diff options
| author | Justin Bogner <mail@justinbogner.com> | 2016-04-12 23:21:53 +0000 |
|---|---|---|
| committer | Justin Bogner <mail@justinbogner.com> | 2016-04-12 23:21:53 +0000 |
| commit | 263f314ba77c381f0fb9e4d3a867a863b7a78687 (patch) | |
| tree | 6ceb604122df1a3874de9e832cf5b7721a76353e | |
| parent | e48e393729aec2cf05a6f1e16651d891a75f3690 (diff) | |
| download | bcm5719-llvm-263f314ba77c381f0fb9e4d3a867a863b7a78687.tar.gz bcm5719-llvm-263f314ba77c381f0fb9e4d3a867a863b7a78687.zip | |
CodeGen: Clear the MFI's save and restore point after PrologEpilogInserter
This state is no longer useful and not guaranteed to be valid in later
codegen passes. For example, see the added test, which would print a
savepoint of %bb.-1 without this change, and crashes with a
use-after-free error under ASan if you apply the recycling allocator
patch from llvm.org/PR26808.
llvm-svn: 266150
| -rw-r--r-- | llvm/lib/CodeGen/PrologEpilogInserter.cpp | 2 | ||||
| -rw-r--r-- | llvm/test/CodeGen/ARM/invalidated-save-point.ll | 27 | ||||
| -rw-r--r-- | llvm/test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir | 2 |
3 files changed, 29 insertions, 2 deletions
diff --git a/llvm/lib/CodeGen/PrologEpilogInserter.cpp b/llvm/lib/CodeGen/PrologEpilogInserter.cpp index 7c3fe33cf75..2c3ea316e23 100644 --- a/llvm/lib/CodeGen/PrologEpilogInserter.cpp +++ b/llvm/lib/CodeGen/PrologEpilogInserter.cpp @@ -238,6 +238,8 @@ bool PEI::runOnMachineFunction(MachineFunction &Fn) { delete RS; SaveBlocks.clear(); RestoreBlocks.clear(); + MFI->setSavePoint(nullptr); + MFI->setRestorePoint(nullptr); return true; } diff --git a/llvm/test/CodeGen/ARM/invalidated-save-point.ll b/llvm/test/CodeGen/ARM/invalidated-save-point.ll new file mode 100644 index 00000000000..0ff153b6799 --- /dev/null +++ b/llvm/test/CodeGen/ARM/invalidated-save-point.ll @@ -0,0 +1,27 @@ +; RUN: llc -mtriple thumbv7 -stop-after=if-converter < %s 2>&1 | FileCheck %s + +; Make sure the save point and restore point are dropped from MFI at +; this point. Notably, if it isn't is will be invalid and reference a +; deleted block (%bb.-1.if.end) + +; CHECK-NOT: savePoint: +; CHECK-NOT: restorePoint: + +target datalayout = "e-m:e-p:32:32-i64:64-v128:64:128-a:0:32-n32-S64" +target triple = "thumbv7" + +define i32 @f(i32 %n) { +entry: + %cmp = icmp ult i32 %n, 4 + br i1 %cmp, label %return, label %if.end + +if.end: + tail call void @g(i32 %n) + br label %return + +return: + %retval.0 = phi i32 [ 0, %if.end ], [ -1, %entry ] + ret i32 %retval.0 +} + +declare void @g(i32) diff --git a/llvm/test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir b/llvm/test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir index be7e9eac2d5..6ec36593cad 100644 --- a/llvm/test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir +++ b/llvm/test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir @@ -117,8 +117,6 @@ frameInfo: hasOpaqueSPAdjustment: false hasVAStart: false hasMustTailInVarArgFunc: false - savePoint: '%bb.2.if.end' - restorePoint: '%bb.2.if.end' stack: - { id: 0, type: spill-slot, offset: -4, size: 4, alignment: 4, callee-saved-register: '%lr' } - { id: 1, type: spill-slot, offset: -8, size: 4, alignment: 4, callee-saved-register: '%r7' } |
