deliberately illegal use-after-destroy in llvm/lib/IR/User.cpp #24952
Comments
|
To put it simply, operator delete for class User inspects memory of the object after the end of its lifetime. This shows as a use-after-dtor error when running under MemorySanitizer. There is a similar problem with operator delete for MDNode. This needs to be fixed or suppressed before we enable use-after-dtor sanitization on the bootstrap bot. |
|
It looks like a potential solution would be to modify User's overloaded new operators to allocate extra memory to store NumUserOperands, HasHungOffUses, and HasDescriptor. Then the overloaded delete can read that extra memory and delete accordingly without touching the memory poisoned by the destructor. Of course there are performance implications and likely other difficulties that are outside my current level of understanding. |
|
*** Bug llvm/llvm-bugzilla-archive#36022 has been marked as a duplicate of this bug. *** |
|
I've been looking at this but I don't have a good solution yet :( The fact that I was hoping the One thing I did try (which failed) was, like Matt mentioned, stash the needed data in non-poisoned memory. Because it's difficult in Some other ideas:
|
|
Indeed I'll put out another idea then: how about a handful of classes like Benefits are:
|
|
There's a class I'm working on a new class |
|
mentioned in issue llvm/llvm-bugzilla-archive#36022 |
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. Bug: #24952 Bug: #57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. Bug: llvm/llvm-project#24952 Bug: llvm/llvm-project#57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505 (cherry picked from commit 94f7c96)
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. Bug: #24952 Bug: #57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 (This was originally committed as 94f7c96 but I reverted it in b974991f4c4457a2104b648d9797a0ed438ecc9 to fix authorship.) Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505 Signed-off-by: Sam James <sam@gentoo.org>
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. Bug: llvm/llvm-project#24952 Bug: llvm/llvm-project#57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 (This was originally committed as 94f7c96 but I reverted it in b974991f4c4457a2104b648d9797a0ed438ecc9 to fix authorship.) Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505 Signed-off-by: Sam James <sam@gentoo.org> (cherry picked from commit ce990b5)
This reverts commit ce990b5. This breaks some build bots - specifically when using GCC to build LLVM and then -fno-lifetime-dse ends up passed to Clang in some tests like at https://lab.llvm.org/buildbot/#/builders/139/builds/40594. Bug: #24952 Bug: #57740 Differential Revision: https://reviews.llvm.org/D150505
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. The previous test issues are fixed by 626849c. Bug: #24952 Bug: #57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. The previous test issues are fixed by 626849c. Bug: llvm/llvm-project#24952 Bug: llvm/llvm-project#57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505 (cherry picked from commit 47f5c54)
LLVM data structures like llvm::User and llvm::MDNode rely on the value of object storage persisting beyond the lifetime of the object (#24952). This is not standard compliant and causes a runtime crash if LLVM is built with GCC and LTO enabled (#57740). Until these issues are fixed, we need to disable dead store eliminations eliminations based on object lifetime. The previous test issues are fixed by 626849c. Bug: llvm/llvm-project#24952 Bug: llvm/llvm-project#57740 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106943 Reviewed By: MaskRay, thesamesam, nikic Differential Revision: https://reviews.llvm.org/D150505 (cherry picked from commit 47f5c54)
jayfoad
changed the title
MaskRay
added
llvm:core
and removed
clang:frontend
Extended Description
The test lvm/llvm/test:Transforms/ScalarRepl/sroa-fca.ll.test fails when running it with -fsanitize-memory-use-after-dtor, and environment option MSAN_OPTIONS=poison_in_dtor=1
Invalid access of member HasHungOffUses in definition of operator delete for user. The member is inherited from llvm::Value. During test execution, the destructor of some llvm::Value instance is invoked, and poisons its own memory. The later destruction of the User instance fails when it attempts to access the inherited member.
The text was updated successfully, but these errors were encountered: