This condition can occur in practice if, while doing the walk back to find the liveness
reason for a consume-without-reinitialization of an `inout` binding through conditional
control flow, we visit a block that reinitializes the binding before any branch that
leaves the binding uninitialized. Fixes rdar://123604613.
TLDR:
The reason why I am doing this is it ensures that temporary store_borrow that we
create when materializing a value before were treated as uses. So we would error
on this:
```swift
@MainActor func transferToMain<T>(_ t: T) async {}
func test() async {
let x = NonSendableKlass()
await transferToMain(x)
await transferToMain(x)
}
```
----
store_borrow is an instruction intended to be used to initialize temporary
alloc_stack with borrows. Since it is a temporary, we do not want to error on
the temporaries initialization... instead, we want to error on the use of the
temporary parameter.
This is achieved by making it so that store_borrow still performs an
assign/merge, but does not require that src/dest be alive. So the regions still
merge (yielding diagnostics for later uses).
It also required me to make it so that PartitionOp::{Assign,Merge} do not
require by default. Instead, we want the individual operations to always emit a
PartitionOp::Require explicitly (which they already did).
One thing to be aware of is that when it comes to diagnostics, we already know
how to find a temporaries original value and how to handle that. So this is the
last part of making store_borrow behave nicely.
rdar://129237675
If an instruction references the DynamicSelfType by calling a
static member with `Self.foo()`, we consider this a type-dependent
use of `self`. This means that at runtime we may need to load the
isa pointer, but we don't need to touch any other protected state
from the instance.
Therefore, we can skip type-dependent uses in the analysis to
avoid false positives in this case.
An existing test case already exercised the overly-conservative
behavior, so I just updated it to not expect an error.
Fixes rdar://129676769.
Cloning blocks might split CFG edges which can "convert" terminator result arguments to phi-arguments.
In this case a borrowed-from instruction must be inserted.
Fixes a SIL verifier crash caused by SimplifyCFG's jump threading.
rdar://129187525
This just means that I stopped treating it like an actor instance isolated
thing. This was fun to track down since ActorIsolation has a union in it that
was being misinterpreted, leading to memory corruption... my favorite! = ).
rdar://129256560
This reverts commit aa5dddb952.
Fixes `preset=buildbot,tools=RA,stdlib=DA` CI job, which without this revert fails on `AutoDiff/SILGen/nil_coalescing.swift` test.
Distributed actors can be treated as actors by accessing the `asLocalActor`
property. When lowering `#isolation` in a distributed actor initializer,
use a separate builtin `flowSensitiveDistributedSelfIsolation` to
capture the conformance to `DistributedActor`, and have Definite
Initialization introduce the call to the `asLocalActor` getter when
needed.
Actor initializers have a flow-sensitive property where they are isolated
to the actor being initialized only after the actor instance itself is
fully-initialized. However, this behavior was not being reflected in
the expansion of `#isolation`, which was always expanding to `self`,
even before `self` is fully formed.
This led to a source compatibility issue with code that used the async
for..in loop within an actor initializer *prior* to the point where the
actor was fully initialized, because the type checker is introducing
the `#isolation` (SE-0421) but Definite Initialization properly rejects
the use of `self` before it is initialized.
Address this issue by delaying the expansion of `#isolation` until
after the actor is fully initialized. In SILGen, we introduce a new
builtin for this case (and *just* this case) called
`flowSensitiveSelfIsolation`, which takes in `self` as its argument
and produces an `(any Actor)?`. Definite initialization does not treat
this as a use of `self`. Rather, it tracks these builtins and
replaces them either with `self` (if it is fully-initialized at this
point) or `nil` (if it is not fully-initialized at this point),
mirroring the flow-sensitive isolation semantics described in SE-0327.
Fixes rdar://127080037.
Now that the two known issues which resulted in invalid SIL being
provided to lifetime completion have been addressed, tighten up the
completion done on the availability boundary not to allow leaks.
Although I don't plan to bring over new assertions wholesale
into the current qualification branch, it's entirely possible
that various minor changes in main will use the new assertions;
having this basic support in the release branch will simplify that.
(This is why I'm adding the includes as a separate pass from
rewriting the individual assertions)
It indicates that the value's lifetime continues to at least this point.
The boundary formed by all consuming uses together with these
instructions will encompass all uses of the value.
The handling of multi-basic-block control flow in `defer` blocks looks like it
was left incomplete and completely untested; I fixed a few obvious problems but
it still completely lacks any analysis of conditional reinitializations. For now,
change it to treat attempted reinitializations as uses-after-consumes so we raise
reliable errors now instead of emitting code that causes memory corruption at
runtime. Fixes rdar://129303198.
The checker already verifies that no non-destroy consuming users occur
after any `move_value`s corresponding to `consume` operators applied to
a value. There may, however, be _destroy_ users after it.
Previously, the checker did not shorten the lifetime from those destroys
up to `move_value`s that appear after those `move_value`s. The result
was that the value's lifetime didn't end at the `consume`.
Here, the checker is fixed to rewrite the lifetimes so that they both
end at `consume`s and also maintain their lexical lifetimes on paths
away from the `consume`s. This is done by using
`OwnedValueCanonicalization`/`CanonicalizeOSSALifetime`.
Specifically, it passes the `move_value`s that correspond to
source-level `consume`s as the `lexicalLifetimeEnds` to the
canonicalizer. Typically, the canonicalizer retracts the lexical
lifetime of the value from its destroys. When these `move_value`s are
specified, however, instead it retracts them from the lifetime boundary
obtained by maximizing the lifetime within its original lifetime while
maintaining the property that the lifetime ends at those `move_value`s.
rdar://113142446
Enhance the utility with the ability to end lifetimes of lexical values
at indicated instructions, overriding the usual behavior of maintaining
such lifetimes' previous endpoints (modulo non-deinit-barrier
instructions).
