review.tizen.org Git - platform/upstream/llvm.git/commit

author	Michael Kruse <llvm-project@meinersbur.de>
	Sat, 22 Aug 2020 14:47:10 +0000 (09:47 -0500)
committer	Michael Kruse <llvm-project@meinersbur.de>
	Sat, 22 Aug 2020 15:10:49 +0000 (10:10 -0500)
commit	6983741eaa84e76802feca9145e39293cc6d15b4
tree	97e97b64cf878acfdf85b2184f4ef9035b118f09	tree \| snapshot
parent	901e3317fe7c88405b232b090896ae0d111c8c93	commit \| diff

[Polly] Fix use-after-free.

VirtualUse of type UseKind::Inter expects the definition of a
llvm::Value to be represented in another statement. In the bug report
that statement has been removed due to its domain being empty.
Scop::InstStmtMap for the llvm::Value's defintion still pointed to the
removed statement, which resulted in the use-after-free.

The defintion statement was removed by Simplify because it was
considered to not be reachable by other uses; trivially because it is
never executed due to its empty domain. However, no such thing happend
to the using statement using the value altough its domain is also empty.

Fix by always removing statements with empty domains in Simplify since
these are not properly analyzable. A UseKind::Inter should always have a
statement with its defintion due to LLVM's SSA form.
Scop::removeStmtNotInDomainMap() also removes statements with empty
domains but does so without considering the context as used by
Simplify's analyzes.

In another angle, InstStmtMap pointing to removed statements should not
happen either and ForwardOpTree would have bailed out if the llvm::Value
definition was not represented by a statement. This will be corrected in
a followup-commit.

This fixes llvm.org/PR47098

polly/include/polly/ScopInfo.h		diff \| blob \| history
polly/lib/Transform/Simplify.cpp		diff \| blob \| history
polly/test/Simplify/func-b320a7.ll	[new file with mode: 0644]	blob