From: Andrew Kaylor Date: Mon, 3 Jun 2019 17:54:15 +0000 (+0000) Subject: Fix a crash when the default of a switch is removed X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4bc2f1895746f0d9ebd22c054dc3e35acda9ad03;p=llvm Fix a crash when the default of a switch is removed This patch fixes a problem that occurs in LowerSwitch when a switch statement has a PHI node as its condition, and the PHI node only has two incoming blocks, and one of those incoming blocks is through an unreachable default in the switch statement. When this condition occurs, LowerSwitch holds a pointer to the condition value, but removes the switch block as a predecessor of the PHI block, causing the PHI node to be replaced. LowerSwitch then tries to use its stale pointer to the original condition value, causing a crash. Differential Revision: https://reviews.llvm.org/D62560 git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@362427 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Transforms/Utils/LowerSwitch.cpp b/lib/Transforms/Utils/LowerSwitch.cpp index 680b5d31a42..8062fe49908 100644 --- a/lib/Transforms/Utils/LowerSwitch.cpp +++ b/lib/Transforms/Utils/LowerSwitch.cpp @@ -584,6 +584,11 @@ void LowerSwitch::processSwitchInst(SwitchInst *SI, PopSucc->removePredecessor(OrigBlock); return; } + + // If the condition was a PHI node with the switch block as a predecessor + // removing predecessors may have caused the condition to be erased. + // Getting the condition value again here protects against that. + Val = SI->getCondition(); } // Create a new, empty default block so that the new hierarchy of diff --git a/test/Transforms/LowerSwitch/condition-phi-unreachable-default.ll b/test/Transforms/LowerSwitch/condition-phi-unreachable-default.ll new file mode 100644 index 00000000000..c53602bcd27 --- /dev/null +++ b/test/Transforms/LowerSwitch/condition-phi-unreachable-default.ll @@ -0,0 +1,36 @@ +; RUN: opt < %s -lowerswitch -S | FileCheck %s + +; This test verifies -lowerswitch does not crash when an removing an +; unreachable default branch causes a PHI node used as the switch +; condition to be erased. + +define void @f() local_unnamed_addr { +entry: + br label %sw.epilog + +sw.epilog: ; preds = %sw.epilog.outer, %for.body + %i = phi i32 [ undef, %for.body ], [ 0, %entry ] + br i1 undef, label %for.body, label %for.end + +for.body: ; preds = %sw.epilog + switch i32 %i, label %sw.epilog [ + i32 0, label %sw.epilog.outer.backedge.loopexit + i32 1, label %sw.epilog.outer.backedge + ] + +sw.epilog.outer.backedge.loopexit: ; preds = %for.body + br label %for.end + +sw.epilog.outer.backedge: ; preds = %for.body + unreachable + +for.end: ; preds = %sw.epilog + ret void +} + +; The phi and the switch should both be eliminated. +; CHECK: @f() +; CHECK: sw.epilog: +; CHECK-NOT: phi +; CHECK: for.body: +; CHECK-NOT: switch