From 02096a06a05f631fb1c0517ebf2360de57949b0d Mon Sep 17 00:00:00 2001
From: Keno Fischer <keno@juliacomputing.com>
Date: Fri, 23 Nov 2018 09:39:30 -0500
Subject: [PATCH] [AllocOpt] Track deleted instructions

It was possible for the instruction contained in first_safepoint to
be delted, causing use-after-free problems later. Use a WeakVH
rather than a raw Instruction* to null-out the entry when the
Instruction gets deleted. In the future we may want to pay closer
attention to live ranges to avoid this problem entirely.

Fixes #30116

(cherry picked from commit 437d87cfbee3cc976613ab9acc5d96c5166e1072)
---
 src/llvm-alloc-opt.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/llvm-alloc-opt.cpp b/src/llvm-alloc-opt.cpp
index f1f682afd1244..2bb4af53b85a1 100644
--- a/src/llvm-alloc-opt.cpp
+++ b/src/llvm-alloc-opt.cpp
@@ -329,7 +329,7 @@ struct Optimizer {
     CheckInst::Stack check_stack;
     Lifetime::Stack lifetime_stack;
     ReplaceUses::Stack replace_stack;
-    std::map<BasicBlock*,Instruction*> first_safepoint;
+    std::map<BasicBlock*, llvm::WeakVH> first_safepoint;
 };
 
 void Optimizer::pushInstruction(Instruction *I)
@@ -423,8 +423,11 @@ bool Optimizer::isSafepoint(Instruction *inst)
 Instruction *Optimizer::getFirstSafepoint(BasicBlock *bb)
 {
     auto it = first_safepoint.find(bb);
-    if (it != first_safepoint.end())
-        return it->second;
+    if (it != first_safepoint.end()) {
+        Value *Val = it->second;
+        if (Val)
+            return cast<Instruction>(Val);
+    }
     Instruction *first = nullptr;
     for (auto &I: *bb) {
         if (isSafepoint(&I)) {