https://bugs.llvm.org/show_bug.cgi?id=45749
Bug ID: 45749
Summary: [SCCP] Possible reference invalidation
Product: libraries
Version: trunk
Hardware: PC
OS: Windows NT
Status: NEW
Severity: normal
Priority: P
Component: Scalar Optimizations
Assignee: unassignedb...@nondot.org
Reporter: wolfgang_p...@playstation.sony.com
CC: llvm-bugs@lists.llvm.org
In SCCP.cpp, in SCCPSolver::handleCallResult() there are 4 calls to
mergeInValue() of the form
mergeInValue(ValueState[&CB], &CB, getValueState(CopyOf));
ValueState is a DenseMap. The subscript operator returns a reference to an
entry in ValueState, which is held across the call to getValueState() and
passed on to mergeInValue(). However, getValueState() itself makes insertions
into ValueState, thereby possibly invalidating the reference.
Unfortunately I have no test case to demonstrate this, but at Sony we have
encountered a crash with a previous version of this code (based on llvm 10.0)
in an LTO scenario. The cause was exactly such a reference invalidated by a
call to getValueState(). I am unable to share the code that caused the crash
since it was made available by one of our licensees.
I noticed that a similar problem was fixed by a previous commit
(https://github.sie.sony.com/SIE-Private/cpu-toolchain-orbis/commit/487780678fcaf2662aa820bd50364addb935dfe8).
I am unable to construct a small test case that demonstrates the issue, as my
understanding of SCCP is not particularly deep, but I think this code could
cause more crashes in the future, especially in large programs.
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
