For yielded, nontrivial addresses, verify based on convention:
- guaranteed -> must be initialized at end_apply/abort_apply
- owned -> must be deinitialized at end_apply/abort_apply
- inout -> must be initialized at end_apply/abort_apply
`getValue` -> `value`
`getValueOr` -> `value_or`
`hasValue` -> `has_value`
`map` -> `transform`
The old API will be deprecated in the rebranch.
To avoid merge conflicts, use the new API already in the main branch.
rdar://102362022
Previously, logging of the actually problematic instruction was guarded
by LLVM_DEBUG. Meanwhile the verifier's require method prints an
instruction (usually one different from that at which the non-contiguous
scope was encountered).
Here, instead, the problematic instruction and the instruction which
defined the previous scope are printed to llvm::errs always (i.e.
whenever verification is actually run).
Additionally, debug-info logging is forcibly set on upon failure so that
the logs clearly show both what the previous scope was, what the current
scope is, and what instructions defined them.
We can't verify that store borrows aren't nested until we can reliably
compute liveness.
This can be fixed in two ways, both of which we plan to do ASAP:
(1) With complete lifetimes, this no longer needs to perform transitive
liveness at all.
(2) findInnerTransitiveGuaranteedUses, which ends up being called on the
load_borrow to compute liveness, can be taught to transitively process
InteriorPointer uses instead of returning PointerEscape. We need to make
sure all uses of the utility need to handle this first.
Return the AddressUseKind.
Fixes a bug in extendStoreBorrow where it was looking at an
uninitialized liveness result whenever a pointer escape was present.
First restore the basic PrunedLiveness abstraction to its original
intention. Move code outside of the basic abstraction that polutes the
abstraction and is fundamentally wrong from the perspective of the
liveness abstraction.
Most clients need to reason about live ranges, including the def
points, not just liveness based on use points. Add a PrunedLiveRange
layer of types that understand where the live range is
defined. Knowing where the live range is defined (the kill set) helps
reliably check that arbitrary points are within the boundary. This
way, the client doesn't need to be manage this on its own. We can also
support holes in the live range for non-SSA liveness. This makes it
safe and correct for the way liveness is now being used. This layer
safety handles:
- multiple defs
- instructions that are both uses and defs
- dead values
- unreachable code
- self-loops
So it's no longer the client's responsibility to check these things!
Add SSAPrunedLiveness and MultiDefPrunedLiveness to safely handle each
situation.
Split code that I can't figure out into
DiagnosticPrunedLiveness. Hopefully it will be deleted soon.
By using the keyword instead of the function, we actually get a much simpler
implementation since we avoid all of the machinery of SILGenApply. Given that we
are going down that path, I am removing the old builtin implementation since it
is dead code.
The reason why I am removing this now is that in a subsequent commit, I want to
move all of the ownership checking passes to run /before/ mandatory inlining. I
originally placed the passes after mandatory inlining since the function version
of the move keyword was transparent and needing to be inlined before we could
process it. Since we use the keyword now, that is no longer an issue.
Add ScopedAddressOperand and ScopedAddressValue abstraction utilities
Introduce verification for store_borrow to validate its uses are correctly enclosed in their scope.
Include end_borrow/end_access as implicit uses while validating a borrow introducer
Add flow sensitive verifier rule for store_borrow/end_borrow pair
Make sure store_borrow is always to an alloc_stack
Make sure uses to store borrow location are via its return address only
Require that lexical borrows of values which are instances of some
SILBoxType guard the lifetime of vars or closure captures; that's to
say, of AllocBoxInsts and SILFunctionArguments.
Look through a few instructions types to find those:
- copy_value - inserted by SILGen
- begin_borrow - inserted during inlining
- mark_uninitialized - inserted by SILGen
This is already an invariant for copy_value and now that I am implementing move
semantics for addresses, it makes sense to ban those in a similar
way. Specifically, we are enforcing the invariant that move only types are
allowed to be copied in Raw SIL, but not in later parts of SIL. For those who
are unaware, we then run checkers later to validate that we preserve ownership
semantics.
We had two notions of canonical types, one is the structural property
where it doesn't contain sugared types, the other one where it does
not contain reducible type parameters with respect to a generic
signature.
Rename the second one to a 'reduced type'.
Andy some time ago already created the new API but didn't go through and update
the old occurences. I did that in this PR and then deprecated the old API. The
tree is clean, so I could just remove it, but I decided to be nicer to
downstream people by deprecating it first.
I also created a SILType::isMoveOnly() helper that returns true if a type is
a move only wrapped type or a first class move only type. The verifier check
that move only types aren't copied in canonical SIL was rewired to use that as well.
Specifically this means that rather than always being owned, we now have owned
and guaranteed versions of copyable_to_moveonlywrapper. Similar to
moveonlywrapper_to_copyable, one chooses which variant one gets by using
specific SILBuilder APIs:
create{Owned,Guaranteed}CopyableToMoveOnlyWrapperValueInst. It is still
forwarding and the rest of the forwarding APIs work as expected except that the
forwarding ownership is fixed (and an assertion will result if one attempts to
do so).
NOTE: It is assumed that trivial operands are always passed to the owned
variant.
The type checker is now permitting `@Sendable` closures whose captures
can be by-reference, because we do not error. Remove an aspirational
SIL verifier check that banned this.
