[llvm] 7dd2810 - Fix MSAN failure on Function destruction

Evgenii Stepanov via llvm-commits llvm-commits at lists.llvm.org
Thu Feb 6 15:10:12 PST 2020 

Author: Evgenii Stepanov
Date: 2020-02-06T15:09:58-08:00
New Revision: 7dd2810907b87fbecb2ca7c111c2ad37bf1563e9

URL: https://github.com/llvm/llvm-project/commit/7dd2810907b87fbecb2ca7c111c2ad37bf1563e9
DIFF: https://github.com/llvm/llvm-project/commit/7dd2810907b87fbecb2ca7c111c2ad37bf1563e9.diff

LOG: Fix MSAN failure on Function destruction

Summary:
When Function is destroyed, GlobalValue base class is destroyed, then
Value destructor would call use_empty, which ultimately attempts to
downcast 'this' to GlobalValue. This is UB, and is caught my MSAN as
accessing uninitialized memory.

Call materialized_use_empty, which doesn't call
assertModuleIsMaterializedImpl().

Reviewers: eugenis

Reviewed By: eugenis

Subscribers: hiraditya, llvm-commits

Tags: #llvm

Differential Revision: https://reviews.llvm.org/D74161

Patch by Antonio Maiorano.

Added: 
    

Modified: 
    llvm/lib/IR/Value.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/lib/IR/Value.cpp b/llvm/lib/IR/Value.cpp
index 8e2d49fbb9c8..beb3989ebb56 100644
--- a/llvm/lib/IR/Value.cpp
+++ b/llvm/lib/IR/Value.cpp
@@ -83,13 +83,17 @@ Value::~Value() {
   // reference and something is wrong.  This code is here to print out where
   // the value is still being referenced.
   //
-  if (!use_empty()) {
+  // Note that use_empty() cannot be called here, as it eventually downcasts
+  // 'this' to GlobalValue (derived class of Value), but GlobalValue has already
+  // been destructed, so accessing it is UB.
+  //
+  if (!materialized_use_empty()) {
     dbgs() << "While deleting: " << *VTy << " %" << getName() << "\n";
     for (auto *U : users())
       dbgs() << "Use still stuck around after Def is destroyed:" << *U << "\n";
   }
 #endif
-  assert(use_empty() && "Uses remain when a value is destroyed!");
+  assert(materialized_use_empty() && "Uses remain when a value is destroyed!");
 
   // If this value is named, destroy the name.  This should not be in a symtab
   // at this point.

More information about the llvm-commits mailing list