[PATCH] D69962: [CFG] Fix a flaky crash in CFGBlock::getLastCondition().
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Nov 7 12:50:33 PST 2019
NoQ created this revision.
NoQ added reviewers: dcoughlin, xazax.hun, a_sidorin, rnkovacs, Szelethus, baloghadamsoftware, Charusso.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.
Using an end iterator of an empty CFG block boiled down to dereferencing a garbage pointer.
This was fun to debug because the actual segfault occurs once in ~20 runs on the original code (on my system; on top of that, each run took several minutes). On the newly added test it crashes even more rarely, roughly once in 500 runs.
CFG uses `llvm::BumpVector` for storing the list of elements. Its iterators are typedefs for raw pointers, so there's no way to check the correctness of the iterator by injecting assertions into it.
> [12:26:29] <@NoQ> I'm about to commit a fix for a flaky crash that's reproducible once in ~1000 compilations. Can we make for-loops in lit?
> [12:27:12] <@jdoerfert> @NoQ: jdenny: has an extension to do that (I think)
> [12:36:40] <@NoQ> @jdoerfert: Thanks!
> [12:36:59] <@jdoerfert> @NoQ: so, I doubt we have on in-tree
> [12:37:21] <@NoQ> Mm, ok. I guess i could copy-paste the run-line :)
> [12:37:36] <@Lebedev.RI> i remember seeing previous fixes with such idea, but i don't recall how they achieved that
> [12:37:37] <@jdoerfert> that is one way, yes ;)
> [12:38:16] <@jdoerfert> #include <>; #include<>; #include<>; ... exponential growth!
Repository:
rC Clang
https://reviews.llvm.org/D69962
Files:
clang/lib/Analysis/CFG.cpp
clang/test/Analysis/a_flaky_crash.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D69962.228292.patch
Type: text/x-patch
Size: 17001 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20191107/b7937bf9/attachment-0001.bin>
More information about the cfe-commits
mailing list