[llvm-bugs] [Bug 45749] New: [SCCP] Possible reference invalidation
via llvm-bugs
llvm-bugs at lists.llvm.org
Wed Apr 29 17:27:13 PDT 2020
https://bugs.llvm.org/show_bug.cgi?id=45749
Bug ID: 45749
Summary: [SCCP] Possible reference invalidation
Product: libraries
Version: trunk
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P
Component: Scalar Optimizations
Assignee: unassignedbugs at nondot.org
Reporter: Wolfgang_Pieb at playstation.sony.com
CC: llvm-bugs at lists.llvm.org
In SCCP.cpp, in SCCPSolver::handleCallResult() there are 4 calls to
mergeInValue() of the form
mergeInValue(ValueState[&CB], &CB, getValueState(CopyOf));
ValueState is a DenseMap. The subscript operator returns a reference to an
entry in ValueState, which is held across the call to getValueState() and
passed on to mergeInValue(). However, getValueState() itself makes insertions
into ValueState, thereby possibly invalidating the reference.
Unfortunately I have no test case to demonstrate this, but at Sony we have
encountered a crash with a previous version of this code (based on llvm 10.0)
in an LTO scenario. The cause was exactly such a reference invalidated by a
call to getValueState(). I am unable to share the code that caused the crash
since it was made available by one of our licensees.
I noticed that a similar problem was fixed by a previous commit
(https://github.sie.sony.com/SIE-Private/cpu-toolchain-orbis/commit/487780678fcaf2662aa820bd50364addb935dfe8).
I am unable to construct a small test case that demonstrates the issue, as my
understanding of SCCP is not particularly deep, but I think this code could
cause more crashes in the future, especially in large programs.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20200430/dd4c280b/attachment.html>
More information about the llvm-bugs
mailing list