[llvm] r292675 - GlobalISel: prevent heap use-after-free when looking up VReg.

Quentin Colombet via llvm-commits llvm-commits at lists.llvm.org
Fri Jan 20 17:40:22 PST 2017 

Hi Tim,

Good catch.

I would suggest a different fix to avoid having a second lookup in the map.
I would restruct the code such that if we hit the “create” patch, we directly return the created vreg.

I.e., something along those line:

ValReg = lookup
If (ValReg) return ValReg

// else Create path.

VReg = createVReg
ValReg = VReg

// ValReg can be invalidated from this point, but we don’t care since we are not going to use it anymore.
// blabla if constant

return VReg;

What do you think?

Cheers,
-Quentin
> On Jan 20, 2017, at 3:25 PM, Tim Northover via llvm-commits <llvm-commits at lists.llvm.org> wrote:
> 
> Author: tnorthover
> Date: Fri Jan 20 17:25:17 2017
> New Revision: 292675
> 
> URL: http://llvm.org/viewvc/llvm-project?rev=292675&view=rev
> Log:
> GlobalISel: prevent heap use-after-free when looking up VReg.
> 
> Translating the constant can create more VRegs, which can invalidate the
> reference into the DenseMap. So we have to look up the value again after all
> that's happened.
> 
> Modified:
>    llvm/trunk/lib/CodeGen/GlobalISel/IRTranslator.cpp
> 
> Modified: llvm/trunk/lib/CodeGen/GlobalISel/IRTranslator.cpp
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/CodeGen/GlobalISel/IRTranslator.cpp?rev=292675&r1=292674&r2=292675&view=diff
> ==============================================================================
> --- llvm/trunk/lib/CodeGen/GlobalISel/IRTranslator.cpp (original)
> +++ llvm/trunk/lib/CodeGen/GlobalISel/IRTranslator.cpp Fri Jan 20 17:25:17 2017
> @@ -81,7 +81,9 @@ unsigned IRTranslator::getOrCreateVReg(c
>       }
>     }
>   }
> -  return ValReg;
> +
> +  // Look Val up again in case the reference has been invalidated since.
> +  return ValToVReg[&Val];
> }
> 
> int IRTranslator::getOrCreateFrameIndex(const AllocaInst &AI) {
> 
> 
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170120/898b8e14/attachment.html>

More information about the llvm-commits mailing list