[llvm-dev] Should analyses be able to hold AssertingVH to IR? (related to PR28400)

Mon Jan 23 17:32:55 PST 2017

On the code review thread, Sanjoy mentioned:

(I hope the formatting isn't too broken)
>>! In D29006#653587, @sanjoy wrote:
> Hi Chandler,
>
> I'm not sure this is a good idea.
>
> If this is the *only* path forward then I'll be okay going ahead with
> it, but I think `AssertingVH` (not unlike most other similar things)
> is useful and provides a superset of functionality provided by
> sanitizers.

Note that the biggest advantage IMO is the ability to error immediately on
the deletion as that points to the cause of the bug. Anything we build here
will instead point to the point of use which is a bit unfortunate. ASan's
heap-use-after-free is actually better at this because it stores the stack
trace for the deletion and shows it. I don't really want to try to rebuild
that functionality.

>
>> For example, a debug-build-only
>> WeakVH and an explicit assert that it hasn't gone null when it is *used*
>> so that it can still *exist* even when the value goes away.
>
> But we don't *have* such a thing today, and for that reason this
> change is a strict decrease in debug-ability.  If you wanted to add
> something like that, and replace existing `AssertingVH` uses with it
> then I may feel better about this; however `AssertingVH` is stronger
> than what you suggest since `AssertingVH` catches cases where we've
> keyed a hash table off `AssertingVH` s.  To be on part with that
> functionality, we'd also need to write data structures like `DenseMap`
> that can be "poisoned" by a `CallbackVH` key.

As I mention above, I actually think AssertingVH is stronger than ASan
because it triggers the error on deletion.

ASan will use a quarantine to work quite hard to avoid accidental re-use of
an entry for a newly allocated pointer. So most bugs with hash tables I
would still expect something like ASan to uncover. The only things it won't
find are when getting a fresh address masks the bug *and* you don't ever
re-use the stale key in any way. That is a hole in the ASan based approach,
although historically I have not had this be a frequent failure mode. But
that's just me, and I've honestly not worked on SCEV or LVI enough to have
any intuition about those passes.

Anyways, I have built the replacement. It's somewhat awful IMO, but it will
at least cover the case above. It will be somewhat harder to debug than an
ASan failure as it won't give a backtrace for the deletion, but you can set
a breakpoint to get that in a debugger.

Patch adding a "poisoning" VH: https://reviews.llvm.org/D29061
Updated patch using it: https://reviews.llvm.org/D29006

Thoughts?

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170124/c8993465/attachment.html>