Consider the program: int counter = 0; void foo() { return ++counter; } void bar() { return ++counter; } If we use the JIT, and make a call to foo, free the code for foo, and then call bar, we'll access freed memory. Of course, you won't notice the problem until something else is allocated in the freed region, but if you poison freed memory it's easier to detect. This also interferes with reattempting to JIT machine code, which I was working on when I found this bug. I ran into it because I free the machine code before retrying, and if the function allocated any globals before reattempting, the old addresses are saved in the GlobalValue to address map. I've attached a failing test case, and I'm working on a fix.
Created attachment 3140 [details] Failing test case.
I found the revision that introduced this bug: http://llvm.org/viewvc/llvm-project?view=rev&revision=54442 The log message is very clear about what it is doing, but it gives no indication as to *why* the change was made.
On going discussion on llvmdev. We should add a mechanism to change the behavior.
r75059 provides a workaround for this. I'm leaving the bug open because the behavior is still broken by default.
The old JIT is gone. I'm pretty sure MCJIT doesn't have this problem.