MemoryLifetime: fix a miscompile in DestroyHoisting

eeckstein · eeckstein · commit 0307b43c2f2a · 2021-03-11T18:33:19.000+01:00
DestroyHoisting moved a destroy_addr above a partial_apply with an inout argument.
rdar://75267199
diff --git a/lib/SIL/Verifier/MemoryLifetime.cpp b/lib/SIL/Verifier/MemoryLifetime.cpp
@@ -281,6 +281,19 @@ void MemoryLocations::clear() {
   nonTrivialLocations.clear();
 }
 
+static bool hasInoutArgument(ApplySite AS) {
+  for (Operand &op : AS.getArgumentOperands()) {
+    switch (AS.getArgumentConvention(op)) {
+    case SILArgumentConvention::Indirect_Inout:
+    case SILArgumentConvention::Indirect_InoutAliasable:
+      return true;
+    default:
+      break;
+    }
+  }
+  return false;
+}
+
 bool MemoryLocations::analyzeLocationUsesRecursively(SILValue V, unsigned locIdx,
                                     SmallVectorImpl<SILValue> &collectedVals,
                                     SubLocationMap &subLocationMap) {
@@ -329,6 +342,13 @@ bool MemoryLocations::analyzeLocationUsesRecursively(SILValue V, unsigned locIdx
                                   /*fieldNr*/ 0, collectedVals, subLocationMap))
           return false;
         break;
+      case SILInstructionKind::PartialApplyInst:
+        // inout/inout_aliasable conventions means that the argument "escapes".
+        // This is okay for memory verification, but cannot handled by other
+        // optimizations, like DestroyHoisting.
+        if (!handleNonTrivialProjections && hasInoutArgument(ApplySite(user)))
+          return false;
+        break;
       case SILInstructionKind::InjectEnumAddrInst:
       case SILInstructionKind::SelectEnumAddrInst:
       case SILInstructionKind::ExistentialMetatypeInst:
@@ -344,7 +364,6 @@ bool MemoryLocations::analyzeLocationUsesRecursively(SILValue V, unsigned locIdx
       case SILInstructionKind::CheckedCastAddrBranchInst:
       case SILInstructionKind::UncheckedRefCastAddrInst:
       case SILInstructionKind::UnconditionalCheckedCastAddrInst:
-      case SILInstructionKind::PartialApplyInst:
       case SILInstructionKind::ApplyInst:
       case SILInstructionKind::TryApplyInst:
       case SILInstructionKind::BeginApplyInst:
diff --git a/test/SILOptimizer/destroy_hoisting.sil b/test/SILOptimizer/destroy_hoisting.sil
@@ -314,3 +314,37 @@ bb1:
   %75 = tuple ()
   return %75 : $()
 }
+
+sil [ossa] @closure_inout : $@convention(thin) (@inout X) -> () 
+sil [ossa] @closure_inout_aliasable : $@convention(thin) (@inout_aliasable X) -> () 
+
+// CHECK-LABEL: sil [ossa] @test_closure_inout :
+// CHECK:         partial_apply
+// CHECK-NEXT:    = apply
+// CHECK-NEXT:    destroy_addr %0
+// CHECK:       } // end sil function 'test_closure_inout'
+sil [ossa] @test_closure_inout : $@convention(thin) (@in X) -> () {
+bb0(%0 :  $*X):
+  %func = function_ref @closure_inout : $@convention(thin) (@inout X) -> ()
+  %pa = partial_apply %func(%0) : $@convention(thin) (@inout X) -> ()
+  apply %pa() : $@callee_owned () -> ()
+  destroy_addr %0 : $*X
+  %res = tuple ()
+  return %res : $()
+}
+
+// CHECK-LABEL: sil [ossa] @test_closure_inout_aliasable :
+// CHECK:         partial_apply
+// CHECK-NEXT:    = apply
+// CHECK-NEXT:    destroy_addr %0
+// CHECK:       } // end sil function 'test_closure_inout_aliasable'
+sil [ossa] @test_closure_inout_aliasable : $@convention(thin) (@in X) -> () {
+bb0(%0 :  $*X):
+  %func = function_ref @closure_inout_aliasable : $@convention(thin) (@inout_aliasable X) -> ()
+  %pa = partial_apply %func(%0) : $@convention(thin) (@inout_aliasable X) -> ()
+  apply %pa() : $@callee_owned () -> ()
+  destroy_addr %0 : $*X
+  %res = tuple ()
+  return %res : $()
+}
+
