[flang-commits] [flang] [flang][HLFIR] Fix use-after-free when rewriting users in `canonicalize` (PR #84371)
Krzysztof Parzyszek via flang-commits
flang-commits at lists.llvm.org
Thu Mar 7 12:29:59 PST 2024
https://github.com/kparzysz updated https://github.com/llvm/llvm-project/pull/84371
>From bcbd32fa277cfeebafd44cce79b47411bd838c22 Mon Sep 17 00:00:00 2001
From: Krzysztof Parzyszek <Krzysztof.Parzyszek at amd.com>
Date: Thu, 7 Mar 2024 14:06:53 -0600
Subject: [PATCH 1/2] [flang][HLFIR] Fix use-after-free when rewriting users in
`canonicalize`
Rewriting an op can invalidate the operator range being iterated on. Store
the users in a separate list, and iterate over the list instead.
This was detected by address sanitizer.
---
flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp b/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
index 8bc92a991a69cf..74d94cd654b4a9 100644
--- a/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
+++ b/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
@@ -1152,7 +1152,9 @@ hlfir::MatmulOp::canonicalize(MatmulOp matmulOp,
// but we do need to get rid of the hlfir.destroy for the hlfir.transpose
// result (which is entirely removed)
- for (mlir::Operation *user : transposeOp->getResult(0).getUsers())
+ llvm::SmallVector<mlir::Operation *> users(
+ transposeOp->getResult(0).getUsers());
+ for (mlir::Operation *user : users)
if (auto destroyOp = mlir::dyn_cast_or_null<hlfir::DestroyOp>(user))
rewriter.eraseOp(destroyOp);
rewriter.eraseOp(transposeOp);
@@ -1864,7 +1866,8 @@ hlfir::ForallIndexOp::canonicalize(hlfir::ForallIndexOp indexOp,
return mlir::failure();
auto insertPt = rewriter.saveInsertionPoint();
- for (mlir::Operation *user : indexOp->getResult(0).getUsers())
+ llvm::SmallVector<mlir::Operation*> users(indexOp->getResult(0).getUsers());
+ for (mlir::Operation *user : users)
if (auto loadOp = mlir::dyn_cast<fir::LoadOp>(user)) {
rewriter.setInsertionPoint(loadOp);
rewriter.replaceOpWithNewOp<fir::ConvertOp>(
>From d4beced154ed5737f4d644960bde3a457f6306ce Mon Sep 17 00:00:00 2001
From: Krzysztof Parzyszek <Krzysztof.Parzyszek at amd.com>
Date: Thu, 7 Mar 2024 14:29:24 -0600
Subject: [PATCH 2/2] Apply clang-format
---
flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp b/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
index 74d94cd654b4a9..3568fe202caf14 100644
--- a/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
+++ b/flang/lib/Optimizer/HLFIR/IR/HLFIROps.cpp
@@ -11,6 +11,7 @@
//===----------------------------------------------------------------------===//
#include "flang/Optimizer/HLFIR/HLFIROps.h"
+
#include "flang/Optimizer/Dialect/FIROpsSupport.h"
#include "flang/Optimizer/Dialect/FIRType.h"
#include "flang/Optimizer/Dialect/Support/FIRContext.h"
@@ -1866,7 +1867,7 @@ hlfir::ForallIndexOp::canonicalize(hlfir::ForallIndexOp indexOp,
return mlir::failure();
auto insertPt = rewriter.saveInsertionPoint();
- llvm::SmallVector<mlir::Operation*> users(indexOp->getResult(0).getUsers());
+ llvm::SmallVector<mlir::Operation *> users(indexOp->getResult(0).getUsers());
for (mlir::Operation *user : users)
if (auto loadOp = mlir::dyn_cast<fir::LoadOp>(user)) {
rewriter.setInsertionPoint(loadOp);
More information about the flang-commits
mailing list