Fix use-after-free error caused by SILBuilderWithScope.

gottesmm · gottesmm · commit 3381b23c7579 · 2015-11-14T16:09:40.000-08:00
The problem occurs if one uses a SILBuilderWithScope to create an instruction
and then later on delete that instruction before the SILBuilderWithScope's
destructor has been called. In such a case when the SILBuilderWithScope's
destructor runs, the destructor will attempt to set the debug scope of the
deleted instruction.

This will be caught by ASAN once a patch by Roman lands that changes
instructions to use malloc instead of BumpPtrAllocators.

&lt;rdar://problem/23548378&gt;
diff --git a/lib/SILPasses/Scalar/SimplifyCFG.cpp b/lib/SILPasses/Scalar/SimplifyCFG.cpp
@@ -2468,16 +2468,20 @@ bool ArgumentSplitter::createNewArguments() {
     NewArgumentValues.push_back(NewArg);
   }
 
-  SILBuilderWithScope<> B(ParentBB->begin(), nullptr);
+  SILInstruction *Agg = nullptr;
+
+  {
+    SILBuilderWithScope<> B(ParentBB->begin(), nullptr);
+
+    // Reform the original structure
+    //
+    // TODO: What is the right location to use here.
+    auto Loc = RegularLocation::getAutoGeneratedLocation();
+    Agg = Projection::createAggFromFirstLevelProjections(
+              B, Loc, Arg->getType(), NewArgumentValues).get();
+    assert(Agg->getNumTypes() == 1 && "Expected only one result");
+  }
 
-  // Reform the original structure
-  //
-  // TODO: What is the right location to use here.
-  auto Loc = RegularLocation::getAutoGeneratedLocation();
-  SILInstruction *Agg = Projection::createAggFromFirstLevelProjections(
-                            B, Loc, Arg->getType(), NewArgumentValues)
-                            .get();
-  assert(Agg->getNumTypes() == 1 && "Expected only one result");
   SILValue(Arg).replaceAllUsesWith(SILValue(Agg));
 
   // Look at all users of agg and see if we can simplify any of them. This will
