[PATCH] D157267: [NewGVN] Fix an use after free when updating use count
Vladimir Radosavljevic via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 8 03:15:22 PDT 2023
vladimirradosavljevic added a comment.
In D157267#4568479 <https://reviews.llvm.org/D157267#4568479>, @kmitropoulou wrote:
> Tests?
Adding a small reproducer for this would be tricky, as we would need to hit the case where UseCounts map grows on the following line:
unsigned &IIUseCount = UseCounts[II];
This problem was caught by the sanitizers and here is the small trace:
READ of size 4 at 0x61d0000db3d8 thread T0
#0 0x7fcf39604358 in eliminateInstructions llvm/lib/Transforms/Scalar/NewGVN.cpp:4123
freed by thread T0 here:
#8 0x7fcf396040f0 in eliminateInstructions llvm/lib/Transforms/Scalar/NewGVN.cpp:4119
previously allocated by thread T0 here:
#9 0x7fcf395e967c in convertClassToDFSOrdered llvm/lib/Transforms/Scalar/NewGVN.cpp:3688
Here is what happens:
auto &LeaderUseCount = UseCounts[DominatingLeader]; <--- Taking reference
....
unsigned &IIUseCount = UseCounts[II]; <-- DenseMap grows under the hood
....
++LeaderUseCount; <--- Accessing freed memory
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D157267/new/
https://reviews.llvm.org/D157267
More information about the llvm-commits
mailing list