[llvm] [Target] Use range-based for loops (NFC) (PR #146198)

Qinkun Bao via llvm-commits llvm-commits at lists.llvm.org
Sat Jun 28 11:25:38 PDT 2025 

qinkunbao wrote:

Looks like to be UAF introduced a time long ago.
```
==> /usr/local/google/home/qinkun/scratch_dir/sanitizer_logs/report.llc.2462976 <==
=================================================================
==llc==2462976==ERROR: AddressSanitizer: heap-use-after-free on address 0x7c19a3819d70 at pc 0x55ebaa9cf4dc bp 0x7fff213df830 sp 0x7fff213df828
READ of size 8 at 0x7c19a3819d70 thread T0
    #0 0x55ebaa9cf4db in (anonymous namespace)::ARMConstantIslands::runOnMachineFunction(llvm::MachineFunction&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:479:23
    #1 0x55ebae201af2 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:108:10
    #2 0x55ebaf15a9e2 in llvm::FPPassManager::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1401:27
    #3 0x55ebaf1713ee in llvm::FPPassManager::runOnModule(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1447:16
    #4 0x55ebaf15c3ec in runOnModule /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1516:27
    #5 0x55ebaf15c3ec in llvm::legacy::PassManagerImpl::run(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:534:44
    #6 0x55eba8c1ba1c in compileModule(char**, llvm::LLVMContext&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:753:8
    #7 0x55eba8c1609f in main /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:400:22
    #8 0x7fe9a4433ca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #9 0x7fe9a4433d64 in __libc_start_main csu/../csu/libc-start.c:360:3
    #10 0x55eba8b241a0 in _start (/usr/local/google/home/qinkun/scratch_dir/llvm_build_asan_ubsan/bin/llc+0xbc731a0)

0x7c19a3819d70 is located 16 bytes inside of 32-byte region [0x7c19a3819d60,0x7c19a3819d80)
freed by thread T0 here:
    #0 0x55eba8c0b3a2 in operator delete(void*, unsigned long) /usr/local/google/home/qinkun/scratch_dir/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155:3
    #1 0x55ebaa9e3199 in __libcpp_operator_delete<(anonymous namespace)::ARMConstantIslands::ImmBranch *, unsigned long> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__new/allocate.h:46:3
    #2 0x55ebaa9e3199 in __libcpp_deallocate<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__new/allocate.h:86:12
    #3 0x55ebaa9e3199 in deallocate /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__memory/allocator.h:120:7
    #4 0x55ebaa9e3199 in deallocate /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__memory/allocator_traits.h:289:9
    #5 0x55ebaa9e3199 in ~__split_buffer /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__split_buffer:342:5
    #6 0x55ebaa9e3199 in __emplace_back_slow_path<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:1134:1
    #7 0x55ebaa9e3199 in emplace_back<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:1150:13
    #8 0x55ebaa9e3199 in std::__1::vector<(anonymous namespace)::ARMConstantIslands::ImmBranch, std::__1::allocator<(anonymous namespace)::ARMConstantIslands::ImmBranch>>::push_back[abi:nn210000]((anonymous namespace)::ARMConstantIslands::ImmBranch&&) /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:457:90
    #9 0x55ebaa9c884a in fixupConditionalBr /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:1809:15
    #10 0x55ebaa9c884a in fixupImmediateBr /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:1694:10
    #11 0x55ebaa9c884a in (anonymous namespace)::ARMConstantIslands::runOnMachineFunction(llvm::MachineFunction&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:480:19
    #12 0x55ebae201af2 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:108:10
    #13 0x55ebaf15a9e2 in llvm::FPPassManager::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1401:27
    #14 0x55ebaf1713ee in llvm::FPPassManager::runOnModule(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1447:16
    #15 0x55ebaf15c3ec in runOnModule /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1516:27
    #16 0x55ebaf15c3ec in llvm::legacy::PassManagerImpl::run(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:534:44
    #17 0x55eba8c1ba1c in compileModule(char**, llvm::LLVMContext&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:753:8
    #18 0x55eba8c1609f in main /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:400:22
    #19 0x7fe9a4433ca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

previously allocated by thread T0 here:
    #0 0x55eba8c0a73d in operator new(unsigned long) /usr/local/google/home/qinkun/scratch_dir/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:86:3
    #1 0x55ebaa9e2f32 in __libcpp_operator_new<unsigned long> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__new/allocate.h:37:10
    #2 0x55ebaa9e2f32 in __libcpp_allocate<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__new/allocate.h:64:28
    #3 0x55ebaa9e2f32 in allocate /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__memory/allocator.h:105:14
    #4 0x55ebaa9e2f32 in __allocate_at_least<std::__1::allocator<(anonymous namespace)::ARMConstantIslands::ImmBranch> > /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__memory/allocate_at_least.h:41:19
    #5 0x55ebaa9e2f32 in __split_buffer /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__split_buffer:330:25
    #6 0x55ebaa9e2f32 in __emplace_back_slow_path<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:1128:47
    #7 0x55ebaa9e2f32 in emplace_back<(anonymous namespace)::ARMConstantIslands::ImmBranch> /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:1150:13
    #8 0x55ebaa9e2f32 in std::__1::vector<(anonymous namespace)::ARMConstantIslands::ImmBranch, std::__1::allocator<(anonymous namespace)::ARMConstantIslands::ImmBranch>>::push_back[abi:nn210000]((anonymous namespace)::ARMConstantIslands::ImmBranch&&) /usr/local/google/home/qinkun/scratch_dir/libcxx_install_asan_ubsan/include/c++/v1/__vector/vector.h:457:90
    #9 0x55ebaa9c4dac in initializeFunctionInfo /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:823:21
    #10 0x55ebaa9c4dac in (anonymous namespace)::ARMConstantIslands::runOnMachineFunction(llvm::MachineFunction&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:446:3
    #11 0x55ebae201af2 in llvm::MachineFunctionPass::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/CodeGen/MachineFunctionPass.cpp:108:10
    #12 0x55ebaf15a9e2 in llvm::FPPassManager::runOnFunction(llvm::Function&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1401:27
    #13 0x55ebaf1713ee in llvm::FPPassManager::runOnModule(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1447:16
    #14 0x55ebaf15c3ec in runOnModule /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1516:27
    #15 0x55ebaf15c3ec in llvm::legacy::PassManagerImpl::run(llvm::Module&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:534:44
    #16 0x55eba8c1ba1c in compileModule(char**, llvm::LLVMContext&) /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:753:8
    #17 0x55eba8c1609f in main /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/tools/llc/llc.cpp:400:22
    #18 0x7fe9a4433ca7 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

SUMMARY: AddressSanitizer: heap-use-after-free /usr/local/google/home/qinkun/scratch_dir/llvm-project/llvm/lib/Target/ARM/ARMConstantIslandPass.cpp:479:23 in (anonymous namespace)::ARMConstantIslands::runOnMachineFunction(llvm::MachineFunction&)
Shadow bytes around the buggy address:
  0x7c19a3819a80: fa fa 00 00 07 fa fa fa 00 00 07 fa fa fa 00 00
  0x7c19a3819b00: 00 fa fa fa 00 00 05 fa fa fa 00 00 06 fa fa fa
  0x7c19a3819b80: 00 00 06 fa fa fa 00 00 06 fa fa fa 00 00 05 fa
  0x7c19a3819c00: fa fa 00 00 05 fa fa fa 00 00 06 fa fa fa 00 00
  0x7c19a3819c80: 06 fa fa fa 00 00 00 03 fa fa fd fd fd fa fa fa
=>0x7c19a3819d00: fd fd fd fa fa fa 00 00 00 00 fa fa fd fd[fd]fd
  0x7c19a3819d80: fa fa 00 00 00 00 fa fa 00 00 00 fa fa fa fa fa
  0x7c19a3819e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7c19a3819e80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7c19a3819f00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x7c19a3819f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
```

https://github.com/llvm/llvm-project/pull/146198

More information about the llvm-commits mailing list