Fix unchecked_bitwise_cast to "escape" its operand's ownership

This makes it impossible for OSSA utilities to reason about the
lifetime of the value being cast. This fixes bugs in which SILGen
generates bitwise casts without protecting that lifetime.

Fixes rdar://100527903 (Overrelease of optional closure when using
shorthand syntax)

The previous OSSA strategy was to gradually eliminate all "pointer
escape" SIL patterns. That would define away a class of bugs in the
OSSA utilities themselves. This was not friendly to developers working
on SILGen, and we still don't have verification that can catch these
bugs.

The new strategy is to make all OSSA utilities aware of pointer
escapes. This acknowledges reality that SIL is imperfect. Instead,
optimizer support for transforming SIL always needs to recognize
potentially dangerous patterns.

The downside of this new strategy is that it hides performance
problems because SIL optimizations can give up whenever they happen to
see a "pointer escape". We need to keep working on this problem
without being motivated by miscompiling code.

Author: atrick

lib/SIL/IR/OperandOwnership.cpp

@@ -238,9 +238,31 @@ OPERAND_OWNERSHIP(PointerEscape, ProjectExistentialBox)
 OPERAND_OWNERSHIP(PointerEscape, UncheckedOwnershipConversion)
 OPERAND_OWNERSHIP(PointerEscape, ConvertEscapeToNoEscape)
 
+// UncheckedBitwiseCast ownership behaves like RefToUnowned. It produces an
+// Unowned values from a non-trivial value, without consuming or borrowing the
+// non-trivial value. Unlike RefToUnowned, a bitwise cast works on a compound
+// value and may truncate the value. The resulting value is still Unowned and
+// should be immediately copied to produce an owned value. These happen for two
+// reasons:
+//
+// (1) A Builtin.reinterpretCast is used on a nontrivial type. If the result is
+// non-trivial, then, as part of emitting the cast, SILGen emits a copy_value
+// immediately after the unchecked_bitwise_cast for all uses of the cast.
+//
+// (2) SILGen emits special conversions using SILGenBuilder's
+// createUncheckedBitCast utility. For non-trivial types, this emits an
+// unchecked_bitwise_cast immediately followed by a copy.
+//
+// The only thing protecting the lifetime of the Unowned value is the cast
+// operand's PointerEscape ownership, which prevents OSSA analysis and blocks
+// most optimization of the incoming value.
+//
+// TODO: Verify that Unowned values are only used by copies and that the cast
+// operand's lifetime exceeds the copies.
+OPERAND_OWNERSHIP(PointerEscape, UncheckedBitwiseCast)
+
 // Instructions that escape reference bits with unenforced lifetime.
 // TODO: verify that BitwiseEscape results always have a trivial type.
-OPERAND_OWNERSHIP(BitwiseEscape, UncheckedBitwiseCast)
 OPERAND_OWNERSHIP(BitwiseEscape, ValueToBridgeObject)
 OPERAND_OWNERSHIP(BitwiseEscape, RefToRawPointer)
 OPERAND_OWNERSHIP(BitwiseEscape, UncheckedTrivialBitCast)