This is the lifetime ending variant of fix_lifetime. It is a lie to the
ownership verifier that a value is being consumed along a path. Its intention is
to be used to allow for the static verification of ownership in deallocating
deinits which for compatibility with objective-c have weird ownership behavior.
See the commit merged with this commit for more information.
Previously, we would put a destroy_value directly on the value that we tried to
cast. Since checked_cast_br is consuming, this would cause the destroy_value on
the failure path to be flagged as a double consume.
This commit causes SILGen to emit the value consumed by checked_cast_br as an
@owned argument to the failure BB, allowing semantic arc rules to be respected.
As an additional benefit, I also upgraded the ownership_model_eliminator test to
use semantic sil verification.
One issue that did come up though is that I was unable to use the new code in
all locations in the compiler. Specifically, there is one location in
SILGenPattern that uses argument unforwarding. I am going to need to undo
argument unforwarding in SILGenPattern in order to completely eliminate the old
code path.
Rememebering that the verifier ensures that any edge that propagates ownership
along a cond_br can not be critical, we do this by sinking the use by the
cond_br into the destination blocks.
rdar://29791263
There are a few different use cases here:
1. In Raw SIL, no return folding may not have been run yet implying that a call
to a no-return function /can/ have arbitrary control flow after it (consider
mandatory inlined functions). We need to recognize that the region of code that
is strictly post dominated by the no-return function is "transitively
unreachable" and thus leaking is ok from that point. *Footnote 1*.
2. In Canonical and Raw SIL, we must recognize that unreachables and no-return
functions constitute places where we are allowed to leak.
rdar://29791263
----
*Footnote 1*: The reason why this is done is since we want to emit unreachable
code diagnostics when we run no-return folding. By leaving in the relevant code,
we have preserved all of the SILLocations on that code allowing us to create
really nice diagnostics.
This allows for an unchecked_enum_data to be either a consumed instruction or a
borrowed instruction. The reason why this makes sense in contrast to other value
projection operations like struct_extract and tuple_extract is that an enum
payload is essentially a tuple. This means that we are extracting the entire
value when we perform a struct_extract. So forwarding is viable from a semantic
perspective since if we destroy the payload, there is nothing left to destroy.
This contrasts with struct_extract and tuple_extract where we may have other
parts of the struct/tuple to destroy.
rdar://29791263
This caused a crasher when running the ownership verifier. I don't have a test
case right now, since it happened several weeks ago.
The bug can not happen again since I eliminated the nullptr default argument.
rdar://29791263
I implemented the mapping from SILValue -> ValueOwnershipKind for builtins a
long time ago, but did not implement the stub for what ValueOwnershipKind's can
be accepted by builtins. It is a pretty simple mapping (most things are
trivial).
The only interesting cases are:
1. ErrorInMain, UnexpectedError, WillThrow: These take in an @owned error
parameter, but are just normal uses of the value, not lifetime ending uses.
2. UnsafeGuaranteed. This is a bonafide actual +1 lifetime ending use. It is the
only one in the builtins.
rdar://29791263
The logic here is that a function argument can be viewed as a PHI node in the
program graph (i.e. cfg for each function + call graph). Just like with normal
PHI nodes, we need to treat enums passed into these PHI nodes as true sum types,
but at the same time, do not want to constrain optimization when we know that
the payloaded type is trivial.
rdar://29791263
Storing this separately is unnecessary since we already
serialize the enum element's interface type. Also, this
eliminates one of the few remaining cases where we serialize
archetypes during AST serialization.
Separate formal lowered types from SIL types.
The SIL type of an argument will depend on the SIL module's conventions.
The module conventions are determined by the SIL stage and LangOpts.
Almost NFC, but specialized manglings are broken incidentally as a result of
fixes to the way passes handle book-keeping of aruments. The mangler is fixed in
the subsequent commit.
Otherwise, NFC is intended, but quite possible do to rewriting the logic in many
places.
Unowned is a +0 convention that requires the user to "copy" the relevant value
before any side effects occur in the callee. This means that it is safe to pass
owned/guaranteed/unowned to such functions.
rdar://29791263
This also avoids undefined behavior when we try to look up the
ParameterConvention of a type dependent operand. Since type dependent operands
do not have a convention, this causes us to hit an assertion.
rdar://29791263
In the case of switch_enum this is just trivial enums. In the case of
checked_cast_br and dynamic_method_br, the potential trivial arguments are
metatypes.
rdar://29791263
Without this enums with non-trivial cases are always treated as non-trivial even
if a just created enum is trivial. For example the following no payload enum
would be considered non-trivial.
%0 = enum $Optional<Builtin.NativeObject>, #Optional.none!enumelt
rdar://29791263
This is only enabled when semantic sil is enabled /and/ we are not parsing
unqualified SIL.
*NOTE* To properly write tests for this, I had to rework how we verified
Branch/CondBranch insts to be actually correct (instead of pseudo-correct). I
have to put this functionality together in order to write tests.
rdar://29791263
Previously, we would require an end_borrow for guaranteed subobject borrows.
This was not the end design and of course would have triggered asserts since
end_borrow only supports ending borrows of the same type (by design). This
commit finishes the design by:
1. Verifying that subobject borrows do not have an end_borrow. This is done by
asserting that subobject borrows do not have lifetime ending uses.
2. Treating uses of a subobject borrow as normal liveness uses of the base
borrowed object. This means that the verifier will assert if there are
any uses of borrowed subobjects after the base's end_value.
rdar://29791263
The method SILInstruction::verifyOperandOwnership() is used in SILBuilder to
ensure that as instructions are created, if there are any use failures, the
error is caught at the moment the instruction is created. This makes debugging
such failures trivial. *NOTE* This does not cause dataflow verification to
occur.
The problem is that when PrintMessageInsteadOfAssert is enabled, this causes
dataflow failures to have their error messages emitted twice, complicating
FileCheck testing of the verifier.
Thus, this commit disables SILInstruction::verifyOperandOwnership() when
PrintMessageInsteadOfAssert is enabled. PrintMessageInsteadOfAssert is renamed
to 'IsSILOwnershipVerifierTestingEnabled' in light of its expanded role.
rdar://29791263
