[LLVMbugs] [Bug 3375] New: opt crash with use-after-free in MemDep
bugzilla-daemon at cs.uiuc.edu
bugzilla-daemon at cs.uiuc.edu
Thu Jan 22 13:44:38 PST 2009
http://llvm.org/bugs/show_bug.cgi?id=3375
Summary: opt crash with use-after-free in MemDep
Product: new-bugs
Version: unspecified
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: new bugs
AssignedTo: unassignedbugs at nondot.org
ReportedBy: edwintorok at gmail.com
CC: llvmbugs at cs.uiuc.edu
Created an attachment (id=2428)
--> (http://llvm.org/bugs/attachment.cgi?id=2428)
bugpoint reduced testcase
With TOT opt crashes when optimizing clamscan:
bugpoint --enable-valgrind in MultiSource/Applications/Clamav:
If you just use 'make bugpoint-opt' it'll show a crash in simplifycfg, or
lcssa, etc. valgrind shows the problem in memdep.
$ /home/edwin/llvm-svn/llvm/Release/bin/bugpoint x.bc -gvn -memdep -memcpyopt
-sccp -append-exit-code -Xlinker=-lz -input=/dev/null
-output=Output/clamscan.out-nat -timeout=500 -mlimit=0 --enable-valgrind
Checking for crash with only these blocks: bb68 bb58 bb3.outer bb11 bb6 bb2
bb84 bb26 bb114 bb242... <191 total>: ^C==11910== Invalid read of size 8
==11910== at 0x6B69E9:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6EFA:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDependency(llvm::Value*,
bool, llvm::BasicBlock*, llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*,
llvm::MemDepResult> >&) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54A85B: (anonymous
namespace)::GVN::processNonLocalLoad(llvm::LoadInst*,
llvm::SmallVectorImpl<llvm::Instruction*>&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54C020: (anonymous
namespace)::GVN::iterateOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54E352: (anonymous
namespace)::GVN::runOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E26A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E4A5: llvm::FPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76DE46: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E045: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x4AF0CA:
llvm::BugDriver::runPassesAsChild(std::vector<llvm::PassInfo const*,
std::allocator<llvm::PassInfo const*> > const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x494F98: llvm::BugDriver::run() (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x4B8865: main (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== Address 0x650f788 is 1,464 bytes inside a block of size 2,560 free'd
==11910== at 0x4C2111D: operator delete(void*) (vg_replace_malloc.c:342)
==11910== by 0x6BA847: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::grow(unsigned int) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6BA96A: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::operator[](llvm::PointerIntPair<llvm::Value*, 1u, bool> const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6300:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910==
==11910== Invalid read of size 8
==11910== at 0x6B69ED:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6EFA:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDependency(llvm::Value*,
bool, llvm::BasicBlock*, llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*,
llvm::MemDepResult> >&) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54A85B: (anonymous
namespace)::GVN::processNonLocalLoad(llvm::LoadInst*,
llvm::SmallVectorImpl<llvm::Instruction*>&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54C020: (anonymous
namespace)::GVN::iterateOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x54E352: (anonymous
namespace)::GVN::runOnFunction(llvm::Function&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E26A: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E4A5: llvm::FPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76DE46: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x76E045: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x4AF0CA:
llvm::BugDriver::runPassesAsChild(std::vector<llvm::PassInfo const*,
std::allocator<llvm::PassInfo const*> > const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x494F98: llvm::BugDriver::run() (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x4B8865: main (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== Address 0x650f780 is 1,456 bytes inside a block of size 2,560 free'd
==11910== at 0x4C2111D: operator delete(void*) (vg_replace_malloc.c:342)
==11910== by 0x6BA847: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::grow(unsigned int) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6BA96A: llvm::DenseMap<llvm::PointerIntPair<llvm::Value*, 1u,
bool>, std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > >,
llvm::DenseMapInfo<llvm::PointerIntPair<llvm::Value*, 1u, bool> >,
llvm::DenseMapInfo<std::pair<llvm::PointerIntPair<llvm::BasicBlock*, 1u, bool>,
std::vector<std::pair<llvm::BasicBlock*, llvm::MemDepResult>,
std::allocator<std::pair<llvm::BasicBlock*, llvm::MemDepResult> > > > >
>::operator[](llvm::PointerIntPair<llvm::Value*, 1u, bool> const&) (in
/home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6300:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
==11910== by 0x6B6A49:
llvm::MemoryDependenceAnalysis::getNonLocalPointerDepFromBB(llvm::Value*,
unsigned long, bool, llvm::BasicBlock*,
llvm::SmallVectorImpl<std::pair<llvm::BasicBlock*, llvm::MemDepResult> >&,
llvm::DenseMap<llvm::BasicBlock*, llvm::Value*,
llvm::DenseMapInfo<llvm::BasicBlock*>, llvm::DenseMapInfo<llvm::Value*> >&,
bool) (in /home/edwin/llvm-svn/llvm/Release/bin/bugpoint)
Exited with error code '1'
*** Reduction Interrupted, cleaning up...
Emitted bitcode to 'bugpoint-reduced-simplified.bc'
*** You can reproduce the problem with: opt bugpoint-reduced-simplified.bc -gvn
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list