[llvm-bugs] [Bug 49582] New: Iterator invalidation in SCCP.cpp : markUsersAsChanged()

via llvm-bugs llvm-bugs at lists.llvm.org
Sat Mar 13 12:56:35 PST 2021 

https://bugs.llvm.org/show_bug.cgi?id=49582

            Bug ID: 49582
           Summary: Iterator invalidation in SCCP.cpp :
                    markUsersAsChanged()
           Product: libraries
           Version: 11.0
          Hardware: PC
                OS: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
          Assignee: unassignedbugs at nondot.org
          Reporter: todd at opennet.ca
                CC: llvm-bugs at lists.llvm.org

Created attachment 24642
  --> https://bugs.llvm.org/attachment.cgi?id=24642&action=edit
Preprocessed reproducer source.

The AdditionalUsers Instruction update loop in markUsersAsChanged() can modify
the Users SmallPtrSet while iterating over it, which invalidates the iterator.

https://github.com/llvm/llvm-project/blob/release/11.x/llvm/lib/Transforms/Scalar/SCCP.cpp#L546

This causes a reproducible crash under OpenBSD while compiling the attached
.cpp and build script. The backtrace is:

$ sh lastransform-b8f841.sh                                                     
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /scratch/llvm/build/bin/clang -cc1 -triple
amd64-unknown-openbsd6.9 -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name lastransform.cpp -mrelocation-model pic
-pic-level 2 -mframe-pointer=all -relaxed-aliasing -fno-rounding-math
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature
+retpoline-indirect-calls -target-feature +retpoline-indirect-branches
-fno-split-dwarf-inlining -debugger-tuning=gdb -sys-header-deps -D
HAVE_UNORDERED_MAP -D NDEBUG -D UNORDERED -D _CRT_SECURE_NO_WARNINGS -D NDEBUG
-O2 -fdeprecated-macro -ferror-limit 19 -fwrapv -fgnuc-version=4.2.1
-fcxx-exceptions -fexceptions -vectorize-loops -vectorize-slp
-fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc
-fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup
-faddrsig -x c++ lastransform-b8f841.cpp 
1.      <eof> parser at end of file
2.      Per-module optimization passes
3.      Running pass 'Interprocedural Sparse Conditional Constant Propagation'
on module 'lastransform-b8f841.cpp'.
Segmentation fault (core dumped) 

The attached .diff resolves the crash by caching the Instructions to visit
first.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20210313/6aadcfbc/attachment.html>

More information about the llvm-bugs mailing list