The JIT allocates global data inside of function bodies, which can be freed #4855
Comments
|
assigned to @rnk |
|
I found the revision that introduced this bug: The log message is very clear about what it is doing, but it gives no indication as to why the change was made. |
|
On going discussion on llvmdev. We should add a mechanism to change the behavior. |
|
r75059 provides a workaround for this. I'm leaving the bug open because the behavior is still broken by default. |
|
The old JIT is gone. I'm pretty sure MCJIT doesn't have this problem. |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Extended Description
Consider the program:
int counter = 0;
void foo() { return ++counter; }
void bar() { return ++counter; }
If we use the JIT, and make a call to foo, free the code for foo, and then call bar, we'll access freed memory. Of course, you won't notice the problem until something else is allocated in the freed region, but if you poison freed memory it's easier to detect.
This also interferes with reattempting to JIT machine code, which I was working on when I found this bug. I ran into it because I free the machine code before retrying, and if the function allocated any globals before reattempting, the old addresses are saved in the GlobalValue to address map.
I've attached a failing test case, and I'm working on a fix.
The text was updated successfully, but these errors were encountered: