-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
valgrind finds error in DSE using AliasAnalysis #1284
Comments
I've been trying to figure this out, but I don't have valgrind, and don't really have much to go on. Any -Chris |
further reduced by hand When reducing it, I found that it seems to be especially touchy with regards to |
debug output; operations done on KillLocs The trace lists every call to KillLocs.add, .remove and .clear (never called). The AliasSetTracker API doesn't seem to be getting obviously misused (I was |
debug output including AliasSetTracker The invalid read is std::equal_to(%tmp23, %tmp66), but I'm not sure whether Also, this debug output uses -no-aa. I've noticed that it, -basicaa and |
The problem is that the hash_map is being given its own value as input: AliasSet::HashNodePair *P = AS.PtrList; Imagine that the hash_map is a multimap for a second. When you call For this to work right, someone has to take a copy of P->first. The question is For reference, here's a copy of GCC's implementation of hashtable.erase, used to template <class _Val, class _Key, class _HF, class _Ex, class _Eq, class _All>
after free |
Fixed. No testcase because this is a memory management bug. Patch here: |
Just to be clear, it's uncertain whether this is was bug in LLVM or a defect in http://gcc.gnu.org/bugzilla/show_bug.cgi?id=25896 http://www.open-std.org/jtc1/sc22/wg21/docs/lwg-active.html#526 Regardless, we'll leave our workaround in as a resolution from vendors isn't |
I agree, the work-around is a great portability fix if nothing else. -Chris |
Extended Description
The DSE seems to have some sort of hard to trigger memory error, caught by valgrind:
$ valgrind opt bugpoint-reduced-simplified.bc -dse
==13389== Memcheck, a memory error detector.
==13389== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==13389== Using LibVEX rev 1606, a library for dynamic binary translation.
==13389== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==13389== Using valgrind-3.2.0-Debian, a dynamic binary instrumentation framework.
==13389== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==13389== For more details, rerun with: -v
==13389==
WARNING: You're attempting to print out a bytecode file.
This is inadvisable as it may cause display problems. If
you REALLY want to taste LLVM bytecode first-hand, you
can force output with the `-f' option.
==13389== Invalid read of size 4
==13389== at 0x8440A8F: std::equal_tollvm::Value*::operator()(llvm::Value*
const&, llvm::Value* const&) const (stl_function.h:200)
==13389== by 0x85E9319: __gnu_cxx::hashtable<std::pair<llvm::Value* const,
llvm::AliasSet::PointerRec>, llvm::Value*, __gnu_cxx::hashllvm::Value*,
std::_Select1st<std::pair<llvm::Value* const, llvm::AliasSet::PointerRec> >,
std::equal_tollvm::Value*, std::allocatorllvm::AliasSet::PointerRec
The text was updated successfully, but these errors were encountered: