From 9ea770ddbb8e883d8c446d19fc15efd7346b23e6 Mon Sep 17 00:00:00 2001
From: "Duncan P. N. Exon Smith" <dexonsmith@apple.com>
Date: Tue, 18 Mar 2014 22:32:43 +0000
Subject: [PATCH] Fix use_iterator crash in ObjCArc from r203364

The use_iterator redesign in r203364 introduced an increment past the
end of a range in -objc-arc-contract.  Added an explicit check for the
end of the range.

<rdar://problem/16333235>

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@204195 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/Transforms/ObjCARC/ObjCARCContract.cpp    |  5 ++--
 .../ObjCARC/contract-end-of-use-list.ll       | 30 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 test/Transforms/ObjCARC/contract-end-of-use-list.ll

diff --git a/lib/Transforms/ObjCARC/ObjCARCContract.cpp b/lib/Transforms/ObjCARC/ObjCARCContract.cpp
index 1412181766c..3da5a0e6d24 100644
--- a/lib/Transforms/ObjCARC/ObjCARCContract.cpp
+++ b/lib/Transforms/ObjCARC/ObjCARCContract.cpp
@@ -475,8 +475,9 @@ bool ObjCARCContract::runOnFunction(Function &F) {
             for (unsigned i = 0, e = PHI->getNumIncomingValues(); i != e; ++i)
               if (PHI->getIncomingBlock(i) == BB) {
                 // Keep the UI iterator valid.
-                if (&PHI->getOperandUse(
-                        PHINode::getOperandNumForIncomingValue(i)) == &U)
+                if (UI != UE &&
+                    &PHI->getOperandUse(
+                        PHINode::getOperandNumForIncomingValue(i)) == &*UI)
                   ++UI;
                 PHI->setIncomingValue(i, Replacement);
               }
diff --git a/test/Transforms/ObjCARC/contract-end-of-use-list.ll b/test/Transforms/ObjCARC/contract-end-of-use-list.ll
new file mode 100644
index 00000000000..a38cd8a1da1
--- /dev/null
+++ b/test/Transforms/ObjCARC/contract-end-of-use-list.ll
@@ -0,0 +1,30 @@
+; RUN: opt -S < %s -objc-arc-expand -objc-arc-contract | FileCheck %s
+; Don't crash.  Reproducer for a use_iterator bug from r203364.
+; rdar://problem/16333235
+target datalayout = "e-m:o-i64:64-f80:128-n8:16:32:64-S128"
+target triple = "x86_64-apple-darwin13.2.0"
+
+%struct = type { i8*, i8* }
+
+; CHECK-LABEL: @foo() {
+define internal i8* @foo() {
+entry:
+  %call = call i8* @bar()
+; CHECK: %retained1 = call i8* @objc_retainAutoreleasedReturnValue(i8* %call)
+  %retained1 = call i8* @objc_retain(i8* %call)
+  %isnull = icmp eq i8* %retained1, null
+  br i1 %isnull, label %cleanup, label %if.end
+
+if.end:
+; CHECK: %retained2 = call i8* @objc_retain(i8* %retained1)
+  %retained2 = call i8* @objc_retain(i8* %retained1)
+  br label %cleanup
+
+cleanup:
+  %retval = phi i8* [ %retained2, %if.end ], [ null, %entry ]
+  ret i8* %retval
+}
+
+declare i8* @bar()
+
+declare extern_weak i8* @objc_retain(i8*)
-- 
2.34.1