Add debug_value [poison] flag.

atrick · atrick · commit 6ed58c638092 · 2021-03-12T19:33:23.000-08:00
If the '[poison]' flag is set, then all references within this debug
value will be overwritten with a sentinel at this point in the
program. This is used in debug builds when shortening non-trivial
value lifetimes to ensure the debugger cannot inspect invalid
memory. `debug_value` instructions with the poison flag are not
generated until OSSA islowered. They are not expected to be serialized
within the module, and the pipeline is not expected to do any
significant code motion after lowering.
diff --git a/docs/SIL.rst b/docs/SIL.rst
@@ -3466,7 +3466,7 @@ debug_value
 
 ::
 
-  sil-instruction ::= debug_value sil-operand (',' debug-var-attr)*
+  sil-instruction ::= debug_value '[poison]'? sil-operand (',' debug-var-attr)*
 
   debug_value %1 : $Int
 
@@ -3488,6 +3488,15 @@ variable that is being described, including the name of the
 variable. For function and closure arguments ``argno`` is the number
 of the function argument starting with 1.
 
+If the '[poison]' flag is set, then all references within this debug
+value will be overwritten with a sentinel at this point in the
+program. This is used in debug builds when shortening non-trivial
+value lifetimes to ensure the debugger cannot inspect invalid
+memory. `debug_value` instructions with the poison flag are not
+generated until OSSA islowered. They are not expected to be serialized
+within the module, and the pipeline is not expected to do any
+significant code motion after lowering.
+
 debug_value_addr
 ````````````````
 
diff --git a/include/swift/SIL/SILBuilder.h b/include/swift/SIL/SILBuilder.h
@@ -956,7 +956,8 @@ class SILBuilder {
   }
 
   DebugValueInst *createDebugValue(SILLocation Loc, SILValue src,
-                                   SILDebugVariable Var);
+                                   SILDebugVariable Var,
+                                   bool poisonRefs = false);
   DebugValueAddrInst *createDebugValueAddr(SILLocation Loc, SILValue src,
                                            SILDebugVariable Var);
 
diff --git a/include/swift/SIL/SILCloner.h b/include/swift/SIL/SILCloner.h
@@ -1280,7 +1280,8 @@ SILCloner<ImplClass>::visitDebugValueInst(DebugValueInst *Inst) {
   recordClonedInstruction(
       Inst, getBuilder().createDebugValue(Inst->getLoc(),
                                           getOpValue(Inst->getOperand()),
-                                          *Inst->getVarInfo()));
+                                          *Inst->getVarInfo(),
+                                          Inst->poisonRefs()));
 }
 template<typename ImplClass>
 void
diff --git a/include/swift/SIL/SILInstruction.h b/include/swift/SIL/SILInstruction.h
@@ -4524,9 +4524,10 @@ class DebugValueInst final
   TailAllocatedDebugVariable VarInfo;
 
   DebugValueInst(SILDebugLocation DebugLoc, SILValue Operand,
-                 SILDebugVariable Var);
+                 SILDebugVariable Var, bool poisonRefs);
   static DebugValueInst *create(SILDebugLocation DebugLoc, SILValue Operand,
-                                SILModule &M, SILDebugVariable Var);
+                                SILModule &M, SILDebugVariable Var,
+                                bool poisonRefs);
 
   size_t numTrailingObjects(OverloadToken<char>) const { return 1; }
 
@@ -4538,6 +4539,21 @@ class DebugValueInst final
   Optional<SILDebugVariable> getVarInfo() const {
     return VarInfo.get(getDecl(), getTrailingObjects<char>());
   }
+
+  /// True if all references within this debug value will be overwritten with a
+  /// poison sentinel at this point in the program. This is used in debug builds
+  /// when shortening non-trivial value lifetimes to ensure the debugger cannot
+  /// inspect invalid memory. These are not generated until OSSA is
+  /// lowered. They are not expected to be serialized within the module, and the
+  /// debug pipeline is not expected to do any significant code motion after
+  /// OSSA lowering. It should not be necessary to model the poison operation as
+  /// a side effect, which would violate the rule that debug_values cannot
+  /// affect optimization.
+  bool poisonRefs() const { return SILNode::Bits.DebugValueInst.PoisonRefs; }
+
+  void setPoisonRefs(bool poisonRefs = true) {
+    SILNode::Bits.DebugValueInst.PoisonRefs = poisonRefs;
+  }
 };
 
 /// Define the start or update to a symbolic variable value (for address-only
@@ -7142,6 +7158,14 @@ class DestroyValueInst
   }
 
 public:
+  /// If true, then all references within the destroyed value will be
+  /// overwritten with a sentinel. This is used in debug builds when shortening
+  /// non-trivial value lifetimes to ensure the debugger cannot inspect invalid
+  /// memory. These semantics are part of the destroy_value instruction to
+  /// avoid representing use-after-destroy in OSSA form and so that OSSA
+  /// transformations keep the poison operation associated with the destroy
+  /// point. After OSSA, these are lowered to 'debug_values [poison]'
+  /// instructions, after which the Onone pipeline should avoid code motion.
   bool poisonRefs() const { return SILNode::Bits.DestroyValueInst.PoisonRefs; }
 
   void setPoisonRefs(bool poisonRefs = true) {
diff --git a/include/swift/SIL/SILNode.h b/include/swift/SIL/SILNode.h
@@ -341,6 +341,9 @@ class alignas(8) SILNode {
   SWIFT_INLINE_BITFIELD(DestroyValueInst, NonValueInstruction, 1,
                         PoisonRefs : 1);
 
+  SWIFT_INLINE_BITFIELD(DebugValueInst, NonValueInstruction, 1,
+                        PoisonRefs : 1);
+
   SWIFT_INLINE_BITFIELD(EndCOWMutationInst, NonValueInstruction, 1,
     KeepUnique : 1
   );
diff --git a/lib/SIL/IR/SILBuilder.cpp b/lib/SIL/IR/SILBuilder.cpp
@@ -618,12 +618,14 @@ void SILBuilder::emitDestructureValueOperation(
 }
 
 DebugValueInst *SILBuilder::createDebugValue(SILLocation Loc, SILValue src,
-                                             SILDebugVariable Var) {
+                                             SILDebugVariable Var,
+                                             bool poisonRefs) {
   assert(isLoadableOrOpaque(src->getType()));
   // Debug location overrides cannot apply to debug value instructions.
   DebugLocOverrideRAII LocOverride{*this, None};
   return insert(
-      DebugValueInst::create(getSILDebugLocation(Loc), src, getModule(), Var));
+    DebugValueInst::create(getSILDebugLocation(Loc), src, getModule(), Var,
+                           poisonRefs));
 }
 
 DebugValueAddrInst *SILBuilder::createDebugValueAddr(SILLocation Loc,
diff --git a/lib/SIL/IR/SILInstruction.cpp b/lib/SIL/IR/SILInstruction.cpp
@@ -389,6 +389,11 @@ namespace {
       return left->poisonRefs() == RHS->poisonRefs();
     }
 
+    bool visitDebugValue(const DebugValueInst *RHS) {
+      auto *left = cast<DebugValueInst>(LHS);
+      return left->poisonRefs() == RHS->poisonRefs();
+    }
+
     bool visitBeginCOWMutationInst(const BeginCOWMutationInst *RHS) {
       auto *left = cast<BeginCOWMutationInst>(LHS);
       return left->isNative() == RHS->isNative();
diff --git a/lib/SIL/IR/SILInstructions.cpp b/lib/SIL/IR/SILInstructions.cpp
@@ -291,15 +291,17 @@ SILType AllocBoxInst::getAddressType() const {
 }
 
 DebugValueInst::DebugValueInst(SILDebugLocation DebugLoc, SILValue Operand,
-                               SILDebugVariable Var)
+                               SILDebugVariable Var, bool poisonRefs)
     : UnaryInstructionBase(DebugLoc, Operand),
-      VarInfo(Var, getTrailingObjects<char>()) {}
+      VarInfo(Var, getTrailingObjects<char>()) {
+    setPoisonRefs(poisonRefs);
+  }
 
 DebugValueInst *DebugValueInst::create(SILDebugLocation DebugLoc,
                                        SILValue Operand, SILModule &M,
-                                       SILDebugVariable Var) {
+                                       SILDebugVariable Var, bool poisonRefs) {
   void *buf = allocateDebugVarCarryingInst<DebugValueInst>(M, Var);
-  return ::new (buf) DebugValueInst(DebugLoc, Operand, Var);
+  return ::new (buf) DebugValueInst(DebugLoc, Operand, Var, poisonRefs);
 }
 
 DebugValueAddrInst::DebugValueAddrInst(SILDebugLocation DebugLoc,
diff --git a/lib/SIL/IR/SILPrinter.cpp b/lib/SIL/IR/SILPrinter.cpp
@@ -1502,6 +1502,8 @@ class SILPrinter : public SILInstructionVisitor<SILPrinter> {
   }
 
   void visitDebugValueInst(DebugValueInst *DVI) {
+    if (DVI->poisonRefs())
+      *this << "[poison] ";
     *this << getIDAndType(DVI->getOperand());
     printDebugVar(DVI->getVarInfo());
   }
diff --git a/lib/SIL/Parser/ParseSIL.cpp b/lib/SIL/Parser/ParseSIL.cpp
@@ -3097,14 +3097,18 @@ bool SILParser::parseSpecificSILInstruction(SILBuilder &B,
 
   case SILInstructionKind::DebugValueInst:
   case SILInstructionKind::DebugValueAddrInst: {
+    bool poisonRefs = false;
     SILDebugVariable VarInfo;
-    if (parseTypedValueRef(Val, B) || parseSILDebugVar(VarInfo) ||
+    if (parseSILOptional(poisonRefs, *this, "poison")
+        || parseTypedValueRef(Val, B) || parseSILDebugVar(VarInfo) ||
         parseSILDebugLocation(InstLoc, B))
       return true;
     if (Opcode == SILInstructionKind::DebugValueInst)
-      ResultVal = B.createDebugValue(InstLoc, Val, VarInfo);
-    else
+      ResultVal = B.createDebugValue(InstLoc, Val, VarInfo, poisonRefs);
+    else {
+      assert(!poisonRefs && "debug_value_addr does not support poison");
       ResultVal = B.createDebugValueAddr(InstLoc, Val, VarInfo);
+    }
     break;
   }
 
diff --git a/test/SIL/Parser/basic.sil b/test/SIL/Parser/basic.sil
@@ -1267,10 +1267,11 @@ bb0:
 }
 
 // CHECK-LABEL: sil @debug_value
-sil @debug_value : $@convention(thin) (Int, @in P) -> () {
-bb0(%0 : $Int, %1 : $*P):
-  debug_value %0 : $Int        // CHECK: debug_value %0 : $Int
-  debug_value_addr %1 : $*P    // CHECK: debug_value_addr %1 : $*P
+sil @debug_value : $@convention(thin) (Int, @in P, AnyObject) -> () {
+bb0(%0 : $Int, %1 : $*P, %2 : $AnyObject):
+  debug_value %0 : $Int         // CHECK: debug_value %0 : $Int
+  debug_value [poison] %2 : $AnyObject // CHECK: debug_value [poison] %2 : $AnyObject
+  debug_value_addr %1 : $*P     // CHECK: debug_value_addr %1 : $*P
   unreachable
 }
 
diff --git a/test/SIL/Parser/basic2.sil b/test/SIL/Parser/basic2.sil
@@ -32,12 +32,12 @@ bb0(%0 : $@sil_unmanaged Builtin.NativeObject):
   return %1 : $Builtin.NativeObject
 }
 
-// CHECK-LABEL: sil [ossa] @test_poison
+// CHECK-LABEL: sil [ossa] @test_destroy_poison
 // CHECK: bb0([[T0:%[0-9]+]] : @owned $Builtin.NativeObject):
 // CHECK-NEXT: destroy_value [poison] [[T0]] : $Builtin.NativeObject
 // CHECK-NEXT: tuple
 // CHECK-NEXT: return
-sil [ossa] @test_poison : $@convention(thin) (@owned Builtin.NativeObject) -> () {
+sil [ossa] @test_destroy_poison : $@convention(thin) (@owned Builtin.NativeObject) -> () {
 bb0(%0 : @owned $Builtin.NativeObject):
   destroy_value [poison] %0 : $Builtin.NativeObject
   %2 = tuple ()

Original file line number	Diff line number	Diff line change
`@@ -956,7 +956,8 @@ class SILBuilder {`
`956`	`956`	`}`
`957`	`957`
`958`	`958`	`DebugValueInst *createDebugValue(SILLocation Loc, SILValue src,`
`959`		`- SILDebugVariable Var);`
	`959`	`+ SILDebugVariable Var,`
	`960`	`+ bool poisonRefs = false);`
`960`	`961`	`DebugValueAddrInst *createDebugValueAddr(SILLocation Loc, SILValue src,`
`961`	`962`	`SILDebugVariable Var);`
`962`	`963`
Original file line number	Diff line number	Diff line change
`@@ -1502,6 +1502,8 @@ class SILPrinter : public SILInstructionVisitor<SILPrinter> {`
`1502`	`1502`	`}`
`1503`	`1503`
`1504`	`1504`	`void visitDebugValueInst(DebugValueInst *DVI) {`
	`1505`	`+ if (DVI->poisonRefs())`
	`1506`	`+ *this << "[poison] ";`
`1505`	`1507`	`*this << getIDAndType(DVI->getOperand());`
`1506`	`1508`	`printDebugVar(DVI->getVarInfo());`
`1507`	`1509`	`}`