels</th>
<td>
new issue
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
tylanphear
</td>
</tr>
</table>
<pre>
When calling `BasicBlock::getFirstNonPHIOrDbgOrAlloca()` on a basic block like the following:
```
catch.dispatch: ; preds = %init.attempt.i664
%0 = catchswitch within none [label %catch] unwind to caller
```
Instead of yielding an iterator to `%0`, we get the end iterator. This is because `getFirstNonPHIOrDbgOrAlloca()` tries to skip over EHPad instructions (like `catchswitch`) but doesn't account for the fact that `catchswitch` is *both* an EHPad instruction and a terminator.
This was found when testing builds with assertions/sentinel-tracking enabled: with certain input IRs, a crash in SLPVectorizer occurs, as the iterator from `getFirstNonPHIOrDbgOrAlloca()` gets dereferenced unconditionally without checking if it is the end iterator. But logically, it shouldn't have to do so; calling this method on a non-empty block with a terminator should always yield a valid iterator (besides, a `catchswitch` instruction is a valid non-PHI or dbg or alloca instruction). This is supported by its use throughout LLVM: a simple search of the codebase shows that most of the time this method is called, the resulting iterator is unconditionally dereferenced.
Example failing test (reduced from Boost 1.75.0 sources):
```llvm-ir
; REQUIRES: asserts
; RUN: opt -passes=slp-vectorizer < %s -disable-output
target datalayout = "e-m:w-p270:32:32-p271:32:32-p272:64:64-i64:64-i128:128-f80:128-n8:16:32:64-S128"
target triple = "x86_64-pc-windows-msvc19.40.33811"
%"class.boost::execution_exception" = type { i32, %"class.boost::unit_test::basic_cstring", %"struct.boost::execution_exception::location" }
%"class.boost::unit_test::basic_cstring" = type { ptr, ptr }
%"struct.boost::execution_exception::location" = type { %"class.boost::unit_test::basic_cstring", i64, %"class.boost::unit_test::basic_cstring" }
define void @"?run@framework@unit_test@boost@@YAXK_N@Z"() personality ptr null {
entry:
br label %for.cond109
for.cond109: ; preds = %if.end153, %entry
%setup_error.sroa.0.1 = phi ptr [ null, %entry ], [ null, %if.end153 ]
%setup_error.sroa.6.1 = phi ptr [ null, %entry ], [ null, %if.end153 ]
br label %init.attempt.i664
init.attempt.i664: ; preds = %for.cond109
%call.i666 = invoke ptr null(ptr null)
to label %invoke.cont.i668 unwind label %catch.dispatch
invoke.cont.i668: ; preds = %init.attempt.i664
ret void
catch.dispatch: ; preds = %init.attempt.i664
%0 = catchswitch within none [label %catch] unwind to caller
catch: ; preds = %catch.dispatch
%1 = catchpad within %0 [ptr null, i32 0, ptr null]
br i1 false, label %if.end153, label %invoke.cont149
invoke.cont149: ; preds = %catch
%m_begin2.i.i = getelementptr %"class.boost::execution_exception", ptr null, i64 0, i32 1, i32 0
%2 = load ptr, ptr %m_begin2.i.i, align 8
%3 = load ptr, ptr null, align 8
br label %if.end153
if.end153: ; preds = %invoke.cont149, %catch
%setup_error.sroa.0.2 = phi ptr [ %setup_error.sroa.0.1, %catch ], [ %2, %invoke.cont149 ]
%setup_error.sroa.6.2 = phi ptr [ %setup_error.sroa.6.1, %catch ], [ %3, %invoke.cont149 ]
catchret from %1 to label %for.cond109
}
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJzUWFuP27oR_jX0y8CCRMmy_eAHOZtFFk1z0qTn9PKyoMSxxS5NCiRlx_31xVC-xt5kG_Sli4UtiZyZb765aGjhvVobxAWbLNnkYST60Fq3CHstTNeicKPayv3iby0aaITWyqyBlelSeNUstW1eWF6xvFpjeFTOh0_WfP7w9Jt7qNe_uUpr2wjGZ4zPWZmCNSCgJkmoSRS0ekEILcLKam13yqxJW1qxMj38p1UjQtMmUvmOLlhewc__WL6EzqH0wPIHYHyijAqJCAE3XUhUWRYsrYAW0rgj2vA7FZoWdiq0yoCxBoFNllrUqGln3MMmD9CbnTISgo18oPsOL0urJ-MDCgl2BXuFWhJnwoAK6ESwjkRpL59EEf4OdghrDJEJNPK0MYG_tsqD8lBjI3qPJPYmpoNT6MmOf1Ed2C06eP_hs5CgjA-ub4KyxgPjsxgBVqYXDERMc6j7ANKiN4xPA4imsb0JsCL4FDDREF4RboUJL-NVbUPLeEWO35gGYSQICOg2ykRPB-KiuzvhYWV7I2FHSRfQByKw7pWWPoYHhPfoog-MP3o0QRnU4-BE80Jb0Yhao6RcidsbdEEoA8p0fYCnL544F9A44VtQBr5-_PwHNsE69W90YJumd8MWH309xW3l7ObNIVhj8CDR4QodmgYl9KaxRirCLbTeR2y2D9C0OOBWK1CB6LtNhGUfQNu1opTbEzYVwLe213KITyu2SPGWFryl9D_WaiBKNxhaK4f6M9aMqQz2hxocCL2IxUEvCL0Tez9kMAjYCq3OiCh3avRK4oHMO2lwEW_lTxrI_ucPT2AdyHpNXyIyd7mf8fk5933fddYFlFDvQQUPVAihdbZfR_o-fvzjzxRqAV5tOo3gUbimpeojHhsrsRYeya2dH3J2Y304rge1wSuWlB8KW5JjtMOh73XMwZP3yt9E8zLUh3R-_01EQCuhhligD0ScQ9lTQsR8WloCkyXTSZKCt71riNL5d41Q6-1mrGKvyZfw5f1ffn_68v5rdDvWgj-u_P6JHtouwLijJc_yB6-78fac4Cx_Rw3Nw1gqT5Uytn3o-kA9kaVVEI6akRRBaLEnhocmynG8YXm1G3d8mrK8ynn8oNvs-pauyiJ-jNXpIuMzllcZn41Xs_RwZeKj8iheFuOvtI3zM47gFHF4wPBtVj6XxbhrxtSE7c6PN37bZPOkSJM8n2XZIEv_fMI4b7TwPqmJ4-FFhd-w6Sloz_itwW7INh7Vh32HwKZLUDmn2L-ioTcqPFMoh9v4PntufHD0-uIXkkM6_8x4XKACOEGZPrwO_yfGr_3ogiM0XXBXSn8V16XqX-eGEuKXyT36kVYSV8ogbK2SwIqUlOePrjesSFdObHBn3Qsr0rO-Ih3MFCkr0n9Uf__T8ydWpP-MqKhnQ4fOUy2rsI-UmV5r8pWlFZrg9kNFAtQOTkPByrqE2kCWzgdYlw_y6s4gskrQyGySHzgYNB-GEY-h757ROesS76xI0iSLgl2rhihOlhHWpTCwyUO8v147GYrrrxko_5cGLom5N3CxtLp9_PN57obDa9JhGM60Jn1l3KPM1r7gKYiMz86Xg8jxL9hLyCRFmiO02XHQu54Az5PowaFroftBvzt9OgwxfQdF_xdj7gHm29C9DvOGyIgxO2PshDwCHMBPlucIvqP-DOmxs8WH5wxUGayE9kjL59BeVt29gGfF_Cae9OxeNJtL0JvnGtfK8EQlKm5YY0CNGzQh1tN_8xK68mjolIOb5G92dvxgeujI2gp51eivMcXhTKu1gdlRLr8rdzR6sfmqnk8MDjSdbt-eCney9Yrroa1csXunIfKbfvVK47zUd9nCiLljC7sCcOxj9_vk2-yWP7Sb_9DukPrUFYZzBlXEZX_67l0zvAiP8-FILnI5z-dihItsWhSzIp9k-ahdFPMm5dOmnOVYimldYzadzjHL00mKDZ8XI7XgKZ-kRVZyXkyyPJGrvJD5TGbFLM1rOWVFihuhdEIzaGLdeqS873GR5WVazEYRn48_H3BucAdxldJ58jByizi41v3asyLVygd_VhNU0Lh492s_Khx_Trg9dwzHmnhs8fHYbYaDB-MzNJLe9Kdj1ah3etGG0HkyyB8Zf1yr0PZ10tgN448E9fA17pz9FzaB8cfoIJ08DwxsF_w_AQAA__8QElKj">