SCEV use after free #9423
Description
| Bugzilla Link | 9051 |
| Resolution | FIXED |
| Resolved on | Jan 26, 2011 02:40 |
| Version | trunk |
| OS | Linux |
| Attachments | testcase .ll |
| Reporter | LLVM Bugzilla Contributor |
| CC | @nlewycky |
Extended Description
$ valgrind opt bugpoint-reduced-simplified.bc -inline -scalarrepl-ssa -early-cse -loop-rotate -loop-unswitch -instcombine -indvars -loop-unroll -constmerge -disable-output
...
Invalid read of size 8
at 0x8EED72: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*, void*) (FoldingSet.cpp:318)
by 0x7589BD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*, llvm::Type const*) (ScalarEvolution.cpp:870)
by 0x757673: llvm::ScalarEvolution::createSCEV(llvm::Value*) (ScalarEvolution.cpp:3510)
by 0x75836A: llvm::ScalarEvolution::getSCEV(llvm::Value*) (ScalarEvolution.cpp:2475)
by 0x7681AC: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCondICmp(llvm::Loop const*, llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:4134)
by 0x768C4B: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCond(llvm::Loop const*, llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:3990)
by 0x769122: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit(llvm::Loop const*, llvm::BasicBlock*) (ScalarEvolution.cpp:3904)
by 0x753C7F: llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop const*) (ScalarEvolution.cpp:3818)
by 0x753EF6: llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) (ScalarEvolution.cpp:3687)
by 0x766398: llvm::ScalarEvolution::getBackedgeTakenCount(llvm::Loop const*) (ScalarEvolution.cpp:3653)
by 0x526FCF: (anonymous namespace)::IndVarSimplify::runOnLoop(llvm::Loop*, llvm::LPPassManager&) (IndVarSimplify.cpp:501)
by 0x6FFB66: llvm::LPPassManager::runOnFunction(llvm::Function&) (LoopPass.cpp:268)
Address 0x5c08a18 is 8 bytes inside a block of size 520 free'd
at 0x4C2706D: free (vg_replace_malloc.c:366)
by 0x8EEF49: llvm::FoldingSetImpl::GrowHashTable() (FoldingSet.cpp:272)
by 0x8EEDC4: llvm::FoldingSetImpl::InsertNode(llvm::FoldingSetImpl::Node*, void*) (FoldingSet.cpp:308)
by 0x7589BD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*, llvm::Type const*) (ScalarEvolution.cpp:870)
by 0x7588CD: llvm::ScalarEvolution::getTruncateExpr(llvm::SCEV const*, llvm::Type const*) (ScalarEvolution.cpp:842)
by 0x757673: llvm::ScalarEvolution::createSCEV(llvm::Value*) (ScalarEvolution.cpp:3510)
by 0x75836A: llvm::ScalarEvolution::getSCEV(llvm::Value*) (ScalarEvolution.cpp:2475)
by 0x7681AC: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCondICmp(llvm::Loop const*, llvm::ICmpInst*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:4134)
by 0x768C4B: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExitCond(llvm::Loop const*, llvm::Value*, llvm::BasicBlock*, llvm::BasicBlock*) (ScalarEvolution.cpp:3990)
by 0x769122: llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit(llvm::Loop const*, llvm::BasicBlock*) (ScalarEvolution.cpp:3904)
by 0x753C7F: llvm::ScalarEvolution::ComputeBackedgeTakenCount(llvm::Loop const*) (ScalarEvolution.cpp:3818)
by 0x753EF6: llvm::ScalarEvolution::getBackedgeTakenInfo(llvm::Loop const*) (ScalarEvolution.cpp:3687)