From: Evan Cheng <evan.cheng@apple.com>
Date: Mon, 16 Jun 2008 07:34:17 +0000 (+0000)
Subject: Fix read after free found by valgrind.
X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=7a15391c8dad7d4ff265b6b8f5aa6bcc50107c7a;p=oota-llvm.git

Fix read after free found by valgrind.

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@52309 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/CodeGen/VirtRegMap.cpp b/lib/CodeGen/VirtRegMap.cpp
index 1406748e317..220a8ec084a 100644
--- a/lib/CodeGen/VirtRegMap.cpp
+++ b/lib/CodeGen/VirtRegMap.cpp
@@ -1026,19 +1026,15 @@ bool LocalSpiller::CommuteToFoldReload(MachineBasicBlock &MBB,
            DefMI->getOperand(DefIdx).getReg() == SrcReg);
 
     // Now commute def instruction.
-    MachineInstr *CommutedMI = TII->commuteInstruction(DefMI);
+    MachineInstr *CommutedMI = TII->commuteInstruction(DefMI, true);
     if (!CommutedMI)
       return false;
     SmallVector<unsigned, 2> Ops;
     Ops.push_back(NewDstIdx);
     MachineInstr *FoldedMI = TII->foldMemoryOperand(MF, CommutedMI, Ops, SS);
-    if (!FoldedMI) {
-      if (CommutedMI == DefMI)
-        TII->commuteInstruction(CommutedMI);
-      else
-        MBB.erase(CommutedMI);
+    delete CommutedMI;  // Not needed since foldMemoryOperand returns new MI.
+    if (!FoldedMI)
       return false;
-    }
 
     VRM.addSpillSlotUse(SS, FoldedMI);
     VRM.virtFolded(VirtReg, FoldedMI, VirtRegMap::isRef);
@@ -1052,17 +1048,16 @@ bool LocalSpiller::CommuteToFoldReload(MachineBasicBlock &MBB,
     MII = MBB.insert(MII, FoldedMI);  // Update MII to backtrack.
 
     // Delete all 3 old instructions.
-    InvalidateKills(MI, RegKills, KillOps);
-    VRM.RemoveMachineInstrFromMaps(&MI);
-    MBB.erase(&MI);
-    if (CommutedMI != DefMI)
-      MBB.erase(CommutedMI);
-    InvalidateKills(*DefMI, RegKills, KillOps);
-    VRM.RemoveMachineInstrFromMaps(DefMI);
-    MBB.erase(DefMI);
     InvalidateKills(*ReloadMI, RegKills, KillOps);
     VRM.RemoveMachineInstrFromMaps(ReloadMI);
     MBB.erase(ReloadMI);
+    InvalidateKills(*DefMI, RegKills, KillOps);
+    VRM.RemoveMachineInstrFromMaps(DefMI);
+    MBB.erase(DefMI);
+    InvalidateKills(MI, RegKills, KillOps);
+    VRM.RemoveMachineInstrFromMaps(&MI);
+    MBB.erase(&MI);
+
     ++NumCommutes;
     return true;
   }