<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 19, 2015 at 11:24 PM, Justin Bogner <span dir="ltr"><<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: bogner<br>
Date: Sat Jun 20 01:24:05 2015<br>
New Revision: 240214<br>
<br>
URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject-3Frev-3D240214-26view-3Drev&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=lDVhH15dCbS_yc_YzUJf2bz0yhRF9jGl7uNypoXJZGA&s=ImLRacF1peo3dESSQWrJwYf02l0Ih8brRikh8dzD1rk&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=240214&view=rev</a><br>
Log:<br>
IndVarSimplify: Avoid UB from binding a reference to a null pointer<br>
<br>
Calling operator* on a WeakVH whose Value is null hits undefined<br>
behaviour, since we bind the value to a reference. Instead, go through<br>
`operator Value*` so that we work with the pointer itself.<br>
<br>
Found by ubsan.<br>
<br>
Modified:<br>
    llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp<br>
<br>
Modified: llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp<br>
URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_Transforms_Scalar_IndVarSimplify.cpp-3Frev-3D240214-26r1-3D240213-26r2-3D240214-26view-3Ddiff&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=lDVhH15dCbS_yc_YzUJf2bz0yhRF9jGl7uNypoXJZGA&s=_p0zpI_8hKvr5adhPiVOU8Ph_JZ77qy5eHof4aDvJsM&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp?rev=240214&r1=240213&r2=240214&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp (original)<br>
+++ llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp Sat Jun 20 01:24:05 2015<br>
@@ -2013,10 +2013,11 @@ bool IndVarSimplify::runOnLoop(Loop *L,<br>
<br>
   // Now that we're done iterating through lists, clean up any instructions<br>
   // which are now dead.<br>
-  while (!DeadInsts.empty())<br>
-    if (Instruction *Inst =<br>
-          dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))<br>
+  while (!DeadInsts.empty()) {<br>
+    Value *V = static_cast<Value *>(DeadInsts.pop_back_val());<br>
+    if (Instruction *Inst = dyn_cast_or_null<Instruction>(V))<br></blockquote><div><br></div><div>Hmm - I think there's some fancy machinery in the llvm cast stuff to allow us to map through from different types (so we could say that casting a WeakVH retrieves the Value* first), maybe... (so you could just dyn_cast_or_null<Value*>(DeadInsts.pop_back_val()) directly)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
       RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);<br>
+  }<br>
<br>
   // The Rewriter may not be used from this point on.<br>
<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div></div>