From cf90203b0be9a7f5e96207ccc4d94791ceb4079f Mon Sep 17 00:00:00 2001
From: Steven Wu <stevenwu@apple.com>
Date: Tue, 4 Sep 2018 22:54:17 +0000
Subject: [PATCH] [ThinLTO] Fix memory corruption in ThinLTOCodeGenerator when
 CodeGenOnly was specified

Summary:
Issue occurs when doing ThinLTO with CodeGenOnly flag.
TMBuilder.TheTriple is assigned to by multiple threads in an unsafe way resulting in double-free of std::string memory.

Pseudocode:
if (CodeGenOnly) {
  // Perform only parallel codegen and return.
  ThreadPool Pool;
  int count = 0;
  for (auto &ModuleBuffer : Modules) {
    Pool.async([&](int count) {
    ...
      /// Now call OutputBuffer = codegen(*TheModule);
      /// Which turns into initTMBuilder(moduleTMBuilder, Triple(TheModule.getTargetTriple()));
      /// Which turns into

      TMBuilder.TheTriple = std::move(TheTriple);   // std::string = "....."
      /// So, basically std::string assignment to same string on multiple threads = memory corruption

  }

  return;
}

Patch by Alex Borcan

Reviewers: llvm-commits, steven_wu

Reviewed By: steven_wu

Subscribers: mehdi_amini, inglorion, eraman, steven_wu, dexonsmith, llvm-commits

Differential Revision: https://reviews.llvm.org/D51651

llvm-svn: 341422
---
 llvm/include/llvm/LTO/legacy/ThinLTOCodeGenerator.h |  5 -----
 llvm/lib/LTO/ThinLTOCodeGenerator.cpp               | 10 +---------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/llvm/include/llvm/LTO/legacy/ThinLTOCodeGenerator.h b/llvm/include/llvm/LTO/legacy/ThinLTOCodeGenerator.h
index b32a972..8916ca6 100644
--- a/llvm/include/llvm/LTO/legacy/ThinLTOCodeGenerator.h
+++ b/llvm/include/llvm/LTO/legacy/ThinLTOCodeGenerator.h
@@ -299,11 +299,6 @@ public:
    */
   void optimize(Module &Module);
 
-  /**
-   * Perform ThinLTO CodeGen.
-   */
-  std::unique_ptr<MemoryBuffer> codegen(Module &Module);
-
   /**@}*/
 
 private:
diff --git a/llvm/lib/LTO/ThinLTOCodeGenerator.cpp b/llvm/lib/LTO/ThinLTOCodeGenerator.cpp
index 642e538..d111430 100644
--- a/llvm/lib/LTO/ThinLTOCodeGenerator.cpp
+++ b/llvm/lib/LTO/ThinLTOCodeGenerator.cpp
@@ -818,14 +818,6 @@ void ThinLTOCodeGenerator::optimize(Module &TheModule) {
   optimizeModule(TheModule, *TMBuilder.create(), OptLevel, Freestanding);
 }
 
-/**
- * Perform ThinLTO CodeGen.
- */
-std::unique_ptr<MemoryBuffer> ThinLTOCodeGenerator::codegen(Module &TheModule) {
-  initTMBuilder(TMBuilder, Triple(TheModule.getTargetTriple()));
-  return codegenModule(TheModule, *TMBuilder.create());
-}
-
 /// Write out the generated object file, either from CacheEntryPath or from
 /// OutputBuffer, preferring hard-link when possible.
 /// Returns the path to the generated file in SavedObjectsDirectoryPath.
@@ -893,7 +885,7 @@ void ThinLTOCodeGenerator::run() {
                                  /*IsImporting*/ false);
 
         // CodeGen
-        auto OutputBuffer = codegen(*TheModule);
+        auto OutputBuffer = codegenModule(*TheModule, *TMBuilder.create());
         if (SavedObjectsDirectoryPath.empty())
           ProducedBinaries[count] = std::move(OutputBuffer);
         else
-- 
2.7.4