HomePhabricator

[Coroutines] PR34897: Fix incorrect elisions

Description

[Coroutines] PR34897: Fix incorrect elisions

Summary:
https://bugs.llvm.org/show_bug.cgi?id=34897 demonstrates an incorrect
coroutine frame allocation elision in the coro-elide pass. The elision
is performed on the basis that the SSA variables from all llvm.coro.begin
are directly referenced in subsequent llvm.coro.destroy instructions.

However, this ignores the fact that the function may exit through paths
that do not run these destroy instructions. In the sample program from
PR34897, for example, the llvm.coro.destroy instruction is only
executed in exception handling code. When the coroutine function exits
normally, llvm.coro.destroy is not called. Eliding the allocation in
this case causes a subsequent reference to the coroutine handle from
outside of the function to access freed memory.

To fix the issue, when finding an llvm.coro.destroy for each llvm.coro.begin,
only consider llvm.coro.destroy that are executed along non-exceptional paths.

Test Plan:

  1. Download the sample program from https://bugs.llvm.org/show_bug.cgi?id=34897, compile it with clang++ -fcoroutines-ts -stdlib=libc++ -std=c++1z -O2, and run it. It should print "run1\ncheck1\nrun2\ncheck2" and then exit successfully.
  2. Compile https://godbolt.org/g/mCKfnr and confirm it is still optimized to a single instruction, 'return 1190'.
  3. check-llvm

Reviewers: rsmith, GorNishanov, eric_niebler

Reviewed By: GorNishanov

Subscribers: andrewrk, lewissbaker, EricWF, llvm-commits

Differential Revision: https://reviews.llvm.org/D43242

Details

Committed
modocacheMay 11 2018, 3:12 AM
Reviewer
GorNishanov
Differential Revision
D43242: [Coroutines] PR34897: Fix incorrect elisions
Parents
rL332076: Improve diagnostics and error recovery for template name lookup.
Branches
Unknown
Tags
Unknown