[LoopUnroll] Avoid UB when converting from WeakVH to `Value *`

Calling `operator*` on a WeakVH with a null value yields a null
reference, which is UB. Avoid this by implicitly converting the WeakVH
to a `Value *` rather than dereferencing and then taking the address
for the type conversion.

Differential Revision: https://reviews.llvm.org/D73280
This commit is contained in:
Justin Bogner 2020-01-23 10:24:10 -08:00
parent 3c545e4b73
commit b81a337be7
3 changed files with 51 additions and 4 deletions

View File

@ -89,7 +89,11 @@ public:
}
Value *operator->() const { return getValPtr(); }
Value &operator*() const { return *getValPtr(); }
Value &operator*() const {
Value *V = getValPtr();
assert(V && "Dereferencing deleted ValueHandle");
return *V;
}
protected:
Value *getValPtr() const { return Val; }

View File

@ -207,10 +207,11 @@ void llvm::simplifyLoopAfterUnroll(Loop *L, bool SimplifyIVs, LoopInfo *LI,
// Aggressively clean up dead instructions that simplifyLoopIVs already
// identified. Any remaining should be cleaned up below.
while (!DeadInsts.empty())
if (Instruction *Inst =
dyn_cast_or_null<Instruction>(&*DeadInsts.pop_back_val()))
while (!DeadInsts.empty()) {
Value *V = DeadInsts.pop_back_val();
if (Instruction *Inst = dyn_cast_or_null<Instruction>(V))
RecursivelyDeleteTriviallyDeadInstructions(Inst);
}
}
// At this point, the code is well formed. We now do a quick sweep over the

View File

@ -0,0 +1,42 @@
; RUN: opt -S < %s -loop-unroll -unroll-allow-partial=1 | FileCheck %s
;
; Bugpointed test that triggered UB while cleaning up dead
; instructions after simplifying indvars
; We just check that some unrolling happened here - the assert we've
; added to ValueHandleBase::operator* would fire if the bug was still
; present.
; CHECK: atomicrmw volatile add i32*
; CHECK: atomicrmw volatile add i32*
; CHECK: atomicrmw volatile add i32*
@global = external global i32, align 4
define void @widget() {
bb:
br label %bb1
bb1:
br label %bb2
bb2:
%tmp = phi i32 [ 0, %bb1 ], [ %tmp34, %bb33 ]
%tmp3 = phi i32 [ 0, %bb1 ], [ %tmp34, %bb33 ]
%tmp26 = and i32 %tmp, 1073741823
%tmp27 = getelementptr inbounds i32, i32* @global, i32 %tmp26
%tmp28 = atomicrmw volatile add i32* %tmp27, i32 1 monotonic
%tmp29 = icmp ugt i32 %tmp28, 23
%tmp30 = shl i32 %tmp, 6
%tmp31 = add i32 %tmp30, undef
%tmp32 = add i32 %tmp31, %tmp28
store i32 undef, i32* undef, align 4
br label %bb33
bb33:
%tmp34 = add nuw nsw i32 %tmp3, 1
%tmp35 = icmp ult i32 %tmp3, 15
br i1 %tmp35, label %bb2, label %bb36
bb36:
br label %bb1
}