From f9cd1bee2f370b05a7b2e6b8f66ad75590ee6383 Mon Sep 17 00:00:00 2001 From: James Molloy Date: Mon, 19 Oct 2015 08:54:59 +0000 Subject: [PATCH] [GlobalsAA] Fix a really horrible iterator invalidation bug We were keeping a reference to an object in a DenseMap then mutating it. At the end of the function we were attempting to clone that reference into other keys in the DenseMap, but DenseMap may well decide to resize its hashtable which would invalidate the reference! It took an extremely complex testcase to catch this - many thanks to Zhendong Su for catching it in PR25225. This fixes PR25225. git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@250692 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Analysis/GlobalsModRef.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/Analysis/GlobalsModRef.cpp b/lib/Analysis/GlobalsModRef.cpp index be5d384c435..979e2de0fcf 100644 --- a/lib/Analysis/GlobalsModRef.cpp +++ b/lib/Analysis/GlobalsModRef.cpp @@ -587,8 +587,11 @@ void GlobalsAAResult::AnalyzeCallGraph(CallGraph &CG, Module &M) { // Finally, now that we know the full effect on this SCC, clone the // information to each function in the SCC. + // FI is a reference into FunctionInfos, so copy it now so that it doesn't + // get invalidated if DenseMap decides to re-hash. + FunctionInfo CachedFI = FI; for (unsigned i = 1, e = SCC.size(); i != e; ++i) - FunctionInfos[SCC[i]->getFunction()] = FI; + FunctionInfos[SCC[i]->getFunction()] = CachedFI; } } -- 2.34.1