[llvm-bugs] [Bug 49582] New: Iterator invalidation in SCCP.cpp : markUsersAsChanged()

Sat, 13 Mar 2021 12:51:33 -0800 

https://bugs.llvm.org/show_bug.cgi?id=49582

            Bug ID: 49582
           Summary: Iterator invalidation in SCCP.cpp :
                    markUsersAsChanged()
           Product: libraries
           Version: 11.0
          Hardware: PC
                OS: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P
         Component: Scalar Optimizations
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]

Created attachment 24642
  --> https://bugs.llvm.org/attachment.cgi?id=24642&action=edit
Preprocessed reproducer source.

The AdditionalUsers Instruction update loop in markUsersAsChanged() can modify
the Users SmallPtrSet while iterating over it, which invalidates the iterator.

https://github.com/llvm/llvm-project/blob/release/11.x/llvm/lib/Transforms/Scalar/SCCP.cpp#L546

This causes a reproducible crash under OpenBSD while compiling the attached
.cpp and build script. The backtrace is:

$ sh lastransform-b8f841.sh                                                     
PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash
backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /scratch/llvm/build/bin/clang -cc1 -triple
amd64-unknown-openbsd6.9 -emit-obj -disable-free -disable-llvm-verifier
-discard-value-names -main-file-name lastransform.cpp -mrelocation-model pic
-pic-level 2 -mframe-pointer=all -relaxed-aliasing -fno-rounding-math
-mconstructor-aliases -munwind-tables -target-cpu x86-64 -target-feature
+retpoline-indirect-calls -target-feature +retpoline-indirect-branches
-fno-split-dwarf-inlining -debugger-tuning=gdb -sys-header-deps -D
HAVE_UNORDERED_MAP -D NDEBUG -D UNORDERED -D _CRT_SECURE_NO_WARNINGS -D NDEBUG
-O2 -fdeprecated-macro -ferror-limit 19 -fwrapv -fgnuc-version=4.2.1
-fcxx-exceptions -fexceptions -vectorize-loops -vectorize-slp
-fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc
-fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup
-faddrsig -x c++ lastransform-b8f841.cpp 
1.      <eof> parser at end of file
2.      Per-module optimization passes
3.      Running pass 'Interprocedural Sparse Conditional Constant Propagation'
on module 'lastransform-b8f841.cpp'.
Segmentation fault (core dumped) 

The attached .diff resolves the crash by caching the Instructions to visit
first.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs

Reply via email to