[llvm-bugs] [Bug 28749] New: heap-use-after-free in SelectionDAG
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Jul 27 22:30:26 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=28749
Bug ID: 28749
Summary: heap-use-after-free in SelectionDAG
Product: new-bugs
Version: unspecified
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedbugs at nondot.org
Reporter: yaron.keren at gmail.com
CC: llvm-bugs at lists.llvm.org, niravd at google.com
Classification: Unclassified
Created attachment 16828
--> https://llvm.org/bugs/attachment.cgi?id=16828&action=edit
reproducer
compiling the attached using clang built with Asan results in
heap-use-after-free. llvm, clang, libcxx, libcxxabi, compiler-rt, libunwind are
trunk, r276955. clang configured as:
cmake -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -GNinja
-DCMAKE_BUILD_TYPE=Debug -DLLVM_USE_SANITIZER:STRING="Address"
-DCMAKE_C_FLAGS_DEBUG="-gmlt" -DCMAKE_CXX_FLAGS_DEBUG="-gmlt"
the compilation command is:
~/asan/build/bin/clang++ -cc1 -emit-obj -debug-info-kind=limited -O2
rational.cpp
where rational.cpp is attached.
The Asan report is:
=================================================================
==19198==ERROR: AddressSanitizer: heap-use-after-free on address 0x61f0000080b8
at pc 0x0000042b476d bp 0x7ffde4fb80f0 sp 0x7ffde4fb80e8
READ of size 8 at 0x61f0000080b8 thread T0
#0 0x42b476c in llvm::SelectionDAG::TransferDbgValues(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6644:23
#1 0x42b4187 in llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6289:3
#2 0x42b4f97 in
llvm::SelectionDAG::ReplaceAllUsesOfValueWith(llvm::SDValue, llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6404:5
#3 0x435a841 in llvm::DAGTypeLegalizer::ReplaceValueWith(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:705:9
#4 0x44215d2 in
llvm::DAGTypeLegalizer::PromoteIntegerOperand(llvm::SDNode*, unsigned int)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp:931:3
#5 0x4359427 in llvm::DAGTypeLegalizer::run()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:290:28
#6 0x4362e39 in llvm::SelectionDAG::LegalizeTypes()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:1176:34
#7 0x42eac53 in llvm::SelectionDAGISel::CodeGenAndEmitDAG()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:769:23
#8 0x42ea390 in
llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction
const>, llvm::ilist_iterator<llvm::Instruction const>, bool&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:679:3
#9 0x42e9b9b in llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function
const&) /home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#10 0x42e67dc in
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#11 0x1d8f18d in (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#12 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#13 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#14 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#15 0x2ae0d63 in (anonymous
namespace)::MPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#16 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#17 0x36413b1 in (anonymous
namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#18 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions
const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#19 0x4461c23 in
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#20 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool)
/home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#21 0x445f2d5 in clang::CodeGenAction::ExecuteAction()
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28
#22 0x3dda801 in clang::FrontendAction::Execute()
/home/ceemple/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:458:8
#23 0x3d5d606 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/ceemple/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:868:11
#24 0x3f14549 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/ceemple/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:241:25
#25 0xdb2213 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)
/home/ceemple/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
#26 0xda39f8 in ExecuteCC1Tool(llvm::ArrayRef<char const*>,
llvm::StringRef) /home/ceemple/llvm/tools/clang/tools/driver/driver.cpp:299:12
#27 0xda288d in main
/home/ceemple/llvm/tools/clang/tools/driver/driver.cpp:380:12
#28 0x7fa60b39582f in __libc_start_main
/build/glibc-GKVZIf/glibc-2.23/csu/../csu/libc-start.c:291
#29 0xcd3e68 in _start (/home/ceemple/asan/build/bin/clang-4.0+0xcd3e68)
0x61f0000080b8 is located 568 bytes inside of 3072-byte region
[0x61f000007e80,0x61f000008a80)
freed by thread T0 here:
#0 0xd9fefb in operator delete(void*)
/home/ceemple/llvm/build/../projects/compiler-rt/lib/asan/asan_new_delete.cc:110:3
#1 0x42cd773 in llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::grow(unsigned int)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:679:5
#2 0x42cd4d3 in llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*
llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucketImpl<llvm::SDNode
const*>(llvm::SDNode const* const&, llvm::SDNode const* const&,
llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:484:13
#3 0x42ccf57 in llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*
llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucket<llvm::SDNode
const* const&>(llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*, llvm::SDNode const* const&)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:450:17
#4 0x42ccdd5 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::FindAndConstruct(llvm::SDNode
const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:267:13
#5 0x42ccca8 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::operator[](llvm::SDNode const*
const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:271:12
#6 0x42c7822 in llvm::SDDbgInfo::add(llvm::SDDbgValue*, llvm::SDNode
const*, bool) /home/ceemple/llvm/include/llvm/CodeGen/SelectionDAG.h:132:7
#7 0x42b68d3 in llvm::SelectionDAG::AddDbgValue(llvm::SDDbgValue*,
llvm::SDNode*, bool)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6632:12
#8 0x42b46a8 in llvm::SelectionDAG::TransferDbgValues(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6652:7
#9 0x42b4187 in llvm::SelectionDAG::ReplaceAllUsesWith(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6289:3
#10 0x42b4f97 in
llvm::SelectionDAG::ReplaceAllUsesOfValueWith(llvm::SDValue, llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6404:5
#11 0x435a841 in llvm::DAGTypeLegalizer::ReplaceValueWith(llvm::SDValue,
llvm::SDValue)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:705:9
#12 0x44215d2 in
llvm::DAGTypeLegalizer::PromoteIntegerOperand(llvm::SDNode*, unsigned int)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeIntegerTypes.cpp:931:3
#13 0x4359427 in llvm::DAGTypeLegalizer::run()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:290:28
#14 0x4362e39 in llvm::SelectionDAG::LegalizeTypes()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/LegalizeTypes.cpp:1176:34
#15 0x42eac53 in llvm::SelectionDAGISel::CodeGenAndEmitDAG()
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:769:23
#16 0x42ea390 in
llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction
const>, llvm::ilist_iterator<llvm::Instruction const>, bool&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:679:3
#17 0x42e9b9b in
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#18 0x42e67dc in
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#19 0x1d8f18d in (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#20 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#21 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#22 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#23 0x2ae0d63 in (anonymous
namespace)::MPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#24 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#25 0x36413b1 in (anonymous
namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#26 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions
const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#27 0x4461c23 in
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#28 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool)
/home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#29 0x445f2d5 in clang::CodeGenAction::ExecuteAction()
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28
previously allocated by thread T0 here:
#0 0xd9f8fb in operator new(unsigned long)
/home/ceemple/llvm/build/../projects/compiler-rt/lib/asan/asan_new_delete.cc:78:35
#1 0x42cab42 in llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::allocateBuckets(unsigned int)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:729:37
#2 0x42cd72c in llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::grow(unsigned int)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:669:5
#3 0x42cd4d3 in llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*
llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucketImpl<llvm::SDNode
const*>(llvm::SDNode const* const&, llvm::SDNode const* const&,
llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:484:13
#4 0x42ccf57 in llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*
llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::InsertIntoBucket<llvm::SDNode
const* const&>(llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> >*, llvm::SDNode const* const&)
/home/ceemple/llvm/include/llvm/ADT/DenseMap.h:450:17
#5 0x42ccdd5 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::FindAndConstruct(llvm::SDNode
const* const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:267:13
#6 0x42ccca8 in llvm::DenseMapBase<llvm::DenseMap<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >, llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u>, llvm::DenseMapInfo<llvm::SDNode
const*>, llvm::detail::DenseMapPair<llvm::SDNode const*,
llvm::SmallVector<llvm::SDDbgValue*, 2u> > >::operator[](llvm::SDNode const*
const&) /home/ceemple/llvm/include/llvm/ADT/DenseMap.h:271:12
#7 0x42c7822 in llvm::SDDbgInfo::add(llvm::SDDbgValue*, llvm::SDNode
const*, bool) /home/ceemple/llvm/include/llvm/CodeGen/SelectionDAG.h:132:7
#8 0x42b68d3 in llvm::SelectionDAG::AddDbgValue(llvm::SDDbgValue*,
llvm::SDNode*, bool)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6632:12
#9 0x421ef91 in
llvm::SelectionDAGBuilder::visitIntrinsicCall(llvm::CallInst const&, unsigned
int)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:4936:11
#10 0x41f2c10 in llvm::SelectionDAGBuilder::visitCall(llvm::CallInst
const&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:6216:20
#11 0x41e1b8d in llvm::SelectionDAGBuilder::visit(llvm::Instruction const&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp:981:3
#12 0x42ea2c2 in
llvm::SelectionDAGISel::SelectBasicBlock(llvm::ilist_iterator<llvm::Instruction
const>, llvm::ilist_iterator<llvm::Instruction const>, bool&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:671:10
#13 0x42e9b9b in
llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:1482:7
#14 0x42e67dc in
llvm::SelectionDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp:500:3
#15 0x1d8f18d in (anonymous
namespace)::X86DAGToDAGISel::runOnMachineFunction(llvm::MachineFunction&)
/home/ceemple/llvm/lib/Target/X86/X86ISelDAGToDAG.cpp:175:25
#16 0x257ee25 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/CodeGen/MachineFunctionPass.cpp:60:13
#17 0x2ae0241 in llvm::FPPassManager::runOnFunction(llvm::Function&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1526:27
#18 0x2ae0572 in llvm::FPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1547:16
#19 0x2ae0d63 in (anonymous
namespace)::MPPassManager::runOnModule(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1603:27
#20 0x2ae0855 in llvm::legacy::PassManagerImpl::run(llvm::Module&)
/home/ceemple/llvm/lib/IR/LegacyPassManager.cpp:1706:44
#21 0x36413b1 in (anonymous
namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:741:19
#22 0x3640788 in clang::EmitBackendOutput(clang::DiagnosticsEngine&,
clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions
const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction,
std::unique_ptr<llvm::raw_pwrite_stream,
std::default_delete<llvm::raw_pwrite_stream> >)
/home/ceemple/llvm/tools/clang/lib/CodeGen/BackendUtil.cpp:753:13
#23 0x4461c23 in
clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&)
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:193:7
#24 0x4d82a1d in clang::ParseAST(clang::Sema&, bool, bool)
/home/ceemple/llvm/tools/clang/lib/Parse/ParseAST.cpp:167:13
#25 0x445f2d5 in clang::CodeGenAction::ExecuteAction()
/home/ceemple/llvm/tools/clang/lib/CodeGen/CodeGenAction.cpp:867:28
#26 0x3dda801 in clang::FrontendAction::Execute()
/home/ceemple/llvm/tools/clang/lib/Frontend/FrontendAction.cpp:458:8
#27 0x3d5d606 in
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&)
/home/ceemple/llvm/tools/clang/lib/Frontend/CompilerInstance.cpp:868:11
#28 0x3f14549 in clang::ExecuteCompilerInvocation(clang::CompilerInstance*)
/home/ceemple/llvm/tools/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:241:25
#29 0xdb2213 in cc1_main(llvm::ArrayRef<char const*>, char const*, void*)
/home/ceemple/llvm/tools/clang/tools/driver/cc1_main.cpp:116:13
SUMMARY: AddressSanitizer: heap-use-after-free
/home/ceemple/llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp:6644:23 in
llvm::SelectionDAG::TransferDbgValues(llvm::SDValue, llvm::SDValue)
Shadow bytes around the buggy address:
0x0c3e7fff8fc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3e7fff8fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff8fe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff8ff0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9000: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c3e7fff9010: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
0x0c3e7fff9020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3e7fff9060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==19198==ABORTING
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160728/d6127884/attachment-0001.html>
More information about the llvm-bugs
mailing list