Specifically, if we had a value that was consumed in the same block that it was
produced in, we ignored use-after-frees in subsequent blocks. We did check for
use-after-frees in the same block though. The general case was handled
correctly, this was just an incorrect early exit.
On master, this only found one problem (namely the one fixed in:
14d39c0cf9). I do not expect this corner case to
have more impact after cherry-picking to 5.1.
rdar://49794321
Specifically:
bb0:
br bb1
bb1:
cond_br ..., bb2, bb3
bb2:
br bb1
bb3:
return
What would happen in this case is that we wouldn't revisit bb1 after we found
the double consume to grab the leak (and would early exit as well). So we would
not insert a destroy for the out of loop value causing a leak from the
perspective of the ownership checker. This was due to us early exiting and also
due to us not revisiting bb1 after we went around the backedge from bb2 ->
bb1. Now what we do instead is if we catch a double consume in a block we have
already visited, we check if we haven't visited any of that block's
successors. If we haven't, we add that to the list of successors we need to
visit.
I am starting to use the linear lifetime checker in an optimizer role where it
no longer asserts but instead tells the optimizer pass what is needed to cause
the lifetime to be linear. To do so I need to be able to return richer
information to the caller such as whether or not a leak, double consume, or
use-after-free occurs.
A common pattern when working in ossa is the introduction of a copy for lifetime
reasons at a dominating point in a program with a single use that may not
post-dominate the use. This API gives a "tight lifetime" bound by returning the
blocks where the value needs to be destroyed to prevent leaks.
NOTE: I was not 100% sure if consume errors should still assert. It seems like a
double consume error would be user error, so an assert is probably fine.
Now we properly enforce that all guaranteed phi arguments's lifetime is
completely enclosed by the lifetimes of the phi argument's inputs. This is
implemented by inserting an "implicit" regular use into the use stream of the
phi argument's inputs. This is nice since it ensures that when we are verifying
ownership of a specific argument, we will not walk through all
subarguments... instead we just need to verify that the end_borrow is completely
enclosed within the lifetime of the input guaranteed value.
I also fixed a case where we were bailing early out of the SIL Ownership
Verifier causing us to emit an incorrect error. This error would only occur if
we already diagnosed an error.
I also re-added all of the tests that I removed when I replaced
end_borrow_argument with end_borrow.
rdar://33440767
I am doing this for two reasons:
1. I am going to use this in function signature opts to prove that a guaranteed
parameter is "consumed".
2. It puts the ownership verifier on a diet.
rdar://38196046
