Fix use-after-frees on memory allocated in a Recycler.

author Benjamin Kramer <benny.kra@googlemail.com>

Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)

committer Benjamin Kramer <benny.kra@googlemail.com>

Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)
author Benjamin Kramer <benny.kra@googlemail.com>
Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)
committer Benjamin Kramer <benny.kra@googlemail.com>
Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)
diff --git a/lib/CodeGen/GlobalISel/Legalizer.cpp b/lib/CodeGen/GlobalISel/Legalizer.cpp

index 2160a82..74ed58e 100644 (file)
--- a/lib/CodeGen/GlobalISel/Legalizer.cpp
+++ b/lib/CodeGen/GlobalISel/Legalizer.cpp
@@ -223,7 +223,11 @@ bool Legalizer::runOnMachineFunction(MachineFunction &MF) {
        // good chance MI will be deleted.
        NextMI = std::next(MI);
  
-      Changed |= combineExtracts(*MI, MRI, TII);
+      // combineExtracts erases MI.
+      if (combineExtracts(*MI, MRI, TII)) {
+        Changed = true;
+        continue;
+      }
        Changed |= combineMerges(*MI, MRI, TII);
      }
    }
diff --git a/lib/Target/ARM/ARMConstantIslandPass.cpp b/lib/Target/ARM/ARMConstantIslandPass.cpp

index 23722f1..280ffd8 100644 (file)
--- a/lib/Target/ARM/ARMConstantIslandPass.cpp
+++ b/lib/Target/ARM/ARMConstantIslandPass.cpp
@@ -1741,10 +1741,9 @@ bool ARMConstantIslands::undoLRSpillRestore() {
            .add(MI->getOperand(1));
        MI->eraseFromParent();
        MadeChange = true;
-    }
-    if (MI->getOpcode() == ARM::tPUSH &&
-        MI->getOperand(2).getReg() == ARM::LR &&
-        MI->getNumExplicitOperands() == 3) {
+    } else if (MI->getOpcode() == ARM::tPUSH &&
+               MI->getOperand(2).getReg() == ARM::LR &&
+               MI->getNumExplicitOperands() == 3) {
        // Just remove the push.
        MI->eraseFromParent();
        MadeChange = true;
diff --git a/lib/Target/ARM/ARMISelDAGToDAG.cpp b/lib/Target/ARM/ARMISelDAGToDAG.cpp

index 756afec..817ae57 100644 (file)
--- a/lib/Target/ARM/ARMISelDAGToDAG.cpp
+++ b/lib/Target/ARM/ARMISelDAGToDAG.cpp
@@ -539,11 +539,11 @@ bool ARMDAGToDAGISel::SelectImmShifterOperand(SDValue N,
      SDValue NewMulConst;
      if (canExtractShiftFromMul(N, 31, PowerOfTwo, NewMulConst)) {
        HandleSDNode Handle(N);
+      SDLoc Loc(N);
        replaceDAGValue(N.getOperand(1), NewMulConst);
        BaseReg = Handle.getValue();
-      Opc = CurDAG->getTargetConstant(ARM_AM::getSORegOpc(ARM_AM::lsl,
-                                                          PowerOfTwo),
-                                      SDLoc(N), MVT::i32);
+      Opc = CurDAG->getTargetConstant(
+          ARM_AM::getSORegOpc(ARM_AM::lsl, PowerOfTwo), Loc, MVT::i32);
        return true;
      }
    }
diff --git a/lib/Target/PowerPC/PPCISelDAGToDAG.cpp b/lib/Target/PowerPC/PPCISelDAGToDAG.cpp

index 9c72638..125c002 100644 (file)
--- a/lib/Target/PowerPC/PPCISelDAGToDAG.cpp
+++ b/lib/Target/PowerPC/PPCISelDAGToDAG.cpp
@@ -2977,10 +2977,10 @@ void PPCDAGToDAGISel::Select(SDNode *N) {
              SelectAddrIdxOnly(LD->getBasePtr(), Base, Offset)) {
            SDValue Chain = LD->getChain();
            SDValue Ops[] = { Base, Offset, Chain };
-          SDNode *NewN = CurDAG->SelectNodeTo(N, PPC::LXVDSX,
-                                              N->getValueType(0), Ops);
            MachineSDNode::mmo_iterator MemOp = MF->allocateMemRefsArray(1);
            MemOp[0] = LD->getMemOperand();
+          SDNode *NewN = CurDAG->SelectNodeTo(N, PPC::LXVDSX,
+                                              N->getValueType(0), Ops);
            cast<MachineSDNode>(NewN)->setMemRefs(MemOp, MemOp + 1);
            return;
          }
diff --git a/lib/Target/X86/X86ISelDAGToDAG.cpp b/lib/Target/X86/X86ISelDAGToDAG.cpp

index eb5c56f..2d788bf 100644 (file)
--- a/lib/Target/X86/X86ISelDAGToDAG.cpp
+++ b/lib/Target/X86/X86ISelDAGToDAG.cpp
@@ -1311,8 +1311,9 @@ bool X86DAGToDAGISel::matchAddressRecursively(SDValue N, X86ISelAddressMode &AM,
        ++Cost;
      // If the base is a register with multiple uses, this
      // transformation may save a mov.
-    if ((AM.BaseType == X86ISelAddressMode::RegBase &&
-         AM.Base_Reg.getNode() &&
+    // FIXME: Don't rely on DELETED_NODEs.
+    if ((AM.BaseType == X86ISelAddressMode::RegBase && AM.Base_Reg.getNode() &&
+         AM.Base_Reg->getOpcode() != ISD::DELETED_NODE &&
           !AM.Base_Reg.getNode()->hasOneUse()) ||
          AM.BaseType == X86ISelAddressMode::FrameIndexBase)
        --Cost;
author	Benjamin Kramer <benny.kra@googlemail.com>
	Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)
committer	Benjamin Kramer <benny.kra@googlemail.com>
	Thu, 20 Apr 2017 18:29:14 +0000 (18:29 +0000)
lib/CodeGen/GlobalISel/Legalizer.cpp		patch \| blob \| history
lib/Target/ARM/ARMConstantIslandPass.cpp		patch \| blob \| history
lib/Target/ARM/ARMISelDAGToDAG.cpp		patch \| blob \| history
lib/Target/PowerPC/PPCISelDAGToDAG.cpp		patch \| blob \| history
lib/Target/X86/X86ISelDAGToDAG.cpp		patch \| blob \| history