[llvm-bugs] [Bug 49078] New: ARC optimization reorders the pair of retain and release

via llvm-bugs llvm-bugs at lists.llvm.org
Sun Feb 7 12:15:59 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=49078

            Bug ID: 49078
           Summary: ARC optimization reorders the pair of retain and
                    release
           Product: new-bugs
           Version: unspecified
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: kyulee.llvm at gmail.com
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org

Created attachment 24492
  --> https://bugs.llvm.org/attachment.cgi?id=24492&action=edit
This is the zip file including a build script and input files

Sorry about the large repro.zip. I was not sure how to cut it down due to some
interactions with inlining.
To repro, unzip it and run `repro.sh` on OSX. This repros with `Apple clang
version 12.0.0 (Clang 10)`, but it appears the same behavior is observed in the
current upstream Clang.

This is the problematic assembly from the repro and my comments with the arrow.
```
___ZN16StructuredLogger44ios_feed_privacy_invalidation_polling_funnelIZ67-[FBNewsFeedPrivacyInvalidationPollingCoordinator
initWithSession:]E3$_1EEvRNSt3__110shared_ptrI18FBStructuredLoggerEEOT_26FBStructuredLogEventConfig_block_invoke:
…

Lloh331:
        ldr     x1, [x8, _OBJC_SELECTOR_REFERENCES_.206 at PAGEOFF]
        add     x2, sp, #24             ; =24
        add     x3, sp, #8              ; =8
        mov     w4, #2
        bl      _objc_msgSend
        ; InlineAsm Start
        mov     x29, x29        ; marker for objc_retainAutoreleaseReturnValue
        ; InlineAsm End
        bl      _objc_retainAutoreleasedReturnValue
        mov     x21, x0
        bl      _objc_release ; <-- Release a temporary dictionary object
passed in `setExtras`)
        mov     x0, x21
        bl      _objc_retain. ; <-- Crash on retaining on the object that has
been released above!!

...
```

Looking at ObjC ARC optimization in a Clang pass, it appears the pair of
retain/release are moved (or switched).
Here is the relevant source where a temporary dictionary is passed to
`setExtras`.

```
      logger, [&] {
        return
StructuredLogger::IosFeedPrivacyInvalidationPollingFunnelEventBuilder()
       
.setEvent(StructuredLogger::IosfeedprivacyinvalidationpollingfunneleventEnum::SL_ENUM_INVALIDATION_POLLING_COORDINATOR_INIT)
        .setExtras(
          @{
            @"edge_check_time_seconds" : @(_edgeCheckTimeSeconds),
            @"edge_polling_interval_seconds" : @(_edgePollingIntervalSeconds)
          }
        )
        .build();
      }
```

The above assembly is actually was inlined from
```
_ZZ67-[FBNewsFeedPrivacyInvalidationPollingCoordinator
initWithSession:]ENK3$_1clEv_ZZ67-[FBNewsFeedPrivacyInvalidationPollingCoordinator
initWithSession:]ENK3$_1clEv
```
which was inlined from
```
_ZN16StructuredLogger52_IosFeedPrivacyInvalidationPollingFunnelEventBuilderILy1EE9setExtrasIvvEERDaP12NSDictionaryIP8NSStringS6_E_ZN16StructuredLogger52_IosFeedPrivacyInvalidationPollingFunnelEventBuilderILy1EE9setExtrasIvvEERDaP12NSDictionaryIP8NSStringS6_E
```

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210207/5225852d/attachment.html>

More information about the llvm-bugs mailing list