<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 19, 2015 at 11:52 PM, Justin Bogner <span dir="ltr"><<a href="mailto:mail@justinbogner.com" target="_blank">mail@justinbogner.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5">David Blaikie <<a href="mailto:dblaikie@gmail.com">dblaikie@gmail.com</a>> writes:<br>
> On Fri, Jun 19, 2015 at 11:24 PM, Justin Bogner <<a href="mailto:mail@justinbogner.com">mail@justinbogner.com</a>><br>
> wrote:<br>
><br>
>     Author: bogner<br>
>     Date: Sat Jun 20 01:24:05 2015<br>
>     New Revision: 240214<br>
><br>
>     URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject-3Frev-3D240214-26view-3Drev&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=0hdJdy8ciZtAnSGCzK-8bEtZyGFHDFahwwb8UmbsEcE&s=yGEl2QXyn2I4AHH7dT7kJiwY4mCkOv9b9psImSioQ7w&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project?rev=240214&view=rev</a><br>
>     Log:<br>
>     IndVarSimplify: Avoid UB from binding a reference to a null pointer<br>
><br>
>     Calling operator* on a WeakVH whose Value is null hits undefined<br>
>     behaviour, since we bind the value to a reference. Instead, go through<br>
>     `operator Value*` so that we work with the pointer itself.<br>
><br>
>     Found by ubsan.<br>
><br>
>     Modified:<br>
>         llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp<br>
><br>
>     Modified: llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp<br>
>     URL: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__llvm.org_viewvc_llvm-2Dproject_llvm_trunk_lib_Transforms_&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=0hdJdy8ciZtAnSGCzK-8bEtZyGFHDFahwwb8UmbsEcE&s=c16glM63NhKEwC4w28SKhakrutPW266vE_7c-HWV0WI&e=" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/</a><br>
>     Scalar/IndVarSimplify.cpp?rev=240214&r1=240213&r2=240214&view=diff<br>
>     ========================================================================<br>
>     ======<br>
>     --- llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp (original)<br>
>     +++ llvm/trunk/lib/Transforms/Scalar/IndVarSimplify.cpp Sat Jun 20<br>
>     01:24:05 2015<br>
>     @@ -2013,10 +2013,11 @@ bool IndVarSimplify::runOnLoop(Loop *L,<br>
><br>
>        // Now that we're done iterating through lists, clean up any<br>
>     instructions<br>
>        // which are now dead.<br>
>     -  while (!DeadInsts.empty())<br>
>     -    if (Instruction *Inst =<br>
>     -          dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))<br>
>     +  while (!DeadInsts.empty()) {<br>
>     +    Value *V = static_cast<Value *>(DeadInsts.pop_back_val());<br>
>     +    if (Instruction *Inst = dyn_cast_or_null<Instruction>(V))<br>
><br>
> Hmm - I think there's some fancy machinery in the llvm cast stuff to allow<br>
> us to map through from different types (so we could say that casting a<br>
> WeakVH retrieves the Value* first), maybe... (so you could just<br>
> dyn_cast_or_null<Value*>(DeadInsts.pop_back_val()) directly)<br>
<br>
</div></div>I don't really understand what you're going for here - we need to cast<br>
twice. We have a WeakVH, which we can get a Value* out of, then we<br>
dyn_cast_or_null that to an Instruction*. There's no need to dyn_cast to<br>
a Value* (we want the conversion operator), and obviously WeakVH can't<br>
be cast to Instruction* directly, since they're unrelated types.<br></blockquote><div><br>What I mean is we have a way of making them related, through a template called simplify_type. Here's the version for QualType to allow QualTypes to be casted to specific clang::Types: <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__clang.llvm.org_doxygen_structllvm-5F1-5F1simplify-5F-5Ftype-5F3-5F01-5F1-5F1clang-5F1-5F1QualType-5F01-5F4.html&d=AwMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=mQ4LZ2PUj9hpadE3cDHZnIdEwhEBrbAstXeMaFoB9tg&m=0hdJdy8ciZtAnSGCzK-8bEtZyGFHDFahwwb8UmbsEcE&s=oxASZUBuLwERtoo_P_oDNg-WbRsECNIibfs0x4kk3zY&e=">http://clang.llvm.org/doxygen/structllvm_1_1simplify__type_3_01_1_1clang_1_1QualType_01_4.html</a> <br><br>I think it /might/ work here, but I don't know/recall the specifics - perhaps it doesn't fit here for some reason.<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class=""><div class="h5"><br>
><br>
>            RecursivelyDeleteTriviallyDeadInstructions(Inst, TLI);<br>
>     +  }<br>
><br>
>        // The Rewriter may not be used from this point on.<br>
><br>
>     _______________________________________________<br>
>     llvm-commits mailing list<br>
>     <a href="mailto:llvm-commits@cs.uiuc.edu">llvm-commits@cs.uiuc.edu</a><br>
>     <a href="http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits</a><br>
</div></div></blockquote></div><br></div></div>