This fixes use-after-free miscompilation bugs that can occur when a
lifetime-optimized standard library type, like Dictionary or String is
converted to an UnsafePointer using implicit inout-to-pointer
conversion:
func ptrToDictionary(_: UnsafePointer<Dictionary<K, V>>) {}
func testDictionary() {
var d: Dictionary = ...
ptrToDictionary(&d)
}
func ptrToString(_: UnsafePointer<String>) {}
func testString() {
var s: String = ...
ptrToString(&s)
}
Address to pointer conversion must always be guarded by either a
mark_dependence or a fix_lifetime. Use fix_lifetime for call emission
in SILGen to limit the optimization impact to the narrow scope of the
pointer conversion.
This could negatively impact performance simply because SIL does not
provide a way to scope pointer conversion. fix_lifetime is
unnecessarilly conservative and prevents the elimination of dead
allocations.
rdar://117807309 (Fix SILGen to emit fix_lifetime for
inout-to-pointer conversion)
Previously, inverses were only accounted-for in inheritance clauses.
This batch of changes handles inverses appearing in other places, like:
- Protocol compositions
- `some ~Copyable`
- where clauses
with proper attribution of default requirements in their absence.
Asserting that a conformance is "complete" before emitting its witness table
during SILGen is unnecessary since the typechecking request architecture
already handles checking a conformance lazily as needed.
Resolves rdar://117439077
Functions that are nested within other functions are not exportable to clients
since they cannot be called directly by clients. However, they need still to be
emitted during SILGen when -experimental-skip-non-exportable-decls is specified
so walk the decl context hierarchy when determining whether to skip emitting a
function.
Resolves rdar://117440503
Conflicts:
- `lib/AST/TypeCheckRequests.cpp` renamed `isMoveOnly` which requires
a static_cast on rebranch because `Optional` is now a `std::optional`.
The code here was materializing the value in this case, but then re-loading it, which is unnecessary
since call emission will materialize the value to match the callee's calling convention already.
It does look like a copy into formal evaluation scope is necessary to get the correct lifetimes
in some circumstances. The move-only checker doesn't like any additional copies at all because
it thinks they're consumes, so only borrow in the case where the value is move-only.
I've renamed the method to `TypeDecl::isNoncopyable`, because the query
doesn't make sense for many other kinds of `ValueDecl`'s beyond the
`TypeDecl`'s. In fact, it looks like no one was relying on that anyway.
Thus, we now have a distinction where in Sema, you ask whether
a `Type` or `TypeDecl` is "Noncopyable". But within SIL, we still
preserve the notion of "move-only" since there is additionally the
move-only type wrapper for types that otherwise support copying.
When comparing a requirement that uses typed throws and uses an
associated type for the thrown error type against a potential witness,
infer the associated type from the thrown error of the
witness---whether explicitly specified, untyped throws (`any Error`),
or non-throwing (`Never`).
The type that is caught by the `catch` clauses in a `do..catch` block is
determined by the union of the thrown error types in the `do`
statement. Compute this type and use it for the catch clauses. This
does several things at once:
* Makes the type of the implicit `error` be a more-specific concrete
type when all throwing sites throw that same type
* When there's a concrete type for the error, one can use patterns
like `.cancelled`
* Check that this error type can be rethrown in the current context
* Verify that SIL generation involving do..catch with typed errors
doesn't require any existentials.
properties to require actor isolation.
Member initializer expressions are only used in a constructor with
matching actor isolation. If the isolation prohibits the member
initializer from being evaluated synchronously (or propagating required
isolation through closure bodies), then the default value cannot be used
and the member must be explicitly initialized in the constructor.
Member initializer expressions are also used as default arguments for the
memberwise initializer, and the same rules for default argument isolation
apply.
This looks like it was never properly implemented, since when we generate the
memberwise initializer for the struct in SILGen, it incorrectly tries to apply
the entire initializer expression to each variable binding in the pattern,
rather than destructuring the result and pattern-matching it to the variables.
Since it never worked it doesn't look like anyone is using this, so let's
put up an error saying it's unsupported until we can implement it properly.
Add `StructLetDestructuring` as an experimental feature flag so that tests around
the feature for things like module interface printing can still work.
