[SemanticARCOpts] Fix miscompile at dead-ends.

With incomplete lifetimes, a value may have an "incomplete lifetime"--it
may not be destroyed on paths into dead-end regions.  When a value lacks
a destroy on a path into a dead-end region, it is effectively destroyed
at its availability boundary (e.g. an `unreachable` instruction).
Indeed, lifetime completion amounts to making such implicit destroys
explicit (with correct nesting).

`SemanticARCOpts`' `performGuaranteedCopyValueOptimization` attempts to
eliminate a `copy_value` of a guaranteed value.  To do so, it computes
the live range (`OwnershipLiveRange`) of the copy_value.  Among other
things, it checks that all destroys of the copy_value are within the
scope of all guaranteed bases of the copied value.  If any destroys are
_not_ within any of those scopes, the copy cannot be eliminated (because
the copy would have been originally live beyond the range which it would
be live in after copy elimination).

A value with an incomplete lifetime is implicitly destroyed at its
availability boundary.  So those implicit destroys along the
availability boundary must _also_ be within the scopes of those
guaranteed bases.

Previously, implicit destroys along availability boundaries were not
considered.  This resulted in invalid shortening of lifetimes--before
the transformation a value would be unconsumed up to its availability
boundary; after the transformation it would be consumed somewhere before
that.  For example:

```
sil [ossa] @f : $@convention(thin) (@owned Outer) -> () {
entry(%o : $*Outer):
  %o_borrow = begin_borrow %o : $Outer
  %i = struct_extract %o_borrow : $Outer, #Outer.inner
  %i_copy = copy_value %i : $Inner
  end_borrow %o_borrow : $Outer
  destroy_value %o : $Outer
  apply @g(%i_copy) : $@convention(thin) (@guaranteed Inner) -> ()
  unreachable // %i_copy implicitly destroyed
}
```

Here, `%i_copy` is implicitly destroyed at `unreachable` but `%i` is
consumed at the scope end of `%o_borrow`.  That means that an attempt to
RAUW `%i_copy` with `%i` would be invalid because uses of `%i_copy` may
be outside the live range of `%i`.

(Note that this happens not to occur in the above example because
there's a bailout in the case that there are no destroys, but perturbing
the example to include a cond_br on one branch of which the value is
destroyed results in the miscompile described above.)

Here, this is fixed by adding the instructions on the availability
boundary at which the value is implicitly destroyed to the live range.
Do this by adding the instructions on the availability boundary of each
def from which the live range is generated to the live range.

One wrinkle is that the OwnershipLiveRange utility is used in one place
by a utility when SIL is in an invalid state (phi uses have been
replaced with undef so values leaks on those paths).  Account for this
by manually fixing up the liveness instance passed to the lifetime
completion utility.

rdar://157291161

Author: nate-chandler

lib/SILOptimizer/SemanticARC/OwnedToGuaranteedPhiOpt.cpp

@@ -212,7 +212,11 @@ bool swift::semanticarc::tryConvertOwnedPhisToGuaranteedPhis(Context &ctx) {
     SmallVector<std::pair<SILValue, unsigned>, 8> incomingValueUpdates;
     for (auto introducer : ownedValueIntroducers) {
       SILValue v = introducer.value;
-      OwnershipLiveRange lr(v);
+      SmallVector<std::pair<Operand *, SILValue>, 4> extraConsumes;
+      for (auto op : incomingValueOperandList) {
+        extraConsumes.push_back({op.getOperand(), op.getOriginal()});
+      }
+      OwnershipLiveRange lr(v, extraConsumes);
 
       // For now, we only handle copy_value for simplicity.
       //

lib/SILOptimizer/SemanticARC/OwnershipLiveRange.cpp

@@ -15,12 +15,14 @@
 
 #include "swift/Basic/Assertions.h"
 #include "swift/SIL/BasicBlockUtils.h"
+#include "swift/SIL/OSSALifetimeCompletion.h"
 #include "swift/SIL/OwnershipUtils.h"
 
 using namespace swift;
 using namespace swift::semanticarc;
 
-OwnershipLiveRange::OwnershipLiveRange(SILValue value)
+OwnershipLiveRange::OwnershipLiveRange(
+    SILValue value, ArrayRef<std::pair<Operand *, SILValue>> extraUses)
     : introducer(OwnedValueIntroducer::get(value)), destroyingUses(),
       ownershipForwardingUses(), unknownConsumingUses() {
   assert(introducer);
@@ -30,6 +32,9 @@ OwnershipLiveRange::OwnershipLiveRange(SILValue value)
   SmallVector<UsePoint, 32> tmpForwardingConsumingUses;
   SmallVector<UsePoint, 32> tmpUnknownConsumingUses;
 
+  SmallVector<SILValue, 4> defs;
+  defs.push_back(value);
+
   // We know that our silvalue produces an @owned value. Look through all of our
   // uses and classify them as either consuming or not.
   SmallVector<Operand *, 32> worklist(introducer.value->getUses());
@@ -111,6 +116,7 @@ OwnershipLiveRange::OwnershipLiveRange(SILValue value)
           continue;
         }
         llvm::copy(v->getUses(), std::back_inserter(worklist));
+        defs.push_back(v);
       }
       continue;
     }
@@ -138,8 +144,32 @@ OwnershipLiveRange::OwnershipLiveRange(SILValue value)
         // Otherwise add all users of this BBArg to the worklist to visit
         // recursively.
         llvm::copy(succArg->getUses(), std::back_inserter(worklist));
+        defs.push_back(succArg);
+      }
+    }
+  }
+
+  for (auto def : defs) {
+    if (def->use_begin() == def->use_end()) {
+      continue;
+    }
+    SmallVector<SILBasicBlock *, 32> blocks;
+    SSAPrunedLiveness liveness(def->getFunction(), &blocks);
+    liveness.initializeDef(def);
+    liveness.computeSimple();
+    for (auto use : extraUses) {
+      if (use.second != def) {
+        continue;
       }
+      liveness.updateForUse(use.first->getUser(), /*lifetimeEnding=*/true);
     }
+    OSSALifetimeCompletion::visitAvailabilityBoundary(
+        def, liveness, [&tmpDestroyingUses](auto *inst, auto end) {
+          if (end != OSSALifetimeCompletion::LifetimeEnd::Boundary) {
+            return;
+          }
+          tmpDestroyingUses.push_back(inst);
+        });
   }
 
   // The order in which we append these to consumingUses matters since we assume
@@ -264,6 +294,8 @@ void OwnershipLiveRange::convertToGuaranteedAndRAUW(
     auto point = destroyingUses.back();
     auto *destroy = point.getInstruction();
     destroyingUses = destroyingUses.drop_back();
+    if (isa<TermInst>(destroy))
+      continue;
     callbacks.deleteInst(destroy);
   }
 
@@ -323,6 +355,8 @@ void OwnershipLiveRange::convertJoinedLiveRangePhiToGuaranteed(
     auto point = destroyingUses.back();
     auto *destroy = point.getInstruction();
     destroyingUses = destroyingUses.drop_back();
+    if (isa<TermInst>(destroy))
+      continue;
     callbacks.deleteInst(destroy);
   }
 

lib/SILOptimizer/SemanticARC/OwnershipLiveRange.h

@@ -94,7 +94,8 @@ class LLVM_LIBRARY_VISIBILITY OwnershipLiveRange {
   ArrayRef<UsePoint> unknownConsumingUses;
 
 public:
-  OwnershipLiveRange(SILValue value);
+  OwnershipLiveRange(SILValue value,
+                     ArrayRef<std::pair<Operand *, SILValue>> extraUses = {});
   OwnershipLiveRange(const OwnershipLiveRange &) = delete;
   OwnershipLiveRange &operator=(const OwnershipLiveRange &) = delete;
 

lib/SILOptimizer/SemanticARC/OwnershipPhiOperand.h

@@ -36,6 +36,7 @@ class LLVM_LIBRARY_VISIBILITY OwnershipPhiOperand {
 
 private:
   Operand *op;
+  SILValue original;
 
   OwnershipPhiOperand(Operand *op) : op(op) {}
 
@@ -70,10 +71,14 @@ class LLVM_LIBRARY_VISIBILITY OwnershipPhiOperand {
   Operand *getOperand() const { return op; }
   SILValue getValue() const { return op->get(); }
   SILType getType() const { return op->get()->getType(); }
+  SILValue getOriginal() const { return original; }
 
   unsigned getOperandNumber() const { return op->getOperandNumber(); }
 
-  void markUndef() & { op->set(SILUndef::get(getValue())); }
+  void markUndef() & {
+    original = op->get();
+    op->set(SILUndef::get(getValue()));
+  }
 
   SILInstruction *getInst() const { return op->getUser(); }
 

test/SILOptimizer/semantic-arc-opts-unit.sil

@@ -1,4 +1,4 @@
-// RUN: not --crash %target-sil-opt -test-runner %s -o /dev/null 2>&1 | %FileCheck %s
+// RUN: %target-sil-opt -test-runner %s -o /dev/null 2>&1 | %FileCheck %s
 
 sil_stage canonical