[LLVMbugs] [Bug 4258] New: -indvars: use after free and crash

bugzilla-daemon at cs.uiuc.edu bugzilla-daemon at cs.uiuc.edu
Sun May 24 02:44:38 PDT 2009 

http://llvm.org/bugs/show_bug.cgi?id=4258

           Summary: -indvars: use after free and crash
           Product: new-bugs
           Version: unspecified
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: new bugs
        AssignedTo: unassignedbugs at nondot.org
        ReportedBy: edwintorok at gmail.com
                CC: llvmbugs at cs.uiuc.edu


$ Release/bin/opt bugpoint-reduced-blocks.bc -inline -simplifycfg -loop-rotate
-licm -loop-index-split -indvars
WARNING: You're attempting to print out a bitcode file.
This is inadvisable as it may cause display problems. If
you REALLY want to taste LLVM bitcode first-hand, you
can force output with the `-f' option.

0   opt             0x00000000007c82df
1   opt             0x00000000007c86d9
2   libpthread.so.0 0x0000003b0a80e7b0
3   opt             0x0000000000603d2a
llvm::RecursivelyDeleteTriviallyDeadInstructions(llvm::Value*) + 314
4   opt             0x0000000000528159
5   opt             0x00000000005299f4
6   opt             0x00000000006848be
llvm::LPPassManager::runOnFunction(llvm::Function&) + 1054
7   opt             0x0000000000762c29
llvm::FPPassManager::runOnFunction(llvm::Function&) + 489
8   opt             0x0000000000648dce
9   opt             0x00000000007603cd
llvm::MPPassManager::runOnModule(llvm::Module&) + 301
10  opt             0x0000000000760d50
llvm::PassManagerImpl::run(llvm::Module&) + 160
11  opt             0x00000000004a66e0 main + 1488
12  libc.so.6       0x0000003b09c1e5a6 __libc_start_main + 230
13  opt             0x000000000049b3a9
Stack dump:
0.      Running pass 'CallGraph Pass Manager' on module
'bugpoint-reduced-blocks.bc'.
1.      Running pass 'Loop Pass Manager' on function 'Segmentation fault


If I create a bitcode with -inline -simplifycfg -loop-rotate -licm
-loop-index-split, and run -indvars on the result it doesn't crash (and its
valgrind clean too).

Valgrind shows use-after-free in indvars:
==13974== Invalid read of size 8
==13974==    at 0x4B21B0: llvm::Value::getType() const (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)
==13974==    by 0x6C1636: llvm::SCEVExpander::visitAddExpr(llvm::SCEVAddExpr
const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                      
==13974==    by 0x6BFA1F: llvm::SCEVExpander::expand(llvm::SCEV const*) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)          
==13974==    by 0x6BFB0D: llvm::SCEVExpander::expandCodeFor(llvm::SCEVHandle,
llvm::Type const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)           
==13974==    by 0x52B304: llvm::SCEVExpander::expandCodeFor(llvm::SCEVHandle,
llvm::Type const*, llvm::ilist_iterator<llvm::Instruction>) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x528096: (anonymous
namespace)::IndVarSimplify::RewriteLoopExitValues(llvm::LoopBase<llvm::BasicBlock>*,
llvm::SCEV const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)           
==13974==    by 0x5299F3: (anonymous
namespace)::IndVarSimplify::runOnLoop(llvm::LoopBase<llvm::BasicBlock>*,
llvm::LPPassManager&) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x6848BD: llvm::LPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x762C28: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x648DCD: (anonymous
namespace)::CGPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x7603CC: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x760D4F: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)
==13974==    by 0x6BFA1F: llvm::SCEVExpander::expand(llvm::SCEV const*) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)          
==13974==    by 0x6BFB0D: llvm::SCEVExpander::expandCodeFor(llvm::SCEVHandle,
llvm::Type const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)           
==13974==    by 0x52B304: llvm::SCEVExpander::expandCodeFor(llvm::SCEVHandle,
llvm::Type const*, llvm::ilist_iterator<llvm::Instruction>) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x528096: (anonymous
namespace)::IndVarSimplify::RewriteLoopExitValues(llvm::LoopBase<llvm::BasicBlock>*,
llvm::SCEV const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)           
==13974==    by 0x5299F3: (anonymous
namespace)::IndVarSimplify::runOnLoop(llvm::LoopBase<llvm::BasicBlock>*,
llvm::LPPassManager&) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x6848BD: llvm::LPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x762C28: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x648DCD: (anonymous
namespace)::CGPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x7603CC: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x760D4F: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)              
==13974==  Address 0x6f5dbf8 is 64 bytes inside a block of size 128 free'd      
==13974==    at 0x4A0711D: operator delete(void*) (vg_replace_malloc.c:342)     
==13974==    by 0x603DB7:
llvm::RecursivelyDeleteTriviallyDeadInstructions(llvm::Value*) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x528158: (anonymous
namespace)::IndVarSimplify::RewriteLoopExitValues(llvm::LoopBase<llvm::BasicBlock>*,
llvm::SCEV const*) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)           
==13974==    by 0x5299F3: (anonymous
namespace)::IndVarSimplify::runOnLoop(llvm::LoopBase<llvm::BasicBlock>*,
llvm::LPPassManager&) (in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x6848BD: llvm::LPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x762C28: llvm::FPPassManager::runOnFunction(llvm::Function&)
(in /home/edwin/llvm-svn/llvm-obj/Release/bin/opt)    
==13974==    by 0x648DCD: (anonymous
namespace)::CGPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)                                  
==13974==    by 0x7603CC: llvm::MPPassManager::runOnModule(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)        
==13974==    by 0x760D4F: llvm::PassManagerImpl::run(llvm::Module&) (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)              
==13974==    by 0x4A66DF: main (in
/home/edwin/llvm-svn/llvm-obj/Release/bin/opt)


-- 
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the llvm-bugs mailing list