| Issue |
175168
|
| Summary |
Incorrect `RegionBranchOpInterface` API usage in `SliceWalk.cpp`
|
| Labels |
mlir
|
| Assignees |
|
| Reporter |
matthias-springer
|
There is a bug here: https://github.com/llvm/llvm-project/pull/173983/files#diff-3d1931c716d9d3d6afd2e486f6e3455f75fc7af155aeb6b5c8530934db53e891R73
The second parameter of `getPredecessorValue` indexes into `getEntrySuccessorOperands` /`getSuccessorOperands`. The indexing starts with `0`. The problem here is that we are simply taking the op result number.
For example, let's assume that `scf.for` returns an additional value that is not related to an init_arg. Let's say it returns the number of iterations. (It does not really make sense to design the op like that, this is just for illustration purposes.)
```
%num_iter, %loop_carried = scf.for ... iter_args(%arg0 = %0) { ... }
// ^^^^^^^^^^^^^
// op result 1
```
Now we are calling `getControlFlowPredecessors(%loop_carried)` here. This will call `regionBranchOp.getPredecessorValues(..., 1, ...)`, which cause an out-of-bounds array access inside of `getPredecessorValues`. (The same thing happens with the original implementation before this PR.)
While we may not have such ops (at least in upstream MLIR) at the moment, the `RegionBranchOpInterface` allows them.
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
