[llvm-dev] BitcodeReader.cpp bug under LTO

[chenmindong via llvm-dev]

Hi guys,

We have found a bug of BitcodeReader.cpp in processing an LTO bitcode file. As LLVM doesn't emit use-list for LTO bitcode files, many forward references will happen when BitcodeReader processes the bitcode file, and LLVM uses placeholders for those forward references and resolve them later.

When parseConstants() reads in a CST_CODE_CE_SELECT record, e.g.

select <selty><cond>, <ty><val1>, <ty><val2>

If "ty" here is a vector type and "cond" is a forward reference, LLVM uses i1 as the placeholder type of "cond" if it cannot find "cond" in ValueList, as the code follows:

      Type *SelectorTy = Type::getInt1Ty(Context);

      // The selector might be an i1 or an <n x i1>
      // Get the type from the ValueList before getting a forward ref.
      if (VectorType *VTy = dyn_cast<VectorType>(CurTy))
        if (Value *V = ValueList[Record[0]])
          if (SelectorTy != V->getType())
            SelectorTy = VectorType::get(SelectorTy, VTy->getNumElements());


However, the program aborts in RAUW() if we find "selty" is a vector type later, because LLVM are trying to replace an i1 placeholder with an <n x i1> value.

A rough idea is to create a BitcodeReader-specific RAUW which doesn't check type legitimacy and any other suggestion is welcome.

Bugzilla link: https://bugs.llvm.org/show_bug.cgi?id=46750

Regards,
Mindong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200716/92049cd4/attachment.html>