[PATCH] D7864: This patch introduces MemorySSA, a virtual SSA form for memory.Details on what it looks like are in MemorySSA.h

Justin Lebar via llvm-commits llvm-commits at lists.llvm.org
Tue Mar 1 17:55:06 PST 2016 

jlebar added a subscriber: jlebar.
jlebar added a comment.

I'm seeing an asan failure in one of the tests added here.  I'm building from tip, clean tree, linux x86-64.

  -- Testing: 1 of 15992 tests, 1 threads --
  FAIL: LLVM-Unit :: Transforms/Utils/UtilsTests/MemorySSA.RemoveMemoryAccess (1 of 1)
  ******************** TEST 'LLVM-Unit :: Transforms/Utils/UtilsTests/MemorySSA.RemoveMemoryAccess' FAILED ********************
  Note: Google Test filter = MemorySSA.RemoveMemoryAccess
  [==========] Running 1 test from 1 test case.
  [----------] Global test environment set-up.
  [----------] 1 test from MemorySSA
  [ RUN      ] MemorySSA.RemoveMemoryAccess
  =================================================================
  ==5162==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800000bb68 at pc 0x000000c96299 bp 0x7ffea8a84a90 sp 0x7ffea8a84a88
  READ of size 8 at 0x60800000bb68 thread T0
    #0 0xc96298 in llvm::MemoryAccess::getBlock() const /usr/local/google/home/jlebar/llvm/src/include/llvm/Transforms/Utils/MemorySSA.h:116:34
    #1 0xc96298 in llvm::MemorySSA::removeFromLookups(llvm::MemoryAccess*) /usr/local/google/home/jlebar/llvm/src/lib/Transforms/Utils/MemorySSA.cpp:469
    #2 0x58ffee in MemorySSA_RemoveMemoryAccess_Test::TestBody() /usr/local/google/home/jlebar/llvm/src/unittests/Transforms/Utils/MemorySSA.cpp:65:3
    #3 0xd66ec3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #4 0xd66ec3 in testing::Test::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2161
    #5 0xd6b854 in testing::TestInfo::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2309:5
    #6 0xd6cb16 in testing::TestCase::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2416:5
    #7 0xd85c7a in testing::internal::UnitTestImpl::RunAllTests() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:4207:11
    #8 0xd84eaf in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #9 0xd84eaf in testing::UnitTest::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:3841
    #10 0xd3cc67 in main /usr/local/google/home/jlebar/llvm/src/utils/unittest/UnitTestMain/TestMain.cpp:47:10
    #11 0x7fc886a0dec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287
    #12 0x54bd09 in _start (/usr/local/google/home/jlebar/code/llvm/asan/unittests/Transforms/Utils/UtilsTests+0x54bd09)
  
  0x60800000bb68 is located 72 bytes inside of 96-byte region [0x60800000bb20,0x60800000bb80)
  freed by thread T0 here:
    #0 0x4c734b in operator delete(void*) (/usr/local/google/home/jlebar/code/llvm/asan/unittests/Transforms/Utils/UtilsTests+0x4c734b)
    #1 0xc9602e in llvm::ilist_node_traits<llvm::MemoryAccess>::deleteNode(llvm::MemoryAccess*) /usr/local/google/home/jlebar/llvm/src/include/llvm/ADT/ilist.h:160:39
    #2 0xc9602e in llvm::iplist<llvm::MemoryAccess, llvm::ilist_traits<llvm::MemoryAccess> >::erase(llvm::ilist_iterator<llvm::MemoryAccess>) /usr/local/google/home/jlebar/llvm/src/include/llvm/ADT/ilist.h:466
    #3 0xc9602e in llvm::iplist<llvm::MemoryAccess, llvm::ilist_traits<llvm::MemoryAccess> >::erase(llvm::MemoryAccess*) /usr/local/google/home/jlebar/llvm/src/include/llvm/ADT/ilist.h:470
    #4 0xc9602e in llvm::MemorySSA::removeFromLookups(llvm::MemoryAccess*) /usr/local/google/home/jlebar/llvm/src/lib/Transforms/Utils/MemorySSA.cpp:467
    #5 0x58ffee in MemorySSA_RemoveMemoryAccess_Test::TestBody() /usr/local/google/home/jlebar/llvm/src/unittests/Transforms/Utils/MemorySSA.cpp:65:3
    #6 0xd66ec3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #7 0xd66ec3 in testing::Test::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2161
    #8 0xd6b854 in testing::TestInfo::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2309:5
    #9 0xd6cb16 in testing::TestCase::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2416:5
    #10 0xd85c7a in testing::internal::UnitTestImpl::RunAllTests() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:4207:11
    #11 0xd84eaf in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #12 0xd84eaf in testing::UnitTest::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:3841
    #13 0xd3cc67 in main /usr/local/google/home/jlebar/llvm/src/utils/unittest/UnitTestMain/TestMain.cpp:47:10
    #14 0x7fc886a0dec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287
  
  previously allocated by thread T0 here:
    #0 0x4c6e0b in operator new(unsigned long) (/usr/local/google/home/jlebar/code/llvm/asan/unittests/Transforms/Utils/UtilsTests+0x4c6e0b)
    #1 0xa7ec05 in llvm::User::allocateFixedOperandUser(unsigned long, unsigned int, unsigned int) /usr/local/google/home/jlebar/llvm/src/lib/IR/User.cpp:129:7
    #2 0xa7ec05 in llvm::User::operator new(unsigned long, unsigned int) /usr/local/google/home/jlebar/llvm/src/lib/IR/User.cpp:147
    #3 0xc92784 in llvm::MemoryDef::operator new(unsigned long) /usr/local/google/home/jlebar/llvm/src/include/llvm/Transforms/Utils/MemorySSA.h:271:41
    #4 0xc92784 in llvm::MemorySSA::createNewAccess(llvm::Instruction*, bool) /usr/local/google/home/jlebar/llvm/src/lib/Transforms/Utils/MemorySSA.cpp:378
    #5 0xc9098f in llvm::MemorySSA::buildMemorySSA(llvm::AAResults*, llvm::DominatorTree*) /usr/local/google/home/jlebar/llvm/src/lib/Transforms/Utils/MemorySSA.cpp:260:26
    #6 0x58f91b in MemorySSA_RemoveMemoryAccess_Test::TestBody() /usr/local/google/home/jlebar/llvm/src/unittests/Transforms/Utils/MemorySSA.cpp:55:29
    #7 0xd66ec3 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #8 0xd66ec3 in testing::Test::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2161
    #9 0xd6b854 in testing::TestInfo::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2309:5
    #10 0xd6cb16 in testing::TestCase::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2416:5
    #11 0xd85c7a in testing::internal::UnitTestImpl::RunAllTests() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:4207:11
    #12 0xd84eaf in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:2145:12
    #13 0xd84eaf in testing::UnitTest::Run() /usr/local/google/home/jlebar/llvm/src/utils/unittest/googletest/src/gtest.cc:3841
    #14 0xd3cc67 in main /usr/local/google/home/jlebar/llvm/src/utils/unittest/UnitTestMain/TestMain.cpp:47:10
    #15 0x7fc886a0dec4 in __libc_start_main /build/eglibc-3GlaMS/eglibc-2.19/csu/libc-start.c:287
  
  SUMMARY: AddressSanitizer: heap-use-after-free /usr/local/google/home/jlebar/llvm/src/include/llvm/Transforms/Utils/MemorySSA.h:116 llvm::MemoryAccess::getBlock() const
  Shadow bytes around the buggy address:
  0x0c107fff9710: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff9720: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff9730: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff9740: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c107fff9750: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  =>0x0c107fff9760: fa fa fa fa fd fd fd fd fd fd fd fd fd[fd]fd fd
  0x0c107fff9770: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c107fff9780: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c107fff9790: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c107fff97a0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 fa
  0x0c107fff97b0: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 03 fa
  Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
  ==5162==ABORTING
  
  ********************
  Testing Time: 0.56s
  ********************
  Failing Tests (1):
    LLVM-Unit :: Transforms/Utils/UtilsTests/MemorySSA.RemoveMemoryAccess
  
  Unexpected Failures: 1


Repository:
  rL LLVM

http://reviews.llvm.org/D7864

More information about the llvm-commits mailing list