[llvm] r262679 - Fix a use-after-free bug introduced in r262636
Easwaran Raman via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 3 16:44:01 PST 2016
Author: eraman
Date: Thu Mar 3 18:44:01 2016
New Revision: 262679
URL: http://llvm.org/viewvc/llvm-project?rev=262679&view=rev
Log:
Fix a use-after-free bug introduced in r262636
Modified:
llvm/trunk/include/llvm/Transforms/Utils/Cloning.h
llvm/trunk/lib/Transforms/IPO/Inliner.cpp
llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
Modified: llvm/trunk/include/llvm/Transforms/Utils/Cloning.h
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Transforms/Utils/Cloning.h?rev=262679&r1=262678&r2=262679&view=diff
==============================================================================
--- llvm/trunk/include/llvm/Transforms/Utils/Cloning.h (original)
+++ llvm/trunk/include/llvm/Transforms/Utils/Cloning.h Thu Mar 3 18:44:01 2016
@@ -189,7 +189,7 @@ public:
explicit InlineFunctionInfo(CallGraph *cg = nullptr,
AssumptionCacheTracker *ACT = nullptr,
BlockCloningFunctor Ftor = nullptr)
- : CG(cg), ACT(ACT), Ftor(Ftor) {}
+ : CG(cg), ACT(ACT), Ftor(Ftor), CallSuccessorBlockDeleted(false) {}
/// CG - If non-null, InlineFunction will update the callgraph to reflect the
/// changes it makes.
@@ -198,6 +198,10 @@ public:
// Functor that is invoked when a block is cloned into the new function.
BlockCloningFunctor Ftor;
+ /// CallSuccessorBlockDeleted - whether the block immediately following the
+ /// call has been deleted during inlining
+ bool CallSuccessorBlockDeleted;
+
/// StaticAllocas - InlineFunction fills this in with all static allocas that
/// get copied into the caller.
SmallVector<AllocaInst *, 4> StaticAllocas;
Modified: llvm/trunk/lib/Transforms/IPO/Inliner.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/IPO/Inliner.cpp?rev=262679&r1=262678&r2=262679&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/IPO/Inliner.cpp (original)
+++ llvm/trunk/lib/Transforms/IPO/Inliner.cpp Thu Mar 3 18:44:01 2016
@@ -580,11 +580,13 @@ bool Inliner::runOnSCC(CallGraphSCC &SCC
continue;
}
updateEntryCount(CallSiteBlock, Callee);
- // The instruction following the call is part of a new basic block
- // created during the inlining process. This does not have an entry in
- // the BFI. We create an entry by copying the frequency of the original
- // block containing the call.
- copyBlockFrequency(CallSiteBlock, CallSuccessor->getParent());
+ if (!InlineInfo.CallSuccessorBlockDeleted) {
+ // The instruction following the call is part of a new basic block
+ // created during the inlining process. This does not have an entry in
+ // the BFI. We create an entry by copying the frequency of the
+ // original block containing the call.
+ copyBlockFrequency(CallSiteBlock, CallSuccessor->getParent());
+ }
++NumInlined;
Modified: llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp?rev=262679&r1=262678&r2=262679&view=diff
==============================================================================
--- llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp (original)
+++ llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp Thu Mar 3 18:44:01 2016
@@ -1994,8 +1994,11 @@ bool llvm::InlineFunction(CallSite CS, I
// If we inlined any musttail calls and the original return is now
// unreachable, delete it. It can only contain a bitcast and ret.
- if (InlinedMustTailCalls && pred_begin(AfterCallBB) == pred_end(AfterCallBB))
+ if (InlinedMustTailCalls &&
+ pred_begin(AfterCallBB) == pred_end(AfterCallBB)) {
+ IFI.CallSuccessorBlockDeleted = true;
AfterCallBB->eraseFromParent();
+ }
// We should always be able to fold the entry block of the function into the
// single predecessor of the block...
More information about the llvm-commits
mailing list