[llvm] r262679 - Fix a use-after-free bug introduced in r262636

David Blaikie via llvm-commits llvm-commits at lists.llvm.org
Fri Mar 4 13:40:44 PST 2016 

consider using an non-static data member initializer rather than the ctor
init list?

On Thu, Mar 3, 2016 at 4:44 PM, Easwaran Raman via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: eraman
> Date: Thu Mar  3 18:44:01 2016
> New Revision: 262679
>
> URL: http://llvm.org/viewvc/llvm-project?rev=262679&view=rev
> Log:
> Fix a use-after-free bug introduced in r262636
>
>
> Modified:
>     llvm/trunk/include/llvm/Transforms/Utils/Cloning.h
>     llvm/trunk/lib/Transforms/IPO/Inliner.cpp
>     llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
>
> Modified: llvm/trunk/include/llvm/Transforms/Utils/Cloning.h
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/include/llvm/Transforms/Utils/Cloning.h?rev=262679&r1=262678&r2=262679&view=diff
>
> ==============================================================================
> --- llvm/trunk/include/llvm/Transforms/Utils/Cloning.h (original)
> +++ llvm/trunk/include/llvm/Transforms/Utils/Cloning.h Thu Mar  3 18:44:01
> 2016
> @@ -189,7 +189,7 @@ public:
>    explicit InlineFunctionInfo(CallGraph *cg = nullptr,
>                                AssumptionCacheTracker *ACT = nullptr,
>                                BlockCloningFunctor Ftor = nullptr)
> -      : CG(cg), ACT(ACT), Ftor(Ftor) {}
> +      : CG(cg), ACT(ACT), Ftor(Ftor), CallSuccessorBlockDeleted(false) {}
>
>    /// CG - If non-null, InlineFunction will update the callgraph to
> reflect the
>    /// changes it makes.
> @@ -198,6 +198,10 @@ public:
>    // Functor that is invoked when a block is cloned into the new function.
>    BlockCloningFunctor Ftor;
>
> +  /// CallSuccessorBlockDeleted - whether the block immediately following
> the
> +  /// call has been deleted during inlining
> +  bool CallSuccessorBlockDeleted;
> +
>    /// StaticAllocas - InlineFunction fills this in with all static
> allocas that
>    /// get copied into the caller.
>    SmallVector<AllocaInst *, 4> StaticAllocas;
>
> Modified: llvm/trunk/lib/Transforms/IPO/Inliner.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/IPO/Inliner.cpp?rev=262679&r1=262678&r2=262679&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Transforms/IPO/Inliner.cpp (original)
> +++ llvm/trunk/lib/Transforms/IPO/Inliner.cpp Thu Mar  3 18:44:01 2016
> @@ -580,11 +580,13 @@ bool Inliner::runOnSCC(CallGraphSCC &SCC
>            continue;
>          }
>          updateEntryCount(CallSiteBlock, Callee);
> -        // The instruction following the call is part of a new basic block
> -        // created during the inlining process. This does not have an
> entry in
> -        // the BFI. We create an entry by copying the frequency of the
> original
> -        // block containing the call.
> -        copyBlockFrequency(CallSiteBlock, CallSuccessor->getParent());
> +        if (!InlineInfo.CallSuccessorBlockDeleted) {
> +          // The instruction following the call is part of a new basic
> block
> +          // created during the inlining process. This does not have an
> entry in
> +          // the BFI. We create an entry by copying the frequency of the
> +          // original block containing the call.
> +          copyBlockFrequency(CallSiteBlock, CallSuccessor->getParent());
> +        }
>
>          ++NumInlined;
>
>
> Modified: llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp?rev=262679&r1=262678&r2=262679&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp (original)
> +++ llvm/trunk/lib/Transforms/Utils/InlineFunction.cpp Thu Mar  3 18:44:01
> 2016
> @@ -1994,8 +1994,11 @@ bool llvm::InlineFunction(CallSite CS, I
>
>    // If we inlined any musttail calls and the original return is now
>    // unreachable, delete it.  It can only contain a bitcast and ret.
> -  if (InlinedMustTailCalls && pred_begin(AfterCallBB) ==
> pred_end(AfterCallBB))
> +  if (InlinedMustTailCalls &&
> +      pred_begin(AfterCallBB) == pred_end(AfterCallBB)) {
> +    IFI.CallSuccessorBlockDeleted = true;
>      AfterCallBB->eraseFromParent();
> +  }
>
>    // We should always be able to fold the entry block of the function
> into the
>    // single predecessor of the block...
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160304/690c1a44/attachment.html>

More information about the llvm-commits mailing list