1 //===-- Verifier.cpp - Implement the Module Verifier -----------------------==// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file defines the function verifier interface, that can be used for some 10 // basic correctness checking of input to the system. 11 // 12 // Note that this does not provide full `Java style' security and verifications, 13 // instead it just tries to ensure that code is well-formed. 14 // 15 // * Both of a binary operator's parameters are of the same type 16 // * Verify that the indices of mem access instructions match other operands 17 // * Verify that arithmetic and other things are only performed on first-class 18 // types. Verify that shifts & logicals only happen on integrals f.e. 19 // * All of the constants in a switch statement are of the correct type 20 // * The code is in valid SSA form 21 // * It should be illegal to put a label into any other type (like a structure) 22 // or to return one. [except constant arrays!] 23 // * Only phi nodes can be self referential: 'add i32 %0, %0 ; <int>:0' is bad 24 // * PHI nodes must have an entry for each predecessor, with no extras. 25 // * PHI nodes must be the first thing in a basic block, all grouped together 26 // * All basic blocks should only end with terminator insts, not contain them 27 // * The entry node to a function must not have predecessors 28 // * All Instructions must be embedded into a basic block 29 // * Functions cannot take a void-typed parameter 30 // * Verify that a function's argument list agrees with it's declared type. 31 // * It is illegal to specify a name for a void value. 32 // * It is illegal to have a internal global value with no initializer 33 // * It is illegal to have a ret instruction that returns a value that does not 34 // agree with the function return value type. 35 // * Function call argument types match the function prototype 36 // * A landing pad is defined by a landingpad instruction, and can be jumped to 37 // only by the unwind edge of an invoke instruction. 38 // * A landingpad instruction must be the first non-PHI instruction in the 39 // block. 40 // * Landingpad instructions must be in a function with a personality function. 41 // * Convergence control intrinsics are introduced in ConvergentOperations.rst. 42 // The applied restrictions are too numerous to list here. 43 // * The convergence entry intrinsic and the loop heart must be the first 44 // non-PHI instruction in their respective block. This does not conflict with 45 // the landing pads, since these two kinds cannot occur in the same block. 46 // * All other things that are tested by asserts spread about the code... 47 // 48 //===----------------------------------------------------------------------===// 49 50 #include "llvm/IR/Verifier.h" 51 #include "llvm/ADT/APFloat.h" 52 #include "llvm/ADT/APInt.h" 53 #include "llvm/ADT/ArrayRef.h" 54 #include "llvm/ADT/DenseMap.h" 55 #include "llvm/ADT/MapVector.h" 56 #include "llvm/ADT/STLExtras.h" 57 #include "llvm/ADT/SmallPtrSet.h" 58 #include "llvm/ADT/SmallSet.h" 59 #include "llvm/ADT/SmallVector.h" 60 #include "llvm/ADT/StringExtras.h" 61 #include "llvm/ADT/StringRef.h" 62 #include "llvm/ADT/Twine.h" 63 #include "llvm/BinaryFormat/Dwarf.h" 64 #include "llvm/IR/Argument.h" 65 #include "llvm/IR/AttributeMask.h" 66 #include "llvm/IR/Attributes.h" 67 #include "llvm/IR/BasicBlock.h" 68 #include "llvm/IR/CFG.h" 69 #include "llvm/IR/CallingConv.h" 70 #include "llvm/IR/Comdat.h" 71 #include "llvm/IR/Constant.h" 72 #include "llvm/IR/ConstantRange.h" 73 #include "llvm/IR/ConstantRangeList.h" 74 #include "llvm/IR/Constants.h" 75 #include "llvm/IR/ConvergenceVerifier.h" 76 #include "llvm/IR/DataLayout.h" 77 #include "llvm/IR/DebugInfo.h" 78 #include "llvm/IR/DebugInfoMetadata.h" 79 #include "llvm/IR/DebugLoc.h" 80 #include "llvm/IR/DerivedTypes.h" 81 #include "llvm/IR/Dominators.h" 82 #include "llvm/IR/EHPersonalities.h" 83 #include "llvm/IR/Function.h" 84 #include "llvm/IR/GCStrategy.h" 85 #include "llvm/IR/GlobalAlias.h" 86 #include "llvm/IR/GlobalValue.h" 87 #include "llvm/IR/GlobalVariable.h" 88 #include "llvm/IR/InlineAsm.h" 89 #include "llvm/IR/InstVisitor.h" 90 #include "llvm/IR/InstrTypes.h" 91 #include "llvm/IR/Instruction.h" 92 #include "llvm/IR/Instructions.h" 93 #include "llvm/IR/IntrinsicInst.h" 94 #include "llvm/IR/Intrinsics.h" 95 #include "llvm/IR/IntrinsicsAArch64.h" 96 #include "llvm/IR/IntrinsicsAMDGPU.h" 97 #include "llvm/IR/IntrinsicsARM.h" 98 #include "llvm/IR/IntrinsicsNVPTX.h" 99 #include "llvm/IR/IntrinsicsWebAssembly.h" 100 #include "llvm/IR/LLVMContext.h" 101 #include "llvm/IR/MemoryModelRelaxationAnnotations.h" 102 #include "llvm/IR/Metadata.h" 103 #include "llvm/IR/Module.h" 104 #include "llvm/IR/ModuleSlotTracker.h" 105 #include "llvm/IR/PassManager.h" 106 #include "llvm/IR/ProfDataUtils.h" 107 #include "llvm/IR/Statepoint.h" 108 #include "llvm/IR/Type.h" 109 #include "llvm/IR/Use.h" 110 #include "llvm/IR/User.h" 111 #include "llvm/IR/VFABIDemangler.h" 112 #include "llvm/IR/Value.h" 113 #include "llvm/InitializePasses.h" 114 #include "llvm/Pass.h" 115 #include "llvm/ProfileData/InstrProf.h" 116 #include "llvm/Support/AMDGPUAddrSpace.h" 117 #include "llvm/Support/AtomicOrdering.h" 118 #include "llvm/Support/Casting.h" 119 #include "llvm/Support/CommandLine.h" 120 #include "llvm/Support/ErrorHandling.h" 121 #include "llvm/Support/MathExtras.h" 122 #include "llvm/Support/ModRef.h" 123 #include "llvm/Support/raw_ostream.h" 124 #include <algorithm> 125 #include <cassert> 126 #include <cstdint> 127 #include <memory> 128 #include <optional> 129 #include <string> 130 #include <utility> 131 132 using namespace llvm; 133 134 static cl::opt<bool> VerifyNoAliasScopeDomination( 135 "verify-noalias-scope-decl-dom", cl::Hidden, cl::init(false), 136 cl::desc("Ensure that llvm.experimental.noalias.scope.decl for identical " 137 "scopes are not dominating")); 138 139 namespace llvm { 140 141 struct VerifierSupport { 142 raw_ostream *OS; 143 const Module &M; 144 ModuleSlotTracker MST; 145 const Triple &TT; 146 const DataLayout &DL; 147 LLVMContext &Context; 148 149 /// Track the brokenness of the module while recursively visiting. 150 bool Broken = false; 151 /// Broken debug info can be "recovered" from by stripping the debug info. 152 bool BrokenDebugInfo = false; 153 /// Whether to treat broken debug info as an error. 154 bool TreatBrokenDebugInfoAsError = true; 155 156 explicit VerifierSupport(raw_ostream *OS, const Module &M) 157 : OS(OS), M(M), MST(&M), TT(M.getTargetTriple()), DL(M.getDataLayout()), 158 Context(M.getContext()) {} 159 160 private: 161 void Write(const Module *M) { 162 *OS << "; ModuleID = '" << M->getModuleIdentifier() << "'\n"; 163 } 164 165 void Write(const Value *V) { 166 if (V) 167 Write(*V); 168 } 169 170 void Write(const Value &V) { 171 if (isa<Instruction>(V)) { 172 V.print(*OS, MST); 173 *OS << '\n'; 174 } else { 175 V.printAsOperand(*OS, true, MST); 176 *OS << '\n'; 177 } 178 } 179 180 void Write(const DbgRecord *DR) { 181 if (DR) { 182 DR->print(*OS, MST, false); 183 *OS << '\n'; 184 } 185 } 186 187 void Write(DbgVariableRecord::LocationType Type) { 188 switch (Type) { 189 case DbgVariableRecord::LocationType::Value: 190 *OS << "value"; 191 break; 192 case DbgVariableRecord::LocationType::Declare: 193 *OS << "declare"; 194 break; 195 case DbgVariableRecord::LocationType::Assign: 196 *OS << "assign"; 197 break; 198 case DbgVariableRecord::LocationType::End: 199 *OS << "end"; 200 break; 201 case DbgVariableRecord::LocationType::Any: 202 *OS << "any"; 203 break; 204 }; 205 } 206 207 void Write(const Metadata *MD) { 208 if (!MD) 209 return; 210 MD->print(*OS, MST, &M); 211 *OS << '\n'; 212 } 213 214 template <class T> void Write(const MDTupleTypedArrayWrapper<T> &MD) { 215 Write(MD.get()); 216 } 217 218 void Write(const NamedMDNode *NMD) { 219 if (!NMD) 220 return; 221 NMD->print(*OS, MST); 222 *OS << '\n'; 223 } 224 225 void Write(Type *T) { 226 if (!T) 227 return; 228 *OS << ' ' << *T; 229 } 230 231 void Write(const Comdat *C) { 232 if (!C) 233 return; 234 *OS << *C; 235 } 236 237 void Write(const APInt *AI) { 238 if (!AI) 239 return; 240 *OS << *AI << '\n'; 241 } 242 243 void Write(const unsigned i) { *OS << i << '\n'; } 244 245 // NOLINTNEXTLINE(readability-identifier-naming) 246 void Write(const Attribute *A) { 247 if (!A) 248 return; 249 *OS << A->getAsString() << '\n'; 250 } 251 252 // NOLINTNEXTLINE(readability-identifier-naming) 253 void Write(const AttributeSet *AS) { 254 if (!AS) 255 return; 256 *OS << AS->getAsString() << '\n'; 257 } 258 259 // NOLINTNEXTLINE(readability-identifier-naming) 260 void Write(const AttributeList *AL) { 261 if (!AL) 262 return; 263 AL->print(*OS); 264 } 265 266 void Write(Printable P) { *OS << P << '\n'; } 267 268 template <typename T> void Write(ArrayRef<T> Vs) { 269 for (const T &V : Vs) 270 Write(V); 271 } 272 273 template <typename T1, typename... Ts> 274 void WriteTs(const T1 &V1, const Ts &... Vs) { 275 Write(V1); 276 WriteTs(Vs...); 277 } 278 279 template <typename... Ts> void WriteTs() {} 280 281 public: 282 /// A check failed, so printout out the condition and the message. 283 /// 284 /// This provides a nice place to put a breakpoint if you want to see why 285 /// something is not correct. 286 void CheckFailed(const Twine &Message) { 287 if (OS) 288 *OS << Message << '\n'; 289 Broken = true; 290 } 291 292 /// A check failed (with values to print). 293 /// 294 /// This calls the Message-only version so that the above is easier to set a 295 /// breakpoint on. 296 template <typename T1, typename... Ts> 297 void CheckFailed(const Twine &Message, const T1 &V1, const Ts &... Vs) { 298 CheckFailed(Message); 299 if (OS) 300 WriteTs(V1, Vs...); 301 } 302 303 /// A debug info check failed. 304 void DebugInfoCheckFailed(const Twine &Message) { 305 if (OS) 306 *OS << Message << '\n'; 307 Broken |= TreatBrokenDebugInfoAsError; 308 BrokenDebugInfo = true; 309 } 310 311 /// A debug info check failed (with values to print). 312 template <typename T1, typename... Ts> 313 void DebugInfoCheckFailed(const Twine &Message, const T1 &V1, 314 const Ts &... Vs) { 315 DebugInfoCheckFailed(Message); 316 if (OS) 317 WriteTs(V1, Vs...); 318 } 319 }; 320 321 } // namespace llvm 322 323 namespace { 324 325 class Verifier : public InstVisitor<Verifier>, VerifierSupport { 326 friend class InstVisitor<Verifier>; 327 DominatorTree DT; 328 329 /// When verifying a basic block, keep track of all of the 330 /// instructions we have seen so far. 331 /// 332 /// This allows us to do efficient dominance checks for the case when an 333 /// instruction has an operand that is an instruction in the same block. 334 SmallPtrSet<Instruction *, 16> InstsInThisBlock; 335 336 /// Keep track of the metadata nodes that have been checked already. 337 SmallPtrSet<const Metadata *, 32> MDNodes; 338 339 /// Keep track which DISubprogram is attached to which function. 340 DenseMap<const DISubprogram *, const Function *> DISubprogramAttachments; 341 342 /// Track all DICompileUnits visited. 343 SmallPtrSet<const Metadata *, 2> CUVisited; 344 345 /// The result type for a landingpad. 346 Type *LandingPadResultTy; 347 348 /// Whether we've seen a call to @llvm.localescape in this function 349 /// already. 350 bool SawFrameEscape; 351 352 /// Whether the current function has a DISubprogram attached to it. 353 bool HasDebugInfo = false; 354 355 /// Stores the count of how many objects were passed to llvm.localescape for a 356 /// given function and the largest index passed to llvm.localrecover. 357 DenseMap<Function *, std::pair<unsigned, unsigned>> FrameEscapeInfo; 358 359 // Maps catchswitches and cleanuppads that unwind to siblings to the 360 // terminators that indicate the unwind, used to detect cycles therein. 361 MapVector<Instruction *, Instruction *> SiblingFuncletInfo; 362 363 /// Cache which blocks are in which funclet, if an EH funclet personality is 364 /// in use. Otherwise empty. 365 DenseMap<BasicBlock *, ColorVector> BlockEHFuncletColors; 366 367 /// Cache of constants visited in search of ConstantExprs. 368 SmallPtrSet<const Constant *, 32> ConstantExprVisited; 369 370 /// Cache of declarations of the llvm.experimental.deoptimize.<ty> intrinsic. 371 SmallVector<const Function *, 4> DeoptimizeDeclarations; 372 373 /// Cache of attribute lists verified. 374 SmallPtrSet<const void *, 32> AttributeListsVisited; 375 376 // Verify that this GlobalValue is only used in this module. 377 // This map is used to avoid visiting uses twice. We can arrive at a user 378 // twice, if they have multiple operands. In particular for very large 379 // constant expressions, we can arrive at a particular user many times. 380 SmallPtrSet<const Value *, 32> GlobalValueVisited; 381 382 // Keeps track of duplicate function argument debug info. 383 SmallVector<const DILocalVariable *, 16> DebugFnArgs; 384 385 TBAAVerifier TBAAVerifyHelper; 386 ConvergenceVerifier ConvergenceVerifyHelper; 387 388 SmallVector<IntrinsicInst *, 4> NoAliasScopeDecls; 389 390 void checkAtomicMemAccessSize(Type *Ty, const Instruction *I); 391 392 public: 393 explicit Verifier(raw_ostream *OS, bool ShouldTreatBrokenDebugInfoAsError, 394 const Module &M) 395 : VerifierSupport(OS, M), LandingPadResultTy(nullptr), 396 SawFrameEscape(false), TBAAVerifyHelper(this) { 397 TreatBrokenDebugInfoAsError = ShouldTreatBrokenDebugInfoAsError; 398 } 399 400 bool hasBrokenDebugInfo() const { return BrokenDebugInfo; } 401 402 bool verify(const Function &F) { 403 assert(F.getParent() == &M && 404 "An instance of this class only works with a specific module!"); 405 406 // First ensure the function is well-enough formed to compute dominance 407 // information, and directly compute a dominance tree. We don't rely on the 408 // pass manager to provide this as it isolates us from a potentially 409 // out-of-date dominator tree and makes it significantly more complex to run 410 // this code outside of a pass manager. 411 // FIXME: It's really gross that we have to cast away constness here. 412 if (!F.empty()) 413 DT.recalculate(const_cast<Function &>(F)); 414 415 for (const BasicBlock &BB : F) { 416 if (!BB.empty() && BB.back().isTerminator()) 417 continue; 418 419 if (OS) { 420 *OS << "Basic Block in function '" << F.getName() 421 << "' does not have terminator!\n"; 422 BB.printAsOperand(*OS, true, MST); 423 *OS << "\n"; 424 } 425 return false; 426 } 427 428 auto FailureCB = [this](const Twine &Message) { 429 this->CheckFailed(Message); 430 }; 431 ConvergenceVerifyHelper.initialize(OS, FailureCB, F); 432 433 Broken = false; 434 // FIXME: We strip const here because the inst visitor strips const. 435 visit(const_cast<Function &>(F)); 436 verifySiblingFuncletUnwinds(); 437 438 if (ConvergenceVerifyHelper.sawTokens()) 439 ConvergenceVerifyHelper.verify(DT); 440 441 InstsInThisBlock.clear(); 442 DebugFnArgs.clear(); 443 LandingPadResultTy = nullptr; 444 SawFrameEscape = false; 445 SiblingFuncletInfo.clear(); 446 verifyNoAliasScopeDecl(); 447 NoAliasScopeDecls.clear(); 448 449 return !Broken; 450 } 451 452 /// Verify the module that this instance of \c Verifier was initialized with. 453 bool verify() { 454 Broken = false; 455 456 // Collect all declarations of the llvm.experimental.deoptimize intrinsic. 457 for (const Function &F : M) 458 if (F.getIntrinsicID() == Intrinsic::experimental_deoptimize) 459 DeoptimizeDeclarations.push_back(&F); 460 461 // Now that we've visited every function, verify that we never asked to 462 // recover a frame index that wasn't escaped. 463 verifyFrameRecoverIndices(); 464 for (const GlobalVariable &GV : M.globals()) 465 visitGlobalVariable(GV); 466 467 for (const GlobalAlias &GA : M.aliases()) 468 visitGlobalAlias(GA); 469 470 for (const GlobalIFunc &GI : M.ifuncs()) 471 visitGlobalIFunc(GI); 472 473 for (const NamedMDNode &NMD : M.named_metadata()) 474 visitNamedMDNode(NMD); 475 476 for (const StringMapEntry<Comdat> &SMEC : M.getComdatSymbolTable()) 477 visitComdat(SMEC.getValue()); 478 479 visitModuleFlags(); 480 visitModuleIdents(); 481 visitModuleCommandLines(); 482 483 verifyCompileUnits(); 484 485 verifyDeoptimizeCallingConvs(); 486 DISubprogramAttachments.clear(); 487 return !Broken; 488 } 489 490 private: 491 /// Whether a metadata node is allowed to be, or contain, a DILocation. 492 enum class AreDebugLocsAllowed { No, Yes }; 493 494 /// Metadata that should be treated as a range, with slightly different 495 /// requirements. 496 enum class RangeLikeMetadataKind { 497 Range, // MD_range 498 AbsoluteSymbol, // MD_absolute_symbol 499 NoaliasAddrspace // MD_noalias_addrspace 500 }; 501 502 // Verification methods... 503 void visitGlobalValue(const GlobalValue &GV); 504 void visitGlobalVariable(const GlobalVariable &GV); 505 void visitGlobalAlias(const GlobalAlias &GA); 506 void visitGlobalIFunc(const GlobalIFunc &GI); 507 void visitAliaseeSubExpr(const GlobalAlias &A, const Constant &C); 508 void visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias *> &Visited, 509 const GlobalAlias &A, const Constant &C); 510 void visitNamedMDNode(const NamedMDNode &NMD); 511 void visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs); 512 void visitMetadataAsValue(const MetadataAsValue &MD, Function *F); 513 void visitValueAsMetadata(const ValueAsMetadata &MD, Function *F); 514 void visitDIArgList(const DIArgList &AL, Function *F); 515 void visitComdat(const Comdat &C); 516 void visitModuleIdents(); 517 void visitModuleCommandLines(); 518 void visitModuleFlags(); 519 void visitModuleFlag(const MDNode *Op, 520 DenseMap<const MDString *, const MDNode *> &SeenIDs, 521 SmallVectorImpl<const MDNode *> &Requirements); 522 void visitModuleFlagCGProfileEntry(const MDOperand &MDO); 523 void visitFunction(const Function &F); 524 void visitBasicBlock(BasicBlock &BB); 525 void verifyRangeLikeMetadata(const Value &V, const MDNode *Range, Type *Ty, 526 RangeLikeMetadataKind Kind); 527 void visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty); 528 void visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range, Type *Ty); 529 void visitDereferenceableMetadata(Instruction &I, MDNode *MD); 530 void visitProfMetadata(Instruction &I, MDNode *MD); 531 void visitCallStackMetadata(MDNode *MD); 532 void visitMemProfMetadata(Instruction &I, MDNode *MD); 533 void visitCallsiteMetadata(Instruction &I, MDNode *MD); 534 void visitDIAssignIDMetadata(Instruction &I, MDNode *MD); 535 void visitMMRAMetadata(Instruction &I, MDNode *MD); 536 void visitAnnotationMetadata(MDNode *Annotation); 537 void visitAliasScopeMetadata(const MDNode *MD); 538 void visitAliasScopeListMetadata(const MDNode *MD); 539 void visitAccessGroupMetadata(const MDNode *MD); 540 541 template <class Ty> bool isValidMetadataArray(const MDTuple &N); 542 #define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) void visit##CLASS(const CLASS &N); 543 #include "llvm/IR/Metadata.def" 544 void visitDIScope(const DIScope &N); 545 void visitDIVariable(const DIVariable &N); 546 void visitDILexicalBlockBase(const DILexicalBlockBase &N); 547 void visitDITemplateParameter(const DITemplateParameter &N); 548 549 void visitTemplateParams(const MDNode &N, const Metadata &RawParams); 550 551 void visit(DbgLabelRecord &DLR); 552 void visit(DbgVariableRecord &DVR); 553 // InstVisitor overrides... 554 using InstVisitor<Verifier>::visit; 555 void visitDbgRecords(Instruction &I); 556 void visit(Instruction &I); 557 558 void visitTruncInst(TruncInst &I); 559 void visitZExtInst(ZExtInst &I); 560 void visitSExtInst(SExtInst &I); 561 void visitFPTruncInst(FPTruncInst &I); 562 void visitFPExtInst(FPExtInst &I); 563 void visitFPToUIInst(FPToUIInst &I); 564 void visitFPToSIInst(FPToSIInst &I); 565 void visitUIToFPInst(UIToFPInst &I); 566 void visitSIToFPInst(SIToFPInst &I); 567 void visitIntToPtrInst(IntToPtrInst &I); 568 void visitPtrToIntInst(PtrToIntInst &I); 569 void visitBitCastInst(BitCastInst &I); 570 void visitAddrSpaceCastInst(AddrSpaceCastInst &I); 571 void visitPHINode(PHINode &PN); 572 void visitCallBase(CallBase &Call); 573 void visitUnaryOperator(UnaryOperator &U); 574 void visitBinaryOperator(BinaryOperator &B); 575 void visitICmpInst(ICmpInst &IC); 576 void visitFCmpInst(FCmpInst &FC); 577 void visitExtractElementInst(ExtractElementInst &EI); 578 void visitInsertElementInst(InsertElementInst &EI); 579 void visitShuffleVectorInst(ShuffleVectorInst &EI); 580 void visitVAArgInst(VAArgInst &VAA) { visitInstruction(VAA); } 581 void visitCallInst(CallInst &CI); 582 void visitInvokeInst(InvokeInst &II); 583 void visitGetElementPtrInst(GetElementPtrInst &GEP); 584 void visitLoadInst(LoadInst &LI); 585 void visitStoreInst(StoreInst &SI); 586 void verifyDominatesUse(Instruction &I, unsigned i); 587 void visitInstruction(Instruction &I); 588 void visitTerminator(Instruction &I); 589 void visitBranchInst(BranchInst &BI); 590 void visitReturnInst(ReturnInst &RI); 591 void visitSwitchInst(SwitchInst &SI); 592 void visitIndirectBrInst(IndirectBrInst &BI); 593 void visitCallBrInst(CallBrInst &CBI); 594 void visitSelectInst(SelectInst &SI); 595 void visitUserOp1(Instruction &I); 596 void visitUserOp2(Instruction &I) { visitUserOp1(I); } 597 void visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call); 598 void visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI); 599 void visitVPIntrinsic(VPIntrinsic &VPI); 600 void visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII); 601 void visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI); 602 void visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI); 603 void visitAtomicRMWInst(AtomicRMWInst &RMWI); 604 void visitFenceInst(FenceInst &FI); 605 void visitAllocaInst(AllocaInst &AI); 606 void visitExtractValueInst(ExtractValueInst &EVI); 607 void visitInsertValueInst(InsertValueInst &IVI); 608 void visitEHPadPredecessors(Instruction &I); 609 void visitLandingPadInst(LandingPadInst &LPI); 610 void visitResumeInst(ResumeInst &RI); 611 void visitCatchPadInst(CatchPadInst &CPI); 612 void visitCatchReturnInst(CatchReturnInst &CatchReturn); 613 void visitCleanupPadInst(CleanupPadInst &CPI); 614 void visitFuncletPadInst(FuncletPadInst &FPI); 615 void visitCatchSwitchInst(CatchSwitchInst &CatchSwitch); 616 void visitCleanupReturnInst(CleanupReturnInst &CRI); 617 618 void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal); 619 void verifySwiftErrorValue(const Value *SwiftErrorVal); 620 void verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, StringRef Context); 621 void verifyMustTailCall(CallInst &CI); 622 bool verifyAttributeCount(AttributeList Attrs, unsigned Params); 623 void verifyAttributeTypes(AttributeSet Attrs, const Value *V); 624 void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V); 625 void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr, 626 const Value *V); 627 void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs, 628 const Value *V, bool IsIntrinsic, bool IsInlineAsm); 629 void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs); 630 631 void visitConstantExprsRecursively(const Constant *EntryC); 632 void visitConstantExpr(const ConstantExpr *CE); 633 void visitConstantPtrAuth(const ConstantPtrAuth *CPA); 634 void verifyInlineAsmCall(const CallBase &Call); 635 void verifyStatepoint(const CallBase &Call); 636 void verifyFrameRecoverIndices(); 637 void verifySiblingFuncletUnwinds(); 638 639 void verifyFragmentExpression(const DbgVariableIntrinsic &I); 640 void verifyFragmentExpression(const DbgVariableRecord &I); 641 template <typename ValueOrMetadata> 642 void verifyFragmentExpression(const DIVariable &V, 643 DIExpression::FragmentInfo Fragment, 644 ValueOrMetadata *Desc); 645 void verifyFnArgs(const DbgVariableIntrinsic &I); 646 void verifyFnArgs(const DbgVariableRecord &DVR); 647 void verifyNotEntryValue(const DbgVariableIntrinsic &I); 648 void verifyNotEntryValue(const DbgVariableRecord &I); 649 650 /// Module-level debug info verification... 651 void verifyCompileUnits(); 652 653 /// Module-level verification that all @llvm.experimental.deoptimize 654 /// declarations share the same calling convention. 655 void verifyDeoptimizeCallingConvs(); 656 657 void verifyAttachedCallBundle(const CallBase &Call, 658 const OperandBundleUse &BU); 659 660 /// Verify the llvm.experimental.noalias.scope.decl declarations 661 void verifyNoAliasScopeDecl(); 662 }; 663 664 } // end anonymous namespace 665 666 /// We know that cond should be true, if not print an error message. 667 #define Check(C, ...) \ 668 do { \ 669 if (!(C)) { \ 670 CheckFailed(__VA_ARGS__); \ 671 return; \ 672 } \ 673 } while (false) 674 675 /// We know that a debug info condition should be true, if not print 676 /// an error message. 677 #define CheckDI(C, ...) \ 678 do { \ 679 if (!(C)) { \ 680 DebugInfoCheckFailed(__VA_ARGS__); \ 681 return; \ 682 } \ 683 } while (false) 684 685 void Verifier::visitDbgRecords(Instruction &I) { 686 if (!I.DebugMarker) 687 return; 688 CheckDI(I.DebugMarker->MarkedInstr == &I, 689 "Instruction has invalid DebugMarker", &I); 690 CheckDI(!isa<PHINode>(&I) || !I.hasDbgRecords(), 691 "PHI Node must not have any attached DbgRecords", &I); 692 for (DbgRecord &DR : I.getDbgRecordRange()) { 693 CheckDI(DR.getMarker() == I.DebugMarker, 694 "DbgRecord had invalid DebugMarker", &I, &DR); 695 if (auto *Loc = 696 dyn_cast_or_null<DILocation>(DR.getDebugLoc().getAsMDNode())) 697 visitMDNode(*Loc, AreDebugLocsAllowed::Yes); 698 if (auto *DVR = dyn_cast<DbgVariableRecord>(&DR)) { 699 visit(*DVR); 700 // These have to appear after `visit` for consistency with existing 701 // intrinsic behaviour. 702 verifyFragmentExpression(*DVR); 703 verifyNotEntryValue(*DVR); 704 } else if (auto *DLR = dyn_cast<DbgLabelRecord>(&DR)) { 705 visit(*DLR); 706 } 707 } 708 } 709 710 void Verifier::visit(Instruction &I) { 711 visitDbgRecords(I); 712 for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i) 713 Check(I.getOperand(i) != nullptr, "Operand is null", &I); 714 InstVisitor<Verifier>::visit(I); 715 } 716 717 // Helper to iterate over indirect users. By returning false, the callback can ask to stop traversing further. 718 static void forEachUser(const Value *User, 719 SmallPtrSet<const Value *, 32> &Visited, 720 llvm::function_ref<bool(const Value *)> Callback) { 721 if (!Visited.insert(User).second) 722 return; 723 724 SmallVector<const Value *> WorkList(User->materialized_users()); 725 while (!WorkList.empty()) { 726 const Value *Cur = WorkList.pop_back_val(); 727 if (!Visited.insert(Cur).second) 728 continue; 729 if (Callback(Cur)) 730 append_range(WorkList, Cur->materialized_users()); 731 } 732 } 733 734 void Verifier::visitGlobalValue(const GlobalValue &GV) { 735 Check(!GV.isDeclaration() || GV.hasValidDeclarationLinkage(), 736 "Global is external, but doesn't have external or weak linkage!", &GV); 737 738 if (const GlobalObject *GO = dyn_cast<GlobalObject>(&GV)) { 739 if (const MDNode *Associated = 740 GO->getMetadata(LLVMContext::MD_associated)) { 741 Check(Associated->getNumOperands() == 1, 742 "associated metadata must have one operand", &GV, Associated); 743 const Metadata *Op = Associated->getOperand(0).get(); 744 Check(Op, "associated metadata must have a global value", GO, Associated); 745 746 const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Op); 747 Check(VM, "associated metadata must be ValueAsMetadata", GO, Associated); 748 if (VM) { 749 Check(isa<PointerType>(VM->getValue()->getType()), 750 "associated value must be pointer typed", GV, Associated); 751 752 const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases(); 753 Check(isa<GlobalObject>(Stripped) || isa<Constant>(Stripped), 754 "associated metadata must point to a GlobalObject", GO, Stripped); 755 Check(Stripped != GO, 756 "global values should not associate to themselves", GO, 757 Associated); 758 } 759 } 760 761 // FIXME: Why is getMetadata on GlobalValue protected? 762 if (const MDNode *AbsoluteSymbol = 763 GO->getMetadata(LLVMContext::MD_absolute_symbol)) { 764 verifyRangeLikeMetadata(*GO, AbsoluteSymbol, 765 DL.getIntPtrType(GO->getType()), 766 RangeLikeMetadataKind::AbsoluteSymbol); 767 } 768 } 769 770 Check(!GV.hasAppendingLinkage() || isa<GlobalVariable>(GV), 771 "Only global variables can have appending linkage!", &GV); 772 773 if (GV.hasAppendingLinkage()) { 774 const GlobalVariable *GVar = dyn_cast<GlobalVariable>(&GV); 775 Check(GVar && GVar->getValueType()->isArrayTy(), 776 "Only global arrays can have appending linkage!", GVar); 777 } 778 779 if (GV.isDeclarationForLinker()) 780 Check(!GV.hasComdat(), "Declaration may not be in a Comdat!", &GV); 781 782 if (GV.hasDLLExportStorageClass()) { 783 Check(!GV.hasHiddenVisibility(), 784 "dllexport GlobalValue must have default or protected visibility", 785 &GV); 786 } 787 if (GV.hasDLLImportStorageClass()) { 788 Check(GV.hasDefaultVisibility(), 789 "dllimport GlobalValue must have default visibility", &GV); 790 Check(!GV.isDSOLocal(), "GlobalValue with DLLImport Storage is dso_local!", 791 &GV); 792 793 Check((GV.isDeclaration() && 794 (GV.hasExternalLinkage() || GV.hasExternalWeakLinkage())) || 795 GV.hasAvailableExternallyLinkage(), 796 "Global is marked as dllimport, but not external", &GV); 797 } 798 799 if (GV.isImplicitDSOLocal()) 800 Check(GV.isDSOLocal(), 801 "GlobalValue with local linkage or non-default " 802 "visibility must be dso_local!", 803 &GV); 804 805 forEachUser(&GV, GlobalValueVisited, [&](const Value *V) -> bool { 806 if (const Instruction *I = dyn_cast<Instruction>(V)) { 807 if (!I->getParent() || !I->getParent()->getParent()) 808 CheckFailed("Global is referenced by parentless instruction!", &GV, &M, 809 I); 810 else if (I->getParent()->getParent()->getParent() != &M) 811 CheckFailed("Global is referenced in a different module!", &GV, &M, I, 812 I->getParent()->getParent(), 813 I->getParent()->getParent()->getParent()); 814 return false; 815 } else if (const Function *F = dyn_cast<Function>(V)) { 816 if (F->getParent() != &M) 817 CheckFailed("Global is used by function in a different module", &GV, &M, 818 F, F->getParent()); 819 return false; 820 } 821 return true; 822 }); 823 } 824 825 void Verifier::visitGlobalVariable(const GlobalVariable &GV) { 826 Type *GVType = GV.getValueType(); 827 828 if (MaybeAlign A = GV.getAlign()) { 829 Check(A->value() <= Value::MaximumAlignment, 830 "huge alignment values are unsupported", &GV); 831 } 832 833 if (GV.hasInitializer()) { 834 Check(GV.getInitializer()->getType() == GVType, 835 "Global variable initializer type does not match global " 836 "variable type!", 837 &GV); 838 Check(GV.getInitializer()->getType()->isSized(), 839 "Global variable initializer must be sized", &GV); 840 // If the global has common linkage, it must have a zero initializer and 841 // cannot be constant. 842 if (GV.hasCommonLinkage()) { 843 Check(GV.getInitializer()->isNullValue(), 844 "'common' global must have a zero initializer!", &GV); 845 Check(!GV.isConstant(), "'common' global may not be marked constant!", 846 &GV); 847 Check(!GV.hasComdat(), "'common' global may not be in a Comdat!", &GV); 848 } 849 } 850 851 if (GV.hasName() && (GV.getName() == "llvm.global_ctors" || 852 GV.getName() == "llvm.global_dtors")) { 853 Check(!GV.hasInitializer() || GV.hasAppendingLinkage(), 854 "invalid linkage for intrinsic global variable", &GV); 855 Check(GV.materialized_use_empty(), 856 "invalid uses of intrinsic global variable", &GV); 857 858 // Don't worry about emitting an error for it not being an array, 859 // visitGlobalValue will complain on appending non-array. 860 if (ArrayType *ATy = dyn_cast<ArrayType>(GVType)) { 861 StructType *STy = dyn_cast<StructType>(ATy->getElementType()); 862 PointerType *FuncPtrTy = 863 PointerType::get(Context, DL.getProgramAddressSpace()); 864 Check(STy && (STy->getNumElements() == 2 || STy->getNumElements() == 3) && 865 STy->getTypeAtIndex(0u)->isIntegerTy(32) && 866 STy->getTypeAtIndex(1) == FuncPtrTy, 867 "wrong type for intrinsic global variable", &GV); 868 Check(STy->getNumElements() == 3, 869 "the third field of the element type is mandatory, " 870 "specify ptr null to migrate from the obsoleted 2-field form"); 871 Type *ETy = STy->getTypeAtIndex(2); 872 Check(ETy->isPointerTy(), "wrong type for intrinsic global variable", 873 &GV); 874 } 875 } 876 877 if (GV.hasName() && (GV.getName() == "llvm.used" || 878 GV.getName() == "llvm.compiler.used")) { 879 Check(!GV.hasInitializer() || GV.hasAppendingLinkage(), 880 "invalid linkage for intrinsic global variable", &GV); 881 Check(GV.materialized_use_empty(), 882 "invalid uses of intrinsic global variable", &GV); 883 884 if (ArrayType *ATy = dyn_cast<ArrayType>(GVType)) { 885 PointerType *PTy = dyn_cast<PointerType>(ATy->getElementType()); 886 Check(PTy, "wrong type for intrinsic global variable", &GV); 887 if (GV.hasInitializer()) { 888 const Constant *Init = GV.getInitializer(); 889 const ConstantArray *InitArray = dyn_cast<ConstantArray>(Init); 890 Check(InitArray, "wrong initalizer for intrinsic global variable", 891 Init); 892 for (Value *Op : InitArray->operands()) { 893 Value *V = Op->stripPointerCasts(); 894 Check(isa<GlobalVariable>(V) || isa<Function>(V) || 895 isa<GlobalAlias>(V), 896 Twine("invalid ") + GV.getName() + " member", V); 897 Check(V->hasName(), 898 Twine("members of ") + GV.getName() + " must be named", V); 899 } 900 } 901 } 902 } 903 904 // Visit any debug info attachments. 905 SmallVector<MDNode *, 1> MDs; 906 GV.getMetadata(LLVMContext::MD_dbg, MDs); 907 for (auto *MD : MDs) { 908 if (auto *GVE = dyn_cast<DIGlobalVariableExpression>(MD)) 909 visitDIGlobalVariableExpression(*GVE); 910 else 911 CheckDI(false, "!dbg attachment of global variable must be a " 912 "DIGlobalVariableExpression"); 913 } 914 915 // Scalable vectors cannot be global variables, since we don't know 916 // the runtime size. 917 Check(!GVType->isScalableTy(), "Globals cannot contain scalable types", &GV); 918 919 // Check if it is or contains a target extension type that disallows being 920 // used as a global. 921 Check(!GVType->containsNonGlobalTargetExtType(), 922 "Global @" + GV.getName() + " has illegal target extension type", 923 GVType); 924 925 if (!GV.hasInitializer()) { 926 visitGlobalValue(GV); 927 return; 928 } 929 930 // Walk any aggregate initializers looking for bitcasts between address spaces 931 visitConstantExprsRecursively(GV.getInitializer()); 932 933 visitGlobalValue(GV); 934 } 935 936 void Verifier::visitAliaseeSubExpr(const GlobalAlias &GA, const Constant &C) { 937 SmallPtrSet<const GlobalAlias*, 4> Visited; 938 Visited.insert(&GA); 939 visitAliaseeSubExpr(Visited, GA, C); 940 } 941 942 void Verifier::visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias*> &Visited, 943 const GlobalAlias &GA, const Constant &C) { 944 if (GA.hasAvailableExternallyLinkage()) { 945 Check(isa<GlobalValue>(C) && 946 cast<GlobalValue>(C).hasAvailableExternallyLinkage(), 947 "available_externally alias must point to available_externally " 948 "global value", 949 &GA); 950 } 951 if (const auto *GV = dyn_cast<GlobalValue>(&C)) { 952 if (!GA.hasAvailableExternallyLinkage()) { 953 Check(!GV->isDeclarationForLinker(), "Alias must point to a definition", 954 &GA); 955 } 956 957 if (const auto *GA2 = dyn_cast<GlobalAlias>(GV)) { 958 Check(Visited.insert(GA2).second, "Aliases cannot form a cycle", &GA); 959 960 Check(!GA2->isInterposable(), 961 "Alias cannot point to an interposable alias", &GA); 962 } else { 963 // Only continue verifying subexpressions of GlobalAliases. 964 // Do not recurse into global initializers. 965 return; 966 } 967 } 968 969 if (const auto *CE = dyn_cast<ConstantExpr>(&C)) 970 visitConstantExprsRecursively(CE); 971 972 for (const Use &U : C.operands()) { 973 Value *V = &*U; 974 if (const auto *GA2 = dyn_cast<GlobalAlias>(V)) 975 visitAliaseeSubExpr(Visited, GA, *GA2->getAliasee()); 976 else if (const auto *C2 = dyn_cast<Constant>(V)) 977 visitAliaseeSubExpr(Visited, GA, *C2); 978 } 979 } 980 981 void Verifier::visitGlobalAlias(const GlobalAlias &GA) { 982 Check(GlobalAlias::isValidLinkage(GA.getLinkage()), 983 "Alias should have private, internal, linkonce, weak, linkonce_odr, " 984 "weak_odr, external, or available_externally linkage!", 985 &GA); 986 const Constant *Aliasee = GA.getAliasee(); 987 Check(Aliasee, "Aliasee cannot be NULL!", &GA); 988 Check(GA.getType() == Aliasee->getType(), 989 "Alias and aliasee types should match!", &GA); 990 991 Check(isa<GlobalValue>(Aliasee) || isa<ConstantExpr>(Aliasee), 992 "Aliasee should be either GlobalValue or ConstantExpr", &GA); 993 994 visitAliaseeSubExpr(GA, *Aliasee); 995 996 visitGlobalValue(GA); 997 } 998 999 void Verifier::visitGlobalIFunc(const GlobalIFunc &GI) { 1000 Check(GlobalIFunc::isValidLinkage(GI.getLinkage()), 1001 "IFunc should have private, internal, linkonce, weak, linkonce_odr, " 1002 "weak_odr, or external linkage!", 1003 &GI); 1004 // Pierce through ConstantExprs and GlobalAliases and check that the resolver 1005 // is a Function definition. 1006 const Function *Resolver = GI.getResolverFunction(); 1007 Check(Resolver, "IFunc must have a Function resolver", &GI); 1008 Check(!Resolver->isDeclarationForLinker(), 1009 "IFunc resolver must be a definition", &GI); 1010 1011 // Check that the immediate resolver operand (prior to any bitcasts) has the 1012 // correct type. 1013 const Type *ResolverTy = GI.getResolver()->getType(); 1014 1015 Check(isa<PointerType>(Resolver->getFunctionType()->getReturnType()), 1016 "IFunc resolver must return a pointer", &GI); 1017 1018 Check(ResolverTy == PointerType::get(Context, GI.getAddressSpace()), 1019 "IFunc resolver has incorrect type", &GI); 1020 } 1021 1022 void Verifier::visitNamedMDNode(const NamedMDNode &NMD) { 1023 // There used to be various other llvm.dbg.* nodes, but we don't support 1024 // upgrading them and we want to reserve the namespace for future uses. 1025 if (NMD.getName().starts_with("llvm.dbg.")) 1026 CheckDI(NMD.getName() == "llvm.dbg.cu", 1027 "unrecognized named metadata node in the llvm.dbg namespace", &NMD); 1028 for (const MDNode *MD : NMD.operands()) { 1029 if (NMD.getName() == "llvm.dbg.cu") 1030 CheckDI(MD && isa<DICompileUnit>(MD), "invalid compile unit", &NMD, MD); 1031 1032 if (!MD) 1033 continue; 1034 1035 visitMDNode(*MD, AreDebugLocsAllowed::Yes); 1036 } 1037 } 1038 1039 void Verifier::visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs) { 1040 // Only visit each node once. Metadata can be mutually recursive, so this 1041 // avoids infinite recursion here, as well as being an optimization. 1042 if (!MDNodes.insert(&MD).second) 1043 return; 1044 1045 Check(&MD.getContext() == &Context, 1046 "MDNode context does not match Module context!", &MD); 1047 1048 switch (MD.getMetadataID()) { 1049 default: 1050 llvm_unreachable("Invalid MDNode subclass"); 1051 case Metadata::MDTupleKind: 1052 break; 1053 #define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) \ 1054 case Metadata::CLASS##Kind: \ 1055 visit##CLASS(cast<CLASS>(MD)); \ 1056 break; 1057 #include "llvm/IR/Metadata.def" 1058 } 1059 1060 for (const Metadata *Op : MD.operands()) { 1061 if (!Op) 1062 continue; 1063 Check(!isa<LocalAsMetadata>(Op), "Invalid operand for global metadata!", 1064 &MD, Op); 1065 CheckDI(!isa<DILocation>(Op) || AllowLocs == AreDebugLocsAllowed::Yes, 1066 "DILocation not allowed within this metadata node", &MD, Op); 1067 if (auto *N = dyn_cast<MDNode>(Op)) { 1068 visitMDNode(*N, AllowLocs); 1069 continue; 1070 } 1071 if (auto *V = dyn_cast<ValueAsMetadata>(Op)) { 1072 visitValueAsMetadata(*V, nullptr); 1073 continue; 1074 } 1075 } 1076 1077 // Check these last, so we diagnose problems in operands first. 1078 Check(!MD.isTemporary(), "Expected no forward declarations!", &MD); 1079 Check(MD.isResolved(), "All nodes should be resolved!", &MD); 1080 } 1081 1082 void Verifier::visitValueAsMetadata(const ValueAsMetadata &MD, Function *F) { 1083 Check(MD.getValue(), "Expected valid value", &MD); 1084 Check(!MD.getValue()->getType()->isMetadataTy(), 1085 "Unexpected metadata round-trip through values", &MD, MD.getValue()); 1086 1087 auto *L = dyn_cast<LocalAsMetadata>(&MD); 1088 if (!L) 1089 return; 1090 1091 Check(F, "function-local metadata used outside a function", L); 1092 1093 // If this was an instruction, bb, or argument, verify that it is in the 1094 // function that we expect. 1095 Function *ActualF = nullptr; 1096 if (Instruction *I = dyn_cast<Instruction>(L->getValue())) { 1097 Check(I->getParent(), "function-local metadata not in basic block", L, I); 1098 ActualF = I->getParent()->getParent(); 1099 } else if (BasicBlock *BB = dyn_cast<BasicBlock>(L->getValue())) 1100 ActualF = BB->getParent(); 1101 else if (Argument *A = dyn_cast<Argument>(L->getValue())) 1102 ActualF = A->getParent(); 1103 assert(ActualF && "Unimplemented function local metadata case!"); 1104 1105 Check(ActualF == F, "function-local metadata used in wrong function", L); 1106 } 1107 1108 void Verifier::visitDIArgList(const DIArgList &AL, Function *F) { 1109 for (const ValueAsMetadata *VAM : AL.getArgs()) 1110 visitValueAsMetadata(*VAM, F); 1111 } 1112 1113 void Verifier::visitMetadataAsValue(const MetadataAsValue &MDV, Function *F) { 1114 Metadata *MD = MDV.getMetadata(); 1115 if (auto *N = dyn_cast<MDNode>(MD)) { 1116 visitMDNode(*N, AreDebugLocsAllowed::No); 1117 return; 1118 } 1119 1120 // Only visit each node once. Metadata can be mutually recursive, so this 1121 // avoids infinite recursion here, as well as being an optimization. 1122 if (!MDNodes.insert(MD).second) 1123 return; 1124 1125 if (auto *V = dyn_cast<ValueAsMetadata>(MD)) 1126 visitValueAsMetadata(*V, F); 1127 1128 if (auto *AL = dyn_cast<DIArgList>(MD)) 1129 visitDIArgList(*AL, F); 1130 } 1131 1132 static bool isType(const Metadata *MD) { return !MD || isa<DIType>(MD); } 1133 static bool isScope(const Metadata *MD) { return !MD || isa<DIScope>(MD); } 1134 static bool isDINode(const Metadata *MD) { return !MD || isa<DINode>(MD); } 1135 1136 void Verifier::visitDILocation(const DILocation &N) { 1137 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()), 1138 "location requires a valid scope", &N, N.getRawScope()); 1139 if (auto *IA = N.getRawInlinedAt()) 1140 CheckDI(isa<DILocation>(IA), "inlined-at should be a location", &N, IA); 1141 if (auto *SP = dyn_cast<DISubprogram>(N.getRawScope())) 1142 CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N); 1143 } 1144 1145 void Verifier::visitGenericDINode(const GenericDINode &N) { 1146 CheckDI(N.getTag(), "invalid tag", &N); 1147 } 1148 1149 void Verifier::visitDIScope(const DIScope &N) { 1150 if (auto *F = N.getRawFile()) 1151 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1152 } 1153 1154 void Verifier::visitDISubrangeType(const DISubrangeType &N) { 1155 CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N); 1156 auto *BaseType = N.getRawBaseType(); 1157 CheckDI(!BaseType || isType(BaseType), "BaseType must be a type"); 1158 auto *LBound = N.getRawLowerBound(); 1159 CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) || 1160 isa<DIVariable>(LBound) || isa<DIExpression>(LBound), 1161 "LowerBound must be signed constant or DIVariable or DIExpression", 1162 &N); 1163 auto *UBound = N.getRawUpperBound(); 1164 CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) || 1165 isa<DIVariable>(UBound) || isa<DIExpression>(UBound), 1166 "UpperBound must be signed constant or DIVariable or DIExpression", 1167 &N); 1168 auto *Stride = N.getRawStride(); 1169 CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) || 1170 isa<DIVariable>(Stride) || isa<DIExpression>(Stride), 1171 "Stride must be signed constant or DIVariable or DIExpression", &N); 1172 auto *Bias = N.getRawBias(); 1173 CheckDI(!Bias || isa<ConstantAsMetadata>(Bias) || isa<DIVariable>(Bias) || 1174 isa<DIExpression>(Bias), 1175 "Bias must be signed constant or DIVariable or DIExpression", &N); 1176 // Subrange types currently only support constant size. 1177 auto *Size = N.getRawSizeInBits(); 1178 CheckDI(!Size || isa<ConstantAsMetadata>(Size), 1179 "SizeInBits must be a constant"); 1180 } 1181 1182 void Verifier::visitDISubrange(const DISubrange &N) { 1183 CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N); 1184 CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(), 1185 "Subrange can have any one of count or upperBound", &N); 1186 auto *CBound = N.getRawCountNode(); 1187 CheckDI(!CBound || isa<ConstantAsMetadata>(CBound) || 1188 isa<DIVariable>(CBound) || isa<DIExpression>(CBound), 1189 "Count must be signed constant or DIVariable or DIExpression", &N); 1190 auto Count = N.getCount(); 1191 CheckDI(!Count || !isa<ConstantInt *>(Count) || 1192 cast<ConstantInt *>(Count)->getSExtValue() >= -1, 1193 "invalid subrange count", &N); 1194 auto *LBound = N.getRawLowerBound(); 1195 CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) || 1196 isa<DIVariable>(LBound) || isa<DIExpression>(LBound), 1197 "LowerBound must be signed constant or DIVariable or DIExpression", 1198 &N); 1199 auto *UBound = N.getRawUpperBound(); 1200 CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) || 1201 isa<DIVariable>(UBound) || isa<DIExpression>(UBound), 1202 "UpperBound must be signed constant or DIVariable or DIExpression", 1203 &N); 1204 auto *Stride = N.getRawStride(); 1205 CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) || 1206 isa<DIVariable>(Stride) || isa<DIExpression>(Stride), 1207 "Stride must be signed constant or DIVariable or DIExpression", &N); 1208 } 1209 1210 void Verifier::visitDIGenericSubrange(const DIGenericSubrange &N) { 1211 CheckDI(N.getTag() == dwarf::DW_TAG_generic_subrange, "invalid tag", &N); 1212 CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(), 1213 "GenericSubrange can have any one of count or upperBound", &N); 1214 auto *CBound = N.getRawCountNode(); 1215 CheckDI(!CBound || isa<DIVariable>(CBound) || isa<DIExpression>(CBound), 1216 "Count must be signed constant or DIVariable or DIExpression", &N); 1217 auto *LBound = N.getRawLowerBound(); 1218 CheckDI(LBound, "GenericSubrange must contain lowerBound", &N); 1219 CheckDI(isa<DIVariable>(LBound) || isa<DIExpression>(LBound), 1220 "LowerBound must be signed constant or DIVariable or DIExpression", 1221 &N); 1222 auto *UBound = N.getRawUpperBound(); 1223 CheckDI(!UBound || isa<DIVariable>(UBound) || isa<DIExpression>(UBound), 1224 "UpperBound must be signed constant or DIVariable or DIExpression", 1225 &N); 1226 auto *Stride = N.getRawStride(); 1227 CheckDI(Stride, "GenericSubrange must contain stride", &N); 1228 CheckDI(isa<DIVariable>(Stride) || isa<DIExpression>(Stride), 1229 "Stride must be signed constant or DIVariable or DIExpression", &N); 1230 } 1231 1232 void Verifier::visitDIEnumerator(const DIEnumerator &N) { 1233 CheckDI(N.getTag() == dwarf::DW_TAG_enumerator, "invalid tag", &N); 1234 } 1235 1236 void Verifier::visitDIBasicType(const DIBasicType &N) { 1237 CheckDI(N.getTag() == dwarf::DW_TAG_base_type || 1238 N.getTag() == dwarf::DW_TAG_unspecified_type || 1239 N.getTag() == dwarf::DW_TAG_string_type, 1240 "invalid tag", &N); 1241 // Basic types currently only support constant size. 1242 auto *Size = N.getRawSizeInBits(); 1243 CheckDI(!Size || isa<ConstantAsMetadata>(Size), 1244 "SizeInBits must be a constant"); 1245 } 1246 1247 void Verifier::visitDIFixedPointType(const DIFixedPointType &N) { 1248 visitDIBasicType(N); 1249 1250 CheckDI(N.getTag() == dwarf::DW_TAG_base_type, "invalid tag", &N); 1251 CheckDI(N.getEncoding() == dwarf::DW_ATE_signed_fixed || 1252 N.getEncoding() == dwarf::DW_ATE_unsigned_fixed, 1253 "invalid encoding", &N); 1254 CheckDI(N.getKind() == DIFixedPointType::FixedPointBinary || 1255 N.getKind() == DIFixedPointType::FixedPointDecimal || 1256 N.getKind() == DIFixedPointType::FixedPointRational, 1257 "invalid kind", &N); 1258 CheckDI(N.getKind() != DIFixedPointType::FixedPointRational || 1259 N.getFactorRaw() == 0, 1260 "factor should be 0 for rationals", &N); 1261 CheckDI(N.getKind() == DIFixedPointType::FixedPointRational || 1262 (N.getNumeratorRaw() == 0 && N.getDenominatorRaw() == 0), 1263 "numerator and denominator should be 0 for non-rationals", &N); 1264 } 1265 1266 void Verifier::visitDIStringType(const DIStringType &N) { 1267 CheckDI(N.getTag() == dwarf::DW_TAG_string_type, "invalid tag", &N); 1268 CheckDI(!(N.isBigEndian() && N.isLittleEndian()), "has conflicting flags", 1269 &N); 1270 } 1271 1272 void Verifier::visitDIDerivedType(const DIDerivedType &N) { 1273 // Common scope checks. 1274 visitDIScope(N); 1275 1276 CheckDI(N.getTag() == dwarf::DW_TAG_typedef || 1277 N.getTag() == dwarf::DW_TAG_pointer_type || 1278 N.getTag() == dwarf::DW_TAG_ptr_to_member_type || 1279 N.getTag() == dwarf::DW_TAG_reference_type || 1280 N.getTag() == dwarf::DW_TAG_rvalue_reference_type || 1281 N.getTag() == dwarf::DW_TAG_const_type || 1282 N.getTag() == dwarf::DW_TAG_immutable_type || 1283 N.getTag() == dwarf::DW_TAG_volatile_type || 1284 N.getTag() == dwarf::DW_TAG_restrict_type || 1285 N.getTag() == dwarf::DW_TAG_atomic_type || 1286 N.getTag() == dwarf::DW_TAG_LLVM_ptrauth_type || 1287 N.getTag() == dwarf::DW_TAG_member || 1288 (N.getTag() == dwarf::DW_TAG_variable && N.isStaticMember()) || 1289 N.getTag() == dwarf::DW_TAG_inheritance || 1290 N.getTag() == dwarf::DW_TAG_friend || 1291 N.getTag() == dwarf::DW_TAG_set_type || 1292 N.getTag() == dwarf::DW_TAG_template_alias, 1293 "invalid tag", &N); 1294 if (N.getTag() == dwarf::DW_TAG_ptr_to_member_type) { 1295 CheckDI(isType(N.getRawExtraData()), "invalid pointer to member type", &N, 1296 N.getRawExtraData()); 1297 } 1298 1299 if (N.getTag() == dwarf::DW_TAG_set_type) { 1300 if (auto *T = N.getRawBaseType()) { 1301 auto *Enum = dyn_cast_or_null<DICompositeType>(T); 1302 auto *Basic = dyn_cast_or_null<DIBasicType>(T); 1303 CheckDI( 1304 (Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type) || 1305 (Basic && (Basic->getEncoding() == dwarf::DW_ATE_unsigned || 1306 Basic->getEncoding() == dwarf::DW_ATE_signed || 1307 Basic->getEncoding() == dwarf::DW_ATE_unsigned_char || 1308 Basic->getEncoding() == dwarf::DW_ATE_signed_char || 1309 Basic->getEncoding() == dwarf::DW_ATE_boolean)), 1310 "invalid set base type", &N, T); 1311 } 1312 } 1313 1314 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope()); 1315 CheckDI(isType(N.getRawBaseType()), "invalid base type", &N, 1316 N.getRawBaseType()); 1317 1318 if (N.getDWARFAddressSpace()) { 1319 CheckDI(N.getTag() == dwarf::DW_TAG_pointer_type || 1320 N.getTag() == dwarf::DW_TAG_reference_type || 1321 N.getTag() == dwarf::DW_TAG_rvalue_reference_type, 1322 "DWARF address space only applies to pointer or reference types", 1323 &N); 1324 } 1325 1326 auto *Size = N.getRawSizeInBits(); 1327 CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) || 1328 isa<DIExpression>(Size), 1329 "SizeInBits must be a constant or DIVariable or DIExpression"); 1330 } 1331 1332 /// Detect mutually exclusive flags. 1333 static bool hasConflictingReferenceFlags(unsigned Flags) { 1334 return ((Flags & DINode::FlagLValueReference) && 1335 (Flags & DINode::FlagRValueReference)) || 1336 ((Flags & DINode::FlagTypePassByValue) && 1337 (Flags & DINode::FlagTypePassByReference)); 1338 } 1339 1340 void Verifier::visitTemplateParams(const MDNode &N, const Metadata &RawParams) { 1341 auto *Params = dyn_cast<MDTuple>(&RawParams); 1342 CheckDI(Params, "invalid template params", &N, &RawParams); 1343 for (Metadata *Op : Params->operands()) { 1344 CheckDI(Op && isa<DITemplateParameter>(Op), "invalid template parameter", 1345 &N, Params, Op); 1346 } 1347 } 1348 1349 void Verifier::visitDICompositeType(const DICompositeType &N) { 1350 // Common scope checks. 1351 visitDIScope(N); 1352 1353 CheckDI(N.getTag() == dwarf::DW_TAG_array_type || 1354 N.getTag() == dwarf::DW_TAG_structure_type || 1355 N.getTag() == dwarf::DW_TAG_union_type || 1356 N.getTag() == dwarf::DW_TAG_enumeration_type || 1357 N.getTag() == dwarf::DW_TAG_class_type || 1358 N.getTag() == dwarf::DW_TAG_variant_part || 1359 N.getTag() == dwarf::DW_TAG_variant || 1360 N.getTag() == dwarf::DW_TAG_namelist, 1361 "invalid tag", &N); 1362 1363 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope()); 1364 CheckDI(isType(N.getRawBaseType()), "invalid base type", &N, 1365 N.getRawBaseType()); 1366 1367 CheckDI(!N.getRawElements() || isa<MDTuple>(N.getRawElements()), 1368 "invalid composite elements", &N, N.getRawElements()); 1369 CheckDI(isType(N.getRawVTableHolder()), "invalid vtable holder", &N, 1370 N.getRawVTableHolder()); 1371 CheckDI(!hasConflictingReferenceFlags(N.getFlags()), 1372 "invalid reference flags", &N); 1373 unsigned DIBlockByRefStruct = 1 << 4; 1374 CheckDI((N.getFlags() & DIBlockByRefStruct) == 0, 1375 "DIBlockByRefStruct on DICompositeType is no longer supported", &N); 1376 CheckDI(llvm::all_of(N.getElements(), [](const DINode *N) { return N; }), 1377 "DISubprogram contains null entry in `elements` field", &N); 1378 1379 if (N.isVector()) { 1380 const DINodeArray Elements = N.getElements(); 1381 CheckDI(Elements.size() == 1 && 1382 Elements[0]->getTag() == dwarf::DW_TAG_subrange_type, 1383 "invalid vector, expected one element of type subrange", &N); 1384 } 1385 1386 if (auto *Params = N.getRawTemplateParams()) 1387 visitTemplateParams(N, *Params); 1388 1389 if (auto *D = N.getRawDiscriminator()) { 1390 CheckDI(isa<DIDerivedType>(D) && N.getTag() == dwarf::DW_TAG_variant_part, 1391 "discriminator can only appear on variant part"); 1392 } 1393 1394 if (N.getRawDataLocation()) { 1395 CheckDI(N.getTag() == dwarf::DW_TAG_array_type, 1396 "dataLocation can only appear in array type"); 1397 } 1398 1399 if (N.getRawAssociated()) { 1400 CheckDI(N.getTag() == dwarf::DW_TAG_array_type, 1401 "associated can only appear in array type"); 1402 } 1403 1404 if (N.getRawAllocated()) { 1405 CheckDI(N.getTag() == dwarf::DW_TAG_array_type, 1406 "allocated can only appear in array type"); 1407 } 1408 1409 if (N.getRawRank()) { 1410 CheckDI(N.getTag() == dwarf::DW_TAG_array_type, 1411 "rank can only appear in array type"); 1412 } 1413 1414 if (N.getTag() == dwarf::DW_TAG_array_type) { 1415 CheckDI(N.getRawBaseType(), "array types must have a base type", &N); 1416 } 1417 1418 auto *Size = N.getRawSizeInBits(); 1419 CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) || 1420 isa<DIExpression>(Size), 1421 "SizeInBits must be a constant or DIVariable or DIExpression"); 1422 } 1423 1424 void Verifier::visitDISubroutineType(const DISubroutineType &N) { 1425 CheckDI(N.getTag() == dwarf::DW_TAG_subroutine_type, "invalid tag", &N); 1426 if (auto *Types = N.getRawTypeArray()) { 1427 CheckDI(isa<MDTuple>(Types), "invalid composite elements", &N, Types); 1428 for (Metadata *Ty : N.getTypeArray()->operands()) { 1429 CheckDI(isType(Ty), "invalid subroutine type ref", &N, Types, Ty); 1430 } 1431 } 1432 CheckDI(!hasConflictingReferenceFlags(N.getFlags()), 1433 "invalid reference flags", &N); 1434 } 1435 1436 void Verifier::visitDIFile(const DIFile &N) { 1437 CheckDI(N.getTag() == dwarf::DW_TAG_file_type, "invalid tag", &N); 1438 std::optional<DIFile::ChecksumInfo<StringRef>> Checksum = N.getChecksum(); 1439 if (Checksum) { 1440 CheckDI(Checksum->Kind <= DIFile::ChecksumKind::CSK_Last, 1441 "invalid checksum kind", &N); 1442 size_t Size; 1443 switch (Checksum->Kind) { 1444 case DIFile::CSK_MD5: 1445 Size = 32; 1446 break; 1447 case DIFile::CSK_SHA1: 1448 Size = 40; 1449 break; 1450 case DIFile::CSK_SHA256: 1451 Size = 64; 1452 break; 1453 } 1454 CheckDI(Checksum->Value.size() == Size, "invalid checksum length", &N); 1455 CheckDI(Checksum->Value.find_if_not(llvm::isHexDigit) == StringRef::npos, 1456 "invalid checksum", &N); 1457 } 1458 } 1459 1460 void Verifier::visitDICompileUnit(const DICompileUnit &N) { 1461 CheckDI(N.isDistinct(), "compile units must be distinct", &N); 1462 CheckDI(N.getTag() == dwarf::DW_TAG_compile_unit, "invalid tag", &N); 1463 1464 // Don't bother verifying the compilation directory or producer string 1465 // as those could be empty. 1466 CheckDI(N.getRawFile() && isa<DIFile>(N.getRawFile()), "invalid file", &N, 1467 N.getRawFile()); 1468 CheckDI(!N.getFile()->getFilename().empty(), "invalid filename", &N, 1469 N.getFile()); 1470 1471 CheckDI((N.getEmissionKind() <= DICompileUnit::LastEmissionKind), 1472 "invalid emission kind", &N); 1473 1474 if (auto *Array = N.getRawEnumTypes()) { 1475 CheckDI(isa<MDTuple>(Array), "invalid enum list", &N, Array); 1476 for (Metadata *Op : N.getEnumTypes()->operands()) { 1477 auto *Enum = dyn_cast_or_null<DICompositeType>(Op); 1478 CheckDI(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type, 1479 "invalid enum type", &N, N.getEnumTypes(), Op); 1480 } 1481 } 1482 if (auto *Array = N.getRawRetainedTypes()) { 1483 CheckDI(isa<MDTuple>(Array), "invalid retained type list", &N, Array); 1484 for (Metadata *Op : N.getRetainedTypes()->operands()) { 1485 CheckDI( 1486 Op && (isa<DIType>(Op) || (isa<DISubprogram>(Op) && 1487 !cast<DISubprogram>(Op)->isDefinition())), 1488 "invalid retained type", &N, Op); 1489 } 1490 } 1491 if (auto *Array = N.getRawGlobalVariables()) { 1492 CheckDI(isa<MDTuple>(Array), "invalid global variable list", &N, Array); 1493 for (Metadata *Op : N.getGlobalVariables()->operands()) { 1494 CheckDI(Op && (isa<DIGlobalVariableExpression>(Op)), 1495 "invalid global variable ref", &N, Op); 1496 } 1497 } 1498 if (auto *Array = N.getRawImportedEntities()) { 1499 CheckDI(isa<MDTuple>(Array), "invalid imported entity list", &N, Array); 1500 for (Metadata *Op : N.getImportedEntities()->operands()) { 1501 CheckDI(Op && isa<DIImportedEntity>(Op), "invalid imported entity ref", 1502 &N, Op); 1503 } 1504 } 1505 if (auto *Array = N.getRawMacros()) { 1506 CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array); 1507 for (Metadata *Op : N.getMacros()->operands()) { 1508 CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op); 1509 } 1510 } 1511 CUVisited.insert(&N); 1512 } 1513 1514 void Verifier::visitDISubprogram(const DISubprogram &N) { 1515 CheckDI(N.getTag() == dwarf::DW_TAG_subprogram, "invalid tag", &N); 1516 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope()); 1517 if (auto *F = N.getRawFile()) 1518 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1519 else 1520 CheckDI(N.getLine() == 0, "line specified with no file", &N, N.getLine()); 1521 if (auto *T = N.getRawType()) 1522 CheckDI(isa<DISubroutineType>(T), "invalid subroutine type", &N, T); 1523 CheckDI(isType(N.getRawContainingType()), "invalid containing type", &N, 1524 N.getRawContainingType()); 1525 if (auto *Params = N.getRawTemplateParams()) 1526 visitTemplateParams(N, *Params); 1527 if (auto *S = N.getRawDeclaration()) 1528 CheckDI(isa<DISubprogram>(S) && !cast<DISubprogram>(S)->isDefinition(), 1529 "invalid subprogram declaration", &N, S); 1530 if (auto *RawNode = N.getRawRetainedNodes()) { 1531 auto *Node = dyn_cast<MDTuple>(RawNode); 1532 CheckDI(Node, "invalid retained nodes list", &N, RawNode); 1533 for (Metadata *Op : Node->operands()) { 1534 CheckDI(Op && (isa<DILocalVariable>(Op) || isa<DILabel>(Op) || 1535 isa<DIImportedEntity>(Op)), 1536 "invalid retained nodes, expected DILocalVariable, DILabel or " 1537 "DIImportedEntity", 1538 &N, Node, Op); 1539 } 1540 } 1541 CheckDI(!hasConflictingReferenceFlags(N.getFlags()), 1542 "invalid reference flags", &N); 1543 1544 auto *Unit = N.getRawUnit(); 1545 if (N.isDefinition()) { 1546 // Subprogram definitions (not part of the type hierarchy). 1547 CheckDI(N.isDistinct(), "subprogram definitions must be distinct", &N); 1548 CheckDI(Unit, "subprogram definitions must have a compile unit", &N); 1549 CheckDI(isa<DICompileUnit>(Unit), "invalid unit type", &N, Unit); 1550 // There's no good way to cross the CU boundary to insert a nested 1551 // DISubprogram definition in one CU into a type defined in another CU. 1552 auto *CT = dyn_cast_or_null<DICompositeType>(N.getRawScope()); 1553 if (CT && CT->getRawIdentifier() && 1554 M.getContext().isODRUniquingDebugTypes()) 1555 CheckDI(N.getDeclaration(), 1556 "definition subprograms cannot be nested within DICompositeType " 1557 "when enabling ODR", 1558 &N); 1559 } else { 1560 // Subprogram declarations (part of the type hierarchy). 1561 CheckDI(!Unit, "subprogram declarations must not have a compile unit", &N); 1562 CheckDI(!N.getRawDeclaration(), 1563 "subprogram declaration must not have a declaration field"); 1564 } 1565 1566 if (auto *RawThrownTypes = N.getRawThrownTypes()) { 1567 auto *ThrownTypes = dyn_cast<MDTuple>(RawThrownTypes); 1568 CheckDI(ThrownTypes, "invalid thrown types list", &N, RawThrownTypes); 1569 for (Metadata *Op : ThrownTypes->operands()) 1570 CheckDI(Op && isa<DIType>(Op), "invalid thrown type", &N, ThrownTypes, 1571 Op); 1572 } 1573 1574 if (N.areAllCallsDescribed()) 1575 CheckDI(N.isDefinition(), 1576 "DIFlagAllCallsDescribed must be attached to a definition"); 1577 } 1578 1579 void Verifier::visitDILexicalBlockBase(const DILexicalBlockBase &N) { 1580 CheckDI(N.getTag() == dwarf::DW_TAG_lexical_block, "invalid tag", &N); 1581 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()), 1582 "invalid local scope", &N, N.getRawScope()); 1583 if (auto *SP = dyn_cast<DISubprogram>(N.getRawScope())) 1584 CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N); 1585 } 1586 1587 void Verifier::visitDILexicalBlock(const DILexicalBlock &N) { 1588 visitDILexicalBlockBase(N); 1589 1590 CheckDI(N.getLine() || !N.getColumn(), 1591 "cannot have column info without line info", &N); 1592 } 1593 1594 void Verifier::visitDILexicalBlockFile(const DILexicalBlockFile &N) { 1595 visitDILexicalBlockBase(N); 1596 } 1597 1598 void Verifier::visitDICommonBlock(const DICommonBlock &N) { 1599 CheckDI(N.getTag() == dwarf::DW_TAG_common_block, "invalid tag", &N); 1600 if (auto *S = N.getRawScope()) 1601 CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S); 1602 if (auto *S = N.getRawDecl()) 1603 CheckDI(isa<DIGlobalVariable>(S), "invalid declaration", &N, S); 1604 } 1605 1606 void Verifier::visitDINamespace(const DINamespace &N) { 1607 CheckDI(N.getTag() == dwarf::DW_TAG_namespace, "invalid tag", &N); 1608 if (auto *S = N.getRawScope()) 1609 CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S); 1610 } 1611 1612 void Verifier::visitDIMacro(const DIMacro &N) { 1613 CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_define || 1614 N.getMacinfoType() == dwarf::DW_MACINFO_undef, 1615 "invalid macinfo type", &N); 1616 CheckDI(!N.getName().empty(), "anonymous macro", &N); 1617 if (!N.getValue().empty()) { 1618 assert(N.getValue().data()[0] != ' ' && "Macro value has a space prefix"); 1619 } 1620 } 1621 1622 void Verifier::visitDIMacroFile(const DIMacroFile &N) { 1623 CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_start_file, 1624 "invalid macinfo type", &N); 1625 if (auto *F = N.getRawFile()) 1626 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1627 1628 if (auto *Array = N.getRawElements()) { 1629 CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array); 1630 for (Metadata *Op : N.getElements()->operands()) { 1631 CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op); 1632 } 1633 } 1634 } 1635 1636 void Verifier::visitDIModule(const DIModule &N) { 1637 CheckDI(N.getTag() == dwarf::DW_TAG_module, "invalid tag", &N); 1638 CheckDI(!N.getName().empty(), "anonymous module", &N); 1639 } 1640 1641 void Verifier::visitDITemplateParameter(const DITemplateParameter &N) { 1642 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType()); 1643 } 1644 1645 void Verifier::visitDITemplateTypeParameter(const DITemplateTypeParameter &N) { 1646 visitDITemplateParameter(N); 1647 1648 CheckDI(N.getTag() == dwarf::DW_TAG_template_type_parameter, "invalid tag", 1649 &N); 1650 } 1651 1652 void Verifier::visitDITemplateValueParameter( 1653 const DITemplateValueParameter &N) { 1654 visitDITemplateParameter(N); 1655 1656 CheckDI(N.getTag() == dwarf::DW_TAG_template_value_parameter || 1657 N.getTag() == dwarf::DW_TAG_GNU_template_template_param || 1658 N.getTag() == dwarf::DW_TAG_GNU_template_parameter_pack, 1659 "invalid tag", &N); 1660 } 1661 1662 void Verifier::visitDIVariable(const DIVariable &N) { 1663 if (auto *S = N.getRawScope()) 1664 CheckDI(isa<DIScope>(S), "invalid scope", &N, S); 1665 if (auto *F = N.getRawFile()) 1666 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1667 } 1668 1669 void Verifier::visitDIGlobalVariable(const DIGlobalVariable &N) { 1670 // Checks common to all variables. 1671 visitDIVariable(N); 1672 1673 CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N); 1674 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType()); 1675 // Check only if the global variable is not an extern 1676 if (N.isDefinition()) 1677 CheckDI(N.getType(), "missing global variable type", &N); 1678 if (auto *Member = N.getRawStaticDataMemberDeclaration()) { 1679 CheckDI(isa<DIDerivedType>(Member), 1680 "invalid static data member declaration", &N, Member); 1681 } 1682 } 1683 1684 void Verifier::visitDILocalVariable(const DILocalVariable &N) { 1685 // Checks common to all variables. 1686 visitDIVariable(N); 1687 1688 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType()); 1689 CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N); 1690 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()), 1691 "local variable requires a valid scope", &N, N.getRawScope()); 1692 if (auto Ty = N.getType()) 1693 CheckDI(!isa<DISubroutineType>(Ty), "invalid type", &N, N.getType()); 1694 } 1695 1696 void Verifier::visitDIAssignID(const DIAssignID &N) { 1697 CheckDI(!N.getNumOperands(), "DIAssignID has no arguments", &N); 1698 CheckDI(N.isDistinct(), "DIAssignID must be distinct", &N); 1699 } 1700 1701 void Verifier::visitDILabel(const DILabel &N) { 1702 if (auto *S = N.getRawScope()) 1703 CheckDI(isa<DIScope>(S), "invalid scope", &N, S); 1704 if (auto *F = N.getRawFile()) 1705 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1706 1707 CheckDI(N.getTag() == dwarf::DW_TAG_label, "invalid tag", &N); 1708 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()), 1709 "label requires a valid scope", &N, N.getRawScope()); 1710 } 1711 1712 void Verifier::visitDIExpression(const DIExpression &N) { 1713 CheckDI(N.isValid(), "invalid expression", &N); 1714 } 1715 1716 void Verifier::visitDIGlobalVariableExpression( 1717 const DIGlobalVariableExpression &GVE) { 1718 CheckDI(GVE.getVariable(), "missing variable"); 1719 if (auto *Var = GVE.getVariable()) 1720 visitDIGlobalVariable(*Var); 1721 if (auto *Expr = GVE.getExpression()) { 1722 visitDIExpression(*Expr); 1723 if (auto Fragment = Expr->getFragmentInfo()) 1724 verifyFragmentExpression(*GVE.getVariable(), *Fragment, &GVE); 1725 } 1726 } 1727 1728 void Verifier::visitDIObjCProperty(const DIObjCProperty &N) { 1729 CheckDI(N.getTag() == dwarf::DW_TAG_APPLE_property, "invalid tag", &N); 1730 if (auto *T = N.getRawType()) 1731 CheckDI(isType(T), "invalid type ref", &N, T); 1732 if (auto *F = N.getRawFile()) 1733 CheckDI(isa<DIFile>(F), "invalid file", &N, F); 1734 } 1735 1736 void Verifier::visitDIImportedEntity(const DIImportedEntity &N) { 1737 CheckDI(N.getTag() == dwarf::DW_TAG_imported_module || 1738 N.getTag() == dwarf::DW_TAG_imported_declaration, 1739 "invalid tag", &N); 1740 if (auto *S = N.getRawScope()) 1741 CheckDI(isa<DIScope>(S), "invalid scope for imported entity", &N, S); 1742 CheckDI(isDINode(N.getRawEntity()), "invalid imported entity", &N, 1743 N.getRawEntity()); 1744 } 1745 1746 void Verifier::visitComdat(const Comdat &C) { 1747 // In COFF the Module is invalid if the GlobalValue has private linkage. 1748 // Entities with private linkage don't have entries in the symbol table. 1749 if (TT.isOSBinFormatCOFF()) 1750 if (const GlobalValue *GV = M.getNamedValue(C.getName())) 1751 Check(!GV->hasPrivateLinkage(), "comdat global value has private linkage", 1752 GV); 1753 } 1754 1755 void Verifier::visitModuleIdents() { 1756 const NamedMDNode *Idents = M.getNamedMetadata("llvm.ident"); 1757 if (!Idents) 1758 return; 1759 1760 // llvm.ident takes a list of metadata entry. Each entry has only one string. 1761 // Scan each llvm.ident entry and make sure that this requirement is met. 1762 for (const MDNode *N : Idents->operands()) { 1763 Check(N->getNumOperands() == 1, 1764 "incorrect number of operands in llvm.ident metadata", N); 1765 Check(dyn_cast_or_null<MDString>(N->getOperand(0)), 1766 ("invalid value for llvm.ident metadata entry operand" 1767 "(the operand should be a string)"), 1768 N->getOperand(0)); 1769 } 1770 } 1771 1772 void Verifier::visitModuleCommandLines() { 1773 const NamedMDNode *CommandLines = M.getNamedMetadata("llvm.commandline"); 1774 if (!CommandLines) 1775 return; 1776 1777 // llvm.commandline takes a list of metadata entry. Each entry has only one 1778 // string. Scan each llvm.commandline entry and make sure that this 1779 // requirement is met. 1780 for (const MDNode *N : CommandLines->operands()) { 1781 Check(N->getNumOperands() == 1, 1782 "incorrect number of operands in llvm.commandline metadata", N); 1783 Check(dyn_cast_or_null<MDString>(N->getOperand(0)), 1784 ("invalid value for llvm.commandline metadata entry operand" 1785 "(the operand should be a string)"), 1786 N->getOperand(0)); 1787 } 1788 } 1789 1790 void Verifier::visitModuleFlags() { 1791 const NamedMDNode *Flags = M.getModuleFlagsMetadata(); 1792 if (!Flags) return; 1793 1794 // Scan each flag, and track the flags and requirements. 1795 DenseMap<const MDString*, const MDNode*> SeenIDs; 1796 SmallVector<const MDNode*, 16> Requirements; 1797 uint64_t PAuthABIPlatform = -1; 1798 uint64_t PAuthABIVersion = -1; 1799 for (const MDNode *MDN : Flags->operands()) { 1800 visitModuleFlag(MDN, SeenIDs, Requirements); 1801 if (MDN->getNumOperands() != 3) 1802 continue; 1803 if (const auto *FlagName = dyn_cast_or_null<MDString>(MDN->getOperand(1))) { 1804 if (FlagName->getString() == "aarch64-elf-pauthabi-platform") { 1805 if (const auto *PAP = 1806 mdconst::dyn_extract_or_null<ConstantInt>(MDN->getOperand(2))) 1807 PAuthABIPlatform = PAP->getZExtValue(); 1808 } else if (FlagName->getString() == "aarch64-elf-pauthabi-version") { 1809 if (const auto *PAV = 1810 mdconst::dyn_extract_or_null<ConstantInt>(MDN->getOperand(2))) 1811 PAuthABIVersion = PAV->getZExtValue(); 1812 } 1813 } 1814 } 1815 1816 if ((PAuthABIPlatform == uint64_t(-1)) != (PAuthABIVersion == uint64_t(-1))) 1817 CheckFailed("either both or no 'aarch64-elf-pauthabi-platform' and " 1818 "'aarch64-elf-pauthabi-version' module flags must be present"); 1819 1820 // Validate that the requirements in the module are valid. 1821 for (const MDNode *Requirement : Requirements) { 1822 const MDString *Flag = cast<MDString>(Requirement->getOperand(0)); 1823 const Metadata *ReqValue = Requirement->getOperand(1); 1824 1825 const MDNode *Op = SeenIDs.lookup(Flag); 1826 if (!Op) { 1827 CheckFailed("invalid requirement on flag, flag is not present in module", 1828 Flag); 1829 continue; 1830 } 1831 1832 if (Op->getOperand(2) != ReqValue) { 1833 CheckFailed(("invalid requirement on flag, " 1834 "flag does not have the required value"), 1835 Flag); 1836 continue; 1837 } 1838 } 1839 } 1840 1841 void 1842 Verifier::visitModuleFlag(const MDNode *Op, 1843 DenseMap<const MDString *, const MDNode *> &SeenIDs, 1844 SmallVectorImpl<const MDNode *> &Requirements) { 1845 // Each module flag should have three arguments, the merge behavior (a 1846 // constant int), the flag ID (an MDString), and the value. 1847 Check(Op->getNumOperands() == 3, 1848 "incorrect number of operands in module flag", Op); 1849 Module::ModFlagBehavior MFB; 1850 if (!Module::isValidModFlagBehavior(Op->getOperand(0), MFB)) { 1851 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(0)), 1852 "invalid behavior operand in module flag (expected constant integer)", 1853 Op->getOperand(0)); 1854 Check(false, 1855 "invalid behavior operand in module flag (unexpected constant)", 1856 Op->getOperand(0)); 1857 } 1858 MDString *ID = dyn_cast_or_null<MDString>(Op->getOperand(1)); 1859 Check(ID, "invalid ID operand in module flag (expected metadata string)", 1860 Op->getOperand(1)); 1861 1862 // Check the values for behaviors with additional requirements. 1863 switch (MFB) { 1864 case Module::Error: 1865 case Module::Warning: 1866 case Module::Override: 1867 // These behavior types accept any value. 1868 break; 1869 1870 case Module::Min: { 1871 auto *V = mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)); 1872 Check(V && V->getValue().isNonNegative(), 1873 "invalid value for 'min' module flag (expected constant non-negative " 1874 "integer)", 1875 Op->getOperand(2)); 1876 break; 1877 } 1878 1879 case Module::Max: { 1880 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)), 1881 "invalid value for 'max' module flag (expected constant integer)", 1882 Op->getOperand(2)); 1883 break; 1884 } 1885 1886 case Module::Require: { 1887 // The value should itself be an MDNode with two operands, a flag ID (an 1888 // MDString), and a value. 1889 MDNode *Value = dyn_cast<MDNode>(Op->getOperand(2)); 1890 Check(Value && Value->getNumOperands() == 2, 1891 "invalid value for 'require' module flag (expected metadata pair)", 1892 Op->getOperand(2)); 1893 Check(isa<MDString>(Value->getOperand(0)), 1894 ("invalid value for 'require' module flag " 1895 "(first value operand should be a string)"), 1896 Value->getOperand(0)); 1897 1898 // Append it to the list of requirements, to check once all module flags are 1899 // scanned. 1900 Requirements.push_back(Value); 1901 break; 1902 } 1903 1904 case Module::Append: 1905 case Module::AppendUnique: { 1906 // These behavior types require the operand be an MDNode. 1907 Check(isa<MDNode>(Op->getOperand(2)), 1908 "invalid value for 'append'-type module flag " 1909 "(expected a metadata node)", 1910 Op->getOperand(2)); 1911 break; 1912 } 1913 } 1914 1915 // Unless this is a "requires" flag, check the ID is unique. 1916 if (MFB != Module::Require) { 1917 bool Inserted = SeenIDs.insert(std::make_pair(ID, Op)).second; 1918 Check(Inserted, 1919 "module flag identifiers must be unique (or of 'require' type)", ID); 1920 } 1921 1922 if (ID->getString() == "wchar_size") { 1923 ConstantInt *Value 1924 = mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)); 1925 Check(Value, "wchar_size metadata requires constant integer argument"); 1926 } 1927 1928 if (ID->getString() == "Linker Options") { 1929 // If the llvm.linker.options named metadata exists, we assume that the 1930 // bitcode reader has upgraded the module flag. Otherwise the flag might 1931 // have been created by a client directly. 1932 Check(M.getNamedMetadata("llvm.linker.options"), 1933 "'Linker Options' named metadata no longer supported"); 1934 } 1935 1936 if (ID->getString() == "SemanticInterposition") { 1937 ConstantInt *Value = 1938 mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)); 1939 Check(Value, 1940 "SemanticInterposition metadata requires constant integer argument"); 1941 } 1942 1943 if (ID->getString() == "CG Profile") { 1944 for (const MDOperand &MDO : cast<MDNode>(Op->getOperand(2))->operands()) 1945 visitModuleFlagCGProfileEntry(MDO); 1946 } 1947 } 1948 1949 void Verifier::visitModuleFlagCGProfileEntry(const MDOperand &MDO) { 1950 auto CheckFunction = [&](const MDOperand &FuncMDO) { 1951 if (!FuncMDO) 1952 return; 1953 auto F = dyn_cast<ValueAsMetadata>(FuncMDO); 1954 Check(F && isa<Function>(F->getValue()->stripPointerCasts()), 1955 "expected a Function or null", FuncMDO); 1956 }; 1957 auto Node = dyn_cast_or_null<MDNode>(MDO); 1958 Check(Node && Node->getNumOperands() == 3, "expected a MDNode triple", MDO); 1959 CheckFunction(Node->getOperand(0)); 1960 CheckFunction(Node->getOperand(1)); 1961 auto Count = dyn_cast_or_null<ConstantAsMetadata>(Node->getOperand(2)); 1962 Check(Count && Count->getType()->isIntegerTy(), 1963 "expected an integer constant", Node->getOperand(2)); 1964 } 1965 1966 void Verifier::verifyAttributeTypes(AttributeSet Attrs, const Value *V) { 1967 for (Attribute A : Attrs) { 1968 1969 if (A.isStringAttribute()) { 1970 #define GET_ATTR_NAMES 1971 #define ATTRIBUTE_ENUM(ENUM_NAME, DISPLAY_NAME) 1972 #define ATTRIBUTE_STRBOOL(ENUM_NAME, DISPLAY_NAME) \ 1973 if (A.getKindAsString() == #DISPLAY_NAME) { \ 1974 auto V = A.getValueAsString(); \ 1975 if (!(V.empty() || V == "true" || V == "false")) \ 1976 CheckFailed("invalid value for '" #DISPLAY_NAME "' attribute: " + V + \ 1977 ""); \ 1978 } 1979 1980 #include "llvm/IR/Attributes.inc" 1981 continue; 1982 } 1983 1984 if (A.isIntAttribute() != Attribute::isIntAttrKind(A.getKindAsEnum())) { 1985 CheckFailed("Attribute '" + A.getAsString() + "' should have an Argument", 1986 V); 1987 return; 1988 } 1989 } 1990 } 1991 1992 // VerifyParameterAttrs - Check the given attributes for an argument or return 1993 // value of the specified type. The value V is printed in error messages. 1994 void Verifier::verifyParameterAttrs(AttributeSet Attrs, Type *Ty, 1995 const Value *V) { 1996 if (!Attrs.hasAttributes()) 1997 return; 1998 1999 verifyAttributeTypes(Attrs, V); 2000 2001 for (Attribute Attr : Attrs) 2002 Check(Attr.isStringAttribute() || 2003 Attribute::canUseAsParamAttr(Attr.getKindAsEnum()), 2004 "Attribute '" + Attr.getAsString() + "' does not apply to parameters", 2005 V); 2006 2007 if (Attrs.hasAttribute(Attribute::ImmArg)) { 2008 unsigned AttrCount = 2009 Attrs.getNumAttributes() - Attrs.hasAttribute(Attribute::Range); 2010 Check(AttrCount == 1, 2011 "Attribute 'immarg' is incompatible with other attributes except the " 2012 "'range' attribute", 2013 V); 2014 } 2015 2016 // Check for mutually incompatible attributes. Only inreg is compatible with 2017 // sret. 2018 unsigned AttrCount = 0; 2019 AttrCount += Attrs.hasAttribute(Attribute::ByVal); 2020 AttrCount += Attrs.hasAttribute(Attribute::InAlloca); 2021 AttrCount += Attrs.hasAttribute(Attribute::Preallocated); 2022 AttrCount += Attrs.hasAttribute(Attribute::StructRet) || 2023 Attrs.hasAttribute(Attribute::InReg); 2024 AttrCount += Attrs.hasAttribute(Attribute::Nest); 2025 AttrCount += Attrs.hasAttribute(Attribute::ByRef); 2026 Check(AttrCount <= 1, 2027 "Attributes 'byval', 'inalloca', 'preallocated', 'inreg', 'nest', " 2028 "'byref', and 'sret' are incompatible!", 2029 V); 2030 2031 Check(!(Attrs.hasAttribute(Attribute::InAlloca) && 2032 Attrs.hasAttribute(Attribute::ReadOnly)), 2033 "Attributes " 2034 "'inalloca and readonly' are incompatible!", 2035 V); 2036 2037 Check(!(Attrs.hasAttribute(Attribute::StructRet) && 2038 Attrs.hasAttribute(Attribute::Returned)), 2039 "Attributes " 2040 "'sret and returned' are incompatible!", 2041 V); 2042 2043 Check(!(Attrs.hasAttribute(Attribute::ZExt) && 2044 Attrs.hasAttribute(Attribute::SExt)), 2045 "Attributes " 2046 "'zeroext and signext' are incompatible!", 2047 V); 2048 2049 Check(!(Attrs.hasAttribute(Attribute::ReadNone) && 2050 Attrs.hasAttribute(Attribute::ReadOnly)), 2051 "Attributes " 2052 "'readnone and readonly' are incompatible!", 2053 V); 2054 2055 Check(!(Attrs.hasAttribute(Attribute::ReadNone) && 2056 Attrs.hasAttribute(Attribute::WriteOnly)), 2057 "Attributes " 2058 "'readnone and writeonly' are incompatible!", 2059 V); 2060 2061 Check(!(Attrs.hasAttribute(Attribute::ReadOnly) && 2062 Attrs.hasAttribute(Attribute::WriteOnly)), 2063 "Attributes " 2064 "'readonly and writeonly' are incompatible!", 2065 V); 2066 2067 Check(!(Attrs.hasAttribute(Attribute::NoInline) && 2068 Attrs.hasAttribute(Attribute::AlwaysInline)), 2069 "Attributes " 2070 "'noinline and alwaysinline' are incompatible!", 2071 V); 2072 2073 Check(!(Attrs.hasAttribute(Attribute::Writable) && 2074 Attrs.hasAttribute(Attribute::ReadNone)), 2075 "Attributes writable and readnone are incompatible!", V); 2076 2077 Check(!(Attrs.hasAttribute(Attribute::Writable) && 2078 Attrs.hasAttribute(Attribute::ReadOnly)), 2079 "Attributes writable and readonly are incompatible!", V); 2080 2081 AttributeMask IncompatibleAttrs = AttributeFuncs::typeIncompatible(Ty, Attrs); 2082 for (Attribute Attr : Attrs) { 2083 if (!Attr.isStringAttribute() && 2084 IncompatibleAttrs.contains(Attr.getKindAsEnum())) { 2085 CheckFailed("Attribute '" + Attr.getAsString() + 2086 "' applied to incompatible type!", V); 2087 return; 2088 } 2089 } 2090 2091 if (isa<PointerType>(Ty)) { 2092 if (Attrs.hasAttribute(Attribute::Alignment)) { 2093 Align AttrAlign = Attrs.getAlignment().valueOrOne(); 2094 Check(AttrAlign.value() <= Value::MaximumAlignment, 2095 "huge alignment values are unsupported", V); 2096 } 2097 if (Attrs.hasAttribute(Attribute::ByVal)) { 2098 Type *ByValTy = Attrs.getByValType(); 2099 SmallPtrSet<Type *, 4> Visited; 2100 Check(ByValTy->isSized(&Visited), 2101 "Attribute 'byval' does not support unsized types!", V); 2102 // Check if it is or contains a target extension type that disallows being 2103 // used on the stack. 2104 Check(!ByValTy->containsNonLocalTargetExtType(), 2105 "'byval' argument has illegal target extension type", V); 2106 Check(DL.getTypeAllocSize(ByValTy).getKnownMinValue() < (1ULL << 32), 2107 "huge 'byval' arguments are unsupported", V); 2108 } 2109 if (Attrs.hasAttribute(Attribute::ByRef)) { 2110 SmallPtrSet<Type *, 4> Visited; 2111 Check(Attrs.getByRefType()->isSized(&Visited), 2112 "Attribute 'byref' does not support unsized types!", V); 2113 Check(DL.getTypeAllocSize(Attrs.getByRefType()).getKnownMinValue() < 2114 (1ULL << 32), 2115 "huge 'byref' arguments are unsupported", V); 2116 } 2117 if (Attrs.hasAttribute(Attribute::InAlloca)) { 2118 SmallPtrSet<Type *, 4> Visited; 2119 Check(Attrs.getInAllocaType()->isSized(&Visited), 2120 "Attribute 'inalloca' does not support unsized types!", V); 2121 Check(DL.getTypeAllocSize(Attrs.getInAllocaType()).getKnownMinValue() < 2122 (1ULL << 32), 2123 "huge 'inalloca' arguments are unsupported", V); 2124 } 2125 if (Attrs.hasAttribute(Attribute::Preallocated)) { 2126 SmallPtrSet<Type *, 4> Visited; 2127 Check(Attrs.getPreallocatedType()->isSized(&Visited), 2128 "Attribute 'preallocated' does not support unsized types!", V); 2129 Check( 2130 DL.getTypeAllocSize(Attrs.getPreallocatedType()).getKnownMinValue() < 2131 (1ULL << 32), 2132 "huge 'preallocated' arguments are unsupported", V); 2133 } 2134 } 2135 2136 if (Attrs.hasAttribute(Attribute::Initializes)) { 2137 auto Inits = Attrs.getAttribute(Attribute::Initializes).getInitializes(); 2138 Check(!Inits.empty(), "Attribute 'initializes' does not support empty list", 2139 V); 2140 Check(ConstantRangeList::isOrderedRanges(Inits), 2141 "Attribute 'initializes' does not support unordered ranges", V); 2142 } 2143 2144 if (Attrs.hasAttribute(Attribute::NoFPClass)) { 2145 uint64_t Val = Attrs.getAttribute(Attribute::NoFPClass).getValueAsInt(); 2146 Check(Val != 0, "Attribute 'nofpclass' must have at least one test bit set", 2147 V); 2148 Check((Val & ~static_cast<unsigned>(fcAllFlags)) == 0, 2149 "Invalid value for 'nofpclass' test mask", V); 2150 } 2151 if (Attrs.hasAttribute(Attribute::Range)) { 2152 const ConstantRange &CR = 2153 Attrs.getAttribute(Attribute::Range).getValueAsConstantRange(); 2154 Check(Ty->isIntOrIntVectorTy(CR.getBitWidth()), 2155 "Range bit width must match type bit width!", V); 2156 } 2157 } 2158 2159 void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr, 2160 const Value *V) { 2161 if (Attrs.hasFnAttr(Attr)) { 2162 StringRef S = Attrs.getFnAttr(Attr).getValueAsString(); 2163 unsigned N; 2164 if (S.getAsInteger(10, N)) 2165 CheckFailed("\"" + Attr + "\" takes an unsigned integer: " + S, V); 2166 } 2167 } 2168 2169 // Check parameter attributes against a function type. 2170 // The value V is printed in error messages. 2171 void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs, 2172 const Value *V, bool IsIntrinsic, 2173 bool IsInlineAsm) { 2174 if (Attrs.isEmpty()) 2175 return; 2176 2177 if (AttributeListsVisited.insert(Attrs.getRawPointer()).second) { 2178 Check(Attrs.hasParentContext(Context), 2179 "Attribute list does not match Module context!", &Attrs, V); 2180 for (const auto &AttrSet : Attrs) { 2181 Check(!AttrSet.hasAttributes() || AttrSet.hasParentContext(Context), 2182 "Attribute set does not match Module context!", &AttrSet, V); 2183 for (const auto &A : AttrSet) { 2184 Check(A.hasParentContext(Context), 2185 "Attribute does not match Module context!", &A, V); 2186 } 2187 } 2188 } 2189 2190 bool SawNest = false; 2191 bool SawReturned = false; 2192 bool SawSRet = false; 2193 bool SawSwiftSelf = false; 2194 bool SawSwiftAsync = false; 2195 bool SawSwiftError = false; 2196 2197 // Verify return value attributes. 2198 AttributeSet RetAttrs = Attrs.getRetAttrs(); 2199 for (Attribute RetAttr : RetAttrs) 2200 Check(RetAttr.isStringAttribute() || 2201 Attribute::canUseAsRetAttr(RetAttr.getKindAsEnum()), 2202 "Attribute '" + RetAttr.getAsString() + 2203 "' does not apply to function return values", 2204 V); 2205 2206 unsigned MaxParameterWidth = 0; 2207 auto GetMaxParameterWidth = [&MaxParameterWidth](Type *Ty) { 2208 if (Ty->isVectorTy()) { 2209 if (auto *VT = dyn_cast<FixedVectorType>(Ty)) { 2210 unsigned Size = VT->getPrimitiveSizeInBits().getFixedValue(); 2211 if (Size > MaxParameterWidth) 2212 MaxParameterWidth = Size; 2213 } 2214 } 2215 }; 2216 GetMaxParameterWidth(FT->getReturnType()); 2217 verifyParameterAttrs(RetAttrs, FT->getReturnType(), V); 2218 2219 // Verify parameter attributes. 2220 for (unsigned i = 0, e = FT->getNumParams(); i != e; ++i) { 2221 Type *Ty = FT->getParamType(i); 2222 AttributeSet ArgAttrs = Attrs.getParamAttrs(i); 2223 2224 if (!IsIntrinsic) { 2225 Check(!ArgAttrs.hasAttribute(Attribute::ImmArg), 2226 "immarg attribute only applies to intrinsics", V); 2227 if (!IsInlineAsm) 2228 Check(!ArgAttrs.hasAttribute(Attribute::ElementType), 2229 "Attribute 'elementtype' can only be applied to intrinsics" 2230 " and inline asm.", 2231 V); 2232 } 2233 2234 verifyParameterAttrs(ArgAttrs, Ty, V); 2235 GetMaxParameterWidth(Ty); 2236 2237 if (ArgAttrs.hasAttribute(Attribute::Nest)) { 2238 Check(!SawNest, "More than one parameter has attribute nest!", V); 2239 SawNest = true; 2240 } 2241 2242 if (ArgAttrs.hasAttribute(Attribute::Returned)) { 2243 Check(!SawReturned, "More than one parameter has attribute returned!", V); 2244 Check(Ty->canLosslesslyBitCastTo(FT->getReturnType()), 2245 "Incompatible argument and return types for 'returned' attribute", 2246 V); 2247 SawReturned = true; 2248 } 2249 2250 if (ArgAttrs.hasAttribute(Attribute::StructRet)) { 2251 Check(!SawSRet, "Cannot have multiple 'sret' parameters!", V); 2252 Check(i == 0 || i == 1, 2253 "Attribute 'sret' is not on first or second parameter!", V); 2254 SawSRet = true; 2255 } 2256 2257 if (ArgAttrs.hasAttribute(Attribute::SwiftSelf)) { 2258 Check(!SawSwiftSelf, "Cannot have multiple 'swiftself' parameters!", V); 2259 SawSwiftSelf = true; 2260 } 2261 2262 if (ArgAttrs.hasAttribute(Attribute::SwiftAsync)) { 2263 Check(!SawSwiftAsync, "Cannot have multiple 'swiftasync' parameters!", V); 2264 SawSwiftAsync = true; 2265 } 2266 2267 if (ArgAttrs.hasAttribute(Attribute::SwiftError)) { 2268 Check(!SawSwiftError, "Cannot have multiple 'swifterror' parameters!", V); 2269 SawSwiftError = true; 2270 } 2271 2272 if (ArgAttrs.hasAttribute(Attribute::InAlloca)) { 2273 Check(i == FT->getNumParams() - 1, 2274 "inalloca isn't on the last parameter!", V); 2275 } 2276 } 2277 2278 if (!Attrs.hasFnAttrs()) 2279 return; 2280 2281 verifyAttributeTypes(Attrs.getFnAttrs(), V); 2282 for (Attribute FnAttr : Attrs.getFnAttrs()) 2283 Check(FnAttr.isStringAttribute() || 2284 Attribute::canUseAsFnAttr(FnAttr.getKindAsEnum()), 2285 "Attribute '" + FnAttr.getAsString() + 2286 "' does not apply to functions!", 2287 V); 2288 2289 Check(!(Attrs.hasFnAttr(Attribute::NoInline) && 2290 Attrs.hasFnAttr(Attribute::AlwaysInline)), 2291 "Attributes 'noinline and alwaysinline' are incompatible!", V); 2292 2293 if (Attrs.hasFnAttr(Attribute::OptimizeNone)) { 2294 Check(Attrs.hasFnAttr(Attribute::NoInline), 2295 "Attribute 'optnone' requires 'noinline'!", V); 2296 2297 Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize), 2298 "Attributes 'optsize and optnone' are incompatible!", V); 2299 2300 Check(!Attrs.hasFnAttr(Attribute::MinSize), 2301 "Attributes 'minsize and optnone' are incompatible!", V); 2302 2303 Check(!Attrs.hasFnAttr(Attribute::OptimizeForDebugging), 2304 "Attributes 'optdebug and optnone' are incompatible!", V); 2305 } 2306 2307 Check(!(Attrs.hasFnAttr(Attribute::SanitizeRealtime) && 2308 Attrs.hasFnAttr(Attribute::SanitizeRealtimeBlocking)), 2309 "Attributes " 2310 "'sanitize_realtime and sanitize_realtime_blocking' are incompatible!", 2311 V); 2312 2313 if (Attrs.hasFnAttr(Attribute::OptimizeForDebugging)) { 2314 Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize), 2315 "Attributes 'optsize and optdebug' are incompatible!", V); 2316 2317 Check(!Attrs.hasFnAttr(Attribute::MinSize), 2318 "Attributes 'minsize and optdebug' are incompatible!", V); 2319 } 2320 2321 Check(!Attrs.hasAttrSomewhere(Attribute::Writable) || 2322 isModSet(Attrs.getMemoryEffects().getModRef(IRMemLocation::ArgMem)), 2323 "Attribute writable and memory without argmem: write are incompatible!", 2324 V); 2325 2326 if (Attrs.hasFnAttr("aarch64_pstate_sm_enabled")) { 2327 Check(!Attrs.hasFnAttr("aarch64_pstate_sm_compatible"), 2328 "Attributes 'aarch64_pstate_sm_enabled and " 2329 "aarch64_pstate_sm_compatible' are incompatible!", 2330 V); 2331 } 2332 2333 Check((Attrs.hasFnAttr("aarch64_new_za") + Attrs.hasFnAttr("aarch64_in_za") + 2334 Attrs.hasFnAttr("aarch64_inout_za") + 2335 Attrs.hasFnAttr("aarch64_out_za") + 2336 Attrs.hasFnAttr("aarch64_preserves_za") + 2337 Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1, 2338 "Attributes 'aarch64_new_za', 'aarch64_in_za', 'aarch64_out_za', " 2339 "'aarch64_inout_za', 'aarch64_preserves_za' and " 2340 "'aarch64_za_state_agnostic' are mutually exclusive", 2341 V); 2342 2343 Check((Attrs.hasFnAttr("aarch64_new_zt0") + 2344 Attrs.hasFnAttr("aarch64_in_zt0") + 2345 Attrs.hasFnAttr("aarch64_inout_zt0") + 2346 Attrs.hasFnAttr("aarch64_out_zt0") + 2347 Attrs.hasFnAttr("aarch64_preserves_zt0") + 2348 Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1, 2349 "Attributes 'aarch64_new_zt0', 'aarch64_in_zt0', 'aarch64_out_zt0', " 2350 "'aarch64_inout_zt0', 'aarch64_preserves_zt0' and " 2351 "'aarch64_za_state_agnostic' are mutually exclusive", 2352 V); 2353 2354 if (Attrs.hasFnAttr(Attribute::JumpTable)) { 2355 const GlobalValue *GV = cast<GlobalValue>(V); 2356 Check(GV->hasGlobalUnnamedAddr(), 2357 "Attribute 'jumptable' requires 'unnamed_addr'", V); 2358 } 2359 2360 if (auto Args = Attrs.getFnAttrs().getAllocSizeArgs()) { 2361 auto CheckParam = [&](StringRef Name, unsigned ParamNo) { 2362 if (ParamNo >= FT->getNumParams()) { 2363 CheckFailed("'allocsize' " + Name + " argument is out of bounds", V); 2364 return false; 2365 } 2366 2367 if (!FT->getParamType(ParamNo)->isIntegerTy()) { 2368 CheckFailed("'allocsize' " + Name + 2369 " argument must refer to an integer parameter", 2370 V); 2371 return false; 2372 } 2373 2374 return true; 2375 }; 2376 2377 if (!CheckParam("element size", Args->first)) 2378 return; 2379 2380 if (Args->second && !CheckParam("number of elements", *Args->second)) 2381 return; 2382 } 2383 2384 if (Attrs.hasFnAttr(Attribute::AllocKind)) { 2385 AllocFnKind K = Attrs.getAllocKind(); 2386 AllocFnKind Type = 2387 K & (AllocFnKind::Alloc | AllocFnKind::Realloc | AllocFnKind::Free); 2388 if (!is_contained( 2389 {AllocFnKind::Alloc, AllocFnKind::Realloc, AllocFnKind::Free}, 2390 Type)) 2391 CheckFailed( 2392 "'allockind()' requires exactly one of alloc, realloc, and free"); 2393 if ((Type == AllocFnKind::Free) && 2394 ((K & (AllocFnKind::Uninitialized | AllocFnKind::Zeroed | 2395 AllocFnKind::Aligned)) != AllocFnKind::Unknown)) 2396 CheckFailed("'allockind(\"free\")' doesn't allow uninitialized, zeroed, " 2397 "or aligned modifiers."); 2398 AllocFnKind ZeroedUninit = AllocFnKind::Uninitialized | AllocFnKind::Zeroed; 2399 if ((K & ZeroedUninit) == ZeroedUninit) 2400 CheckFailed("'allockind()' can't be both zeroed and uninitialized"); 2401 } 2402 2403 if (Attribute A = Attrs.getFnAttr("alloc-variant-zeroed"); A.isValid()) { 2404 StringRef S = A.getValueAsString(); 2405 Check(!S.empty(), "'alloc-variant-zeroed' must not be empty"); 2406 Function *Variant = M.getFunction(S); 2407 if (Variant) { 2408 Attribute Family = Attrs.getFnAttr("alloc-family"); 2409 Attribute VariantFamily = Variant->getFnAttribute("alloc-family"); 2410 if (Family.isValid()) 2411 Check(VariantFamily.isValid() && 2412 VariantFamily.getValueAsString() == Family.getValueAsString(), 2413 "'alloc-variant-zeroed' must name a function belonging to the " 2414 "same 'alloc-family'"); 2415 2416 Check(Variant->hasFnAttribute(Attribute::AllocKind) && 2417 (Variant->getFnAttribute(Attribute::AllocKind).getAllocKind() & 2418 AllocFnKind::Zeroed) != AllocFnKind::Unknown, 2419 "'alloc-variant-zeroed' must name a function with " 2420 "'allockind(\"zeroed\")'"); 2421 2422 Check(FT == Variant->getFunctionType(), 2423 "'alloc-variant-zeroed' must name a function with the same " 2424 "signature"); 2425 } 2426 } 2427 2428 if (Attrs.hasFnAttr(Attribute::VScaleRange)) { 2429 unsigned VScaleMin = Attrs.getFnAttrs().getVScaleRangeMin(); 2430 if (VScaleMin == 0) 2431 CheckFailed("'vscale_range' minimum must be greater than 0", V); 2432 else if (!isPowerOf2_32(VScaleMin)) 2433 CheckFailed("'vscale_range' minimum must be power-of-two value", V); 2434 std::optional<unsigned> VScaleMax = Attrs.getFnAttrs().getVScaleRangeMax(); 2435 if (VScaleMax && VScaleMin > VScaleMax) 2436 CheckFailed("'vscale_range' minimum cannot be greater than maximum", V); 2437 else if (VScaleMax && !isPowerOf2_32(*VScaleMax)) 2438 CheckFailed("'vscale_range' maximum must be power-of-two value", V); 2439 } 2440 2441 if (Attribute FPAttr = Attrs.getFnAttr("frame-pointer"); FPAttr.isValid()) { 2442 StringRef FP = FPAttr.getValueAsString(); 2443 if (FP != "all" && FP != "non-leaf" && FP != "none" && FP != "reserved") 2444 CheckFailed("invalid value for 'frame-pointer' attribute: " + FP, V); 2445 } 2446 2447 // Check EVEX512 feature. 2448 if (TT.isX86() && MaxParameterWidth >= 512) { 2449 Attribute TargetFeaturesAttr = Attrs.getFnAttr("target-features"); 2450 if (TargetFeaturesAttr.isValid()) { 2451 StringRef TF = TargetFeaturesAttr.getValueAsString(); 2452 Check(!TF.contains("+avx512f") || !TF.contains("-evex512"), 2453 "512-bit vector arguments require 'evex512' for AVX512", V); 2454 } 2455 } 2456 2457 checkUnsignedBaseTenFuncAttr(Attrs, "patchable-function-prefix", V); 2458 checkUnsignedBaseTenFuncAttr(Attrs, "patchable-function-entry", V); 2459 if (Attrs.hasFnAttr("patchable-function-entry-section")) 2460 Check(!Attrs.getFnAttr("patchable-function-entry-section") 2461 .getValueAsString() 2462 .empty(), 2463 "\"patchable-function-entry-section\" must not be empty"); 2464 checkUnsignedBaseTenFuncAttr(Attrs, "warn-stack-size", V); 2465 2466 if (auto A = Attrs.getFnAttr("sign-return-address"); A.isValid()) { 2467 StringRef S = A.getValueAsString(); 2468 if (S != "none" && S != "all" && S != "non-leaf") 2469 CheckFailed("invalid value for 'sign-return-address' attribute: " + S, V); 2470 } 2471 2472 if (auto A = Attrs.getFnAttr("sign-return-address-key"); A.isValid()) { 2473 StringRef S = A.getValueAsString(); 2474 if (S != "a_key" && S != "b_key") 2475 CheckFailed("invalid value for 'sign-return-address-key' attribute: " + S, 2476 V); 2477 if (auto AA = Attrs.getFnAttr("sign-return-address"); !AA.isValid()) { 2478 CheckFailed( 2479 "'sign-return-address-key' present without `sign-return-address`"); 2480 } 2481 } 2482 2483 if (auto A = Attrs.getFnAttr("branch-target-enforcement"); A.isValid()) { 2484 StringRef S = A.getValueAsString(); 2485 if (S != "" && S != "true" && S != "false") 2486 CheckFailed( 2487 "invalid value for 'branch-target-enforcement' attribute: " + S, V); 2488 } 2489 2490 if (auto A = Attrs.getFnAttr("branch-protection-pauth-lr"); A.isValid()) { 2491 StringRef S = A.getValueAsString(); 2492 if (S != "" && S != "true" && S != "false") 2493 CheckFailed( 2494 "invalid value for 'branch-protection-pauth-lr' attribute: " + S, V); 2495 } 2496 2497 if (auto A = Attrs.getFnAttr("guarded-control-stack"); A.isValid()) { 2498 StringRef S = A.getValueAsString(); 2499 if (S != "" && S != "true" && S != "false") 2500 CheckFailed("invalid value for 'guarded-control-stack' attribute: " + S, 2501 V); 2502 } 2503 2504 if (auto A = Attrs.getFnAttr("vector-function-abi-variant"); A.isValid()) { 2505 StringRef S = A.getValueAsString(); 2506 const std::optional<VFInfo> Info = VFABI::tryDemangleForVFABI(S, FT); 2507 if (!Info) 2508 CheckFailed("invalid name for a VFABI variant: " + S, V); 2509 } 2510 2511 if (auto A = Attrs.getFnAttr("denormal-fp-math"); A.isValid()) { 2512 StringRef S = A.getValueAsString(); 2513 if (!parseDenormalFPAttribute(S).isValid()) 2514 CheckFailed("invalid value for 'denormal-fp-math' attribute: " + S, V); 2515 } 2516 2517 if (auto A = Attrs.getFnAttr("denormal-fp-math-f32"); A.isValid()) { 2518 StringRef S = A.getValueAsString(); 2519 if (!parseDenormalFPAttribute(S).isValid()) 2520 CheckFailed("invalid value for 'denormal-fp-math-f32' attribute: " + S, 2521 V); 2522 } 2523 } 2524 2525 void Verifier::verifyFunctionMetadata( 2526 ArrayRef<std::pair<unsigned, MDNode *>> MDs) { 2527 for (const auto &Pair : MDs) { 2528 if (Pair.first == LLVMContext::MD_prof) { 2529 MDNode *MD = Pair.second; 2530 if (isExplicitlyUnknownBranchWeightsMetadata(*MD)) { 2531 CheckFailed("'unknown' !prof metadata should appear only on " 2532 "instructions supporting the 'branch_weights' metadata", 2533 MD); 2534 continue; 2535 } 2536 Check(MD->getNumOperands() >= 2, 2537 "!prof annotations should have no less than 2 operands", MD); 2538 2539 // Check first operand. 2540 Check(MD->getOperand(0) != nullptr, "first operand should not be null", 2541 MD); 2542 Check(isa<MDString>(MD->getOperand(0)), 2543 "expected string with name of the !prof annotation", MD); 2544 MDString *MDS = cast<MDString>(MD->getOperand(0)); 2545 StringRef ProfName = MDS->getString(); 2546 Check(ProfName == MDProfLabels::FunctionEntryCount || 2547 ProfName == MDProfLabels::SyntheticFunctionEntryCount, 2548 "first operand should be 'function_entry_count'" 2549 " or 'synthetic_function_entry_count'", 2550 MD); 2551 2552 // Check second operand. 2553 Check(MD->getOperand(1) != nullptr, "second operand should not be null", 2554 MD); 2555 Check(isa<ConstantAsMetadata>(MD->getOperand(1)), 2556 "expected integer argument to function_entry_count", MD); 2557 } else if (Pair.first == LLVMContext::MD_kcfi_type) { 2558 MDNode *MD = Pair.second; 2559 Check(MD->getNumOperands() == 1, 2560 "!kcfi_type must have exactly one operand", MD); 2561 Check(MD->getOperand(0) != nullptr, "!kcfi_type operand must not be null", 2562 MD); 2563 Check(isa<ConstantAsMetadata>(MD->getOperand(0)), 2564 "expected a constant operand for !kcfi_type", MD); 2565 Constant *C = cast<ConstantAsMetadata>(MD->getOperand(0))->getValue(); 2566 Check(isa<ConstantInt>(C) && isa<IntegerType>(C->getType()), 2567 "expected a constant integer operand for !kcfi_type", MD); 2568 Check(cast<ConstantInt>(C)->getBitWidth() == 32, 2569 "expected a 32-bit integer constant operand for !kcfi_type", MD); 2570 } 2571 } 2572 } 2573 2574 void Verifier::visitConstantExprsRecursively(const Constant *EntryC) { 2575 if (!ConstantExprVisited.insert(EntryC).second) 2576 return; 2577 2578 SmallVector<const Constant *, 16> Stack; 2579 Stack.push_back(EntryC); 2580 2581 while (!Stack.empty()) { 2582 const Constant *C = Stack.pop_back_val(); 2583 2584 // Check this constant expression. 2585 if (const auto *CE = dyn_cast<ConstantExpr>(C)) 2586 visitConstantExpr(CE); 2587 2588 if (const auto *CPA = dyn_cast<ConstantPtrAuth>(C)) 2589 visitConstantPtrAuth(CPA); 2590 2591 if (const auto *GV = dyn_cast<GlobalValue>(C)) { 2592 // Global Values get visited separately, but we do need to make sure 2593 // that the global value is in the correct module 2594 Check(GV->getParent() == &M, "Referencing global in another module!", 2595 EntryC, &M, GV, GV->getParent()); 2596 continue; 2597 } 2598 2599 // Visit all sub-expressions. 2600 for (const Use &U : C->operands()) { 2601 const auto *OpC = dyn_cast<Constant>(U); 2602 if (!OpC) 2603 continue; 2604 if (!ConstantExprVisited.insert(OpC).second) 2605 continue; 2606 Stack.push_back(OpC); 2607 } 2608 } 2609 } 2610 2611 void Verifier::visitConstantExpr(const ConstantExpr *CE) { 2612 if (CE->getOpcode() == Instruction::BitCast) 2613 Check(CastInst::castIsValid(Instruction::BitCast, CE->getOperand(0), 2614 CE->getType()), 2615 "Invalid bitcast", CE); 2616 } 2617 2618 void Verifier::visitConstantPtrAuth(const ConstantPtrAuth *CPA) { 2619 Check(CPA->getPointer()->getType()->isPointerTy(), 2620 "signed ptrauth constant base pointer must have pointer type"); 2621 2622 Check(CPA->getType() == CPA->getPointer()->getType(), 2623 "signed ptrauth constant must have same type as its base pointer"); 2624 2625 Check(CPA->getKey()->getBitWidth() == 32, 2626 "signed ptrauth constant key must be i32 constant integer"); 2627 2628 Check(CPA->getAddrDiscriminator()->getType()->isPointerTy(), 2629 "signed ptrauth constant address discriminator must be a pointer"); 2630 2631 Check(CPA->getDiscriminator()->getBitWidth() == 64, 2632 "signed ptrauth constant discriminator must be i64 constant integer"); 2633 } 2634 2635 bool Verifier::verifyAttributeCount(AttributeList Attrs, unsigned Params) { 2636 // There shouldn't be more attribute sets than there are parameters plus the 2637 // function and return value. 2638 return Attrs.getNumAttrSets() <= Params + 2; 2639 } 2640 2641 void Verifier::verifyInlineAsmCall(const CallBase &Call) { 2642 const InlineAsm *IA = cast<InlineAsm>(Call.getCalledOperand()); 2643 unsigned ArgNo = 0; 2644 unsigned LabelNo = 0; 2645 for (const InlineAsm::ConstraintInfo &CI : IA->ParseConstraints()) { 2646 if (CI.Type == InlineAsm::isLabel) { 2647 ++LabelNo; 2648 continue; 2649 } 2650 2651 // Only deal with constraints that correspond to call arguments. 2652 if (!CI.hasArg()) 2653 continue; 2654 2655 if (CI.isIndirect) { 2656 const Value *Arg = Call.getArgOperand(ArgNo); 2657 Check(Arg->getType()->isPointerTy(), 2658 "Operand for indirect constraint must have pointer type", &Call); 2659 2660 Check(Call.getParamElementType(ArgNo), 2661 "Operand for indirect constraint must have elementtype attribute", 2662 &Call); 2663 } else { 2664 Check(!Call.paramHasAttr(ArgNo, Attribute::ElementType), 2665 "Elementtype attribute can only be applied for indirect " 2666 "constraints", 2667 &Call); 2668 } 2669 2670 ArgNo++; 2671 } 2672 2673 if (auto *CallBr = dyn_cast<CallBrInst>(&Call)) { 2674 Check(LabelNo == CallBr->getNumIndirectDests(), 2675 "Number of label constraints does not match number of callbr dests", 2676 &Call); 2677 } else { 2678 Check(LabelNo == 0, "Label constraints can only be used with callbr", 2679 &Call); 2680 } 2681 } 2682 2683 /// Verify that statepoint intrinsic is well formed. 2684 void Verifier::verifyStatepoint(const CallBase &Call) { 2685 assert(Call.getIntrinsicID() == Intrinsic::experimental_gc_statepoint); 2686 2687 Check(!Call.doesNotAccessMemory() && !Call.onlyReadsMemory() && 2688 !Call.onlyAccessesArgMemory(), 2689 "gc.statepoint must read and write all memory to preserve " 2690 "reordering restrictions required by safepoint semantics", 2691 Call); 2692 2693 const int64_t NumPatchBytes = 2694 cast<ConstantInt>(Call.getArgOperand(1))->getSExtValue(); 2695 assert(isInt<32>(NumPatchBytes) && "NumPatchBytesV is an i32!"); 2696 Check(NumPatchBytes >= 0, 2697 "gc.statepoint number of patchable bytes must be " 2698 "positive", 2699 Call); 2700 2701 Type *TargetElemType = Call.getParamElementType(2); 2702 Check(TargetElemType, 2703 "gc.statepoint callee argument must have elementtype attribute", Call); 2704 FunctionType *TargetFuncType = dyn_cast<FunctionType>(TargetElemType); 2705 Check(TargetFuncType, 2706 "gc.statepoint callee elementtype must be function type", Call); 2707 2708 const int NumCallArgs = cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue(); 2709 Check(NumCallArgs >= 0, 2710 "gc.statepoint number of arguments to underlying call " 2711 "must be positive", 2712 Call); 2713 const int NumParams = (int)TargetFuncType->getNumParams(); 2714 if (TargetFuncType->isVarArg()) { 2715 Check(NumCallArgs >= NumParams, 2716 "gc.statepoint mismatch in number of vararg call args", Call); 2717 2718 // TODO: Remove this limitation 2719 Check(TargetFuncType->getReturnType()->isVoidTy(), 2720 "gc.statepoint doesn't support wrapping non-void " 2721 "vararg functions yet", 2722 Call); 2723 } else 2724 Check(NumCallArgs == NumParams, 2725 "gc.statepoint mismatch in number of call args", Call); 2726 2727 const uint64_t Flags 2728 = cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue(); 2729 Check((Flags & ~(uint64_t)StatepointFlags::MaskAll) == 0, 2730 "unknown flag used in gc.statepoint flags argument", Call); 2731 2732 // Verify that the types of the call parameter arguments match 2733 // the type of the wrapped callee. 2734 AttributeList Attrs = Call.getAttributes(); 2735 for (int i = 0; i < NumParams; i++) { 2736 Type *ParamType = TargetFuncType->getParamType(i); 2737 Type *ArgType = Call.getArgOperand(5 + i)->getType(); 2738 Check(ArgType == ParamType, 2739 "gc.statepoint call argument does not match wrapped " 2740 "function type", 2741 Call); 2742 2743 if (TargetFuncType->isVarArg()) { 2744 AttributeSet ArgAttrs = Attrs.getParamAttrs(5 + i); 2745 Check(!ArgAttrs.hasAttribute(Attribute::StructRet), 2746 "Attribute 'sret' cannot be used for vararg call arguments!", Call); 2747 } 2748 } 2749 2750 const int EndCallArgsInx = 4 + NumCallArgs; 2751 2752 const Value *NumTransitionArgsV = Call.getArgOperand(EndCallArgsInx + 1); 2753 Check(isa<ConstantInt>(NumTransitionArgsV), 2754 "gc.statepoint number of transition arguments " 2755 "must be constant integer", 2756 Call); 2757 const int NumTransitionArgs = 2758 cast<ConstantInt>(NumTransitionArgsV)->getZExtValue(); 2759 Check(NumTransitionArgs == 0, 2760 "gc.statepoint w/inline transition bundle is deprecated", Call); 2761 const int EndTransitionArgsInx = EndCallArgsInx + 1 + NumTransitionArgs; 2762 2763 const Value *NumDeoptArgsV = Call.getArgOperand(EndTransitionArgsInx + 1); 2764 Check(isa<ConstantInt>(NumDeoptArgsV), 2765 "gc.statepoint number of deoptimization arguments " 2766 "must be constant integer", 2767 Call); 2768 const int NumDeoptArgs = cast<ConstantInt>(NumDeoptArgsV)->getZExtValue(); 2769 Check(NumDeoptArgs == 0, 2770 "gc.statepoint w/inline deopt operands is deprecated", Call); 2771 2772 const int ExpectedNumArgs = 7 + NumCallArgs; 2773 Check(ExpectedNumArgs == (int)Call.arg_size(), 2774 "gc.statepoint too many arguments", Call); 2775 2776 // Check that the only uses of this gc.statepoint are gc.result or 2777 // gc.relocate calls which are tied to this statepoint and thus part 2778 // of the same statepoint sequence 2779 for (const User *U : Call.users()) { 2780 const CallInst *UserCall = dyn_cast<const CallInst>(U); 2781 Check(UserCall, "illegal use of statepoint token", Call, U); 2782 if (!UserCall) 2783 continue; 2784 Check(isa<GCRelocateInst>(UserCall) || isa<GCResultInst>(UserCall), 2785 "gc.result or gc.relocate are the only value uses " 2786 "of a gc.statepoint", 2787 Call, U); 2788 if (isa<GCResultInst>(UserCall)) { 2789 Check(UserCall->getArgOperand(0) == &Call, 2790 "gc.result connected to wrong gc.statepoint", Call, UserCall); 2791 } else if (isa<GCRelocateInst>(Call)) { 2792 Check(UserCall->getArgOperand(0) == &Call, 2793 "gc.relocate connected to wrong gc.statepoint", Call, UserCall); 2794 } 2795 } 2796 2797 // Note: It is legal for a single derived pointer to be listed multiple 2798 // times. It's non-optimal, but it is legal. It can also happen after 2799 // insertion if we strip a bitcast away. 2800 // Note: It is really tempting to check that each base is relocated and 2801 // that a derived pointer is never reused as a base pointer. This turns 2802 // out to be problematic since optimizations run after safepoint insertion 2803 // can recognize equality properties that the insertion logic doesn't know 2804 // about. See example statepoint.ll in the verifier subdirectory 2805 } 2806 2807 void Verifier::verifyFrameRecoverIndices() { 2808 for (auto &Counts : FrameEscapeInfo) { 2809 Function *F = Counts.first; 2810 unsigned EscapedObjectCount = Counts.second.first; 2811 unsigned MaxRecoveredIndex = Counts.second.second; 2812 Check(MaxRecoveredIndex <= EscapedObjectCount, 2813 "all indices passed to llvm.localrecover must be less than the " 2814 "number of arguments passed to llvm.localescape in the parent " 2815 "function", 2816 F); 2817 } 2818 } 2819 2820 static Instruction *getSuccPad(Instruction *Terminator) { 2821 BasicBlock *UnwindDest; 2822 if (auto *II = dyn_cast<InvokeInst>(Terminator)) 2823 UnwindDest = II->getUnwindDest(); 2824 else if (auto *CSI = dyn_cast<CatchSwitchInst>(Terminator)) 2825 UnwindDest = CSI->getUnwindDest(); 2826 else 2827 UnwindDest = cast<CleanupReturnInst>(Terminator)->getUnwindDest(); 2828 return &*UnwindDest->getFirstNonPHIIt(); 2829 } 2830 2831 void Verifier::verifySiblingFuncletUnwinds() { 2832 SmallPtrSet<Instruction *, 8> Visited; 2833 SmallPtrSet<Instruction *, 8> Active; 2834 for (const auto &Pair : SiblingFuncletInfo) { 2835 Instruction *PredPad = Pair.first; 2836 if (Visited.count(PredPad)) 2837 continue; 2838 Active.insert(PredPad); 2839 Instruction *Terminator = Pair.second; 2840 do { 2841 Instruction *SuccPad = getSuccPad(Terminator); 2842 if (Active.count(SuccPad)) { 2843 // Found a cycle; report error 2844 Instruction *CyclePad = SuccPad; 2845 SmallVector<Instruction *, 8> CycleNodes; 2846 do { 2847 CycleNodes.push_back(CyclePad); 2848 Instruction *CycleTerminator = SiblingFuncletInfo[CyclePad]; 2849 if (CycleTerminator != CyclePad) 2850 CycleNodes.push_back(CycleTerminator); 2851 CyclePad = getSuccPad(CycleTerminator); 2852 } while (CyclePad != SuccPad); 2853 Check(false, "EH pads can't handle each other's exceptions", 2854 ArrayRef<Instruction *>(CycleNodes)); 2855 } 2856 // Don't re-walk a node we've already checked 2857 if (!Visited.insert(SuccPad).second) 2858 break; 2859 // Walk to this successor if it has a map entry. 2860 PredPad = SuccPad; 2861 auto TermI = SiblingFuncletInfo.find(PredPad); 2862 if (TermI == SiblingFuncletInfo.end()) 2863 break; 2864 Terminator = TermI->second; 2865 Active.insert(PredPad); 2866 } while (true); 2867 // Each node only has one successor, so we've walked all the active 2868 // nodes' successors. 2869 Active.clear(); 2870 } 2871 } 2872 2873 // visitFunction - Verify that a function is ok. 2874 // 2875 void Verifier::visitFunction(const Function &F) { 2876 visitGlobalValue(F); 2877 2878 // Check function arguments. 2879 FunctionType *FT = F.getFunctionType(); 2880 unsigned NumArgs = F.arg_size(); 2881 2882 Check(&Context == &F.getContext(), 2883 "Function context does not match Module context!", &F); 2884 2885 Check(!F.hasCommonLinkage(), "Functions may not have common linkage", &F); 2886 Check(FT->getNumParams() == NumArgs, 2887 "# formal arguments must match # of arguments for function type!", &F, 2888 FT); 2889 Check(F.getReturnType()->isFirstClassType() || 2890 F.getReturnType()->isVoidTy() || F.getReturnType()->isStructTy(), 2891 "Functions cannot return aggregate values!", &F); 2892 2893 Check(!F.hasStructRetAttr() || F.getReturnType()->isVoidTy(), 2894 "Invalid struct return type!", &F); 2895 2896 if (MaybeAlign A = F.getAlign()) { 2897 Check(A->value() <= Value::MaximumAlignment, 2898 "huge alignment values are unsupported", &F); 2899 } 2900 2901 AttributeList Attrs = F.getAttributes(); 2902 2903 Check(verifyAttributeCount(Attrs, FT->getNumParams()), 2904 "Attribute after last parameter!", &F); 2905 2906 bool IsIntrinsic = F.isIntrinsic(); 2907 2908 // Check function attributes. 2909 verifyFunctionAttrs(FT, Attrs, &F, IsIntrinsic, /* IsInlineAsm */ false); 2910 2911 // On function declarations/definitions, we do not support the builtin 2912 // attribute. We do not check this in VerifyFunctionAttrs since that is 2913 // checking for Attributes that can/can not ever be on functions. 2914 Check(!Attrs.hasFnAttr(Attribute::Builtin), 2915 "Attribute 'builtin' can only be applied to a callsite.", &F); 2916 2917 Check(!Attrs.hasAttrSomewhere(Attribute::ElementType), 2918 "Attribute 'elementtype' can only be applied to a callsite.", &F); 2919 2920 Check(!Attrs.hasFnAttr("aarch64_zt0_undef"), 2921 "Attribute 'aarch64_zt0_undef' can only be applied to a callsite."); 2922 2923 if (Attrs.hasFnAttr(Attribute::Naked)) 2924 for (const Argument &Arg : F.args()) 2925 Check(Arg.use_empty(), "cannot use argument of naked function", &Arg); 2926 2927 // Check that this function meets the restrictions on this calling convention. 2928 // Sometimes varargs is used for perfectly forwarding thunks, so some of these 2929 // restrictions can be lifted. 2930 switch (F.getCallingConv()) { 2931 default: 2932 case CallingConv::C: 2933 break; 2934 case CallingConv::X86_INTR: { 2935 Check(F.arg_empty() || Attrs.hasParamAttr(0, Attribute::ByVal), 2936 "Calling convention parameter requires byval", &F); 2937 break; 2938 } 2939 case CallingConv::AMDGPU_KERNEL: 2940 case CallingConv::SPIR_KERNEL: 2941 case CallingConv::AMDGPU_CS_Chain: 2942 case CallingConv::AMDGPU_CS_ChainPreserve: 2943 Check(F.getReturnType()->isVoidTy(), 2944 "Calling convention requires void return type", &F); 2945 [[fallthrough]]; 2946 case CallingConv::AMDGPU_VS: 2947 case CallingConv::AMDGPU_HS: 2948 case CallingConv::AMDGPU_GS: 2949 case CallingConv::AMDGPU_PS: 2950 case CallingConv::AMDGPU_CS: 2951 Check(!F.hasStructRetAttr(), "Calling convention does not allow sret", &F); 2952 if (F.getCallingConv() != CallingConv::SPIR_KERNEL) { 2953 const unsigned StackAS = DL.getAllocaAddrSpace(); 2954 unsigned i = 0; 2955 for (const Argument &Arg : F.args()) { 2956 Check(!Attrs.hasParamAttr(i, Attribute::ByVal), 2957 "Calling convention disallows byval", &F); 2958 Check(!Attrs.hasParamAttr(i, Attribute::Preallocated), 2959 "Calling convention disallows preallocated", &F); 2960 Check(!Attrs.hasParamAttr(i, Attribute::InAlloca), 2961 "Calling convention disallows inalloca", &F); 2962 2963 if (Attrs.hasParamAttr(i, Attribute::ByRef)) { 2964 // FIXME: Should also disallow LDS and GDS, but we don't have the enum 2965 // value here. 2966 Check(Arg.getType()->getPointerAddressSpace() != StackAS, 2967 "Calling convention disallows stack byref", &F); 2968 } 2969 2970 ++i; 2971 } 2972 } 2973 2974 [[fallthrough]]; 2975 case CallingConv::Fast: 2976 case CallingConv::Cold: 2977 case CallingConv::Intel_OCL_BI: 2978 case CallingConv::PTX_Kernel: 2979 case CallingConv::PTX_Device: 2980 Check(!F.isVarArg(), 2981 "Calling convention does not support varargs or " 2982 "perfect forwarding!", 2983 &F); 2984 break; 2985 } 2986 2987 // Check that the argument values match the function type for this function... 2988 unsigned i = 0; 2989 for (const Argument &Arg : F.args()) { 2990 Check(Arg.getType() == FT->getParamType(i), 2991 "Argument value does not match function argument type!", &Arg, 2992 FT->getParamType(i)); 2993 Check(Arg.getType()->isFirstClassType(), 2994 "Function arguments must have first-class types!", &Arg); 2995 if (!IsIntrinsic) { 2996 Check(!Arg.getType()->isMetadataTy(), 2997 "Function takes metadata but isn't an intrinsic", &Arg, &F); 2998 Check(!Arg.getType()->isTokenTy(), 2999 "Function takes token but isn't an intrinsic", &Arg, &F); 3000 Check(!Arg.getType()->isX86_AMXTy(), 3001 "Function takes x86_amx but isn't an intrinsic", &Arg, &F); 3002 } 3003 3004 // Check that swifterror argument is only used by loads and stores. 3005 if (Attrs.hasParamAttr(i, Attribute::SwiftError)) { 3006 verifySwiftErrorValue(&Arg); 3007 } 3008 ++i; 3009 } 3010 3011 if (!IsIntrinsic) { 3012 Check(!F.getReturnType()->isTokenTy(), 3013 "Function returns a token but isn't an intrinsic", &F); 3014 Check(!F.getReturnType()->isX86_AMXTy(), 3015 "Function returns a x86_amx but isn't an intrinsic", &F); 3016 } 3017 3018 // Get the function metadata attachments. 3019 SmallVector<std::pair<unsigned, MDNode *>, 4> MDs; 3020 F.getAllMetadata(MDs); 3021 assert(F.hasMetadata() != MDs.empty() && "Bit out-of-sync"); 3022 verifyFunctionMetadata(MDs); 3023 3024 // Check validity of the personality function 3025 if (F.hasPersonalityFn()) { 3026 auto *Per = dyn_cast<Function>(F.getPersonalityFn()->stripPointerCasts()); 3027 if (Per) 3028 Check(Per->getParent() == F.getParent(), 3029 "Referencing personality function in another module!", &F, 3030 F.getParent(), Per, Per->getParent()); 3031 } 3032 3033 // EH funclet coloring can be expensive, recompute on-demand 3034 BlockEHFuncletColors.clear(); 3035 3036 if (F.isMaterializable()) { 3037 // Function has a body somewhere we can't see. 3038 Check(MDs.empty(), "unmaterialized function cannot have metadata", &F, 3039 MDs.empty() ? nullptr : MDs.front().second); 3040 } else if (F.isDeclaration()) { 3041 for (const auto &I : MDs) { 3042 // This is used for call site debug information. 3043 CheckDI(I.first != LLVMContext::MD_dbg || 3044 !cast<DISubprogram>(I.second)->isDistinct(), 3045 "function declaration may only have a unique !dbg attachment", 3046 &F); 3047 Check(I.first != LLVMContext::MD_prof, 3048 "function declaration may not have a !prof attachment", &F); 3049 3050 // Verify the metadata itself. 3051 visitMDNode(*I.second, AreDebugLocsAllowed::Yes); 3052 } 3053 Check(!F.hasPersonalityFn(), 3054 "Function declaration shouldn't have a personality routine", &F); 3055 } else { 3056 // Verify that this function (which has a body) is not named "llvm.*". It 3057 // is not legal to define intrinsics. 3058 Check(!IsIntrinsic, "llvm intrinsics cannot be defined!", &F); 3059 3060 // Check the entry node 3061 const BasicBlock *Entry = &F.getEntryBlock(); 3062 Check(pred_empty(Entry), 3063 "Entry block to function must not have predecessors!", Entry); 3064 3065 // The address of the entry block cannot be taken, unless it is dead. 3066 if (Entry->hasAddressTaken()) { 3067 Check(!BlockAddress::lookup(Entry)->isConstantUsed(), 3068 "blockaddress may not be used with the entry block!", Entry); 3069 } 3070 3071 unsigned NumDebugAttachments = 0, NumProfAttachments = 0, 3072 NumKCFIAttachments = 0; 3073 // Visit metadata attachments. 3074 for (const auto &I : MDs) { 3075 // Verify that the attachment is legal. 3076 auto AllowLocs = AreDebugLocsAllowed::No; 3077 switch (I.first) { 3078 default: 3079 break; 3080 case LLVMContext::MD_dbg: { 3081 ++NumDebugAttachments; 3082 CheckDI(NumDebugAttachments == 1, 3083 "function must have a single !dbg attachment", &F, I.second); 3084 CheckDI(isa<DISubprogram>(I.second), 3085 "function !dbg attachment must be a subprogram", &F, I.second); 3086 CheckDI(cast<DISubprogram>(I.second)->isDistinct(), 3087 "function definition may only have a distinct !dbg attachment", 3088 &F); 3089 3090 auto *SP = cast<DISubprogram>(I.second); 3091 const Function *&AttachedTo = DISubprogramAttachments[SP]; 3092 CheckDI(!AttachedTo || AttachedTo == &F, 3093 "DISubprogram attached to more than one function", SP, &F); 3094 AttachedTo = &F; 3095 AllowLocs = AreDebugLocsAllowed::Yes; 3096 break; 3097 } 3098 case LLVMContext::MD_prof: 3099 ++NumProfAttachments; 3100 Check(NumProfAttachments == 1, 3101 "function must have a single !prof attachment", &F, I.second); 3102 break; 3103 case LLVMContext::MD_kcfi_type: 3104 ++NumKCFIAttachments; 3105 Check(NumKCFIAttachments == 1, 3106 "function must have a single !kcfi_type attachment", &F, 3107 I.second); 3108 break; 3109 } 3110 3111 // Verify the metadata itself. 3112 visitMDNode(*I.second, AllowLocs); 3113 } 3114 } 3115 3116 // If this function is actually an intrinsic, verify that it is only used in 3117 // direct call/invokes, never having its "address taken". 3118 // Only do this if the module is materialized, otherwise we don't have all the 3119 // uses. 3120 if (F.isIntrinsic() && F.getParent()->isMaterialized()) { 3121 const User *U; 3122 if (F.hasAddressTaken(&U, false, true, false, 3123 /*IgnoreARCAttachedCall=*/true)) 3124 Check(false, "Invalid user of intrinsic instruction!", U); 3125 } 3126 3127 // Check intrinsics' signatures. 3128 switch (F.getIntrinsicID()) { 3129 case Intrinsic::experimental_gc_get_pointer_base: { 3130 FunctionType *FT = F.getFunctionType(); 3131 Check(FT->getNumParams() == 1, "wrong number of parameters", F); 3132 Check(isa<PointerType>(F.getReturnType()), 3133 "gc.get.pointer.base must return a pointer", F); 3134 Check(FT->getParamType(0) == F.getReturnType(), 3135 "gc.get.pointer.base operand and result must be of the same type", F); 3136 break; 3137 } 3138 case Intrinsic::experimental_gc_get_pointer_offset: { 3139 FunctionType *FT = F.getFunctionType(); 3140 Check(FT->getNumParams() == 1, "wrong number of parameters", F); 3141 Check(isa<PointerType>(FT->getParamType(0)), 3142 "gc.get.pointer.offset operand must be a pointer", F); 3143 Check(F.getReturnType()->isIntegerTy(), 3144 "gc.get.pointer.offset must return integer", F); 3145 break; 3146 } 3147 } 3148 3149 auto *N = F.getSubprogram(); 3150 HasDebugInfo = (N != nullptr); 3151 if (!HasDebugInfo) 3152 return; 3153 3154 // Check that all !dbg attachments lead to back to N. 3155 // 3156 // FIXME: Check this incrementally while visiting !dbg attachments. 3157 // FIXME: Only check when N is the canonical subprogram for F. 3158 SmallPtrSet<const MDNode *, 32> Seen; 3159 auto VisitDebugLoc = [&](const Instruction &I, const MDNode *Node) { 3160 // Be careful about using DILocation here since we might be dealing with 3161 // broken code (this is the Verifier after all). 3162 const DILocation *DL = dyn_cast_or_null<DILocation>(Node); 3163 if (!DL) 3164 return; 3165 if (!Seen.insert(DL).second) 3166 return; 3167 3168 Metadata *Parent = DL->getRawScope(); 3169 CheckDI(Parent && isa<DILocalScope>(Parent), 3170 "DILocation's scope must be a DILocalScope", N, &F, &I, DL, Parent); 3171 3172 DILocalScope *Scope = DL->getInlinedAtScope(); 3173 Check(Scope, "Failed to find DILocalScope", DL); 3174 3175 if (!Seen.insert(Scope).second) 3176 return; 3177 3178 DISubprogram *SP = Scope->getSubprogram(); 3179 3180 // Scope and SP could be the same MDNode and we don't want to skip 3181 // validation in that case 3182 if (SP && ((Scope != SP) && !Seen.insert(SP).second)) 3183 return; 3184 3185 CheckDI(SP->describes(&F), 3186 "!dbg attachment points at wrong subprogram for function", N, &F, 3187 &I, DL, Scope, SP); 3188 }; 3189 for (auto &BB : F) 3190 for (auto &I : BB) { 3191 VisitDebugLoc(I, I.getDebugLoc().getAsMDNode()); 3192 // The llvm.loop annotations also contain two DILocations. 3193 if (auto MD = I.getMetadata(LLVMContext::MD_loop)) 3194 for (unsigned i = 1; i < MD->getNumOperands(); ++i) 3195 VisitDebugLoc(I, dyn_cast_or_null<MDNode>(MD->getOperand(i))); 3196 if (BrokenDebugInfo) 3197 return; 3198 } 3199 } 3200 3201 // verifyBasicBlock - Verify that a basic block is well formed... 3202 // 3203 void Verifier::visitBasicBlock(BasicBlock &BB) { 3204 InstsInThisBlock.clear(); 3205 ConvergenceVerifyHelper.visit(BB); 3206 3207 // Ensure that basic blocks have terminators! 3208 Check(BB.getTerminator(), "Basic Block does not have terminator!", &BB); 3209 3210 // Check constraints that this basic block imposes on all of the PHI nodes in 3211 // it. 3212 if (isa<PHINode>(BB.front())) { 3213 SmallVector<BasicBlock *, 8> Preds(predecessors(&BB)); 3214 SmallVector<std::pair<BasicBlock*, Value*>, 8> Values; 3215 llvm::sort(Preds); 3216 for (const PHINode &PN : BB.phis()) { 3217 Check(PN.getNumIncomingValues() == Preds.size(), 3218 "PHINode should have one entry for each predecessor of its " 3219 "parent basic block!", 3220 &PN); 3221 3222 // Get and sort all incoming values in the PHI node... 3223 Values.clear(); 3224 Values.reserve(PN.getNumIncomingValues()); 3225 for (unsigned i = 0, e = PN.getNumIncomingValues(); i != e; ++i) 3226 Values.push_back( 3227 std::make_pair(PN.getIncomingBlock(i), PN.getIncomingValue(i))); 3228 llvm::sort(Values); 3229 3230 for (unsigned i = 0, e = Values.size(); i != e; ++i) { 3231 // Check to make sure that if there is more than one entry for a 3232 // particular basic block in this PHI node, that the incoming values are 3233 // all identical. 3234 // 3235 Check(i == 0 || Values[i].first != Values[i - 1].first || 3236 Values[i].second == Values[i - 1].second, 3237 "PHI node has multiple entries for the same basic block with " 3238 "different incoming values!", 3239 &PN, Values[i].first, Values[i].second, Values[i - 1].second); 3240 3241 // Check to make sure that the predecessors and PHI node entries are 3242 // matched up. 3243 Check(Values[i].first == Preds[i], 3244 "PHI node entries do not match predecessors!", &PN, 3245 Values[i].first, Preds[i]); 3246 } 3247 } 3248 } 3249 3250 // Check that all instructions have their parent pointers set up correctly. 3251 for (auto &I : BB) 3252 { 3253 Check(I.getParent() == &BB, "Instruction has bogus parent pointer!"); 3254 } 3255 3256 // Confirm that no issues arise from the debug program. 3257 CheckDI(!BB.getTrailingDbgRecords(), "Basic Block has trailing DbgRecords!", 3258 &BB); 3259 } 3260 3261 void Verifier::visitTerminator(Instruction &I) { 3262 // Ensure that terminators only exist at the end of the basic block. 3263 Check(&I == I.getParent()->getTerminator(), 3264 "Terminator found in the middle of a basic block!", I.getParent()); 3265 visitInstruction(I); 3266 } 3267 3268 void Verifier::visitBranchInst(BranchInst &BI) { 3269 if (BI.isConditional()) { 3270 Check(BI.getCondition()->getType()->isIntegerTy(1), 3271 "Branch condition is not 'i1' type!", &BI, BI.getCondition()); 3272 } 3273 visitTerminator(BI); 3274 } 3275 3276 void Verifier::visitReturnInst(ReturnInst &RI) { 3277 Function *F = RI.getParent()->getParent(); 3278 unsigned N = RI.getNumOperands(); 3279 if (F->getReturnType()->isVoidTy()) 3280 Check(N == 0, 3281 "Found return instr that returns non-void in Function of void " 3282 "return type!", 3283 &RI, F->getReturnType()); 3284 else 3285 Check(N == 1 && F->getReturnType() == RI.getOperand(0)->getType(), 3286 "Function return type does not match operand " 3287 "type of return inst!", 3288 &RI, F->getReturnType()); 3289 3290 // Check to make sure that the return value has necessary properties for 3291 // terminators... 3292 visitTerminator(RI); 3293 } 3294 3295 void Verifier::visitSwitchInst(SwitchInst &SI) { 3296 Check(SI.getType()->isVoidTy(), "Switch must have void result type!", &SI); 3297 // Check to make sure that all of the constants in the switch instruction 3298 // have the same type as the switched-on value. 3299 Type *SwitchTy = SI.getCondition()->getType(); 3300 SmallPtrSet<ConstantInt*, 32> Constants; 3301 for (auto &Case : SI.cases()) { 3302 Check(isa<ConstantInt>(SI.getOperand(Case.getCaseIndex() * 2 + 2)), 3303 "Case value is not a constant integer.", &SI); 3304 Check(Case.getCaseValue()->getType() == SwitchTy, 3305 "Switch constants must all be same type as switch value!", &SI); 3306 Check(Constants.insert(Case.getCaseValue()).second, 3307 "Duplicate integer as switch case", &SI, Case.getCaseValue()); 3308 } 3309 3310 visitTerminator(SI); 3311 } 3312 3313 void Verifier::visitIndirectBrInst(IndirectBrInst &BI) { 3314 Check(BI.getAddress()->getType()->isPointerTy(), 3315 "Indirectbr operand must have pointer type!", &BI); 3316 for (unsigned i = 0, e = BI.getNumDestinations(); i != e; ++i) 3317 Check(BI.getDestination(i)->getType()->isLabelTy(), 3318 "Indirectbr destinations must all have pointer type!", &BI); 3319 3320 visitTerminator(BI); 3321 } 3322 3323 void Verifier::visitCallBrInst(CallBrInst &CBI) { 3324 Check(CBI.isInlineAsm(), "Callbr is currently only used for asm-goto!", &CBI); 3325 const InlineAsm *IA = cast<InlineAsm>(CBI.getCalledOperand()); 3326 Check(!IA->canThrow(), "Unwinding from Callbr is not allowed"); 3327 3328 verifyInlineAsmCall(CBI); 3329 visitTerminator(CBI); 3330 } 3331 3332 void Verifier::visitSelectInst(SelectInst &SI) { 3333 Check(!SelectInst::areInvalidOperands(SI.getOperand(0), SI.getOperand(1), 3334 SI.getOperand(2)), 3335 "Invalid operands for select instruction!", &SI); 3336 3337 Check(SI.getTrueValue()->getType() == SI.getType(), 3338 "Select values must have same type as select instruction!", &SI); 3339 visitInstruction(SI); 3340 } 3341 3342 /// visitUserOp1 - User defined operators shouldn't live beyond the lifetime of 3343 /// a pass, if any exist, it's an error. 3344 /// 3345 void Verifier::visitUserOp1(Instruction &I) { 3346 Check(false, "User-defined operators should not live outside of a pass!", &I); 3347 } 3348 3349 void Verifier::visitTruncInst(TruncInst &I) { 3350 // Get the source and destination types 3351 Type *SrcTy = I.getOperand(0)->getType(); 3352 Type *DestTy = I.getType(); 3353 3354 // Get the size of the types in bits, we'll need this later 3355 unsigned SrcBitSize = SrcTy->getScalarSizeInBits(); 3356 unsigned DestBitSize = DestTy->getScalarSizeInBits(); 3357 3358 Check(SrcTy->isIntOrIntVectorTy(), "Trunc only operates on integer", &I); 3359 Check(DestTy->isIntOrIntVectorTy(), "Trunc only produces integer", &I); 3360 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), 3361 "trunc source and destination must both be a vector or neither", &I); 3362 Check(SrcBitSize > DestBitSize, "DestTy too big for Trunc", &I); 3363 3364 visitInstruction(I); 3365 } 3366 3367 void Verifier::visitZExtInst(ZExtInst &I) { 3368 // Get the source and destination types 3369 Type *SrcTy = I.getOperand(0)->getType(); 3370 Type *DestTy = I.getType(); 3371 3372 // Get the size of the types in bits, we'll need this later 3373 Check(SrcTy->isIntOrIntVectorTy(), "ZExt only operates on integer", &I); 3374 Check(DestTy->isIntOrIntVectorTy(), "ZExt only produces an integer", &I); 3375 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), 3376 "zext source and destination must both be a vector or neither", &I); 3377 unsigned SrcBitSize = SrcTy->getScalarSizeInBits(); 3378 unsigned DestBitSize = DestTy->getScalarSizeInBits(); 3379 3380 Check(SrcBitSize < DestBitSize, "Type too small for ZExt", &I); 3381 3382 visitInstruction(I); 3383 } 3384 3385 void Verifier::visitSExtInst(SExtInst &I) { 3386 // Get the source and destination types 3387 Type *SrcTy = I.getOperand(0)->getType(); 3388 Type *DestTy = I.getType(); 3389 3390 // Get the size of the types in bits, we'll need this later 3391 unsigned SrcBitSize = SrcTy->getScalarSizeInBits(); 3392 unsigned DestBitSize = DestTy->getScalarSizeInBits(); 3393 3394 Check(SrcTy->isIntOrIntVectorTy(), "SExt only operates on integer", &I); 3395 Check(DestTy->isIntOrIntVectorTy(), "SExt only produces an integer", &I); 3396 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), 3397 "sext source and destination must both be a vector or neither", &I); 3398 Check(SrcBitSize < DestBitSize, "Type too small for SExt", &I); 3399 3400 visitInstruction(I); 3401 } 3402 3403 void Verifier::visitFPTruncInst(FPTruncInst &I) { 3404 // Get the source and destination types 3405 Type *SrcTy = I.getOperand(0)->getType(); 3406 Type *DestTy = I.getType(); 3407 // Get the size of the types in bits, we'll need this later 3408 unsigned SrcBitSize = SrcTy->getScalarSizeInBits(); 3409 unsigned DestBitSize = DestTy->getScalarSizeInBits(); 3410 3411 Check(SrcTy->isFPOrFPVectorTy(), "FPTrunc only operates on FP", &I); 3412 Check(DestTy->isFPOrFPVectorTy(), "FPTrunc only produces an FP", &I); 3413 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), 3414 "fptrunc source and destination must both be a vector or neither", &I); 3415 Check(SrcBitSize > DestBitSize, "DestTy too big for FPTrunc", &I); 3416 3417 visitInstruction(I); 3418 } 3419 3420 void Verifier::visitFPExtInst(FPExtInst &I) { 3421 // Get the source and destination types 3422 Type *SrcTy = I.getOperand(0)->getType(); 3423 Type *DestTy = I.getType(); 3424 3425 // Get the size of the types in bits, we'll need this later 3426 unsigned SrcBitSize = SrcTy->getScalarSizeInBits(); 3427 unsigned DestBitSize = DestTy->getScalarSizeInBits(); 3428 3429 Check(SrcTy->isFPOrFPVectorTy(), "FPExt only operates on FP", &I); 3430 Check(DestTy->isFPOrFPVectorTy(), "FPExt only produces an FP", &I); 3431 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), 3432 "fpext source and destination must both be a vector or neither", &I); 3433 Check(SrcBitSize < DestBitSize, "DestTy too small for FPExt", &I); 3434 3435 visitInstruction(I); 3436 } 3437 3438 void Verifier::visitUIToFPInst(UIToFPInst &I) { 3439 // Get the source and destination types 3440 Type *SrcTy = I.getOperand(0)->getType(); 3441 Type *DestTy = I.getType(); 3442 3443 bool SrcVec = SrcTy->isVectorTy(); 3444 bool DstVec = DestTy->isVectorTy(); 3445 3446 Check(SrcVec == DstVec, 3447 "UIToFP source and dest must both be vector or scalar", &I); 3448 Check(SrcTy->isIntOrIntVectorTy(), 3449 "UIToFP source must be integer or integer vector", &I); 3450 Check(DestTy->isFPOrFPVectorTy(), "UIToFP result must be FP or FP vector", 3451 &I); 3452 3453 if (SrcVec && DstVec) 3454 Check(cast<VectorType>(SrcTy)->getElementCount() == 3455 cast<VectorType>(DestTy)->getElementCount(), 3456 "UIToFP source and dest vector length mismatch", &I); 3457 3458 visitInstruction(I); 3459 } 3460 3461 void Verifier::visitSIToFPInst(SIToFPInst &I) { 3462 // Get the source and destination types 3463 Type *SrcTy = I.getOperand(0)->getType(); 3464 Type *DestTy = I.getType(); 3465 3466 bool SrcVec = SrcTy->isVectorTy(); 3467 bool DstVec = DestTy->isVectorTy(); 3468 3469 Check(SrcVec == DstVec, 3470 "SIToFP source and dest must both be vector or scalar", &I); 3471 Check(SrcTy->isIntOrIntVectorTy(), 3472 "SIToFP source must be integer or integer vector", &I); 3473 Check(DestTy->isFPOrFPVectorTy(), "SIToFP result must be FP or FP vector", 3474 &I); 3475 3476 if (SrcVec && DstVec) 3477 Check(cast<VectorType>(SrcTy)->getElementCount() == 3478 cast<VectorType>(DestTy)->getElementCount(), 3479 "SIToFP source and dest vector length mismatch", &I); 3480 3481 visitInstruction(I); 3482 } 3483 3484 void Verifier::visitFPToUIInst(FPToUIInst &I) { 3485 // Get the source and destination types 3486 Type *SrcTy = I.getOperand(0)->getType(); 3487 Type *DestTy = I.getType(); 3488 3489 bool SrcVec = SrcTy->isVectorTy(); 3490 bool DstVec = DestTy->isVectorTy(); 3491 3492 Check(SrcVec == DstVec, 3493 "FPToUI source and dest must both be vector or scalar", &I); 3494 Check(SrcTy->isFPOrFPVectorTy(), "FPToUI source must be FP or FP vector", &I); 3495 Check(DestTy->isIntOrIntVectorTy(), 3496 "FPToUI result must be integer or integer vector", &I); 3497 3498 if (SrcVec && DstVec) 3499 Check(cast<VectorType>(SrcTy)->getElementCount() == 3500 cast<VectorType>(DestTy)->getElementCount(), 3501 "FPToUI source and dest vector length mismatch", &I); 3502 3503 visitInstruction(I); 3504 } 3505 3506 void Verifier::visitFPToSIInst(FPToSIInst &I) { 3507 // Get the source and destination types 3508 Type *SrcTy = I.getOperand(0)->getType(); 3509 Type *DestTy = I.getType(); 3510 3511 bool SrcVec = SrcTy->isVectorTy(); 3512 bool DstVec = DestTy->isVectorTy(); 3513 3514 Check(SrcVec == DstVec, 3515 "FPToSI source and dest must both be vector or scalar", &I); 3516 Check(SrcTy->isFPOrFPVectorTy(), "FPToSI source must be FP or FP vector", &I); 3517 Check(DestTy->isIntOrIntVectorTy(), 3518 "FPToSI result must be integer or integer vector", &I); 3519 3520 if (SrcVec && DstVec) 3521 Check(cast<VectorType>(SrcTy)->getElementCount() == 3522 cast<VectorType>(DestTy)->getElementCount(), 3523 "FPToSI source and dest vector length mismatch", &I); 3524 3525 visitInstruction(I); 3526 } 3527 3528 void Verifier::visitPtrToIntInst(PtrToIntInst &I) { 3529 // Get the source and destination types 3530 Type *SrcTy = I.getOperand(0)->getType(); 3531 Type *DestTy = I.getType(); 3532 3533 Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToInt source must be pointer", &I); 3534 3535 Check(DestTy->isIntOrIntVectorTy(), "PtrToInt result must be integral", &I); 3536 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToInt type mismatch", 3537 &I); 3538 3539 if (SrcTy->isVectorTy()) { 3540 auto *VSrc = cast<VectorType>(SrcTy); 3541 auto *VDest = cast<VectorType>(DestTy); 3542 Check(VSrc->getElementCount() == VDest->getElementCount(), 3543 "PtrToInt Vector width mismatch", &I); 3544 } 3545 3546 visitInstruction(I); 3547 } 3548 3549 void Verifier::visitIntToPtrInst(IntToPtrInst &I) { 3550 // Get the source and destination types 3551 Type *SrcTy = I.getOperand(0)->getType(); 3552 Type *DestTy = I.getType(); 3553 3554 Check(SrcTy->isIntOrIntVectorTy(), "IntToPtr source must be an integral", &I); 3555 Check(DestTy->isPtrOrPtrVectorTy(), "IntToPtr result must be a pointer", &I); 3556 3557 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "IntToPtr type mismatch", 3558 &I); 3559 if (SrcTy->isVectorTy()) { 3560 auto *VSrc = cast<VectorType>(SrcTy); 3561 auto *VDest = cast<VectorType>(DestTy); 3562 Check(VSrc->getElementCount() == VDest->getElementCount(), 3563 "IntToPtr Vector width mismatch", &I); 3564 } 3565 visitInstruction(I); 3566 } 3567 3568 void Verifier::visitBitCastInst(BitCastInst &I) { 3569 Check( 3570 CastInst::castIsValid(Instruction::BitCast, I.getOperand(0), I.getType()), 3571 "Invalid bitcast", &I); 3572 visitInstruction(I); 3573 } 3574 3575 void Verifier::visitAddrSpaceCastInst(AddrSpaceCastInst &I) { 3576 Type *SrcTy = I.getOperand(0)->getType(); 3577 Type *DestTy = I.getType(); 3578 3579 Check(SrcTy->isPtrOrPtrVectorTy(), "AddrSpaceCast source must be a pointer", 3580 &I); 3581 Check(DestTy->isPtrOrPtrVectorTy(), "AddrSpaceCast result must be a pointer", 3582 &I); 3583 Check(SrcTy->getPointerAddressSpace() != DestTy->getPointerAddressSpace(), 3584 "AddrSpaceCast must be between different address spaces", &I); 3585 if (auto *SrcVTy = dyn_cast<VectorType>(SrcTy)) 3586 Check(SrcVTy->getElementCount() == 3587 cast<VectorType>(DestTy)->getElementCount(), 3588 "AddrSpaceCast vector pointer number of elements mismatch", &I); 3589 visitInstruction(I); 3590 } 3591 3592 /// visitPHINode - Ensure that a PHI node is well formed. 3593 /// 3594 void Verifier::visitPHINode(PHINode &PN) { 3595 // Ensure that the PHI nodes are all grouped together at the top of the block. 3596 // This can be tested by checking whether the instruction before this is 3597 // either nonexistent (because this is begin()) or is a PHI node. If not, 3598 // then there is some other instruction before a PHI. 3599 Check(&PN == &PN.getParent()->front() || 3600 isa<PHINode>(--BasicBlock::iterator(&PN)), 3601 "PHI nodes not grouped at top of basic block!", &PN, PN.getParent()); 3602 3603 // Check that a PHI doesn't yield a Token. 3604 Check(!PN.getType()->isTokenTy(), "PHI nodes cannot have token type!"); 3605 3606 // Check that all of the values of the PHI node have the same type as the 3607 // result. 3608 for (Value *IncValue : PN.incoming_values()) { 3609 Check(PN.getType() == IncValue->getType(), 3610 "PHI node operands are not the same type as the result!", &PN); 3611 } 3612 3613 // All other PHI node constraints are checked in the visitBasicBlock method. 3614 3615 visitInstruction(PN); 3616 } 3617 3618 void Verifier::visitCallBase(CallBase &Call) { 3619 Check(Call.getCalledOperand()->getType()->isPointerTy(), 3620 "Called function must be a pointer!", Call); 3621 FunctionType *FTy = Call.getFunctionType(); 3622 3623 // Verify that the correct number of arguments are being passed 3624 if (FTy->isVarArg()) 3625 Check(Call.arg_size() >= FTy->getNumParams(), 3626 "Called function requires more parameters than were provided!", Call); 3627 else 3628 Check(Call.arg_size() == FTy->getNumParams(), 3629 "Incorrect number of arguments passed to called function!", Call); 3630 3631 // Verify that all arguments to the call match the function type. 3632 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) 3633 Check(Call.getArgOperand(i)->getType() == FTy->getParamType(i), 3634 "Call parameter type does not match function signature!", 3635 Call.getArgOperand(i), FTy->getParamType(i), Call); 3636 3637 AttributeList Attrs = Call.getAttributes(); 3638 3639 Check(verifyAttributeCount(Attrs, Call.arg_size()), 3640 "Attribute after last parameter!", Call); 3641 3642 Function *Callee = 3643 dyn_cast<Function>(Call.getCalledOperand()->stripPointerCasts()); 3644 bool IsIntrinsic = Callee && Callee->isIntrinsic(); 3645 if (IsIntrinsic) 3646 Check(Callee->getValueType() == FTy, 3647 "Intrinsic called with incompatible signature", Call); 3648 3649 // Verify if the calling convention of the callee is callable. 3650 Check(isCallableCC(Call.getCallingConv()), 3651 "calling convention does not permit calls", Call); 3652 3653 // Disallow passing/returning values with alignment higher than we can 3654 // represent. 3655 // FIXME: Consider making DataLayout cap the alignment, so this isn't 3656 // necessary. 3657 auto VerifyTypeAlign = [&](Type *Ty, const Twine &Message) { 3658 if (!Ty->isSized()) 3659 return; 3660 Align ABIAlign = DL.getABITypeAlign(Ty); 3661 Check(ABIAlign.value() <= Value::MaximumAlignment, 3662 "Incorrect alignment of " + Message + " to called function!", Call); 3663 }; 3664 3665 if (!IsIntrinsic) { 3666 VerifyTypeAlign(FTy->getReturnType(), "return type"); 3667 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) { 3668 Type *Ty = FTy->getParamType(i); 3669 VerifyTypeAlign(Ty, "argument passed"); 3670 } 3671 } 3672 3673 if (Attrs.hasFnAttr(Attribute::Speculatable)) { 3674 // Don't allow speculatable on call sites, unless the underlying function 3675 // declaration is also speculatable. 3676 Check(Callee && Callee->isSpeculatable(), 3677 "speculatable attribute may not apply to call sites", Call); 3678 } 3679 3680 if (Attrs.hasFnAttr(Attribute::Preallocated)) { 3681 Check(Call.getIntrinsicID() == Intrinsic::call_preallocated_arg, 3682 "preallocated as a call site attribute can only be on " 3683 "llvm.call.preallocated.arg"); 3684 } 3685 3686 // Verify call attributes. 3687 verifyFunctionAttrs(FTy, Attrs, &Call, IsIntrinsic, Call.isInlineAsm()); 3688 3689 // Conservatively check the inalloca argument. 3690 // We have a bug if we can find that there is an underlying alloca without 3691 // inalloca. 3692 if (Call.hasInAllocaArgument()) { 3693 Value *InAllocaArg = Call.getArgOperand(FTy->getNumParams() - 1); 3694 if (auto AI = dyn_cast<AllocaInst>(InAllocaArg->stripInBoundsOffsets())) 3695 Check(AI->isUsedWithInAlloca(), 3696 "inalloca argument for call has mismatched alloca", AI, Call); 3697 } 3698 3699 // For each argument of the callsite, if it has the swifterror argument, 3700 // make sure the underlying alloca/parameter it comes from has a swifterror as 3701 // well. 3702 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) { 3703 if (Call.paramHasAttr(i, Attribute::SwiftError)) { 3704 Value *SwiftErrorArg = Call.getArgOperand(i); 3705 if (auto AI = dyn_cast<AllocaInst>(SwiftErrorArg->stripInBoundsOffsets())) { 3706 Check(AI->isSwiftError(), 3707 "swifterror argument for call has mismatched alloca", AI, Call); 3708 continue; 3709 } 3710 auto ArgI = dyn_cast<Argument>(SwiftErrorArg); 3711 Check(ArgI, "swifterror argument should come from an alloca or parameter", 3712 SwiftErrorArg, Call); 3713 Check(ArgI->hasSwiftErrorAttr(), 3714 "swifterror argument for call has mismatched parameter", ArgI, 3715 Call); 3716 } 3717 3718 if (Attrs.hasParamAttr(i, Attribute::ImmArg)) { 3719 // Don't allow immarg on call sites, unless the underlying declaration 3720 // also has the matching immarg. 3721 Check(Callee && Callee->hasParamAttribute(i, Attribute::ImmArg), 3722 "immarg may not apply only to call sites", Call.getArgOperand(i), 3723 Call); 3724 } 3725 3726 if (Call.paramHasAttr(i, Attribute::ImmArg)) { 3727 Value *ArgVal = Call.getArgOperand(i); 3728 Check(isa<ConstantInt>(ArgVal) || isa<ConstantFP>(ArgVal), 3729 "immarg operand has non-immediate parameter", ArgVal, Call); 3730 3731 // If the imm-arg is an integer and also has a range attached, 3732 // check if the given value is within the range. 3733 if (Call.paramHasAttr(i, Attribute::Range)) { 3734 if (auto *CI = dyn_cast<ConstantInt>(ArgVal)) { 3735 const ConstantRange &CR = 3736 Call.getParamAttr(i, Attribute::Range).getValueAsConstantRange(); 3737 Check(CR.contains(CI->getValue()), 3738 "immarg value " + Twine(CI->getValue().getSExtValue()) + 3739 " out of range [" + Twine(CR.getLower().getSExtValue()) + 3740 ", " + Twine(CR.getUpper().getSExtValue()) + ")", 3741 Call); 3742 } 3743 } 3744 } 3745 3746 if (Call.paramHasAttr(i, Attribute::Preallocated)) { 3747 Value *ArgVal = Call.getArgOperand(i); 3748 bool hasOB = 3749 Call.countOperandBundlesOfType(LLVMContext::OB_preallocated) != 0; 3750 bool isMustTail = Call.isMustTailCall(); 3751 Check(hasOB != isMustTail, 3752 "preallocated operand either requires a preallocated bundle or " 3753 "the call to be musttail (but not both)", 3754 ArgVal, Call); 3755 } 3756 } 3757 3758 if (FTy->isVarArg()) { 3759 // FIXME? is 'nest' even legal here? 3760 bool SawNest = false; 3761 bool SawReturned = false; 3762 3763 for (unsigned Idx = 0; Idx < FTy->getNumParams(); ++Idx) { 3764 if (Attrs.hasParamAttr(Idx, Attribute::Nest)) 3765 SawNest = true; 3766 if (Attrs.hasParamAttr(Idx, Attribute::Returned)) 3767 SawReturned = true; 3768 } 3769 3770 // Check attributes on the varargs part. 3771 for (unsigned Idx = FTy->getNumParams(); Idx < Call.arg_size(); ++Idx) { 3772 Type *Ty = Call.getArgOperand(Idx)->getType(); 3773 AttributeSet ArgAttrs = Attrs.getParamAttrs(Idx); 3774 verifyParameterAttrs(ArgAttrs, Ty, &Call); 3775 3776 if (ArgAttrs.hasAttribute(Attribute::Nest)) { 3777 Check(!SawNest, "More than one parameter has attribute nest!", Call); 3778 SawNest = true; 3779 } 3780 3781 if (ArgAttrs.hasAttribute(Attribute::Returned)) { 3782 Check(!SawReturned, "More than one parameter has attribute returned!", 3783 Call); 3784 Check(Ty->canLosslesslyBitCastTo(FTy->getReturnType()), 3785 "Incompatible argument and return types for 'returned' " 3786 "attribute", 3787 Call); 3788 SawReturned = true; 3789 } 3790 3791 // Statepoint intrinsic is vararg but the wrapped function may be not. 3792 // Allow sret here and check the wrapped function in verifyStatepoint. 3793 if (Call.getIntrinsicID() != Intrinsic::experimental_gc_statepoint) 3794 Check(!ArgAttrs.hasAttribute(Attribute::StructRet), 3795 "Attribute 'sret' cannot be used for vararg call arguments!", 3796 Call); 3797 3798 if (ArgAttrs.hasAttribute(Attribute::InAlloca)) 3799 Check(Idx == Call.arg_size() - 1, 3800 "inalloca isn't on the last argument!", Call); 3801 } 3802 } 3803 3804 // Verify that there's no metadata unless it's a direct call to an intrinsic. 3805 if (!IsIntrinsic) { 3806 for (Type *ParamTy : FTy->params()) { 3807 Check(!ParamTy->isMetadataTy(), 3808 "Function has metadata parameter but isn't an intrinsic", Call); 3809 Check(!ParamTy->isTokenTy(), 3810 "Function has token parameter but isn't an intrinsic", Call); 3811 } 3812 } 3813 3814 // Verify that indirect calls don't return tokens. 3815 if (!Call.getCalledFunction()) { 3816 Check(!FTy->getReturnType()->isTokenTy(), 3817 "Return type cannot be token for indirect call!"); 3818 Check(!FTy->getReturnType()->isX86_AMXTy(), 3819 "Return type cannot be x86_amx for indirect call!"); 3820 } 3821 3822 if (Intrinsic::ID ID = Call.getIntrinsicID()) 3823 visitIntrinsicCall(ID, Call); 3824 3825 // Verify that a callsite has at most one "deopt", at most one "funclet", at 3826 // most one "gc-transition", at most one "cfguardtarget", at most one 3827 // "preallocated" operand bundle, and at most one "ptrauth" operand bundle. 3828 bool FoundDeoptBundle = false, FoundFuncletBundle = false, 3829 FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false, 3830 FoundPreallocatedBundle = false, FoundGCLiveBundle = false, 3831 FoundPtrauthBundle = false, FoundKCFIBundle = false, 3832 FoundAttachedCallBundle = false; 3833 for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) { 3834 OperandBundleUse BU = Call.getOperandBundleAt(i); 3835 uint32_t Tag = BU.getTagID(); 3836 if (Tag == LLVMContext::OB_deopt) { 3837 Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call); 3838 FoundDeoptBundle = true; 3839 } else if (Tag == LLVMContext::OB_gc_transition) { 3840 Check(!FoundGCTransitionBundle, "Multiple gc-transition operand bundles", 3841 Call); 3842 FoundGCTransitionBundle = true; 3843 } else if (Tag == LLVMContext::OB_funclet) { 3844 Check(!FoundFuncletBundle, "Multiple funclet operand bundles", Call); 3845 FoundFuncletBundle = true; 3846 Check(BU.Inputs.size() == 1, 3847 "Expected exactly one funclet bundle operand", Call); 3848 Check(isa<FuncletPadInst>(BU.Inputs.front()), 3849 "Funclet bundle operands should correspond to a FuncletPadInst", 3850 Call); 3851 } else if (Tag == LLVMContext::OB_cfguardtarget) { 3852 Check(!FoundCFGuardTargetBundle, "Multiple CFGuardTarget operand bundles", 3853 Call); 3854 FoundCFGuardTargetBundle = true; 3855 Check(BU.Inputs.size() == 1, 3856 "Expected exactly one cfguardtarget bundle operand", Call); 3857 } else if (Tag == LLVMContext::OB_ptrauth) { 3858 Check(!FoundPtrauthBundle, "Multiple ptrauth operand bundles", Call); 3859 FoundPtrauthBundle = true; 3860 Check(BU.Inputs.size() == 2, 3861 "Expected exactly two ptrauth bundle operands", Call); 3862 Check(isa<ConstantInt>(BU.Inputs[0]) && 3863 BU.Inputs[0]->getType()->isIntegerTy(32), 3864 "Ptrauth bundle key operand must be an i32 constant", Call); 3865 Check(BU.Inputs[1]->getType()->isIntegerTy(64), 3866 "Ptrauth bundle discriminator operand must be an i64", Call); 3867 } else if (Tag == LLVMContext::OB_kcfi) { 3868 Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call); 3869 FoundKCFIBundle = true; 3870 Check(BU.Inputs.size() == 1, "Expected exactly one kcfi bundle operand", 3871 Call); 3872 Check(isa<ConstantInt>(BU.Inputs[0]) && 3873 BU.Inputs[0]->getType()->isIntegerTy(32), 3874 "Kcfi bundle operand must be an i32 constant", Call); 3875 } else if (Tag == LLVMContext::OB_preallocated) { 3876 Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles", 3877 Call); 3878 FoundPreallocatedBundle = true; 3879 Check(BU.Inputs.size() == 1, 3880 "Expected exactly one preallocated bundle operand", Call); 3881 auto Input = dyn_cast<IntrinsicInst>(BU.Inputs.front()); 3882 Check(Input && 3883 Input->getIntrinsicID() == Intrinsic::call_preallocated_setup, 3884 "\"preallocated\" argument must be a token from " 3885 "llvm.call.preallocated.setup", 3886 Call); 3887 } else if (Tag == LLVMContext::OB_gc_live) { 3888 Check(!FoundGCLiveBundle, "Multiple gc-live operand bundles", Call); 3889 FoundGCLiveBundle = true; 3890 } else if (Tag == LLVMContext::OB_clang_arc_attachedcall) { 3891 Check(!FoundAttachedCallBundle, 3892 "Multiple \"clang.arc.attachedcall\" operand bundles", Call); 3893 FoundAttachedCallBundle = true; 3894 verifyAttachedCallBundle(Call, BU); 3895 } 3896 } 3897 3898 // Verify that callee and callsite agree on whether to use pointer auth. 3899 Check(!(Call.getCalledFunction() && FoundPtrauthBundle), 3900 "Direct call cannot have a ptrauth bundle", Call); 3901 3902 // Verify that each inlinable callsite of a debug-info-bearing function in a 3903 // debug-info-bearing function has a debug location attached to it. Failure to 3904 // do so causes assertion failures when the inliner sets up inline scope info 3905 // (Interposable functions are not inlinable, neither are functions without 3906 // definitions.) 3907 if (Call.getFunction()->getSubprogram() && Call.getCalledFunction() && 3908 !Call.getCalledFunction()->isInterposable() && 3909 !Call.getCalledFunction()->isDeclaration() && 3910 Call.getCalledFunction()->getSubprogram()) 3911 CheckDI(Call.getDebugLoc(), 3912 "inlinable function call in a function with " 3913 "debug info must have a !dbg location", 3914 Call); 3915 3916 if (Call.isInlineAsm()) 3917 verifyInlineAsmCall(Call); 3918 3919 ConvergenceVerifyHelper.visit(Call); 3920 3921 visitInstruction(Call); 3922 } 3923 3924 void Verifier::verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, 3925 StringRef Context) { 3926 Check(!Attrs.contains(Attribute::InAlloca), 3927 Twine("inalloca attribute not allowed in ") + Context); 3928 Check(!Attrs.contains(Attribute::InReg), 3929 Twine("inreg attribute not allowed in ") + Context); 3930 Check(!Attrs.contains(Attribute::SwiftError), 3931 Twine("swifterror attribute not allowed in ") + Context); 3932 Check(!Attrs.contains(Attribute::Preallocated), 3933 Twine("preallocated attribute not allowed in ") + Context); 3934 Check(!Attrs.contains(Attribute::ByRef), 3935 Twine("byref attribute not allowed in ") + Context); 3936 } 3937 3938 /// Two types are "congruent" if they are identical, or if they are both pointer 3939 /// types with different pointee types and the same address space. 3940 static bool isTypeCongruent(Type *L, Type *R) { 3941 if (L == R) 3942 return true; 3943 PointerType *PL = dyn_cast<PointerType>(L); 3944 PointerType *PR = dyn_cast<PointerType>(R); 3945 if (!PL || !PR) 3946 return false; 3947 return PL->getAddressSpace() == PR->getAddressSpace(); 3948 } 3949 3950 static AttrBuilder getParameterABIAttributes(LLVMContext& C, unsigned I, AttributeList Attrs) { 3951 static const Attribute::AttrKind ABIAttrs[] = { 3952 Attribute::StructRet, Attribute::ByVal, Attribute::InAlloca, 3953 Attribute::InReg, Attribute::StackAlignment, Attribute::SwiftSelf, 3954 Attribute::SwiftAsync, Attribute::SwiftError, Attribute::Preallocated, 3955 Attribute::ByRef}; 3956 AttrBuilder Copy(C); 3957 for (auto AK : ABIAttrs) { 3958 Attribute Attr = Attrs.getParamAttrs(I).getAttribute(AK); 3959 if (Attr.isValid()) 3960 Copy.addAttribute(Attr); 3961 } 3962 3963 // `align` is ABI-affecting only in combination with `byval` or `byref`. 3964 if (Attrs.hasParamAttr(I, Attribute::Alignment) && 3965 (Attrs.hasParamAttr(I, Attribute::ByVal) || 3966 Attrs.hasParamAttr(I, Attribute::ByRef))) 3967 Copy.addAlignmentAttr(Attrs.getParamAlignment(I)); 3968 return Copy; 3969 } 3970 3971 void Verifier::verifyMustTailCall(CallInst &CI) { 3972 Check(!CI.isInlineAsm(), "cannot use musttail call with inline asm", &CI); 3973 3974 Function *F = CI.getParent()->getParent(); 3975 FunctionType *CallerTy = F->getFunctionType(); 3976 FunctionType *CalleeTy = CI.getFunctionType(); 3977 Check(CallerTy->isVarArg() == CalleeTy->isVarArg(), 3978 "cannot guarantee tail call due to mismatched varargs", &CI); 3979 Check(isTypeCongruent(CallerTy->getReturnType(), CalleeTy->getReturnType()), 3980 "cannot guarantee tail call due to mismatched return types", &CI); 3981 3982 // - The calling conventions of the caller and callee must match. 3983 Check(F->getCallingConv() == CI.getCallingConv(), 3984 "cannot guarantee tail call due to mismatched calling conv", &CI); 3985 3986 // - The call must immediately precede a :ref:`ret <i_ret>` instruction, 3987 // or a pointer bitcast followed by a ret instruction. 3988 // - The ret instruction must return the (possibly bitcasted) value 3989 // produced by the call or void. 3990 Value *RetVal = &CI; 3991 Instruction *Next = CI.getNextNode(); 3992 3993 // Handle the optional bitcast. 3994 if (BitCastInst *BI = dyn_cast_or_null<BitCastInst>(Next)) { 3995 Check(BI->getOperand(0) == RetVal, 3996 "bitcast following musttail call must use the call", BI); 3997 RetVal = BI; 3998 Next = BI->getNextNode(); 3999 } 4000 4001 // Check the return. 4002 ReturnInst *Ret = dyn_cast_or_null<ReturnInst>(Next); 4003 Check(Ret, "musttail call must precede a ret with an optional bitcast", &CI); 4004 Check(!Ret->getReturnValue() || Ret->getReturnValue() == RetVal || 4005 isa<UndefValue>(Ret->getReturnValue()), 4006 "musttail call result must be returned", Ret); 4007 4008 AttributeList CallerAttrs = F->getAttributes(); 4009 AttributeList CalleeAttrs = CI.getAttributes(); 4010 if (CI.getCallingConv() == CallingConv::SwiftTail || 4011 CI.getCallingConv() == CallingConv::Tail) { 4012 StringRef CCName = 4013 CI.getCallingConv() == CallingConv::Tail ? "tailcc" : "swifttailcc"; 4014 4015 // - Only sret, byval, swiftself, and swiftasync ABI-impacting attributes 4016 // are allowed in swifttailcc call 4017 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) { 4018 AttrBuilder ABIAttrs = getParameterABIAttributes(F->getContext(), I, CallerAttrs); 4019 SmallString<32> Context{CCName, StringRef(" musttail caller")}; 4020 verifyTailCCMustTailAttrs(ABIAttrs, Context); 4021 } 4022 for (unsigned I = 0, E = CalleeTy->getNumParams(); I != E; ++I) { 4023 AttrBuilder ABIAttrs = getParameterABIAttributes(F->getContext(), I, CalleeAttrs); 4024 SmallString<32> Context{CCName, StringRef(" musttail callee")}; 4025 verifyTailCCMustTailAttrs(ABIAttrs, Context); 4026 } 4027 // - Varargs functions are not allowed 4028 Check(!CallerTy->isVarArg(), Twine("cannot guarantee ") + CCName + 4029 " tail call for varargs function"); 4030 return; 4031 } 4032 4033 // - The caller and callee prototypes must match. Pointer types of 4034 // parameters or return types may differ in pointee type, but not 4035 // address space. 4036 if (!CI.getIntrinsicID()) { 4037 Check(CallerTy->getNumParams() == CalleeTy->getNumParams(), 4038 "cannot guarantee tail call due to mismatched parameter counts", &CI); 4039 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) { 4040 Check( 4041 isTypeCongruent(CallerTy->getParamType(I), CalleeTy->getParamType(I)), 4042 "cannot guarantee tail call due to mismatched parameter types", &CI); 4043 } 4044 } 4045 4046 // - All ABI-impacting function attributes, such as sret, byval, inreg, 4047 // returned, preallocated, and inalloca, must match. 4048 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) { 4049 AttrBuilder CallerABIAttrs = getParameterABIAttributes(F->getContext(), I, CallerAttrs); 4050 AttrBuilder CalleeABIAttrs = getParameterABIAttributes(F->getContext(), I, CalleeAttrs); 4051 Check(CallerABIAttrs == CalleeABIAttrs, 4052 "cannot guarantee tail call due to mismatched ABI impacting " 4053 "function attributes", 4054 &CI, CI.getOperand(I)); 4055 } 4056 } 4057 4058 void Verifier::visitCallInst(CallInst &CI) { 4059 visitCallBase(CI); 4060 4061 if (CI.isMustTailCall()) 4062 verifyMustTailCall(CI); 4063 } 4064 4065 void Verifier::visitInvokeInst(InvokeInst &II) { 4066 visitCallBase(II); 4067 4068 // Verify that the first non-PHI instruction of the unwind destination is an 4069 // exception handling instruction. 4070 Check( 4071 II.getUnwindDest()->isEHPad(), 4072 "The unwind destination does not have an exception handling instruction!", 4073 &II); 4074 4075 visitTerminator(II); 4076 } 4077 4078 /// visitUnaryOperator - Check the argument to the unary operator. 4079 /// 4080 void Verifier::visitUnaryOperator(UnaryOperator &U) { 4081 Check(U.getType() == U.getOperand(0)->getType(), 4082 "Unary operators must have same type for" 4083 "operands and result!", 4084 &U); 4085 4086 switch (U.getOpcode()) { 4087 // Check that floating-point arithmetic operators are only used with 4088 // floating-point operands. 4089 case Instruction::FNeg: 4090 Check(U.getType()->isFPOrFPVectorTy(), 4091 "FNeg operator only works with float types!", &U); 4092 break; 4093 default: 4094 llvm_unreachable("Unknown UnaryOperator opcode!"); 4095 } 4096 4097 visitInstruction(U); 4098 } 4099 4100 /// visitBinaryOperator - Check that both arguments to the binary operator are 4101 /// of the same type! 4102 /// 4103 void Verifier::visitBinaryOperator(BinaryOperator &B) { 4104 Check(B.getOperand(0)->getType() == B.getOperand(1)->getType(), 4105 "Both operands to a binary operator are not of the same type!", &B); 4106 4107 switch (B.getOpcode()) { 4108 // Check that integer arithmetic operators are only used with 4109 // integral operands. 4110 case Instruction::Add: 4111 case Instruction::Sub: 4112 case Instruction::Mul: 4113 case Instruction::SDiv: 4114 case Instruction::UDiv: 4115 case Instruction::SRem: 4116 case Instruction::URem: 4117 Check(B.getType()->isIntOrIntVectorTy(), 4118 "Integer arithmetic operators only work with integral types!", &B); 4119 Check(B.getType() == B.getOperand(0)->getType(), 4120 "Integer arithmetic operators must have same type " 4121 "for operands and result!", 4122 &B); 4123 break; 4124 // Check that floating-point arithmetic operators are only used with 4125 // floating-point operands. 4126 case Instruction::FAdd: 4127 case Instruction::FSub: 4128 case Instruction::FMul: 4129 case Instruction::FDiv: 4130 case Instruction::FRem: 4131 Check(B.getType()->isFPOrFPVectorTy(), 4132 "Floating-point arithmetic operators only work with " 4133 "floating-point types!", 4134 &B); 4135 Check(B.getType() == B.getOperand(0)->getType(), 4136 "Floating-point arithmetic operators must have same type " 4137 "for operands and result!", 4138 &B); 4139 break; 4140 // Check that logical operators are only used with integral operands. 4141 case Instruction::And: 4142 case Instruction::Or: 4143 case Instruction::Xor: 4144 Check(B.getType()->isIntOrIntVectorTy(), 4145 "Logical operators only work with integral types!", &B); 4146 Check(B.getType() == B.getOperand(0)->getType(), 4147 "Logical operators must have same type for operands and result!", &B); 4148 break; 4149 case Instruction::Shl: 4150 case Instruction::LShr: 4151 case Instruction::AShr: 4152 Check(B.getType()->isIntOrIntVectorTy(), 4153 "Shifts only work with integral types!", &B); 4154 Check(B.getType() == B.getOperand(0)->getType(), 4155 "Shift return type must be same as operands!", &B); 4156 break; 4157 default: 4158 llvm_unreachable("Unknown BinaryOperator opcode!"); 4159 } 4160 4161 visitInstruction(B); 4162 } 4163 4164 void Verifier::visitICmpInst(ICmpInst &IC) { 4165 // Check that the operands are the same type 4166 Type *Op0Ty = IC.getOperand(0)->getType(); 4167 Type *Op1Ty = IC.getOperand(1)->getType(); 4168 Check(Op0Ty == Op1Ty, 4169 "Both operands to ICmp instruction are not of the same type!", &IC); 4170 // Check that the operands are the right type 4171 Check(Op0Ty->isIntOrIntVectorTy() || Op0Ty->isPtrOrPtrVectorTy(), 4172 "Invalid operand types for ICmp instruction", &IC); 4173 // Check that the predicate is valid. 4174 Check(IC.isIntPredicate(), "Invalid predicate in ICmp instruction!", &IC); 4175 4176 visitInstruction(IC); 4177 } 4178 4179 void Verifier::visitFCmpInst(FCmpInst &FC) { 4180 // Check that the operands are the same type 4181 Type *Op0Ty = FC.getOperand(0)->getType(); 4182 Type *Op1Ty = FC.getOperand(1)->getType(); 4183 Check(Op0Ty == Op1Ty, 4184 "Both operands to FCmp instruction are not of the same type!", &FC); 4185 // Check that the operands are the right type 4186 Check(Op0Ty->isFPOrFPVectorTy(), "Invalid operand types for FCmp instruction", 4187 &FC); 4188 // Check that the predicate is valid. 4189 Check(FC.isFPPredicate(), "Invalid predicate in FCmp instruction!", &FC); 4190 4191 visitInstruction(FC); 4192 } 4193 4194 void Verifier::visitExtractElementInst(ExtractElementInst &EI) { 4195 Check(ExtractElementInst::isValidOperands(EI.getOperand(0), EI.getOperand(1)), 4196 "Invalid extractelement operands!", &EI); 4197 visitInstruction(EI); 4198 } 4199 4200 void Verifier::visitInsertElementInst(InsertElementInst &IE) { 4201 Check(InsertElementInst::isValidOperands(IE.getOperand(0), IE.getOperand(1), 4202 IE.getOperand(2)), 4203 "Invalid insertelement operands!", &IE); 4204 visitInstruction(IE); 4205 } 4206 4207 void Verifier::visitShuffleVectorInst(ShuffleVectorInst &SV) { 4208 Check(ShuffleVectorInst::isValidOperands(SV.getOperand(0), SV.getOperand(1), 4209 SV.getShuffleMask()), 4210 "Invalid shufflevector operands!", &SV); 4211 visitInstruction(SV); 4212 } 4213 4214 void Verifier::visitGetElementPtrInst(GetElementPtrInst &GEP) { 4215 Type *TargetTy = GEP.getPointerOperandType()->getScalarType(); 4216 4217 Check(isa<PointerType>(TargetTy), 4218 "GEP base pointer is not a vector or a vector of pointers", &GEP); 4219 Check(GEP.getSourceElementType()->isSized(), "GEP into unsized type!", &GEP); 4220 4221 if (auto *STy = dyn_cast<StructType>(GEP.getSourceElementType())) { 4222 Check(!STy->isScalableTy(), 4223 "getelementptr cannot target structure that contains scalable vector" 4224 "type", 4225 &GEP); 4226 } 4227 4228 SmallVector<Value *, 16> Idxs(GEP.indices()); 4229 Check( 4230 all_of(Idxs, [](Value *V) { return V->getType()->isIntOrIntVectorTy(); }), 4231 "GEP indexes must be integers", &GEP); 4232 Type *ElTy = 4233 GetElementPtrInst::getIndexedType(GEP.getSourceElementType(), Idxs); 4234 Check(ElTy, "Invalid indices for GEP pointer type!", &GEP); 4235 4236 PointerType *PtrTy = dyn_cast<PointerType>(GEP.getType()->getScalarType()); 4237 4238 Check(PtrTy && GEP.getResultElementType() == ElTy, 4239 "GEP is not of right type for indices!", &GEP, ElTy); 4240 4241 if (auto *GEPVTy = dyn_cast<VectorType>(GEP.getType())) { 4242 // Additional checks for vector GEPs. 4243 ElementCount GEPWidth = GEPVTy->getElementCount(); 4244 if (GEP.getPointerOperandType()->isVectorTy()) 4245 Check( 4246 GEPWidth == 4247 cast<VectorType>(GEP.getPointerOperandType())->getElementCount(), 4248 "Vector GEP result width doesn't match operand's", &GEP); 4249 for (Value *Idx : Idxs) { 4250 Type *IndexTy = Idx->getType(); 4251 if (auto *IndexVTy = dyn_cast<VectorType>(IndexTy)) { 4252 ElementCount IndexWidth = IndexVTy->getElementCount(); 4253 Check(IndexWidth == GEPWidth, "Invalid GEP index vector width", &GEP); 4254 } 4255 Check(IndexTy->isIntOrIntVectorTy(), 4256 "All GEP indices should be of integer type"); 4257 } 4258 } 4259 4260 Check(GEP.getAddressSpace() == PtrTy->getAddressSpace(), 4261 "GEP address space doesn't match type", &GEP); 4262 4263 visitInstruction(GEP); 4264 } 4265 4266 static bool isContiguous(const ConstantRange &A, const ConstantRange &B) { 4267 return A.getUpper() == B.getLower() || A.getLower() == B.getUpper(); 4268 } 4269 4270 /// Verify !range and !absolute_symbol metadata. These have the same 4271 /// restrictions, except !absolute_symbol allows the full set. 4272 void Verifier::verifyRangeLikeMetadata(const Value &I, const MDNode *Range, 4273 Type *Ty, RangeLikeMetadataKind Kind) { 4274 unsigned NumOperands = Range->getNumOperands(); 4275 Check(NumOperands % 2 == 0, "Unfinished range!", Range); 4276 unsigned NumRanges = NumOperands / 2; 4277 Check(NumRanges >= 1, "It should have at least one range!", Range); 4278 4279 ConstantRange LastRange(1, true); // Dummy initial value 4280 for (unsigned i = 0; i < NumRanges; ++i) { 4281 ConstantInt *Low = 4282 mdconst::dyn_extract<ConstantInt>(Range->getOperand(2 * i)); 4283 Check(Low, "The lower limit must be an integer!", Low); 4284 ConstantInt *High = 4285 mdconst::dyn_extract<ConstantInt>(Range->getOperand(2 * i + 1)); 4286 Check(High, "The upper limit must be an integer!", High); 4287 4288 Check(High->getType() == Low->getType(), "Range pair types must match!", 4289 &I); 4290 4291 if (Kind == RangeLikeMetadataKind::NoaliasAddrspace) { 4292 Check(High->getType()->isIntegerTy(32), 4293 "noalias.addrspace type must be i32!", &I); 4294 } else { 4295 Check(High->getType() == Ty->getScalarType(), 4296 "Range types must match instruction type!", &I); 4297 } 4298 4299 APInt HighV = High->getValue(); 4300 APInt LowV = Low->getValue(); 4301 4302 // ConstantRange asserts if the ranges are the same except for the min/max 4303 // value. Leave the cases it tolerates for the empty range error below. 4304 Check(LowV != HighV || LowV.isMaxValue() || LowV.isMinValue(), 4305 "The upper and lower limits cannot be the same value", &I); 4306 4307 ConstantRange CurRange(LowV, HighV); 4308 Check(!CurRange.isEmptySet() && 4309 (Kind == RangeLikeMetadataKind::AbsoluteSymbol || 4310 !CurRange.isFullSet()), 4311 "Range must not be empty!", Range); 4312 if (i != 0) { 4313 Check(CurRange.intersectWith(LastRange).isEmptySet(), 4314 "Intervals are overlapping", Range); 4315 Check(LowV.sgt(LastRange.getLower()), "Intervals are not in order", 4316 Range); 4317 Check(!isContiguous(CurRange, LastRange), "Intervals are contiguous", 4318 Range); 4319 } 4320 LastRange = ConstantRange(LowV, HighV); 4321 } 4322 if (NumRanges > 2) { 4323 APInt FirstLow = 4324 mdconst::dyn_extract<ConstantInt>(Range->getOperand(0))->getValue(); 4325 APInt FirstHigh = 4326 mdconst::dyn_extract<ConstantInt>(Range->getOperand(1))->getValue(); 4327 ConstantRange FirstRange(FirstLow, FirstHigh); 4328 Check(FirstRange.intersectWith(LastRange).isEmptySet(), 4329 "Intervals are overlapping", Range); 4330 Check(!isContiguous(FirstRange, LastRange), "Intervals are contiguous", 4331 Range); 4332 } 4333 } 4334 4335 void Verifier::visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty) { 4336 assert(Range && Range == I.getMetadata(LLVMContext::MD_range) && 4337 "precondition violation"); 4338 verifyRangeLikeMetadata(I, Range, Ty, RangeLikeMetadataKind::Range); 4339 } 4340 4341 void Verifier::visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range, 4342 Type *Ty) { 4343 assert(Range && Range == I.getMetadata(LLVMContext::MD_noalias_addrspace) && 4344 "precondition violation"); 4345 verifyRangeLikeMetadata(I, Range, Ty, 4346 RangeLikeMetadataKind::NoaliasAddrspace); 4347 } 4348 4349 void Verifier::checkAtomicMemAccessSize(Type *Ty, const Instruction *I) { 4350 unsigned Size = DL.getTypeSizeInBits(Ty); 4351 Check(Size >= 8, "atomic memory access' size must be byte-sized", Ty, I); 4352 Check(!(Size & (Size - 1)), 4353 "atomic memory access' operand must have a power-of-two size", Ty, I); 4354 } 4355 4356 void Verifier::visitLoadInst(LoadInst &LI) { 4357 PointerType *PTy = dyn_cast<PointerType>(LI.getOperand(0)->getType()); 4358 Check(PTy, "Load operand must be a pointer.", &LI); 4359 Type *ElTy = LI.getType(); 4360 if (MaybeAlign A = LI.getAlign()) { 4361 Check(A->value() <= Value::MaximumAlignment, 4362 "huge alignment values are unsupported", &LI); 4363 } 4364 Check(ElTy->isSized(), "loading unsized types is not allowed", &LI); 4365 if (LI.isAtomic()) { 4366 Check(LI.getOrdering() != AtomicOrdering::Release && 4367 LI.getOrdering() != AtomicOrdering::AcquireRelease, 4368 "Load cannot have Release ordering", &LI); 4369 Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(), 4370 "atomic load operand must have integer, pointer, or floating point " 4371 "type!", 4372 ElTy, &LI); 4373 checkAtomicMemAccessSize(ElTy, &LI); 4374 } else { 4375 Check(LI.getSyncScopeID() == SyncScope::System, 4376 "Non-atomic load cannot have SynchronizationScope specified", &LI); 4377 } 4378 4379 visitInstruction(LI); 4380 } 4381 4382 void Verifier::visitStoreInst(StoreInst &SI) { 4383 PointerType *PTy = dyn_cast<PointerType>(SI.getOperand(1)->getType()); 4384 Check(PTy, "Store operand must be a pointer.", &SI); 4385 Type *ElTy = SI.getOperand(0)->getType(); 4386 if (MaybeAlign A = SI.getAlign()) { 4387 Check(A->value() <= Value::MaximumAlignment, 4388 "huge alignment values are unsupported", &SI); 4389 } 4390 Check(ElTy->isSized(), "storing unsized types is not allowed", &SI); 4391 if (SI.isAtomic()) { 4392 Check(SI.getOrdering() != AtomicOrdering::Acquire && 4393 SI.getOrdering() != AtomicOrdering::AcquireRelease, 4394 "Store cannot have Acquire ordering", &SI); 4395 Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(), 4396 "atomic store operand must have integer, pointer, or floating point " 4397 "type!", 4398 ElTy, &SI); 4399 checkAtomicMemAccessSize(ElTy, &SI); 4400 } else { 4401 Check(SI.getSyncScopeID() == SyncScope::System, 4402 "Non-atomic store cannot have SynchronizationScope specified", &SI); 4403 } 4404 visitInstruction(SI); 4405 } 4406 4407 /// Check that SwiftErrorVal is used as a swifterror argument in CS. 4408 void Verifier::verifySwiftErrorCall(CallBase &Call, 4409 const Value *SwiftErrorVal) { 4410 for (const auto &I : llvm::enumerate(Call.args())) { 4411 if (I.value() == SwiftErrorVal) { 4412 Check(Call.paramHasAttr(I.index(), Attribute::SwiftError), 4413 "swifterror value when used in a callsite should be marked " 4414 "with swifterror attribute", 4415 SwiftErrorVal, Call); 4416 } 4417 } 4418 } 4419 4420 void Verifier::verifySwiftErrorValue(const Value *SwiftErrorVal) { 4421 // Check that swifterror value is only used by loads, stores, or as 4422 // a swifterror argument. 4423 for (const User *U : SwiftErrorVal->users()) { 4424 Check(isa<LoadInst>(U) || isa<StoreInst>(U) || isa<CallInst>(U) || 4425 isa<InvokeInst>(U), 4426 "swifterror value can only be loaded and stored from, or " 4427 "as a swifterror argument!", 4428 SwiftErrorVal, U); 4429 // If it is used by a store, check it is the second operand. 4430 if (auto StoreI = dyn_cast<StoreInst>(U)) 4431 Check(StoreI->getOperand(1) == SwiftErrorVal, 4432 "swifterror value should be the second operand when used " 4433 "by stores", 4434 SwiftErrorVal, U); 4435 if (auto *Call = dyn_cast<CallBase>(U)) 4436 verifySwiftErrorCall(*const_cast<CallBase *>(Call), SwiftErrorVal); 4437 } 4438 } 4439 4440 void Verifier::visitAllocaInst(AllocaInst &AI) { 4441 Type *Ty = AI.getAllocatedType(); 4442 SmallPtrSet<Type*, 4> Visited; 4443 Check(Ty->isSized(&Visited), "Cannot allocate unsized type", &AI); 4444 // Check if it's a target extension type that disallows being used on the 4445 // stack. 4446 Check(!Ty->containsNonLocalTargetExtType(), 4447 "Alloca has illegal target extension type", &AI); 4448 Check(AI.getArraySize()->getType()->isIntegerTy(), 4449 "Alloca array size must have integer type", &AI); 4450 if (MaybeAlign A = AI.getAlign()) { 4451 Check(A->value() <= Value::MaximumAlignment, 4452 "huge alignment values are unsupported", &AI); 4453 } 4454 4455 if (AI.isSwiftError()) { 4456 Check(Ty->isPointerTy(), "swifterror alloca must have pointer type", &AI); 4457 Check(!AI.isArrayAllocation(), 4458 "swifterror alloca must not be array allocation", &AI); 4459 verifySwiftErrorValue(&AI); 4460 } 4461 4462 if (TT.isAMDGPU()) { 4463 Check(AI.getAddressSpace() == AMDGPUAS::PRIVATE_ADDRESS, 4464 "alloca on amdgpu must be in addrspace(5)", &AI); 4465 } 4466 4467 visitInstruction(AI); 4468 } 4469 4470 void Verifier::visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI) { 4471 Type *ElTy = CXI.getOperand(1)->getType(); 4472 Check(ElTy->isIntOrPtrTy(), 4473 "cmpxchg operand must have integer or pointer type", ElTy, &CXI); 4474 checkAtomicMemAccessSize(ElTy, &CXI); 4475 visitInstruction(CXI); 4476 } 4477 4478 void Verifier::visitAtomicRMWInst(AtomicRMWInst &RMWI) { 4479 Check(RMWI.getOrdering() != AtomicOrdering::Unordered, 4480 "atomicrmw instructions cannot be unordered.", &RMWI); 4481 auto Op = RMWI.getOperation(); 4482 Type *ElTy = RMWI.getOperand(1)->getType(); 4483 if (Op == AtomicRMWInst::Xchg) { 4484 Check(ElTy->isIntegerTy() || ElTy->isFloatingPointTy() || 4485 ElTy->isPointerTy(), 4486 "atomicrmw " + AtomicRMWInst::getOperationName(Op) + 4487 " operand must have integer or floating point type!", 4488 &RMWI, ElTy); 4489 } else if (AtomicRMWInst::isFPOperation(Op)) { 4490 Check(ElTy->isFPOrFPVectorTy() && !isa<ScalableVectorType>(ElTy), 4491 "atomicrmw " + AtomicRMWInst::getOperationName(Op) + 4492 " operand must have floating-point or fixed vector of floating-point " 4493 "type!", 4494 &RMWI, ElTy); 4495 } else { 4496 Check(ElTy->isIntegerTy(), 4497 "atomicrmw " + AtomicRMWInst::getOperationName(Op) + 4498 " operand must have integer type!", 4499 &RMWI, ElTy); 4500 } 4501 checkAtomicMemAccessSize(ElTy, &RMWI); 4502 Check(AtomicRMWInst::FIRST_BINOP <= Op && Op <= AtomicRMWInst::LAST_BINOP, 4503 "Invalid binary operation!", &RMWI); 4504 visitInstruction(RMWI); 4505 } 4506 4507 void Verifier::visitFenceInst(FenceInst &FI) { 4508 const AtomicOrdering Ordering = FI.getOrdering(); 4509 Check(Ordering == AtomicOrdering::Acquire || 4510 Ordering == AtomicOrdering::Release || 4511 Ordering == AtomicOrdering::AcquireRelease || 4512 Ordering == AtomicOrdering::SequentiallyConsistent, 4513 "fence instructions may only have acquire, release, acq_rel, or " 4514 "seq_cst ordering.", 4515 &FI); 4516 visitInstruction(FI); 4517 } 4518 4519 void Verifier::visitExtractValueInst(ExtractValueInst &EVI) { 4520 Check(ExtractValueInst::getIndexedType(EVI.getAggregateOperand()->getType(), 4521 EVI.getIndices()) == EVI.getType(), 4522 "Invalid ExtractValueInst operands!", &EVI); 4523 4524 visitInstruction(EVI); 4525 } 4526 4527 void Verifier::visitInsertValueInst(InsertValueInst &IVI) { 4528 Check(ExtractValueInst::getIndexedType(IVI.getAggregateOperand()->getType(), 4529 IVI.getIndices()) == 4530 IVI.getOperand(1)->getType(), 4531 "Invalid InsertValueInst operands!", &IVI); 4532 4533 visitInstruction(IVI); 4534 } 4535 4536 static Value *getParentPad(Value *EHPad) { 4537 if (auto *FPI = dyn_cast<FuncletPadInst>(EHPad)) 4538 return FPI->getParentPad(); 4539 4540 return cast<CatchSwitchInst>(EHPad)->getParentPad(); 4541 } 4542 4543 void Verifier::visitEHPadPredecessors(Instruction &I) { 4544 assert(I.isEHPad()); 4545 4546 BasicBlock *BB = I.getParent(); 4547 Function *F = BB->getParent(); 4548 4549 Check(BB != &F->getEntryBlock(), "EH pad cannot be in entry block.", &I); 4550 4551 if (auto *LPI = dyn_cast<LandingPadInst>(&I)) { 4552 // The landingpad instruction defines its parent as a landing pad block. The 4553 // landing pad block may be branched to only by the unwind edge of an 4554 // invoke. 4555 for (BasicBlock *PredBB : predecessors(BB)) { 4556 const auto *II = dyn_cast<InvokeInst>(PredBB->getTerminator()); 4557 Check(II && II->getUnwindDest() == BB && II->getNormalDest() != BB, 4558 "Block containing LandingPadInst must be jumped to " 4559 "only by the unwind edge of an invoke.", 4560 LPI); 4561 } 4562 return; 4563 } 4564 if (auto *CPI = dyn_cast<CatchPadInst>(&I)) { 4565 if (!pred_empty(BB)) 4566 Check(BB->getUniquePredecessor() == CPI->getCatchSwitch()->getParent(), 4567 "Block containg CatchPadInst must be jumped to " 4568 "only by its catchswitch.", 4569 CPI); 4570 Check(BB != CPI->getCatchSwitch()->getUnwindDest(), 4571 "Catchswitch cannot unwind to one of its catchpads", 4572 CPI->getCatchSwitch(), CPI); 4573 return; 4574 } 4575 4576 // Verify that each pred has a legal terminator with a legal to/from EH 4577 // pad relationship. 4578 Instruction *ToPad = &I; 4579 Value *ToPadParent = getParentPad(ToPad); 4580 for (BasicBlock *PredBB : predecessors(BB)) { 4581 Instruction *TI = PredBB->getTerminator(); 4582 Value *FromPad; 4583 if (auto *II = dyn_cast<InvokeInst>(TI)) { 4584 Check(II->getUnwindDest() == BB && II->getNormalDest() != BB, 4585 "EH pad must be jumped to via an unwind edge", ToPad, II); 4586 auto *CalledFn = 4587 dyn_cast<Function>(II->getCalledOperand()->stripPointerCasts()); 4588 if (CalledFn && CalledFn->isIntrinsic() && II->doesNotThrow() && 4589 !IntrinsicInst::mayLowerToFunctionCall(CalledFn->getIntrinsicID())) 4590 continue; 4591 if (auto Bundle = II->getOperandBundle(LLVMContext::OB_funclet)) 4592 FromPad = Bundle->Inputs[0]; 4593 else 4594 FromPad = ConstantTokenNone::get(II->getContext()); 4595 } else if (auto *CRI = dyn_cast<CleanupReturnInst>(TI)) { 4596 FromPad = CRI->getOperand(0); 4597 Check(FromPad != ToPadParent, "A cleanupret must exit its cleanup", CRI); 4598 } else if (auto *CSI = dyn_cast<CatchSwitchInst>(TI)) { 4599 FromPad = CSI; 4600 } else { 4601 Check(false, "EH pad must be jumped to via an unwind edge", ToPad, TI); 4602 } 4603 4604 // The edge may exit from zero or more nested pads. 4605 SmallSet<Value *, 8> Seen; 4606 for (;; FromPad = getParentPad(FromPad)) { 4607 Check(FromPad != ToPad, 4608 "EH pad cannot handle exceptions raised within it", FromPad, TI); 4609 if (FromPad == ToPadParent) { 4610 // This is a legal unwind edge. 4611 break; 4612 } 4613 Check(!isa<ConstantTokenNone>(FromPad), 4614 "A single unwind edge may only enter one EH pad", TI); 4615 Check(Seen.insert(FromPad).second, "EH pad jumps through a cycle of pads", 4616 FromPad); 4617 4618 // This will be diagnosed on the corresponding instruction already. We 4619 // need the extra check here to make sure getParentPad() works. 4620 Check(isa<FuncletPadInst>(FromPad) || isa<CatchSwitchInst>(FromPad), 4621 "Parent pad must be catchpad/cleanuppad/catchswitch", TI); 4622 } 4623 } 4624 } 4625 4626 void Verifier::visitLandingPadInst(LandingPadInst &LPI) { 4627 // The landingpad instruction is ill-formed if it doesn't have any clauses and 4628 // isn't a cleanup. 4629 Check(LPI.getNumClauses() > 0 || LPI.isCleanup(), 4630 "LandingPadInst needs at least one clause or to be a cleanup.", &LPI); 4631 4632 visitEHPadPredecessors(LPI); 4633 4634 if (!LandingPadResultTy) 4635 LandingPadResultTy = LPI.getType(); 4636 else 4637 Check(LandingPadResultTy == LPI.getType(), 4638 "The landingpad instruction should have a consistent result type " 4639 "inside a function.", 4640 &LPI); 4641 4642 Function *F = LPI.getParent()->getParent(); 4643 Check(F->hasPersonalityFn(), 4644 "LandingPadInst needs to be in a function with a personality.", &LPI); 4645 4646 // The landingpad instruction must be the first non-PHI instruction in the 4647 // block. 4648 Check(LPI.getParent()->getLandingPadInst() == &LPI, 4649 "LandingPadInst not the first non-PHI instruction in the block.", &LPI); 4650 4651 for (unsigned i = 0, e = LPI.getNumClauses(); i < e; ++i) { 4652 Constant *Clause = LPI.getClause(i); 4653 if (LPI.isCatch(i)) { 4654 Check(isa<PointerType>(Clause->getType()), 4655 "Catch operand does not have pointer type!", &LPI); 4656 } else { 4657 Check(LPI.isFilter(i), "Clause is neither catch nor filter!", &LPI); 4658 Check(isa<ConstantArray>(Clause) || isa<ConstantAggregateZero>(Clause), 4659 "Filter operand is not an array of constants!", &LPI); 4660 } 4661 } 4662 4663 visitInstruction(LPI); 4664 } 4665 4666 void Verifier::visitResumeInst(ResumeInst &RI) { 4667 Check(RI.getFunction()->hasPersonalityFn(), 4668 "ResumeInst needs to be in a function with a personality.", &RI); 4669 4670 if (!LandingPadResultTy) 4671 LandingPadResultTy = RI.getValue()->getType(); 4672 else 4673 Check(LandingPadResultTy == RI.getValue()->getType(), 4674 "The resume instruction should have a consistent result type " 4675 "inside a function.", 4676 &RI); 4677 4678 visitTerminator(RI); 4679 } 4680 4681 void Verifier::visitCatchPadInst(CatchPadInst &CPI) { 4682 BasicBlock *BB = CPI.getParent(); 4683 4684 Function *F = BB->getParent(); 4685 Check(F->hasPersonalityFn(), 4686 "CatchPadInst needs to be in a function with a personality.", &CPI); 4687 4688 Check(isa<CatchSwitchInst>(CPI.getParentPad()), 4689 "CatchPadInst needs to be directly nested in a CatchSwitchInst.", 4690 CPI.getParentPad()); 4691 4692 // The catchpad instruction must be the first non-PHI instruction in the 4693 // block. 4694 Check(&*BB->getFirstNonPHIIt() == &CPI, 4695 "CatchPadInst not the first non-PHI instruction in the block.", &CPI); 4696 4697 visitEHPadPredecessors(CPI); 4698 visitFuncletPadInst(CPI); 4699 } 4700 4701 void Verifier::visitCatchReturnInst(CatchReturnInst &CatchReturn) { 4702 Check(isa<CatchPadInst>(CatchReturn.getOperand(0)), 4703 "CatchReturnInst needs to be provided a CatchPad", &CatchReturn, 4704 CatchReturn.getOperand(0)); 4705 4706 visitTerminator(CatchReturn); 4707 } 4708 4709 void Verifier::visitCleanupPadInst(CleanupPadInst &CPI) { 4710 BasicBlock *BB = CPI.getParent(); 4711 4712 Function *F = BB->getParent(); 4713 Check(F->hasPersonalityFn(), 4714 "CleanupPadInst needs to be in a function with a personality.", &CPI); 4715 4716 // The cleanuppad instruction must be the first non-PHI instruction in the 4717 // block. 4718 Check(&*BB->getFirstNonPHIIt() == &CPI, 4719 "CleanupPadInst not the first non-PHI instruction in the block.", &CPI); 4720 4721 auto *ParentPad = CPI.getParentPad(); 4722 Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad), 4723 "CleanupPadInst has an invalid parent.", &CPI); 4724 4725 visitEHPadPredecessors(CPI); 4726 visitFuncletPadInst(CPI); 4727 } 4728 4729 void Verifier::visitFuncletPadInst(FuncletPadInst &FPI) { 4730 User *FirstUser = nullptr; 4731 Value *FirstUnwindPad = nullptr; 4732 SmallVector<FuncletPadInst *, 8> Worklist({&FPI}); 4733 SmallSet<FuncletPadInst *, 8> Seen; 4734 4735 while (!Worklist.empty()) { 4736 FuncletPadInst *CurrentPad = Worklist.pop_back_val(); 4737 Check(Seen.insert(CurrentPad).second, 4738 "FuncletPadInst must not be nested within itself", CurrentPad); 4739 Value *UnresolvedAncestorPad = nullptr; 4740 for (User *U : CurrentPad->users()) { 4741 BasicBlock *UnwindDest; 4742 if (auto *CRI = dyn_cast<CleanupReturnInst>(U)) { 4743 UnwindDest = CRI->getUnwindDest(); 4744 } else if (auto *CSI = dyn_cast<CatchSwitchInst>(U)) { 4745 // We allow catchswitch unwind to caller to nest 4746 // within an outer pad that unwinds somewhere else, 4747 // because catchswitch doesn't have a nounwind variant. 4748 // See e.g. SimplifyCFGOpt::SimplifyUnreachable. 4749 if (CSI->unwindsToCaller()) 4750 continue; 4751 UnwindDest = CSI->getUnwindDest(); 4752 } else if (auto *II = dyn_cast<InvokeInst>(U)) { 4753 UnwindDest = II->getUnwindDest(); 4754 } else if (isa<CallInst>(U)) { 4755 // Calls which don't unwind may be found inside funclet 4756 // pads that unwind somewhere else. We don't *require* 4757 // such calls to be annotated nounwind. 4758 continue; 4759 } else if (auto *CPI = dyn_cast<CleanupPadInst>(U)) { 4760 // The unwind dest for a cleanup can only be found by 4761 // recursive search. Add it to the worklist, and we'll 4762 // search for its first use that determines where it unwinds. 4763 Worklist.push_back(CPI); 4764 continue; 4765 } else { 4766 Check(isa<CatchReturnInst>(U), "Bogus funclet pad use", U); 4767 continue; 4768 } 4769 4770 Value *UnwindPad; 4771 bool ExitsFPI; 4772 if (UnwindDest) { 4773 UnwindPad = &*UnwindDest->getFirstNonPHIIt(); 4774 if (!cast<Instruction>(UnwindPad)->isEHPad()) 4775 continue; 4776 Value *UnwindParent = getParentPad(UnwindPad); 4777 // Ignore unwind edges that don't exit CurrentPad. 4778 if (UnwindParent == CurrentPad) 4779 continue; 4780 // Determine whether the original funclet pad is exited, 4781 // and if we are scanning nested pads determine how many 4782 // of them are exited so we can stop searching their 4783 // children. 4784 Value *ExitedPad = CurrentPad; 4785 ExitsFPI = false; 4786 do { 4787 if (ExitedPad == &FPI) { 4788 ExitsFPI = true; 4789 // Now we can resolve any ancestors of CurrentPad up to 4790 // FPI, but not including FPI since we need to make sure 4791 // to check all direct users of FPI for consistency. 4792 UnresolvedAncestorPad = &FPI; 4793 break; 4794 } 4795 Value *ExitedParent = getParentPad(ExitedPad); 4796 if (ExitedParent == UnwindParent) { 4797 // ExitedPad is the ancestor-most pad which this unwind 4798 // edge exits, so we can resolve up to it, meaning that 4799 // ExitedParent is the first ancestor still unresolved. 4800 UnresolvedAncestorPad = ExitedParent; 4801 break; 4802 } 4803 ExitedPad = ExitedParent; 4804 } while (!isa<ConstantTokenNone>(ExitedPad)); 4805 } else { 4806 // Unwinding to caller exits all pads. 4807 UnwindPad = ConstantTokenNone::get(FPI.getContext()); 4808 ExitsFPI = true; 4809 UnresolvedAncestorPad = &FPI; 4810 } 4811 4812 if (ExitsFPI) { 4813 // This unwind edge exits FPI. Make sure it agrees with other 4814 // such edges. 4815 if (FirstUser) { 4816 Check(UnwindPad == FirstUnwindPad, 4817 "Unwind edges out of a funclet " 4818 "pad must have the same unwind " 4819 "dest", 4820 &FPI, U, FirstUser); 4821 } else { 4822 FirstUser = U; 4823 FirstUnwindPad = UnwindPad; 4824 // Record cleanup sibling unwinds for verifySiblingFuncletUnwinds 4825 if (isa<CleanupPadInst>(&FPI) && !isa<ConstantTokenNone>(UnwindPad) && 4826 getParentPad(UnwindPad) == getParentPad(&FPI)) 4827 SiblingFuncletInfo[&FPI] = cast<Instruction>(U); 4828 } 4829 } 4830 // Make sure we visit all uses of FPI, but for nested pads stop as 4831 // soon as we know where they unwind to. 4832 if (CurrentPad != &FPI) 4833 break; 4834 } 4835 if (UnresolvedAncestorPad) { 4836 if (CurrentPad == UnresolvedAncestorPad) { 4837 // When CurrentPad is FPI itself, we don't mark it as resolved even if 4838 // we've found an unwind edge that exits it, because we need to verify 4839 // all direct uses of FPI. 4840 assert(CurrentPad == &FPI); 4841 continue; 4842 } 4843 // Pop off the worklist any nested pads that we've found an unwind 4844 // destination for. The pads on the worklist are the uncles, 4845 // great-uncles, etc. of CurrentPad. We've found an unwind destination 4846 // for all ancestors of CurrentPad up to but not including 4847 // UnresolvedAncestorPad. 4848 Value *ResolvedPad = CurrentPad; 4849 while (!Worklist.empty()) { 4850 Value *UnclePad = Worklist.back(); 4851 Value *AncestorPad = getParentPad(UnclePad); 4852 // Walk ResolvedPad up the ancestor list until we either find the 4853 // uncle's parent or the last resolved ancestor. 4854 while (ResolvedPad != AncestorPad) { 4855 Value *ResolvedParent = getParentPad(ResolvedPad); 4856 if (ResolvedParent == UnresolvedAncestorPad) { 4857 break; 4858 } 4859 ResolvedPad = ResolvedParent; 4860 } 4861 // If the resolved ancestor search didn't find the uncle's parent, 4862 // then the uncle is not yet resolved. 4863 if (ResolvedPad != AncestorPad) 4864 break; 4865 // This uncle is resolved, so pop it from the worklist. 4866 Worklist.pop_back(); 4867 } 4868 } 4869 } 4870 4871 if (FirstUnwindPad) { 4872 if (auto *CatchSwitch = dyn_cast<CatchSwitchInst>(FPI.getParentPad())) { 4873 BasicBlock *SwitchUnwindDest = CatchSwitch->getUnwindDest(); 4874 Value *SwitchUnwindPad; 4875 if (SwitchUnwindDest) 4876 SwitchUnwindPad = &*SwitchUnwindDest->getFirstNonPHIIt(); 4877 else 4878 SwitchUnwindPad = ConstantTokenNone::get(FPI.getContext()); 4879 Check(SwitchUnwindPad == FirstUnwindPad, 4880 "Unwind edges out of a catch must have the same unwind dest as " 4881 "the parent catchswitch", 4882 &FPI, FirstUser, CatchSwitch); 4883 } 4884 } 4885 4886 visitInstruction(FPI); 4887 } 4888 4889 void Verifier::visitCatchSwitchInst(CatchSwitchInst &CatchSwitch) { 4890 BasicBlock *BB = CatchSwitch.getParent(); 4891 4892 Function *F = BB->getParent(); 4893 Check(F->hasPersonalityFn(), 4894 "CatchSwitchInst needs to be in a function with a personality.", 4895 &CatchSwitch); 4896 4897 // The catchswitch instruction must be the first non-PHI instruction in the 4898 // block. 4899 Check(&*BB->getFirstNonPHIIt() == &CatchSwitch, 4900 "CatchSwitchInst not the first non-PHI instruction in the block.", 4901 &CatchSwitch); 4902 4903 auto *ParentPad = CatchSwitch.getParentPad(); 4904 Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad), 4905 "CatchSwitchInst has an invalid parent.", ParentPad); 4906 4907 if (BasicBlock *UnwindDest = CatchSwitch.getUnwindDest()) { 4908 BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt(); 4909 Check(I->isEHPad() && !isa<LandingPadInst>(I), 4910 "CatchSwitchInst must unwind to an EH block which is not a " 4911 "landingpad.", 4912 &CatchSwitch); 4913 4914 // Record catchswitch sibling unwinds for verifySiblingFuncletUnwinds 4915 if (getParentPad(&*I) == ParentPad) 4916 SiblingFuncletInfo[&CatchSwitch] = &CatchSwitch; 4917 } 4918 4919 Check(CatchSwitch.getNumHandlers() != 0, 4920 "CatchSwitchInst cannot have empty handler list", &CatchSwitch); 4921 4922 for (BasicBlock *Handler : CatchSwitch.handlers()) { 4923 Check(isa<CatchPadInst>(Handler->getFirstNonPHIIt()), 4924 "CatchSwitchInst handlers must be catchpads", &CatchSwitch, Handler); 4925 } 4926 4927 visitEHPadPredecessors(CatchSwitch); 4928 visitTerminator(CatchSwitch); 4929 } 4930 4931 void Verifier::visitCleanupReturnInst(CleanupReturnInst &CRI) { 4932 Check(isa<CleanupPadInst>(CRI.getOperand(0)), 4933 "CleanupReturnInst needs to be provided a CleanupPad", &CRI, 4934 CRI.getOperand(0)); 4935 4936 if (BasicBlock *UnwindDest = CRI.getUnwindDest()) { 4937 BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt(); 4938 Check(I->isEHPad() && !isa<LandingPadInst>(I), 4939 "CleanupReturnInst must unwind to an EH block which is not a " 4940 "landingpad.", 4941 &CRI); 4942 } 4943 4944 visitTerminator(CRI); 4945 } 4946 4947 void Verifier::verifyDominatesUse(Instruction &I, unsigned i) { 4948 Instruction *Op = cast<Instruction>(I.getOperand(i)); 4949 // If the we have an invalid invoke, don't try to compute the dominance. 4950 // We already reject it in the invoke specific checks and the dominance 4951 // computation doesn't handle multiple edges. 4952 if (InvokeInst *II = dyn_cast<InvokeInst>(Op)) { 4953 if (II->getNormalDest() == II->getUnwindDest()) 4954 return; 4955 } 4956 4957 // Quick check whether the def has already been encountered in the same block. 4958 // PHI nodes are not checked to prevent accepting preceding PHIs, because PHI 4959 // uses are defined to happen on the incoming edge, not at the instruction. 4960 // 4961 // FIXME: If this operand is a MetadataAsValue (wrapping a LocalAsMetadata) 4962 // wrapping an SSA value, assert that we've already encountered it. See 4963 // related FIXME in Mapper::mapLocalAsMetadata in ValueMapper.cpp. 4964 if (!isa<PHINode>(I) && InstsInThisBlock.count(Op)) 4965 return; 4966 4967 const Use &U = I.getOperandUse(i); 4968 Check(DT.dominates(Op, U), "Instruction does not dominate all uses!", Op, &I); 4969 } 4970 4971 void Verifier::visitDereferenceableMetadata(Instruction& I, MDNode* MD) { 4972 Check(I.getType()->isPointerTy(), 4973 "dereferenceable, dereferenceable_or_null " 4974 "apply only to pointer types", 4975 &I); 4976 Check((isa<LoadInst>(I) || isa<IntToPtrInst>(I)), 4977 "dereferenceable, dereferenceable_or_null apply only to load" 4978 " and inttoptr instructions, use attributes for calls or invokes", 4979 &I); 4980 Check(MD->getNumOperands() == 1, 4981 "dereferenceable, dereferenceable_or_null " 4982 "take one operand!", 4983 &I); 4984 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD->getOperand(0)); 4985 Check(CI && CI->getType()->isIntegerTy(64), 4986 "dereferenceable, " 4987 "dereferenceable_or_null metadata value must be an i64!", 4988 &I); 4989 } 4990 4991 void Verifier::visitProfMetadata(Instruction &I, MDNode *MD) { 4992 auto GetBranchingTerminatorNumOperands = [&]() { 4993 unsigned ExpectedNumOperands = 0; 4994 if (BranchInst *BI = dyn_cast<BranchInst>(&I)) 4995 ExpectedNumOperands = BI->getNumSuccessors(); 4996 else if (SwitchInst *SI = dyn_cast<SwitchInst>(&I)) 4997 ExpectedNumOperands = SI->getNumSuccessors(); 4998 else if (isa<CallInst>(&I)) 4999 ExpectedNumOperands = 1; 5000 else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(&I)) 5001 ExpectedNumOperands = IBI->getNumDestinations(); 5002 else if (isa<SelectInst>(&I)) 5003 ExpectedNumOperands = 2; 5004 else if (CallBrInst *CI = dyn_cast<CallBrInst>(&I)) 5005 ExpectedNumOperands = CI->getNumSuccessors(); 5006 return ExpectedNumOperands; 5007 }; 5008 Check(MD->getNumOperands() >= 1, 5009 "!prof annotations should have at least 1 operand", MD); 5010 // Check first operand. 5011 Check(MD->getOperand(0) != nullptr, "first operand should not be null", MD); 5012 Check(isa<MDString>(MD->getOperand(0)), 5013 "expected string with name of the !prof annotation", MD); 5014 MDString *MDS = cast<MDString>(MD->getOperand(0)); 5015 StringRef ProfName = MDS->getString(); 5016 5017 if (ProfName == MDProfLabels::UnknownBranchWeightsMarker) { 5018 Check(GetBranchingTerminatorNumOperands() != 0 || isa<InvokeInst>(I), 5019 "'unknown' !prof should only appear on instructions on which " 5020 "'branch_weights' would", 5021 MD); 5022 Check(MD->getNumOperands() == 1, 5023 "'unknown' !prof should have no additional operands", MD); 5024 return; 5025 } 5026 5027 Check(MD->getNumOperands() >= 2, 5028 "!prof annotations should have no less than 2 operands", MD); 5029 5030 // Check consistency of !prof branch_weights metadata. 5031 if (ProfName == MDProfLabels::BranchWeights) { 5032 unsigned NumBranchWeights = getNumBranchWeights(*MD); 5033 if (isa<InvokeInst>(&I)) { 5034 Check(NumBranchWeights == 1 || NumBranchWeights == 2, 5035 "Wrong number of InvokeInst branch_weights operands", MD); 5036 } else { 5037 const unsigned ExpectedNumOperands = GetBranchingTerminatorNumOperands(); 5038 if (ExpectedNumOperands == 0) 5039 CheckFailed("!prof branch_weights are not allowed for this instruction", 5040 MD); 5041 5042 Check(NumBranchWeights == ExpectedNumOperands, "Wrong number of operands", 5043 MD); 5044 } 5045 for (unsigned i = getBranchWeightOffset(MD); i < MD->getNumOperands(); 5046 ++i) { 5047 auto &MDO = MD->getOperand(i); 5048 Check(MDO, "second operand should not be null", MD); 5049 Check(mdconst::dyn_extract<ConstantInt>(MDO), 5050 "!prof brunch_weights operand is not a const int"); 5051 } 5052 } else if (ProfName == MDProfLabels::ValueProfile) { 5053 Check(isValueProfileMD(MD), "invalid value profiling metadata", MD); 5054 ConstantInt *KindInt = mdconst::dyn_extract<ConstantInt>(MD->getOperand(1)); 5055 Check(KindInt, "VP !prof missing kind argument", MD); 5056 5057 auto Kind = KindInt->getZExtValue(); 5058 Check(Kind >= InstrProfValueKind::IPVK_First && 5059 Kind <= InstrProfValueKind::IPVK_Last, 5060 "Invalid VP !prof kind", MD); 5061 Check(MD->getNumOperands() % 2 == 1, 5062 "VP !prof should have an even number " 5063 "of arguments after 'VP'", 5064 MD); 5065 if (Kind == InstrProfValueKind::IPVK_IndirectCallTarget || 5066 Kind == InstrProfValueKind::IPVK_MemOPSize) 5067 Check(isa<CallBase>(I), 5068 "VP !prof indirect call or memop size expected to be applied to " 5069 "CallBase instructions only", 5070 MD); 5071 } else { 5072 CheckFailed("expected either branch_weights or VP profile name", MD); 5073 } 5074 } 5075 5076 void Verifier::visitDIAssignIDMetadata(Instruction &I, MDNode *MD) { 5077 assert(I.hasMetadata(LLVMContext::MD_DIAssignID)); 5078 // DIAssignID metadata must be attached to either an alloca or some form of 5079 // store/memory-writing instruction. 5080 // FIXME: We allow all intrinsic insts here to avoid trying to enumerate all 5081 // possible store intrinsics. 5082 bool ExpectedInstTy = 5083 isa<AllocaInst>(I) || isa<StoreInst>(I) || isa<IntrinsicInst>(I); 5084 CheckDI(ExpectedInstTy, "!DIAssignID attached to unexpected instruction kind", 5085 I, MD); 5086 // Iterate over the MetadataAsValue uses of the DIAssignID - these should 5087 // only be found as DbgAssignIntrinsic operands. 5088 if (auto *AsValue = MetadataAsValue::getIfExists(Context, MD)) { 5089 for (auto *User : AsValue->users()) { 5090 CheckDI(isa<DbgAssignIntrinsic>(User), 5091 "!DIAssignID should only be used by llvm.dbg.assign intrinsics", 5092 MD, User); 5093 // All of the dbg.assign intrinsics should be in the same function as I. 5094 if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(User)) 5095 CheckDI(DAI->getFunction() == I.getFunction(), 5096 "dbg.assign not in same function as inst", DAI, &I); 5097 } 5098 } 5099 for (DbgVariableRecord *DVR : 5100 cast<DIAssignID>(MD)->getAllDbgVariableRecordUsers()) { 5101 CheckDI(DVR->isDbgAssign(), 5102 "!DIAssignID should only be used by Assign DVRs.", MD, DVR); 5103 CheckDI(DVR->getFunction() == I.getFunction(), 5104 "DVRAssign not in same function as inst", DVR, &I); 5105 } 5106 } 5107 5108 void Verifier::visitMMRAMetadata(Instruction &I, MDNode *MD) { 5109 Check(canInstructionHaveMMRAs(I), 5110 "!mmra metadata attached to unexpected instruction kind", I, MD); 5111 5112 // MMRA Metadata should either be a tag, e.g. !{!"foo", !"bar"}, or a 5113 // list of tags such as !2 in the following example: 5114 // !0 = !{!"a", !"b"} 5115 // !1 = !{!"c", !"d"} 5116 // !2 = !{!0, !1} 5117 if (MMRAMetadata::isTagMD(MD)) 5118 return; 5119 5120 Check(isa<MDTuple>(MD), "!mmra expected to be a metadata tuple", I, MD); 5121 for (const MDOperand &MDOp : MD->operands()) 5122 Check(MMRAMetadata::isTagMD(MDOp.get()), 5123 "!mmra metadata tuple operand is not an MMRA tag", I, MDOp.get()); 5124 } 5125 5126 void Verifier::visitCallStackMetadata(MDNode *MD) { 5127 // Call stack metadata should consist of a list of at least 1 constant int 5128 // (representing a hash of the location). 5129 Check(MD->getNumOperands() >= 1, 5130 "call stack metadata should have at least 1 operand", MD); 5131 5132 for (const auto &Op : MD->operands()) 5133 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op), 5134 "call stack metadata operand should be constant integer", Op); 5135 } 5136 5137 void Verifier::visitMemProfMetadata(Instruction &I, MDNode *MD) { 5138 Check(isa<CallBase>(I), "!memprof metadata should only exist on calls", &I); 5139 Check(MD->getNumOperands() >= 1, 5140 "!memprof annotations should have at least 1 metadata operand " 5141 "(MemInfoBlock)", 5142 MD); 5143 5144 // Check each MIB 5145 for (auto &MIBOp : MD->operands()) { 5146 MDNode *MIB = dyn_cast<MDNode>(MIBOp); 5147 // The first operand of an MIB should be the call stack metadata. 5148 // There rest of the operands should be MDString tags, and there should be 5149 // at least one. 5150 Check(MIB->getNumOperands() >= 2, 5151 "Each !memprof MemInfoBlock should have at least 2 operands", MIB); 5152 5153 // Check call stack metadata (first operand). 5154 Check(MIB->getOperand(0) != nullptr, 5155 "!memprof MemInfoBlock first operand should not be null", MIB); 5156 Check(isa<MDNode>(MIB->getOperand(0)), 5157 "!memprof MemInfoBlock first operand should be an MDNode", MIB); 5158 MDNode *StackMD = dyn_cast<MDNode>(MIB->getOperand(0)); 5159 visitCallStackMetadata(StackMD); 5160 5161 // The next set of 1 or more operands should be MDString. 5162 unsigned I = 1; 5163 for (; I < MIB->getNumOperands(); ++I) { 5164 if (!isa<MDString>(MIB->getOperand(I))) { 5165 Check(I > 1, 5166 "!memprof MemInfoBlock second operand should be an MDString", 5167 MIB); 5168 break; 5169 } 5170 } 5171 5172 // Any remaining should be MDNode that are pairs of integers 5173 for (; I < MIB->getNumOperands(); ++I) { 5174 MDNode *OpNode = dyn_cast<MDNode>(MIB->getOperand(I)); 5175 Check(OpNode, "Not all !memprof MemInfoBlock operands 2 to N are MDNode", 5176 MIB); 5177 Check(OpNode->getNumOperands() == 2, 5178 "Not all !memprof MemInfoBlock operands 2 to N are MDNode with 2 " 5179 "operands", 5180 MIB); 5181 // Check that all of Op's operands are ConstantInt. 5182 Check(llvm::all_of(OpNode->operands(), 5183 [](const MDOperand &Op) { 5184 return mdconst::hasa<ConstantInt>(Op); 5185 }), 5186 "Not all !memprof MemInfoBlock operands 2 to N are MDNode with " 5187 "ConstantInt operands", 5188 MIB); 5189 } 5190 } 5191 } 5192 5193 void Verifier::visitCallsiteMetadata(Instruction &I, MDNode *MD) { 5194 Check(isa<CallBase>(I), "!callsite metadata should only exist on calls", &I); 5195 // Verify the partial callstack annotated from memprof profiles. This callsite 5196 // is a part of a profiled allocation callstack. 5197 visitCallStackMetadata(MD); 5198 } 5199 5200 void Verifier::visitAnnotationMetadata(MDNode *Annotation) { 5201 Check(isa<MDTuple>(Annotation), "annotation must be a tuple"); 5202 Check(Annotation->getNumOperands() >= 1, 5203 "annotation must have at least one operand"); 5204 for (const MDOperand &Op : Annotation->operands()) { 5205 bool TupleOfStrings = 5206 isa<MDTuple>(Op.get()) && 5207 all_of(cast<MDTuple>(Op)->operands(), [](auto &Annotation) { 5208 return isa<MDString>(Annotation.get()); 5209 }); 5210 Check(isa<MDString>(Op.get()) || TupleOfStrings, 5211 "operands must be a string or a tuple of strings"); 5212 } 5213 } 5214 5215 void Verifier::visitAliasScopeMetadata(const MDNode *MD) { 5216 unsigned NumOps = MD->getNumOperands(); 5217 Check(NumOps >= 2 && NumOps <= 3, "scope must have two or three operands", 5218 MD); 5219 Check(MD->getOperand(0).get() == MD || isa<MDString>(MD->getOperand(0)), 5220 "first scope operand must be self-referential or string", MD); 5221 if (NumOps == 3) 5222 Check(isa<MDString>(MD->getOperand(2)), 5223 "third scope operand must be string (if used)", MD); 5224 5225 MDNode *Domain = dyn_cast<MDNode>(MD->getOperand(1)); 5226 Check(Domain != nullptr, "second scope operand must be MDNode", MD); 5227 5228 unsigned NumDomainOps = Domain->getNumOperands(); 5229 Check(NumDomainOps >= 1 && NumDomainOps <= 2, 5230 "domain must have one or two operands", Domain); 5231 Check(Domain->getOperand(0).get() == Domain || 5232 isa<MDString>(Domain->getOperand(0)), 5233 "first domain operand must be self-referential or string", Domain); 5234 if (NumDomainOps == 2) 5235 Check(isa<MDString>(Domain->getOperand(1)), 5236 "second domain operand must be string (if used)", Domain); 5237 } 5238 5239 void Verifier::visitAliasScopeListMetadata(const MDNode *MD) { 5240 for (const MDOperand &Op : MD->operands()) { 5241 const MDNode *OpMD = dyn_cast<MDNode>(Op); 5242 Check(OpMD != nullptr, "scope list must consist of MDNodes", MD); 5243 visitAliasScopeMetadata(OpMD); 5244 } 5245 } 5246 5247 void Verifier::visitAccessGroupMetadata(const MDNode *MD) { 5248 auto IsValidAccessScope = [](const MDNode *MD) { 5249 return MD->getNumOperands() == 0 && MD->isDistinct(); 5250 }; 5251 5252 // It must be either an access scope itself... 5253 if (IsValidAccessScope(MD)) 5254 return; 5255 5256 // ...or a list of access scopes. 5257 for (const MDOperand &Op : MD->operands()) { 5258 const MDNode *OpMD = dyn_cast<MDNode>(Op); 5259 Check(OpMD != nullptr, "Access scope list must consist of MDNodes", MD); 5260 Check(IsValidAccessScope(OpMD), 5261 "Access scope list contains invalid access scope", MD); 5262 } 5263 } 5264 5265 /// verifyInstruction - Verify that an instruction is well formed. 5266 /// 5267 void Verifier::visitInstruction(Instruction &I) { 5268 BasicBlock *BB = I.getParent(); 5269 Check(BB, "Instruction not embedded in basic block!", &I); 5270 5271 if (!isa<PHINode>(I)) { // Check that non-phi nodes are not self referential 5272 for (User *U : I.users()) { 5273 Check(U != (User *)&I || !DT.isReachableFromEntry(BB), 5274 "Only PHI nodes may reference their own value!", &I); 5275 } 5276 } 5277 5278 // Check that void typed values don't have names 5279 Check(!I.getType()->isVoidTy() || !I.hasName(), 5280 "Instruction has a name, but provides a void value!", &I); 5281 5282 // Check that the return value of the instruction is either void or a legal 5283 // value type. 5284 Check(I.getType()->isVoidTy() || I.getType()->isFirstClassType(), 5285 "Instruction returns a non-scalar type!", &I); 5286 5287 // Check that the instruction doesn't produce metadata. Calls are already 5288 // checked against the callee type. 5289 Check(!I.getType()->isMetadataTy() || isa<CallInst>(I) || isa<InvokeInst>(I), 5290 "Invalid use of metadata!", &I); 5291 5292 // Check that all uses of the instruction, if they are instructions 5293 // themselves, actually have parent basic blocks. If the use is not an 5294 // instruction, it is an error! 5295 for (Use &U : I.uses()) { 5296 if (Instruction *Used = dyn_cast<Instruction>(U.getUser())) 5297 Check(Used->getParent() != nullptr, 5298 "Instruction referencing" 5299 " instruction not embedded in a basic block!", 5300 &I, Used); 5301 else { 5302 CheckFailed("Use of instruction is not an instruction!", U); 5303 return; 5304 } 5305 } 5306 5307 // Get a pointer to the call base of the instruction if it is some form of 5308 // call. 5309 const CallBase *CBI = dyn_cast<CallBase>(&I); 5310 5311 for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i) { 5312 Check(I.getOperand(i) != nullptr, "Instruction has null operand!", &I); 5313 5314 // Check to make sure that only first-class-values are operands to 5315 // instructions. 5316 if (!I.getOperand(i)->getType()->isFirstClassType()) { 5317 Check(false, "Instruction operands must be first-class values!", &I); 5318 } 5319 5320 if (Function *F = dyn_cast<Function>(I.getOperand(i))) { 5321 // This code checks whether the function is used as the operand of a 5322 // clang_arc_attachedcall operand bundle. 5323 auto IsAttachedCallOperand = [](Function *F, const CallBase *CBI, 5324 int Idx) { 5325 return CBI && CBI->isOperandBundleOfType( 5326 LLVMContext::OB_clang_arc_attachedcall, Idx); 5327 }; 5328 5329 // Check to make sure that the "address of" an intrinsic function is never 5330 // taken. Ignore cases where the address of the intrinsic function is used 5331 // as the argument of operand bundle "clang.arc.attachedcall" as those 5332 // cases are handled in verifyAttachedCallBundle. 5333 Check((!F->isIntrinsic() || 5334 (CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i)) || 5335 IsAttachedCallOperand(F, CBI, i)), 5336 "Cannot take the address of an intrinsic!", &I); 5337 Check(!F->isIntrinsic() || isa<CallInst>(I) || 5338 F->getIntrinsicID() == Intrinsic::donothing || 5339 F->getIntrinsicID() == Intrinsic::seh_try_begin || 5340 F->getIntrinsicID() == Intrinsic::seh_try_end || 5341 F->getIntrinsicID() == Intrinsic::seh_scope_begin || 5342 F->getIntrinsicID() == Intrinsic::seh_scope_end || 5343 F->getIntrinsicID() == Intrinsic::coro_resume || 5344 F->getIntrinsicID() == Intrinsic::coro_destroy || 5345 F->getIntrinsicID() == Intrinsic::coro_await_suspend_void || 5346 F->getIntrinsicID() == Intrinsic::coro_await_suspend_bool || 5347 F->getIntrinsicID() == Intrinsic::coro_await_suspend_handle || 5348 F->getIntrinsicID() == 5349 Intrinsic::experimental_patchpoint_void || 5350 F->getIntrinsicID() == Intrinsic::experimental_patchpoint || 5351 F->getIntrinsicID() == Intrinsic::fake_use || 5352 F->getIntrinsicID() == Intrinsic::experimental_gc_statepoint || 5353 F->getIntrinsicID() == Intrinsic::wasm_throw || 5354 F->getIntrinsicID() == Intrinsic::wasm_rethrow || 5355 IsAttachedCallOperand(F, CBI, i), 5356 "Cannot invoke an intrinsic other than donothing, patchpoint, " 5357 "statepoint, coro_resume, coro_destroy, clang.arc.attachedcall or " 5358 "wasm.(re)throw", 5359 &I); 5360 Check(F->getParent() == &M, "Referencing function in another module!", &I, 5361 &M, F, F->getParent()); 5362 } else if (BasicBlock *OpBB = dyn_cast<BasicBlock>(I.getOperand(i))) { 5363 Check(OpBB->getParent() == BB->getParent(), 5364 "Referring to a basic block in another function!", &I); 5365 } else if (Argument *OpArg = dyn_cast<Argument>(I.getOperand(i))) { 5366 Check(OpArg->getParent() == BB->getParent(), 5367 "Referring to an argument in another function!", &I); 5368 } else if (GlobalValue *GV = dyn_cast<GlobalValue>(I.getOperand(i))) { 5369 Check(GV->getParent() == &M, "Referencing global in another module!", &I, 5370 &M, GV, GV->getParent()); 5371 } else if (Instruction *OpInst = dyn_cast<Instruction>(I.getOperand(i))) { 5372 Check(OpInst->getFunction() == BB->getParent(), 5373 "Referring to an instruction in another function!", &I); 5374 verifyDominatesUse(I, i); 5375 } else if (isa<InlineAsm>(I.getOperand(i))) { 5376 Check(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i), 5377 "Cannot take the address of an inline asm!", &I); 5378 } else if (auto *CPA = dyn_cast<ConstantPtrAuth>(I.getOperand(i))) { 5379 visitConstantExprsRecursively(CPA); 5380 } else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(I.getOperand(i))) { 5381 if (CE->getType()->isPtrOrPtrVectorTy()) { 5382 // If we have a ConstantExpr pointer, we need to see if it came from an 5383 // illegal bitcast. 5384 visitConstantExprsRecursively(CE); 5385 } 5386 } 5387 } 5388 5389 if (MDNode *MD = I.getMetadata(LLVMContext::MD_fpmath)) { 5390 Check(I.getType()->isFPOrFPVectorTy(), 5391 "fpmath requires a floating point result!", &I); 5392 Check(MD->getNumOperands() == 1, "fpmath takes one operand!", &I); 5393 if (ConstantFP *CFP0 = 5394 mdconst::dyn_extract_or_null<ConstantFP>(MD->getOperand(0))) { 5395 const APFloat &Accuracy = CFP0->getValueAPF(); 5396 Check(&Accuracy.getSemantics() == &APFloat::IEEEsingle(), 5397 "fpmath accuracy must have float type", &I); 5398 Check(Accuracy.isFiniteNonZero() && !Accuracy.isNegative(), 5399 "fpmath accuracy not a positive number!", &I); 5400 } else { 5401 Check(false, "invalid fpmath accuracy!", &I); 5402 } 5403 } 5404 5405 if (MDNode *Range = I.getMetadata(LLVMContext::MD_range)) { 5406 Check(isa<LoadInst>(I) || isa<CallInst>(I) || isa<InvokeInst>(I), 5407 "Ranges are only for loads, calls and invokes!", &I); 5408 visitRangeMetadata(I, Range, I.getType()); 5409 } 5410 5411 if (MDNode *Range = I.getMetadata(LLVMContext::MD_noalias_addrspace)) { 5412 Check(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<AtomicRMWInst>(I) || 5413 isa<AtomicCmpXchgInst>(I) || isa<CallInst>(I), 5414 "noalias.addrspace are only for memory operations!", &I); 5415 visitNoaliasAddrspaceMetadata(I, Range, I.getType()); 5416 } 5417 5418 if (I.hasMetadata(LLVMContext::MD_invariant_group)) { 5419 Check(isa<LoadInst>(I) || isa<StoreInst>(I), 5420 "invariant.group metadata is only for loads and stores", &I); 5421 } 5422 5423 if (MDNode *MD = I.getMetadata(LLVMContext::MD_nonnull)) { 5424 Check(I.getType()->isPointerTy(), "nonnull applies only to pointer types", 5425 &I); 5426 Check(isa<LoadInst>(I), 5427 "nonnull applies only to load instructions, use attributes" 5428 " for calls or invokes", 5429 &I); 5430 Check(MD->getNumOperands() == 0, "nonnull metadata must be empty", &I); 5431 } 5432 5433 if (MDNode *MD = I.getMetadata(LLVMContext::MD_dereferenceable)) 5434 visitDereferenceableMetadata(I, MD); 5435 5436 if (MDNode *MD = I.getMetadata(LLVMContext::MD_dereferenceable_or_null)) 5437 visitDereferenceableMetadata(I, MD); 5438 5439 if (MDNode *TBAA = I.getMetadata(LLVMContext::MD_tbaa)) 5440 TBAAVerifyHelper.visitTBAAMetadata(I, TBAA); 5441 5442 if (MDNode *MD = I.getMetadata(LLVMContext::MD_noalias)) 5443 visitAliasScopeListMetadata(MD); 5444 if (MDNode *MD = I.getMetadata(LLVMContext::MD_alias_scope)) 5445 visitAliasScopeListMetadata(MD); 5446 5447 if (MDNode *MD = I.getMetadata(LLVMContext::MD_access_group)) 5448 visitAccessGroupMetadata(MD); 5449 5450 if (MDNode *AlignMD = I.getMetadata(LLVMContext::MD_align)) { 5451 Check(I.getType()->isPointerTy(), "align applies only to pointer types", 5452 &I); 5453 Check(isa<LoadInst>(I), 5454 "align applies only to load instructions, " 5455 "use attributes for calls or invokes", 5456 &I); 5457 Check(AlignMD->getNumOperands() == 1, "align takes one operand!", &I); 5458 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(AlignMD->getOperand(0)); 5459 Check(CI && CI->getType()->isIntegerTy(64), 5460 "align metadata value must be an i64!", &I); 5461 uint64_t Align = CI->getZExtValue(); 5462 Check(isPowerOf2_64(Align), "align metadata value must be a power of 2!", 5463 &I); 5464 Check(Align <= Value::MaximumAlignment, 5465 "alignment is larger that implementation defined limit", &I); 5466 } 5467 5468 if (MDNode *MD = I.getMetadata(LLVMContext::MD_prof)) 5469 visitProfMetadata(I, MD); 5470 5471 if (MDNode *MD = I.getMetadata(LLVMContext::MD_memprof)) 5472 visitMemProfMetadata(I, MD); 5473 5474 if (MDNode *MD = I.getMetadata(LLVMContext::MD_callsite)) 5475 visitCallsiteMetadata(I, MD); 5476 5477 if (MDNode *MD = I.getMetadata(LLVMContext::MD_DIAssignID)) 5478 visitDIAssignIDMetadata(I, MD); 5479 5480 if (MDNode *MMRA = I.getMetadata(LLVMContext::MD_mmra)) 5481 visitMMRAMetadata(I, MMRA); 5482 5483 if (MDNode *Annotation = I.getMetadata(LLVMContext::MD_annotation)) 5484 visitAnnotationMetadata(Annotation); 5485 5486 if (MDNode *N = I.getDebugLoc().getAsMDNode()) { 5487 CheckDI(isa<DILocation>(N), "invalid !dbg metadata attachment", &I, N); 5488 visitMDNode(*N, AreDebugLocsAllowed::Yes); 5489 5490 if (auto *DL = dyn_cast<DILocation>(N)) { 5491 if (DL->getAtomGroup()) { 5492 CheckDI(DL->getScope()->getSubprogram()->getKeyInstructionsEnabled(), 5493 "DbgLoc uses atomGroup but DISubprogram doesn't have Key " 5494 "Instructions enabled", 5495 DL, DL->getScope()->getSubprogram()); 5496 } 5497 } 5498 } 5499 5500 if (auto *DII = dyn_cast<DbgVariableIntrinsic>(&I)) { 5501 verifyFragmentExpression(*DII); 5502 verifyNotEntryValue(*DII); 5503 } 5504 5505 SmallVector<std::pair<unsigned, MDNode *>, 4> MDs; 5506 I.getAllMetadata(MDs); 5507 for (auto Attachment : MDs) { 5508 unsigned Kind = Attachment.first; 5509 auto AllowLocs = 5510 (Kind == LLVMContext::MD_dbg || Kind == LLVMContext::MD_loop) 5511 ? AreDebugLocsAllowed::Yes 5512 : AreDebugLocsAllowed::No; 5513 visitMDNode(*Attachment.second, AllowLocs); 5514 } 5515 5516 InstsInThisBlock.insert(&I); 5517 } 5518 5519 /// Allow intrinsics to be verified in different ways. 5520 void Verifier::visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call) { 5521 Function *IF = Call.getCalledFunction(); 5522 Check(IF->isDeclaration(), "Intrinsic functions should never be defined!", 5523 IF); 5524 5525 // Verify that the intrinsic prototype lines up with what the .td files 5526 // describe. 5527 FunctionType *IFTy = IF->getFunctionType(); 5528 bool IsVarArg = IFTy->isVarArg(); 5529 5530 SmallVector<Intrinsic::IITDescriptor, 8> Table; 5531 getIntrinsicInfoTableEntries(ID, Table); 5532 ArrayRef<Intrinsic::IITDescriptor> TableRef = Table; 5533 5534 // Walk the descriptors to extract overloaded types. 5535 SmallVector<Type *, 4> ArgTys; 5536 Intrinsic::MatchIntrinsicTypesResult Res = 5537 Intrinsic::matchIntrinsicSignature(IFTy, TableRef, ArgTys); 5538 Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchRet, 5539 "Intrinsic has incorrect return type!", IF); 5540 Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchArg, 5541 "Intrinsic has incorrect argument type!", IF); 5542 5543 // Verify if the intrinsic call matches the vararg property. 5544 if (IsVarArg) 5545 Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef), 5546 "Intrinsic was not defined with variable arguments!", IF); 5547 else 5548 Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef), 5549 "Callsite was not defined with variable arguments!", IF); 5550 5551 // All descriptors should be absorbed by now. 5552 Check(TableRef.empty(), "Intrinsic has too few arguments!", IF); 5553 5554 // Now that we have the intrinsic ID and the actual argument types (and we 5555 // know they are legal for the intrinsic!) get the intrinsic name through the 5556 // usual means. This allows us to verify the mangling of argument types into 5557 // the name. 5558 const std::string ExpectedName = 5559 Intrinsic::getName(ID, ArgTys, IF->getParent(), IFTy); 5560 Check(ExpectedName == IF->getName(), 5561 "Intrinsic name not mangled correctly for type arguments! " 5562 "Should be: " + 5563 ExpectedName, 5564 IF); 5565 5566 // If the intrinsic takes MDNode arguments, verify that they are either global 5567 // or are local to *this* function. 5568 for (Value *V : Call.args()) { 5569 if (auto *MD = dyn_cast<MetadataAsValue>(V)) 5570 visitMetadataAsValue(*MD, Call.getCaller()); 5571 if (auto *Const = dyn_cast<Constant>(V)) 5572 Check(!Const->getType()->isX86_AMXTy(), 5573 "const x86_amx is not allowed in argument!"); 5574 } 5575 5576 switch (ID) { 5577 default: 5578 break; 5579 case Intrinsic::assume: { 5580 for (auto &Elem : Call.bundle_op_infos()) { 5581 unsigned ArgCount = Elem.End - Elem.Begin; 5582 // Separate storage assumptions are special insofar as they're the only 5583 // operand bundles allowed on assumes that aren't parameter attributes. 5584 if (Elem.Tag->getKey() == "separate_storage") { 5585 Check(ArgCount == 2, 5586 "separate_storage assumptions should have 2 arguments", Call); 5587 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy() && 5588 Call.getOperand(Elem.Begin + 1)->getType()->isPointerTy(), 5589 "arguments to separate_storage assumptions should be pointers", 5590 Call); 5591 continue; 5592 } 5593 Check(Elem.Tag->getKey() == "ignore" || 5594 Attribute::isExistingAttribute(Elem.Tag->getKey()), 5595 "tags must be valid attribute names", Call); 5596 Attribute::AttrKind Kind = 5597 Attribute::getAttrKindFromName(Elem.Tag->getKey()); 5598 if (Kind == Attribute::Alignment) { 5599 Check(ArgCount <= 3 && ArgCount >= 2, 5600 "alignment assumptions should have 2 or 3 arguments", Call); 5601 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(), 5602 "first argument should be a pointer", Call); 5603 Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(), 5604 "second argument should be an integer", Call); 5605 if (ArgCount == 3) 5606 Check(Call.getOperand(Elem.Begin + 2)->getType()->isIntegerTy(), 5607 "third argument should be an integer if present", Call); 5608 continue; 5609 } 5610 if (Kind == Attribute::Dereferenceable) { 5611 Check(ArgCount == 2, 5612 "dereferenceable assumptions should have 2 arguments", Call); 5613 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(), 5614 "first argument should be a pointer", Call); 5615 Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(), 5616 "second argument should be an integer", Call); 5617 continue; 5618 } 5619 Check(ArgCount <= 2, "too many arguments", Call); 5620 if (Kind == Attribute::None) 5621 break; 5622 if (Attribute::isIntAttrKind(Kind)) { 5623 Check(ArgCount == 2, "this attribute should have 2 arguments", Call); 5624 Check(isa<ConstantInt>(Call.getOperand(Elem.Begin + 1)), 5625 "the second argument should be a constant integral value", Call); 5626 } else if (Attribute::canUseAsParamAttr(Kind)) { 5627 Check((ArgCount) == 1, "this attribute should have one argument", Call); 5628 } else if (Attribute::canUseAsFnAttr(Kind)) { 5629 Check((ArgCount) == 0, "this attribute has no argument", Call); 5630 } 5631 } 5632 break; 5633 } 5634 case Intrinsic::ucmp: 5635 case Intrinsic::scmp: { 5636 Type *SrcTy = Call.getOperand(0)->getType(); 5637 Type *DestTy = Call.getType(); 5638 5639 Check(DestTy->getScalarSizeInBits() >= 2, 5640 "result type must be at least 2 bits wide", Call); 5641 5642 bool IsDestTypeVector = DestTy->isVectorTy(); 5643 Check(SrcTy->isVectorTy() == IsDestTypeVector, 5644 "ucmp/scmp argument and result types must both be either vector or " 5645 "scalar types", 5646 Call); 5647 if (IsDestTypeVector) { 5648 auto SrcVecLen = cast<VectorType>(SrcTy)->getElementCount(); 5649 auto DestVecLen = cast<VectorType>(DestTy)->getElementCount(); 5650 Check(SrcVecLen == DestVecLen, 5651 "return type and arguments must have the same number of " 5652 "elements", 5653 Call); 5654 } 5655 break; 5656 } 5657 case Intrinsic::coro_id: { 5658 auto *InfoArg = Call.getArgOperand(3)->stripPointerCasts(); 5659 if (isa<ConstantPointerNull>(InfoArg)) 5660 break; 5661 auto *GV = dyn_cast<GlobalVariable>(InfoArg); 5662 Check(GV && GV->isConstant() && GV->hasDefinitiveInitializer(), 5663 "info argument of llvm.coro.id must refer to an initialized " 5664 "constant"); 5665 Constant *Init = GV->getInitializer(); 5666 Check(isa<ConstantStruct>(Init) || isa<ConstantArray>(Init), 5667 "info argument of llvm.coro.id must refer to either a struct or " 5668 "an array"); 5669 break; 5670 } 5671 case Intrinsic::is_fpclass: { 5672 const ConstantInt *TestMask = cast<ConstantInt>(Call.getOperand(1)); 5673 Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0, 5674 "unsupported bits for llvm.is.fpclass test mask"); 5675 break; 5676 } 5677 case Intrinsic::fptrunc_round: { 5678 // Check the rounding mode 5679 Metadata *MD = nullptr; 5680 auto *MAV = dyn_cast<MetadataAsValue>(Call.getOperand(1)); 5681 if (MAV) 5682 MD = MAV->getMetadata(); 5683 5684 Check(MD != nullptr, "missing rounding mode argument", Call); 5685 5686 Check(isa<MDString>(MD), 5687 ("invalid value for llvm.fptrunc.round metadata operand" 5688 " (the operand should be a string)"), 5689 MD); 5690 5691 std::optional<RoundingMode> RoundMode = 5692 convertStrToRoundingMode(cast<MDString>(MD)->getString()); 5693 Check(RoundMode && *RoundMode != RoundingMode::Dynamic, 5694 "unsupported rounding mode argument", Call); 5695 break; 5696 } 5697 #define BEGIN_REGISTER_VP_INTRINSIC(VPID, ...) case Intrinsic::VPID: 5698 #include "llvm/IR/VPIntrinsics.def" 5699 #undef BEGIN_REGISTER_VP_INTRINSIC 5700 visitVPIntrinsic(cast<VPIntrinsic>(Call)); 5701 break; 5702 #define INSTRUCTION(NAME, NARGS, ROUND_MODE, INTRINSIC) \ 5703 case Intrinsic::INTRINSIC: 5704 #include "llvm/IR/ConstrainedOps.def" 5705 #undef INSTRUCTION 5706 visitConstrainedFPIntrinsic(cast<ConstrainedFPIntrinsic>(Call)); 5707 break; 5708 case Intrinsic::dbg_declare: // llvm.dbg.declare 5709 Check(isa<MetadataAsValue>(Call.getArgOperand(0)), 5710 "invalid llvm.dbg.declare intrinsic call 1", Call); 5711 visitDbgIntrinsic("declare", cast<DbgVariableIntrinsic>(Call)); 5712 break; 5713 case Intrinsic::dbg_value: // llvm.dbg.value 5714 visitDbgIntrinsic("value", cast<DbgVariableIntrinsic>(Call)); 5715 break; 5716 case Intrinsic::dbg_assign: // llvm.dbg.assign 5717 visitDbgIntrinsic("assign", cast<DbgVariableIntrinsic>(Call)); 5718 break; 5719 case Intrinsic::dbg_label: // llvm.dbg.label 5720 visitDbgLabelIntrinsic("label", cast<DbgLabelInst>(Call)); 5721 break; 5722 case Intrinsic::memcpy: 5723 case Intrinsic::memcpy_inline: 5724 case Intrinsic::memmove: 5725 case Intrinsic::memset: 5726 case Intrinsic::memset_inline: 5727 break; 5728 case Intrinsic::experimental_memset_pattern: { 5729 const auto Memset = cast<MemSetPatternInst>(&Call); 5730 Check(Memset->getValue()->getType()->isSized(), 5731 "unsized types cannot be used as memset patterns", Call); 5732 break; 5733 } 5734 case Intrinsic::memcpy_element_unordered_atomic: 5735 case Intrinsic::memmove_element_unordered_atomic: 5736 case Intrinsic::memset_element_unordered_atomic: { 5737 const auto *AMI = cast<AnyMemIntrinsic>(&Call); 5738 5739 ConstantInt *ElementSizeCI = 5740 cast<ConstantInt>(AMI->getRawElementSizeInBytes()); 5741 const APInt &ElementSizeVal = ElementSizeCI->getValue(); 5742 Check(ElementSizeVal.isPowerOf2(), 5743 "element size of the element-wise atomic memory intrinsic " 5744 "must be a power of 2", 5745 Call); 5746 5747 auto IsValidAlignment = [&](MaybeAlign Alignment) { 5748 return Alignment && ElementSizeVal.ule(Alignment->value()); 5749 }; 5750 Check(IsValidAlignment(AMI->getDestAlign()), 5751 "incorrect alignment of the destination argument", Call); 5752 if (const auto *AMT = dyn_cast<AnyMemTransferInst>(AMI)) { 5753 Check(IsValidAlignment(AMT->getSourceAlign()), 5754 "incorrect alignment of the source argument", Call); 5755 } 5756 break; 5757 } 5758 case Intrinsic::call_preallocated_setup: { 5759 auto *NumArgs = dyn_cast<ConstantInt>(Call.getArgOperand(0)); 5760 Check(NumArgs != nullptr, 5761 "llvm.call.preallocated.setup argument must be a constant"); 5762 bool FoundCall = false; 5763 for (User *U : Call.users()) { 5764 auto *UseCall = dyn_cast<CallBase>(U); 5765 Check(UseCall != nullptr, 5766 "Uses of llvm.call.preallocated.setup must be calls"); 5767 Intrinsic::ID IID = UseCall->getIntrinsicID(); 5768 if (IID == Intrinsic::call_preallocated_arg) { 5769 auto *AllocArgIndex = dyn_cast<ConstantInt>(UseCall->getArgOperand(1)); 5770 Check(AllocArgIndex != nullptr, 5771 "llvm.call.preallocated.alloc arg index must be a constant"); 5772 auto AllocArgIndexInt = AllocArgIndex->getValue(); 5773 Check(AllocArgIndexInt.sge(0) && 5774 AllocArgIndexInt.slt(NumArgs->getValue()), 5775 "llvm.call.preallocated.alloc arg index must be between 0 and " 5776 "corresponding " 5777 "llvm.call.preallocated.setup's argument count"); 5778 } else if (IID == Intrinsic::call_preallocated_teardown) { 5779 // nothing to do 5780 } else { 5781 Check(!FoundCall, "Can have at most one call corresponding to a " 5782 "llvm.call.preallocated.setup"); 5783 FoundCall = true; 5784 size_t NumPreallocatedArgs = 0; 5785 for (unsigned i = 0; i < UseCall->arg_size(); i++) { 5786 if (UseCall->paramHasAttr(i, Attribute::Preallocated)) { 5787 ++NumPreallocatedArgs; 5788 } 5789 } 5790 Check(NumPreallocatedArgs != 0, 5791 "cannot use preallocated intrinsics on a call without " 5792 "preallocated arguments"); 5793 Check(NumArgs->equalsInt(NumPreallocatedArgs), 5794 "llvm.call.preallocated.setup arg size must be equal to number " 5795 "of preallocated arguments " 5796 "at call site", 5797 Call, *UseCall); 5798 // getOperandBundle() cannot be called if more than one of the operand 5799 // bundle exists. There is already a check elsewhere for this, so skip 5800 // here if we see more than one. 5801 if (UseCall->countOperandBundlesOfType(LLVMContext::OB_preallocated) > 5802 1) { 5803 return; 5804 } 5805 auto PreallocatedBundle = 5806 UseCall->getOperandBundle(LLVMContext::OB_preallocated); 5807 Check(PreallocatedBundle, 5808 "Use of llvm.call.preallocated.setup outside intrinsics " 5809 "must be in \"preallocated\" operand bundle"); 5810 Check(PreallocatedBundle->Inputs.front().get() == &Call, 5811 "preallocated bundle must have token from corresponding " 5812 "llvm.call.preallocated.setup"); 5813 } 5814 } 5815 break; 5816 } 5817 case Intrinsic::call_preallocated_arg: { 5818 auto *Token = dyn_cast<CallBase>(Call.getArgOperand(0)); 5819 Check(Token && 5820 Token->getIntrinsicID() == Intrinsic::call_preallocated_setup, 5821 "llvm.call.preallocated.arg token argument must be a " 5822 "llvm.call.preallocated.setup"); 5823 Check(Call.hasFnAttr(Attribute::Preallocated), 5824 "llvm.call.preallocated.arg must be called with a \"preallocated\" " 5825 "call site attribute"); 5826 break; 5827 } 5828 case Intrinsic::call_preallocated_teardown: { 5829 auto *Token = dyn_cast<CallBase>(Call.getArgOperand(0)); 5830 Check(Token && 5831 Token->getIntrinsicID() == Intrinsic::call_preallocated_setup, 5832 "llvm.call.preallocated.teardown token argument must be a " 5833 "llvm.call.preallocated.setup"); 5834 break; 5835 } 5836 case Intrinsic::gcroot: 5837 case Intrinsic::gcwrite: 5838 case Intrinsic::gcread: 5839 if (ID == Intrinsic::gcroot) { 5840 AllocaInst *AI = 5841 dyn_cast<AllocaInst>(Call.getArgOperand(0)->stripPointerCasts()); 5842 Check(AI, "llvm.gcroot parameter #1 must be an alloca.", Call); 5843 Check(isa<Constant>(Call.getArgOperand(1)), 5844 "llvm.gcroot parameter #2 must be a constant.", Call); 5845 if (!AI->getAllocatedType()->isPointerTy()) { 5846 Check(!isa<ConstantPointerNull>(Call.getArgOperand(1)), 5847 "llvm.gcroot parameter #1 must either be a pointer alloca, " 5848 "or argument #2 must be a non-null constant.", 5849 Call); 5850 } 5851 } 5852 5853 Check(Call.getParent()->getParent()->hasGC(), 5854 "Enclosing function does not use GC.", Call); 5855 break; 5856 case Intrinsic::init_trampoline: 5857 Check(isa<Function>(Call.getArgOperand(1)->stripPointerCasts()), 5858 "llvm.init_trampoline parameter #2 must resolve to a function.", 5859 Call); 5860 break; 5861 case Intrinsic::prefetch: 5862 Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2, 5863 "rw argument to llvm.prefetch must be 0-1", Call); 5864 Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4, 5865 "locality argument to llvm.prefetch must be 0-3", Call); 5866 Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2, 5867 "cache type argument to llvm.prefetch must be 0-1", Call); 5868 break; 5869 case Intrinsic::stackprotector: 5870 Check(isa<AllocaInst>(Call.getArgOperand(1)->stripPointerCasts()), 5871 "llvm.stackprotector parameter #2 must resolve to an alloca.", Call); 5872 break; 5873 case Intrinsic::localescape: { 5874 BasicBlock *BB = Call.getParent(); 5875 Check(BB->isEntryBlock(), "llvm.localescape used outside of entry block", 5876 Call); 5877 Check(!SawFrameEscape, "multiple calls to llvm.localescape in one function", 5878 Call); 5879 for (Value *Arg : Call.args()) { 5880 if (isa<ConstantPointerNull>(Arg)) 5881 continue; // Null values are allowed as placeholders. 5882 auto *AI = dyn_cast<AllocaInst>(Arg->stripPointerCasts()); 5883 Check(AI && AI->isStaticAlloca(), 5884 "llvm.localescape only accepts static allocas", Call); 5885 } 5886 FrameEscapeInfo[BB->getParent()].first = Call.arg_size(); 5887 SawFrameEscape = true; 5888 break; 5889 } 5890 case Intrinsic::localrecover: { 5891 Value *FnArg = Call.getArgOperand(0)->stripPointerCasts(); 5892 Function *Fn = dyn_cast<Function>(FnArg); 5893 Check(Fn && !Fn->isDeclaration(), 5894 "llvm.localrecover first " 5895 "argument must be function defined in this module", 5896 Call); 5897 auto *IdxArg = cast<ConstantInt>(Call.getArgOperand(2)); 5898 auto &Entry = FrameEscapeInfo[Fn]; 5899 Entry.second = unsigned( 5900 std::max(uint64_t(Entry.second), IdxArg->getLimitedValue(~0U) + 1)); 5901 break; 5902 } 5903 5904 case Intrinsic::experimental_gc_statepoint: 5905 if (auto *CI = dyn_cast<CallInst>(&Call)) 5906 Check(!CI->isInlineAsm(), 5907 "gc.statepoint support for inline assembly unimplemented", CI); 5908 Check(Call.getParent()->getParent()->hasGC(), 5909 "Enclosing function does not use GC.", Call); 5910 5911 verifyStatepoint(Call); 5912 break; 5913 case Intrinsic::experimental_gc_result: { 5914 Check(Call.getParent()->getParent()->hasGC(), 5915 "Enclosing function does not use GC.", Call); 5916 5917 auto *Statepoint = Call.getArgOperand(0); 5918 if (isa<UndefValue>(Statepoint)) 5919 break; 5920 5921 // Are we tied to a statepoint properly? 5922 const auto *StatepointCall = dyn_cast<CallBase>(Statepoint); 5923 Check(StatepointCall && StatepointCall->getIntrinsicID() == 5924 Intrinsic::experimental_gc_statepoint, 5925 "gc.result operand #1 must be from a statepoint", Call, 5926 Call.getArgOperand(0)); 5927 5928 // Check that result type matches wrapped callee. 5929 auto *TargetFuncType = 5930 cast<FunctionType>(StatepointCall->getParamElementType(2)); 5931 Check(Call.getType() == TargetFuncType->getReturnType(), 5932 "gc.result result type does not match wrapped callee", Call); 5933 break; 5934 } 5935 case Intrinsic::experimental_gc_relocate: { 5936 Check(Call.arg_size() == 3, "wrong number of arguments", Call); 5937 5938 Check(isa<PointerType>(Call.getType()->getScalarType()), 5939 "gc.relocate must return a pointer or a vector of pointers", Call); 5940 5941 // Check that this relocate is correctly tied to the statepoint 5942 5943 // This is case for relocate on the unwinding path of an invoke statepoint 5944 if (LandingPadInst *LandingPad = 5945 dyn_cast<LandingPadInst>(Call.getArgOperand(0))) { 5946 5947 const BasicBlock *InvokeBB = 5948 LandingPad->getParent()->getUniquePredecessor(); 5949 5950 // Landingpad relocates should have only one predecessor with invoke 5951 // statepoint terminator 5952 Check(InvokeBB, "safepoints should have unique landingpads", 5953 LandingPad->getParent()); 5954 Check(InvokeBB->getTerminator(), "safepoint block should be well formed", 5955 InvokeBB); 5956 Check(isa<GCStatepointInst>(InvokeBB->getTerminator()), 5957 "gc relocate should be linked to a statepoint", InvokeBB); 5958 } else { 5959 // In all other cases relocate should be tied to the statepoint directly. 5960 // This covers relocates on a normal return path of invoke statepoint and 5961 // relocates of a call statepoint. 5962 auto *Token = Call.getArgOperand(0); 5963 Check(isa<GCStatepointInst>(Token) || isa<UndefValue>(Token), 5964 "gc relocate is incorrectly tied to the statepoint", Call, Token); 5965 } 5966 5967 // Verify rest of the relocate arguments. 5968 const Value &StatepointCall = *cast<GCRelocateInst>(Call).getStatepoint(); 5969 5970 // Both the base and derived must be piped through the safepoint. 5971 Value *Base = Call.getArgOperand(1); 5972 Check(isa<ConstantInt>(Base), 5973 "gc.relocate operand #2 must be integer offset", Call); 5974 5975 Value *Derived = Call.getArgOperand(2); 5976 Check(isa<ConstantInt>(Derived), 5977 "gc.relocate operand #3 must be integer offset", Call); 5978 5979 const uint64_t BaseIndex = cast<ConstantInt>(Base)->getZExtValue(); 5980 const uint64_t DerivedIndex = cast<ConstantInt>(Derived)->getZExtValue(); 5981 5982 // Check the bounds 5983 if (isa<UndefValue>(StatepointCall)) 5984 break; 5985 if (auto Opt = cast<GCStatepointInst>(StatepointCall) 5986 .getOperandBundle(LLVMContext::OB_gc_live)) { 5987 Check(BaseIndex < Opt->Inputs.size(), 5988 "gc.relocate: statepoint base index out of bounds", Call); 5989 Check(DerivedIndex < Opt->Inputs.size(), 5990 "gc.relocate: statepoint derived index out of bounds", Call); 5991 } 5992 5993 // Relocated value must be either a pointer type or vector-of-pointer type, 5994 // but gc_relocate does not need to return the same pointer type as the 5995 // relocated pointer. It can be casted to the correct type later if it's 5996 // desired. However, they must have the same address space and 'vectorness' 5997 GCRelocateInst &Relocate = cast<GCRelocateInst>(Call); 5998 auto *ResultType = Call.getType(); 5999 auto *DerivedType = Relocate.getDerivedPtr()->getType(); 6000 auto *BaseType = Relocate.getBasePtr()->getType(); 6001 6002 Check(BaseType->isPtrOrPtrVectorTy(), 6003 "gc.relocate: relocated value must be a pointer", Call); 6004 Check(DerivedType->isPtrOrPtrVectorTy(), 6005 "gc.relocate: relocated value must be a pointer", Call); 6006 6007 Check(ResultType->isVectorTy() == DerivedType->isVectorTy(), 6008 "gc.relocate: vector relocates to vector and pointer to pointer", 6009 Call); 6010 Check( 6011 ResultType->getPointerAddressSpace() == 6012 DerivedType->getPointerAddressSpace(), 6013 "gc.relocate: relocating a pointer shouldn't change its address space", 6014 Call); 6015 6016 auto GC = llvm::getGCStrategy(Relocate.getFunction()->getGC()); 6017 Check(GC, "gc.relocate: calling function must have GCStrategy", 6018 Call.getFunction()); 6019 if (GC) { 6020 auto isGCPtr = [&GC](Type *PTy) { 6021 return GC->isGCManagedPointer(PTy->getScalarType()).value_or(true); 6022 }; 6023 Check(isGCPtr(ResultType), "gc.relocate: must return gc pointer", Call); 6024 Check(isGCPtr(BaseType), 6025 "gc.relocate: relocated value must be a gc pointer", Call); 6026 Check(isGCPtr(DerivedType), 6027 "gc.relocate: relocated value must be a gc pointer", Call); 6028 } 6029 break; 6030 } 6031 case Intrinsic::experimental_patchpoint: { 6032 if (Call.getCallingConv() == CallingConv::AnyReg) { 6033 Check(Call.getType()->isSingleValueType(), 6034 "patchpoint: invalid return type used with anyregcc", Call); 6035 } 6036 break; 6037 } 6038 case Intrinsic::eh_exceptioncode: 6039 case Intrinsic::eh_exceptionpointer: { 6040 Check(isa<CatchPadInst>(Call.getArgOperand(0)), 6041 "eh.exceptionpointer argument must be a catchpad", Call); 6042 break; 6043 } 6044 case Intrinsic::get_active_lane_mask: { 6045 Check(Call.getType()->isVectorTy(), 6046 "get_active_lane_mask: must return a " 6047 "vector", 6048 Call); 6049 auto *ElemTy = Call.getType()->getScalarType(); 6050 Check(ElemTy->isIntegerTy(1), 6051 "get_active_lane_mask: element type is not " 6052 "i1", 6053 Call); 6054 break; 6055 } 6056 case Intrinsic::experimental_get_vector_length: { 6057 ConstantInt *VF = cast<ConstantInt>(Call.getArgOperand(1)); 6058 Check(!VF->isNegative() && !VF->isZero(), 6059 "get_vector_length: VF must be positive", Call); 6060 break; 6061 } 6062 case Intrinsic::masked_load: { 6063 Check(Call.getType()->isVectorTy(), "masked_load: must return a vector", 6064 Call); 6065 6066 ConstantInt *Alignment = cast<ConstantInt>(Call.getArgOperand(1)); 6067 Value *Mask = Call.getArgOperand(2); 6068 Value *PassThru = Call.getArgOperand(3); 6069 Check(Mask->getType()->isVectorTy(), "masked_load: mask must be vector", 6070 Call); 6071 Check(Alignment->getValue().isPowerOf2(), 6072 "masked_load: alignment must be a power of 2", Call); 6073 Check(PassThru->getType() == Call.getType(), 6074 "masked_load: pass through and return type must match", Call); 6075 Check(cast<VectorType>(Mask->getType())->getElementCount() == 6076 cast<VectorType>(Call.getType())->getElementCount(), 6077 "masked_load: vector mask must be same length as return", Call); 6078 break; 6079 } 6080 case Intrinsic::masked_store: { 6081 Value *Val = Call.getArgOperand(0); 6082 ConstantInt *Alignment = cast<ConstantInt>(Call.getArgOperand(2)); 6083 Value *Mask = Call.getArgOperand(3); 6084 Check(Mask->getType()->isVectorTy(), "masked_store: mask must be vector", 6085 Call); 6086 Check(Alignment->getValue().isPowerOf2(), 6087 "masked_store: alignment must be a power of 2", Call); 6088 Check(cast<VectorType>(Mask->getType())->getElementCount() == 6089 cast<VectorType>(Val->getType())->getElementCount(), 6090 "masked_store: vector mask must be same length as value", Call); 6091 break; 6092 } 6093 6094 case Intrinsic::masked_gather: { 6095 const APInt &Alignment = 6096 cast<ConstantInt>(Call.getArgOperand(1))->getValue(); 6097 Check(Alignment.isZero() || Alignment.isPowerOf2(), 6098 "masked_gather: alignment must be 0 or a power of 2", Call); 6099 break; 6100 } 6101 case Intrinsic::masked_scatter: { 6102 const APInt &Alignment = 6103 cast<ConstantInt>(Call.getArgOperand(2))->getValue(); 6104 Check(Alignment.isZero() || Alignment.isPowerOf2(), 6105 "masked_scatter: alignment must be 0 or a power of 2", Call); 6106 break; 6107 } 6108 6109 case Intrinsic::experimental_guard: { 6110 Check(isa<CallInst>(Call), "experimental_guard cannot be invoked", Call); 6111 Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1, 6112 "experimental_guard must have exactly one " 6113 "\"deopt\" operand bundle"); 6114 break; 6115 } 6116 6117 case Intrinsic::experimental_deoptimize: { 6118 Check(isa<CallInst>(Call), "experimental_deoptimize cannot be invoked", 6119 Call); 6120 Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1, 6121 "experimental_deoptimize must have exactly one " 6122 "\"deopt\" operand bundle"); 6123 Check(Call.getType() == Call.getFunction()->getReturnType(), 6124 "experimental_deoptimize return type must match caller return type"); 6125 6126 if (isa<CallInst>(Call)) { 6127 auto *RI = dyn_cast<ReturnInst>(Call.getNextNode()); 6128 Check(RI, 6129 "calls to experimental_deoptimize must be followed by a return"); 6130 6131 if (!Call.getType()->isVoidTy() && RI) 6132 Check(RI->getReturnValue() == &Call, 6133 "calls to experimental_deoptimize must be followed by a return " 6134 "of the value computed by experimental_deoptimize"); 6135 } 6136 6137 break; 6138 } 6139 case Intrinsic::vastart: { 6140 Check(Call.getFunction()->isVarArg(), 6141 "va_start called in a non-varargs function"); 6142 break; 6143 } 6144 case Intrinsic::get_dynamic_area_offset: { 6145 auto *IntTy = dyn_cast<IntegerType>(Call.getType()); 6146 Check(IntTy && DL.getPointerSizeInBits(DL.getAllocaAddrSpace()) == 6147 IntTy->getBitWidth(), 6148 "get_dynamic_area_offset result type must be scalar integer matching " 6149 "alloca address space width", 6150 Call); 6151 break; 6152 } 6153 case Intrinsic::vector_reduce_and: 6154 case Intrinsic::vector_reduce_or: 6155 case Intrinsic::vector_reduce_xor: 6156 case Intrinsic::vector_reduce_add: 6157 case Intrinsic::vector_reduce_mul: 6158 case Intrinsic::vector_reduce_smax: 6159 case Intrinsic::vector_reduce_smin: 6160 case Intrinsic::vector_reduce_umax: 6161 case Intrinsic::vector_reduce_umin: { 6162 Type *ArgTy = Call.getArgOperand(0)->getType(); 6163 Check(ArgTy->isIntOrIntVectorTy() && ArgTy->isVectorTy(), 6164 "Intrinsic has incorrect argument type!"); 6165 break; 6166 } 6167 case Intrinsic::vector_reduce_fmax: 6168 case Intrinsic::vector_reduce_fmin: { 6169 Type *ArgTy = Call.getArgOperand(0)->getType(); 6170 Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(), 6171 "Intrinsic has incorrect argument type!"); 6172 break; 6173 } 6174 case Intrinsic::vector_reduce_fadd: 6175 case Intrinsic::vector_reduce_fmul: { 6176 // Unlike the other reductions, the first argument is a start value. The 6177 // second argument is the vector to be reduced. 6178 Type *ArgTy = Call.getArgOperand(1)->getType(); 6179 Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(), 6180 "Intrinsic has incorrect argument type!"); 6181 break; 6182 } 6183 case Intrinsic::smul_fix: 6184 case Intrinsic::smul_fix_sat: 6185 case Intrinsic::umul_fix: 6186 case Intrinsic::umul_fix_sat: 6187 case Intrinsic::sdiv_fix: 6188 case Intrinsic::sdiv_fix_sat: 6189 case Intrinsic::udiv_fix: 6190 case Intrinsic::udiv_fix_sat: { 6191 Value *Op1 = Call.getArgOperand(0); 6192 Value *Op2 = Call.getArgOperand(1); 6193 Check(Op1->getType()->isIntOrIntVectorTy(), 6194 "first operand of [us][mul|div]_fix[_sat] must be an int type or " 6195 "vector of ints"); 6196 Check(Op2->getType()->isIntOrIntVectorTy(), 6197 "second operand of [us][mul|div]_fix[_sat] must be an int type or " 6198 "vector of ints"); 6199 6200 auto *Op3 = cast<ConstantInt>(Call.getArgOperand(2)); 6201 Check(Op3->getType()->isIntegerTy(), 6202 "third operand of [us][mul|div]_fix[_sat] must be an int type"); 6203 Check(Op3->getBitWidth() <= 32, 6204 "third operand of [us][mul|div]_fix[_sat] must fit within 32 bits"); 6205 6206 if (ID == Intrinsic::smul_fix || ID == Intrinsic::smul_fix_sat || 6207 ID == Intrinsic::sdiv_fix || ID == Intrinsic::sdiv_fix_sat) { 6208 Check(Op3->getZExtValue() < Op1->getType()->getScalarSizeInBits(), 6209 "the scale of s[mul|div]_fix[_sat] must be less than the width of " 6210 "the operands"); 6211 } else { 6212 Check(Op3->getZExtValue() <= Op1->getType()->getScalarSizeInBits(), 6213 "the scale of u[mul|div]_fix[_sat] must be less than or equal " 6214 "to the width of the operands"); 6215 } 6216 break; 6217 } 6218 case Intrinsic::lrint: 6219 case Intrinsic::llrint: 6220 case Intrinsic::lround: 6221 case Intrinsic::llround: { 6222 Type *ValTy = Call.getArgOperand(0)->getType(); 6223 Type *ResultTy = Call.getType(); 6224 auto *VTy = dyn_cast<VectorType>(ValTy); 6225 auto *RTy = dyn_cast<VectorType>(ResultTy); 6226 Check(ValTy->isFPOrFPVectorTy() && ResultTy->isIntOrIntVectorTy(), 6227 ExpectedName + ": argument must be floating-point or vector " 6228 "of floating-points, and result must be integer or " 6229 "vector of integers", 6230 &Call); 6231 Check(ValTy->isVectorTy() == ResultTy->isVectorTy(), 6232 ExpectedName + ": argument and result disagree on vector use", &Call); 6233 if (VTy) { 6234 Check(VTy->getElementCount() == RTy->getElementCount(), 6235 ExpectedName + ": argument must be same length as result", &Call); 6236 } 6237 break; 6238 } 6239 case Intrinsic::bswap: { 6240 Type *Ty = Call.getType(); 6241 unsigned Size = Ty->getScalarSizeInBits(); 6242 Check(Size % 16 == 0, "bswap must be an even number of bytes", &Call); 6243 break; 6244 } 6245 case Intrinsic::invariant_start: { 6246 ConstantInt *InvariantSize = dyn_cast<ConstantInt>(Call.getArgOperand(0)); 6247 Check(InvariantSize && 6248 (!InvariantSize->isNegative() || InvariantSize->isMinusOne()), 6249 "invariant_start parameter must be -1, 0 or a positive number", 6250 &Call); 6251 break; 6252 } 6253 case Intrinsic::matrix_multiply: 6254 case Intrinsic::matrix_transpose: 6255 case Intrinsic::matrix_column_major_load: 6256 case Intrinsic::matrix_column_major_store: { 6257 Function *IF = Call.getCalledFunction(); 6258 ConstantInt *Stride = nullptr; 6259 ConstantInt *NumRows; 6260 ConstantInt *NumColumns; 6261 VectorType *ResultTy; 6262 Type *Op0ElemTy = nullptr; 6263 Type *Op1ElemTy = nullptr; 6264 switch (ID) { 6265 case Intrinsic::matrix_multiply: { 6266 NumRows = cast<ConstantInt>(Call.getArgOperand(2)); 6267 ConstantInt *N = cast<ConstantInt>(Call.getArgOperand(3)); 6268 NumColumns = cast<ConstantInt>(Call.getArgOperand(4)); 6269 Check(cast<FixedVectorType>(Call.getArgOperand(0)->getType()) 6270 ->getNumElements() == 6271 NumRows->getZExtValue() * N->getZExtValue(), 6272 "First argument of a matrix operation does not match specified " 6273 "shape!"); 6274 Check(cast<FixedVectorType>(Call.getArgOperand(1)->getType()) 6275 ->getNumElements() == 6276 N->getZExtValue() * NumColumns->getZExtValue(), 6277 "Second argument of a matrix operation does not match specified " 6278 "shape!"); 6279 6280 ResultTy = cast<VectorType>(Call.getType()); 6281 Op0ElemTy = 6282 cast<VectorType>(Call.getArgOperand(0)->getType())->getElementType(); 6283 Op1ElemTy = 6284 cast<VectorType>(Call.getArgOperand(1)->getType())->getElementType(); 6285 break; 6286 } 6287 case Intrinsic::matrix_transpose: 6288 NumRows = cast<ConstantInt>(Call.getArgOperand(1)); 6289 NumColumns = cast<ConstantInt>(Call.getArgOperand(2)); 6290 ResultTy = cast<VectorType>(Call.getType()); 6291 Op0ElemTy = 6292 cast<VectorType>(Call.getArgOperand(0)->getType())->getElementType(); 6293 break; 6294 case Intrinsic::matrix_column_major_load: { 6295 Stride = dyn_cast<ConstantInt>(Call.getArgOperand(1)); 6296 NumRows = cast<ConstantInt>(Call.getArgOperand(3)); 6297 NumColumns = cast<ConstantInt>(Call.getArgOperand(4)); 6298 ResultTy = cast<VectorType>(Call.getType()); 6299 break; 6300 } 6301 case Intrinsic::matrix_column_major_store: { 6302 Stride = dyn_cast<ConstantInt>(Call.getArgOperand(2)); 6303 NumRows = cast<ConstantInt>(Call.getArgOperand(4)); 6304 NumColumns = cast<ConstantInt>(Call.getArgOperand(5)); 6305 ResultTy = cast<VectorType>(Call.getArgOperand(0)->getType()); 6306 Op0ElemTy = 6307 cast<VectorType>(Call.getArgOperand(0)->getType())->getElementType(); 6308 break; 6309 } 6310 default: 6311 llvm_unreachable("unexpected intrinsic"); 6312 } 6313 6314 Check(ResultTy->getElementType()->isIntegerTy() || 6315 ResultTy->getElementType()->isFloatingPointTy(), 6316 "Result type must be an integer or floating-point type!", IF); 6317 6318 if (Op0ElemTy) 6319 Check(ResultTy->getElementType() == Op0ElemTy, 6320 "Vector element type mismatch of the result and first operand " 6321 "vector!", 6322 IF); 6323 6324 if (Op1ElemTy) 6325 Check(ResultTy->getElementType() == Op1ElemTy, 6326 "Vector element type mismatch of the result and second operand " 6327 "vector!", 6328 IF); 6329 6330 Check(cast<FixedVectorType>(ResultTy)->getNumElements() == 6331 NumRows->getZExtValue() * NumColumns->getZExtValue(), 6332 "Result of a matrix operation does not fit in the returned vector!"); 6333 6334 if (Stride) 6335 Check(Stride->getZExtValue() >= NumRows->getZExtValue(), 6336 "Stride must be greater or equal than the number of rows!", IF); 6337 6338 break; 6339 } 6340 case Intrinsic::vector_splice: { 6341 VectorType *VecTy = cast<VectorType>(Call.getType()); 6342 int64_t Idx = cast<ConstantInt>(Call.getArgOperand(2))->getSExtValue(); 6343 int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue(); 6344 if (Call.getParent() && Call.getParent()->getParent()) { 6345 AttributeList Attrs = Call.getParent()->getParent()->getAttributes(); 6346 if (Attrs.hasFnAttr(Attribute::VScaleRange)) 6347 KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin(); 6348 } 6349 Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) || 6350 (Idx >= 0 && Idx < KnownMinNumElements), 6351 "The splice index exceeds the range [-VL, VL-1] where VL is the " 6352 "known minimum number of elements in the vector. For scalable " 6353 "vectors the minimum number of elements is determined from " 6354 "vscale_range.", 6355 &Call); 6356 break; 6357 } 6358 case Intrinsic::stepvector: { 6359 VectorType *VecTy = dyn_cast<VectorType>(Call.getType()); 6360 Check(VecTy && VecTy->getScalarType()->isIntegerTy() && 6361 VecTy->getScalarSizeInBits() >= 8, 6362 "stepvector only supported for vectors of integers " 6363 "with a bitwidth of at least 8.", 6364 &Call); 6365 break; 6366 } 6367 case Intrinsic::experimental_vector_match: { 6368 Value *Op1 = Call.getArgOperand(0); 6369 Value *Op2 = Call.getArgOperand(1); 6370 Value *Mask = Call.getArgOperand(2); 6371 6372 VectorType *Op1Ty = dyn_cast<VectorType>(Op1->getType()); 6373 VectorType *Op2Ty = dyn_cast<VectorType>(Op2->getType()); 6374 VectorType *MaskTy = dyn_cast<VectorType>(Mask->getType()); 6375 6376 Check(Op1Ty && Op2Ty && MaskTy, "Operands must be vectors.", &Call); 6377 Check(isa<FixedVectorType>(Op2Ty), 6378 "Second operand must be a fixed length vector.", &Call); 6379 Check(Op1Ty->getElementType()->isIntegerTy(), 6380 "First operand must be a vector of integers.", &Call); 6381 Check(Op1Ty->getElementType() == Op2Ty->getElementType(), 6382 "First two operands must have the same element type.", &Call); 6383 Check(Op1Ty->getElementCount() == MaskTy->getElementCount(), 6384 "First operand and mask must have the same number of elements.", 6385 &Call); 6386 Check(MaskTy->getElementType()->isIntegerTy(1), 6387 "Mask must be a vector of i1's.", &Call); 6388 Check(Call.getType() == MaskTy, "Return type must match the mask type.", 6389 &Call); 6390 break; 6391 } 6392 case Intrinsic::vector_insert: { 6393 Value *Vec = Call.getArgOperand(0); 6394 Value *SubVec = Call.getArgOperand(1); 6395 Value *Idx = Call.getArgOperand(2); 6396 unsigned IdxN = cast<ConstantInt>(Idx)->getZExtValue(); 6397 6398 VectorType *VecTy = cast<VectorType>(Vec->getType()); 6399 VectorType *SubVecTy = cast<VectorType>(SubVec->getType()); 6400 6401 ElementCount VecEC = VecTy->getElementCount(); 6402 ElementCount SubVecEC = SubVecTy->getElementCount(); 6403 Check(VecTy->getElementType() == SubVecTy->getElementType(), 6404 "vector_insert parameters must have the same element " 6405 "type.", 6406 &Call); 6407 Check(IdxN % SubVecEC.getKnownMinValue() == 0, 6408 "vector_insert index must be a constant multiple of " 6409 "the subvector's known minimum vector length."); 6410 6411 // If this insertion is not the 'mixed' case where a fixed vector is 6412 // inserted into a scalable vector, ensure that the insertion of the 6413 // subvector does not overrun the parent vector. 6414 if (VecEC.isScalable() == SubVecEC.isScalable()) { 6415 Check(IdxN < VecEC.getKnownMinValue() && 6416 IdxN + SubVecEC.getKnownMinValue() <= VecEC.getKnownMinValue(), 6417 "subvector operand of vector_insert would overrun the " 6418 "vector being inserted into."); 6419 } 6420 break; 6421 } 6422 case Intrinsic::vector_extract: { 6423 Value *Vec = Call.getArgOperand(0); 6424 Value *Idx = Call.getArgOperand(1); 6425 unsigned IdxN = cast<ConstantInt>(Idx)->getZExtValue(); 6426 6427 VectorType *ResultTy = cast<VectorType>(Call.getType()); 6428 VectorType *VecTy = cast<VectorType>(Vec->getType()); 6429 6430 ElementCount VecEC = VecTy->getElementCount(); 6431 ElementCount ResultEC = ResultTy->getElementCount(); 6432 6433 Check(ResultTy->getElementType() == VecTy->getElementType(), 6434 "vector_extract result must have the same element " 6435 "type as the input vector.", 6436 &Call); 6437 Check(IdxN % ResultEC.getKnownMinValue() == 0, 6438 "vector_extract index must be a constant multiple of " 6439 "the result type's known minimum vector length."); 6440 6441 // If this extraction is not the 'mixed' case where a fixed vector is 6442 // extracted from a scalable vector, ensure that the extraction does not 6443 // overrun the parent vector. 6444 if (VecEC.isScalable() == ResultEC.isScalable()) { 6445 Check(IdxN < VecEC.getKnownMinValue() && 6446 IdxN + ResultEC.getKnownMinValue() <= VecEC.getKnownMinValue(), 6447 "vector_extract would overrun."); 6448 } 6449 break; 6450 } 6451 case Intrinsic::experimental_vector_partial_reduce_add: { 6452 VectorType *AccTy = cast<VectorType>(Call.getArgOperand(0)->getType()); 6453 VectorType *VecTy = cast<VectorType>(Call.getArgOperand(1)->getType()); 6454 6455 unsigned VecWidth = VecTy->getElementCount().getKnownMinValue(); 6456 unsigned AccWidth = AccTy->getElementCount().getKnownMinValue(); 6457 6458 Check((VecWidth % AccWidth) == 0, 6459 "Invalid vector widths for partial " 6460 "reduction. The width of the input vector " 6461 "must be a positive integer multiple of " 6462 "the width of the accumulator vector."); 6463 break; 6464 } 6465 case Intrinsic::experimental_noalias_scope_decl: { 6466 NoAliasScopeDecls.push_back(cast<IntrinsicInst>(&Call)); 6467 break; 6468 } 6469 case Intrinsic::preserve_array_access_index: 6470 case Intrinsic::preserve_struct_access_index: 6471 case Intrinsic::aarch64_ldaxr: 6472 case Intrinsic::aarch64_ldxr: 6473 case Intrinsic::arm_ldaex: 6474 case Intrinsic::arm_ldrex: { 6475 Type *ElemTy = Call.getParamElementType(0); 6476 Check(ElemTy, "Intrinsic requires elementtype attribute on first argument.", 6477 &Call); 6478 break; 6479 } 6480 case Intrinsic::aarch64_stlxr: 6481 case Intrinsic::aarch64_stxr: 6482 case Intrinsic::arm_stlex: 6483 case Intrinsic::arm_strex: { 6484 Type *ElemTy = Call.getAttributes().getParamElementType(1); 6485 Check(ElemTy, 6486 "Intrinsic requires elementtype attribute on second argument.", 6487 &Call); 6488 break; 6489 } 6490 case Intrinsic::aarch64_prefetch: { 6491 Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2, 6492 "write argument to llvm.aarch64.prefetch must be 0 or 1", Call); 6493 Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4, 6494 "target argument to llvm.aarch64.prefetch must be 0-3", Call); 6495 Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2, 6496 "stream argument to llvm.aarch64.prefetch must be 0 or 1", Call); 6497 Check(cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue() < 2, 6498 "isdata argument to llvm.aarch64.prefetch must be 0 or 1", Call); 6499 break; 6500 } 6501 case Intrinsic::callbr_landingpad: { 6502 const auto *CBR = dyn_cast<CallBrInst>(Call.getOperand(0)); 6503 Check(CBR, "intrinstic requires callbr operand", &Call); 6504 if (!CBR) 6505 break; 6506 6507 const BasicBlock *LandingPadBB = Call.getParent(); 6508 const BasicBlock *PredBB = LandingPadBB->getUniquePredecessor(); 6509 if (!PredBB) { 6510 CheckFailed("Intrinsic in block must have 1 unique predecessor", &Call); 6511 break; 6512 } 6513 if (!isa<CallBrInst>(PredBB->getTerminator())) { 6514 CheckFailed("Intrinsic must have corresponding callbr in predecessor", 6515 &Call); 6516 break; 6517 } 6518 Check(llvm::is_contained(CBR->getIndirectDests(), LandingPadBB), 6519 "Intrinsic's corresponding callbr must have intrinsic's parent basic " 6520 "block in indirect destination list", 6521 &Call); 6522 const Instruction &First = *LandingPadBB->begin(); 6523 Check(&First == &Call, "No other instructions may proceed intrinsic", 6524 &Call); 6525 break; 6526 } 6527 case Intrinsic::amdgcn_cs_chain: { 6528 auto CallerCC = Call.getCaller()->getCallingConv(); 6529 switch (CallerCC) { 6530 case CallingConv::AMDGPU_CS: 6531 case CallingConv::AMDGPU_CS_Chain: 6532 case CallingConv::AMDGPU_CS_ChainPreserve: 6533 break; 6534 default: 6535 CheckFailed("Intrinsic can only be used from functions with the " 6536 "amdgpu_cs, amdgpu_cs_chain or amdgpu_cs_chain_preserve " 6537 "calling conventions", 6538 &Call); 6539 break; 6540 } 6541 6542 Check(Call.paramHasAttr(2, Attribute::InReg), 6543 "SGPR arguments must have the `inreg` attribute", &Call); 6544 Check(!Call.paramHasAttr(3, Attribute::InReg), 6545 "VGPR arguments must not have the `inreg` attribute", &Call); 6546 6547 auto *Next = Call.getNextNonDebugInstruction(); 6548 bool IsAMDUnreachable = Next && isa<IntrinsicInst>(Next) && 6549 cast<IntrinsicInst>(Next)->getIntrinsicID() == 6550 Intrinsic::amdgcn_unreachable; 6551 Check(Next && (isa<UnreachableInst>(Next) || IsAMDUnreachable), 6552 "llvm.amdgcn.cs.chain must be followed by unreachable", &Call); 6553 break; 6554 } 6555 case Intrinsic::amdgcn_init_exec_from_input: { 6556 const Argument *Arg = dyn_cast<Argument>(Call.getOperand(0)); 6557 Check(Arg && Arg->hasInRegAttr(), 6558 "only inreg arguments to the parent function are valid as inputs to " 6559 "this intrinsic", 6560 &Call); 6561 break; 6562 } 6563 case Intrinsic::amdgcn_set_inactive_chain_arg: { 6564 auto CallerCC = Call.getCaller()->getCallingConv(); 6565 switch (CallerCC) { 6566 case CallingConv::AMDGPU_CS_Chain: 6567 case CallingConv::AMDGPU_CS_ChainPreserve: 6568 break; 6569 default: 6570 CheckFailed("Intrinsic can only be used from functions with the " 6571 "amdgpu_cs_chain or amdgpu_cs_chain_preserve " 6572 "calling conventions", 6573 &Call); 6574 break; 6575 } 6576 6577 unsigned InactiveIdx = 1; 6578 Check(!Call.paramHasAttr(InactiveIdx, Attribute::InReg), 6579 "Value for inactive lanes must not have the `inreg` attribute", 6580 &Call); 6581 Check(isa<Argument>(Call.getArgOperand(InactiveIdx)), 6582 "Value for inactive lanes must be a function argument", &Call); 6583 Check(!cast<Argument>(Call.getArgOperand(InactiveIdx))->hasInRegAttr(), 6584 "Value for inactive lanes must be a VGPR function argument", &Call); 6585 break; 6586 } 6587 case Intrinsic::amdgcn_s_prefetch_data: { 6588 Check( 6589 AMDGPU::isFlatGlobalAddrSpace( 6590 Call.getArgOperand(0)->getType()->getPointerAddressSpace()), 6591 "llvm.amdgcn.s.prefetch.data only supports global or constant memory"); 6592 break; 6593 } 6594 case Intrinsic::amdgcn_mfma_scale_f32_16x16x128_f8f6f4: 6595 case Intrinsic::amdgcn_mfma_scale_f32_32x32x64_f8f6f4: { 6596 Value *Src0 = Call.getArgOperand(0); 6597 Value *Src1 = Call.getArgOperand(1); 6598 6599 uint64_t CBSZ = cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue(); 6600 uint64_t BLGP = cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue(); 6601 Check(CBSZ <= 4, "invalid value for cbsz format", Call, 6602 Call.getArgOperand(3)); 6603 Check(BLGP <= 4, "invalid value for blgp format", Call, 6604 Call.getArgOperand(4)); 6605 6606 // AMDGPU::MFMAScaleFormats values 6607 auto getFormatNumRegs = [](unsigned FormatVal) { 6608 switch (FormatVal) { 6609 case 0: 6610 case 1: 6611 return 8u; 6612 case 2: 6613 case 3: 6614 return 6u; 6615 case 4: 6616 return 4u; 6617 default: 6618 llvm_unreachable("invalid format value"); 6619 } 6620 }; 6621 6622 auto isValidSrcASrcBVector = [](FixedVectorType *Ty) { 6623 if (!Ty || !Ty->getElementType()->isIntegerTy(32)) 6624 return false; 6625 unsigned NumElts = Ty->getNumElements(); 6626 return NumElts == 4 || NumElts == 6 || NumElts == 8; 6627 }; 6628 6629 auto *Src0Ty = dyn_cast<FixedVectorType>(Src0->getType()); 6630 auto *Src1Ty = dyn_cast<FixedVectorType>(Src1->getType()); 6631 Check(isValidSrcASrcBVector(Src0Ty), 6632 "operand 0 must be 4, 6 or 8 element i32 vector", &Call, Src0); 6633 Check(isValidSrcASrcBVector(Src1Ty), 6634 "operand 1 must be 4, 6 or 8 element i32 vector", &Call, Src1); 6635 6636 // Permit excess registers for the format. 6637 Check(Src0Ty->getNumElements() >= getFormatNumRegs(CBSZ), 6638 "invalid vector type for format", &Call, Src0, Call.getArgOperand(3)); 6639 Check(Src1Ty->getNumElements() >= getFormatNumRegs(BLGP), 6640 "invalid vector type for format", &Call, Src1, Call.getArgOperand(5)); 6641 break; 6642 } 6643 case Intrinsic::nvvm_setmaxnreg_inc_sync_aligned_u32: 6644 case Intrinsic::nvvm_setmaxnreg_dec_sync_aligned_u32: { 6645 Value *V = Call.getArgOperand(0); 6646 unsigned RegCount = cast<ConstantInt>(V)->getZExtValue(); 6647 Check(RegCount % 8 == 0, 6648 "reg_count argument to nvvm.setmaxnreg must be in multiples of 8"); 6649 break; 6650 } 6651 case Intrinsic::experimental_convergence_entry: 6652 case Intrinsic::experimental_convergence_anchor: 6653 break; 6654 case Intrinsic::experimental_convergence_loop: 6655 break; 6656 case Intrinsic::ptrmask: { 6657 Type *Ty0 = Call.getArgOperand(0)->getType(); 6658 Type *Ty1 = Call.getArgOperand(1)->getType(); 6659 Check(Ty0->isPtrOrPtrVectorTy(), 6660 "llvm.ptrmask intrinsic first argument must be pointer or vector " 6661 "of pointers", 6662 &Call); 6663 Check( 6664 Ty0->isVectorTy() == Ty1->isVectorTy(), 6665 "llvm.ptrmask intrinsic arguments must be both scalars or both vectors", 6666 &Call); 6667 if (Ty0->isVectorTy()) 6668 Check(cast<VectorType>(Ty0)->getElementCount() == 6669 cast<VectorType>(Ty1)->getElementCount(), 6670 "llvm.ptrmask intrinsic arguments must have the same number of " 6671 "elements", 6672 &Call); 6673 Check(DL.getIndexTypeSizeInBits(Ty0) == Ty1->getScalarSizeInBits(), 6674 "llvm.ptrmask intrinsic second argument bitwidth must match " 6675 "pointer index type size of first argument", 6676 &Call); 6677 break; 6678 } 6679 case Intrinsic::thread_pointer: { 6680 Check(Call.getType()->getPointerAddressSpace() == 6681 DL.getDefaultGlobalsAddressSpace(), 6682 "llvm.thread.pointer intrinsic return type must be for the globals " 6683 "address space", 6684 &Call); 6685 break; 6686 } 6687 case Intrinsic::threadlocal_address: { 6688 const Value &Arg0 = *Call.getArgOperand(0); 6689 Check(isa<GlobalValue>(Arg0), 6690 "llvm.threadlocal.address first argument must be a GlobalValue"); 6691 Check(cast<GlobalValue>(Arg0).isThreadLocal(), 6692 "llvm.threadlocal.address operand isThreadLocal() must be true"); 6693 break; 6694 } 6695 }; 6696 6697 // Verify that there aren't any unmediated control transfers between funclets. 6698 if (IntrinsicInst::mayLowerToFunctionCall(ID)) { 6699 Function *F = Call.getParent()->getParent(); 6700 if (F->hasPersonalityFn() && 6701 isScopedEHPersonality(classifyEHPersonality(F->getPersonalityFn()))) { 6702 // Run EH funclet coloring on-demand and cache results for other intrinsic 6703 // calls in this function 6704 if (BlockEHFuncletColors.empty()) 6705 BlockEHFuncletColors = colorEHFunclets(*F); 6706 6707 // Check for catch-/cleanup-pad in first funclet block 6708 bool InEHFunclet = false; 6709 BasicBlock *CallBB = Call.getParent(); 6710 const ColorVector &CV = BlockEHFuncletColors.find(CallBB)->second; 6711 assert(CV.size() > 0 && "Uncolored block"); 6712 for (BasicBlock *ColorFirstBB : CV) 6713 if (auto It = ColorFirstBB->getFirstNonPHIIt(); 6714 It != ColorFirstBB->end()) 6715 if (isa_and_nonnull<FuncletPadInst>(&*It)) 6716 InEHFunclet = true; 6717 6718 // Check for funclet operand bundle 6719 bool HasToken = false; 6720 for (unsigned I = 0, E = Call.getNumOperandBundles(); I != E; ++I) 6721 if (Call.getOperandBundleAt(I).getTagID() == LLVMContext::OB_funclet) 6722 HasToken = true; 6723 6724 // This would cause silent code truncation in WinEHPrepare 6725 if (InEHFunclet) 6726 Check(HasToken, "Missing funclet token on intrinsic call", &Call); 6727 } 6728 } 6729 } 6730 6731 /// Carefully grab the subprogram from a local scope. 6732 /// 6733 /// This carefully grabs the subprogram from a local scope, avoiding the 6734 /// built-in assertions that would typically fire. 6735 static DISubprogram *getSubprogram(Metadata *LocalScope) { 6736 if (!LocalScope) 6737 return nullptr; 6738 6739 if (auto *SP = dyn_cast<DISubprogram>(LocalScope)) 6740 return SP; 6741 6742 if (auto *LB = dyn_cast<DILexicalBlockBase>(LocalScope)) 6743 return getSubprogram(LB->getRawScope()); 6744 6745 // Just return null; broken scope chains are checked elsewhere. 6746 assert(!isa<DILocalScope>(LocalScope) && "Unknown type of local scope"); 6747 return nullptr; 6748 } 6749 6750 void Verifier::visit(DbgLabelRecord &DLR) { 6751 CheckDI(isa<DILabel>(DLR.getRawLabel()), 6752 "invalid #dbg_label intrinsic variable", &DLR, DLR.getRawLabel()); 6753 6754 // Ignore broken !dbg attachments; they're checked elsewhere. 6755 if (MDNode *N = DLR.getDebugLoc().getAsMDNode()) 6756 if (!isa<DILocation>(N)) 6757 return; 6758 6759 BasicBlock *BB = DLR.getParent(); 6760 Function *F = BB ? BB->getParent() : nullptr; 6761 6762 // The scopes for variables and !dbg attachments must agree. 6763 DILabel *Label = DLR.getLabel(); 6764 DILocation *Loc = DLR.getDebugLoc(); 6765 CheckDI(Loc, "#dbg_label record requires a !dbg attachment", &DLR, BB, F); 6766 6767 DISubprogram *LabelSP = getSubprogram(Label->getRawScope()); 6768 DISubprogram *LocSP = getSubprogram(Loc->getRawScope()); 6769 if (!LabelSP || !LocSP) 6770 return; 6771 6772 CheckDI(LabelSP == LocSP, 6773 "mismatched subprogram between #dbg_label label and !dbg attachment", 6774 &DLR, BB, F, Label, Label->getScope()->getSubprogram(), Loc, 6775 Loc->getScope()->getSubprogram()); 6776 } 6777 6778 void Verifier::visit(DbgVariableRecord &DVR) { 6779 BasicBlock *BB = DVR.getParent(); 6780 Function *F = BB->getParent(); 6781 6782 CheckDI(DVR.getType() == DbgVariableRecord::LocationType::Value || 6783 DVR.getType() == DbgVariableRecord::LocationType::Declare || 6784 DVR.getType() == DbgVariableRecord::LocationType::Assign, 6785 "invalid #dbg record type", &DVR, DVR.getType(), BB, F); 6786 6787 // The location for a DbgVariableRecord must be either a ValueAsMetadata, 6788 // DIArgList, or an empty MDNode (which is a legacy representation for an 6789 // "undef" location). 6790 auto *MD = DVR.getRawLocation(); 6791 CheckDI(MD && (isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) || 6792 (isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands())), 6793 "invalid #dbg record address/value", &DVR, MD, BB, F); 6794 if (auto *VAM = dyn_cast<ValueAsMetadata>(MD)) { 6795 visitValueAsMetadata(*VAM, F); 6796 if (DVR.isDbgDeclare()) { 6797 // Allow integers here to support inttoptr salvage. 6798 Type *Ty = VAM->getValue()->getType(); 6799 CheckDI(Ty->isPointerTy() || Ty->isIntegerTy(), 6800 "location of #dbg_declare must be a pointer or int", &DVR, MD, BB, 6801 F); 6802 } 6803 } else if (auto *AL = dyn_cast<DIArgList>(MD)) { 6804 visitDIArgList(*AL, F); 6805 } 6806 6807 CheckDI(isa_and_nonnull<DILocalVariable>(DVR.getRawVariable()), 6808 "invalid #dbg record variable", &DVR, DVR.getRawVariable(), BB, F); 6809 visitMDNode(*DVR.getRawVariable(), AreDebugLocsAllowed::No); 6810 6811 CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawExpression()), 6812 "invalid #dbg record expression", &DVR, DVR.getRawExpression(), BB, 6813 F); 6814 visitMDNode(*DVR.getExpression(), AreDebugLocsAllowed::No); 6815 6816 if (DVR.isDbgAssign()) { 6817 CheckDI(isa_and_nonnull<DIAssignID>(DVR.getRawAssignID()), 6818 "invalid #dbg_assign DIAssignID", &DVR, DVR.getRawAssignID(), BB, 6819 F); 6820 visitMDNode(*cast<DIAssignID>(DVR.getRawAssignID()), 6821 AreDebugLocsAllowed::No); 6822 6823 const auto *RawAddr = DVR.getRawAddress(); 6824 // Similarly to the location above, the address for an assign 6825 // DbgVariableRecord must be a ValueAsMetadata or an empty MDNode, which 6826 // represents an undef address. 6827 CheckDI( 6828 isa<ValueAsMetadata>(RawAddr) || 6829 (isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()), 6830 "invalid #dbg_assign address", &DVR, DVR.getRawAddress(), BB, F); 6831 if (auto *VAM = dyn_cast<ValueAsMetadata>(RawAddr)) 6832 visitValueAsMetadata(*VAM, F); 6833 6834 CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawAddressExpression()), 6835 "invalid #dbg_assign address expression", &DVR, 6836 DVR.getRawAddressExpression(), BB, F); 6837 visitMDNode(*DVR.getAddressExpression(), AreDebugLocsAllowed::No); 6838 6839 // All of the linked instructions should be in the same function as DVR. 6840 for (Instruction *I : at::getAssignmentInsts(&DVR)) 6841 CheckDI(DVR.getFunction() == I->getFunction(), 6842 "inst not in same function as #dbg_assign", I, &DVR, BB, F); 6843 } 6844 6845 // This check is redundant with one in visitLocalVariable(). 6846 DILocalVariable *Var = DVR.getVariable(); 6847 CheckDI(isType(Var->getRawType()), "invalid type ref", Var, Var->getRawType(), 6848 BB, F); 6849 6850 auto *DLNode = DVR.getDebugLoc().getAsMDNode(); 6851 CheckDI(isa_and_nonnull<DILocation>(DLNode), "invalid #dbg record DILocation", 6852 &DVR, DLNode, BB, F); 6853 DILocation *Loc = DVR.getDebugLoc(); 6854 6855 // The scopes for variables and !dbg attachments must agree. 6856 DISubprogram *VarSP = getSubprogram(Var->getRawScope()); 6857 DISubprogram *LocSP = getSubprogram(Loc->getRawScope()); 6858 if (!VarSP || !LocSP) 6859 return; // Broken scope chains are checked elsewhere. 6860 6861 CheckDI(VarSP == LocSP, 6862 "mismatched subprogram between #dbg record variable and DILocation", 6863 &DVR, BB, F, Var, Var->getScope()->getSubprogram(), Loc, 6864 Loc->getScope()->getSubprogram(), BB, F); 6865 6866 verifyFnArgs(DVR); 6867 } 6868 6869 void Verifier::visitVPIntrinsic(VPIntrinsic &VPI) { 6870 if (auto *VPCast = dyn_cast<VPCastIntrinsic>(&VPI)) { 6871 auto *RetTy = cast<VectorType>(VPCast->getType()); 6872 auto *ValTy = cast<VectorType>(VPCast->getOperand(0)->getType()); 6873 Check(RetTy->getElementCount() == ValTy->getElementCount(), 6874 "VP cast intrinsic first argument and result vector lengths must be " 6875 "equal", 6876 *VPCast); 6877 6878 switch (VPCast->getIntrinsicID()) { 6879 default: 6880 llvm_unreachable("Unknown VP cast intrinsic"); 6881 case Intrinsic::vp_trunc: 6882 Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(), 6883 "llvm.vp.trunc intrinsic first argument and result element type " 6884 "must be integer", 6885 *VPCast); 6886 Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(), 6887 "llvm.vp.trunc intrinsic the bit size of first argument must be " 6888 "larger than the bit size of the return type", 6889 *VPCast); 6890 break; 6891 case Intrinsic::vp_zext: 6892 case Intrinsic::vp_sext: 6893 Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(), 6894 "llvm.vp.zext or llvm.vp.sext intrinsic first argument and result " 6895 "element type must be integer", 6896 *VPCast); 6897 Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(), 6898 "llvm.vp.zext or llvm.vp.sext intrinsic the bit size of first " 6899 "argument must be smaller than the bit size of the return type", 6900 *VPCast); 6901 break; 6902 case Intrinsic::vp_fptoui: 6903 case Intrinsic::vp_fptosi: 6904 case Intrinsic::vp_lrint: 6905 case Intrinsic::vp_llrint: 6906 Check( 6907 RetTy->isIntOrIntVectorTy() && ValTy->isFPOrFPVectorTy(), 6908 "llvm.vp.fptoui, llvm.vp.fptosi, llvm.vp.lrint or llvm.vp.llrint" "intrinsic first argument element " 6909 "type must be floating-point and result element type must be integer", 6910 *VPCast); 6911 break; 6912 case Intrinsic::vp_uitofp: 6913 case Intrinsic::vp_sitofp: 6914 Check( 6915 RetTy->isFPOrFPVectorTy() && ValTy->isIntOrIntVectorTy(), 6916 "llvm.vp.uitofp or llvm.vp.sitofp intrinsic first argument element " 6917 "type must be integer and result element type must be floating-point", 6918 *VPCast); 6919 break; 6920 case Intrinsic::vp_fptrunc: 6921 Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(), 6922 "llvm.vp.fptrunc intrinsic first argument and result element type " 6923 "must be floating-point", 6924 *VPCast); 6925 Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(), 6926 "llvm.vp.fptrunc intrinsic the bit size of first argument must be " 6927 "larger than the bit size of the return type", 6928 *VPCast); 6929 break; 6930 case Intrinsic::vp_fpext: 6931 Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(), 6932 "llvm.vp.fpext intrinsic first argument and result element type " 6933 "must be floating-point", 6934 *VPCast); 6935 Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(), 6936 "llvm.vp.fpext intrinsic the bit size of first argument must be " 6937 "smaller than the bit size of the return type", 6938 *VPCast); 6939 break; 6940 case Intrinsic::vp_ptrtoint: 6941 Check(RetTy->isIntOrIntVectorTy() && ValTy->isPtrOrPtrVectorTy(), 6942 "llvm.vp.ptrtoint intrinsic first argument element type must be " 6943 "pointer and result element type must be integer", 6944 *VPCast); 6945 break; 6946 case Intrinsic::vp_inttoptr: 6947 Check(RetTy->isPtrOrPtrVectorTy() && ValTy->isIntOrIntVectorTy(), 6948 "llvm.vp.inttoptr intrinsic first argument element type must be " 6949 "integer and result element type must be pointer", 6950 *VPCast); 6951 break; 6952 } 6953 } 6954 6955 switch (VPI.getIntrinsicID()) { 6956 case Intrinsic::vp_fcmp: { 6957 auto Pred = cast<VPCmpIntrinsic>(&VPI)->getPredicate(); 6958 Check(CmpInst::isFPPredicate(Pred), 6959 "invalid predicate for VP FP comparison intrinsic", &VPI); 6960 break; 6961 } 6962 case Intrinsic::vp_icmp: { 6963 auto Pred = cast<VPCmpIntrinsic>(&VPI)->getPredicate(); 6964 Check(CmpInst::isIntPredicate(Pred), 6965 "invalid predicate for VP integer comparison intrinsic", &VPI); 6966 break; 6967 } 6968 case Intrinsic::vp_is_fpclass: { 6969 auto TestMask = cast<ConstantInt>(VPI.getOperand(1)); 6970 Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0, 6971 "unsupported bits for llvm.vp.is.fpclass test mask"); 6972 break; 6973 } 6974 case Intrinsic::experimental_vp_splice: { 6975 VectorType *VecTy = cast<VectorType>(VPI.getType()); 6976 int64_t Idx = cast<ConstantInt>(VPI.getArgOperand(2))->getSExtValue(); 6977 int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue(); 6978 if (VPI.getParent() && VPI.getParent()->getParent()) { 6979 AttributeList Attrs = VPI.getParent()->getParent()->getAttributes(); 6980 if (Attrs.hasFnAttr(Attribute::VScaleRange)) 6981 KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin(); 6982 } 6983 Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) || 6984 (Idx >= 0 && Idx < KnownMinNumElements), 6985 "The splice index exceeds the range [-VL, VL-1] where VL is the " 6986 "known minimum number of elements in the vector. For scalable " 6987 "vectors the minimum number of elements is determined from " 6988 "vscale_range.", 6989 &VPI); 6990 break; 6991 } 6992 } 6993 } 6994 6995 void Verifier::visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI) { 6996 unsigned NumOperands = FPI.getNonMetadataArgCount(); 6997 bool HasRoundingMD = 6998 Intrinsic::hasConstrainedFPRoundingModeOperand(FPI.getIntrinsicID()); 6999 7000 // Add the expected number of metadata operands. 7001 NumOperands += (1 + HasRoundingMD); 7002 7003 // Compare intrinsics carry an extra predicate metadata operand. 7004 if (isa<ConstrainedFPCmpIntrinsic>(FPI)) 7005 NumOperands += 1; 7006 Check((FPI.arg_size() == NumOperands), 7007 "invalid arguments for constrained FP intrinsic", &FPI); 7008 7009 switch (FPI.getIntrinsicID()) { 7010 case Intrinsic::experimental_constrained_lrint: 7011 case Intrinsic::experimental_constrained_llrint: { 7012 Type *ValTy = FPI.getArgOperand(0)->getType(); 7013 Type *ResultTy = FPI.getType(); 7014 Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(), 7015 "Intrinsic does not support vectors", &FPI); 7016 break; 7017 } 7018 7019 case Intrinsic::experimental_constrained_lround: 7020 case Intrinsic::experimental_constrained_llround: { 7021 Type *ValTy = FPI.getArgOperand(0)->getType(); 7022 Type *ResultTy = FPI.getType(); 7023 Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(), 7024 "Intrinsic does not support vectors", &FPI); 7025 break; 7026 } 7027 7028 case Intrinsic::experimental_constrained_fcmp: 7029 case Intrinsic::experimental_constrained_fcmps: { 7030 auto Pred = cast<ConstrainedFPCmpIntrinsic>(&FPI)->getPredicate(); 7031 Check(CmpInst::isFPPredicate(Pred), 7032 "invalid predicate for constrained FP comparison intrinsic", &FPI); 7033 break; 7034 } 7035 7036 case Intrinsic::experimental_constrained_fptosi: 7037 case Intrinsic::experimental_constrained_fptoui: { 7038 Value *Operand = FPI.getArgOperand(0); 7039 ElementCount SrcEC; 7040 Check(Operand->getType()->isFPOrFPVectorTy(), 7041 "Intrinsic first argument must be floating point", &FPI); 7042 if (auto *OperandT = dyn_cast<VectorType>(Operand->getType())) { 7043 SrcEC = cast<VectorType>(OperandT)->getElementCount(); 7044 } 7045 7046 Operand = &FPI; 7047 Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(), 7048 "Intrinsic first argument and result disagree on vector use", &FPI); 7049 Check(Operand->getType()->isIntOrIntVectorTy(), 7050 "Intrinsic result must be an integer", &FPI); 7051 if (auto *OperandT = dyn_cast<VectorType>(Operand->getType())) { 7052 Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(), 7053 "Intrinsic first argument and result vector lengths must be equal", 7054 &FPI); 7055 } 7056 break; 7057 } 7058 7059 case Intrinsic::experimental_constrained_sitofp: 7060 case Intrinsic::experimental_constrained_uitofp: { 7061 Value *Operand = FPI.getArgOperand(0); 7062 ElementCount SrcEC; 7063 Check(Operand->getType()->isIntOrIntVectorTy(), 7064 "Intrinsic first argument must be integer", &FPI); 7065 if (auto *OperandT = dyn_cast<VectorType>(Operand->getType())) { 7066 SrcEC = cast<VectorType>(OperandT)->getElementCount(); 7067 } 7068 7069 Operand = &FPI; 7070 Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(), 7071 "Intrinsic first argument and result disagree on vector use", &FPI); 7072 Check(Operand->getType()->isFPOrFPVectorTy(), 7073 "Intrinsic result must be a floating point", &FPI); 7074 if (auto *OperandT = dyn_cast<VectorType>(Operand->getType())) { 7075 Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(), 7076 "Intrinsic first argument and result vector lengths must be equal", 7077 &FPI); 7078 } 7079 break; 7080 } 7081 7082 case Intrinsic::experimental_constrained_fptrunc: 7083 case Intrinsic::experimental_constrained_fpext: { 7084 Value *Operand = FPI.getArgOperand(0); 7085 Type *OperandTy = Operand->getType(); 7086 Value *Result = &FPI; 7087 Type *ResultTy = Result->getType(); 7088 Check(OperandTy->isFPOrFPVectorTy(), 7089 "Intrinsic first argument must be FP or FP vector", &FPI); 7090 Check(ResultTy->isFPOrFPVectorTy(), 7091 "Intrinsic result must be FP or FP vector", &FPI); 7092 Check(OperandTy->isVectorTy() == ResultTy->isVectorTy(), 7093 "Intrinsic first argument and result disagree on vector use", &FPI); 7094 if (OperandTy->isVectorTy()) { 7095 Check(cast<VectorType>(OperandTy)->getElementCount() == 7096 cast<VectorType>(ResultTy)->getElementCount(), 7097 "Intrinsic first argument and result vector lengths must be equal", 7098 &FPI); 7099 } 7100 if (FPI.getIntrinsicID() == Intrinsic::experimental_constrained_fptrunc) { 7101 Check(OperandTy->getScalarSizeInBits() > ResultTy->getScalarSizeInBits(), 7102 "Intrinsic first argument's type must be larger than result type", 7103 &FPI); 7104 } else { 7105 Check(OperandTy->getScalarSizeInBits() < ResultTy->getScalarSizeInBits(), 7106 "Intrinsic first argument's type must be smaller than result type", 7107 &FPI); 7108 } 7109 break; 7110 } 7111 7112 default: 7113 break; 7114 } 7115 7116 // If a non-metadata argument is passed in a metadata slot then the 7117 // error will be caught earlier when the incorrect argument doesn't 7118 // match the specification in the intrinsic call table. Thus, no 7119 // argument type check is needed here. 7120 7121 Check(FPI.getExceptionBehavior().has_value(), 7122 "invalid exception behavior argument", &FPI); 7123 if (HasRoundingMD) { 7124 Check(FPI.getRoundingMode().has_value(), "invalid rounding mode argument", 7125 &FPI); 7126 } 7127 } 7128 7129 void Verifier::visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII) { 7130 auto *MD = DII.getRawLocation(); 7131 CheckDI(isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) || 7132 (isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands()), 7133 "invalid llvm.dbg." + Kind + " intrinsic address/value", &DII, MD); 7134 CheckDI(isa<DILocalVariable>(DII.getRawVariable()), 7135 "invalid llvm.dbg." + Kind + " intrinsic variable", &DII, 7136 DII.getRawVariable()); 7137 CheckDI(isa<DIExpression>(DII.getRawExpression()), 7138 "invalid llvm.dbg." + Kind + " intrinsic expression", &DII, 7139 DII.getRawExpression()); 7140 7141 if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(&DII)) { 7142 CheckDI(isa<DIAssignID>(DAI->getRawAssignID()), 7143 "invalid llvm.dbg.assign intrinsic DIAssignID", &DII, 7144 DAI->getRawAssignID()); 7145 const auto *RawAddr = DAI->getRawAddress(); 7146 CheckDI( 7147 isa<ValueAsMetadata>(RawAddr) || 7148 (isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()), 7149 "invalid llvm.dbg.assign intrinsic address", &DII, 7150 DAI->getRawAddress()); 7151 CheckDI(isa<DIExpression>(DAI->getRawAddressExpression()), 7152 "invalid llvm.dbg.assign intrinsic address expression", &DII, 7153 DAI->getRawAddressExpression()); 7154 // All of the linked instructions should be in the same function as DII. 7155 for (Instruction *I : at::getAssignmentInsts(DAI)) 7156 CheckDI(DAI->getFunction() == I->getFunction(), 7157 "inst not in same function as dbg.assign", I, DAI); 7158 } 7159 7160 // Ignore broken !dbg attachments; they're checked elsewhere. 7161 if (MDNode *N = DII.getDebugLoc().getAsMDNode()) 7162 if (!isa<DILocation>(N)) 7163 return; 7164 7165 BasicBlock *BB = DII.getParent(); 7166 Function *F = BB ? BB->getParent() : nullptr; 7167 7168 // The scopes for variables and !dbg attachments must agree. 7169 DILocalVariable *Var = DII.getVariable(); 7170 DILocation *Loc = DII.getDebugLoc(); 7171 CheckDI(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment", 7172 &DII, BB, F); 7173 7174 DISubprogram *VarSP = getSubprogram(Var->getRawScope()); 7175 DISubprogram *LocSP = getSubprogram(Loc->getRawScope()); 7176 if (!VarSP || !LocSP) 7177 return; // Broken scope chains are checked elsewhere. 7178 7179 CheckDI(VarSP == LocSP, 7180 "mismatched subprogram between llvm.dbg." + Kind + 7181 " variable and !dbg attachment", 7182 &DII, BB, F, Var, Var->getScope()->getSubprogram(), Loc, 7183 Loc->getScope()->getSubprogram()); 7184 7185 // This check is redundant with one in visitLocalVariable(). 7186 CheckDI(isType(Var->getRawType()), "invalid type ref", Var, 7187 Var->getRawType()); 7188 verifyFnArgs(DII); 7189 } 7190 7191 void Verifier::visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI) { 7192 CheckDI(isa<DILabel>(DLI.getRawLabel()), 7193 "invalid llvm.dbg." + Kind + " intrinsic variable", &DLI, 7194 DLI.getRawLabel()); 7195 7196 // Ignore broken !dbg attachments; they're checked elsewhere. 7197 if (MDNode *N = DLI.getDebugLoc().getAsMDNode()) 7198 if (!isa<DILocation>(N)) 7199 return; 7200 7201 BasicBlock *BB = DLI.getParent(); 7202 Function *F = BB ? BB->getParent() : nullptr; 7203 7204 // The scopes for variables and !dbg attachments must agree. 7205 DILabel *Label = DLI.getLabel(); 7206 DILocation *Loc = DLI.getDebugLoc(); 7207 Check(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment", &DLI, 7208 BB, F); 7209 7210 DISubprogram *LabelSP = getSubprogram(Label->getRawScope()); 7211 DISubprogram *LocSP = getSubprogram(Loc->getRawScope()); 7212 if (!LabelSP || !LocSP) 7213 return; 7214 7215 CheckDI(LabelSP == LocSP, 7216 "mismatched subprogram between llvm.dbg." + Kind + 7217 " label and !dbg attachment", 7218 &DLI, BB, F, Label, Label->getScope()->getSubprogram(), Loc, 7219 Loc->getScope()->getSubprogram()); 7220 } 7221 7222 void Verifier::verifyFragmentExpression(const DbgVariableIntrinsic &I) { 7223 DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(I.getRawVariable()); 7224 DIExpression *E = dyn_cast_or_null<DIExpression>(I.getRawExpression()); 7225 7226 // We don't know whether this intrinsic verified correctly. 7227 if (!V || !E || !E->isValid()) 7228 return; 7229 7230 // Nothing to do if this isn't a DW_OP_LLVM_fragment expression. 7231 auto Fragment = E->getFragmentInfo(); 7232 if (!Fragment) 7233 return; 7234 7235 // The frontend helps out GDB by emitting the members of local anonymous 7236 // unions as artificial local variables with shared storage. When SROA splits 7237 // the storage for artificial local variables that are smaller than the entire 7238 // union, the overhang piece will be outside of the allotted space for the 7239 // variable and this check fails. 7240 // FIXME: Remove this check as soon as clang stops doing this; it hides bugs. 7241 if (V->isArtificial()) 7242 return; 7243 7244 verifyFragmentExpression(*V, *Fragment, &I); 7245 } 7246 void Verifier::verifyFragmentExpression(const DbgVariableRecord &DVR) { 7247 DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(DVR.getRawVariable()); 7248 DIExpression *E = dyn_cast_or_null<DIExpression>(DVR.getRawExpression()); 7249 7250 // We don't know whether this intrinsic verified correctly. 7251 if (!V || !E || !E->isValid()) 7252 return; 7253 7254 // Nothing to do if this isn't a DW_OP_LLVM_fragment expression. 7255 auto Fragment = E->getFragmentInfo(); 7256 if (!Fragment) 7257 return; 7258 7259 // The frontend helps out GDB by emitting the members of local anonymous 7260 // unions as artificial local variables with shared storage. When SROA splits 7261 // the storage for artificial local variables that are smaller than the entire 7262 // union, the overhang piece will be outside of the allotted space for the 7263 // variable and this check fails. 7264 // FIXME: Remove this check as soon as clang stops doing this; it hides bugs. 7265 if (V->isArtificial()) 7266 return; 7267 7268 verifyFragmentExpression(*V, *Fragment, &DVR); 7269 } 7270 7271 template <typename ValueOrMetadata> 7272 void Verifier::verifyFragmentExpression(const DIVariable &V, 7273 DIExpression::FragmentInfo Fragment, 7274 ValueOrMetadata *Desc) { 7275 // If there's no size, the type is broken, but that should be checked 7276 // elsewhere. 7277 auto VarSize = V.getSizeInBits(); 7278 if (!VarSize) 7279 return; 7280 7281 unsigned FragSize = Fragment.SizeInBits; 7282 unsigned FragOffset = Fragment.OffsetInBits; 7283 CheckDI(FragSize + FragOffset <= *VarSize, 7284 "fragment is larger than or outside of variable", Desc, &V); 7285 CheckDI(FragSize != *VarSize, "fragment covers entire variable", Desc, &V); 7286 } 7287 7288 void Verifier::verifyFnArgs(const DbgVariableIntrinsic &I) { 7289 // This function does not take the scope of noninlined function arguments into 7290 // account. Don't run it if current function is nodebug, because it may 7291 // contain inlined debug intrinsics. 7292 if (!HasDebugInfo) 7293 return; 7294 7295 // For performance reasons only check non-inlined ones. 7296 if (I.getDebugLoc()->getInlinedAt()) 7297 return; 7298 7299 DILocalVariable *Var = I.getVariable(); 7300 CheckDI(Var, "dbg intrinsic without variable"); 7301 7302 unsigned ArgNo = Var->getArg(); 7303 if (!ArgNo) 7304 return; 7305 7306 // Verify there are no duplicate function argument debug info entries. 7307 // These will cause hard-to-debug assertions in the DWARF backend. 7308 if (DebugFnArgs.size() < ArgNo) 7309 DebugFnArgs.resize(ArgNo, nullptr); 7310 7311 auto *Prev = DebugFnArgs[ArgNo - 1]; 7312 DebugFnArgs[ArgNo - 1] = Var; 7313 CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &I, 7314 Prev, Var); 7315 } 7316 void Verifier::verifyFnArgs(const DbgVariableRecord &DVR) { 7317 // This function does not take the scope of noninlined function arguments into 7318 // account. Don't run it if current function is nodebug, because it may 7319 // contain inlined debug intrinsics. 7320 if (!HasDebugInfo) 7321 return; 7322 7323 // For performance reasons only check non-inlined ones. 7324 if (DVR.getDebugLoc()->getInlinedAt()) 7325 return; 7326 7327 DILocalVariable *Var = DVR.getVariable(); 7328 CheckDI(Var, "#dbg record without variable"); 7329 7330 unsigned ArgNo = Var->getArg(); 7331 if (!ArgNo) 7332 return; 7333 7334 // Verify there are no duplicate function argument debug info entries. 7335 // These will cause hard-to-debug assertions in the DWARF backend. 7336 if (DebugFnArgs.size() < ArgNo) 7337 DebugFnArgs.resize(ArgNo, nullptr); 7338 7339 auto *Prev = DebugFnArgs[ArgNo - 1]; 7340 DebugFnArgs[ArgNo - 1] = Var; 7341 CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &DVR, 7342 Prev, Var); 7343 } 7344 7345 void Verifier::verifyNotEntryValue(const DbgVariableIntrinsic &I) { 7346 DIExpression *E = dyn_cast_or_null<DIExpression>(I.getRawExpression()); 7347 7348 // We don't know whether this intrinsic verified correctly. 7349 if (!E || !E->isValid()) 7350 return; 7351 7352 if (isa<ValueAsMetadata>(I.getRawLocation())) { 7353 Value *VarValue = I.getVariableLocationOp(0); 7354 if (isa<UndefValue>(VarValue) || isa<PoisonValue>(VarValue)) 7355 return; 7356 // We allow EntryValues for swift async arguments, as they have an 7357 // ABI-guarantee to be turned into a specific register. 7358 if (auto *ArgLoc = dyn_cast_or_null<Argument>(VarValue); 7359 ArgLoc && ArgLoc->hasAttribute(Attribute::SwiftAsync)) 7360 return; 7361 } 7362 7363 CheckDI(!E->isEntryValue(), 7364 "Entry values are only allowed in MIR unless they target a " 7365 "swiftasync Argument", 7366 &I); 7367 } 7368 void Verifier::verifyNotEntryValue(const DbgVariableRecord &DVR) { 7369 DIExpression *E = dyn_cast_or_null<DIExpression>(DVR.getRawExpression()); 7370 7371 // We don't know whether this intrinsic verified correctly. 7372 if (!E || !E->isValid()) 7373 return; 7374 7375 if (isa<ValueAsMetadata>(DVR.getRawLocation())) { 7376 Value *VarValue = DVR.getVariableLocationOp(0); 7377 if (isa<UndefValue>(VarValue) || isa<PoisonValue>(VarValue)) 7378 return; 7379 // We allow EntryValues for swift async arguments, as they have an 7380 // ABI-guarantee to be turned into a specific register. 7381 if (auto *ArgLoc = dyn_cast_or_null<Argument>(VarValue); 7382 ArgLoc && ArgLoc->hasAttribute(Attribute::SwiftAsync)) 7383 return; 7384 } 7385 7386 CheckDI(!E->isEntryValue(), 7387 "Entry values are only allowed in MIR unless they target a " 7388 "swiftasync Argument", 7389 &DVR); 7390 } 7391 7392 void Verifier::verifyCompileUnits() { 7393 // When more than one Module is imported into the same context, such as during 7394 // an LTO build before linking the modules, ODR type uniquing may cause types 7395 // to point to a different CU. This check does not make sense in this case. 7396 if (M.getContext().isODRUniquingDebugTypes()) 7397 return; 7398 auto *CUs = M.getNamedMetadata("llvm.dbg.cu"); 7399 SmallPtrSet<const Metadata *, 2> Listed; 7400 if (CUs) 7401 Listed.insert_range(CUs->operands()); 7402 for (const auto *CU : CUVisited) 7403 CheckDI(Listed.count(CU), "DICompileUnit not listed in llvm.dbg.cu", CU); 7404 CUVisited.clear(); 7405 } 7406 7407 void Verifier::verifyDeoptimizeCallingConvs() { 7408 if (DeoptimizeDeclarations.empty()) 7409 return; 7410 7411 const Function *First = DeoptimizeDeclarations[0]; 7412 for (const auto *F : ArrayRef(DeoptimizeDeclarations).slice(1)) { 7413 Check(First->getCallingConv() == F->getCallingConv(), 7414 "All llvm.experimental.deoptimize declarations must have the same " 7415 "calling convention", 7416 First, F); 7417 } 7418 } 7419 7420 void Verifier::verifyAttachedCallBundle(const CallBase &Call, 7421 const OperandBundleUse &BU) { 7422 FunctionType *FTy = Call.getFunctionType(); 7423 7424 Check((FTy->getReturnType()->isPointerTy() || 7425 (Call.doesNotReturn() && FTy->getReturnType()->isVoidTy())), 7426 "a call with operand bundle \"clang.arc.attachedcall\" must call a " 7427 "function returning a pointer or a non-returning function that has a " 7428 "void return type", 7429 Call); 7430 7431 Check(BU.Inputs.size() == 1 && isa<Function>(BU.Inputs.front()), 7432 "operand bundle \"clang.arc.attachedcall\" requires one function as " 7433 "an argument", 7434 Call); 7435 7436 auto *Fn = cast<Function>(BU.Inputs.front()); 7437 Intrinsic::ID IID = Fn->getIntrinsicID(); 7438 7439 if (IID) { 7440 Check((IID == Intrinsic::objc_retainAutoreleasedReturnValue || 7441 IID == Intrinsic::objc_claimAutoreleasedReturnValue || 7442 IID == Intrinsic::objc_unsafeClaimAutoreleasedReturnValue), 7443 "invalid function argument", Call); 7444 } else { 7445 StringRef FnName = Fn->getName(); 7446 Check((FnName == "objc_retainAutoreleasedReturnValue" || 7447 FnName == "objc_claimAutoreleasedReturnValue" || 7448 FnName == "objc_unsafeClaimAutoreleasedReturnValue"), 7449 "invalid function argument", Call); 7450 } 7451 } 7452 7453 void Verifier::verifyNoAliasScopeDecl() { 7454 if (NoAliasScopeDecls.empty()) 7455 return; 7456 7457 // only a single scope must be declared at a time. 7458 for (auto *II : NoAliasScopeDecls) { 7459 assert(II->getIntrinsicID() == Intrinsic::experimental_noalias_scope_decl && 7460 "Not a llvm.experimental.noalias.scope.decl ?"); 7461 const auto *ScopeListMV = dyn_cast<MetadataAsValue>( 7462 II->getOperand(Intrinsic::NoAliasScopeDeclScopeArg)); 7463 Check(ScopeListMV != nullptr, 7464 "llvm.experimental.noalias.scope.decl must have a MetadataAsValue " 7465 "argument", 7466 II); 7467 7468 const auto *ScopeListMD = dyn_cast<MDNode>(ScopeListMV->getMetadata()); 7469 Check(ScopeListMD != nullptr, "!id.scope.list must point to an MDNode", II); 7470 Check(ScopeListMD->getNumOperands() == 1, 7471 "!id.scope.list must point to a list with a single scope", II); 7472 visitAliasScopeListMetadata(ScopeListMD); 7473 } 7474 7475 // Only check the domination rule when requested. Once all passes have been 7476 // adapted this option can go away. 7477 if (!VerifyNoAliasScopeDomination) 7478 return; 7479 7480 // Now sort the intrinsics based on the scope MDNode so that declarations of 7481 // the same scopes are next to each other. 7482 auto GetScope = [](IntrinsicInst *II) { 7483 const auto *ScopeListMV = cast<MetadataAsValue>( 7484 II->getOperand(Intrinsic::NoAliasScopeDeclScopeArg)); 7485 return &cast<MDNode>(ScopeListMV->getMetadata())->getOperand(0); 7486 }; 7487 7488 // We are sorting on MDNode pointers here. For valid input IR this is ok. 7489 // TODO: Sort on Metadata ID to avoid non-deterministic error messages. 7490 auto Compare = [GetScope](IntrinsicInst *Lhs, IntrinsicInst *Rhs) { 7491 return GetScope(Lhs) < GetScope(Rhs); 7492 }; 7493 7494 llvm::sort(NoAliasScopeDecls, Compare); 7495 7496 // Go over the intrinsics and check that for the same scope, they are not 7497 // dominating each other. 7498 auto ItCurrent = NoAliasScopeDecls.begin(); 7499 while (ItCurrent != NoAliasScopeDecls.end()) { 7500 auto CurScope = GetScope(*ItCurrent); 7501 auto ItNext = ItCurrent; 7502 do { 7503 ++ItNext; 7504 } while (ItNext != NoAliasScopeDecls.end() && 7505 GetScope(*ItNext) == CurScope); 7506 7507 // [ItCurrent, ItNext) represents the declarations for the same scope. 7508 // Ensure they are not dominating each other.. but only if it is not too 7509 // expensive. 7510 if (ItNext - ItCurrent < 32) 7511 for (auto *I : llvm::make_range(ItCurrent, ItNext)) 7512 for (auto *J : llvm::make_range(ItCurrent, ItNext)) 7513 if (I != J) 7514 Check(!DT.dominates(I, J), 7515 "llvm.experimental.noalias.scope.decl dominates another one " 7516 "with the same scope", 7517 I); 7518 ItCurrent = ItNext; 7519 } 7520 } 7521 7522 //===----------------------------------------------------------------------===// 7523 // Implement the public interfaces to this file... 7524 //===----------------------------------------------------------------------===// 7525 7526 bool llvm::verifyFunction(const Function &f, raw_ostream *OS) { 7527 Function &F = const_cast<Function &>(f); 7528 7529 // Don't use a raw_null_ostream. Printing IR is expensive. 7530 Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/true, *f.getParent()); 7531 7532 // Note that this function's return value is inverted from what you would 7533 // expect of a function called "verify". 7534 return !V.verify(F); 7535 } 7536 7537 bool llvm::verifyModule(const Module &M, raw_ostream *OS, 7538 bool *BrokenDebugInfo) { 7539 // Don't use a raw_null_ostream. Printing IR is expensive. 7540 Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/!BrokenDebugInfo, M); 7541 7542 bool Broken = false; 7543 for (const Function &F : M) 7544 Broken |= !V.verify(F); 7545 7546 Broken |= !V.verify(); 7547 if (BrokenDebugInfo) 7548 *BrokenDebugInfo = V.hasBrokenDebugInfo(); 7549 // Note that this function's return value is inverted from what you would 7550 // expect of a function called "verify". 7551 return Broken; 7552 } 7553 7554 namespace { 7555 7556 struct VerifierLegacyPass : public FunctionPass { 7557 static char ID; 7558 7559 std::unique_ptr<Verifier> V; 7560 bool FatalErrors = true; 7561 7562 VerifierLegacyPass() : FunctionPass(ID) { 7563 initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry()); 7564 } 7565 explicit VerifierLegacyPass(bool FatalErrors) 7566 : FunctionPass(ID), 7567 FatalErrors(FatalErrors) { 7568 initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry()); 7569 } 7570 7571 bool doInitialization(Module &M) override { 7572 V = std::make_unique<Verifier>( 7573 &dbgs(), /*ShouldTreatBrokenDebugInfoAsError=*/false, M); 7574 return false; 7575 } 7576 7577 bool runOnFunction(Function &F) override { 7578 if (!V->verify(F) && FatalErrors) { 7579 errs() << "in function " << F.getName() << '\n'; 7580 report_fatal_error("Broken function found, compilation aborted!"); 7581 } 7582 return false; 7583 } 7584 7585 bool doFinalization(Module &M) override { 7586 bool HasErrors = false; 7587 for (Function &F : M) 7588 if (F.isDeclaration()) 7589 HasErrors |= !V->verify(F); 7590 7591 HasErrors |= !V->verify(); 7592 if (FatalErrors && (HasErrors || V->hasBrokenDebugInfo())) 7593 report_fatal_error("Broken module found, compilation aborted!"); 7594 return false; 7595 } 7596 7597 void getAnalysisUsage(AnalysisUsage &AU) const override { 7598 AU.setPreservesAll(); 7599 } 7600 }; 7601 7602 } // end anonymous namespace 7603 7604 /// Helper to issue failure from the TBAA verification 7605 template <typename... Tys> void TBAAVerifier::CheckFailed(Tys &&... Args) { 7606 if (Diagnostic) 7607 return Diagnostic->CheckFailed(Args...); 7608 } 7609 7610 #define CheckTBAA(C, ...) \ 7611 do { \ 7612 if (!(C)) { \ 7613 CheckFailed(__VA_ARGS__); \ 7614 return false; \ 7615 } \ 7616 } while (false) 7617 7618 /// Verify that \p BaseNode can be used as the "base type" in the struct-path 7619 /// TBAA scheme. This means \p BaseNode is either a scalar node, or a 7620 /// struct-type node describing an aggregate data structure (like a struct). 7621 TBAAVerifier::TBAABaseNodeSummary 7622 TBAAVerifier::verifyTBAABaseNode(Instruction &I, const MDNode *BaseNode, 7623 bool IsNewFormat) { 7624 if (BaseNode->getNumOperands() < 2) { 7625 CheckFailed("Base nodes must have at least two operands", &I, BaseNode); 7626 return {true, ~0u}; 7627 } 7628 7629 auto Itr = TBAABaseNodes.find(BaseNode); 7630 if (Itr != TBAABaseNodes.end()) 7631 return Itr->second; 7632 7633 auto Result = verifyTBAABaseNodeImpl(I, BaseNode, IsNewFormat); 7634 auto InsertResult = TBAABaseNodes.insert({BaseNode, Result}); 7635 (void)InsertResult; 7636 assert(InsertResult.second && "We just checked!"); 7637 return Result; 7638 } 7639 7640 TBAAVerifier::TBAABaseNodeSummary 7641 TBAAVerifier::verifyTBAABaseNodeImpl(Instruction &I, const MDNode *BaseNode, 7642 bool IsNewFormat) { 7643 const TBAAVerifier::TBAABaseNodeSummary InvalidNode = {true, ~0u}; 7644 7645 if (BaseNode->getNumOperands() == 2) { 7646 // Scalar nodes can only be accessed at offset 0. 7647 return isValidScalarTBAANode(BaseNode) 7648 ? TBAAVerifier::TBAABaseNodeSummary({false, 0}) 7649 : InvalidNode; 7650 } 7651 7652 if (IsNewFormat) { 7653 if (BaseNode->getNumOperands() % 3 != 0) { 7654 CheckFailed("Access tag nodes must have the number of operands that is a " 7655 "multiple of 3!", BaseNode); 7656 return InvalidNode; 7657 } 7658 } else { 7659 if (BaseNode->getNumOperands() % 2 != 1) { 7660 CheckFailed("Struct tag nodes must have an odd number of operands!", 7661 BaseNode); 7662 return InvalidNode; 7663 } 7664 } 7665 7666 // Check the type size field. 7667 if (IsNewFormat) { 7668 auto *TypeSizeNode = mdconst::dyn_extract_or_null<ConstantInt>( 7669 BaseNode->getOperand(1)); 7670 if (!TypeSizeNode) { 7671 CheckFailed("Type size nodes must be constants!", &I, BaseNode); 7672 return InvalidNode; 7673 } 7674 } 7675 7676 // Check the type name field. In the new format it can be anything. 7677 if (!IsNewFormat && !isa<MDString>(BaseNode->getOperand(0))) { 7678 CheckFailed("Struct tag nodes have a string as their first operand", 7679 BaseNode); 7680 return InvalidNode; 7681 } 7682 7683 bool Failed = false; 7684 7685 std::optional<APInt> PrevOffset; 7686 unsigned BitWidth = ~0u; 7687 7688 // We've already checked that BaseNode is not a degenerate root node with one 7689 // operand in \c verifyTBAABaseNode, so this loop should run at least once. 7690 unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1; 7691 unsigned NumOpsPerField = IsNewFormat ? 3 : 2; 7692 for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands(); 7693 Idx += NumOpsPerField) { 7694 const MDOperand &FieldTy = BaseNode->getOperand(Idx); 7695 const MDOperand &FieldOffset = BaseNode->getOperand(Idx + 1); 7696 if (!isa<MDNode>(FieldTy)) { 7697 CheckFailed("Incorrect field entry in struct type node!", &I, BaseNode); 7698 Failed = true; 7699 continue; 7700 } 7701 7702 auto *OffsetEntryCI = 7703 mdconst::dyn_extract_or_null<ConstantInt>(FieldOffset); 7704 if (!OffsetEntryCI) { 7705 CheckFailed("Offset entries must be constants!", &I, BaseNode); 7706 Failed = true; 7707 continue; 7708 } 7709 7710 if (BitWidth == ~0u) 7711 BitWidth = OffsetEntryCI->getBitWidth(); 7712 7713 if (OffsetEntryCI->getBitWidth() != BitWidth) { 7714 CheckFailed( 7715 "Bitwidth between the offsets and struct type entries must match", &I, 7716 BaseNode); 7717 Failed = true; 7718 continue; 7719 } 7720 7721 // NB! As far as I can tell, we generate a non-strictly increasing offset 7722 // sequence only from structs that have zero size bit fields. When 7723 // recursing into a contained struct in \c getFieldNodeFromTBAABaseNode we 7724 // pick the field lexically the latest in struct type metadata node. This 7725 // mirrors the actual behavior of the alias analysis implementation. 7726 bool IsAscending = 7727 !PrevOffset || PrevOffset->ule(OffsetEntryCI->getValue()); 7728 7729 if (!IsAscending) { 7730 CheckFailed("Offsets must be increasing!", &I, BaseNode); 7731 Failed = true; 7732 } 7733 7734 PrevOffset = OffsetEntryCI->getValue(); 7735 7736 if (IsNewFormat) { 7737 auto *MemberSizeNode = mdconst::dyn_extract_or_null<ConstantInt>( 7738 BaseNode->getOperand(Idx + 2)); 7739 if (!MemberSizeNode) { 7740 CheckFailed("Member size entries must be constants!", &I, BaseNode); 7741 Failed = true; 7742 continue; 7743 } 7744 } 7745 } 7746 7747 return Failed ? InvalidNode 7748 : TBAAVerifier::TBAABaseNodeSummary(false, BitWidth); 7749 } 7750 7751 static bool IsRootTBAANode(const MDNode *MD) { 7752 return MD->getNumOperands() < 2; 7753 } 7754 7755 static bool IsScalarTBAANodeImpl(const MDNode *MD, 7756 SmallPtrSetImpl<const MDNode *> &Visited) { 7757 if (MD->getNumOperands() != 2 && MD->getNumOperands() != 3) 7758 return false; 7759 7760 if (!isa<MDString>(MD->getOperand(0))) 7761 return false; 7762 7763 if (MD->getNumOperands() == 3) { 7764 auto *Offset = mdconst::dyn_extract<ConstantInt>(MD->getOperand(2)); 7765 if (!(Offset && Offset->isZero() && isa<MDString>(MD->getOperand(0)))) 7766 return false; 7767 } 7768 7769 auto *Parent = dyn_cast_or_null<MDNode>(MD->getOperand(1)); 7770 return Parent && Visited.insert(Parent).second && 7771 (IsRootTBAANode(Parent) || IsScalarTBAANodeImpl(Parent, Visited)); 7772 } 7773 7774 bool TBAAVerifier::isValidScalarTBAANode(const MDNode *MD) { 7775 auto ResultIt = TBAAScalarNodes.find(MD); 7776 if (ResultIt != TBAAScalarNodes.end()) 7777 return ResultIt->second; 7778 7779 SmallPtrSet<const MDNode *, 4> Visited; 7780 bool Result = IsScalarTBAANodeImpl(MD, Visited); 7781 auto InsertResult = TBAAScalarNodes.insert({MD, Result}); 7782 (void)InsertResult; 7783 assert(InsertResult.second && "Just checked!"); 7784 7785 return Result; 7786 } 7787 7788 /// Returns the field node at the offset \p Offset in \p BaseNode. Update \p 7789 /// Offset in place to be the offset within the field node returned. 7790 /// 7791 /// We assume we've okayed \p BaseNode via \c verifyTBAABaseNode. 7792 MDNode *TBAAVerifier::getFieldNodeFromTBAABaseNode(Instruction &I, 7793 const MDNode *BaseNode, 7794 APInt &Offset, 7795 bool IsNewFormat) { 7796 assert(BaseNode->getNumOperands() >= 2 && "Invalid base node!"); 7797 7798 // Scalar nodes have only one possible "field" -- their parent in the access 7799 // hierarchy. Offset must be zero at this point, but our caller is supposed 7800 // to check that. 7801 if (BaseNode->getNumOperands() == 2) 7802 return cast<MDNode>(BaseNode->getOperand(1)); 7803 7804 unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1; 7805 unsigned NumOpsPerField = IsNewFormat ? 3 : 2; 7806 for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands(); 7807 Idx += NumOpsPerField) { 7808 auto *OffsetEntryCI = 7809 mdconst::extract<ConstantInt>(BaseNode->getOperand(Idx + 1)); 7810 if (OffsetEntryCI->getValue().ugt(Offset)) { 7811 if (Idx == FirstFieldOpNo) { 7812 CheckFailed("Could not find TBAA parent in struct type node", &I, 7813 BaseNode, &Offset); 7814 return nullptr; 7815 } 7816 7817 unsigned PrevIdx = Idx - NumOpsPerField; 7818 auto *PrevOffsetEntryCI = 7819 mdconst::extract<ConstantInt>(BaseNode->getOperand(PrevIdx + 1)); 7820 Offset -= PrevOffsetEntryCI->getValue(); 7821 return cast<MDNode>(BaseNode->getOperand(PrevIdx)); 7822 } 7823 } 7824 7825 unsigned LastIdx = BaseNode->getNumOperands() - NumOpsPerField; 7826 auto *LastOffsetEntryCI = mdconst::extract<ConstantInt>( 7827 BaseNode->getOperand(LastIdx + 1)); 7828 Offset -= LastOffsetEntryCI->getValue(); 7829 return cast<MDNode>(BaseNode->getOperand(LastIdx)); 7830 } 7831 7832 static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) { 7833 if (!Type || Type->getNumOperands() < 3) 7834 return false; 7835 7836 // In the new format type nodes shall have a reference to the parent type as 7837 // its first operand. 7838 return isa_and_nonnull<MDNode>(Type->getOperand(0)); 7839 } 7840 7841 bool TBAAVerifier::visitTBAAMetadata(Instruction &I, const MDNode *MD) { 7842 CheckTBAA(MD->getNumOperands() > 0, "TBAA metadata cannot have 0 operands", 7843 &I, MD); 7844 7845 CheckTBAA(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<CallInst>(I) || 7846 isa<VAArgInst>(I) || isa<AtomicRMWInst>(I) || 7847 isa<AtomicCmpXchgInst>(I), 7848 "This instruction shall not have a TBAA access tag!", &I); 7849 7850 bool IsStructPathTBAA = 7851 isa<MDNode>(MD->getOperand(0)) && MD->getNumOperands() >= 3; 7852 7853 CheckTBAA(IsStructPathTBAA, 7854 "Old-style TBAA is no longer allowed, use struct-path TBAA instead", 7855 &I); 7856 7857 MDNode *BaseNode = dyn_cast_or_null<MDNode>(MD->getOperand(0)); 7858 MDNode *AccessType = dyn_cast_or_null<MDNode>(MD->getOperand(1)); 7859 7860 bool IsNewFormat = isNewFormatTBAATypeNode(AccessType); 7861 7862 if (IsNewFormat) { 7863 CheckTBAA(MD->getNumOperands() == 4 || MD->getNumOperands() == 5, 7864 "Access tag metadata must have either 4 or 5 operands", &I, MD); 7865 } else { 7866 CheckTBAA(MD->getNumOperands() < 5, 7867 "Struct tag metadata must have either 3 or 4 operands", &I, MD); 7868 } 7869 7870 // Check the access size field. 7871 if (IsNewFormat) { 7872 auto *AccessSizeNode = mdconst::dyn_extract_or_null<ConstantInt>( 7873 MD->getOperand(3)); 7874 CheckTBAA(AccessSizeNode, "Access size field must be a constant", &I, MD); 7875 } 7876 7877 // Check the immutability flag. 7878 unsigned ImmutabilityFlagOpNo = IsNewFormat ? 4 : 3; 7879 if (MD->getNumOperands() == ImmutabilityFlagOpNo + 1) { 7880 auto *IsImmutableCI = mdconst::dyn_extract_or_null<ConstantInt>( 7881 MD->getOperand(ImmutabilityFlagOpNo)); 7882 CheckTBAA(IsImmutableCI, 7883 "Immutability tag on struct tag metadata must be a constant", &I, 7884 MD); 7885 CheckTBAA( 7886 IsImmutableCI->isZero() || IsImmutableCI->isOne(), 7887 "Immutability part of the struct tag metadata must be either 0 or 1", 7888 &I, MD); 7889 } 7890 7891 CheckTBAA(BaseNode && AccessType, 7892 "Malformed struct tag metadata: base and access-type " 7893 "should be non-null and point to Metadata nodes", 7894 &I, MD, BaseNode, AccessType); 7895 7896 if (!IsNewFormat) { 7897 CheckTBAA(isValidScalarTBAANode(AccessType), 7898 "Access type node must be a valid scalar type", &I, MD, 7899 AccessType); 7900 } 7901 7902 auto *OffsetCI = mdconst::dyn_extract_or_null<ConstantInt>(MD->getOperand(2)); 7903 CheckTBAA(OffsetCI, "Offset must be constant integer", &I, MD); 7904 7905 APInt Offset = OffsetCI->getValue(); 7906 bool SeenAccessTypeInPath = false; 7907 7908 SmallPtrSet<MDNode *, 4> StructPath; 7909 7910 for (/* empty */; BaseNode && !IsRootTBAANode(BaseNode); 7911 BaseNode = getFieldNodeFromTBAABaseNode(I, BaseNode, Offset, 7912 IsNewFormat)) { 7913 if (!StructPath.insert(BaseNode).second) { 7914 CheckFailed("Cycle detected in struct path", &I, MD); 7915 return false; 7916 } 7917 7918 bool Invalid; 7919 unsigned BaseNodeBitWidth; 7920 std::tie(Invalid, BaseNodeBitWidth) = verifyTBAABaseNode(I, BaseNode, 7921 IsNewFormat); 7922 7923 // If the base node is invalid in itself, then we've already printed all the 7924 // errors we wanted to print. 7925 if (Invalid) 7926 return false; 7927 7928 SeenAccessTypeInPath |= BaseNode == AccessType; 7929 7930 if (isValidScalarTBAANode(BaseNode) || BaseNode == AccessType) 7931 CheckTBAA(Offset == 0, "Offset not zero at the point of scalar access", 7932 &I, MD, &Offset); 7933 7934 CheckTBAA(BaseNodeBitWidth == Offset.getBitWidth() || 7935 (BaseNodeBitWidth == 0 && Offset == 0) || 7936 (IsNewFormat && BaseNodeBitWidth == ~0u), 7937 "Access bit-width not the same as description bit-width", &I, MD, 7938 BaseNodeBitWidth, Offset.getBitWidth()); 7939 7940 if (IsNewFormat && SeenAccessTypeInPath) 7941 break; 7942 } 7943 7944 CheckTBAA(SeenAccessTypeInPath, "Did not see access type in access path!", &I, 7945 MD); 7946 return true; 7947 } 7948 7949 char VerifierLegacyPass::ID = 0; 7950 INITIALIZE_PASS(VerifierLegacyPass, "verify", "Module Verifier", false, false) 7951 7952 FunctionPass *llvm::createVerifierPass(bool FatalErrors) { 7953 return new VerifierLegacyPass(FatalErrors); 7954 } 7955 7956 AnalysisKey VerifierAnalysis::Key; 7957 VerifierAnalysis::Result VerifierAnalysis::run(Module &M, 7958 ModuleAnalysisManager &) { 7959 Result Res; 7960 Res.IRBroken = llvm::verifyModule(M, &dbgs(), &Res.DebugInfoBroken); 7961 return Res; 7962 } 7963 7964 VerifierAnalysis::Result VerifierAnalysis::run(Function &F, 7965 FunctionAnalysisManager &) { 7966 return { llvm::verifyFunction(F, &dbgs()), false }; 7967 } 7968 7969 PreservedAnalyses VerifierPass::run(Module &M, ModuleAnalysisManager &AM) { 7970 auto Res = AM.getResult<VerifierAnalysis>(M); 7971 if (FatalErrors && (Res.IRBroken || Res.DebugInfoBroken)) 7972 report_fatal_error("Broken module found, compilation aborted!"); 7973 7974 return PreservedAnalyses::all(); 7975 } 7976 7977 PreservedAnalyses VerifierPass::run(Function &F, FunctionAnalysisManager &AM) { 7978 auto res = AM.getResult<VerifierAnalysis>(F); 7979 if (res.IRBroken && FatalErrors) 7980 report_fatal_error("Broken function found, compilation aborted!"); 7981 7982 return PreservedAnalyses::all(); 7983 } 7984