CodeGen: Clear the MFI's save and restore point after PrologEpilogInserter

This state is no longer useful and not guaranteed to be valid in later
codegen passes. For example, see the added test, which would print a
savepoint of %bb.-1 without this change, and crashes with a
use-after-free error under ASan if you apply the recycling allocator
patch from llvm.org/PR26808.

llvm-svn: 266150

lib/CodeGen/PrologEpilogInserter.cpp

@@ -238,6 +238,8 @@ bool PEI::runOnMachineFunction(MachineFunction &Fn) {
   delete RS;
   SaveBlocks.clear();
   RestoreBlocks.clear();
+  MFI->setSavePoint(nullptr);
+  MFI->setRestorePoint(nullptr);
   return true;
 }
 

test/CodeGen/ARM/invalidated-save-point.ll

@@ -0,0 +1,27 @@
+; RUN: llc -mtriple thumbv7 -stop-after=if-converter < %s 2>&1 | FileCheck %s
+
+; Make sure the save point and restore point are dropped from MFI at
+; this point. Notably, if it isn't is will be invalid and reference a
+; deleted block (%bb.-1.if.end)
+
+; CHECK-NOT: savePoint:
+; CHECK-NOT: restorePoint:
+
+target datalayout = "e-m:e-p:32:32-i64:64-v128:64:128-a:0:32-n32-S64"
+target triple = "thumbv7"
+
+define i32 @f(i32 %n) {
+entry:
+  %cmp = icmp ult i32 %n, 4
+  br i1 %cmp, label %return, label %if.end
+
+if.end:
+  tail call void @g(i32 %n)
+  br label %return
+
+return:
+  %retval.0 = phi i32 [ 0, %if.end ], [ -1, %entry ]
+  ret i32 %retval.0
+}
+
+declare void @g(i32)

test/CodeGen/MIR/ARM/ARMLoadStoreDBG.mir

@@ -117,8 +117,6 @@ frameInfo:
   hasOpaqueSPAdjustment: false
   hasVAStart:      false
   hasMustTailInVarArgFunc: false
-  savePoint:       '%bb.2.if.end'
-  restorePoint:    '%bb.2.if.end'
 stack:           
   - { id: 0, type: spill-slot, offset: -4, size: 4, alignment: 4, callee-saved-register: '%lr' }
   - { id: 1, type: spill-slot, offset: -8, size: 4, alignment: 4, callee-saved-register: '%r7' }