[PATCH] D26008: CodeGen: Handle missed case of block removal during BlockPlacement.
Kyle Butt via llvm-commits
llvm-commits at lists.llvm.org
Thu Oct 27 13:40:34 PDT 2016
iteratee added a comment.
I added comments to the 3 lines that show the possible use after free.
================
Comment at: lib/CodeGen/MachineBlockPlacement.cpp:1477
// branches by placing an exit edge at the bottom.
- MachineBasicBlock *ExitingBB = nullptr;
if (!RotateLoopWithProfile && LoopTop == L.getHeader())
----------------
ExitingBB is selected here. This is a reference to a block, and it only exists on the call stack.
================
Comment at: lib/CodeGen/MachineBlockPlacement.cpp:1493
buildChain(LoopTop, LoopChain, &LoopBlockSet);
----------------
buildChain is called here. buildChain may tail-duplicate and remove the block referred to by ExitingBB.
================
Comment at: lib/CodeGen/MachineBlockPlacement.cpp:1498
else
- rotateLoop(LoopChain, ExitingBB, LoopBlockSet);
----------------
ExitingBB is used here, after it may have been freed.
Repository:
rL LLVM
https://reviews.llvm.org/D26008
More information about the llvm-commits
mailing list