From: James Molloy <james.molloy@arm.com>
Date: Mon, 19 Oct 2015 08:54:59 +0000 (+0000)
Subject: [GlobalsAA] Fix a really horrible iterator invalidation bug
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=f9cd1bee2f370b05a7b2e6b8f66ad75590ee6383;p=oota-llvm.git

[GlobalsAA] Fix a really horrible iterator invalidation bug

We were keeping a reference to an object in a DenseMap then mutating it. At the end of the function we were attempting to clone that reference into other keys in the DenseMap, but DenseMap may well decide to resize its hashtable which would invalidate the reference!

It took an extremely complex testcase to catch this - many thanks to Zhendong Su for catching it in PR25225.

This fixes PR25225.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250692 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Analysis/GlobalsModRef.cpp b/lib/Analysis/GlobalsModRef.cpp
index be5d384c435..979e2de0fcf 100644
--- a/lib/Analysis/GlobalsModRef.cpp
+++ b/lib/Analysis/GlobalsModRef.cpp
@@ -587,8 +587,11 @@ void GlobalsAAResult::AnalyzeCallGraph(CallGraph &CG, Module &M) {
 
     // Finally, now that we know the full effect on this SCC, clone the
     // information to each function in the SCC.
+    // FI is a reference into FunctionInfos, so copy it now so that it doesn't
+    // get invalidated if DenseMap decides to re-hash.
+    FunctionInfo CachedFI = FI;
     for (unsigned i = 1, e = SCC.size(); i != e; ++i)
-      FunctionInfos[SCC[i]->getFunction()] = FI;
+      FunctionInfos[SCC[i]->getFunction()] = CachedFI;
   }
 }