DI: Correctly handle conditional destroy of 'self' in root class

In a designated initializer of a non-root class, 'self' becomes
fully initialized after the 'super.init' call, at which point
escaping uses of 'self' become valid, and releases of 'self' are
lowered to a 'strong_release' instruction, which runs the
deinitializer.

In a root class, 'self' becomes fully initialized after all stored
properties have been initialized, at which point escaping uses of
'self' become valid.

However, DI would still lower a conditional destroy of 'self' by
destroying any initialized stored properties and freeing the object
with 'dealloc_partial_ref'. This is incorrect, because 'self' may
have escaped.

In the non-conditional destroy case, we correctly lowered the
release to a 'strong_release' if all stored properties are known
to be initialized.

Fix DI to handle the conditional destroy case by first checking if all
bits in the control variable are set, and releasing the instance with
'strong_release' if so. The 'dealloc_partial_ref' is only emitted
if not at least one stored property was not initialized.

This ensures that we don't deallocate an instance that may have
escaped.

Fixes <https://bugs.swift.org/browse/SR-13439>, <rdar://problem/67746791>,
<https://bugs.swift.org/browse/SR-13355>, <rdar://problem/67361228>.

Author: slavapestov

lib/SILOptimizer/Mandatory/DefiniteInitialization.cpp

@@ -2221,6 +2221,32 @@ static SILValue testControlVariableBit(SILLocation Loc,
                          {}, CondVal);
 }
 
+/// Test if all bits in the control variable are set at the current
+/// insertion point.
+static SILValue testAllControlVariableBits(SILLocation Loc,
+                                           SILValue ControlVariableAddr,
+                                           Identifier &CmpEqFn,
+                                           SILBuilder &B) {
+  SILValue ControlVariable =
+        B.createLoad(Loc, ControlVariableAddr, LoadOwnershipQualifier::Trivial);
+
+  SILValue CondVal = ControlVariable;
+  CanBuiltinIntegerType IVType = CondVal->getType().castTo<BuiltinIntegerType>();
+
+  if (IVType->getFixedWidth() == 1)
+    return CondVal;
+
+  SILValue AllBitsSet = B.createIntegerLiteral(Loc, CondVal->getType(), -1);
+  if (!CmpEqFn.get())
+    CmpEqFn = getBinaryFunction("cmp_eq", CondVal->getType(),
+                                B.getASTContext());
+  SILValue Args[] = { CondVal, AllBitsSet };
+
+  return B.createBuiltin(Loc, CmpEqFn,
+                         SILType::getBuiltinIntegerType(1, B.getASTContext()),
+                         {}, Args);
+}
+
 /// handleConditionalInitAssign - This memory object has some stores
 /// into (some element of) it that is either an init or an assign based on the
 /// control flow path through the function, or have a destroy event that happens
@@ -2398,7 +2424,7 @@ SILValue LifetimeChecker::handleConditionalInitAssign() {
 void LifetimeChecker::
 handleConditionalDestroys(SILValue ControlVariableAddr) {
   SILBuilderWithScope B(TheMemory.getUninitializedValue());
-  Identifier ShiftRightFn, TruncateFn;
+  Identifier ShiftRightFn, TruncateFn, CmpEqFn;
 
   unsigned NumMemoryElements = TheMemory.getNumElements();
 
@@ -2525,12 +2551,50 @@ handleConditionalDestroys(SILValue ControlVariableAddr) {
     // Just conditionally destroy each memory element, and for classes,
     // also free the partially initialized object.
     if (!TheMemory.isNonRootClassSelf()) {
-      destroyMemoryElements(Loc, Availability);
-      processUninitializedRelease(Release, false, B.getInsertionPoint());
+      assert(!Availability.isAllYes() &&
+             "Should not end up here if fully initialized");
+
+      // For root class initializers, we check if all proeprties were
+      // dynamically initialized, and if so, treat this as a release of
+      // an initialized 'self', instead of tearing down the fields
+      // one by one and deallocating memory.
+      //
+      // This is required for correctness, since the condition that
+      // allows 'self' to escape is that all stored properties were
+      // initialized. So we cannot deallocate the memory if 'self' may
+      // have escaped.
+      //
+      // This also means the deinitializer will run if all stored
+      // properties were initialized.
+      if (TheMemory.isClassInitSelf() &&
+          Availability.hasAny(DIKind::Partial)) {
+        auto CondVal = testAllControlVariableBits(Loc, ControlVariableAddr,
+                                                  CmpEqFn, B);
+
+        SILBasicBlock *ReleaseBlock, *DeallocBlock, *ContBlock;
+
+        InsertCFGDiamond(CondVal, Loc, B,
+                         ReleaseBlock, DeallocBlock, ContBlock);
+
+        // If true, self was fully initialized and must be released.
+        B.setInsertionPoint(ReleaseBlock->begin());
+        B.setCurrentDebugScope(ReleaseBlock->begin()->getDebugScope());
+        Release->moveBefore(&*B.getInsertionPoint());
+
+        // If false, self is uninitialized and must be freed.
+        B.setInsertionPoint(DeallocBlock->begin());
+        B.setCurrentDebugScope(DeallocBlock->begin()->getDebugScope());
+        destroyMemoryElements(Loc, Availability);
+        processUninitializedRelease(Release, false, B.getInsertionPoint());
+      } else {
+        destroyMemoryElements(Loc, Availability);
+        processUninitializedRelease(Release, false, B.getInsertionPoint());
+
+        // The original strong_release or destroy_addr instruction is
+        // always dead at this point.
+        deleteDeadRelease(CDElt.ReleaseID);
+      }
 
-      // The original strong_release or destroy_addr instruction is
-      // always dead at this point.
-      deleteDeadRelease(CDElt.ReleaseID);
       continue;
     }
 

test/Interpreter/failable_initializers_root_class.swift

@@ -0,0 +1,176 @@
+// RUN: %target-run-simple-swift
+
+// REQUIRES: executable_test
+
+import StdlibUnittest
+
+
+var FailableInitTestSuite = TestSuite("FailableInit")
+
+var deinitCalled = 0
+
+func mustFail<T>(f: () -> T?) {
+  if f() != nil {
+    preconditionFailure("Didn't fail")
+  }
+}
+
+func mustSucceed<T>(f: () -> T?) {
+  if f() == nil {
+    preconditionFailure("Didn't succeed")
+  }
+}
+
+class FirstClass {
+  var x: LifetimeTracked
+
+  init?(n: Int) {
+    if n == 0 {
+      return nil
+    }
+
+    x = LifetimeTracked(0)
+
+    if n == 1 {
+      return nil
+    }
+  }
+
+  deinit {
+    deinitCalled += 1
+  }
+}
+
+FailableInitTestSuite.test("FirstClass") {
+  deinitCalled = 0
+
+  mustFail { FirstClass(n: 0) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { FirstClass(n: 1) }
+  expectEqual(1, deinitCalled)
+
+  mustSucceed { FirstClass(n: 2) }
+  expectEqual(2, deinitCalled)
+}
+
+class FirstClassTrivial {
+  var x: Int
+
+  init?(n: Int) {
+    if n == 0 {
+      return nil
+    }
+
+    x = 0
+
+    if n == 1 {
+      return nil
+    }
+  }
+
+  deinit {
+    deinitCalled += 1
+  }
+}
+
+FailableInitTestSuite.test("FirstClassTrivial") {
+  deinitCalled = 0
+
+  mustFail { FirstClassTrivial(n: 0) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { FirstClassTrivial(n: 1) }
+  expectEqual(1, deinitCalled)
+
+  mustSucceed { FirstClassTrivial(n: 2) }
+  expectEqual(2, deinitCalled)
+}
+
+class SecondClass {
+  var x: LifetimeTracked
+  var y: LifetimeTracked
+
+  init?(n: Int) {
+    if n == 0 {
+      return nil
+    }
+
+    x = LifetimeTracked(0)
+
+    if n == 1 {
+      return nil
+    }
+
+    y = LifetimeTracked(0)
+
+    if n == 2 {
+      return nil
+    }
+  }
+
+  deinit {
+    deinitCalled += 1
+  }
+}
+
+FailableInitTestSuite.test("SecondClass") {
+  deinitCalled = 0
+
+  mustFail { SecondClass(n: 0) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { SecondClass(n: 1) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { SecondClass(n: 2) }
+  expectEqual(1, deinitCalled)
+
+  mustSucceed { SecondClass(n: 3) }
+  expectEqual(2, deinitCalled)
+}
+
+class SecondClassTrivial {
+  var x: Int
+  var y: Int
+
+  init?(n: Int) {
+    if n == 0 {
+      return nil
+    }
+
+    x = 0
+
+    if n == 1 {
+      return nil
+    }
+
+    y = 0
+
+    if n == 2 {
+      return nil
+    }
+  }
+
+  deinit {
+    deinitCalled += 1
+  }
+}
+
+FailableInitTestSuite.test("SecondClassTrivial") {
+  deinitCalled = 0
+
+  mustFail { SecondClassTrivial(n: 0) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { SecondClassTrivial(n: 1) }
+  expectEqual(0, deinitCalled)
+
+  mustFail { SecondClassTrivial(n: 2) }
+  expectEqual(1, deinitCalled)
+
+  mustSucceed { SecondClassTrivial(n: 3) }
+  expectEqual(2, deinitCalled)
+}
+
+runAllTests()