From 300ca7bf73dfd04ab88836f32eb6d1c81804d424 Mon Sep 17 00:00:00 2001
From: Mike Urbach <mikeurbach@gmail.com>
Date: Tue, 11 Oct 2022 11:59:39 -0600
Subject: [PATCH] [SV] Fix heap-use-after-free in recent SVExtractTestCode
 change.

We iterate over the instances of a module in the instance graph, and
during that iteration, erase some of the uses. This causes a
heap-use-after-free that ASAN detects. A simple fix is to use
llvm::make_early_inc_range, which allows us to safely iterate over a
range while we erase things from the range.

Fixes https://github.com/llvm/circt/issues/4081.
---
 lib/Dialect/SV/Transforms/SVExtractTestCode.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/Dialect/SV/Transforms/SVExtractTestCode.cpp b/lib/Dialect/SV/Transforms/SVExtractTestCode.cpp
index 2f7fe7a052bc..d7f092fba45a 100644
--- a/lib/Dialect/SV/Transforms/SVExtractTestCode.cpp
+++ b/lib/Dialect/SV/Transforms/SVExtractTestCode.cpp
@@ -380,7 +380,7 @@ static void inlineInputOnly(hw::HWModuleOp oldMod,
   hw::InstanceGraphNode *node = instanceGraph.lookup(oldMod);
   OpBuilder b(oldMod);
   bool allInlined = true;
-  for (hw::InstanceRecord *use : node->uses()) {
+  for (hw::InstanceRecord *use : llvm::make_early_inc_range(node->uses())) {
     // If there is no instance, move on.
     hw::HWInstanceLike instLike = use->getInstance();
     if (!instLike) {