<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>Hi everyone,</div><div>Recently, I made some tests for LLVM/Clang/opt, and I found many test cases that can cause a crash bug for opt with "...<span style="font-family: monospace; font-size: small; white-space: pre-wrap;">-loop-unroll -licm...</span>".</div><div>For the truck version of LLVM, the output is "llvm/lib/Transforms/Scalar/LICM.cpp:222: virtual bool {anonymous}::LegacyLICMPass::doFinalization(): Assertion `LICM.getLoopToAliasSetMap().empty() && "Didn't free loop alias sets"' failed."</div><div>For example, when compiling the following source code with the pass sequence "-loop-rotate -gvn -prune-eh -loop-unroll -licm", the bug can be triggered.</div><div>---------------------------------------------------</div><div><div>#include "csmith.h"</div><div>g, h;</div><div>int16_t a();</div><div>b() {</div><div> a();</div><div> for (;;) {</div><div> uint64_t c;</div><div> int d, e, f;</div><div> for (d = 0; d < 4; d++)</div><div> for (; e < f;)</div><div> c;</div><div> }</div><div>}</div><div>int16_t a() {</div><div> for (; 0;)</div><div> for (; 0;)</div><div> for (; 0;)</div><div> ;</div><div> g = 0;</div><div> for (; g < 5; g++)</div><div> for (; h;)</div><div> ;</div><div>}</div></div><div><pre class="bz_comment_text" id="comment_text_0" style="font-size: small; font-family: monospace; width: 50em;">$clang -O3 -c -emit-llvm -mllvm -disable-llvm-optzns small1.c -o small1.bc</pre><pre class="bz_comment_text" id="comment_text_0" style="font-size: small; font-family: monospace; width: 50em;">$opt -loop-rotate -gvn -prune-eh -loop-unroll -licm small1.bc -o small1-opt.bc</pre></div><div>----------------------------------------------------</div><div>My question is that why the information in LoopToAliasSetMap must be freed before the doFinalization() function.</div><div>When the program runs into the doFinalization() function, the information in LoopToAliasSetMap is no longer useful,</div><div>so can we free these elements in LoopToAliasSetMap manually? Like this:</div><div><pre class="bz_comment_text" id="comment_text_6" style="font-size: small; font-family: monospace; width: 50em;"><span style="font-size: 13px;">bool doFinalization() override {
//assert(LICM.getLoopToAliasSetMap().empty() &&
//"Didn't free loop alias sets");
for (auto <AS : LICM.getLoopToAliasSetMap())
delete LTAS.second;
LICM.getLoopToAliasSetMap().clear();
return false;
}</span></pre><pre class="bz_comment_text" id="comment_text_6" style="font-size: small; font-family: monospace; width: 50em;"><pre class="bz_comment_text" id="comment_text_6" style="font-family: monospace; width: 50em;"><span style="font-size: 13px;">I test it on my system and it works, but I do not know whether there are some side-effects.</span></pre></pre></div></div><br><br><span title="neteasefooter"><p> </p></span>