Fix a memory leak caused by the ReleaseDevirtualizer.

This occured if a stack-promoted object with a devirtualized final release is not actually allocated on the stack.
Now the ReleaseDevirtualizer models the procedure of a final release more accurately.
It inserts a set_deallocating instruction and calles the deallocator (instead of just the deinit).

This changes also includes two peephole optimizations in IRGen and LLVMStackPromotion which get rid of
unused runtime calls in case the stack promoted object is really allocated on the stack.

This fixes rdar://problem/25068118

Author: eeckstein

lib/IRGen/IRGenSIL.cpp

@@ -3614,15 +3614,27 @@ void IRGenSILFunction::visitDeallocRefInst(swift::DeallocRefInst *i) {
   // Lower the operand.
   Explosion self = getLoweredExplosion(i->getOperand());
   auto selfValue = self.claimNext();
+  auto *ARI = dyn_cast<AllocRefInst>(i->getOperand());
   if (!i->canAllocOnStack()) {
+    if (ARI && StackAllocs.count(ARI)) {
+      // We can ignore dealloc_refs (without [stack]) for stack allocated
+      // objects.
+      //
+      //   %0 = alloc_ref [stack]
+      //     ...
+      //   dealloc_ref %0     // not needed (stems from the inlined deallocator)
+      //     ...
+      //   dealloc_ref [stack] %0
+      return;
+    }
+
     auto classType = i->getOperand()->getType();
     emitClassDeallocation(*this, classType, selfValue);
     return;
   }
   // It's a dealloc_ref [stack]. Even if the alloc_ref did not allocate the
   // object on the stack, we don't have to deallocate it, because it is
   // deallocated in the final release.
-  auto *ARI = cast<AllocRefInst>(i->getOperand());
   assert(ARI->canAllocOnStack());
   if (StackAllocs.count(ARI)) {
     if (IGM.Opts.EmitStackPromotionChecks) {

lib/LLVMPasses/LLVMStackPromotion.cpp

@@ -84,6 +84,74 @@ int canPromote(CallInst *CI, unsigned &align, int maxSize) {
   return size;
 }
 
+/// Remove redundant runtime calls for stack allocated buffers.
+/// If a buffer is allocated on the stack it's not needed to explicitly set
+/// the RC_DEALLOCATING_FLAG flag (except there is code which may depend on it).
+/// Also the a call to swift_deallocClassInstance (which stems from an inlined
+/// deallocator) is not needed.
+///
+///   %0 = alloca
+///     ...
+///   call @swift_setDeallocating(%0) // not needed
+///     // code which does not depend on the RC_DEALLOCATING_FLAG flag.
+///   call @swift_deallocClassInstance(%0) // not needed
+///   call @llvm.lifetime.end(%0)
+///
+static void removeRedundantRTCalls(CallInst *DeallocCall) {
+  BasicBlock::iterator Iter(DeallocCall);
+  BasicBlock::iterator Begin = DeallocCall->getParent()->begin();
+  Value *Buffer = DeallocCall->getArgOperand(0);
+  CallInst *RedundantDealloc = nullptr;
+  CallInst *RedundantSetFlag = nullptr;
+  SmallVector<Instruction *, 2> ToDelete;
+  while (Iter != Begin) {
+    --Iter;
+    Instruction *I = &*Iter;
+    if (auto *CI = dyn_cast<CallInst>(I)) {
+
+      // Check if we have a runtime function with the buffer as argument.
+      if (CI->getNumArgOperands() < 1)
+        break;
+      if (CI->getArgOperand(0)->stripPointerCasts() != Buffer)
+        break;
+      auto *Callee = dyn_cast<Constant>(CI->getCalledValue());
+      if (!Callee)
+        break;
+
+      // The callee function my be a bitcast constant expression.
+      if (auto *U = dyn_cast<ConstantExpr>(Callee)) {
+        if (U->getOpcode() == Instruction::BitCast)
+          Callee = U->getOperand(0);
+      }
+      auto *RTFunc = dyn_cast<Function>(Callee);
+      if (!RTFunc)
+        break;
+
+      if (RTFunc->getName() == "swift_setDeallocating") {
+        assert(RedundantDealloc && "dealloc call must follow setDeallocating");
+        assert(!RedundantSetFlag && "multiple setDeallocating calls");
+        RedundantSetFlag = CI;
+        continue;
+      }
+      if (RTFunc->getName() == "swift_deallocClassInstance") {
+        assert(!RedundantSetFlag && "dealloc call must follow setDeallocating");
+        assert(!RedundantDealloc && "multiple deallocClassInstance calls");
+        RedundantDealloc = CI;
+        continue;
+      }
+      break;
+    }
+    // Bail if we have an instruction which may read the RC_DEALLOCATING_FLAG
+    // flag.
+    if (I->mayReadFromMemory())
+      break;
+  }
+  if (RedundantDealloc)
+    RedundantDealloc->eraseFromParent();
+  if (RedundantSetFlag)
+    RedundantSetFlag->eraseFromParent();
+}
+
 bool SwiftStackPromotion::runOnFunction(Function &F) {
 
   bool Changed = false;
@@ -179,6 +247,9 @@ bool SwiftStackPromotion::runOnFunction(Function &F) {
     CallInst *Alloc = dyn_cast<CallInst>(CI->getArgOperand(0));
     assert(Alloc && "alloc buffer obfuscated");
     if (PromotedAllocs.count(Alloc)) {
+
+      removeRedundantRTCalls(CI);
+
       IRBuilder<> B(CI);
       // This has two purposes:
       // 1. Tell LLVM the lifetime of the allocated stack memory.

lib/SILOptimizer/Transforms/ReleaseDevirtualizer.cpp

@@ -32,7 +32,8 @@ namespace {
 /// with
 ///    %x = alloc_ref [stack] $X
 ///      ...
-///    %d = function_ref @deinit_of_X
+///    set_deallocating %x
+///    %d = function_ref @dealloc_of_X
 ///    %a = apply %d(%x)
 ///    dealloc_ref [stack] %x
 ///
@@ -61,9 +62,9 @@ class ReleaseDevirtualizer : public SILFunctionTransform {
                                    ApplyInst *DeallocCall);
 
   /// Replace the release-instruction \p ReleaseInst with an explicit call to
-  /// the destructor of \p AllocType for \p object.
-  bool createDeinitCall(SILType AllocType, SILInstruction *ReleaseInst,
-                        SILValue object);
+  /// the deallocating destructor of \p AllocType for \p object.
+  bool createDeallocCall(SILType AllocType, SILInstruction *ReleaseInst,
+                         SILValue object);
 
   StringRef getName() override { return "Release Devirtualizer"; }
 
@@ -135,7 +136,7 @@ devirtualizeReleaseOfObject(SILInstruction *ReleaseInst,
     return false;
 
   SILType AllocType = ARI->getType();
-  return createDeinitCall(AllocType, ReleaseInst, ARI);
+  return createDeallocCall(AllocType, ReleaseInst, ARI);
 }
 
 bool ReleaseDevirtualizer::
@@ -180,46 +181,50 @@ devirtualizeReleaseOfBuffer(SILInstruction *ReleaseInst,
     return false;
 
   SILType SILClType = SILType::getPrimitiveObjectType(CanType(ClType));
-  return createDeinitCall(SILClType, ReleaseInst, AllocAI);
+  return createDeallocCall(SILClType, ReleaseInst, AllocAI);
 }
 
-bool ReleaseDevirtualizer::createDeinitCall(SILType AllocType,
+bool ReleaseDevirtualizer::createDeallocCall(SILType AllocType,
                                             SILInstruction *ReleaseInst,
                                             SILValue object) {
-  DEBUG(llvm::dbgs() << "  create deinit call\n");
+  DEBUG(llvm::dbgs() << "  create dealloc call\n");
 
   ClassDecl *Cl = AllocType.getClassOrBoundGenericClass();
   assert(Cl && "no class type allocated with alloc_ref");
 
   // Find the destructor of the type.
   DestructorDecl *Destructor = Cl->getDestructor();
-  SILDeclRef DeinitRef(Destructor, SILDeclRef::Kind::Destroyer);
+  SILDeclRef DeallocRef(Destructor, SILDeclRef::Kind::Deallocator);
   SILModule &M = ReleaseInst->getFunction()->getModule();
-  SILFunction *Deinit = M.lookUpFunction(DeinitRef);
-  if (!Deinit)
+  SILFunction *Dealloc = M.lookUpFunction(DeallocRef);
+  if (!Dealloc)
     return false;
 
-  CanSILFunctionType DeinitType = Deinit->getLoweredFunctionType();
+  CanSILFunctionType DeallocType = Dealloc->getLoweredFunctionType();
   ArrayRef<Substitution> AllocSubsts = AllocType.gatherAllSubstitutions(M);
 
-  assert(!AllocSubsts.empty() == DeinitType->isPolymorphic() &&
-         "deinit of generic class is not polymorphic or vice versa");
+  assert(!AllocSubsts.empty() == DeallocType->isPolymorphic() &&
+         "dealloc of generic class is not polymorphic or vice versa");
 
-  if (DeinitType->isPolymorphic())
-    DeinitType = DeinitType->substGenericArgs(M, M.getSwiftModule(),
+  if (DeallocType->isPolymorphic())
+    DeallocType = DeallocType->substGenericArgs(M, M.getSwiftModule(),
                                               AllocSubsts);
 
-  SILType ReturnType = DeinitType->getSILResult();
-  SILType DeinitSILType = SILType::getPrimitiveObjectType(DeinitType);
+  SILType ReturnType = DeallocType->getSILResult();
+  SILType DeallocSILType = SILType::getPrimitiveObjectType(DeallocType);
 
   SILBuilder B(ReleaseInst);
   if (object->getType() != AllocType)
     object = B.createUncheckedRefCast(ReleaseInst->getLoc(), object, AllocType);
 
+  // Do what a release would do before calling the deallocator: set the object
+  // in deallocating state, which means set the RC_DEALLOCATING_FLAG flag.
+  B.createSetDeallocating(ReleaseInst->getLoc(), object);
+
   // Create the call to the destructor with the allocated object as self
   // argument.
-  auto *MI = B.createFunctionRef(ReleaseInst->getLoc(), Deinit);
-  B.createApply(ReleaseInst->getLoc(), MI, DeinitSILType, ReturnType,
+  auto *MI = B.createFunctionRef(ReleaseInst->getLoc(), Dealloc);
+  B.createApply(ReleaseInst->getLoc(), MI, DeallocSILType, ReturnType,
                 AllocSubsts, { object }, false);
 
   NumReleasesDevirtualized++;

test/IRGen/class_stack_alloc.sil

@@ -1,4 +1,4 @@
-// RUN: %target-swift-frontend -emit-stack-promotion-checks -stack-promotion-limit 48 -Onone -emit-ir %s | FileCheck %s
+// RUN: %target-swift-frontend -stack-promotion-limit 48 -Onone -emit-ir %s | FileCheck %s
 
 import Builtin
 import Swift
@@ -14,18 +14,30 @@ struct TestStruct {
   @sil_stored var c : Int64
 }
 
+class BigClass {
+  @sil_stored var a : Int64
+  @sil_stored var b : Int64
+  @sil_stored var c : Int64
+  @sil_stored var d : Int64
+  @sil_stored var e : Int64
+  @sil_stored var f : Int64
+  @sil_stored var g : Int64
+  init()
+}
+
 sil_vtable TestClass {}
+sil_vtable BigClass {}
 
 // CHECK-LABEL: define{{( protected)?}} void @simple_promote
 // CHECK: %reference.raw = alloca %[[C:[a-zA-Z0-9_]+]], align 8
-// CHECK: [[M:%[0-9]+]] = call %swift.type* @_TMa[[C]]()
-// CHECK: [[O:%[0-9]+]] = bitcast %[[C]]* %reference.raw to %swift.refcounted*
-// CHECK: %reference.new = call %swift.refcounted* @swift_initStackObject(%swift.type* [[M]], %swift.refcounted* [[O]])
-// CHECK: [[R:%[0-9]+]] = bitcast %swift.refcounted* %reference.new to %[[C]]*
-// CHECK: call {{.*}} @rt_swift_release {{.*}} [[R]])
-// CHECK: [[O2:%[0-9]+]] = bitcast %[[C]]* [[R]] to %swift.refcounted*
-// CHECK: call void @swift_verifyEndOfLifetime(%swift.refcounted* [[O2]])
-// CHECK: ret void
+// CHECK-NEXT: [[M:%[0-9]+]] = call %swift.type* @_TMa[[C]]()
+// CHECK-NEXT: [[O:%[0-9]+]] = bitcast %[[C]]* %reference.raw to %swift.refcounted*
+// CHECK-NEXT: %reference.new = call %swift.refcounted* @swift_initStackObject(%swift.type* [[M]], %swift.refcounted* [[O]])
+// CHECK-NEXT: [[R:%[0-9]+]] = bitcast %swift.refcounted* %reference.new to %[[C]]*
+// CHECK-NEXT: call {{.*}} @rt_swift_release {{.*}} [[R]])
+// CHECK-NEXT: [[O2:%[0-9]+]] = bitcast %[[C]]* [[R]] to i8*
+// CHECK-NEXT: call void @llvm.lifetime.end(i64 -1, i8* [[O2]])
+// CHECK-NEXT: ret void
 sil @simple_promote : $@convention(thin) () -> () {
 bb0:
   %o1 = alloc_ref [stack] $TestClass
@@ -67,4 +79,68 @@ bb0:
   return %r : $()
 }
 
+// CHECK-LABEL: define{{( protected)?}} void @promoted_with_devirtualized_release
+// CHECK: %reference.raw = alloca %[[C:[a-zA-Z0-9_]+]], align 8
+// CHECK-NEXT: [[M:%[0-9]+]] = call %swift.type* @_TMa[[C]]()
+// CHECK-NEXT: [[O:%[0-9]+]] = bitcast %[[C]]* %reference.raw to %swift.refcounted*
+// CHECK-NEXT: %reference.new = call %swift.refcounted* @swift_initStackObject(%swift.type* [[M]], %swift.refcounted* [[O]])
+// CHECK-NEXT: [[R:%[0-9]+]] = bitcast %swift.refcounted* %reference.new to %[[C]]*
+// CHECK-NEXT: call {{.*}} @swift_setDeallocating {{.*}}(%[[C]]* [[R]])
+// CHECK-NEXT: call void @not_inlined_destructor(%[[C]]* [[R]])
+// CHECK-NEXT: [[O2:%[0-9]+]] = bitcast %[[C]]* [[R]] to i8*
+// CHECK-NEXT: call void @llvm.lifetime.end(i64 -1, i8* [[O2]])
+// CHECK-NEXT: ret void
+sil @promoted_with_devirtualized_release : $@convention(thin) () -> () {
+bb0:
+  %o1 = alloc_ref [stack] $TestClass
+  set_deallocating %o1 : $TestClass
+  %f = function_ref @not_inlined_destructor :  $@convention(thin) (TestClass) -> ()
+  %a = apply %f(%o1) : $@convention(thin) (TestClass) -> ()
+  dealloc_ref [stack] %o1 : $TestClass
+
+  %r = tuple()
+  return %r : $()
+}
+
+// CHECK-LABEL: define{{( protected)?}} void @promoted_with_inlined_devirtualized_release
+// CHECK: %reference.raw = alloca %[[C:[a-zA-Z0-9_]+]], align 8
+// CHECK-NEXT: [[M:%[0-9]+]] = call %swift.type* @_TMa[[C]]()
+// CHECK-NEXT: [[O:%[0-9]+]] = bitcast %[[C]]* %reference.raw to %swift.refcounted*
+// CHECK-NEXT: %reference.new = call %swift.refcounted* @swift_initStackObject(%swift.type* [[M]], %swift.refcounted* [[O]])
+// CHECK-NEXT: [[R:%[0-9]+]] = bitcast %swift.refcounted* %reference.new to %[[C]]*
+// CHECK-NOT: call
+// CHECK: [[O2:%[0-9]+]] = bitcast %[[C]]* [[R]] to i8*
+// CHECK-NEXT: call void @llvm.lifetime.end(i64 -1, i8* [[O2]])
+// CHECK-NEXT: ret void
+sil @promoted_with_inlined_devirtualized_release : $@convention(thin) () -> () {
+bb0:
+  %o1 = alloc_ref [stack] $TestClass
+  set_deallocating %o1 : $TestClass
+  dealloc_ref %o1 : $TestClass
+  dealloc_ref [stack] %o1 : $TestClass
+
+  %r = tuple()
+  return %r : $()
+}
+
+// CHECK-LABEL: define{{( protected)?}} void @not_promoted_with_inlined_devirtualized_release
+// CHECK: [[O:%[0-9]+]] = call {{.*}} @rt_swift_allocObject
+// CHECK-NEXT: [[BC:%[0-9]+]] = bitcast %swift.refcounted* [[O]] to
+// CHECK-NEXT: call {{.*}} @swift_setDeallocating {{.*}}({{.*}} [[BC]])
+// CHECK-NEXT: [[BC2:%[0-9]+]] = bitcast {{.*}} [[BC]] to %swift.refcounted*
+// CHECK-NEXT: call void @swift_deallocClassInstance(%swift.refcounted* [[BC2]], {{.*}})
+// CHECK-NEXT: ret void
+sil @not_promoted_with_inlined_devirtualized_release : $@convention(thin) () -> () {
+bb0:
+  %o1 = alloc_ref [stack] $BigClass
+  set_deallocating %o1 : $BigClass
+  dealloc_ref %o1 : $BigClass
+  dealloc_ref [stack] %o1 : $BigClass
+
+  %r = tuple()
+  return %r : $()
+}
+
+sil @not_inlined_destructor :  $@convention(thin) (TestClass) -> ()
 sil @unknown_func :  $@convention(thin) (@inout TestStruct) -> ()
+

test/LLVMPasses/stack_promotion.ll

@@ -5,6 +5,8 @@ target triple = "x86_64-apple-macosx10.9"
 
 %swift.type = type { i64 }
 %objc_object = type opaque
+%swift.refcounted = type { %swift.type*, i32, i32 }
+%BufferStorageType = type <{ %swift.refcounted }>
 
 ; CHECK-LABEL: define{{( protected)?}} void @promote_buffer()
 ; CHECK: [[B:%.+]] = alloca i8, i32 48, align 8
@@ -22,6 +24,55 @@ entry:
   ret void
 }
 
+; CHECK-LABEL: define{{( protected)?}} void @promote_buffer_with_devirtualized_release()
+; CHECK: [[B:%.+]] = alloca i8, i32 48, align 8
+; CHECK: [[M:%.+]] = call %swift.type* @get_buffer_metadata()
+; CHECK: [[BC:%.+]] = bitcast i8* [[B]] to %objc_object*
+; CHECK: [[I:%.+]] = call %objc_object* @swift_initStackObject(%swift.type* [[M]], %objc_object* [[BC]])
+; CHECK-NOT: call
+; CHECK: [[BC2:%.+]] = bitcast %objc_object* [[I]] to i8*
+; CHECK-NOT: call
+; CHECK: call void @llvm.lifetime.end(i64 -1, i8* [[BC2]])
+; CHECK-NOT: call
+; CHECK: ret void
+define void @promote_buffer_with_devirtualized_release() {
+entry:
+  %0 = call %swift.type* @get_buffer_metadata()
+  %1 = call %objc_object* @swift_bufferAllocateOnStack(%swift.type* %0, i64 48, i64 7)
+  %2 = bitcast %objc_object* %1 to %BufferStorageType*
+  call void bitcast (void (%swift.refcounted*)* @swift_setDeallocating to void (%BufferStorageType*)*)(%BufferStorageType* %2)
+  %3 = bitcast %BufferStorageType* %2 to %swift.refcounted*
+  call void @swift_deallocClassInstance(%swift.refcounted* %3, i64 48, i64 7)
+  call void @swift_bufferDeallocateFromStack(%objc_object* %1)
+  ret void
+}
+
+; CHECK-LABEL: define{{( protected)?}} void @promote_buffer_with_devirtualized_release_and_non_trivial_deinit()
+; CHECK: [[B:%.+]] = alloca i8, i32 48, align 8
+; CHECK: [[M:%.+]] = call %swift.type* @get_buffer_metadata()
+; CHECK: [[BC:%.+]] = bitcast i8* [[B]] to %objc_object*
+; CHECK: [[I:%.+]] = call %objc_object* @swift_initStackObject(%swift.type* [[M]], %objc_object* [[BC]])
+; CHECK: [[BC2:%.+]] = bitcast %objc_object* [[I]] to %BufferStorageType
+; CHECK-NEXT: call {{.*}}@swift_setDeallocating {{.*}}({{.*}} [[BC2]])
+; CHECK-NEXT: call void @unknown_deinit(%BufferStorageType* [[BC2]])
+; CHECK-NOT: call
+; CHECK: [[BC3:%.+]] = bitcast %objc_object* [[I]] to i8*
+; CHECK-NEXT: call void @llvm.lifetime.end(i64 -1, i8* [[BC3]])
+; CHECK-NOT: call
+; CHECK: ret void
+define void @promote_buffer_with_devirtualized_release_and_non_trivial_deinit() {
+entry:
+  %0 = call %swift.type* @get_buffer_metadata()
+  %1 = call %objc_object* @swift_bufferAllocateOnStack(%swift.type* %0, i64 48, i64 7)
+  %2 = bitcast %objc_object* %1 to %BufferStorageType*
+  call void bitcast (void (%swift.refcounted*)* @swift_setDeallocating to void (%BufferStorageType*)*)(%BufferStorageType* %2)
+  call void @unknown_deinit(%BufferStorageType* %2)
+  %3 = bitcast %BufferStorageType* %2 to %swift.refcounted*
+  call void @swift_deallocClassInstance(%swift.refcounted* %3, i64 48, i64 7)
+  call void @swift_bufferDeallocateFromStack(%objc_object* %1)
+  ret void
+}
+
 ; CHECK-LABEL: define{{( protected)?}} void @dont_promote_buffer_exceeding_limit()
 ; CHECK: [[M:%.+]] = call %swift.type* @get_buffer_metadata()
 ; CHECK: call %objc_object* @swift_bufferAllocate(%swift.type* [[M]], i64 48, i64 7)
@@ -38,3 +89,6 @@ entry:
 declare %swift.type* @get_buffer_metadata()
 declare %objc_object* @swift_bufferAllocateOnStack(%swift.type*, i64, i64)
 declare void @swift_bufferDeallocateFromStack(%objc_object*)
+declare void @swift_setDeallocating(%swift.refcounted*)
+declare void @swift_deallocClassInstance(%swift.refcounted*, i64, i64)
+declare void @unknown_deinit(%BufferStorageType*)