[Beignet] [PATCH] GBE: Fixed one bug in scalarize pass
Zhigang Gong
zhigang.gong at linux.intel.com
Wed Jun 19 03:36:30 PDT 2013
I met segfault at void Scalarize::dce() randomly when I integrate
a openCL kernel to the chromium's GPU process. After discuss with
Yang Rong, I found one bug in this function. As it use two loops
to erase the dead instructions, but it doesn't set the pointer to
NULL at the first loop when it already erased the instruction. Thus
at the second loop, when it call (*i)->getParent, the (*i) may
already be deleted then it may refer a freed region and may cause
segfault.
Signed-off-by: Zhigang Gong <zhigang.gong at linux.intel.com>
---
backend/src/llvm/llvm_scalarize.cpp | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/backend/src/llvm/llvm_scalarize.cpp b/backend/src/llvm/llvm_scalarize.cpp
index 3c0d6a4..bab2236 100644
--- a/backend/src/llvm/llvm_scalarize.cpp
+++ b/backend/src/llvm/llvm_scalarize.cpp
@@ -825,11 +825,13 @@ namespace gbe {
//two passes delete for some phinode
for (std::vector<Instruction*>::reverse_iterator i = deadList.rbegin(), e = deadList.rend(); i != e; ++i) {
(*i)->dropAllReferences();
- if((*i)->use_empty())
+ if((*i)->use_empty()) {
(*i)->eraseFromParent();
+ (*i) = NULL;
+ }
}
for (std::vector<Instruction*>::reverse_iterator i = deadList.rbegin(), e = deadList.rend(); i != e; ++i) {
- if((*i)->getParent())
+ if((*i) && (*i)->getParent())
(*i)->eraseFromParent();
}
deadList.clear();
--
1.7.11.7
More information about the Beignet
mailing list