Fix verifier bug in unreachable code.

We want to disable dominance checks in unreachable code. The is_reachable() check for EBB parameter values was checking if the defining EBB was reachable, not the EBB using the value. This bug showed up in fuzzing and in #213.
2018-01-09 10:45:47 -08:00
parent af89006b09
commit 5e094034d4
2 changed files with 26 additions and 4 deletions
--- a/lib/cretonne/src/verifier/mod.rs
+++ b/lib/cretonne/src/verifier/mod.rs
@@ -443,6 +443,8 @@ impl<'a> Verifier<'a> {
        if !dfg.value_is_valid(v) {
            return err!(loc_inst, "invalid value reference {}", v);
        }
+        let loc_ebb = self.func.layout.pp_ebb(loc_inst);
+        let is_reachable = self.expected_domtree.is_reachable(loc_ebb);

        // SSA form
        match dfg.value_def(v) {
@@ -466,9 +468,7 @@ impl<'a> Verifier<'a> {
                    );
                }
                // Defining instruction dominates the instruction that uses the value.
-                if self.expected_domtree.is_reachable(
-                    self.func.layout.pp_ebb(loc_inst),
-                ) &&
+                if is_reachable &&
                    !self.expected_domtree.dominates(
                        def_inst,
                        loc_inst,
@@ -493,7 +493,7 @@ impl<'a> Verifier<'a> {
                    );
                }
                // The defining EBB dominates the instruction using this value.
-                if self.expected_domtree.is_reachable(ebb) &&
+                if is_reachable &&
                    !self.expected_domtree.dominates(
                        ebb,
                        loc_inst,