[PATCH] D51651: [ThinLTO] Fix memory corruption in ThinLTOCodeGenerator when CodeGenOnly was specified
Alex Borcan via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Sep 4 12:10:39 PDT 2018
alexbdv created this revision.
Herald added subscribers: llvm-commits, dexonsmith, steven_wu, eraman, inglorion, mehdi_amini.
Issue occurs when doing ThinLTO with CodeGenOnly flag.
TMBuilder.TheTriple is assigned to by multiple threads in an unsafe way resulting in double-free of std::string memory.
Pseudocode:
if (CodeGenOnly) {
// Perform only parallel codegen and return.
ThreadPool Pool;
int count = 0;
for (auto &ModuleBuffer : Modules) {
Pool.async([&](int count) {
...
/// Now call OutputBuffer = codegen(*TheModule);
/// Which turns into initTMBuilder(moduleTMBuilder, Triple(TheModule.getTargetTriple()));
/// Which turns into
TMBuilder.TheTriple = std::move(TheTriple); // std::string = "....."
/// So, basically std::string assignment to same string on multiple threads = memory corruption
}
return;
}
Repository:
rL LLVM
https://reviews.llvm.org/D51651
Files:
lib/LTO/ThinLTOCodeGenerator.cpp
Index: lib/LTO/ThinLTOCodeGenerator.cpp
===================================================================
--- lib/LTO/ThinLTOCodeGenerator.cpp
+++ lib/LTO/ThinLTOCodeGenerator.cpp
@@ -822,8 +822,12 @@
* Perform ThinLTO CodeGen.
*/
std::unique_ptr<MemoryBuffer> ThinLTOCodeGenerator::codegen(Module &TheModule) {
- initTMBuilder(TMBuilder, Triple(TheModule.getTargetTriple()));
- return codegenModule(TheModule, *TMBuilder.create());
+ // Create local copy of TMBuilder as ThinLTOCodeGenerator::codegen needs to
+ // be thread safe and initTMBuilder below is not thread safe on same object
+ TargetMachineBuilder moduleTMBuilder(TMBuilder);
+
+ initTMBuilder(moduleTMBuilder, Triple(TheModule.getTargetTriple()));
+ return codegenModule(TheModule, *moduleTMBuilder.create());
}
/// Write out the generated object file, either from CacheEntryPath or from
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D51651.163883.patch
Type: text/x-patch
Size: 871 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180904/d8f81756/attachment.bin>
More information about the llvm-commits
mailing list