[Mlir-commits] [mlir] aa84e6e - [mlir] Fix undefined behavior in Linalg utils getViewSizes

Alex Zinenko llvmlistbot at llvm.org
Tue Jul 21 00:57:50 PDT 2020 

Author: Alex Zinenko
Date: 2020-07-21T09:57:41+02:00
New Revision: aa84e6e579bedffda43f8ebffa553cf277947e96

URL: https://github.com/llvm/llvm-project/commit/aa84e6e579bedffda43f8ebffa553cf277947e96
DIFF: https://github.com/llvm/llvm-project/commit/aa84e6e579bedffda43f8ebffa553cf277947e96.diff

LOG: [mlir] Fix undefined behavior in Linalg utils getViewSizes

The utility function getViewSizes in Linalg has been recently updated to
support a different form of Linalg operations. In doing so, the code looking
like `smallvector.push_back(smallvector[i])` was introduced. Unlike std
vectors, this can lead to undefined behavior if the vector must grow upon
insertion: `smallvector[i]` returns a reference to the element, `push_back`
takes a const reference to the element, and then grows the vector storage
before accessing the referenced value. After the resize, the reference may
become dangling, which leads to undefined behavior detected by ASAN as
use-after-free. Work around the issue by forcing the value to be copied by
putting it into a temporary variable.

Added: 
    

Modified: 
    mlir/include/mlir/Dialect/Linalg/Utils/Utils.h

Removed: 
    


################################################################################
diff  --git a/mlir/include/mlir/Dialect/Linalg/Utils/Utils.h b/mlir/include/mlir/Dialect/Linalg/Utils/Utils.h
index 76d570a50572..769f4894a2b7 100644
--- a/mlir/include/mlir/Dialect/Linalg/Utils/Utils.h
+++ b/mlir/include/mlir/Dialect/Linalg/Utils/Utils.h
@@ -119,9 +119,12 @@ SmallVector<Value, 8> getViewSizes(OpBuilder &builder, ConcreteOp linalgOp) {
     // Append or rewrite the end of the value list that corresponds to the
     // values mapping to symbols. Since inside concatinated map symbols are
     // repeated we have to repeat the sizes as well.
-    for (unsigned idx = 0, s = ranks.size(); idx < s; ++idx)
-      for (unsigned idx2 = 0; idx2 < numSymb; ++idx2)
-        res.push_back(res[symbolsPos + idx2]);
+    for (unsigned idx = 0, s = ranks.size(); idx < s; ++idx) {
+      for (unsigned idx2 = 0; idx2 < numSymb; ++idx2) {
+        Value viewSize = res[symbolsPos + idx2];
+        res.push_back(viewSize);
+      }
+    }
   }
   return res;
 }

More information about the Mlir-commits mailing list