MemoryLifetimeVerifier: Treat only destructive enum_data_addr insns as writes.

jckarter · jckarter · commit 2722f1adcd33 · 2024-03-11T09:49:57.000-07:00
It is ok to project the data from an enum in cases where we know spare bit
packing can never happen. Fixes rdar://124240723.
diff --git a/docs/SIL.rst b/docs/SIL.rst
@@ -7031,18 +7031,25 @@ unchecked_take_enum_data_addr
   // #U.DataCase must be a case of enum $U with data
   // %1 will be of address type $*T for the data type of case U.DataCase
 
-Invalidates an enum value, and takes the address of the payload for the given
-enum ``case`` in-place in memory. The referenced enum value is no longer valid,
-but the payload value referenced by the result address is valid and must be
-destroyed. It is undefined behavior if the referenced enum does not contain a
-value of the given ``case``. The result shares memory with the original enum
-value; the enum memory cannot be reinitialized as an enum until the payload has
-also been invalidated.
-
-(1.0 only)
-
-For the first payloaded case of an enum, ``unchecked_take_enum_data_addr``
-is guaranteed to have no side effects; the enum value will not be invalidated.
+Takes the address of the payload for the given enum ``case`` in-place in
+memory. It is undefined behavior if the referenced enum does not contain a
+value of the given ``case``. 
+
+The result shares memory with the original enum value.  If an enum declaration
+is unconditionally loadable (meaning it's loadable regardless of any generic
+parameters), and it has more than one case with an associated value, then it
+may embed the enum tag within the payload area. If this is the case, then
+`unchecked_take_enum_data_addr` will clear the tag from the payload,
+invalidating the referenced enum value, but leaving the
+payload value referenced by the result address valid. In these cases,
+the enum memory cannot be reinitialized as an enum until the payload has also
+been invalidated.
+
+If an enum has no more than one payload case, or if the declaration is ever
+address-only, then `unchecked_take_enum_data_addr` is guaranteed to be
+nondestructive, and the payload address can be accessed without invalidating
+the enum in these cases. The payload can be invalidated to invalidate the
+enum (assuming the enum does not have a `deinit` at the type level).
 
 select_enum
 ```````````
diff --git a/lib/SIL/Verifier/MemoryLifetimeVerifier.cpp b/lib/SIL/Verifier/MemoryLifetimeVerifier.cpp
@@ -757,11 +757,16 @@ void MemoryLifetimeVerifier::checkBlock(SILBasicBlock *block, Bits &bits) {
         // Note that despite the name, unchecked_take_enum_data_addr does _not_
         // "take" the payload of the Swift.Optional enum. This is a terrible
         // hack in SIL.
-        SILValue enumAddr = cast<UncheckedTakeEnumDataAddrInst>(&I)->getOperand();
-        int enumIdx = locations.getLocationIdx(enumAddr);
-        if (enumIdx >= 0)
-          requireBitsSet(bits, enumAddr, &I);
-        requireNoStoreBorrowLocation(enumAddr, &I);
+        auto enumInst = cast<UncheckedTakeEnumDataAddrInst>(&I);
+        // For some enums, projecting the enum data requires masking out
+        // embedded tag bits, which invalidates the value as an enum.
+        if (enumInst->isDestructive()) {
+          SILValue enumAddr = enumInst->getOperand();
+          int enumIdx = locations.getLocationIdx(enumAddr);
+          if (enumIdx >= 0)
+            requireBitsSet(bits, enumAddr, &I);
+          requireNoStoreBorrowLocation(enumAddr, &I);
+        }
         break;
       }
       case SILInstructionKind::DestroyAddrInst: {
diff --git a/test/Interpreter/moveonly_linkedlist_2_simple.swift b/test/Interpreter/moveonly_linkedlist_2_simple.swift
@@ -8,6 +8,7 @@
 // RUN: %FileCheck %s --check-prefix=CHECK-IR
 // RUN: %target-run-simple-swift(-parse-as-library -enable-builtin-module -enable-experimental-feature NoncopyableGenerics -enable-experimental-feature BorrowingSwitch -Xfrontend -sil-verify-all) | %FileCheck %s
 // RUN: %target-run-simple-swift(-O -parse-as-library -enable-builtin-module -enable-experimental-feature NoncopyableGenerics -enable-experimental-feature BorrowingSwitch -Xfrontend -sil-verify-all) | %FileCheck %s
+// RUN: %target-run-simple-swift(-O -parse-as-library -enable-builtin-module -enable-experimental-feature NoncopyableGenerics -enable-experimental-feature BorrowingSwitch -Xfrontend -sil-verify-all -Xfrontend -enable-ossa-modules) | %FileCheck %s
 
 // REQUIRES: executable_test
 
diff --git a/test/SIL/memory_lifetime_failures.sil b/test/SIL/memory_lifetime_failures.sil
@@ -362,7 +362,6 @@ bb0(%0 :  @guaranteed $Optional<T>):
   return %res : $()
 }
 
-// CHECK: SIL memory lifetime failure in @test_store_borrow_take_enum: store-borrow location cannot be written
 sil [ossa] @test_store_borrow_take_enum : $@convention(thin) (@guaranteed Optional<T>) -> () {
 bb0(%0 :  @guaranteed $Optional<T>):
   %s = alloc_stack $Optional<T>

Original file line number	Diff line number	Diff line change
`@@ -362,7 +362,6 @@ bb0(%0 : @guaranteed $Optional<T>):`
`362`	`362`	`return %res : $()`
`363`	`363`	`}`
`364`	`364`
`365`		`-// CHECK: SIL memory lifetime failure in @test_store_borrow_take_enum: store-borrow location cannot be written`
`366`	`365`	`sil [ossa] @test_store_borrow_take_enum : $@convention(thin) (@guaranteed Optional<T>) -> () {`
`367`	`366`	`bb0(%0 : @guaranteed $Optional<T>):`
`368`	`367`	`%s = alloc_stack $Optional<T>`