Verifier.cpp source code [llvm_projects/llvm/lib/IR/Verifier.cpp]

1	//===-- Verifier.cpp - Implement the Module Verifier -----------------------==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines the function verifier interface, that can be used for some
10	// basic correctness checking of input to the system.
11	//
12	// Note that this does not provide full `Java style' security and verifications,
13	// instead it just tries to ensure that code is well-formed.
14	//
15	// Both of a binary operator's parameters are of the same type*
16	// Verify that the indices of mem access instructions match other operands*
17	// Verify that arithmetic and other things are only performed on first-class*
18	// types. Verify that shifts & logicals only happen on integrals f.e.
19	// All of the constants in a switch statement are of the correct type*
20	// The code is in valid SSA form*
21	// It should be illegal to put a label into any other type (like a structure)*
22	// or to return one. [except constant arrays!]
23	// Only phi nodes can be self referential: 'add i32 %0, %0 ; <int>:0' is bad*
24	// PHI nodes must have an entry for each predecessor, with no extras.*
25	// PHI nodes must be the first thing in a basic block, all grouped together*
26	// All basic blocks should only end with terminator insts, not contain them*
27	// The entry node to a function must not have predecessors*
28	// All Instructions must be embedded into a basic block*
29	// Functions cannot take a void-typed parameter*
30	// Verify that a function's argument list agrees with it's declared type.*
31	// It is illegal to specify a name for a void value.*
32	// It is illegal to have a internal global value with no initializer*
33	// It is illegal to have a ret instruction that returns a value that does not*
34	// agree with the function return value type.
35	// Function call argument types match the function prototype*
36	// A landing pad is defined by a landingpad instruction, and can be jumped to*
37	// only by the unwind edge of an invoke instruction.
38	// A landingpad instruction must be the first non-PHI instruction in the*
39	// block.
40	// Landingpad instructions must be in a function with a personality function.*
41	// Convergence control intrinsics are introduced in ConvergentOperations.rst.*
42	// The applied restrictions are too numerous to list here.
43	// The convergence entry intrinsic and the loop heart must be the first*
44	// non-PHI instruction in their respective block. This does not conflict with
45	// the landing pads, since these two kinds cannot occur in the same block.
46	// All other things that are tested by asserts spread about the code...*
47	//
48	//===----------------------------------------------------------------------===//
49
50	#include "llvm/IR/Verifier.h"
51	#include "VerifierInternal.h"
52	#include "llvm/ADT/APFloat.h"
53	#include "llvm/ADT/APInt.h"
54	#include "llvm/ADT/ArrayRef.h"
55	#include "llvm/ADT/DenseMap.h"
56	#include "llvm/ADT/MapVector.h"
57	#include "llvm/ADT/STLExtras.h"
58	#include "llvm/ADT/SmallPtrSet.h"
59	#include "llvm/ADT/SmallVector.h"
60	#include "llvm/ADT/StringExtras.h"
61	#include "llvm/ADT/StringRef.h"
62	#include "llvm/ADT/Twine.h"
63	#include "llvm/BinaryFormat/Dwarf.h"
64	#include "llvm/IR/Argument.h"
65	#include "llvm/IR/AttributeMask.h"
66	#include "llvm/IR/Attributes.h"
67	#include "llvm/IR/BasicBlock.h"
68	#include "llvm/IR/BundleAttributes.h"
69	#include "llvm/IR/CFG.h"
70	#include "llvm/IR/CallingConv.h"
71	#include "llvm/IR/Comdat.h"
72	#include "llvm/IR/Constant.h"
73	#include "llvm/IR/ConstantRange.h"
74	#include "llvm/IR/ConstantRangeList.h"
75	#include "llvm/IR/Constants.h"
76	#include "llvm/IR/ConvergenceVerifier.h"
77	#include "llvm/IR/DataLayout.h"
78	#include "llvm/IR/DebugInfo.h"
79	#include "llvm/IR/DebugInfoMetadata.h"
80	#include "llvm/IR/DebugLoc.h"
81	#include "llvm/IR/DerivedTypes.h"
82	#include "llvm/IR/Dominators.h"
83	#include "llvm/IR/EHPersonalities.h"
84	#include "llvm/IR/FPEnv.h"
85	#include "llvm/IR/Function.h"
86	#include "llvm/IR/GCStrategy.h"
87	#include "llvm/IR/GetElementPtrTypeIterator.h"
88	#include "llvm/IR/GlobalAlias.h"
89	#include "llvm/IR/GlobalValue.h"
90	#include "llvm/IR/GlobalVariable.h"
91	#include "llvm/IR/InlineAsm.h"
92	#include "llvm/IR/InstVisitor.h"
93	#include "llvm/IR/InstrTypes.h"
94	#include "llvm/IR/Instruction.h"
95	#include "llvm/IR/Instructions.h"
96	#include "llvm/IR/IntrinsicInst.h"
97	#include "llvm/IR/Intrinsics.h"
98	#include "llvm/IR/IntrinsicsAArch64.h"
99	#include "llvm/IR/IntrinsicsARM.h"
100	#include "llvm/IR/IntrinsicsNVPTX.h"
101	#include "llvm/IR/IntrinsicsWebAssembly.h"
102	#include "llvm/IR/LLVMContext.h"
103	#include "llvm/IR/MemoryModelRelaxationAnnotations.h"
104	#include "llvm/IR/Metadata.h"
105	#include "llvm/IR/Module.h"
106	#include "llvm/IR/ModuleSlotTracker.h"
107	#include "llvm/IR/PassManager.h"
108	#include "llvm/IR/ProfDataUtils.h"
109	#include "llvm/IR/Statepoint.h"
110	#include "llvm/IR/Type.h"
111	#include "llvm/IR/Use.h"
112	#include "llvm/IR/User.h"
113	#include "llvm/IR/VFABIDemangler.h"
114	#include "llvm/IR/Value.h"
115	#include "llvm/InitializePasses.h"
116	#include "llvm/Pass.h"
117	#include "llvm/ProfileData/InstrProf.h"
118	#include "llvm/Support/AtomicOrdering.h"
119	#include "llvm/Support/Casting.h"
120	#include "llvm/Support/CommandLine.h"
121	#include "llvm/Support/ErrorHandling.h"
122	#include "llvm/Support/MathExtras.h"
123	#include "llvm/Support/ModRef.h"
124	#include "llvm/Support/TimeProfiler.h"
125	#include "llvm/Support/raw_ostream.h"
126	#include "llvm/TargetParser/Triple.h"
127	#include "llvm/Transforms/Coroutines/CoroInstr.h"
128	#include <algorithm>
129	#include <cassert>
130	#include <cstdint>
131	#include <limits>
132	#include <memory>
133	#include <optional>
134	#include <queue>
135	#include <string>
136	#include <utility>
137
138	using namespace llvm;
139
140	static cl::opt<bool> VerifyNoAliasScopeDomination(
141	"verify-noalias-scope-decl-dom", cl::Hidden, cl::init(Val: false),
142	cl::desc("Ensure that llvm.experimental.noalias.scope.decl for identical "
143	"scopes are not dominating"));
144
145	namespace {
146
147	class Verifier : public InstVisitor<Verifier>, VerifierSupport {
148	friend class InstVisitor<Verifier>;
149	DominatorTree DT;
150
151	/// When verifying a basic block, keep track of all of the
152	/// instructions we have seen so far.
153	///
154	/// This allows us to do efficient dominance checks for the case when an
155	/// instruction has an operand that is an instruction in the same block.
156	SmallPtrSet<Instruction *, `16`> InstsInThisBlock;
157
158	/// Keep track of the metadata nodes that have been checked already.
159	SmallPtrSet<const Metadata *, `32`> MDNodes;
160
161	/// Keep track which DISubprogram is attached to which function.
162	DenseMap<const DISubprogram , const* Function *> DISubprogramAttachments;
163
164	/// Track all DICompileUnits visited.
165	SmallPtrSet<const Metadata *, `2`> CUVisited;
166
167	/// The result type for a landingpad.
168	Type *LandingPadResultTy;
169
170	/// Whether we've seen a call to @llvm.localescape in this function
171	/// already.
172	bool SawFrameEscape;
173
174	/// Whether the current function has a DISubprogram attached to it.
175	bool HasDebugInfo = false;
176
177	/// Stores the count of how many objects were passed to llvm.localescape for a
178	/// given function and the largest index passed to llvm.localrecover.
179	DenseMap<Function , std::pair<unsigned, unsigned*>> FrameEscapeInfo;
180
181	// Maps catchswitches and cleanuppads that unwind to siblings to the
182	// terminators that indicate the unwind, used to detect cycles therein.
183	MapVector<Instruction , Instruction > SiblingFuncletInfo;
184
185	/// Cache which blocks are in which funclet, if an EH funclet personality is
186	/// in use. Otherwise empty.
187	DenseMap<BasicBlock *, ColorVector> BlockEHFuncletColors;
188
189	/// Cache of constants visited in search of ConstantExprs.
190	SmallPtrSet<const Constant *, `32`> ConstantExprVisited;
191
192	/// Cache of declarations of the llvm.experimental.deoptimize.<ty> intrinsic.
193	SmallVector<const Function *, `4`> DeoptimizeDeclarations;
194
195	/// Cache of attribute lists verified.
196	SmallPtrSet<const void *, `32`> AttributeListsVisited;
197
198	// Verify that this GlobalValue is only used in this module.
199	// This map is used to avoid visiting uses twice. We can arrive at a user
200	// twice, if they have multiple operands. In particular for very large
201	// constant expressions, we can arrive at a particular user many times.
202	SmallPtrSet<const Value *, `32`> GlobalValueVisited;
203
204	// Keeps track of duplicate function argument debug info.
205	SmallVector<const DILocalVariable *, `16`> DebugFnArgs;
206
207	TBAAVerifier TBAAVerifyHelper;
208	ConvergenceVerifier ConvergenceVerifyHelper;
209
210	SmallVector<IntrinsicInst *, `4`> NoAliasScopeDecls;
211
212	void checkAtomicMemAccessSize(Type Ty, const* Instruction *I);
213
214	public:
215	explicit Verifier(raw_ostream OS, bool* ShouldTreatBrokenDebugInfoAsError,
216	const Module &M)
217	: VerifierSupport (OS, M), LandingPadResultTy(nullptr),
218	SawFrameEscape(false), TBAAVerifyHelper (this) {
219	TreatBrokenDebugInfoAsError = ShouldTreatBrokenDebugInfoAsError;
220	}
221
222	bool hasBrokenDebugInfo() const { return BrokenDebugInfo; }
223
224	bool verify(const Function &F) {
225	llvm::TimeTraceScope timeScope("Verifier");
226	assert(F.getParent() == &M &&
227	"An instance of this class only works with a specific module!");
228
229	// First ensure the function is well-enough formed to compute dominance
230	// information, and directly compute a dominance tree. We don't rely on the
231	// pass manager to provide this as it isolates us from a potentially
232	// out-of-date dominator tree and makes it significantly more complex to run
233	// this code outside of a pass manager.
234
235	// First check that every basic block has a terminator, otherwise we can't
236	// even inspect the CFG.
237	for (const BasicBlock &BB : F) {
238	if (!BB.empty() && BB.back().isTerminator())
239	continue;
240
241	if (OS) {
242	*OS << "Basic Block in function '" << F.getName()
243	<< "' does not have terminator!\n";
244	BB.printAsOperand(O&: OS, PrintType: true*, MST);
245	*OS << "\n";
246	}
247	return false;
248	}
249
250	// FIXME: It's really gross that we have to cast away constness here.
251	if (!F.empty())
252	DT.recalculate(Func&: const_cast<Function &>(F));
253
254	auto FailureCB = [this](const Twine &Message) {
255	this->CheckFailed(Message);
256	};
257	ConvergenceVerifyHelper.initialize(OS, FailureCB, F);
258
259	Broken = false;
260	// FIXME: We strip const here because the inst visitor strips const.
261	visit(F&: const_cast<Function &>(F));
262	verifySiblingFuncletUnwinds();
263
264	if (ConvergenceVerifyHelper.sawTokens())
265	ConvergenceVerifyHelper.verify(DT);
266
267	InstsInThisBlock.clear();
268	DebugFnArgs.clear();
269	LandingPadResultTy = nullptr;
270	SawFrameEscape = false;
271	SiblingFuncletInfo.clear();
272	verifyNoAliasScopeDecl();
273	NoAliasScopeDecls.clear();
274
275	return !Broken;
276	}
277
278	/// Verify the module that this instance of \c Verifier was initialized with.
279	bool verify() {
280	Broken = false;
281
282	// Collect all declarations of the llvm.experimental.deoptimize intrinsic.
283	for (const Function &F : M)
284	if (F.getIntrinsicID() == Intrinsic::experimental_deoptimize)
285	DeoptimizeDeclarations.push_back(Elt: &F);
286
287	// Now that we've visited every function, verify that we never asked to
288	// recover a frame index that wasn't escaped.
289	verifyFrameRecoverIndices();
290	for (const GlobalVariable &GV : M.globals())
291	visitGlobalVariable(GV);
292
293	for (const GlobalAlias &GA : M.aliases())
294	visitGlobalAlias(GA);
295
296	for (const GlobalIFunc &GI : M.ifuncs())
297	visitGlobalIFunc(GI);
298
299	for (const NamedMDNode &NMD : M.named_metadata())
300	visitNamedMDNode(NMD);
301
302	for (const StringMapEntry<Comdat> &SMEC : M.getComdatSymbolTable())
303	visitComdat(C: SMEC.getValue());
304
305	visitModuleFlags();
306	visitModuleIdents();
307	visitModuleCommandLines();
308	visitModuleErrnoTBAA();
309
310	verifyCompileUnits();
311
312	verifyDeoptimizeCallingConvs();
313	DISubprogramAttachments.clear();
314	return !Broken;
315	}
316
317	private:
318	/// Whether a metadata node is allowed to be, or contain, a DILocation.
319	enum class AreDebugLocsAllowed { No, Yes };
320
321	/// Metadata that should be treated as a range, with slightly different
322	/// requirements.
323	enum class RangeLikeMetadataKind {
324	Range, // MD_range
325	AbsoluteSymbol, // MD_absolute_symbol
326	NoaliasAddrspace // MD_noalias_addrspace
327	};
328
329	// Verification methods...
330	void visitGlobalValue(const GlobalValue &GV);
331	void visitGlobalVariable(const GlobalVariable &GV);
332	void visitGlobalAlias(const GlobalAlias &GA);
333	void visitGlobalIFunc(const GlobalIFunc &GI);
334	void visitAliaseeSubExpr(const GlobalAlias &A, const Constant &C);
335	void visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias *> &Visited,
336	const GlobalAlias &A, const Constant &C);
337	void visitNamedMDNode(const NamedMDNode &NMD);
338	void visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs);
339	void visitMetadataAsValue(const MetadataAsValue &MD, Function *F);
340	void visitValueAsMetadata(const ValueAsMetadata &MD, Function *F);
341	void visitDIArgList(const DIArgList &AL, Function *F);
342	void visitComdat(const Comdat &C);
343	void visitModuleIdents();
344	void visitModuleCommandLines();
345	void visitModuleErrnoTBAA();
346	void visitModuleFlags();
347	void visitModuleFlag(const MDNode *Op,
348	DenseMap<const MDString , const* MDNode *> &SeenIDs,
349	SmallVectorImpl<const MDNode *> &Requirements);
350	void visitModuleFlagCGProfileEntry(const MDOperand &MDO);
351	void visitFunction(const Function &F);
352	void visitBasicBlock(BasicBlock &BB);
353	void verifyRangeLikeMetadata(const Value &V, const MDNode Range, Type Ty,
354	RangeLikeMetadataKind Kind);
355	void visitRangeMetadata(Instruction &I, MDNode Range, Type Ty);
356	void visitNoFPClassMetadata(Instruction &I, MDNode Range, Type Ty);
357	void visitNoaliasAddrspaceMetadata(Instruction &I, MDNode Range, Type Ty);
358	void visitDereferenceableMetadata(Instruction &I, MDNode *MD);
359	void visitNofreeMetadata(Instruction &I, MDNode *MD);
360	void visitProfMetadata(Instruction &I, MDNode *MD);
361	void visitCallStackMetadata(MDNode *MD);
362	void visitMemProfMetadata(Instruction &I, MDNode *MD);
363	void visitCallsiteMetadata(Instruction &I, MDNode *MD);
364	void visitCalleeTypeMetadata(Instruction &I, MDNode *MD);
365	void visitDIAssignIDMetadata(Instruction &I, MDNode *MD);
366	void visitMMRAMetadata(Instruction &I, MDNode *MD);
367	void visitAnnotationMetadata(MDNode *Annotation);
368	void visitAliasScopeMetadata(const MDNode *MD);
369	void visitAliasScopeListMetadata(const MDNode *MD);
370	void visitAccessGroupMetadata(const MDNode *MD);
371	void visitCapturesMetadata(Instruction &I, const MDNode *Captures);
372	void visitAllocTokenMetadata(Instruction &I, MDNode *MD);
373	void visitInlineHistoryMetadata(Instruction &I, MDNode *MD);
374	void visitMemCacheHintMetadata(Instruction &I, MDNode *MD);
375
376	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) void visit##CLASS(const CLASS &N);
377	#include "llvm/IR/Metadata.def"
378	void visitDIType(const DIType &N);
379	void visitDIScope(const DIScope &N);
380	void visitDIVariable(const DIVariable &N);
381	void visitDILexicalBlockBase(const DILexicalBlockBase &N);
382	void visitDITemplateParameter(const DITemplateParameter &N);
383
384	void visitTemplateParams(const MDNode &N, const Metadata &RawParams);
385
386	void visit(DbgLabelRecord &DLR);
387	void visit(DbgVariableRecord &DVR);
388	// InstVisitor overrides...
389	using InstVisitor<Verifier>::visit;
390	void visitDbgRecords(Instruction &I);
391	void visit(Instruction &I);
392
393	void visitTruncInst(TruncInst &I);
394	void visitZExtInst(ZExtInst &I);
395	void visitSExtInst(SExtInst &I);
396	void visitFPTruncInst(FPTruncInst &I);
397	void visitFPExtInst(FPExtInst &I);
398	void visitFPToUIInst(FPToUIInst &I);
399	void visitFPToSIInst(FPToSIInst &I);
400	void visitUIToFPInst(UIToFPInst &I);
401	void visitSIToFPInst(SIToFPInst &I);
402	void visitIntToPtrInst(IntToPtrInst &I);
403	void checkPtrToAddr(Type SrcTy, Type DestTy, const Value &V);
404	void visitPtrToAddrInst(PtrToAddrInst &I);
405	void visitPtrToIntInst(PtrToIntInst &I);
406	void visitBitCastInst(BitCastInst &I);
407	void visitAddrSpaceCastInst(AddrSpaceCastInst &I);
408	void visitPHINode(PHINode &PN);
409	void visitCallBase(CallBase &Call);
410	void visitUnaryOperator(UnaryOperator &U);
411	void visitBinaryOperator(BinaryOperator &B);
412	void visitICmpInst(ICmpInst &IC);
413	void visitFCmpInst(FCmpInst &FC);
414	void visitExtractElementInst(ExtractElementInst &EI);
415	void visitInsertElementInst(InsertElementInst &EI);
416	void visitShuffleVectorInst(ShuffleVectorInst &EI);
417	void visitVAArgInst(VAArgInst &VAA) { visitInstruction(I&: VAA); }
418	void visitCallInst(CallInst &CI);
419	void visitInvokeInst(InvokeInst &II);
420	void visitGetElementPtrInst(GetElementPtrInst &GEP);
421	void visitLoadInst(LoadInst &LI);
422	void visitStoreInst(StoreInst &SI);
423	void verifyDominatesUse(Instruction &I, unsigned i);
424	void visitInstruction(Instruction &I);
425	void visitTerminator(Instruction &I);
426	void visitCondBrInst(CondBrInst &BI);
427	void visitReturnInst(ReturnInst &RI);
428	void visitSwitchInst(SwitchInst &SI);
429	void visitIndirectBrInst(IndirectBrInst &BI);
430	void visitCallBrInst(CallBrInst &CBI);
431	void visitSelectInst(SelectInst &SI);
432	void visitUserOp1(Instruction &I);
433	void visitUserOp2(Instruction &I) { visitUserOp1(I); }
434	void visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call);
435	void visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI);
436	void visitVPIntrinsic(VPIntrinsic &VPI);
437	void visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI);
438	void visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI);
439	void visitAtomicRMWInst(AtomicRMWInst &RMWI);
440	void visitFenceInst(FenceInst &FI);
441	void visitAllocaInst(AllocaInst &AI);
442	void visitExtractValueInst(ExtractValueInst &EVI);
443	void visitInsertValueInst(InsertValueInst &IVI);
444	void visitEHPadPredecessors(Instruction &I);
445	void visitLandingPadInst(LandingPadInst &LPI);
446	void visitResumeInst(ResumeInst &RI);
447	void visitCatchPadInst(CatchPadInst &CPI);
448	void visitCatchReturnInst(CatchReturnInst &CatchReturn);
449	void visitCleanupPadInst(CleanupPadInst &CPI);
450	void visitFuncletPadInst(FuncletPadInst &FPI);
451	void visitCatchSwitchInst(CatchSwitchInst &CatchSwitch);
452	void visitCleanupReturnInst(CleanupReturnInst &CRI);
453
454	void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal);
455	void verifySwiftErrorValue(const Value *SwiftErrorVal);
456	void verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, StringRef Context);
457	void verifyMustTailCall(CallInst &CI);
458	bool verifyAttributeCount(AttributeList Attrs, unsigned Params);
459	void verifyAttributeTypes(AttributeSet Attrs, const Value *V);
460	void verifyParameterAttrs(AttributeSet Attrs, Type Ty, const* Value *V);
461	void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
462	const Value *V);
463	void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
464	const Value V, bool* IsIntrinsic, bool IsInlineAsm);
465	void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs);
466	void verifyUnknownProfileMetadata(MDNode *MD);
467	void visitConstantExprsRecursively(const Constant *EntryC);
468	void visitConstantExpr(const ConstantExpr *CE);
469	void visitConstantPtrAuth(const ConstantPtrAuth *CPA);
470	void verifyInlineAsmCall(const CallBase &Call);
471	void verifyStatepoint(const CallBase &Call);
472	void verifyFrameRecoverIndices();
473	void verifySiblingFuncletUnwinds();
474
475	void verifyFragmentExpression(const DbgVariableRecord &I);
476	template <typename ValueOrMetadata>
477	void verifyFragmentExpression(const DIVariable &V,
478	DIExpression::FragmentInfo Fragment,
479	ValueOrMetadata *Desc);
480	void verifyFnArgs(const DbgVariableRecord &DVR);
481	void verifyNotEntryValue(const DbgVariableRecord &I);
482
483	/// Module-level debug info verification...
484	void verifyCompileUnits();
485
486	/// Module-level verification that all @llvm.experimental.deoptimize
487	/// declarations share the same calling convention.
488	void verifyDeoptimizeCallingConvs();
489
490	void verifyAttachedCallBundle(const CallBase &Call,
491	const OperandBundleUse &BU);
492
493	/// Verify the llvm.experimental.noalias.scope.decl declarations
494	void verifyNoAliasScopeDecl();
495	};
496
497	} // end anonymous namespace
498
499	/// We know that cond should be true, if not print an error message.
500	#define Check(C, ...) \
501	do { \
502	if (!(C)) { \
503	CheckFailed(__VA_ARGS__); \
504	return; \
505	} \
506	} while (false)
507
508	/// We know that a debug info condition should be true, if not print
509	/// an error message.
510	#define CheckDI(C, ...) \
511	do { \
512	if (!(C)) { \
513	DebugInfoCheckFailed(__VA_ARGS__); \
514	return; \
515	} \
516	} while (false)
517
518	void Verifier::visitDbgRecords(Instruction &I) {
519	if (!I.DebugMarker)
520	return;
521	CheckDI(I.DebugMarker->MarkedInstr == &I,
522	"Instruction has invalid DebugMarker", &I);
523	CheckDI(!isa<PHINode>(&I) \|\| !I.hasDbgRecords(),
524	"PHI Node must not have any attached DbgRecords", &I);
525	for (DbgRecord &DR : I.getDbgRecordRange()) {
526	CheckDI(DR.getMarker() == I.DebugMarker,
527	"DbgRecord had invalid DebugMarker", &I, &DR);
528	if (auto *Loc =
529	dyn_cast_or_null<DILocation>(Val: DR.getDebugLoc().getAsMDNode()))
530	visitMDNode(MD: *Loc, AllowLocs: AreDebugLocsAllowed::Yes);
531	if (auto *DVR = dyn_cast<DbgVariableRecord>(Val: &DR)) {
532	visit(DVR&: *DVR);
533	// These have to appear after `visit` for consistency with existing
534	// intrinsic behaviour.
535	verifyFragmentExpression(I: *DVR);
536	verifyNotEntryValue(I: *DVR);
537	} else if (auto *DLR = dyn_cast<DbgLabelRecord>(Val: &DR)) {
538	visit(DLR&: *DLR);
539	}
540	}
541	}
542
543	void Verifier::visit(Instruction &I) {
544	visitDbgRecords(I);
545	for (unsigned i = `0`, e = I.getNumOperands(); i != e; ++i)
546	Check(I.getOperand(i) != nullptr, "Operand is null", &I);
547	InstVisitor<Verifier>::visit(I);
548	}
549
550	// Helper to iterate over indirect users. By returning false, the callback can ask to stop traversing further.
551	static void forEachUser(const Value *User,
552	SmallPtrSet<const Value *, `32`> &Visited,
553	llvm::function_ref<bool(const Value *)> Callback) {
554	if (!Visited.insert(Ptr: User).second)
555	return;
556
557	SmallVector<const Value *> WorkList(User->materialized_users());
558	while (!WorkList.empty()) {
559	const Value *Cur = WorkList.pop_back_val();
560	if (!Visited.insert(Ptr: Cur).second)
561	continue;
562	if (Callback (Cur))
563	append_range(C&: WorkList, R: Cur->materialized_users());
564	}
565	}
566
567	void Verifier::visitGlobalValue(const GlobalValue &GV) {
568	Check(!GV.isDeclaration() \|\| GV.hasValidDeclarationLinkage(),
569	"Global is external, but doesn't have external or weak linkage!", &GV);
570
571	if (const GlobalObject *GO = dyn_cast<GlobalObject>(Val: &GV)) {
572	if (const MDNode *Associated =
573	GO->getMetadata(KindID: LLVMContext::MD_associated)) {
574	Check(Associated->getNumOperands() == `1`,
575	"associated metadata must have one operand", &GV, Associated);
576	const Metadata *Op = Associated->getOperand(I: `0`).get();
577	Check(Op, "associated metadata must have a global value", GO, Associated);
578
579	const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
580	Check(VM, "associated metadata must be ValueAsMetadata", GO, Associated);
581	if (VM) {
582	Check(isa<PointerType>(VM->getValue()->getType()),
583	"associated value must be pointer typed", GV, Associated);
584
585	const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
586	Check(isa<GlobalObject>(Stripped) \|\| isa<Constant>(Stripped),
587	"associated metadata must point to a GlobalObject", GO, Stripped);
588	Check(Stripped != GO,
589	"global values should not associate to themselves", GO,
590	Associated);
591	}
592	}
593
594	// FIXME: Why is getMetadata on GlobalValue protected?
595	if (const MDNode *AbsoluteSymbol =
596	GO->getMetadata(KindID: LLVMContext::MD_absolute_symbol)) {
597	verifyRangeLikeMetadata(V: *GO, Range: AbsoluteSymbol,
598	Ty: DL.getIntPtrType(GO->getType()),
599	Kind: RangeLikeMetadataKind::AbsoluteSymbol);
600	}
601
602	if (GO->hasMetadata(KindID: LLVMContext::MD_implicit_ref)) {
603	Check(!GO->isDeclaration(),
604	"ref metadata must not be placed on a declaration", GO);
605
606	SmallVector<MDNode *> MDs;
607	GO->getMetadata(KindID: LLVMContext::MD_implicit_ref, MDs);
608	for (const MDNode *MD : MDs) {
609	Check(MD->getNumOperands() == `1`, "ref metadata must have one operand",
610	&GV, MD);
611	const Metadata *Op = MD->getOperand(I: `0`).get();
612	const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
613	Check(VM, "ref metadata must be ValueAsMetadata", GO, MD);
614	if (VM) {
615	Check(isa<PointerType>(VM->getValue()->getType()),
616	"ref value must be pointer typed", GV, MD);
617
618	const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
619	Check(isa<GlobalObject>(Stripped) \|\| isa<Constant>(Stripped),
620	"ref metadata must point to a GlobalObject", GO, Stripped);
621	Check(Stripped != GO, "values should not reference themselves", GO,
622	MD);
623	}
624	}
625	}
626
627	if (auto *Props = GO->getMetadata(KindID: LLVMContext::MD_elf_section_properties)) {
628	Check(Props->getNumOperands() == `2`,
629	"elf_section_properties metadata must have two operands", GO,
630	Props);
631	if (Props->getNumOperands() == `2`) {
632	auto *Type = dyn_cast<ConstantAsMetadata>(Val: Props->getOperand(I: `0`));
633	Check(Type, "type field must be ConstantAsMetadata", GO, Props);
634	auto *TypeInt = dyn_cast<ConstantInt>(Val: Type->getValue());
635	Check(TypeInt, "type field must be ConstantInt", GO, Props);
636
637	auto *Entsize = dyn_cast<ConstantAsMetadata>(Val: Props->getOperand(I: `1`));
638	Check(Entsize, "entsize field must be ConstantAsMetadata", GO, Props);
639	auto *EntsizeInt = dyn_cast<ConstantInt>(Val: Entsize->getValue());
640	Check(EntsizeInt, "entsize field must be ConstantInt", GO, Props);
641	}
642	}
643	}
644
645	Check(!GV.hasAppendingLinkage() \|\| isa<GlobalVariable>(GV),
646	"Only global variables can have appending linkage!", &GV);
647
648	if (GV.hasAppendingLinkage()) {
649	const GlobalVariable *GVar = dyn_cast<GlobalVariable>(Val: &GV);
650	Check(GVar && GVar->getValueType()->isArrayTy(),
651	"Only global arrays can have appending linkage!", GVar);
652	}
653
654	if (GV.isDeclarationForLinker())
655	Check(!GV.hasComdat(), "Declaration may not be in a Comdat!", &GV);
656
657	if (GV.hasDLLExportStorageClass()) {
658	Check(!GV.hasHiddenVisibility(),
659	"dllexport GlobalValue must have default or protected visibility",
660	&GV);
661	}
662	if (GV.hasDLLImportStorageClass()) {
663	Check(GV.hasDefaultVisibility(),
664	"dllimport GlobalValue must have default visibility", &GV);
665	Check(!GV.isDSOLocal(), "GlobalValue with DLLImport Storage is dso_local!",
666	&GV);
667
668	Check((GV.isDeclaration() &&
669	(GV.hasExternalLinkage() \|\| GV.hasExternalWeakLinkage())) \|\|
670	GV.hasAvailableExternallyLinkage(),
671	"Global is marked as dllimport, but not external", &GV);
672	}
673
674	if (GV.isImplicitDSOLocal())
675	Check(GV.isDSOLocal(),
676	"GlobalValue with local linkage or non-default "
677	"visibility must be dso_local!",
678	&GV);
679
680	forEachUser(User: &GV, Visited&: GlobalValueVisited, Callback: [&](const Value V) -> bool* {
681	if (const Instruction *I = dyn_cast<Instruction>(Val: V)) {
682	if (!I->getParent() \|\| !I->getParent()->getParent())
683	CheckFailed(Message: "Global is referenced by parentless instruction!", V1: &GV, Vs: &M,
684	Vs: I);
685	else if (I->getParent()->getParent()->getParent() != &M)
686	CheckFailed(Message: "Global is referenced in a different module!", V1: &GV, Vs: &M, Vs: I,
687	Vs: I->getParent()->getParent(),
688	Vs: I->getParent()->getParent()->getParent());
689	return false;
690	} else if (const Function *F = dyn_cast<Function>(Val: V)) {
691	if (F->getParent() != &M)
692	CheckFailed(Message: "Global is used by function in a different module", V1: &GV, Vs: &M,
693	Vs: F, Vs: F->getParent());
694	return false;
695	}
696	return true;
697	});
698	}
699
700	void Verifier::visitGlobalVariable(const GlobalVariable &GV) {
701	Type *GVType = GV.getValueType();
702
703	if (MaybeAlign A = GV.getAlign()) {
704	Check(A ->value() <= Value::MaximumAlignment,
705	"huge alignment values are unsupported", &GV);
706	}
707
708	if (GV.hasInitializer()) {
709	Check(GV.getInitializer()->getType() == GVType,
710	"Global variable initializer type does not match global "
711	"variable type!",
712	&GV);
713	Check(GV.getInitializer()->getType()->isSized(),
714	"Global variable initializer must be sized", &GV);
715	visitConstantExprsRecursively(EntryC: GV.getInitializer());
716	// If the global has common linkage, it must have a zero initializer and
717	// cannot be constant.
718	if (GV.hasCommonLinkage()) {
719	Check(GV.getInitializer()->isNullValue(),
720	"'common' global must have a zero initializer!", &GV);
721	Check(!GV.isConstant(), "'common' global may not be marked constant!",
722	&GV);
723	Check(!GV.hasComdat(), "'common' global may not be in a Comdat!", &GV);
724	}
725	}
726
727	if (GV.hasName() && (GV.getName() == "llvm.global_ctors" \|\|
728	GV.getName() == "llvm.global_dtors")) {
729	Check(!GV.hasInitializer() \|\| GV.hasAppendingLinkage(),
730	"invalid linkage for intrinsic global variable", &GV);
731	Check(GV.materialized_use_empty(),
732	"invalid uses of intrinsic global variable", &GV);
733
734	// Don't worry about emitting an error for it not being an array,
735	// visitGlobalValue will complain on appending non-array.
736	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
737	StructType *STy = dyn_cast<StructType>(Val: ATy->getElementType());
738	PointerType *FuncPtrTy =
739	PointerType::get(C&: Context, AddressSpace: DL.getProgramAddressSpace());
740	Check(STy && (STy->getNumElements() == `2` \|\| STy->getNumElements() == `3`) &&
741	STy->getTypeAtIndex(`0u`)->isIntegerTy(`32`) &&
742	STy->getTypeAtIndex(`1`) == FuncPtrTy,
743	"wrong type for intrinsic global variable", &GV);
744	Check(STy->getNumElements() == `3`,
745	"the third field of the element type is mandatory, "
746	"specify ptr null to migrate from the obsoleted 2-field form");
747	Type *ETy = STy->getTypeAtIndex(N: `2`);
748	Check(ETy->isPointerTy(), "wrong type for intrinsic global variable",
749	&GV);
750	}
751	}
752
753	if (GV.hasName() && (GV.getName() == "llvm.used" \|\|
754	GV.getName() == "llvm.compiler.used")) {
755	Check(!GV.hasInitializer() \|\| GV.hasAppendingLinkage(),
756	"invalid linkage for intrinsic global variable", &GV);
757	Check(GV.materialized_use_empty(),
758	"invalid uses of intrinsic global variable", &GV);
759
760	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
761	PointerType *PTy = dyn_cast<PointerType>(Val: ATy->getElementType());
762	Check(PTy, "wrong type for intrinsic global variable", &GV);
763	if (GV.hasInitializer()) {
764	const Constant *Init = GV.getInitializer();
765	const ConstantArray *InitArray = dyn_cast<ConstantArray>(Val: Init);
766	Check(InitArray, "wrong initializer for intrinsic global variable",
767	Init);
768	for (Value *Op : InitArray->operands()) {
769	Value *V = Op->stripPointerCasts();
770	Check(isa<GlobalVariable>(V) \|\| isa<Function>(V) \|\|
771	isa<GlobalAlias>(V),
772	Twine ("invalid ") + GV.getName() + " member", V);
773	Check(V->hasName(),
774	Twine ("members of ") + GV.getName() + " must be named", V);
775	}
776	}
777	}
778	}
779
780	// Visit any debug info attachments.
781	SmallVector<MDNode *, `1`> MDs;
782	GV.getMetadata(KindID: LLVMContext::MD_dbg, MDs);
783	for (auto *MD : MDs) {
784	if (auto *GVE = dyn_cast<DIGlobalVariableExpression>(Val: MD))
785	visitDIGlobalVariableExpression(N: *GVE);
786	else
787	CheckDI(false, "!dbg attachment of global variable must be a "
788	"DIGlobalVariableExpression");
789	}
790
791	// Scalable vectors cannot be global variables, since we don't know
792	// the runtime size.
793	Check(!GVType->isScalableTy(), "Globals cannot contain scalable types", &GV);
794
795	// Check if it is or contains a target extension type that disallows being
796	// used as a global.
797	Check(!GVType->containsNonGlobalTargetExtType(),
798	"Global @" + GV.getName() + " has illegal target extension type",
799	GVType);
800
801	// Check that the the address space can hold all bits of the type, recognized
802	// by an access in the address space being able to reach all bytes of the
803	// type.
804	Check(!GVType->isSized() \|\|
805	isUIntN(DL.getAddressSizeInBits(GV.getAddressSpace()),
806	GV.getGlobalSize(DL)),
807	"Global variable is too large to fit into the address space", &GV,
808	GVType);
809
810	if (!GV.hasInitializer()) {
811	visitGlobalValue(GV);
812	return;
813	}
814
815	// Walk any aggregate initializers looking for bitcasts between address spaces
816	visitConstantExprsRecursively(EntryC: GV.getInitializer());
817
818	visitGlobalValue(GV);
819	}
820
821	void Verifier::visitAliaseeSubExpr(const GlobalAlias &GA, const Constant &C) {
822	SmallPtrSet<const GlobalAlias*, `4`> Visited;
823	Visited.insert(Ptr: &GA);
824	visitAliaseeSubExpr(Visited, A: GA, C);
825	}
826
827	void Verifier::visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias*> &Visited,
828	const GlobalAlias &GA, const Constant &C) {
829	if (GA.hasAvailableExternallyLinkage()) {
830	Check(isa<GlobalValue>(C) &&
831	cast<GlobalValue>(C).hasAvailableExternallyLinkage(),
832	"available_externally alias must point to available_externally "
833	"global value",
834	&GA);
835	}
836	if (const auto *GV = dyn_cast<GlobalValue>(Val: &C)) {
837	if (!GA.hasAvailableExternallyLinkage()) {
838	Check(!GV->isDeclarationForLinker(), "Alias must point to a definition",
839	&GA);
840	}
841
842	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: GV)) {
843	Check(Visited.insert(GA2).second, "Aliases cannot form a cycle", &GA);
844
845	Check(!GA2->isInterposable(),
846	"Alias cannot point to an interposable alias", &GA);
847	} else {
848	// Only continue verifying subexpressions of GlobalAliases.
849	// Do not recurse into global initializers.
850	return;
851	}
852	}
853
854	if (const auto *CE = dyn_cast<ConstantExpr>(Val: &C))
855	visitConstantExprsRecursively(EntryC: CE);
856
857	for (const Use &U : C.operands()) {
858	Value V = &U;
859	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: V))
860	visitAliaseeSubExpr(Visited, GA, C: *GA2->getAliasee());
861	else if (const auto *C2 = dyn_cast<Constant>(Val: V))
862	visitAliaseeSubExpr(Visited, GA, C: *C2);
863	}
864	}
865
866	void Verifier::visitGlobalAlias(const GlobalAlias &GA) {
867	Check(GlobalAlias::isValidLinkage(GA.getLinkage()),
868	"Alias should have private, internal, linkonce, weak, linkonce_odr, "
869	"weak_odr, external, or available_externally linkage!",
870	&GA);
871	const Constant *Aliasee = GA.getAliasee();
872	Check(Aliasee, "Aliasee cannot be NULL!", &GA);
873	Check(GA.getType() == Aliasee->getType(),
874	"Alias and aliasee types should match!", &GA);
875
876	Check(isa<GlobalValue>(Aliasee) \|\| isa<ConstantExpr>(Aliasee),
877	"Aliasee should be either GlobalValue or ConstantExpr", &GA);
878
879	visitAliaseeSubExpr(GA, C: *Aliasee);
880
881	visitGlobalValue(GV: GA);
882	}
883
884	void Verifier::visitGlobalIFunc(const GlobalIFunc &GI) {
885	visitGlobalValue(GV: GI);
886
887	SmallVector<std::pair<unsigned, MDNode *>, `4`> MDs;
888	GI.getAllMetadata(MDs);
889	for (const auto &I : MDs) {
890	CheckDI(I.first != LLVMContext::MD_dbg,
891	"an ifunc may not have a !dbg attachment", &GI);
892	Check(I.first != LLVMContext::MD_prof,
893	"an ifunc may not have a !prof attachment", &GI);
894	visitMDNode(MD: *I.second, AllowLocs: AreDebugLocsAllowed::No);
895	}
896
897	Check(GlobalIFunc::isValidLinkage(GI.getLinkage()),
898	"IFunc should have private, internal, linkonce, weak, linkonce_odr, "
899	"weak_odr, or external linkage!",
900	&GI);
901	// Pierce through ConstantExprs and GlobalAliases and check that the resolver
902	// is a Function definition.
903	const Function *Resolver = GI.getResolverFunction();
904	Check(Resolver, "IFunc must have a Function resolver", &GI);
905	Check(!Resolver->isDeclarationForLinker(),
906	"IFunc resolver must be a definition", &GI);
907
908	// Check that the immediate resolver operand (prior to any bitcasts) has the
909	// correct type.
910	const Type *ResolverTy = GI.getResolver()->getType();
911
912	Check(isa<PointerType>(Resolver->getFunctionType()->getReturnType()),
913	"IFunc resolver must return a pointer", &GI);
914
915	Check(ResolverTy == PointerType::get(Context, GI.getAddressSpace()),
916	"IFunc resolver has incorrect type", &GI);
917	}
918
919	void Verifier::visitNamedMDNode(const NamedMDNode &NMD) {
920	// There used to be various other llvm.dbg. nodes, but we don't support*
921	// upgrading them and we want to reserve the namespace for future uses.
922	if (NMD.getName().starts_with(Prefix: "llvm.dbg."))
923	CheckDI(NMD.getName() == "llvm.dbg.cu",
924	"unrecognized named metadata node in the llvm.dbg namespace", &NMD);
925	for (const MDNode *MD : NMD.operands()) {
926	if (NMD.getName() == "llvm.dbg.cu")
927	CheckDI(MD && isa<DICompileUnit>(MD), "invalid compile unit", &NMD, MD);
928
929	if (!MD)
930	continue;
931
932	visitMDNode(MD: *MD, AllowLocs: AreDebugLocsAllowed::Yes);
933	}
934	}
935
936	void Verifier::visitMDNode(const MDNode &BaseMD,
937	AreDebugLocsAllowed AllowLocs) {
938	// Only visit each node once. Metadata can be mutually recursive, so this
939	// avoids infinite recursion here, as well as being an optimization.
940	if (!MDNodes.insert(Ptr: &BaseMD).second)
941	return;
942
943	std::queue<const MDNode *> Worklist;
944	Worklist.push(x: &BaseMD);
945
946	while (!Worklist.empty()) {
947	const MDNode *CurrentMD = Worklist.front();
948	Worklist.pop();
949	Check(&CurrentMD->getContext() == &Context,
950	"MDNode context does not match Module context!", CurrentMD);
951
952	switch (CurrentMD->getMetadataID()) {
953	default:
954	llvm_unreachable("Invalid MDNode subclass");
955	case Metadata::MDTupleKind:
956	break;
957	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) \
958	case Metadata::CLASS##Kind: \
959	visit##CLASS(cast<CLASS>(*CurrentMD)); \
960	break;
961	#include "llvm/IR/Metadata.def"
962	}
963
964	for (const Metadata *Op : CurrentMD->operands()) {
965	if (!Op)
966	continue;
967	Check(!isa<LocalAsMetadata>(Op), "Invalid operand for global metadata!",
968	CurrentMD, Op);
969	CheckDI(!isa<DILocation>(Op) \|\| AllowLocs == AreDebugLocsAllowed::Yes,
970	"DILocation not allowed within this metadata node", CurrentMD,
971	Op);
972	if (auto *N = dyn_cast<MDNode>(Val: Op)) {
973	if (MDNodes.insert(Ptr: N).second)
974	Worklist.push(x: N);
975	continue;
976	}
977	if (auto *V = dyn_cast<ValueAsMetadata>(Val: Op)) {
978	visitValueAsMetadata(MD: V, F: nullptr*);
979	continue;
980	}
981	}
982
983	// Check llvm.loop.estimated_trip_count.
984	if (CurrentMD->getNumOperands() > `0` &&
985	CurrentMD->getOperand(I: `0`).equalsStr(Str: LLVMLoopEstimatedTripCount)) {
986	Check(CurrentMD->getNumOperands() == `2`, "Expected two operands",
987	CurrentMD);
988	auto *Count =
989	dyn_cast_or_null<ConstantAsMetadata>(Val: CurrentMD->getOperand(I: `1`));
990	Check(Count && Count->getType()->isIntegerTy() &&
991	cast<IntegerType>(Count->getType())->getBitWidth() <= `32`,
992	"Expected second operand to be an integer constant of type i32 or "
993	"smaller",
994	CurrentMD);
995	}
996
997	// Check these last, so we diagnose problems in operands first.
998	Check(!CurrentMD->isTemporary(), "Expected no forward declarations!",
999	CurrentMD);
1000	Check(CurrentMD->isResolved(), "All nodes should be resolved!", CurrentMD);
1001	}
1002	}
1003
1004	void Verifier::visitValueAsMetadata(const ValueAsMetadata &MD, Function *F) {
1005	Check(MD.getValue(), "Expected valid value", &MD);
1006	Check(!MD.getValue()->getType()->isMetadataTy(),
1007	"Unexpected metadata round-trip through values", &MD, MD.getValue());
1008
1009	auto *L = dyn_cast<LocalAsMetadata>(Val: &MD);
1010	if (!L)
1011	return;
1012
1013	Check(F, "function-local metadata used outside a function", L);
1014
1015	// If this was an instruction, bb, or argument, verify that it is in the
1016	// function that we expect.
1017	Function ActualF = nullptr*;
1018	if (Instruction *I = dyn_cast<Instruction>(Val: L->getValue())) {
1019	Check(I->getParent(), "function-local metadata not in basic block", L, I);
1020	ActualF = I->getParent()->getParent();
1021	} else if (BasicBlock *BB = dyn_cast<BasicBlock>(Val: L->getValue()))
1022	ActualF = BB->getParent();
1023	else if (Argument *A = dyn_cast<Argument>(Val: L->getValue()))
1024	ActualF = A->getParent();
1025	assert(ActualF && "Unimplemented function local metadata case!");
1026
1027	Check(ActualF == F, "function-local metadata used in wrong function", L);
1028	}
1029
1030	void Verifier::visitDIArgList(const DIArgList &AL, Function *F) {
1031	for (const ValueAsMetadata *VAM : AL.getArgs())
1032	visitValueAsMetadata(MD: *VAM, F);
1033	}
1034
1035	void Verifier::visitMetadataAsValue(const MetadataAsValue &MDV, Function *F) {
1036	Metadata *MD = MDV.getMetadata();
1037	if (auto *N = dyn_cast<MDNode>(Val: MD)) {
1038	visitMDNode(BaseMD: *N, AllowLocs: AreDebugLocsAllowed::No);
1039	return;
1040	}
1041
1042	// Only visit each node once. Metadata can be mutually recursive, so this
1043	// avoids infinite recursion here, as well as being an optimization.
1044	if (!MDNodes.insert(Ptr: MD).second)
1045	return;
1046
1047	if (auto *V = dyn_cast<ValueAsMetadata>(Val: MD))
1048	visitValueAsMetadata(MD: *V, F);
1049
1050	if (auto *AL = dyn_cast<DIArgList>(Val: MD))
1051	visitDIArgList(AL: *AL, F);
1052	}
1053
1054	static bool isType(const Metadata MD) { return* !MD \|\| isa<DIType>(Val: MD); }
1055	static bool isScope(const Metadata MD) { return* !MD \|\| isa<DIScope>(Val: MD); }
1056	static bool isDINode(const Metadata MD) { return* !MD \|\| isa<DINode>(Val: MD); }
1057	static bool isMDTuple(const Metadata MD) { return* !MD \|\| isa<MDTuple>(Val: MD); }
1058
1059	void Verifier::visitDILocation(const DILocation &N) {
1060	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1061	"location requires a valid scope", &N, N.getRawScope());
1062	if (auto *IA = N.getRawInlinedAt())
1063	CheckDI(isa<DILocation>(IA), "inlined-at should be a location", &N, IA);
1064	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1065	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1066	}
1067
1068	void Verifier::visitGenericDINode(const GenericDINode &N) {
1069	CheckDI(N.getTag(), "invalid tag", &N);
1070	}
1071
1072	void Verifier::visitDIScope(const DIScope &N) {
1073	if (auto *F = N.getRawFile())
1074	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1075	}
1076
1077	void Verifier::visitDIType(const DIType &N) {
1078	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1079	visitDIScope(N);
1080	CheckDI(N.getRawFile() \|\| N.getLine() == `0`, "line specified with no file", &N,
1081	N.getLine());
1082	}
1083
1084	void Verifier::visitDISubrangeType(const DISubrangeType &N) {
1085	visitDIType(N);
1086
1087	CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1088	auto *BaseType = N.getRawBaseType();
1089	CheckDI(!BaseType \|\| isType(BaseType), "BaseType must be a type");
1090	auto *LBound = N.getRawLowerBound();
1091	CheckDI(!LBound \|\| isa<ConstantAsMetadata>(LBound) \|\|
1092	isa<DIVariable>(LBound) \|\| isa<DIExpression>(LBound) \|\|
1093	isa<DIDerivedType>(LBound),
1094	"LowerBound must be signed constant or DIVariable or DIExpression or "
1095	"DIDerivedType",
1096	&N);
1097	auto *UBound = N.getRawUpperBound();
1098	CheckDI(!UBound \|\| isa<ConstantAsMetadata>(UBound) \|\|
1099	isa<DIVariable>(UBound) \|\| isa<DIExpression>(UBound) \|\|
1100	isa<DIDerivedType>(UBound),
1101	"UpperBound must be signed constant or DIVariable or DIExpression or "
1102	"DIDerivedType",
1103	&N);
1104	auto *Stride = N.getRawStride();
1105	CheckDI(!Stride \|\| isa<ConstantAsMetadata>(Stride) \|\|
1106	isa<DIVariable>(Stride) \|\| isa<DIExpression>(Stride),
1107	"Stride must be signed constant or DIVariable or DIExpression", &N);
1108	auto *Bias = N.getRawBias();
1109	CheckDI(!Bias \|\| isa<ConstantAsMetadata>(Bias) \|\| isa<DIVariable>(Bias) \|\|
1110	isa<DIExpression>(Bias),
1111	"Bias must be signed constant or DIVariable or DIExpression", &N);
1112	// Subrange types currently only support constant size.
1113	auto *Size = N.getRawSizeInBits();
1114	CheckDI(!Size \|\| isa<ConstantAsMetadata>(Size),
1115	"SizeInBits must be a constant");
1116	}
1117
1118	void Verifier::visitDISubrange(const DISubrange &N) {
1119	CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1120	CheckDI(!N.getRawCountNode() \|\| !N.getRawUpperBound(),
1121	"Subrange can have any one of count or upperBound", &N);
1122	auto *CBound = N.getRawCountNode();
1123	CheckDI(!CBound \|\| isa<ConstantAsMetadata>(CBound) \|\|
1124	isa<DIVariable>(CBound) \|\| isa<DIExpression>(CBound),
1125	"Count must be signed constant or DIVariable or DIExpression", &N);
1126	auto Count = N.getCount();
1127	CheckDI(!Count \|\| !isa<ConstantInt *>(Count) \|\|
1128	cast<ConstantInt *>(Count)->getSExtValue() >= -`1`,
1129	"invalid subrange count", &N);
1130	auto *LBound = N.getRawLowerBound();
1131	CheckDI(!LBound \|\| isa<ConstantAsMetadata>(LBound) \|\|
1132	isa<DIVariable>(LBound) \|\| isa<DIExpression>(LBound),
1133	"LowerBound must be signed constant or DIVariable or DIExpression",
1134	&N);
1135	auto *UBound = N.getRawUpperBound();
1136	CheckDI(!UBound \|\| isa<ConstantAsMetadata>(UBound) \|\|
1137	isa<DIVariable>(UBound) \|\| isa<DIExpression>(UBound),
1138	"UpperBound must be signed constant or DIVariable or DIExpression",
1139	&N);
1140	auto *Stride = N.getRawStride();
1141	CheckDI(!Stride \|\| isa<ConstantAsMetadata>(Stride) \|\|
1142	isa<DIVariable>(Stride) \|\| isa<DIExpression>(Stride),
1143	"Stride must be signed constant or DIVariable or DIExpression", &N);
1144	}
1145
1146	void Verifier::visitDIGenericSubrange(const DIGenericSubrange &N) {
1147	CheckDI(N.getTag() == dwarf::DW_TAG_generic_subrange, "invalid tag", &N);
1148	CheckDI(!N.getRawCountNode() \|\| !N.getRawUpperBound(),
1149	"GenericSubrange can have any one of count or upperBound", &N);
1150	auto *CBound = N.getRawCountNode();
1151	CheckDI(!CBound \|\| isa<DIVariable>(CBound) \|\| isa<DIExpression>(CBound),
1152	"Count must be signed constant or DIVariable or DIExpression", &N);
1153	auto *LBound = N.getRawLowerBound();
1154	CheckDI(LBound, "GenericSubrange must contain lowerBound", &N);
1155	CheckDI(isa<DIVariable>(LBound) \|\| isa<DIExpression>(LBound),
1156	"LowerBound must be signed constant or DIVariable or DIExpression",
1157	&N);
1158	auto *UBound = N.getRawUpperBound();
1159	CheckDI(!UBound \|\| isa<DIVariable>(UBound) \|\| isa<DIExpression>(UBound),
1160	"UpperBound must be signed constant or DIVariable or DIExpression",
1161	&N);
1162	auto *Stride = N.getRawStride();
1163	CheckDI(Stride, "GenericSubrange must contain stride", &N);
1164	CheckDI(isa<DIVariable>(Stride) \|\| isa<DIExpression>(Stride),
1165	"Stride must be signed constant or DIVariable or DIExpression", &N);
1166	}
1167
1168	void Verifier::visitDIEnumerator(const DIEnumerator &N) {
1169	CheckDI(N.getTag() == dwarf::DW_TAG_enumerator, "invalid tag", &N);
1170	}
1171
1172	void Verifier::visitDIBasicType(const DIBasicType &N) {
1173	visitDIType(N);
1174
1175	CheckDI(N.getTag() == dwarf::DW_TAG_base_type \|\|
1176	N.getTag() == dwarf::DW_TAG_unspecified_type \|\|
1177	N.getTag() == dwarf::DW_TAG_string_type,
1178	"invalid tag", &N);
1179	// Basic types currently only support constant size.
1180	auto *Size = N.getRawSizeInBits();
1181	CheckDI(!Size \|\| isa<ConstantAsMetadata>(Size),
1182	"SizeInBits must be a constant");
1183	}
1184
1185	void Verifier::visitDIFixedPointType(const DIFixedPointType &N) {
1186	visitDIBasicType(N);
1187
1188	CheckDI(N.getTag() == dwarf::DW_TAG_base_type, "invalid tag", &N);
1189	CheckDI(N.getEncoding() == dwarf::DW_ATE_signed_fixed \|\|
1190	N.getEncoding() == dwarf::DW_ATE_unsigned_fixed,
1191	"invalid encoding", &N);
1192	CheckDI(N.getKind() == DIFixedPointType::FixedPointBinary \|\|
1193	N.getKind() == DIFixedPointType::FixedPointDecimal \|\|
1194	N.getKind() == DIFixedPointType::FixedPointRational,
1195	"invalid kind", &N);
1196	CheckDI(N.getKind() != DIFixedPointType::FixedPointRational \|\|
1197	N.getFactorRaw() == `0`,
1198	"factor should be 0 for rationals", &N);
1199	CheckDI(N.getKind() == DIFixedPointType::FixedPointRational \|\|
1200	(N.getNumeratorRaw() == `0` && N.getDenominatorRaw() == `0`),
1201	"numerator and denominator should be 0 for non-rationals", &N);
1202	}
1203
1204	void Verifier::visitDIStringType(const DIStringType &N) {
1205	visitDIType(N);
1206
1207	CheckDI(N.getTag() == dwarf::DW_TAG_string_type, "invalid tag", &N);
1208	CheckDI(!(N.isBigEndian() && N.isLittleEndian()), "has conflicting flags",
1209	&N);
1210	}
1211
1212	void Verifier::visitDIDerivedType(const DIDerivedType &N) {
1213	// Common type checks.
1214	visitDIType(N);
1215
1216	CheckDI(N.getTag() == dwarf::DW_TAG_typedef \|\|
1217	N.getTag() == dwarf::DW_TAG_pointer_type \|\|
1218	N.getTag() == dwarf::DW_TAG_ptr_to_member_type \|\|
1219	N.getTag() == dwarf::DW_TAG_reference_type \|\|
1220	N.getTag() == dwarf::DW_TAG_rvalue_reference_type \|\|
1221	N.getTag() == dwarf::DW_TAG_const_type \|\|
1222	N.getTag() == dwarf::DW_TAG_immutable_type \|\|
1223	N.getTag() == dwarf::DW_TAG_volatile_type \|\|
1224	N.getTag() == dwarf::DW_TAG_restrict_type \|\|
1225	N.getTag() == dwarf::DW_TAG_atomic_type \|\|
1226	N.getTag() == dwarf::DW_TAG_LLVM_ptrauth_type \|\|
1227	N.getTag() == dwarf::DW_TAG_member \|\|
1228	(N.getTag() == dwarf::DW_TAG_variable && N.isStaticMember()) \|\|
1229	N.getTag() == dwarf::DW_TAG_inheritance \|\|
1230	N.getTag() == dwarf::DW_TAG_friend \|\|
1231	N.getTag() == dwarf::DW_TAG_set_type \|\|
1232	N.getTag() == dwarf::DW_TAG_template_alias,
1233	"invalid tag", &N);
1234	if (N.getTag() == dwarf::DW_TAG_ptr_to_member_type) {
1235	CheckDI(isType(N.getRawExtraData()), "invalid pointer to member type", &N,
1236	N.getRawExtraData());
1237	} else if (N.getTag() == dwarf::DW_TAG_template_alias) {
1238	CheckDI(isMDTuple(N.getRawExtraData()), "invalid template parameters", &N,
1239	N.getRawExtraData());
1240	} else if (N.getTag() == dwarf::DW_TAG_inheritance \|\|
1241	N.getTag() == dwarf::DW_TAG_member \|\|
1242	N.getTag() == dwarf::DW_TAG_variable) {
1243	auto *ExtraData = N.getRawExtraData();
1244	auto IsValidExtraData = [&]() {
1245	if (ExtraData == nullptr)
1246	return true;
1247	if (isa<ConstantAsMetadata>(Val: ExtraData) \|\| isa<MDString>(Val: ExtraData) \|\|
1248	isa<DIObjCProperty>(Val: ExtraData))
1249	return true;
1250	if (auto *Tuple = dyn_cast<MDTuple>(Val: ExtraData)) {
1251	if (Tuple->getNumOperands() != `1`)
1252	return false;
1253	return isa_and_nonnull<ConstantAsMetadata>(Val: Tuple->getOperand(I: `0`).get());
1254	}
1255	return false;
1256	};
1257	CheckDI(IsValidExtraData(),
1258	"extraData must be ConstantAsMetadata, MDString, DIObjCProperty, "
1259	"or MDTuple with single ConstantAsMetadata operand",
1260	&N, ExtraData);
1261	}
1262
1263	if (N.getTag() == dwarf::DW_TAG_set_type) {
1264	if (auto *T = N.getRawBaseType()) {
1265	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: T);
1266	auto *Subrange = dyn_cast_or_null<DISubrangeType>(Val: T);
1267	auto *Basic = dyn_cast_or_null<DIBasicType>(Val: T);
1268	CheckDI(
1269	(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type) \|\|
1270	(Subrange && Subrange->getTag() == dwarf::DW_TAG_subrange_type) \|\|
1271	(Basic && (Basic->getEncoding() == dwarf::DW_ATE_unsigned \|\|
1272	Basic->getEncoding() == dwarf::DW_ATE_signed \|\|
1273	Basic->getEncoding() == dwarf::DW_ATE_unsigned_char \|\|
1274	Basic->getEncoding() == dwarf::DW_ATE_signed_char \|\|
1275	Basic->getEncoding() == dwarf::DW_ATE_boolean)),
1276	"invalid set base type", &N, T);
1277	}
1278	}
1279
1280	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1281	N.getRawBaseType());
1282
1283	if (N.getDWARFAddressSpace()) {
1284	CheckDI(N.getTag() == dwarf::DW_TAG_pointer_type \|\|
1285	N.getTag() == dwarf::DW_TAG_reference_type \|\|
1286	N.getTag() == dwarf::DW_TAG_rvalue_reference_type,
1287	"DWARF address space only applies to pointer or reference types",
1288	&N);
1289	}
1290
1291	auto *Size = N.getRawSizeInBits();
1292	CheckDI(!Size \|\| isa<ConstantAsMetadata>(Size) \|\| isa<DIVariable>(Size) \|\|
1293	isa<DIExpression>(Size),
1294	"SizeInBits must be a constant or DIVariable or DIExpression");
1295	}
1296
1297	/// Detect mutually exclusive flags.
1298	static bool hasConflictingReferenceFlags(unsigned Flags) {
1299	return ((Flags & DINode::FlagLValueReference) &&
1300	(Flags & DINode::FlagRValueReference)) \|\|
1301	((Flags & DINode::FlagTypePassByValue) &&
1302	(Flags & DINode::FlagTypePassByReference));
1303	}
1304
1305	void Verifier::visitTemplateParams(const MDNode &N, const Metadata &RawParams) {
1306	auto *Params = dyn_cast<MDTuple>(Val: &RawParams);
1307	CheckDI(Params, "invalid template params", &N, &RawParams);
1308	for (Metadata *Op : Params->operands()) {
1309	CheckDI(Op && isa<DITemplateParameter>(Op), "invalid template parameter",
1310	&N, Params, Op);
1311	}
1312	}
1313
1314	void Verifier::visitDICompositeType(const DICompositeType &N) {
1315	// Common type checks.
1316	visitDIType(N);
1317
1318	CheckDI(N.getTag() == dwarf::DW_TAG_array_type \|\|
1319	N.getTag() == dwarf::DW_TAG_structure_type \|\|
1320	N.getTag() == dwarf::DW_TAG_union_type \|\|
1321	N.getTag() == dwarf::DW_TAG_enumeration_type \|\|
1322	N.getTag() == dwarf::DW_TAG_class_type \|\|
1323	N.getTag() == dwarf::DW_TAG_variant_part \|\|
1324	N.getTag() == dwarf::DW_TAG_variant \|\|
1325	N.getTag() == dwarf::DW_TAG_namelist,
1326	"invalid tag", &N);
1327
1328	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1329	N.getRawBaseType());
1330
1331	CheckDI(!N.getRawElements() \|\| isa<MDTuple>(N.getRawElements()),
1332	"invalid composite elements", &N, N.getRawElements());
1333	CheckDI(isType(N.getRawVTableHolder()), "invalid vtable holder", &N,
1334	N.getRawVTableHolder());
1335	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1336	"invalid reference flags", &N);
1337	unsigned DIBlockByRefStruct = `1` << `4`;
1338	CheckDI((N.getFlags() & DIBlockByRefStruct) == `0`,
1339	"DIBlockByRefStruct on DICompositeType is no longer supported", &N);
1340	CheckDI(llvm::all_of(N.getElements(), [](const DINode N) { return* N; }),
1341	"DISubprogram contains null entry in `elements` field", &N);
1342
1343	if (N.isVector()) {
1344	const DINodeArray Elements = N.getElements();
1345	CheckDI(Elements.size() == `1` &&
1346	Elements[`0`]->getTag() == dwarf::DW_TAG_subrange_type,
1347	"invalid vector, expected one element of type subrange", &N);
1348	}
1349
1350	if (auto *Params = N.getRawTemplateParams())
1351	visitTemplateParams(N, RawParams: *Params);
1352
1353	if (auto *D = N.getRawDiscriminator()) {
1354	CheckDI(isa<DIDerivedType>(D) && N.getTag() == dwarf::DW_TAG_variant_part,
1355	"discriminator can only appear on variant part");
1356	}
1357
1358	if (N.getRawDataLocation()) {
1359	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1360	"dataLocation can only appear in array type");
1361	}
1362
1363	if (N.getRawAssociated()) {
1364	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1365	"associated can only appear in array type");
1366	}
1367
1368	if (N.getRawAllocated()) {
1369	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1370	"allocated can only appear in array type");
1371	}
1372
1373	if (N.getRawRank()) {
1374	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1375	"rank can only appear in array type");
1376	}
1377
1378	if (N.getTag() == dwarf::DW_TAG_array_type) {
1379	CheckDI(N.getRawBaseType(), "array types must have a base type", &N);
1380	}
1381
1382	auto *Size = N.getRawSizeInBits();
1383	CheckDI(!Size \|\| isa<ConstantAsMetadata>(Size) \|\| isa<DIVariable>(Size) \|\|
1384	isa<DIExpression>(Size),
1385	"SizeInBits must be a constant or DIVariable or DIExpression");
1386	}
1387
1388	void Verifier::visitDISubroutineType(const DISubroutineType &N) {
1389	visitDIType(N);
1390	CheckDI(N.getTag() == dwarf::DW_TAG_subroutine_type, "invalid tag", &N);
1391	if (auto *Types = N.getRawTypeArray()) {
1392	CheckDI(isa<MDTuple>(Types), "invalid composite elements", &N, Types);
1393	for (Metadata *Ty : N.getTypeArray()->operands()) {
1394	CheckDI(isType(Ty), "invalid subroutine type ref", &N, Types, Ty);
1395	}
1396	}
1397	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1398	"invalid reference flags", &N);
1399	}
1400
1401	void Verifier::visitDIFile(const DIFile &N) {
1402	CheckDI(N.getTag() == dwarf::DW_TAG_file_type, "invalid tag", &N);
1403	std::optional<DIFile::ChecksumInfo<StringRef>> Checksum = N.getChecksum();
1404	if (Checksum) {
1405	CheckDI(Checksum ->Kind <= DIFile::ChecksumKind::CSK_Last,
1406	"invalid checksum kind", &N);
1407	size_t Size;
1408	switch (Checksum ->Kind) {
1409	case DIFile::CSK_MD5:
1410	Size = `32`;
1411	break;
1412	case DIFile::CSK_SHA1:
1413	Size = `40`;
1414	break;
1415	case DIFile::CSK_SHA256:
1416	Size = `64`;
1417	break;
1418	}
1419	CheckDI(Checksum ->Value.size() == Size, "invalid checksum length", &N);
1420	CheckDI(Checksum ->Value.find_if_not(llvm::isHexDigit) == StringRef::npos,
1421	"invalid checksum", &N);
1422	}
1423	}
1424
1425	void Verifier::visitDICompileUnit(const DICompileUnit &N) {
1426	CheckDI(N.isDistinct(), "compile units must be distinct", &N);
1427	CheckDI(N.getTag() == dwarf::DW_TAG_compile_unit, "invalid tag", &N);
1428
1429	// Don't bother verifying the compilation directory or producer string
1430	// as those could be empty.
1431	CheckDI(N.getRawFile() && isa<DIFile>(N.getRawFile()), "invalid file", &N,
1432	N.getRawFile());
1433	CheckDI(!N.getFile()->getFilename().empty(), "invalid filename", &N,
1434	N.getFile());
1435
1436	CheckDI((N.getEmissionKind() <= DICompileUnit::LastEmissionKind),
1437	"invalid emission kind", &N);
1438
1439	CheckDI(N.getSourceLanguage().getDialect() <= dwarf::DW_LLVM_LANG_DIALECT_max,
1440	"invalid language dialect", &N);
1441
1442	if (auto *Array = N.getRawEnumTypes()) {
1443	CheckDI(isa<MDTuple>(Array), "invalid enum list", &N, Array);
1444	for (Metadata *Op : N.getEnumTypes()->operands()) {
1445	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: Op);
1446	CheckDI(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type,
1447	"invalid enum type", &N, N.getEnumTypes(), Op);
1448	CheckDI(!Enum->getScope() \|\| !isa<DILocalScope>(Enum->getScope()),
1449	"function-local enum in a DICompileUnit's enum list", &N,
1450	N.getEnumTypes(), Op);
1451	}
1452	}
1453	if (auto *Array = N.getRawRetainedTypes()) {
1454	CheckDI(isa<MDTuple>(Array), "invalid retained type list", &N, Array);
1455	for (Metadata *Op : N.getRetainedTypes()->operands()) {
1456	CheckDI(
1457	Op && (isa<DIType>(Op) \|\| (isa<DISubprogram>(Op) &&
1458	!cast<DISubprogram>(Op)->isDefinition())),
1459	"invalid retained type", &N, Op);
1460	}
1461	}
1462	if (auto *Array = N.getRawGlobalVariables()) {
1463	CheckDI(isa<MDTuple>(Array), "invalid global variable list", &N, Array);
1464	for (Metadata *Op : N.getGlobalVariables()->operands()) {
1465	CheckDI(Op && (isa<DIGlobalVariableExpression>(Op)),
1466	"invalid global variable ref", &N, Op);
1467	}
1468	}
1469	if (auto *Array = N.getRawImportedEntities()) {
1470	CheckDI(isa<MDTuple>(Array), "invalid imported entity list", &N, Array);
1471	for (Metadata *Op : N.getImportedEntities()->operands()) {
1472	auto *IE = dyn_cast_or_null<DIImportedEntity>(Val: Op);
1473	CheckDI(IE, "invalid imported entity ref", &N, Op);
1474	CheckDI(!isa_and_nonnull<DILocalScope>(IE->getScope()),
1475	"function-local imports are not allowed in a DICompileUnit's "
1476	"imported entities list",
1477	&N, Op);
1478	}
1479	}
1480	if (auto *Array = N.getRawMacros()) {
1481	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1482	for (Metadata *Op : N.getMacros()->operands()) {
1483	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1484	}
1485	}
1486	CUVisited.insert(Ptr: &N);
1487	}
1488
1489	void Verifier::visitDISubprogram(const DISubprogram &N) {
1490	CheckDI(N.getTag() == dwarf::DW_TAG_subprogram, "invalid tag", &N);
1491	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1492	if (auto *F = N.getRawFile())
1493	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1494	else
1495	CheckDI(N.getLine() == `0`, "line specified with no file", &N, N.getLine());
1496	auto *T = N.getRawType();
1497	CheckDI(T, "DISubprogram requires a non-null type", &N);
1498	CheckDI(isa<DISubroutineType>(T), "invalid subroutine type", &N, T);
1499	CheckDI(isType(N.getRawContainingType()), "invalid containing type", &N,
1500	N.getRawContainingType());
1501	if (auto *Params = N.getRawTemplateParams())
1502	visitTemplateParams(N, RawParams: *Params);
1503	if (auto *S = N.getRawDeclaration())
1504	CheckDI(isa<DISubprogram>(S) && !cast<DISubprogram>(S)->isDefinition(),
1505	"invalid subprogram declaration", &N, S);
1506	if (auto *RawNode = N.getRawRetainedNodes()) {
1507	auto *Node = dyn_cast<MDTuple>(Val: RawNode);
1508	CheckDI(Node, "invalid retained nodes list", &N, RawNode);
1509
1510	DenseMap<unsigned, DILocalVariable *> Args;
1511	for (Metadata *Op : Node->operands()) {
1512	CheckDI(Op, "nullptr in retained nodes", &N, Node);
1513
1514	auto True = [](const Metadata ) { return* true; };
1515	auto False = [](const Metadata ) { return* false; };
1516	bool IsTypeCorrect = DISubprogram::visitRetainedNode<bool>(
1517	N: Op, FuncLV&: True, FuncLabel&: True, FuncIE&: True, FuncType&: True, FuncUnknown&: False);
1518	CheckDI(IsTypeCorrect,
1519	"invalid retained nodes, expected DILocalVariable, DILabel, "
1520	"DIImportedEntity or DIType",
1521	&N, Node, Op);
1522
1523	auto *RetainedNode = cast<DINode>(Val: Op);
1524	auto *RetainedNodeScope = dyn_cast_or_null<DILocalScope>(
1525	Val: DISubprogram::getRawRetainedNodeScope(N: RetainedNode));
1526	CheckDI(RetainedNodeScope,
1527	"invalid retained nodes, retained node is not local", &N, Node,
1528	RetainedNode);
1529
1530	DISubprogram *RetainedNodeSP = RetainedNodeScope->getSubprogram();
1531	DICompileUnit *RetainedNodeUnit =
1532	RetainedNodeSP ? RetainedNodeSP->getUnit() : nullptr;
1533	CheckDI(
1534	RetainedNodeSP == &N,
1535	"invalid retained nodes, retained node does not belong to subprogram",
1536	&N, Node, RetainedNode, RetainedNodeScope, RetainedNodeSP,
1537	RetainedNodeUnit);
1538
1539	auto *DV = dyn_cast<DILocalVariable>(Val: RetainedNode);
1540	if (!DV)
1541	continue;
1542	if (unsigned ArgNum = DV->getArg()) {
1543	auto [ArgI, Inserted] = Args.insert(KV: {ArgNum, DV});
1544	CheckDI(Inserted \|\| DV == ArgI ->second,
1545	"invalid retained nodes, more than one local variable with the "
1546	"same argument index",
1547	&N, N.getUnit(), Node, RetainedNode, Args[ArgNum]);
1548	}
1549	}
1550	}
1551	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1552	"invalid reference flags", &N);
1553
1554	auto *Unit = N.getRawUnit();
1555	if (N.isDefinition()) {
1556	// Subprogram definitions (not part of the type hierarchy).
1557	CheckDI(N.isDistinct(), "subprogram definitions must be distinct", &N);
1558	CheckDI(Unit, "subprogram definitions must have a compile unit", &N);
1559	CheckDI(isa<DICompileUnit>(Unit), "invalid unit type", &N, Unit);
1560	// There's no good way to cross the CU boundary to insert a nested
1561	// DISubprogram definition in one CU into a type defined in another CU.
1562	auto *CT = dyn_cast_or_null<DICompositeType>(Val: N.getRawScope());
1563	if (CT && CT->getRawIdentifier() &&
1564	M.getContext().isODRUniquingDebugTypes())
1565	CheckDI(N.getDeclaration(),
1566	"definition subprograms cannot be nested within DICompositeType "
1567	"when enabling ODR",
1568	&N);
1569	} else {
1570	// Subprogram declarations (part of the type hierarchy).
1571	CheckDI(!Unit, "subprogram declarations must not have a compile unit", &N);
1572	CheckDI(!N.getRawDeclaration(),
1573	"subprogram declaration must not have a declaration field");
1574	}
1575
1576	if (auto *RawThrownTypes = N.getRawThrownTypes()) {
1577	auto *ThrownTypes = dyn_cast<MDTuple>(Val: RawThrownTypes);
1578	CheckDI(ThrownTypes, "invalid thrown types list", &N, RawThrownTypes);
1579	for (Metadata *Op : ThrownTypes->operands())
1580	CheckDI(Op && isa<DIType>(Op), "invalid thrown type", &N, ThrownTypes,
1581	Op);
1582	}
1583
1584	if (N.areAllCallsDescribed())
1585	CheckDI(N.isDefinition(),
1586	"DIFlagAllCallsDescribed must be attached to a definition");
1587	}
1588
1589	void Verifier::visitDILexicalBlockBase(const DILexicalBlockBase &N) {
1590	CheckDI(N.getTag() == dwarf::DW_TAG_lexical_block, "invalid tag", &N);
1591	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1592	"invalid local scope", &N, N.getRawScope());
1593	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1594	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1595	}
1596
1597	void Verifier::visitDILexicalBlock(const DILexicalBlock &N) {
1598	visitDILexicalBlockBase(N);
1599
1600	CheckDI(N.getLine() \|\| !N.getColumn(),
1601	"cannot have column info without line info", &N);
1602	}
1603
1604	void Verifier::visitDILexicalBlockFile(const DILexicalBlockFile &N) {
1605	visitDILexicalBlockBase(N);
1606	}
1607
1608	void Verifier::visitDICommonBlock(const DICommonBlock &N) {
1609	CheckDI(N.getTag() == dwarf::DW_TAG_common_block, "invalid tag", &N);
1610	if (auto *S = N.getRawScope())
1611	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1612	if (auto *S = N.getRawDecl())
1613	CheckDI(isa<DIGlobalVariable>(S), "invalid declaration", &N, S);
1614	}
1615
1616	void Verifier::visitDINamespace(const DINamespace &N) {
1617	CheckDI(N.getTag() == dwarf::DW_TAG_namespace, "invalid tag", &N);
1618	if (auto *S = N.getRawScope())
1619	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1620	}
1621
1622	void Verifier::visitDIMacro(const DIMacro &N) {
1623	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_define \|\|
1624	N.getMacinfoType() == dwarf::DW_MACINFO_undef,
1625	"invalid macinfo type", &N);
1626	CheckDI(!N.getName().empty(), "anonymous macro", &N);
1627	if (!N.getValue().empty()) {
1628	assert(N.getValue().data()[`0`] != `' '` && "Macro value has a space prefix");
1629	}
1630	}
1631
1632	void Verifier::visitDIMacroFile(const DIMacroFile &N) {
1633	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_start_file,
1634	"invalid macinfo type", &N);
1635	if (auto *F = N.getRawFile())
1636	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1637
1638	if (auto *Array = N.getRawElements()) {
1639	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1640	for (Metadata *Op : N.getElements()->operands()) {
1641	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1642	}
1643	}
1644	}
1645
1646	void Verifier::visitDIModule(const DIModule &N) {
1647	CheckDI(N.getTag() == dwarf::DW_TAG_module, "invalid tag", &N);
1648	CheckDI(!N.getName().empty(), "anonymous module", &N);
1649	}
1650
1651	void Verifier::visitDITemplateParameter(const DITemplateParameter &N) {
1652	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1653	}
1654
1655	void Verifier::visitDITemplateTypeParameter(const DITemplateTypeParameter &N) {
1656	visitDITemplateParameter(N);
1657
1658	CheckDI(N.getTag() == dwarf::DW_TAG_template_type_parameter, "invalid tag",
1659	&N);
1660	}
1661
1662	void Verifier::visitDITemplateValueParameter(
1663	const DITemplateValueParameter &N) {
1664	visitDITemplateParameter(N);
1665
1666	CheckDI(N.getTag() == dwarf::DW_TAG_template_value_parameter \|\|
1667	N.getTag() == dwarf::DW_TAG_GNU_template_template_param \|\|
1668	N.getTag() == dwarf::DW_TAG_GNU_template_parameter_pack,
1669	"invalid tag", &N);
1670	}
1671
1672	void Verifier::visitDIVariable(const DIVariable &N) {
1673	if (auto *S = N.getRawScope())
1674	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1675	if (auto *F = N.getRawFile())
1676	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1677	}
1678
1679	void Verifier::visitDIGlobalVariable(const DIGlobalVariable &N) {
1680	// Checks common to all variables.
1681	visitDIVariable(N);
1682
1683	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1684	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1685	// Check only if the global variable is not an extern
1686	if (N.isDefinition())
1687	CheckDI(N.getType(), "missing global variable type", &N);
1688	if (auto *Member = N.getRawStaticDataMemberDeclaration()) {
1689	CheckDI(isa<DIDerivedType>(Member),
1690	"invalid static data member declaration", &N, Member);
1691	}
1692	}
1693
1694	void Verifier::visitDILocalVariable(const DILocalVariable &N) {
1695	// Checks common to all variables.
1696	visitDIVariable(N);
1697
1698	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1699	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1700	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1701	"local variable requires a valid scope", &N, N.getRawScope());
1702	if (auto Ty = N.getType())
1703	CheckDI(!isa<DISubroutineType>(Ty), "invalid type", &N, N.getType());
1704	}
1705
1706	void Verifier::visitDIAssignID(const DIAssignID &N) {
1707	CheckDI(!N.getNumOperands(), "DIAssignID has no arguments", &N);
1708	CheckDI(N.isDistinct(), "DIAssignID must be distinct", &N);
1709	}
1710
1711	void Verifier::visitDILabel(const DILabel &N) {
1712	if (auto *S = N.getRawScope())
1713	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1714	if (auto *F = N.getRawFile())
1715	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1716
1717	CheckDI(N.getTag() == dwarf::DW_TAG_label, "invalid tag", &N);
1718	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1719	"label requires a valid scope", &N, N.getRawScope());
1720	}
1721
1722	void Verifier::visitDIExpression(const DIExpression &N) {
1723	CheckDI(N.isValid(), "invalid expression", &N);
1724	}
1725
1726	void Verifier::visitDIGlobalVariableExpression(
1727	const DIGlobalVariableExpression &GVE) {
1728	CheckDI(GVE.getVariable(), "missing variable");
1729	if (auto *Var = GVE.getVariable())
1730	visitDIGlobalVariable(N: *Var);
1731	if (auto *Expr = GVE.getExpression()) {
1732	visitDIExpression(N: *Expr);
1733	if (auto Fragment = Expr->getFragmentInfo())
1734	verifyFragmentExpression(V: GVE.getVariable(), Fragment: Fragment, Desc: &GVE);
1735	}
1736	}
1737
1738	void Verifier::visitDIObjCProperty(const DIObjCProperty &N) {
1739	CheckDI(N.getTag() == dwarf::DW_TAG_APPLE_property, "invalid tag", &N);
1740	if (auto *T = N.getRawType())
1741	CheckDI(isType(T), "invalid type ref", &N, T);
1742	if (auto *F = N.getRawFile())
1743	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1744	}
1745
1746	void Verifier::visitDIImportedEntity(const DIImportedEntity &N) {
1747	CheckDI(N.getTag() == dwarf::DW_TAG_imported_module \|\|
1748	N.getTag() == dwarf::DW_TAG_imported_declaration,
1749	"invalid tag", &N);
1750	if (auto *S = N.getRawScope())
1751	CheckDI(isa<DIScope>(S), "invalid scope for imported entity", &N, S);
1752	CheckDI(isDINode(N.getRawEntity()), "invalid imported entity", &N,
1753	N.getRawEntity());
1754	}
1755
1756	void Verifier::visitComdat(const Comdat &C) {
1757	// In COFF the Module is invalid if the GlobalValue has private linkage.
1758	// Entities with private linkage don't have entries in the symbol table.
1759	if (TT.isOSBinFormatCOFF())
1760	if (const GlobalValue *GV = M.getNamedValue(Name: C.getName()))
1761	Check(!GV->hasPrivateLinkage(), "comdat global value has private linkage",
1762	GV);
1763	}
1764
1765	void Verifier::visitModuleIdents() {
1766	const NamedMDNode *Idents = M.getNamedMetadata(Name: "llvm.ident");
1767	if (!Idents)
1768	return;
1769
1770	// llvm.ident takes a list of metadata entry. Each entry has only one string.
1771	// Scan each llvm.ident entry and make sure that this requirement is met.
1772	for (const MDNode *N : Idents->operands()) {
1773	Check(N->getNumOperands() == `1`,
1774	"incorrect number of operands in llvm.ident metadata", N);
1775	Check(dyn_cast_or_null<MDString>(N->getOperand(`0`)),
1776	("invalid value for llvm.ident metadata entry operand"
1777	"(the operand should be a string)"),
1778	N->getOperand(`0`));
1779	}
1780	}
1781
1782	void Verifier::visitModuleCommandLines() {
1783	const NamedMDNode *CommandLines = M.getNamedMetadata(Name: "llvm.commandline");
1784	if (!CommandLines)
1785	return;
1786
1787	// llvm.commandline takes a list of metadata entry. Each entry has only one
1788	// string. Scan each llvm.commandline entry and make sure that this
1789	// requirement is met.
1790	for (const MDNode *N : CommandLines->operands()) {
1791	Check(N->getNumOperands() == `1`,
1792	"incorrect number of operands in llvm.commandline metadata", N);
1793	Check(dyn_cast_or_null<MDString>(N->getOperand(`0`)),
1794	("invalid value for llvm.commandline metadata entry operand"
1795	"(the operand should be a string)"),
1796	N->getOperand(`0`));
1797	}
1798	}
1799
1800	void Verifier::visitModuleErrnoTBAA() {
1801	const NamedMDNode *ErrnoTBAA = M.getNamedMetadata(Name: "llvm.errno.tbaa");
1802	if (!ErrnoTBAA)
1803	return;
1804
1805	Check(ErrnoTBAA->getNumOperands() >= `1`,
1806	"llvm.errno.tbaa must have at least one operand", ErrnoTBAA);
1807
1808	for (const MDNode *N : ErrnoTBAA->operands())
1809	TBAAVerifyHelper.visitTBAAMetadata(I: nullptr, MD: N);
1810	}
1811
1812	void Verifier::visitModuleFlags() {
1813	const NamedMDNode *Flags = M.getModuleFlagsMetadata();
1814	if (!Flags) return;
1815
1816	// Scan each flag, and track the flags and requirements.
1817	DenseMap<const MDString, const* MDNode*> SeenIDs;
1818	SmallVector<const MDNode*, `16`> Requirements;
1819	uint64_t PAuthABIPlatform = -`1`;
1820	uint64_t PAuthABIVersion = -`1`;
1821	for (const MDNode *MDN : Flags->operands()) {
1822	visitModuleFlag(Op: MDN, SeenIDs, Requirements);
1823	if (MDN->getNumOperands() != `3`)
1824	continue;
1825	if (const auto *FlagName = dyn_cast_or_null<MDString>(Val: MDN->getOperand(I: `1`))) {
1826	if (FlagName->getString() == "aarch64-elf-pauthabi-platform") {
1827	if (const auto *PAP =
1828	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: `2`)))
1829	PAuthABIPlatform = PAP->getZExtValue();
1830	} else if (FlagName->getString() == "aarch64-elf-pauthabi-version") {
1831	if (const auto *PAV =
1832	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: `2`)))
1833	PAuthABIVersion = PAV->getZExtValue();
1834	}
1835	}
1836	}
1837
1838	if ((PAuthABIPlatform == uint64_t(-`1`)) != (PAuthABIVersion == uint64_t(-`1`)))
1839	CheckFailed(Message: "either both or no 'aarch64-elf-pauthabi-platform' and "
1840	"'aarch64-elf-pauthabi-version' module flags must be present");
1841
1842	// Validate that the requirements in the module are valid.
1843	for (const MDNode *Requirement : Requirements) {
1844	const MDString *Flag = cast<MDString>(Val: Requirement->getOperand(I: `0`));
1845	const Metadata *ReqValue = Requirement->getOperand(I: `1`);
1846
1847	const MDNode *Op = SeenIDs.lookup(Val: Flag);
1848	if (!Op) {
1849	CheckFailed(Message: "invalid requirement on flag, flag is not present in module",
1850	V1: Flag);
1851	continue;
1852	}
1853
1854	if (Op->getOperand(I: `2`) != ReqValue) {
1855	CheckFailed(Message: ("invalid requirement on flag, "
1856	"flag does not have the required value"),
1857	V1: Flag);
1858	continue;
1859	}
1860	}
1861	}
1862
1863	void
1864	Verifier::visitModuleFlag(const MDNode *Op,
1865	DenseMap<const MDString , const* MDNode *> &SeenIDs,
1866	SmallVectorImpl<const MDNode *> &Requirements) {
1867	// Each module flag should have three arguments, the merge behavior (a
1868	// constant int), the flag ID (an MDString), and the value.
1869	Check(Op->getNumOperands() == `3`,
1870	"incorrect number of operands in module flag", Op);
1871	Module::ModFlagBehavior MFB;
1872	if (!Module::isValidModFlagBehavior(MD: Op->getOperand(I: `0`), MFB)) {
1873	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(`0`)),
1874	"invalid behavior operand in module flag (expected constant integer)",
1875	Op->getOperand(`0`));
1876	Check(false,
1877	"invalid behavior operand in module flag (unexpected constant)",
1878	Op->getOperand(`0`));
1879	}
1880	MDString *ID = dyn_cast_or_null<MDString>(Val: Op->getOperand(I: `1`));
1881	Check(ID, "invalid ID operand in module flag (expected metadata string)",
1882	Op->getOperand(`1`));
1883
1884	// Check the values for behaviors with additional requirements.
1885	switch (MFB) {
1886	case Module::Error:
1887	case Module::Warning:
1888	case Module::Override:
1889	// These behavior types accept any value.
1890	break;
1891
1892	case Module::Min: {
1893	auto *V = mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: `2`));
1894	Check(V && V->getValue().isNonNegative(),
1895	"invalid value for 'min' module flag (expected constant non-negative "
1896	"integer)",
1897	Op->getOperand(`2`));
1898	break;
1899	}
1900
1901	case Module::Max: {
1902	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(`2`)),
1903	"invalid value for 'max' module flag (expected constant integer)",
1904	Op->getOperand(`2`));
1905	break;
1906	}
1907
1908	case Module::Require: {
1909	// The value should itself be an MDNode with two operands, a flag ID (an
1910	// MDString), and a value.
1911	MDNode *Value = dyn_cast<MDNode>(Val: Op->getOperand(I: `2`));
1912	Check(Value && Value->getNumOperands() == `2`,
1913	"invalid value for 'require' module flag (expected metadata pair)",
1914	Op->getOperand(`2`));
1915	Check(isa<MDString>(Value->getOperand(`0`)),
1916	("invalid value for 'require' module flag "
1917	"(first value operand should be a string)"),
1918	Value->getOperand(`0`));
1919
1920	// Append it to the list of requirements, to check once all module flags are
1921	// scanned.
1922	Requirements.push_back(Elt: Value);
1923	break;
1924	}
1925
1926	case Module::Append:
1927	case Module::AppendUnique: {
1928	// These behavior types require the operand be an MDNode.
1929	Check(isa<MDNode>(Op->getOperand(`2`)),
1930	"invalid value for 'append'-type module flag "
1931	"(expected a metadata node)",
1932	Op->getOperand(`2`));
1933	break;
1934	}
1935	}
1936
1937	// Unless this is a "requires" flag, check the ID is unique.
1938	if (MFB != Module::Require) {
1939	bool Inserted = SeenIDs.insert(KV: std::make_pair(x&: ID, y&: Op)).second;
1940	Check(Inserted,
1941	"module flag identifiers must be unique (or of 'require' type)", ID);
1942	}
1943
1944	if (ID->getString() == "wchar_size") {
1945	ConstantInt *Value
1946	= mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: `2`));
1947	Check(Value, "wchar_size metadata requires constant integer argument");
1948	}
1949
1950	if (ID->getString() == "Linker Options") {
1951	// If the llvm.linker.options named metadata exists, we assume that the
1952	// bitcode reader has upgraded the module flag. Otherwise the flag might
1953	// have been created by a client directly.
1954	Check(M.getNamedMetadata("llvm.linker.options"),
1955	"'Linker Options' named metadata no longer supported");
1956	}
1957
1958	if (ID->getString() == "SemanticInterposition") {
1959	ConstantInt *Value =
1960	mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: `2`));
1961	Check(Value,
1962	"SemanticInterposition metadata requires constant integer argument");
1963	}
1964
1965	if (ID->getString() == "CG Profile") {
1966	for (const MDOperand &MDO : cast<MDNode>(Val: Op->getOperand(I: `2`))->operands())
1967	visitModuleFlagCGProfileEntry(MDO);
1968	}
1969
1970	// Target-specific module flag checks.
1971	verifyAMDGPUModuleFlag(VS&: *this, ID, MFB, Op);
1972	}
1973
1974	void Verifier::visitModuleFlagCGProfileEntry(const MDOperand &MDO) {
1975	auto CheckFunction = [&](const MDOperand &FuncMDO) {
1976	if (!FuncMDO)
1977	return;
1978	auto F = dyn_cast<ValueAsMetadata>(Val: FuncMDO);
1979	Check(F && isa<Function>(F->getValue()->stripPointerCasts()),
1980	"expected a Function or null", FuncMDO);
1981	};
1982	auto Node = dyn_cast_or_null<MDNode>(Val: MDO);
1983	Check(Node && Node->getNumOperands() == `3`, "expected a MDNode triple", MDO);
1984	CheckFunction (Node->getOperand(I: `0`));
1985	CheckFunction (Node->getOperand(I: `1`));
1986	auto Count = dyn_cast_or_null<ConstantAsMetadata>(Val: Node->getOperand(I: `2`));
1987	Check(Count && Count->getType()->isIntegerTy(),
1988	"expected an integer constant", Node->getOperand(`2`));
1989	}
1990
1991	void Verifier::verifyAttributeTypes(AttributeSet Attrs, const Value *V) {
1992	for (Attribute A : Attrs) {
1993
1994	if (A.isStringAttribute()) {
1995	#define GET_ATTR_NAMES
1996	#define ATTRIBUTE_ENUM(ENUM_NAME, DISPLAY_NAME)
1997	#define ATTRIBUTE_STRBOOL(ENUM_NAME, DISPLAY_NAME) \
1998	if (A.getKindAsString() == #DISPLAY_NAME) { \
1999	auto V = A.getValueAsString(); \
2000	if (!(V.empty() \|\| V == "true" \|\| V == "false")) \
2001	CheckFailed("invalid value for '" #DISPLAY_NAME "' attribute: " + V + \
2002	""); \
2003	}
2004
2005	#include "llvm/IR/Attributes.inc"
2006	continue;
2007	}
2008
2009	if (A.isIntAttribute() != Attribute::isIntAttrKind(Kind: A.getKindAsEnum())) {
2010	CheckFailed(Message: "Attribute '" + A.getAsString() + "' should have an Argument",
2011	V1: V);
2012	return;
2013	}
2014	}
2015	}
2016
2017	// VerifyParameterAttrs - Check the given attributes for an argument or return
2018	// value of the specified type. The value V is printed in error messages.
2019	void Verifier::verifyParameterAttrs(AttributeSet Attrs, Type *Ty,
2020	const Value *V) {
2021	if (!Attrs.hasAttributes())
2022	return;
2023
2024	verifyAttributeTypes(Attrs, V);
2025
2026	for (Attribute Attr : Attrs)
2027	Check(Attr.isStringAttribute() \|\|
2028	Attribute::canUseAsParamAttr(Attr.getKindAsEnum()),
2029	"Attribute '" + Attr.getAsString() + "' does not apply to parameters",
2030	V);
2031
2032	if (Attrs.hasAttribute(Kind: Attribute::ImmArg)) {
2033	unsigned AttrCount =
2034	Attrs.getNumAttributes() - Attrs.hasAttribute(Kind: Attribute::Range);
2035	Check(AttrCount == `1`,
2036	"Attribute 'immarg' is incompatible with other attributes except the "
2037	"'range' attribute",
2038	V);
2039	}
2040
2041	// Check for mutually incompatible attributes. Only inreg is compatible with
2042	// sret.
2043	unsigned AttrCount = `0`;
2044	AttrCount += Attrs.hasAttribute(Kind: Attribute::ByVal);
2045	AttrCount += Attrs.hasAttribute(Kind: Attribute::InAlloca);
2046	AttrCount += Attrs.hasAttribute(Kind: Attribute::Preallocated);
2047	AttrCount += Attrs.hasAttribute(Kind: Attribute::StructRet) \|\|
2048	Attrs.hasAttribute(Kind: Attribute::InReg);
2049	AttrCount += Attrs.hasAttribute(Kind: Attribute::Nest);
2050	AttrCount += Attrs.hasAttribute(Kind: Attribute::ByRef);
2051	Check(AttrCount <= `1`,
2052	"Attributes 'byval', 'inalloca', 'preallocated', 'inreg', 'nest', "
2053	"'byref', and 'sret' are incompatible!",
2054	V);
2055
2056	Check(!(Attrs.hasAttribute(Attribute::InAlloca) &&
2057	Attrs.hasAttribute(Attribute::ReadOnly)),
2058	"Attributes "
2059	"'inalloca and readonly' are incompatible!",
2060	V);
2061
2062	Check(!(Attrs.hasAttribute(Attribute::StructRet) &&
2063	Attrs.hasAttribute(Attribute::Returned)),
2064	"Attributes "
2065	"'sret and returned' are incompatible!",
2066	V);
2067
2068	Check(!(Attrs.hasAttribute(Attribute::ZExt) &&
2069	Attrs.hasAttribute(Attribute::SExt)),
2070	"Attributes "
2071	"'zeroext and signext' are incompatible!",
2072	V);
2073
2074	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2075	Attrs.hasAttribute(Attribute::ReadOnly)),
2076	"Attributes "
2077	"'readnone and readonly' are incompatible!",
2078	V);
2079
2080	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2081	Attrs.hasAttribute(Attribute::WriteOnly)),
2082	"Attributes "
2083	"'readnone and writeonly' are incompatible!",
2084	V);
2085
2086	Check(!(Attrs.hasAttribute(Attribute::ReadOnly) &&
2087	Attrs.hasAttribute(Attribute::WriteOnly)),
2088	"Attributes "
2089	"'readonly and writeonly' are incompatible!",
2090	V);
2091
2092	Check(!(Attrs.hasAttribute(Attribute::NoInline) &&
2093	Attrs.hasAttribute(Attribute::AlwaysInline)),
2094	"Attributes "
2095	"'noinline and alwaysinline' are incompatible!",
2096	V);
2097
2098	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2099	Attrs.hasAttribute(Attribute::ReadNone)),
2100	"Attributes writable and readnone are incompatible!", V);
2101
2102	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2103	Attrs.hasAttribute(Attribute::ReadOnly)),
2104	"Attributes writable and readonly are incompatible!", V);
2105
2106	AttributeMask IncompatibleAttrs = AttributeFuncs::typeIncompatible(Ty, AS: Attrs);
2107	for (Attribute Attr : Attrs) {
2108	if (!Attr.isStringAttribute() &&
2109	IncompatibleAttrs.contains(A: Attr.getKindAsEnum())) {
2110	CheckFailed(Message: "Attribute '" + Attr.getAsString() +
2111	"' applied to incompatible type!", V1: V);
2112	return;
2113	}
2114	}
2115
2116	if (isa<PointerType>(Val: Ty)) {
2117	if (Attrs.hasAttribute(Kind: Attribute::Alignment)) {
2118	Align AttrAlign = Attrs.getAlignment().valueOrOne();
2119	Check(AttrAlign.value() <= Value::MaximumAlignment,
2120	"huge alignment values are unsupported", V);
2121	}
2122	if (Attrs.hasAttribute(Kind: Attribute::ByVal)) {
2123	Type *ByValTy = Attrs.getByValType();
2124	SmallPtrSet<Type *, `4`> Visited;
2125	Check(ByValTy->isSized(&Visited),
2126	"Attribute 'byval' does not support unsized types!", V);
2127	// Check if it is or contains a target extension type that disallows being
2128	// used on the stack.
2129	Check(!ByValTy->containsNonLocalTargetExtType(),
2130	"'byval' argument has illegal target extension type", V);
2131	Check(DL.getTypeAllocSize(ByValTy).getKnownMinValue() < (`1ULL` << `32`),
2132	"huge 'byval' arguments are unsupported", V);
2133	}
2134	if (Attrs.hasAttribute(Kind: Attribute::ByRef)) {
2135	SmallPtrSet<Type *, `4`> Visited;
2136	Check(Attrs.getByRefType()->isSized(&Visited),
2137	"Attribute 'byref' does not support unsized types!", V);
2138	Check(DL.getTypeAllocSize(Attrs.getByRefType()).getKnownMinValue() <
2139	(`1ULL` << `32`),
2140	"huge 'byref' arguments are unsupported", V);
2141	}
2142	if (Attrs.hasAttribute(Kind: Attribute::InAlloca)) {
2143	SmallPtrSet<Type *, `4`> Visited;
2144	Check(Attrs.getInAllocaType()->isSized(&Visited),
2145	"Attribute 'inalloca' does not support unsized types!", V);
2146	Check(DL.getTypeAllocSize(Attrs.getInAllocaType()).getKnownMinValue() <
2147	(`1ULL` << `32`),
2148	"huge 'inalloca' arguments are unsupported", V);
2149	}
2150	if (Attrs.hasAttribute(Kind: Attribute::Preallocated)) {
2151	SmallPtrSet<Type *, `4`> Visited;
2152	Check(Attrs.getPreallocatedType()->isSized(&Visited),
2153	"Attribute 'preallocated' does not support unsized types!", V);
2154	Check(
2155	DL.getTypeAllocSize(Attrs.getPreallocatedType()).getKnownMinValue() <
2156	(`1ULL` << `32`),
2157	"huge 'preallocated' arguments are unsupported", V);
2158	}
2159	}
2160
2161	if (Attrs.hasAttribute(Kind: Attribute::Initializes)) {
2162	auto Inits = Attrs.getAttribute(Kind: Attribute::Initializes).getInitializes();
2163	Check(!Inits.empty(), "Attribute 'initializes' does not support empty list",
2164	V);
2165	Check(ConstantRangeList::isOrderedRanges(Inits),
2166	"Attribute 'initializes' does not support unordered ranges", V);
2167	}
2168
2169	if (Attrs.hasAttribute(Kind: Attribute::NoFPClass)) {
2170	uint64_t Val = Attrs.getAttribute(Kind: Attribute::NoFPClass).getValueAsInt();
2171	Check(Val != `0`, "Attribute 'nofpclass' must have at least one test bit set",
2172	V);
2173	Check((Val & ~static_cast<unsigned>(fcAllFlags)) == `0`,
2174	"Invalid value for 'nofpclass' test mask", V);
2175	}
2176	if (Attrs.hasAttribute(Kind: Attribute::Range)) {
2177	const ConstantRange &CR =
2178	Attrs.getAttribute(Kind: Attribute::Range).getValueAsConstantRange();
2179	Check(Ty->isIntOrIntVectorTy(CR.getBitWidth()),
2180	"Range bit width must match type bit width!", V);
2181	}
2182	}
2183
2184	void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
2185	const Value *V) {
2186	if (Attrs.hasFnAttr(Kind: Attr)) {
2187	StringRef S = Attrs.getFnAttr(Kind: Attr).getValueAsString();
2188	unsigned N;
2189	if (S.getAsInteger(Radix: `10`, Result&: N))
2190	CheckFailed(Message: "\"" + Attr + "\" takes an unsigned integer: " + S, V1: V);
2191	}
2192	}
2193
2194	// Check parameter attributes against a function type.
2195	// The value V is printed in error messages.
2196	void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
2197	const Value V, bool* IsIntrinsic,
2198	bool IsInlineAsm) {
2199	if (Attrs.isEmpty())
2200	return;
2201
2202	if (AttributeListsVisited.insert(Ptr: Attrs.getRawPointer()).second) {
2203	Check(Attrs.hasParentContext(Context),
2204	"Attribute list does not match Module context!", &Attrs, V);
2205	for (const auto &AttrSet : Attrs) {
2206	Check(!AttrSet.hasAttributes() \|\| AttrSet.hasParentContext(Context),
2207	"Attribute set does not match Module context!", &AttrSet, V);
2208	for (const auto &A : AttrSet) {
2209	Check(A.hasParentContext(Context),
2210	"Attribute does not match Module context!", &A, V);
2211	}
2212	}
2213	}
2214
2215	bool SawNest = false;
2216	bool SawReturned = false;
2217	bool SawSRet = false;
2218	bool SawSwiftSelf = false;
2219	bool SawSwiftAsync = false;
2220	bool SawSwiftError = false;
2221
2222	// Verify return value attributes.
2223	AttributeSet RetAttrs = Attrs.getRetAttrs();
2224	for (Attribute RetAttr : RetAttrs)
2225	Check(RetAttr.isStringAttribute() \|\|
2226	Attribute::canUseAsRetAttr(RetAttr.getKindAsEnum()),
2227	"Attribute '" + RetAttr.getAsString() +
2228	"' does not apply to function return values",
2229	V);
2230
2231	unsigned MaxParameterWidth = `0`;
2232	auto GetMaxParameterWidth = [&MaxParameterWidth](Type *Ty) {
2233	if (Ty->isVectorTy()) {
2234	if (auto *VT = dyn_cast<FixedVectorType>(Val: Ty)) {
2235	unsigned Size = VT->getPrimitiveSizeInBits().getFixedValue();
2236	if (Size > MaxParameterWidth)
2237	MaxParameterWidth = Size;
2238	}
2239	}
2240	};
2241	GetMaxParameterWidth (FT->getReturnType());
2242	verifyParameterAttrs(Attrs: RetAttrs, Ty: FT->getReturnType(), V);
2243
2244	// Verify parameter attributes.
2245	for (unsigned i = `0`, e = FT->getNumParams(); i != e; ++i) {
2246	Type *Ty = FT->getParamType(i);
2247	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: i);
2248
2249	if (!IsIntrinsic) {
2250	Check(!ArgAttrs.hasAttribute(Attribute::ImmArg),
2251	"immarg attribute only applies to intrinsics", V);
2252	if (!IsInlineAsm)
2253	Check(!ArgAttrs.hasAttribute(Attribute::ElementType),
2254	"Attribute 'elementtype' can only be applied to intrinsics"
2255	" and inline asm.",
2256	V);
2257	}
2258
2259	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V);
2260	GetMaxParameterWidth (Ty);
2261
2262	if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
2263	Check(!SawNest, "More than one parameter has attribute nest!", V);
2264	SawNest = true;
2265	}
2266
2267	if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
2268	Check(!SawReturned, "More than one parameter has attribute returned!", V);
2269	Check(Ty->canLosslesslyBitCastTo(FT->getReturnType()),
2270	"Incompatible argument and return types for 'returned' attribute",
2271	V);
2272	SawReturned = true;
2273	}
2274
2275	if (ArgAttrs.hasAttribute(Kind: Attribute::StructRet)) {
2276	Check(!SawSRet, "Cannot have multiple 'sret' parameters!", V);
2277	Check(i == `0` \|\| i == `1`,
2278	"Attribute 'sret' is not on first or second parameter!", V);
2279	SawSRet = true;
2280	}
2281
2282	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftSelf)) {
2283	Check(!SawSwiftSelf, "Cannot have multiple 'swiftself' parameters!", V);
2284	SawSwiftSelf = true;
2285	}
2286
2287	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftAsync)) {
2288	Check(!SawSwiftAsync, "Cannot have multiple 'swiftasync' parameters!", V);
2289	SawSwiftAsync = true;
2290	}
2291
2292	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftError)) {
2293	Check(!SawSwiftError, "Cannot have multiple 'swifterror' parameters!", V);
2294	SawSwiftError = true;
2295	}
2296
2297	if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca)) {
2298	Check(i == FT->getNumParams() - `1`,
2299	"inalloca isn't on the last parameter!", V);
2300	}
2301	}
2302
2303	if (!Attrs.hasFnAttrs())
2304	return;
2305
2306	verifyAttributeTypes(Attrs: Attrs.getFnAttrs(), V);
2307	for (Attribute FnAttr : Attrs.getFnAttrs())
2308	Check(FnAttr.isStringAttribute() \|\|
2309	Attribute::canUseAsFnAttr(FnAttr.getKindAsEnum()),
2310	"Attribute '" + FnAttr.getAsString() +
2311	"' does not apply to functions!",
2312	V);
2313
2314	Check(!(Attrs.hasFnAttr(Attribute::NoInline) &&
2315	Attrs.hasFnAttr(Attribute::AlwaysInline)),
2316	"Attributes 'noinline and alwaysinline' are incompatible!", V);
2317
2318	if (Attrs.hasFnAttr(Kind: Attribute::OptimizeNone)) {
2319	Check(Attrs.hasFnAttr(Attribute::NoInline),
2320	"Attribute 'optnone' requires 'noinline'!", V);
2321
2322	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2323	"Attributes 'optsize and optnone' are incompatible!", V);
2324
2325	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2326	"Attributes 'minsize and optnone' are incompatible!", V);
2327
2328	Check(!Attrs.hasFnAttr(Attribute::OptimizeForDebugging),
2329	"Attributes 'optdebug and optnone' are incompatible!", V);
2330	}
2331
2332	Check(!(Attrs.hasFnAttr(Attribute::SanitizeRealtime) &&
2333	Attrs.hasFnAttr(Attribute::SanitizeRealtimeBlocking)),
2334	"Attributes "
2335	"'sanitize_realtime and sanitize_realtime_blocking' are incompatible!",
2336	V);
2337
2338	if (Attrs.hasFnAttr(Kind: Attribute::OptimizeForDebugging)) {
2339	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2340	"Attributes 'optsize and optdebug' are incompatible!", V);
2341
2342	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2343	"Attributes 'minsize and optdebug' are incompatible!", V);
2344	}
2345
2346	Check(!Attrs.hasAttrSomewhere(Attribute::Writable) \|\|
2347	isModSet(Attrs.getMemoryEffects().getModRef(IRMemLocation::ArgMem)),
2348	"Attribute writable and memory without argmem: write are incompatible!",
2349	V);
2350
2351	if (Attrs.hasFnAttr(Kind: "aarch64_pstate_sm_enabled")) {
2352	Check(!Attrs.hasFnAttr("aarch64_pstate_sm_compatible"),
2353	"Attributes 'aarch64_pstate_sm_enabled and "
2354	"aarch64_pstate_sm_compatible' are incompatible!",
2355	V);
2356	}
2357
2358	Check((Attrs.hasFnAttr("aarch64_new_za") + Attrs.hasFnAttr("aarch64_in_za") +
2359	Attrs.hasFnAttr("aarch64_inout_za") +
2360	Attrs.hasFnAttr("aarch64_out_za") +
2361	Attrs.hasFnAttr("aarch64_preserves_za") +
2362	Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= `1`,
2363	"Attributes 'aarch64_new_za', 'aarch64_in_za', 'aarch64_out_za', "
2364	"'aarch64_inout_za', 'aarch64_preserves_za' and "
2365	"'aarch64_za_state_agnostic' are mutually exclusive",
2366	V);
2367
2368	Check((Attrs.hasFnAttr("aarch64_new_zt0") +
2369	Attrs.hasFnAttr("aarch64_in_zt0") +
2370	Attrs.hasFnAttr("aarch64_inout_zt0") +
2371	Attrs.hasFnAttr("aarch64_out_zt0") +
2372	Attrs.hasFnAttr("aarch64_preserves_zt0") +
2373	Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= `1`,
2374	"Attributes 'aarch64_new_zt0', 'aarch64_in_zt0', 'aarch64_out_zt0', "
2375	"'aarch64_inout_zt0', 'aarch64_preserves_zt0' and "
2376	"'aarch64_za_state_agnostic' are mutually exclusive",
2377	V);
2378
2379	if (Attrs.hasFnAttr(Kind: Attribute::JumpTable)) {
2380	const GlobalValue *GV = cast<GlobalValue>(Val: V);
2381	Check(GV->hasGlobalUnnamedAddr(),
2382	"Attribute 'jumptable' requires 'unnamed_addr'", V);
2383	}
2384
2385	if (auto Args = Attrs.getFnAttrs().getAllocSizeArgs()) {
2386	auto CheckParam = [&](StringRef Name, unsigned ParamNo) {
2387	if (ParamNo >= FT->getNumParams()) {
2388	CheckFailed(Message: "'allocsize' " + Name + " argument is out of bounds", V1: V);
2389	return false;
2390	}
2391
2392	if (!FT->getParamType(i: ParamNo)->isIntegerTy()) {
2393	CheckFailed(Message: "'allocsize' " + Name +
2394	" argument must refer to an integer parameter",
2395	V1: V);
2396	return false;
2397	}
2398
2399	return true;
2400	};
2401
2402	if (!CheckParam ("element size", Args ->first))
2403	return;
2404
2405	if (Args ->second && !CheckParam ("number of elements", *Args ->second))
2406	return;
2407	}
2408
2409	if (Attrs.hasFnAttr(Kind: Attribute::AllocKind)) {
2410	AllocFnKind K = Attrs.getAllocKind();
2411	AllocFnKind Type =
2412	K & (AllocFnKind::Alloc \| AllocFnKind::Realloc \| AllocFnKind::Free);
2413	if (!is_contained(
2414	Set: {AllocFnKind::Alloc, AllocFnKind::Realloc, AllocFnKind::Free},
2415	Element: Type))
2416	CheckFailed(
2417	Message: "'allockind()' requires exactly one of alloc, realloc, and free");
2418	if ((Type == AllocFnKind::Free) &&
2419	((K & (AllocFnKind::Uninitialized \| AllocFnKind::Zeroed \|
2420	AllocFnKind::Aligned)) != AllocFnKind::Unknown))
2421	CheckFailed(Message: "'allockind(\"free\")' doesn't allow uninitialized, zeroed, "
2422	"or aligned modifiers.");
2423	AllocFnKind ZeroedUninit = AllocFnKind::Uninitialized \| AllocFnKind::Zeroed;
2424	if ((K & ZeroedUninit) == ZeroedUninit)
2425	CheckFailed(Message: "'allockind()' can't be both zeroed and uninitialized");
2426	}
2427
2428	if (Attribute A = Attrs.getFnAttr(Kind: "alloc-variant-zeroed"); A.isValid()) {
2429	StringRef S = A.getValueAsString();
2430	Check(!S.empty(), "'alloc-variant-zeroed' must not be empty");
2431	Function *Variant = M.getFunction(Name: S);
2432	if (Variant) {
2433	Attribute Family = Attrs.getFnAttr(Kind: "alloc-family");
2434	Attribute VariantFamily = Variant->getFnAttribute(Kind: "alloc-family");
2435	if (Family.isValid())
2436	Check(VariantFamily.isValid() &&
2437	VariantFamily.getValueAsString() == Family.getValueAsString(),
2438	"'alloc-variant-zeroed' must name a function belonging to the "
2439	"same 'alloc-family'");
2440
2441	Check(Variant->hasFnAttribute(Attribute::AllocKind) &&
2442	(Variant->getFnAttribute(Attribute::AllocKind).getAllocKind() &
2443	AllocFnKind::Zeroed) != AllocFnKind::Unknown,
2444	"'alloc-variant-zeroed' must name a function with "
2445	"'allockind(\"zeroed\")'");
2446
2447	Check(FT == Variant->getFunctionType(),
2448	"'alloc-variant-zeroed' must name a function with the same "
2449	"signature");
2450
2451	if (const Function *F = dyn_cast<Function>(Val: V))
2452	Check(F->getCallingConv() == Variant->getCallingConv(),
2453	"'alloc-variant-zeroed' must name a function with the same "
2454	"calling convention");
2455	}
2456	}
2457
2458	if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange)) {
2459	unsigned VScaleMin = Attrs.getFnAttrs().getVScaleRangeMin();
2460	if (VScaleMin == `0`)
2461	CheckFailed(Message: "'vscale_range' minimum must be greater than 0", V1: V);
2462	else if (!isPowerOf2_32(Value: VScaleMin))
2463	CheckFailed(Message: "'vscale_range' minimum must be power-of-two value", V1: V);
2464	std::optional<unsigned> VScaleMax = Attrs.getFnAttrs().getVScaleRangeMax();
2465	if (VScaleMax && VScaleMin > VScaleMax)
2466	CheckFailed(Message: "'vscale_range' minimum cannot be greater than maximum", V1: V);
2467	else if (VScaleMax && !isPowerOf2_32(Value: *VScaleMax))
2468	CheckFailed(Message: "'vscale_range' maximum must be power-of-two value", V1: V);
2469	}
2470
2471	if (Attribute FPAttr = Attrs.getFnAttr(Kind: "frame-pointer"); FPAttr.isValid()) {
2472	StringRef FP = FPAttr.getValueAsString();
2473	if (FP != "all" && FP != "non-leaf" && FP != "none" && FP != "reserved" &&
2474	FP != "non-leaf-no-reserve")
2475	CheckFailed(Message: "invalid value for 'frame-pointer' attribute: " + FP, V1: V);
2476	}
2477
2478	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-prefix", V);
2479	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-entry", V);
2480	if (Attrs.hasFnAttr(Kind: "patchable-function-entry-section"))
2481	Check(!Attrs.getFnAttr("patchable-function-entry-section")
2482	.getValueAsString()
2483	.empty(),
2484	"\"patchable-function-entry-section\" must not be empty");
2485	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "warn-stack-size", V);
2486
2487	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address"); A.isValid()) {
2488	StringRef S = A.getValueAsString();
2489	if (S != "none" && S != "all" && S != "non-leaf")
2490	CheckFailed(Message: "invalid value for 'sign-return-address' attribute: " + S, V1: V);
2491	}
2492
2493	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address-key"); A.isValid()) {
2494	StringRef S = A.getValueAsString();
2495	if (S != "a_key" && S != "b_key")
2496	CheckFailed(Message: "invalid value for 'sign-return-address-key' attribute: " + S,
2497	V1: V);
2498	if (auto AA = Attrs.getFnAttr(Kind: "sign-return-address"); !AA.isValid()) {
2499	CheckFailed(
2500	Message: "'sign-return-address-key' present without `sign-return-address`");
2501	}
2502	}
2503
2504	if (auto A = Attrs.getFnAttr(Kind: "branch-target-enforcement"); A.isValid()) {
2505	StringRef S = A.getValueAsString();
2506	if (S != "" && S != "true" && S != "false")
2507	CheckFailed(
2508	Message: "invalid value for 'branch-target-enforcement' attribute: " + S, V1: V);
2509	}
2510
2511	if (auto A = Attrs.getFnAttr(Kind: "branch-protection-pauth-lr"); A.isValid()) {
2512	StringRef S = A.getValueAsString();
2513	if (S != "" && S != "true" && S != "false")
2514	CheckFailed(
2515	Message: "invalid value for 'branch-protection-pauth-lr' attribute: " + S, V1: V);
2516	}
2517
2518	if (auto A = Attrs.getFnAttr(Kind: "guarded-control-stack"); A.isValid()) {
2519	StringRef S = A.getValueAsString();
2520	if (S != "" && S != "true" && S != "false")
2521	CheckFailed(Message: "invalid value for 'guarded-control-stack' attribute: " + S,
2522	V1: V);
2523	}
2524
2525	if (auto A = Attrs.getFnAttr(Kind: "vector-function-abi-variant"); A.isValid()) {
2526	StringRef S = A.getValueAsString();
2527	const std::optional<VFInfo> Info = VFABI::tryDemangleForVFABI(MangledName: S, FTy: FT);
2528	if (!Info)
2529	CheckFailed(Message: "invalid name for a VFABI variant: " + S, V1: V);
2530	}
2531
2532	if (auto A = Attrs.getFnAttr(Kind: "modular-format"); A.isValid()) {
2533	StringRef S = A.getValueAsString();
2534	SmallVector<StringRef> Args;
2535	S.split(A&: Args, Separator: `','`);
2536	Check(Args.size() >= `5`,
2537	"modular-format attribute requires at least 5 arguments", V);
2538	unsigned UpperBound = FT->getNumParams() + (FT->isVarArg() ? `1` : `0`);
2539	unsigned FormatIdx;
2540	Check(!Args[`1`].getAsInteger(`10`, FormatIdx),
2541	"modular-format attribute format string index is not an integer", V);
2542	Check(FormatIdx > `0`,
2543	"modular-format attribute format string index must be greater than 0",
2544	V);
2545	Check(FormatIdx <= UpperBound,
2546	"modular-format attribute format string index is out of bounds", V);
2547	unsigned FirstArgIdx;
2548	Check(!Args[`2`].getAsInteger(`10`, FirstArgIdx),
2549	"modular-format attribute first arg index is not an integer", V);
2550	Check(FirstArgIdx <= UpperBound,
2551	"modular-format attribute first arg index is out of bounds", V);
2552	Check(!Args[`3`].empty(),
2553	"modular-format attribute modular implementation function name "
2554	"cannot be empty",
2555	V);
2556	Check(!Args[`4`].empty(),
2557	"modular-format attribute implementation name cannot be empty", V);
2558	}
2559
2560	if (auto A = Attrs.getFnAttr(Kind: "target-features"); A.isValid()) {
2561	StringRef S = A.getValueAsString();
2562	if (!S.empty()) {
2563	for (auto FeatureFlag : split(Str: S, Separator: `','`)) {
2564	if (FeatureFlag.empty())
2565	CheckFailed(
2566	Message: "target-features attribute should not contain an empty string");
2567	else
2568	Check(FeatureFlag[`0`] == `'+'` \|\| FeatureFlag[`0`] == `'-'`,
2569	"target feature '" + FeatureFlag +
2570	"' must start with a '+' or '-'",
2571	V);
2572	}
2573	}
2574	}
2575	}
2576	void Verifier::verifyUnknownProfileMetadata(MDNode *MD) {
2577	Check(MD->getNumOperands() == `2`,
2578	"'unknown' !prof should have a single additional operand", MD);
2579	auto *PassName = dyn_cast<MDString>(Val: MD->getOperand(I: `1`));
2580	Check(PassName != nullptr,
2581	"'unknown' !prof should have an additional operand of type "
2582	"string");
2583	Check(!PassName->getString().empty(),
2584	"the 'unknown' !prof operand should not be an empty string");
2585	}
2586
2587	void Verifier::verifyFunctionMetadata(
2588	ArrayRef<std::pair<unsigned, MDNode *>> MDs) {
2589	for (const auto &Pair : MDs) {
2590	if (Pair.first == LLVMContext::MD_prof) {
2591	MDNode *MD = Pair.second;
2592	Check(MD->getNumOperands() >= `2`,
2593	"!prof annotations should have no less than 2 operands", MD);
2594	// We may have functions that are synthesized by the compiler, e.g. in
2595	// WPD, that we can't currently determine the entry count.
2596	if (MD->getOperand(I: `0`).equalsStr(
2597	Str: MDProfLabels::UnknownBranchWeightsMarker)) {
2598	verifyUnknownProfileMetadata(MD);
2599	continue;
2600	}
2601
2602	// Check first operand.
2603	Check(MD->getOperand(`0`) != nullptr, "first operand should not be null",
2604	MD);
2605	Check(isa<MDString>(MD->getOperand(`0`)),
2606	"expected string with name of the !prof annotation", MD);
2607	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: `0`));
2608	StringRef ProfName = MDS->getString();
2609	Check(ProfName == MDProfLabels::FunctionEntryCount \|\|
2610	ProfName == MDProfLabels::SyntheticFunctionEntryCount,
2611	"first operand should be 'function_entry_count'"
2612	" or 'synthetic_function_entry_count'",
2613	MD);
2614
2615	// Check second operand.
2616	Check(MD->getOperand(`1`) != nullptr, "second operand should not be null",
2617	MD);
2618	Check(isa<ConstantAsMetadata>(MD->getOperand(`1`)),
2619	"expected integer argument to function_entry_count", MD);
2620	} else if (Pair.first == LLVMContext::MD_kcfi_type) {
2621	MDNode *MD = Pair.second;
2622	Check(MD->getNumOperands() == `1`,
2623	"!kcfi_type must have exactly one operand", MD);
2624	Check(MD->getOperand(`0`) != nullptr, "!kcfi_type operand must not be null",
2625	MD);
2626	Check(isa<ConstantAsMetadata>(MD->getOperand(`0`)),
2627	"expected a constant operand for !kcfi_type", MD);
2628	Constant *C = cast<ConstantAsMetadata>(Val: MD->getOperand(I: `0`))->getValue();
2629	Check(isa<ConstantInt>(C) && isa<IntegerType>(C->getType()),
2630	"expected a constant integer operand for !kcfi_type", MD);
2631	Check(cast<ConstantInt>(C)->getBitWidth() == `32`,
2632	"expected a 32-bit integer constant operand for !kcfi_type", MD);
2633	} else if (Pair.first == Context.getMDKindID(Name: "reqd_work_group_size")) {
2634	MDNode *MD = Pair.second;
2635	Check(MD->getNumOperands() == `3`,
2636	"reqd_work_group_size must have exactly three operands", MD);
2637	if (MD->getNumOperands() != `3`)
2638	continue;
2639
2640	uint64_t Product = `1`;
2641	for (unsigned I = `0`; I != `3`; ++I) {
2642	ConstantInt *C = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I));
2643	Check(C, "reqd_work_group_size operands must be integer constants", MD);
2644	if (!C)
2645	break;
2646
2647	const APInt &Value = C->getValue();
2648	Check(Value.getActiveBits() <= `64`,
2649	"reqd_work_group_size operands must fit in 64 bits", MD);
2650	if (Value.getActiveBits() > `64`)
2651	break;
2652
2653	uint64_t Dim = Value.getZExtValue();
2654	Check(Dim == `0` \|\| Product <= std::numeric_limits<uint64_t>::max() / Dim,
2655	"reqd_work_group_size product must fit in 64 bits", MD);
2656	if (Dim != `0` && Product > std::numeric_limits<uint64_t>::max() / Dim)
2657	break;
2658	Product *= Dim;
2659	}
2660	}
2661	}
2662	}
2663
2664	void Verifier::visitConstantExprsRecursively(const Constant *EntryC) {
2665	if (EntryC->getNumOperands() == `0`)
2666	return;
2667
2668	if (!ConstantExprVisited.insert(Ptr: EntryC).second)
2669	return;
2670
2671	SmallVector<const Constant *, `16`> Stack;
2672	Stack.push_back(Elt: EntryC);
2673
2674	while (!Stack.empty()) {
2675	const Constant *C = Stack.pop_back_val();
2676
2677	// Check this constant expression.
2678	if (const auto *CE = dyn_cast<ConstantExpr>(Val: C))
2679	visitConstantExpr(CE);
2680
2681	if (const auto *CPA = dyn_cast<ConstantPtrAuth>(Val: C))
2682	visitConstantPtrAuth(CPA);
2683
2684	if (const auto *GV = dyn_cast<GlobalValue>(Val: C)) {
2685	// Global Values get visited separately, but we do need to make sure
2686	// that the global value is in the correct module
2687	Check(GV->getParent() == &M, "Referencing global in another module!",
2688	EntryC, &M, GV, GV->getParent());
2689	continue;
2690	}
2691
2692	// Visit all sub-expressions.
2693	for (const Use &U : C->operands()) {
2694	const auto *OpC = dyn_cast<Constant>(Val: U);
2695	if (!OpC)
2696	continue;
2697	if (!ConstantExprVisited.insert(Ptr: OpC).second)
2698	continue;
2699	Stack.push_back(Elt: OpC);
2700	}
2701	}
2702	}
2703
2704	void Verifier::visitConstantExpr(const ConstantExpr *CE) {
2705	if (CE->getOpcode() == Instruction::BitCast)
2706	Check(CastInst::castIsValid(Instruction::BitCast, CE->getOperand(`0`),
2707	CE->getType()),
2708	"Invalid bitcast", CE);
2709	else if (CE->getOpcode() == Instruction::PtrToAddr)
2710	checkPtrToAddr(SrcTy: CE->getOperand(i_nocapture: `0`)->getType(), DestTy: CE->getType(), V: *CE);
2711	}
2712
2713	void Verifier::visitConstantPtrAuth(const ConstantPtrAuth *CPA) {
2714	Check(CPA->getPointer()->getType()->isPointerTy(),
2715	"signed ptrauth constant base pointer must have pointer type");
2716
2717	Check(CPA->getType() == CPA->getPointer()->getType(),
2718	"signed ptrauth constant must have same type as its base pointer");
2719
2720	Check(CPA->getKey()->getBitWidth() == `32`,
2721	"signed ptrauth constant key must be i32 constant integer");
2722
2723	Check(CPA->getAddrDiscriminator()->getType()->isPointerTy(),
2724	"signed ptrauth constant address discriminator must be a pointer");
2725
2726	Check(CPA->getDiscriminator()->getBitWidth() == `64`,
2727	"signed ptrauth constant discriminator must be i64 constant integer");
2728
2729	Check(CPA->getDeactivationSymbol()->getType()->isPointerTy(),
2730	"signed ptrauth constant deactivation symbol must be a pointer");
2731
2732	Check(isa<GlobalValue>(CPA->getDeactivationSymbol()) \|\|
2733	isa<ConstantPointerNull>(CPA->getDeactivationSymbol()),
2734	"signed ptrauth constant deactivation symbol must be a global value "
2735	"or null");
2736	}
2737
2738	bool Verifier::verifyAttributeCount(AttributeList Attrs, unsigned Params) {
2739	// There shouldn't be more attribute sets than there are parameters plus the
2740	// function and return value.
2741	return Attrs.getNumAttrSets() <= Params + `2`;
2742	}
2743
2744	void Verifier::verifyInlineAsmCall(const CallBase &Call) {
2745	const InlineAsm *IA = cast<InlineAsm>(Val: Call.getCalledOperand());
2746	unsigned ArgNo = `0`;
2747	unsigned LabelNo = `0`;
2748	for (const InlineAsm::ConstraintInfo &CI : IA->ParseConstraints()) {
2749	if (CI.Type == InlineAsm::isLabel) {
2750	++LabelNo;
2751	continue;
2752	}
2753
2754	// Only deal with constraints that correspond to call arguments.
2755	if (!CI.hasArg())
2756	continue;
2757
2758	if (CI.isIndirect) {
2759	const Value *Arg = Call.getArgOperand(i: ArgNo);
2760	Check(Arg->getType()->isPointerTy(),
2761	"Operand for indirect constraint must have pointer type", &Call);
2762
2763	Check(Call.getParamElementType(ArgNo),
2764	"Operand for indirect constraint must have elementtype attribute",
2765	&Call);
2766	} else {
2767	Check(!Call.paramHasAttr(ArgNo, Attribute::ElementType),
2768	"Elementtype attribute can only be applied for indirect "
2769	"constraints",
2770	&Call);
2771	}
2772
2773	ArgNo++;
2774	}
2775
2776	if (auto *CallBr = dyn_cast<CallBrInst>(Val: &Call)) {
2777	Check(LabelNo == CallBr->getNumIndirectDests(),
2778	"Number of label constraints does not match number of callbr dests",
2779	&Call);
2780	} else {
2781	Check(LabelNo == `0`, "Label constraints can only be used with callbr",
2782	&Call);
2783	}
2784	}
2785
2786	/// Verify that statepoint intrinsic is well formed.
2787	void Verifier::verifyStatepoint(const CallBase &Call) {
2788	assert(Call.getIntrinsicID() == Intrinsic::experimental_gc_statepoint);
2789
2790	Check(!Call.doesNotAccessMemory() && !Call.onlyReadsMemory() &&
2791	!Call.onlyAccessesArgMemory(),
2792	"gc.statepoint must read and write all memory to preserve "
2793	"reordering restrictions required by safepoint semantics",
2794	Call);
2795
2796	const int64_t NumPatchBytes =
2797	cast<ConstantInt>(Val: Call.getArgOperand(i: `1`))->getSExtValue();
2798	assert(isInt<`32`>(NumPatchBytes) && "NumPatchBytesV is an i32!");
2799	Check(NumPatchBytes >= `0`,
2800	"gc.statepoint number of patchable bytes must be "
2801	"positive",
2802	Call);
2803
2804	Type *TargetElemType = Call.getParamElementType(ArgNo: `2`);
2805	Check(TargetElemType,
2806	"gc.statepoint callee argument must have elementtype attribute", Call);
2807	FunctionType *TargetFuncType = dyn_cast<FunctionType>(Val: TargetElemType);
2808	Check(TargetFuncType,
2809	"gc.statepoint callee elementtype must be function type", Call);
2810
2811	const int NumCallArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: `3`))->getZExtValue();
2812	Check(NumCallArgs >= `0`,
2813	"gc.statepoint number of arguments to underlying call "
2814	"must be positive",
2815	Call);
2816	const int NumParams = (int)TargetFuncType->getNumParams();
2817	if (TargetFuncType->isVarArg()) {
2818	Check(NumCallArgs >= NumParams,
2819	"gc.statepoint mismatch in number of vararg call args", Call);
2820
2821	// TODO: Remove this limitation
2822	Check(TargetFuncType->getReturnType()->isVoidTy(),
2823	"gc.statepoint doesn't support wrapping non-void "
2824	"vararg functions yet",
2825	Call);
2826	} else
2827	Check(NumCallArgs == NumParams,
2828	"gc.statepoint mismatch in number of call args", Call);
2829
2830	const uint64_t Flags
2831	= cast<ConstantInt>(Val: Call.getArgOperand(i: `4`))->getZExtValue();
2832	Check((Flags & ~(uint64_t)StatepointFlags::MaskAll) == `0`,
2833	"unknown flag used in gc.statepoint flags argument", Call);
2834
2835	// Verify that the types of the call parameter arguments match
2836	// the type of the wrapped callee.
2837	AttributeList Attrs = Call.getAttributes();
2838	for (int i = `0`; i < NumParams; i++) {
2839	Type *ParamType = TargetFuncType->getParamType(i);
2840	Type *ArgType = Call.getArgOperand(i: `5` + i)->getType();
2841	Check(ArgType == ParamType,
2842	"gc.statepoint call argument does not match wrapped "
2843	"function type",
2844	Call);
2845
2846	if (TargetFuncType->isVarArg()) {
2847	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: `5` + i);
2848	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
2849	"Attribute 'sret' cannot be used for vararg call arguments!", Call);
2850	}
2851	}
2852
2853	const int EndCallArgsInx = `4` + NumCallArgs;
2854
2855	const Value *NumTransitionArgsV = Call.getArgOperand(i: EndCallArgsInx + `1`);
2856	Check(isa<ConstantInt>(NumTransitionArgsV),
2857	"gc.statepoint number of transition arguments "
2858	"must be constant integer",
2859	Call);
2860	const int NumTransitionArgs =
2861	cast<ConstantInt>(Val: NumTransitionArgsV)->getZExtValue();
2862	Check(NumTransitionArgs == `0`,
2863	"gc.statepoint w/inline transition bundle is deprecated", Call);
2864	const int EndTransitionArgsInx = EndCallArgsInx + `1` + NumTransitionArgs;
2865
2866	const Value *NumDeoptArgsV = Call.getArgOperand(i: EndTransitionArgsInx + `1`);
2867	Check(isa<ConstantInt>(NumDeoptArgsV),
2868	"gc.statepoint number of deoptimization arguments "
2869	"must be constant integer",
2870	Call);
2871	const int NumDeoptArgs = cast<ConstantInt>(Val: NumDeoptArgsV)->getZExtValue();
2872	Check(NumDeoptArgs == `0`,
2873	"gc.statepoint w/inline deopt operands is deprecated", Call);
2874
2875	const int ExpectedNumArgs = `7` + NumCallArgs;
2876	Check(ExpectedNumArgs == (int)Call.arg_size(),
2877	"gc.statepoint too many arguments", Call);
2878
2879	// Check that the only uses of this gc.statepoint are gc.result or
2880	// gc.relocate calls which are tied to this statepoint and thus part
2881	// of the same statepoint sequence
2882	for (const User *U : Call.users()) {
2883	const CallInst UserCall = dyn_cast<const* CallInst>(Val: U);
2884	Check(UserCall, "illegal use of statepoint token", Call, U);
2885	if (!UserCall)
2886	continue;
2887	Check(isa<GCRelocateInst>(UserCall) \|\| isa<GCResultInst>(UserCall),
2888	"gc.result or gc.relocate are the only value uses "
2889	"of a gc.statepoint",
2890	Call, U);
2891	if (isa<GCResultInst>(Val: UserCall)) {
2892	Check(UserCall->getArgOperand(`0`) == &Call,
2893	"gc.result connected to wrong gc.statepoint", Call, UserCall);
2894	} else if (isa<GCRelocateInst>(Val: Call)) {
2895	Check(UserCall->getArgOperand(`0`) == &Call,
2896	"gc.relocate connected to wrong gc.statepoint", Call, UserCall);
2897	}
2898	}
2899
2900	// Note: It is legal for a single derived pointer to be listed multiple
2901	// times. It's non-optimal, but it is legal. It can also happen after
2902	// insertion if we strip a bitcast away.
2903	// Note: It is really tempting to check that each base is relocated and
2904	// that a derived pointer is never reused as a base pointer. This turns
2905	// out to be problematic since optimizations run after safepoint insertion
2906	// can recognize equality properties that the insertion logic doesn't know
2907	// about. See example statepoint.ll in the verifier subdirectory
2908	}
2909
2910	void Verifier::verifyFrameRecoverIndices() {
2911	for (auto &Counts : FrameEscapeInfo) {
2912	Function *F = Counts.first;
2913	unsigned EscapedObjectCount = Counts.second.first;
2914	unsigned MaxRecoveredIndex = Counts.second.second;
2915	Check(MaxRecoveredIndex <= EscapedObjectCount,
2916	"all indices passed to llvm.localrecover must be less than the "
2917	"number of arguments passed to llvm.localescape in the parent "
2918	"function",
2919	F);
2920	}
2921	}
2922
2923	static Instruction getSuccPad(Instruction Terminator) {
2924	BasicBlock *UnwindDest;
2925	if (auto *II = dyn_cast<InvokeInst>(Val: Terminator))
2926	UnwindDest = II->getUnwindDest();
2927	else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: Terminator))
2928	UnwindDest = CSI->getUnwindDest();
2929	else
2930	UnwindDest = cast<CleanupReturnInst>(Val: Terminator)->getUnwindDest();
2931	return &*UnwindDest->getFirstNonPHIIt();
2932	}
2933
2934	void Verifier::verifySiblingFuncletUnwinds() {
2935	llvm::TimeTraceScope timeScope("Verifier verify sibling funclet unwinds");
2936	SmallPtrSet<Instruction *, `8`> Visited;
2937	SmallPtrSet<Instruction *, `8`> Active;
2938	for (const auto &Pair : SiblingFuncletInfo) {
2939	Instruction *PredPad = Pair.first;
2940	if (Visited.count(Ptr: PredPad))
2941	continue;
2942	Active.insert(Ptr: PredPad);
2943	Instruction *Terminator = Pair.second;
2944	do {
2945	Instruction *SuccPad = getSuccPad(Terminator);
2946	if (Active.count(Ptr: SuccPad)) {
2947	// Found a cycle; report error
2948	Instruction *CyclePad = SuccPad;
2949	SmallVector<Instruction *, `8`> CycleNodes;
2950	do {
2951	CycleNodes.push_back(Elt: CyclePad);
2952	Instruction *CycleTerminator = SiblingFuncletInfo [CyclePad];
2953	if (CycleTerminator != CyclePad)
2954	CycleNodes.push_back(Elt: CycleTerminator);
2955	CyclePad = getSuccPad(Terminator: CycleTerminator);
2956	} while (CyclePad != SuccPad);
2957	Check(false, "EH pads can't handle each other's exceptions",
2958	ArrayRef<Instruction *>(CycleNodes));
2959	}
2960	// Don't re-walk a node we've already checked
2961	if (!Visited.insert(Ptr: SuccPad).second)
2962	break;
2963	// Walk to this successor if it has a map entry.
2964	PredPad = SuccPad;
2965	auto TermI = SiblingFuncletInfo.find(Key: PredPad);
2966	if (TermI == SiblingFuncletInfo.end())
2967	break;
2968	Terminator = TermI->second;
2969	Active.insert(Ptr: PredPad);
2970	} while (true);
2971	// Each node only has one successor, so we've walked all the active
2972	// nodes' successors.
2973	Active.clear();
2974	}
2975	}
2976
2977	// visitFunction - Verify that a function is ok.
2978	//
2979	void Verifier::visitFunction(const Function &F) {
2980	visitGlobalValue(GV: F);
2981
2982	// Check function arguments.
2983	FunctionType *FT = F.getFunctionType();
2984	unsigned NumArgs = F.arg_size();
2985
2986	Check(&Context == &F.getContext(),
2987	"Function context does not match Module context!", &F);
2988
2989	Check(!F.hasCommonLinkage(), "Functions may not have common linkage", &F);
2990	Check(FT->getNumParams() == NumArgs,
2991	"# formal arguments must match # of arguments for function type!", &F,
2992	FT);
2993	Check(F.getReturnType()->isFirstClassType() \|\|
2994	F.getReturnType()->isVoidTy() \|\| F.getReturnType()->isStructTy(),
2995	"Functions cannot return aggregate values!", &F);
2996
2997	Check(!F.hasStructRetAttr() \|\| F.getReturnType()->isVoidTy(),
2998	"Invalid struct return type!", &F);
2999
3000	if (MaybeAlign A = F.getAlign()) {
3001	Check(A ->value() <= Value::MaximumAlignment,
3002	"huge alignment values are unsupported", &F);
3003	}
3004
3005	AttributeList Attrs = F.getAttributes();
3006
3007	Check(verifyAttributeCount(Attrs, FT->getNumParams()),
3008	"Attribute after last parameter!", &F);
3009
3010	bool IsIntrinsic = F.isIntrinsic();
3011
3012	// Check function attributes.
3013	verifyFunctionAttrs(FT, Attrs, V: &F, IsIntrinsic, / IsInlineAsm / false);
3014
3015	// On function declarations/definitions, we do not support the builtin
3016	// attribute. We do not check this in VerifyFunctionAttrs since that is
3017	// checking for Attributes that can/can not ever be on functions.
3018	Check(!Attrs.hasFnAttr(Attribute::Builtin),
3019	"Attribute 'builtin' can only be applied to a callsite.", &F);
3020
3021	Check(!Attrs.hasAttrSomewhere(Attribute::ElementType),
3022	"Attribute 'elementtype' can only be applied to a callsite.", &F);
3023
3024	if (Attrs.hasFnAttr(Kind: Attribute::Naked))
3025	for (const Argument &Arg : F.args())
3026	Check(Arg.use_empty(), "cannot use argument of naked function", &Arg);
3027
3028	// Check that this function meets the restrictions on this calling convention.
3029	// Sometimes varargs is used for perfectly forwarding thunks, so some of these
3030	// restrictions can be lifted.
3031	switch (F.getCallingConv()) {
3032	default:
3033	case CallingConv::C:
3034	break;
3035	case CallingConv::X86_INTR: {
3036	Check(F.arg_empty() \|\| Attrs.hasParamAttr(`0`, Attribute::ByVal),
3037	"Calling convention parameter requires byval", &F);
3038	break;
3039	}
3040	case CallingConv::AMDGPU_KERNEL:
3041	case CallingConv::SPIR_KERNEL:
3042	case CallingConv::AMDGPU_CS_Chain:
3043	case CallingConv::AMDGPU_CS_ChainPreserve:
3044	Check(F.getReturnType()->isVoidTy(),
3045	"Calling convention requires void return type", &F);
3046	[[fallthrough]];
3047	case CallingConv::AMDGPU_VS:
3048	case CallingConv::AMDGPU_HS:
3049	case CallingConv::AMDGPU_GS:
3050	case CallingConv::AMDGPU_PS:
3051	case CallingConv::AMDGPU_CS:
3052	Check(!F.hasStructRetAttr(), "Calling convention does not allow sret", &F);
3053	if (F.getCallingConv() != CallingConv::SPIR_KERNEL) {
3054	const unsigned StackAS = DL.getAllocaAddrSpace();
3055	unsigned i = `0`;
3056	for (const Argument &Arg : F.args()) {
3057	Check(!Attrs.hasParamAttr(i, Attribute::ByVal),
3058	"Calling convention disallows byval", &F);
3059	Check(!Attrs.hasParamAttr(i, Attribute::Preallocated),
3060	"Calling convention disallows preallocated", &F);
3061	Check(!Attrs.hasParamAttr(i, Attribute::InAlloca),
3062	"Calling convention disallows inalloca", &F);
3063
3064	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ByRef)) {
3065	// FIXME: Should also disallow LDS and GDS, but we don't have the enum
3066	// value here.
3067	Check(Arg.getType()->getPointerAddressSpace() != StackAS,
3068	"Calling convention disallows stack byref", &F);
3069	}
3070
3071	++i;
3072	}
3073	}
3074
3075	[[fallthrough]];
3076	case CallingConv::Fast:
3077	case CallingConv::Cold:
3078	case CallingConv::Intel_OCL_BI:
3079	case CallingConv::PTX_Kernel:
3080	case CallingConv::PTX_Device:
3081	Check(!F.isVarArg(),
3082	"Calling convention does not support varargs or "
3083	"perfect forwarding!",
3084	&F);
3085	break;
3086	case CallingConv::AMDGPU_Gfx_WholeWave:
3087	Check(!F.arg_empty() && F.arg_begin()->getType()->isIntegerTy(`1`),
3088	"Calling convention requires first argument to be i1", &F);
3089	Check(!F.arg_begin()->hasInRegAttr(),
3090	"Calling convention requires first argument to not be inreg", &F);
3091	Check(!F.isVarArg(),
3092	"Calling convention does not support varargs or "
3093	"perfect forwarding!",
3094	&F);
3095	break;
3096	}
3097
3098	// Check that the argument values match the function type for this function...
3099	unsigned i = `0`;
3100	for (const Argument &Arg : F.args()) {
3101	Check(Arg.getType() == FT->getParamType(i),
3102	"Argument value does not match function argument type!", &Arg,
3103	FT->getParamType(i));
3104	Check(Arg.getType()->isFirstClassType(),
3105	"Function arguments must have first-class types!", &Arg);
3106	if (!IsIntrinsic) {
3107	Check(!Arg.getType()->isMetadataTy(),
3108	"Function takes metadata but isn't an intrinsic", &Arg, &F);
3109	Check(!Arg.getType()->isTokenLikeTy(),
3110	"Function takes token but isn't an intrinsic", &Arg, &F);
3111	Check(!Arg.getType()->isX86_AMXTy(),
3112	"Function takes x86_amx but isn't an intrinsic", &Arg, &F);
3113	}
3114
3115	// Check that swifterror argument is only used by loads and stores.
3116	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3117	verifySwiftErrorValue(SwiftErrorVal: &Arg);
3118	}
3119	++i;
3120	}
3121
3122	if (!IsIntrinsic) {
3123	Check(!F.getReturnType()->isTokenLikeTy(),
3124	"Function returns a token but isn't an intrinsic", &F);
3125	Check(!F.getReturnType()->isX86_AMXTy(),
3126	"Function returns a x86_amx but isn't an intrinsic", &F);
3127	}
3128
3129	// Get the function metadata attachments.
3130	SmallVector<std::pair<unsigned, MDNode *>, `4`> MDs;
3131	F.getAllMetadata(MDs);
3132	assert(F.hasMetadata() != MDs.empty() && "Bit out-of-sync");
3133	verifyFunctionMetadata(MDs);
3134
3135	// Target-specific function metadata checks.
3136	verifyAMDGPUFunctionMetadata(VS&: *this, F);
3137
3138	// Check validity of the personality function
3139	if (F.hasPersonalityFn()) {
3140	auto *Per = dyn_cast<Function>(Val: F.getPersonalityFn()->stripPointerCasts());
3141	if (Per)
3142	Check(Per->getParent() == F.getParent(),
3143	"Referencing personality function in another module!", &F,
3144	F.getParent(), Per, Per->getParent());
3145	}
3146
3147	// EH funclet coloring can be expensive, recompute on-demand
3148	BlockEHFuncletColors.clear();
3149
3150	if (F.isMaterializable()) {
3151	// Function has a body somewhere we can't see.
3152	Check(MDs.empty(), "unmaterialized function cannot have metadata", &F,
3153	MDs.empty() ? nullptr : MDs.front().second);
3154	} else if (F.isDeclaration()) {
3155	for (const auto &I : MDs) {
3156	// This is used for call site debug information.
3157	CheckDI(I.first != LLVMContext::MD_dbg \|\|
3158	!cast<DISubprogram>(I.second)->isDistinct(),
3159	"function declaration may only have a unique !dbg attachment",
3160	&F);
3161	Check(I.first != LLVMContext::MD_prof,
3162	"function declaration may not have a !prof attachment", &F);
3163
3164	// Verify the metadata itself.
3165	visitMDNode(BaseMD: *I.second, AllowLocs: AreDebugLocsAllowed::Yes);
3166	}
3167	Check(!F.hasPersonalityFn(),
3168	"Function declaration shouldn't have a personality routine", &F);
3169	} else {
3170	// Verify that this function (which has a body) is not named "llvm.". It*
3171	// is not legal to define intrinsics.
3172	Check(!IsIntrinsic, "llvm intrinsics cannot be defined!", &F);
3173
3174	// Check the entry node
3175	const BasicBlock *Entry = &F.getEntryBlock();
3176	Check(pred_empty(Entry),
3177	"Entry block to function must not have predecessors!", Entry);
3178
3179	// The address of the entry block cannot be taken, unless it is dead.
3180	if (Entry->hasAddressTaken()) {
3181	Check(!BlockAddress::lookup(Entry)->isConstantUsed(),
3182	"blockaddress may not be used with the entry block!", Entry);
3183	}
3184
3185	unsigned NumDebugAttachments = `0`, NumProfAttachments = `0`,
3186	NumKCFIAttachments = `0`;
3187	// Visit metadata attachments.
3188	for (const auto &I : MDs) {
3189	// Verify that the attachment is legal.
3190	auto AllowLocs = AreDebugLocsAllowed::No;
3191	switch (I.first) {
3192	default:
3193	break;
3194	case LLVMContext::MD_dbg: {
3195	++NumDebugAttachments;
3196	CheckDI(NumDebugAttachments == `1`,
3197	"function must have a single !dbg attachment", &F, I.second);
3198	CheckDI(isa<DISubprogram>(I.second),
3199	"function !dbg attachment must be a subprogram", &F, I.second);
3200	CheckDI(cast<DISubprogram>(I.second)->isDistinct(),
3201	"function definition may only have a distinct !dbg attachment",
3202	&F);
3203
3204	auto *SP = cast<DISubprogram>(Val: I.second);
3205	const Function *&AttachedTo = DISubprogramAttachments [SP];
3206	CheckDI(!AttachedTo \|\| AttachedTo == &F,
3207	"DISubprogram attached to more than one function", SP, &F);
3208	AttachedTo = &F;
3209	AllowLocs = AreDebugLocsAllowed::Yes;
3210	break;
3211	}
3212	case LLVMContext::MD_prof:
3213	++NumProfAttachments;
3214	Check(NumProfAttachments == `1`,
3215	"function must have a single !prof attachment", &F, I.second);
3216	break;
3217	case LLVMContext::MD_kcfi_type:
3218	++NumKCFIAttachments;
3219	Check(NumKCFIAttachments == `1`,
3220	"function must have a single !kcfi_type attachment", &F,
3221	I.second);
3222	break;
3223	}
3224
3225	// Verify the metadata itself.
3226	visitMDNode(BaseMD: *I.second, AllowLocs);
3227	}
3228	}
3229
3230	// If this function is actually an intrinsic, verify that it is only used in
3231	// direct call/invokes, never having its "address taken".
3232	// Only do this if the module is materialized, otherwise we don't have all the
3233	// uses.
3234	bool isMaterialized = F.getParent()->isMaterialized();
3235	if (F.isIntrinsic() && isMaterialized) {
3236	const User *U;
3237	if (F.hasAddressTaken(&U, IgnoreCallbackUses: false, IgnoreAssumeLikeCalls: true, IngoreLLVMUsed: false,
3238	/IgnoreARCAttachedCall=/true))
3239	Check(false, "Invalid user of intrinsic instruction!", U);
3240	}
3241
3242	// Verify if the intrinsic's signature and name are valid. We do this if
3243	// the intrinsic has at least one materialized use, or if the module is fully
3244	// materialized.
3245	Intrinsic::ID IID = F.getIntrinsicID();
3246	if (IID && (isMaterialized \|\| !F.materialized_use_empty())) {
3247	// Verify that the intrinsic prototype lines up with what the .td files
3248	// describe.
3249	std::string ErrMsg;
3250	raw_string_ostream ErrOS(ErrMsg);
3251	SmallVector<Type *, `4`> OverloadTys;
3252	bool IsValid = Intrinsic::isSignatureValid(ID: IID, FT, OverloadTys, OS&: ErrOS);
3253	Printable PrintDecl([&F](raw_ostream &OS) { F.print(OS); });
3254	Check(IsValid, ErrMsg, PrintDecl);
3255
3256	// Now that we have the intrinsic ID and the actual argument types (and we
3257	// know they are legal for the intrinsic!) get the intrinsic name through
3258	// the usual means. This allows us to verify the mangling of argument types
3259	// into the name.
3260	const std::string ExpectedName = Intrinsic::getName(
3261	Id: IID, OverloadTys, M: const_cast<Module *>(F.getParent()), FT);
3262	Check(ExpectedName == F.getName(),
3263	"Intrinsic name not mangled correctly for type arguments! "
3264	"Should be: " +
3265	ExpectedName,
3266	PrintDecl);
3267	}
3268
3269	// Check intrinsics' signatures.
3270	switch (IID) {
3271	case Intrinsic::experimental_gc_get_pointer_base: {
3272	FunctionType *FT = F.getFunctionType();
3273	Check(FT->getNumParams() == `1`, "wrong number of parameters", F);
3274	Check(isa<PointerType>(F.getReturnType()),
3275	"gc.get.pointer.base must return a pointer", F);
3276	Check(FT->getParamType(`0`) == F.getReturnType(),
3277	"gc.get.pointer.base operand and result must be of the same type", F);
3278	break;
3279	}
3280	case Intrinsic::experimental_gc_get_pointer_offset: {
3281	FunctionType *FT = F.getFunctionType();
3282	Check(FT->getNumParams() == `1`, "wrong number of parameters", F);
3283	Check(isa<PointerType>(FT->getParamType(`0`)),
3284	"gc.get.pointer.offset operand must be a pointer", F);
3285	Check(F.getReturnType()->isIntegerTy(),
3286	"gc.get.pointer.offset must return integer", F);
3287	break;
3288	}
3289	}
3290
3291	auto *N = F.getSubprogram();
3292	HasDebugInfo = (N != nullptr);
3293	if (!HasDebugInfo)
3294	return;
3295
3296	// Check that all !dbg attachments lead to back to N.
3297	//
3298	// FIXME: Check this incrementally while visiting !dbg attachments.
3299	// FIXME: Only check when N is the canonical subprogram for F.
3300	SmallPtrSet<const MDNode *, `32`> Seen;
3301	auto VisitDebugLoc = [&](const Instruction &I, const MDNode *Node) {
3302	// Be careful about using DILocation here since we might be dealing with
3303	// broken code (this is the Verifier after all).
3304	const DILocation *DL = dyn_cast_or_null<DILocation>(Val: Node);
3305	if (!DL)
3306	return;
3307	if (!Seen.insert(Ptr: DL).second)
3308	return;
3309
3310	Metadata *Parent = DL->getRawScope();
3311	CheckDI(Parent && isa<DILocalScope>(Parent),
3312	"DILocation's scope must be a DILocalScope", N, &F, &I, DL, Parent);
3313
3314	DILocalScope *Scope = DL->getInlinedAtScope();
3315	Check(Scope, "Failed to find DILocalScope", DL);
3316
3317	if (!Seen.insert(Ptr: Scope).second)
3318	return;
3319
3320	DISubprogram *SP = Scope->getSubprogram();
3321
3322	// Scope and SP could be the same MDNode and we don't want to skip
3323	// validation in that case
3324	if ((Scope != SP) && !Seen.insert(Ptr: SP).second)
3325	return;
3326
3327	CheckDI(SP->describes(&F),
3328	"!dbg attachment points at wrong subprogram for function", N, &F,
3329	&I, DL, Scope, SP);
3330	};
3331	for (auto &BB : F)
3332	for (auto &I : BB) {
3333	VisitDebugLoc (I, I.getDebugLoc().getAsMDNode());
3334	// The llvm.loop annotations also contain two DILocations.
3335	if (auto MD = I.getMetadata(KindID: LLVMContext::MD_loop))
3336	for (unsigned i = `1`; i < MD->getNumOperands(); ++i)
3337	VisitDebugLoc (I, dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: i)));
3338	if (BrokenDebugInfo)
3339	return;
3340	}
3341	}
3342
3343	// verifyBasicBlock - Verify that a basic block is well formed...
3344	//
3345	void Verifier::visitBasicBlock(BasicBlock &BB) {
3346	InstsInThisBlock.clear();
3347	ConvergenceVerifyHelper.visit(BB);
3348
3349	// Ensure that basic blocks have terminators!
3350	Check(BB.getTerminator(), "Basic Block does not have terminator!", &BB);
3351
3352	// Check constraints that this basic block imposes on all of the PHI nodes in
3353	// it.
3354	if (isa<PHINode>(Val: BB.front())) {
3355	SmallVector<BasicBlock *, `8`> Preds(predecessors(BB: &BB));
3356	SmallVector<std::pair<BasicBlock, Value>, `8`> Values;
3357	llvm::sort(C&: Preds);
3358	for (const PHINode &PN : BB.phis()) {
3359	Check(PN.getNumIncomingValues() == Preds.size(),
3360	"PHINode should have one entry for each predecessor of its "
3361	"parent basic block!",
3362	&PN);
3363
3364	// Get and sort all incoming values in the PHI node...
3365	Values.clear();
3366	Values.reserve(N: PN.getNumIncomingValues());
3367	for (unsigned i = `0`, e = PN.getNumIncomingValues(); i != e; ++i)
3368	Values.push_back(
3369	Elt: std::make_pair(x: PN.getIncomingBlock(i), y: PN.getIncomingValue(i)));
3370	llvm::sort(C&: Values);
3371
3372	for (unsigned i = `0`, e = Values.size(); i != e; ++i) {
3373	// Check to make sure that if there is more than one entry for a
3374	// particular basic block in this PHI node, that the incoming values are
3375	// all identical.
3376	//
3377	Check(i == `0` \|\| Values[i].first != Values[i - `1`].first \|\|
3378	Values[i].second == Values[i - `1`].second,
3379	"PHI node has multiple entries for the same basic block with "
3380	"different incoming values!",
3381	&PN, Values[i].first, Values[i].second, Values[i - `1`].second);
3382
3383	// Check to make sure that the predecessors and PHI node entries are
3384	// matched up.
3385	Check(Values[i].first == Preds[i],
3386	"PHI node entries do not match predecessors!", &PN,
3387	Values[i].first, Preds[i]);
3388	}
3389	}
3390	}
3391
3392	// Check that all instructions have their parent pointers set up correctly.
3393	for (auto &I : BB)
3394	{
3395	Check(I.getParent() == &BB, "Instruction has bogus parent pointer!");
3396	}
3397
3398	// Confirm that no issues arise from the debug program.
3399	CheckDI(!BB.getTrailingDbgRecords(), "Basic Block has trailing DbgRecords!",
3400	&BB);
3401	}
3402
3403	void Verifier::visitTerminator(Instruction &I) {
3404	// Ensure that terminators only exist at the end of the basic block.
3405	Check(&I == I.getParent()->getTerminator(),
3406	"Terminator found in the middle of a basic block!", I.getParent());
3407	visitInstruction(I);
3408	}
3409
3410	void Verifier::visitCondBrInst(CondBrInst &BI) {
3411	Check(BI.getCondition()->getType()->isIntegerTy(`1`),
3412	"Branch condition is not 'i1' type!", &BI, BI.getCondition());
3413	visitTerminator(I&: BI);
3414	}
3415
3416	void Verifier::visitReturnInst(ReturnInst &RI) {
3417	Function *F = RI.getParent()->getParent();
3418	unsigned N = RI.getNumOperands();
3419	if (F->getReturnType()->isVoidTy())
3420	Check(N == `0`,
3421	"Found return instr that returns non-void in Function of void "
3422	"return type!",
3423	&RI, F->getReturnType());
3424	else
3425	Check(N == `1` && F->getReturnType() == RI.getOperand(`0`)->getType(),
3426	"Function return type does not match operand "
3427	"type of return inst!",
3428	&RI, F->getReturnType());
3429
3430	// Check to make sure that the return value has necessary properties for
3431	// terminators...
3432	visitTerminator(I&: RI);
3433	}
3434
3435	void Verifier::visitSwitchInst(SwitchInst &SI) {
3436	Check(SI.getType()->isVoidTy(), "Switch must have void result type!", &SI);
3437	// Check to make sure that all of the constants in the switch instruction
3438	// have the same type as the switched-on value.
3439	Type *SwitchTy = SI.getCondition()->getType();
3440	SmallPtrSet<ConstantInt*, `32`> Constants;
3441	for (auto &Case : SI.cases()) {
3442	Check(isa<ConstantInt>(Case.getCaseValue()),
3443	"Case value is not a constant integer.", &SI);
3444	Check(Case.getCaseValue()->getType() == SwitchTy,
3445	"Switch constants must all be same type as switch value!", &SI);
3446	Check(Constants.insert(Case.getCaseValue()).second,
3447	"Duplicate integer as switch case", &SI, Case.getCaseValue());
3448	}
3449
3450	visitTerminator(I&: SI);
3451	}
3452
3453	void Verifier::visitIndirectBrInst(IndirectBrInst &BI) {
3454	Check(BI.getAddress()->getType()->isPointerTy(),
3455	"Indirectbr operand must have pointer type!", &BI);
3456	for (unsigned i = `0`, e = BI.getNumDestinations(); i != e; ++i)
3457	Check(BI.getDestination(i)->getType()->isLabelTy(),
3458	"Indirectbr destinations must all have pointer type!", &BI);
3459
3460	visitTerminator(I&: BI);
3461	}
3462
3463	static bool isSupportedCallBrIntrinsic(Intrinsic::ID ID) {
3464	// Currently we only support callbr for amdgcn.kill. Add more checks here as
3465	// needed.
3466	return isAMDGPUCallBrIntrinsic(ID);
3467	}
3468
3469	void Verifier::visitCallBrInst(CallBrInst &CBI) {
3470	if (!CBI.isInlineAsm()) {
3471	Check(CBI.getCalledFunction(),
3472	"callbr: indirect function / invalid signature");
3473	Check(!CBI.hasOperandBundles(),
3474	"callbr for intrinsics currently doesn't support operand bundles");
3475
3476	if (!isSupportedCallBrIntrinsic(ID: CBI.getIntrinsicID())) {
3477	CheckFailed(
3478	Message: "callbr currently only supports asm-goto and selected intrinsics");
3479	}
3480	visitIntrinsicCall(ID: CBI.getIntrinsicID(), Call&: CBI);
3481	} else {
3482	const InlineAsm *IA = cast<InlineAsm>(Val: CBI.getCalledOperand());
3483	Check(!IA->canThrow(), "Unwinding from Callbr is not allowed");
3484
3485	verifyInlineAsmCall(Call: CBI);
3486	}
3487	visitTerminator(I&: CBI);
3488	}
3489
3490	void Verifier::visitSelectInst(SelectInst &SI) {
3491	Check(!SelectInst::areInvalidOperands(SI.getOperand(`0`), SI.getOperand(`1`),
3492	SI.getOperand(`2`)),
3493	"Invalid operands for select instruction!", &SI);
3494
3495	Check(SI.getTrueValue()->getType() == SI.getType(),
3496	"Select values must have same type as select instruction!", &SI);
3497	visitInstruction(I&: SI);
3498	}
3499
3500	/// visitUserOp1 - User defined operators shouldn't live beyond the lifetime of
3501	/// a pass, if any exist, it's an error.
3502	///
3503	void Verifier::visitUserOp1(Instruction &I) {
3504	Check(false, "User-defined operators should not live outside of a pass!", &I);
3505	}
3506
3507	void Verifier::visitTruncInst(TruncInst &I) {
3508	// Get the source and destination types
3509	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3510	Type *DestTy = I.getType();
3511
3512	// Get the size of the types in bits, we'll need this later
3513	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3514	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3515
3516	Check(SrcTy->isIntOrIntVectorTy(), "Trunc only operates on integer", &I);
3517	Check(DestTy->isIntOrIntVectorTy(), "Trunc only produces integer", &I);
3518	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3519	"trunc source and destination must both be a vector or neither", &I);
3520	Check(SrcBitSize > DestBitSize, "DestTy too big for Trunc", &I);
3521
3522	visitInstruction(I);
3523	}
3524
3525	void Verifier::visitZExtInst(ZExtInst &I) {
3526	// Get the source and destination types
3527	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3528	Type *DestTy = I.getType();
3529
3530	// Get the size of the types in bits, we'll need this later
3531	Check(SrcTy->isIntOrIntVectorTy(), "ZExt only operates on integer", &I);
3532	Check(DestTy->isIntOrIntVectorTy(), "ZExt only produces an integer", &I);
3533	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3534	"zext source and destination must both be a vector or neither", &I);
3535	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3536	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3537
3538	Check(SrcBitSize < DestBitSize, "Type too small for ZExt", &I);
3539
3540	visitInstruction(I);
3541	}
3542
3543	void Verifier::visitSExtInst(SExtInst &I) {
3544	// Get the source and destination types
3545	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3546	Type *DestTy = I.getType();
3547
3548	// Get the size of the types in bits, we'll need this later
3549	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3550	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3551
3552	Check(SrcTy->isIntOrIntVectorTy(), "SExt only operates on integer", &I);
3553	Check(DestTy->isIntOrIntVectorTy(), "SExt only produces an integer", &I);
3554	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3555	"sext source and destination must both be a vector or neither", &I);
3556	Check(SrcBitSize < DestBitSize, "Type too small for SExt", &I);
3557
3558	visitInstruction(I);
3559	}
3560
3561	void Verifier::visitFPTruncInst(FPTruncInst &I) {
3562	// Get the source and destination types
3563	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3564	Type *DestTy = I.getType();
3565	// Get the size of the types in bits, we'll need this later
3566	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3567	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3568
3569	Check(SrcTy->isFPOrFPVectorTy(), "FPTrunc only operates on FP", &I);
3570	Check(DestTy->isFPOrFPVectorTy(), "FPTrunc only produces an FP", &I);
3571	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3572	"fptrunc source and destination must both be a vector or neither", &I);
3573	Check(SrcBitSize > DestBitSize, "DestTy too big for FPTrunc", &I);
3574
3575	visitInstruction(I);
3576	}
3577
3578	void Verifier::visitFPExtInst(FPExtInst &I) {
3579	// Get the source and destination types
3580	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3581	Type *DestTy = I.getType();
3582
3583	// Get the size of the types in bits, we'll need this later
3584	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3585	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3586
3587	Check(SrcTy->isFPOrFPVectorTy(), "FPExt only operates on FP", &I);
3588	Check(DestTy->isFPOrFPVectorTy(), "FPExt only produces an FP", &I);
3589	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3590	"fpext source and destination must both be a vector or neither", &I);
3591	Check(SrcBitSize < DestBitSize, "DestTy too small for FPExt", &I);
3592
3593	visitInstruction(I);
3594	}
3595
3596	void Verifier::visitUIToFPInst(UIToFPInst &I) {
3597	// Get the source and destination types
3598	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3599	Type *DestTy = I.getType();
3600
3601	bool SrcVec = SrcTy->isVectorTy();
3602	bool DstVec = DestTy->isVectorTy();
3603
3604	Check(SrcVec == DstVec,
3605	"UIToFP source and dest must both be vector or scalar", &I);
3606	Check(SrcTy->isIntOrIntVectorTy(),
3607	"UIToFP source must be integer or integer vector", &I);
3608	Check(DestTy->isFPOrFPVectorTy(), "UIToFP result must be FP or FP vector",
3609	&I);
3610
3611	if (SrcVec && DstVec)
3612	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3613	cast<VectorType>(DestTy)->getElementCount(),
3614	"UIToFP source and dest vector length mismatch", &I);
3615
3616	visitInstruction(I);
3617	}
3618
3619	void Verifier::visitSIToFPInst(SIToFPInst &I) {
3620	// Get the source and destination types
3621	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3622	Type *DestTy = I.getType();
3623
3624	bool SrcVec = SrcTy->isVectorTy();
3625	bool DstVec = DestTy->isVectorTy();
3626
3627	Check(SrcVec == DstVec,
3628	"SIToFP source and dest must both be vector or scalar", &I);
3629	Check(SrcTy->isIntOrIntVectorTy(),
3630	"SIToFP source must be integer or integer vector", &I);
3631	Check(DestTy->isFPOrFPVectorTy(), "SIToFP result must be FP or FP vector",
3632	&I);
3633
3634	if (SrcVec && DstVec)
3635	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3636	cast<VectorType>(DestTy)->getElementCount(),
3637	"SIToFP source and dest vector length mismatch", &I);
3638
3639	visitInstruction(I);
3640	}
3641
3642	void Verifier::visitFPToUIInst(FPToUIInst &I) {
3643	// Get the source and destination types
3644	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3645	Type *DestTy = I.getType();
3646
3647	bool SrcVec = SrcTy->isVectorTy();
3648	bool DstVec = DestTy->isVectorTy();
3649
3650	Check(SrcVec == DstVec,
3651	"FPToUI source and dest must both be vector or scalar", &I);
3652	Check(SrcTy->isFPOrFPVectorTy(), "FPToUI source must be FP or FP vector", &I);
3653	Check(DestTy->isIntOrIntVectorTy(),
3654	"FPToUI result must be integer or integer vector", &I);
3655
3656	if (SrcVec && DstVec)
3657	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3658	cast<VectorType>(DestTy)->getElementCount(),
3659	"FPToUI source and dest vector length mismatch", &I);
3660
3661	visitInstruction(I);
3662	}
3663
3664	void Verifier::visitFPToSIInst(FPToSIInst &I) {
3665	// Get the source and destination types
3666	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3667	Type *DestTy = I.getType();
3668
3669	bool SrcVec = SrcTy->isVectorTy();
3670	bool DstVec = DestTy->isVectorTy();
3671
3672	Check(SrcVec == DstVec,
3673	"FPToSI source and dest must both be vector or scalar", &I);
3674	Check(SrcTy->isFPOrFPVectorTy(), "FPToSI source must be FP or FP vector", &I);
3675	Check(DestTy->isIntOrIntVectorTy(),
3676	"FPToSI result must be integer or integer vector", &I);
3677
3678	if (SrcVec && DstVec)
3679	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3680	cast<VectorType>(DestTy)->getElementCount(),
3681	"FPToSI source and dest vector length mismatch", &I);
3682
3683	visitInstruction(I);
3684	}
3685
3686	void Verifier::checkPtrToAddr(Type SrcTy, Type DestTy, const Value &V) {
3687	Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToAddr source must be pointer", V);
3688	Check(DestTy->isIntOrIntVectorTy(), "PtrToAddr result must be integral", V);
3689	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToAddr type mismatch",
3690	V);
3691
3692	if (SrcTy->isVectorTy()) {
3693	auto *VSrc = cast<VectorType>(Val: SrcTy);
3694	auto *VDest = cast<VectorType>(Val: DestTy);
3695	Check(VSrc->getElementCount() == VDest->getElementCount(),
3696	"PtrToAddr vector length mismatch", V);
3697	}
3698
3699	Type *AddrTy = DL.getAddressType(PtrTy: SrcTy);
3700	Check(AddrTy == DestTy, "PtrToAddr result must be address width", V);
3701	}
3702
3703	void Verifier::visitPtrToAddrInst(PtrToAddrInst &I) {
3704	checkPtrToAddr(SrcTy: I.getOperand(i_nocapture: `0`)->getType(), DestTy: I.getType(), V: I);
3705	visitInstruction(I);
3706	}
3707
3708	void Verifier::visitPtrToIntInst(PtrToIntInst &I) {
3709	// Get the source and destination types
3710	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3711	Type *DestTy = I.getType();
3712
3713	Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToInt source must be pointer", &I);
3714
3715	Check(DestTy->isIntOrIntVectorTy(), "PtrToInt result must be integral", &I);
3716	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToInt type mismatch",
3717	&I);
3718
3719	if (SrcTy->isVectorTy()) {
3720	auto *VSrc = cast<VectorType>(Val: SrcTy);
3721	auto *VDest = cast<VectorType>(Val: DestTy);
3722	Check(VSrc->getElementCount() == VDest->getElementCount(),
3723	"PtrToInt Vector length mismatch", &I);
3724	}
3725
3726	visitInstruction(I);
3727	}
3728
3729	void Verifier::visitIntToPtrInst(IntToPtrInst &I) {
3730	// Get the source and destination types
3731	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3732	Type *DestTy = I.getType();
3733
3734	Check(SrcTy->isIntOrIntVectorTy(), "IntToPtr source must be an integral", &I);
3735	Check(DestTy->isPtrOrPtrVectorTy(), "IntToPtr result must be a pointer", &I);
3736
3737	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "IntToPtr type mismatch",
3738	&I);
3739	if (SrcTy->isVectorTy()) {
3740	auto *VSrc = cast<VectorType>(Val: SrcTy);
3741	auto *VDest = cast<VectorType>(Val: DestTy);
3742	Check(VSrc->getElementCount() == VDest->getElementCount(),
3743	"IntToPtr Vector length mismatch", &I);
3744	}
3745	visitInstruction(I);
3746	}
3747
3748	void Verifier::visitBitCastInst(BitCastInst &I) {
3749	Check(
3750	CastInst::castIsValid(Instruction::BitCast, I.getOperand(`0`), I.getType()),
3751	"Invalid bitcast", &I);
3752	visitInstruction(I);
3753	}
3754
3755	void Verifier::visitAddrSpaceCastInst(AddrSpaceCastInst &I) {
3756	Type *SrcTy = I.getOperand(i_nocapture: `0`)->getType();
3757	Type *DestTy = I.getType();
3758
3759	Check(SrcTy->isPtrOrPtrVectorTy(), "AddrSpaceCast source must be a pointer",
3760	&I);
3761	Check(DestTy->isPtrOrPtrVectorTy(), "AddrSpaceCast result must be a pointer",
3762	&I);
3763	Check(SrcTy->getPointerAddressSpace() != DestTy->getPointerAddressSpace(),
3764	"AddrSpaceCast must be between different address spaces", &I);
3765	if (auto *SrcVTy = dyn_cast<VectorType>(Val: SrcTy))
3766	Check(SrcVTy->getElementCount() ==
3767	cast<VectorType>(DestTy)->getElementCount(),
3768	"AddrSpaceCast vector pointer number of elements mismatch", &I);
3769	visitInstruction(I);
3770	}
3771
3772	/// visitPHINode - Ensure that a PHI node is well formed.
3773	///
3774	void Verifier::visitPHINode(PHINode &PN) {
3775	// Ensure that the PHI nodes are all grouped together at the top of the block.
3776	// This can be tested by checking whether the instruction before this is
3777	// either nonexistent (because this is begin()) or is a PHI node. If not,
3778	// then there is some other instruction before a PHI.
3779	Check(&PN == &PN.getParent()->front() \|\|
3780	isa<PHINode>(--BasicBlock::iterator(&PN)),
3781	"PHI nodes not grouped at top of basic block!", &PN, PN.getParent());
3782
3783	// Check that a PHI doesn't yield a Token.
3784	Check(!PN.getType()->isTokenLikeTy(), "PHI nodes cannot have token type!");
3785
3786	// Check that all of the values of the PHI node have the same type as the
3787	// result.
3788	for (Value *IncValue : PN.incoming_values()) {
3789	Check(PN.getType() == IncValue->getType(),
3790	"PHI node operands are not the same type as the result!", &PN);
3791	}
3792
3793	// All other PHI node constraints are checked in the visitBasicBlock method.
3794
3795	visitInstruction(I&: PN);
3796	}
3797
3798	void Verifier::visitCallBase(CallBase &Call) {
3799	Check(Call.getCalledOperand()->getType()->isPointerTy(),
3800	"Called function must be a pointer!", Call);
3801	FunctionType *FTy = Call.getFunctionType();
3802
3803	// Verify that the correct number of arguments are being passed
3804	if (FTy->isVarArg())
3805	Check(Call.arg_size() >= FTy->getNumParams(),
3806	"Called function requires more parameters than were provided!", Call);
3807	else
3808	Check(Call.arg_size() == FTy->getNumParams(),
3809	"Incorrect number of arguments passed to called function!", Call);
3810
3811	// Verify that all arguments to the call match the function type.
3812	for (unsigned i = `0`, e = FTy->getNumParams(); i != e; ++i)
3813	Check(Call.getArgOperand(i)->getType() == FTy->getParamType(i),
3814	"Call parameter type does not match function signature!",
3815	Call.getArgOperand(i), FTy->getParamType(i), Call);
3816
3817	AttributeList Attrs = Call.getAttributes();
3818
3819	Check(verifyAttributeCount(Attrs, Call.arg_size()),
3820	"Attribute after last parameter!", Call);
3821
3822	Function *Callee =
3823	dyn_cast<Function>(Val: Call.getCalledOperand()->stripPointerCasts());
3824	bool IsIntrinsic = Callee && Callee->isIntrinsic();
3825	if (IsIntrinsic)
3826	Check(Callee->getFunctionType() == FTy,
3827	"Intrinsic called with incompatible signature", Call);
3828
3829	// Verify if the calling convention of the callee is callable.
3830	Check(isCallableCC(Call.getCallingConv()),
3831	"calling convention does not permit calls", Call);
3832
3833	// Disallow passing/returning values with alignment higher than we can
3834	// represent.
3835	// FIXME: Consider making DataLayout cap the alignment, so this isn't
3836	// necessary.
3837	auto VerifyTypeAlign = [&](Type Ty, const* Twine &Message) {
3838	if (!Ty->isSized())
3839	return;
3840	Align ABIAlign = DL.getABITypeAlign(Ty);
3841	Check(ABIAlign.value() <= Value::MaximumAlignment,
3842	"Incorrect alignment of " + Message + " to called function!", Call);
3843	};
3844
3845	if (!IsIntrinsic) {
3846	VerifyTypeAlign (FTy->getReturnType(), "return type");
3847	for (unsigned i = `0`, e = FTy->getNumParams(); i != e; ++i) {
3848	Type *Ty = FTy->getParamType(i);
3849	VerifyTypeAlign (Ty, "argument passed");
3850	}
3851	}
3852
3853	if (Attrs.hasFnAttr(Kind: Attribute::Speculatable)) {
3854	// Don't allow speculatable on call sites, unless the underlying function
3855	// declaration is also speculatable.
3856	Check(Callee && Callee->isSpeculatable(),
3857	"speculatable attribute may not apply to call sites", Call);
3858	}
3859
3860	if (Attrs.hasFnAttr(Kind: Attribute::Preallocated)) {
3861	Check(Call.getIntrinsicID() == Intrinsic::call_preallocated_arg,
3862	"preallocated as a call site attribute can only be on "
3863	"llvm.call.preallocated.arg");
3864	}
3865
3866	Check(!Attrs.hasFnAttr(Attribute::DenormalFPEnv),
3867	"denormal_fpenv attribute may not apply to call sites", Call);
3868
3869	// Verify call attributes.
3870	verifyFunctionAttrs(FT: FTy, Attrs, V: &Call, IsIntrinsic, IsInlineAsm: Call.isInlineAsm());
3871
3872	// Conservatively check the inalloca argument.
3873	// We have a bug if we can find that there is an underlying alloca without
3874	// inalloca.
3875	if (Call.hasInAllocaArgument()) {
3876	Value *InAllocaArg = Call.getArgOperand(i: FTy->getNumParams() - `1`);
3877	if (auto AI = dyn_cast<AllocaInst>(Val: InAllocaArg->stripInBoundsOffsets()))
3878	Check(AI->isUsedWithInAlloca(),
3879	"inalloca argument for call has mismatched alloca", AI, Call);
3880	}
3881
3882	// For each argument of the callsite, if it has the swifterror argument,
3883	// make sure the underlying alloca/parameter it comes from has a swifterror as
3884	// well.
3885	for (unsigned i = `0`, e = FTy->getNumParams(); i != e; ++i) {
3886	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3887	Value *SwiftErrorArg = Call.getArgOperand(i);
3888	if (auto AI = dyn_cast<AllocaInst>(Val: SwiftErrorArg->stripInBoundsOffsets())) {
3889	Check(AI->isSwiftError(),
3890	"swifterror argument for call has mismatched alloca", AI, Call);
3891	continue;
3892	}
3893	auto ArgI = dyn_cast<Argument>(Val: SwiftErrorArg);
3894	Check(ArgI, "swifterror argument should come from an alloca or parameter",
3895	SwiftErrorArg, Call);
3896	Check(ArgI->hasSwiftErrorAttr(),
3897	"swifterror argument for call has mismatched parameter", ArgI,
3898	Call);
3899	}
3900
3901	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3902	// Don't allow immarg on call sites, unless the underlying declaration
3903	// also has the matching immarg.
3904	Check(Callee && Callee->hasParamAttribute(i, Attribute::ImmArg),
3905	"immarg may not apply only to call sites", Call.getArgOperand(i),
3906	Call);
3907	}
3908
3909	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3910	Value *ArgVal = Call.getArgOperand(i);
3911	Check((isa<ConstantInt>(ArgVal) \|\| isa<ConstantFP>(ArgVal)) &&
3912	!isa<VectorType>(ArgVal->getType()),
3913	"immarg operand has non-immediate parameter", ArgVal, Call);
3914
3915	// If the imm-arg is an integer and also has a range attached,
3916	// check if the given value is within the range.
3917	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Range)) {
3918	if (auto *CI = dyn_cast<ConstantInt>(Val: ArgVal)) {
3919	const ConstantRange &CR =
3920	Call.getParamAttr(ArgNo: i, Kind: Attribute::Range).getValueAsConstantRange();
3921	Check(CR.contains(CI->getValue()),
3922	"immarg value " + Twine (CI->getValue().getSExtValue()) +
3923	" out of range [" + Twine (CR.getLower().getSExtValue()) +
3924	", " + Twine (CR.getUpper().getSExtValue()) + ")",
3925	Call);
3926	}
3927	}
3928	}
3929
3930	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
3931	Value *ArgVal = Call.getArgOperand(i);
3932	bool hasOB =
3933	Call.countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) != `0`;
3934	bool isMustTail = Call.isMustTailCall();
3935	Check(hasOB != isMustTail,
3936	"preallocated operand either requires a preallocated bundle or "
3937	"the call to be musttail (but not both)",
3938	ArgVal, Call);
3939	}
3940	}
3941
3942	if (FTy->isVarArg()) {
3943	// FIXME? is 'nest' even legal here?
3944	bool SawNest = false;
3945	bool SawReturned = false;
3946
3947	for (unsigned Idx = `0`; Idx < FTy->getNumParams(); ++Idx) {
3948	if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Nest))
3949	SawNest = true;
3950	if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Returned))
3951	SawReturned = true;
3952	}
3953
3954	// Check attributes on the varargs part.
3955	for (unsigned Idx = FTy->getNumParams(); Idx < Call.arg_size(); ++Idx) {
3956	Type *Ty = Call.getArgOperand(i: Idx)->getType();
3957	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: Idx);
3958	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V: &Call);
3959
3960	if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
3961	Check(!SawNest, "More than one parameter has attribute nest!", Call);
3962	SawNest = true;
3963	}
3964
3965	if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
3966	Check(!SawReturned, "More than one parameter has attribute returned!",
3967	Call);
3968	Check(Ty->canLosslesslyBitCastTo(FTy->getReturnType()),
3969	"Incompatible argument and return types for 'returned' "
3970	"attribute",
3971	Call);
3972	SawReturned = true;
3973	}
3974
3975	// Statepoint intrinsic is vararg but the wrapped function may be not.
3976	// Allow sret here and check the wrapped function in verifyStatepoint.
3977	if (Call.getIntrinsicID() != Intrinsic::experimental_gc_statepoint)
3978	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
3979	"Attribute 'sret' cannot be used for vararg call arguments!",
3980	Call);
3981
3982	if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca))
3983	Check(Idx == Call.arg_size() - `1`,
3984	"inalloca isn't on the last argument!", Call);
3985	}
3986	}
3987
3988	// Verify that there's no metadata unless it's a direct call to an intrinsic.
3989	if (!IsIntrinsic) {
3990	for (Type *ParamTy : FTy->params()) {
3991	Check(!ParamTy->isMetadataTy(),
3992	"Function has metadata parameter but isn't an intrinsic", Call);
3993	Check(!ParamTy->isTokenLikeTy(),
3994	"Function has token parameter but isn't an intrinsic", Call);
3995	}
3996	}
3997
3998	// Verify that indirect calls don't return tokens.
3999	if (!Call.getCalledFunction()) {
4000	Check(!FTy->getReturnType()->isTokenLikeTy(),
4001	"Return type cannot be token for indirect call!");
4002	Check(!FTy->getReturnType()->isX86_AMXTy(),
4003	"Return type cannot be x86_amx for indirect call!");
4004	}
4005
4006	if (Intrinsic::ID ID = Call.getIntrinsicID())
4007	visitIntrinsicCall(ID, Call);
4008
4009	// Verify that a callsite has at most one "deopt", at most one "funclet", at
4010	// most one "gc-transition", at most one "cfguardtarget", at most one
4011	// "preallocated" operand bundle, and at most one "ptrauth" operand bundle.
4012	bool FoundDeoptBundle = false, FoundFuncletBundle = false,
4013	FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false,
4014	FoundPreallocatedBundle = false, FoundGCLiveBundle = false,
4015	FoundPtrauthBundle = false, FoundKCFIBundle = false,
4016	FoundAttachedCallBundle = false;
4017	for (unsigned i = `0`, e = Call.getNumOperandBundles(); i < e; ++i) {
4018	OperandBundleUse BU = Call.getOperandBundleAt(Index: i);
4019	uint32_t Tag = BU.getTagID();
4020	if (Tag == LLVMContext::OB_deopt) {
4021	Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call);
4022	FoundDeoptBundle = true;
4023	} else if (Tag == LLVMContext::OB_gc_transition) {
4024	Check(!FoundGCTransitionBundle, "Multiple gc-transition operand bundles",
4025	Call);
4026	FoundGCTransitionBundle = true;
4027	} else if (Tag == LLVMContext::OB_funclet) {
4028	Check(!FoundFuncletBundle, "Multiple funclet operand bundles", Call);
4029	FoundFuncletBundle = true;
4030	Check(BU.Inputs.size() == `1`,
4031	"Expected exactly one funclet bundle operand", Call);
4032	Check(isa<FuncletPadInst>(BU.Inputs.front()),
4033	"Funclet bundle operands should correspond to a FuncletPadInst",
4034	Call);
4035	} else if (Tag == LLVMContext::OB_cfguardtarget) {
4036	Check(!FoundCFGuardTargetBundle, "Multiple CFGuardTarget operand bundles",
4037	Call);
4038	FoundCFGuardTargetBundle = true;
4039	Check(BU.Inputs.size() == `1`,
4040	"Expected exactly one cfguardtarget bundle operand", Call);
4041	} else if (Tag == LLVMContext::OB_ptrauth) {
4042	Check(!FoundPtrauthBundle, "Multiple ptrauth operand bundles", Call);
4043	FoundPtrauthBundle = true;
4044	Check(BU.Inputs.size() == `2`,
4045	"Expected exactly two ptrauth bundle operands", Call);
4046	Check(isa<ConstantInt>(BU.Inputs[`0`]) &&
4047	BU.Inputs[`0`]->getType()->isIntegerTy(`32`),
4048	"Ptrauth bundle key operand must be an i32 constant", Call);
4049	Check(BU.Inputs[`1`]->getType()->isIntegerTy(`64`),
4050	"Ptrauth bundle discriminator operand must be an i64", Call);
4051	} else if (Tag == LLVMContext::OB_kcfi) {
4052	Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call);
4053	FoundKCFIBundle = true;
4054	Check(BU.Inputs.size() == `1`, "Expected exactly one kcfi bundle operand",
4055	Call);
4056	Check(isa<ConstantInt>(BU.Inputs[`0`]) &&
4057	BU.Inputs[`0`]->getType()->isIntegerTy(`32`),
4058	"Kcfi bundle operand must be an i32 constant", Call);
4059	} else if (Tag == LLVMContext::OB_preallocated) {
4060	Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles",
4061	Call);
4062	FoundPreallocatedBundle = true;
4063	Check(BU.Inputs.size() == `1`,
4064	"Expected exactly one preallocated bundle operand", Call);
4065	auto Input = dyn_cast<IntrinsicInst>(Val: BU.Inputs.front());
4066	Check(Input &&
4067	Input->getIntrinsicID() == Intrinsic::call_preallocated_setup,
4068	"\"preallocated\" argument must be a token from "
4069	"llvm.call.preallocated.setup",
4070	Call);
4071	} else if (Tag == LLVMContext::OB_gc_live) {
4072	Check(!FoundGCLiveBundle, "Multiple gc-live operand bundles", Call);
4073	FoundGCLiveBundle = true;
4074	} else if (Tag == LLVMContext::OB_clang_arc_attachedcall) {
4075	Check(!FoundAttachedCallBundle,
4076	"Multiple \"clang.arc.attachedcall\" operand bundles", Call);
4077	FoundAttachedCallBundle = true;
4078	verifyAttachedCallBundle(Call, BU);
4079	}
4080	}
4081
4082	// Verify that callee and callsite agree on whether to use pointer auth.
4083	Check(!(Call.getCalledFunction() && FoundPtrauthBundle),
4084	"Direct call cannot have a ptrauth bundle", Call);
4085
4086	// Verify that each inlinable callsite of a debug-info-bearing function in a
4087	// debug-info-bearing function has a debug location attached to it. Failure to
4088	// do so causes assertion failures when the inliner sets up inline scope info
4089	// (Interposable functions are not inlinable, neither are functions without
4090	// definitions.)
4091	if (Call.getFunction()->getSubprogram() && Call.getCalledFunction() &&
4092	!Call.getCalledFunction()->isInterposable() &&
4093	!Call.getCalledFunction()->isDeclaration() &&
4094	Call.getCalledFunction()->getSubprogram())
4095	CheckDI(Call.getDebugLoc(),
4096	"inlinable function call in a function with "
4097	"debug info must have a !dbg location",
4098	Call);
4099
4100	if (Call.isInlineAsm())
4101	verifyInlineAsmCall(Call);
4102
4103	ConvergenceVerifyHelper.visit(I: Call);
4104
4105	visitInstruction(I&: Call);
4106	}
4107
4108	void Verifier::verifyTailCCMustTailAttrs(const AttrBuilder &Attrs,
4109	StringRef Context) {
4110	Check(!Attrs.contains(Attribute::InAlloca),
4111	Twine ("inalloca attribute not allowed in ") + Context);
4112	Check(!Attrs.contains(Attribute::InReg),
4113	Twine ("inreg attribute not allowed in ") + Context);
4114	Check(!Attrs.contains(Attribute::SwiftError),
4115	Twine ("swifterror attribute not allowed in ") + Context);
4116	Check(!Attrs.contains(Attribute::Preallocated),
4117	Twine ("preallocated attribute not allowed in ") + Context);
4118	Check(!Attrs.contains(Attribute::ByRef),
4119	Twine ("byref attribute not allowed in ") + Context);
4120	}
4121
4122	static AttrBuilder getParameterABIAttributes(LLVMContext& C, unsigned I, AttributeList Attrs) {
4123	static const Attribute::AttrKind ABIAttrs[] = {
4124	Attribute::StructRet, Attribute::ByVal, Attribute::InAlloca,
4125	Attribute::InReg, Attribute::StackAlignment, Attribute::SwiftSelf,
4126	Attribute::SwiftAsync, Attribute::SwiftError, Attribute::Preallocated,
4127	Attribute::ByRef};
4128	AttrBuilder Copy(C);
4129	for (auto AK : ABIAttrs) {
4130	Attribute Attr = Attrs.getParamAttrs(ArgNo: I).getAttribute(Kind: AK);
4131	if (Attr.isValid())
4132	Copy.addAttribute(A: Attr);
4133	}
4134
4135	// `align` is ABI-affecting only in combination with `byval` or `byref`.
4136	if (Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::Alignment) &&
4137	(Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByVal) \|\|
4138	Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByRef)))
4139	Copy.addAlignmentAttr(Align: Attrs.getParamAlignment(ArgNo: I));
4140	return Copy;
4141	}
4142
4143	void Verifier::verifyMustTailCall(CallInst &CI) {
4144	Check(!CI.isInlineAsm(), "cannot use musttail call with inline asm", &CI);
4145
4146	Function *F = CI.getParent()->getParent();
4147	FunctionType *CallerTy = F->getFunctionType();
4148	FunctionType *CalleeTy = CI.getFunctionType();
4149	Check(CallerTy->isVarArg() == CalleeTy->isVarArg(),
4150	"cannot guarantee tail call due to mismatched varargs", &CI);
4151	Check(CallerTy->getReturnType() == CalleeTy->getReturnType(),
4152	"cannot guarantee tail call due to mismatched return types", &CI);
4153
4154	// - The calling conventions of the caller and callee must match.
4155	Check(F->getCallingConv() == CI.getCallingConv(),
4156	"cannot guarantee tail call due to mismatched calling conv", &CI);
4157
4158	// - The call must immediately precede a :ref:`ret <i_ret>` instruction.
4159	// - The ret instruction must return the value produced by the call or void.
4160	Instruction *Next = CI.getNextNode();
4161
4162	// Check the return.
4163	ReturnInst *Ret = dyn_cast_or_null<ReturnInst>(Val: Next);
4164	Check(Ret, "musttail call must precede a ret", &CI);
4165	Check(!Ret->getReturnValue() \|\| Ret->getReturnValue() == &CI \|\|
4166	isa<UndefValue>(Ret->getReturnValue()),
4167	"musttail call result must be returned", Ret);
4168
4169	AttributeList CallerAttrs = F->getAttributes();
4170	AttributeList CalleeAttrs = CI.getAttributes();
4171	if (CI.getCallingConv() == CallingConv::SwiftTail \|\|
4172	CI.getCallingConv() == CallingConv::Tail) {
4173	StringRef CCName =
4174	CI.getCallingConv() == CallingConv::Tail ? "tailcc" : "swifttailcc";
4175
4176	// - Only sret, byval, swiftself, and swiftasync ABI-impacting attributes
4177	// are allowed in swifttailcc call
4178	for (unsigned I = `0`, E = CallerTy->getNumParams(); I != E; ++I) {
4179	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4180	SmallString<`32`> Context{CCName, StringRef (" musttail caller")};
4181	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4182	}
4183	for (unsigned I = `0`, E = CalleeTy->getNumParams(); I != E; ++I) {
4184	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4185	SmallString<`32`> Context{CCName, StringRef (" musttail callee")};
4186	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4187	}
4188	// - Varargs functions are not allowed
4189	Check(!CallerTy->isVarArg(), Twine ("cannot guarantee ") + CCName +
4190	" tail call for varargs function");
4191	return;
4192	}
4193
4194	// - The caller and callee prototypes must match.
4195	if (!CI.getIntrinsicID()) {
4196	Check(CallerTy->getNumParams() == CalleeTy->getNumParams(),
4197	"cannot guarantee tail call due to mismatched parameter counts", &CI);
4198	for (unsigned I = `0`, E = CallerTy->getNumParams(); I != E; ++I) {
4199	Check(CallerTy->getParamType(I) == CalleeTy->getParamType(I),
4200	"cannot guarantee tail call due to mismatched parameter types",
4201	&CI);
4202	}
4203	}
4204
4205	// - All ABI-impacting function attributes, such as sret, byval, inreg,
4206	// returned, preallocated, and inalloca, must match.
4207	for (unsigned I = `0`, E = CallerTy->getNumParams(); I != E; ++I) {
4208	AttrBuilder CallerABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4209	AttrBuilder CalleeABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4210	Check(CallerABIAttrs == CalleeABIAttrs,
4211	"cannot guarantee tail call due to mismatched ABI impacting "
4212	"function attributes",
4213	&CI, CI.getOperand(I));
4214	}
4215	}
4216
4217	void Verifier::visitCallInst(CallInst &CI) {
4218	visitCallBase(Call&: CI);
4219
4220	if (CI.isMustTailCall())
4221	verifyMustTailCall(CI);
4222	}
4223
4224	void Verifier::visitInvokeInst(InvokeInst &II) {
4225	visitCallBase(Call&: II);
4226
4227	// Verify that the first non-PHI instruction of the unwind destination is an
4228	// exception handling instruction.
4229	Check(
4230	II.getUnwindDest()->isEHPad(),
4231	"The unwind destination does not have an exception handling instruction!",
4232	&II);
4233
4234	visitTerminator(I&: II);
4235	}
4236
4237	/// visitUnaryOperator - Check the argument to the unary operator.
4238	///
4239	void Verifier::visitUnaryOperator(UnaryOperator &U) {
4240	Check(U.getType() == U.getOperand(`0`)->getType(),
4241	"Unary operators must have same type for"
4242	"operands and result!",
4243	&U);
4244
4245	switch (U.getOpcode()) {
4246	// Check that floating-point arithmetic operators are only used with
4247	// floating-point operands.
4248	case Instruction::FNeg:
4249	Check(U.getType()->isFPOrFPVectorTy(),
4250	"FNeg operator only works with float types!", &U);
4251	break;
4252	default:
4253	llvm_unreachable("Unknown UnaryOperator opcode!");
4254	}
4255
4256	visitInstruction(I&: U);
4257	}
4258
4259	/// visitBinaryOperator - Check that both arguments to the binary operator are
4260	/// of the same type!
4261	///
4262	void Verifier::visitBinaryOperator(BinaryOperator &B) {
4263	Check(B.getOperand(`0`)->getType() == B.getOperand(`1`)->getType(),
4264	"Both operands to a binary operator are not of the same type!", &B);
4265
4266	switch (B.getOpcode()) {
4267	// Check that integer arithmetic operators are only used with
4268	// integral operands.
4269	case Instruction::Add:
4270	case Instruction::Sub:
4271	case Instruction::Mul:
4272	case Instruction::SDiv:
4273	case Instruction::UDiv:
4274	case Instruction::SRem:
4275	case Instruction::URem:
4276	Check(B.getType()->isIntOrIntVectorTy(),
4277	"Integer arithmetic operators only work with integral types!", &B);
4278	Check(B.getType() == B.getOperand(`0`)->getType(),
4279	"Integer arithmetic operators must have same type "
4280	"for operands and result!",
4281	&B);
4282	break;
4283	// Check that floating-point arithmetic operators are only used with
4284	// floating-point operands.
4285	case Instruction::FAdd:
4286	case Instruction::FSub:
4287	case Instruction::FMul:
4288	case Instruction::FDiv:
4289	case Instruction::FRem:
4290	Check(B.getType()->isFPOrFPVectorTy(),
4291	"Floating-point arithmetic operators only work with "
4292	"floating-point types!",
4293	&B);
4294	Check(B.getType() == B.getOperand(`0`)->getType(),
4295	"Floating-point arithmetic operators must have same type "
4296	"for operands and result!",
4297	&B);
4298	break;
4299	// Check that logical operators are only used with integral operands.
4300	case Instruction::And:
4301	case Instruction::Or:
4302	case Instruction::Xor:
4303	Check(B.getType()->isIntOrIntVectorTy(),
4304	"Logical operators only work with integral types!", &B);
4305	Check(B.getType() == B.getOperand(`0`)->getType(),
4306	"Logical operators must have same type for operands and result!", &B);
4307	break;
4308	case Instruction::Shl:
4309	case Instruction::LShr:
4310	case Instruction::AShr:
4311	Check(B.getType()->isIntOrIntVectorTy(),
4312	"Shifts only work with integral types!", &B);
4313	Check(B.getType() == B.getOperand(`0`)->getType(),
4314	"Shift return type must be same as operands!", &B);
4315	break;
4316	default:
4317	llvm_unreachable("Unknown BinaryOperator opcode!");
4318	}
4319
4320	visitInstruction(I&: B);
4321	}
4322
4323	void Verifier::visitICmpInst(ICmpInst &IC) {
4324	// Check that the operands are the same type
4325	Type *Op0Ty = IC.getOperand(i_nocapture: `0`)->getType();
4326	Type *Op1Ty = IC.getOperand(i_nocapture: `1`)->getType();
4327	Check(Op0Ty == Op1Ty,
4328	"Both operands to ICmp instruction are not of the same type!", &IC);
4329	// Check that the operands are the right type
4330	Check(Op0Ty->isIntOrIntVectorTy() \|\| Op0Ty->isPtrOrPtrVectorTy(),
4331	"Invalid operand types for ICmp instruction", &IC);
4332	// Check that the predicate is valid.
4333	Check(IC.isIntPredicate(), "Invalid predicate in ICmp instruction!", &IC);
4334
4335	visitInstruction(I&: IC);
4336	}
4337
4338	void Verifier::visitFCmpInst(FCmpInst &FC) {
4339	// Check that the operands are the same type
4340	Type *Op0Ty = FC.getOperand(i_nocapture: `0`)->getType();
4341	Type *Op1Ty = FC.getOperand(i_nocapture: `1`)->getType();
4342	Check(Op0Ty == Op1Ty,
4343	"Both operands to FCmp instruction are not of the same type!", &FC);
4344	// Check that the operands are the right type
4345	Check(Op0Ty->isFPOrFPVectorTy(), "Invalid operand types for FCmp instruction",
4346	&FC);
4347	// Check that the predicate is valid.
4348	Check(FC.isFPPredicate(), "Invalid predicate in FCmp instruction!", &FC);
4349
4350	visitInstruction(I&: FC);
4351	}
4352
4353	void Verifier::visitExtractElementInst(ExtractElementInst &EI) {
4354	Check(ExtractElementInst::isValidOperands(EI.getOperand(`0`), EI.getOperand(`1`)),
4355	"Invalid extractelement operands!", &EI);
4356	visitInstruction(I&: EI);
4357	}
4358
4359	void Verifier::visitInsertElementInst(InsertElementInst &IE) {
4360	Check(InsertElementInst::isValidOperands(IE.getOperand(`0`), IE.getOperand(`1`),
4361	IE.getOperand(`2`)),
4362	"Invalid insertelement operands!", &IE);
4363	visitInstruction(I&: IE);
4364	}
4365
4366	void Verifier::visitShuffleVectorInst(ShuffleVectorInst &SV) {
4367	Check(ShuffleVectorInst::isValidOperands(SV.getOperand(`0`), SV.getOperand(`1`),
4368	SV.getShuffleMask()),
4369	"Invalid shufflevector operands!", &SV);
4370	visitInstruction(I&: SV);
4371	}
4372
4373	void Verifier::visitGetElementPtrInst(GetElementPtrInst &GEP) {
4374	if (auto *MD = mdconst::extract_or_null<ConstantInt>(
4375	MD: GEP.getModule()->getModuleFlag(Key: "require-logical-pointer")))
4376	Check(!MD->getZExtValue(),
4377	"Non-logical getelementptr disallowed for this module.");
4378
4379	Type *TargetTy = GEP.getPointerOperandType()->getScalarType();
4380
4381	Check(isa<PointerType>(TargetTy),
4382	"GEP base pointer is not a vector or a vector of pointers", &GEP);
4383	Check(GEP.getSourceElementType()->isSized(), "GEP into unsized type!", &GEP);
4384
4385	if (auto *STy = dyn_cast<StructType>(Val: GEP.getSourceElementType())) {
4386	Check(!STy->isScalableTy(),
4387	"getelementptr cannot target structure that contains scalable vector"
4388	"type",
4389	&GEP);
4390	}
4391
4392	SmallVector<Value *, `16`> Idxs(GEP.indices());
4393	Check(
4394	all_of(Idxs, [](Value V) { return* V->getType()->isIntOrIntVectorTy(); }),
4395	"GEP indexes must be integers", &GEP);
4396	Type *ElTy =
4397	GetElementPtrInst::getIndexedType(Ty: GEP.getSourceElementType(), IdxList: Idxs);
4398	Check(ElTy, "Invalid indices for GEP pointer type!", &GEP);
4399
4400	PointerType *PtrTy = dyn_cast<PointerType>(Val: GEP.getType()->getScalarType());
4401
4402	Check(PtrTy && GEP.getResultElementType() == ElTy,
4403	"GEP is not of right type for indices!", &GEP, ElTy);
4404
4405	if (auto *GEPVTy = dyn_cast<VectorType>(Val: GEP.getType())) {
4406	// Additional checks for vector GEPs.
4407	ElementCount GEPWidth = GEPVTy->getElementCount();
4408	if (GEP.getPointerOperandType()->isVectorTy())
4409	Check(
4410	GEPWidth ==
4411	cast<VectorType>(GEP.getPointerOperandType())->getElementCount(),
4412	"Vector GEP result width doesn't match operand's", &GEP);
4413	for (Value *Idx : Idxs) {
4414	Type *IndexTy = Idx->getType();
4415	if (auto *IndexVTy = dyn_cast<VectorType>(Val: IndexTy)) {
4416	ElementCount IndexWidth = IndexVTy->getElementCount();
4417	Check(IndexWidth == GEPWidth, "Invalid GEP index vector width", &GEP);
4418	}
4419	Check(IndexTy->isIntOrIntVectorTy(),
4420	"All GEP indices should be of integer type");
4421	}
4422	}
4423
4424	// Check that GEP does not index into a vector with non-byte-addressable
4425	// elements.
4426	for (gep_type_iterator GTI = gep_type_begin(GEP), GTE = gep_type_end(GEP);
4427	GTI != GTE; ++GTI) {
4428	if (GTI.isVector()) {
4429	Type *ElemTy = GTI.getIndexedType();
4430	Check(DL.typeSizeEqualsStoreSize(ElemTy),
4431	"GEP into vector with non-byte-addressable element type", &GEP);
4432	}
4433	}
4434
4435	Check(GEP.getAddressSpace() == PtrTy->getAddressSpace(),
4436	"GEP address space doesn't match type", &GEP);
4437
4438	visitInstruction(I&: GEP);
4439	}
4440
4441	static bool isContiguous(const ConstantRange &A, const ConstantRange &B) {
4442	return A.getUpper() == B.getLower() \|\| A.getLower() == B.getUpper();
4443	}
4444
4445	/// Verify !range and !absolute_symbol metadata. These have the same
4446	/// restrictions, except !absolute_symbol allows the full set.
4447	void Verifier::verifyRangeLikeMetadata(const Value &I, const MDNode *Range,
4448	Type *Ty, RangeLikeMetadataKind Kind) {
4449	unsigned NumOperands = Range->getNumOperands();
4450	Check(NumOperands % `2` == `0`, "Unfinished range!", Range);
4451	unsigned NumRanges = NumOperands / `2`;
4452	Check(NumRanges >= `1`, "It should have at least one range!", Range);
4453
4454	ConstantRange LastRange(`1`, true); // Dummy initial value
4455	for (unsigned i = `0`; i < NumRanges; ++i) {
4456	ConstantInt *Low =
4457	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: `2` * i));
4458	Check(Low, "The lower limit must be an integer!", Low);
4459	ConstantInt *High =
4460	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: `2` * i + `1`));
4461	Check(High, "The upper limit must be an integer!", High);
4462
4463	Check(High->getType() == Low->getType(), "Range pair types must match!",
4464	&I);
4465
4466	if (Kind == RangeLikeMetadataKind::NoaliasAddrspace) {
4467	Check(High->getType()->isIntegerTy(`32`),
4468	"noalias.addrspace type must be i32!", &I);
4469	} else {
4470	Check(High->getType() == Ty->getScalarType(),
4471	"Range types must match instruction type!", &I);
4472	}
4473
4474	APInt HighV = High->getValue();
4475	APInt LowV = Low->getValue();
4476
4477	// ConstantRange asserts if the ranges are the same except for the min/max
4478	// value. Leave the cases it tolerates for the empty range error below.
4479	Check(LowV != HighV \|\| LowV.isMaxValue() \|\| LowV.isMinValue(),
4480	"The upper and lower limits cannot be the same value", &I);
4481
4482	ConstantRange CurRange(LowV, HighV);
4483	Check(!CurRange.isEmptySet() &&
4484	(Kind == RangeLikeMetadataKind::AbsoluteSymbol \|\|
4485	!CurRange.isFullSet()),
4486	"Range must not be empty!", Range);
4487	if (i != `0`) {
4488	Check(CurRange.intersectWith(LastRange).isEmptySet(),
4489	"Intervals are overlapping", Range);
4490	Check(LowV.sgt(LastRange.getLower()), "Intervals are not in order",
4491	Range);
4492	Check(!isContiguous(CurRange, LastRange), "Intervals are contiguous",
4493	Range);
4494	}
4495	LastRange = ConstantRange (LowV, HighV);
4496	}
4497	if (NumRanges > `2`) {
4498	APInt FirstLow =
4499	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: `0`))->getValue();
4500	APInt FirstHigh =
4501	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: `1`))->getValue();
4502	ConstantRange FirstRange(FirstLow, FirstHigh);
4503	Check(FirstRange.intersectWith(LastRange).isEmptySet(),
4504	"Intervals are overlapping", Range);
4505	Check(!isContiguous(FirstRange, LastRange), "Intervals are contiguous",
4506	Range);
4507	}
4508	}
4509
4510	void Verifier::visitRangeMetadata(Instruction &I, MDNode Range, Type Ty) {
4511	assert(Range && Range == I.getMetadata(LLVMContext::MD_range) &&
4512	"precondition violation");
4513	verifyRangeLikeMetadata(I, Range, Ty, Kind: RangeLikeMetadataKind::Range);
4514	}
4515
4516	void Verifier::visitNoFPClassMetadata(Instruction &I, MDNode *NoFPClass,
4517	Type *Ty) {
4518	Check(AttributeFuncs::isNoFPClassCompatibleType(Ty),
4519	"nofpclass only applies to floating-point typed loads", I);
4520
4521	Check(NoFPClass->getNumOperands() == `1`,
4522	"nofpclass must have exactly one entry", NoFPClass);
4523	ConstantInt *MaskVal =
4524	mdconst::dyn_extract<ConstantInt>(MD: NoFPClass->getOperand(I: `0`));
4525	Check(MaskVal && MaskVal->getType()->isIntegerTy(`32`),
4526	"nofpclass entry must be a constant i32", NoFPClass);
4527	uint32_t Val = MaskVal->getZExtValue();
4528	Check(Val != `0`, "'nofpclass' must have at least one test bit set", NoFPClass,
4529	I);
4530
4531	Check((Val & ~static_cast<unsigned>(fcAllFlags)) == `0`,
4532	"Invalid value for 'nofpclass' test mask", NoFPClass, I);
4533	}
4534
4535	void Verifier::visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range,
4536	Type *Ty) {
4537	assert(Range && Range == I.getMetadata(LLVMContext::MD_noalias_addrspace) &&
4538	"precondition violation");
4539	verifyRangeLikeMetadata(I, Range, Ty,
4540	Kind: RangeLikeMetadataKind::NoaliasAddrspace);
4541	}
4542
4543	void Verifier::checkAtomicMemAccessSize(Type Ty, const* Instruction *I) {
4544	unsigned Size = DL.getTypeSizeInBits(Ty).getFixedValue();
4545	Check(Size >= `8`, "atomic memory access' size must be byte-sized", Ty, I);
4546	Check(!(Size & (Size - `1`)),
4547	"atomic memory access' operand must have a power-of-two size", Ty, I);
4548	}
4549
4550	void Verifier::visitLoadInst(LoadInst &LI) {
4551	PointerType *PTy = dyn_cast<PointerType>(Val: LI.getOperand(i_nocapture: `0`)->getType());
4552	Check(PTy, "Load operand must be a pointer.", &LI);
4553	Type *ElTy = LI.getType();
4554	if (MaybeAlign A = LI.getAlign()) {
4555	Check(A ->value() <= Value::MaximumAlignment,
4556	"huge alignment values are unsupported", &LI);
4557	}
4558	Check(ElTy->isSized(), "loading unsized types is not allowed", &LI);
4559	if (LI.isAtomic()) {
4560	Check(LI.getOrdering() != AtomicOrdering::Release &&
4561	LI.getOrdering() != AtomicOrdering::AcquireRelease,
4562	"Load cannot have Release ordering", &LI);
4563	Check(ElTy->getScalarType()->isIntOrPtrTy() \|\|
4564	ElTy->getScalarType()->isByteTy() \|\|
4565	ElTy->getScalarType()->isFloatingPointTy(),
4566	"atomic load operand must have integer, byte, pointer, floating "
4567	"point, or vector type!",
4568	ElTy, &LI);
4569
4570	checkAtomicMemAccessSize(Ty: ElTy, I: &LI);
4571	} else {
4572	Check(LI.getSyncScopeID() == SyncScope::System,
4573	"Non-atomic load cannot have SynchronizationScope specified", &LI);
4574	}
4575
4576	visitInstruction(I&: LI);
4577	}
4578
4579	void Verifier::visitStoreInst(StoreInst &SI) {
4580	PointerType *PTy = dyn_cast<PointerType>(Val: SI.getOperand(i_nocapture: `1`)->getType());
4581	Check(PTy, "Store operand must be a pointer.", &SI);
4582	Type *ElTy = SI.getOperand(i_nocapture: `0`)->getType();
4583	if (MaybeAlign A = SI.getAlign()) {
4584	Check(A ->value() <= Value::MaximumAlignment,
4585	"huge alignment values are unsupported", &SI);
4586	}
4587	Check(ElTy->isSized(), "storing unsized types is not allowed", &SI);
4588	if (SI.isAtomic()) {
4589	Check(SI.getOrdering() != AtomicOrdering::Acquire &&
4590	SI.getOrdering() != AtomicOrdering::AcquireRelease,
4591	"Store cannot have Acquire ordering", &SI);
4592	Check(ElTy->getScalarType()->isIntOrPtrTy() \|\|
4593	ElTy->getScalarType()->isByteTy() \|\|
4594	ElTy->getScalarType()->isFloatingPointTy(),
4595	"atomic store operand must have integer, byte, pointer, floating "
4596	"point, or vector type!",
4597	ElTy, &SI);
4598	checkAtomicMemAccessSize(Ty: ElTy, I: &SI);
4599	} else {
4600	Check(SI.getSyncScopeID() == SyncScope::System,
4601	"Non-atomic store cannot have SynchronizationScope specified", &SI);
4602	}
4603	visitInstruction(I&: SI);
4604	}
4605
4606	/// Check that SwiftErrorVal is used as a swifterror argument in CS.
4607	void Verifier::verifySwiftErrorCall(CallBase &Call,
4608	const Value *SwiftErrorVal) {
4609	for (const auto &I : llvm::enumerate(First: Call.args())) {
4610	if (I.value() == SwiftErrorVal) {
4611	Check(Call.paramHasAttr(I.index(), Attribute::SwiftError),
4612	"swifterror value when used in a callsite should be marked "
4613	"with swifterror attribute",
4614	SwiftErrorVal, Call);
4615	}
4616	}
4617	}
4618
4619	void Verifier::verifySwiftErrorValue(const Value *SwiftErrorVal) {
4620	// Check that swifterror value is only used by loads, stores, or as
4621	// a swifterror argument.
4622	for (const User *U : SwiftErrorVal->users()) {
4623	Check(isa<LoadInst>(U) \|\| isa<StoreInst>(U) \|\| isa<CallInst>(U) \|\|
4624	isa<InvokeInst>(U),
4625	"swifterror value can only be loaded and stored from, or "
4626	"as a swifterror argument!",
4627	SwiftErrorVal, U);
4628	// If it is used by a store, check it is the second operand.
4629	if (auto StoreI = dyn_cast<StoreInst>(Val: U))
4630	Check(StoreI->getOperand(`1`) == SwiftErrorVal,
4631	"swifterror value should be the second operand when used "
4632	"by stores",
4633	SwiftErrorVal, U);
4634	if (auto *Call = dyn_cast<CallBase>(Val: U))
4635	verifySwiftErrorCall(Call&: *const_cast<CallBase *>(Call), SwiftErrorVal);
4636	}
4637	}
4638
4639	void Verifier::visitAllocaInst(AllocaInst &AI) {
4640	if (auto *MD = mdconst::extract_or_null<ConstantInt>(
4641	MD: AI.getModule()->getModuleFlag(Key: "require-logical-pointer")))
4642	Check(!MD->getZExtValue(),
4643	"Non-logical alloca disallowed for this module.");
4644
4645	Type *Ty = AI.getAllocatedType();
4646	SmallPtrSet<Type*, `4`> Visited;
4647	Check(Ty->isSized(&Visited), "Cannot allocate unsized type", &AI);
4648	// Check if it's a target extension type that disallows being used on the
4649	// stack.
4650	Check(!Ty->containsNonLocalTargetExtType(),
4651	"Alloca has illegal target extension type", &AI);
4652	Check(AI.getArraySize()->getType()->isIntegerTy(),
4653	"Alloca array size must have integer type", &AI);
4654	if (MaybeAlign A = AI.getAlign()) {
4655	Check(A ->value() <= Value::MaximumAlignment,
4656	"huge alignment values are unsupported", &AI);
4657	}
4658
4659	if (AI.isSwiftError()) {
4660	Check(Ty->isPointerTy(), "swifterror alloca must have pointer type", &AI);
4661	Check(!AI.isArrayAllocation(),
4662	"swifterror alloca must not be array allocation", &AI);
4663	verifySwiftErrorValue(SwiftErrorVal: &AI);
4664	}
4665
4666	visitInstruction(I&: AI);
4667
4668	// Target-specific alloca checks.
4669	verifyAMDGPUAlloca(VS&: *this, AI);
4670	}
4671
4672	void Verifier::visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI) {
4673	Type *ElTy = CXI.getOperand(i_nocapture: `1`)->getType();
4674	Check(ElTy->isIntOrPtrTy(),
4675	"cmpxchg operand must have integer or pointer type", ElTy, &CXI);
4676	checkAtomicMemAccessSize(Ty: ElTy, I: &CXI);
4677	visitInstruction(I&: CXI);
4678	}
4679
4680	void Verifier::visitAtomicRMWInst(AtomicRMWInst &RMWI) {
4681	Check(RMWI.getOrdering() != AtomicOrdering::Unordered,
4682	"atomicrmw instructions cannot be unordered.", &RMWI);
4683	auto Op = RMWI.getOperation();
4684	Type *ElTy = RMWI.getOperand(i_nocapture: `1`)->getType();
4685	Type *ScalarTy = ElTy;
4686	if (RMWI.isElementwise()) {
4687	auto *VecTy = dyn_cast<FixedVectorType>(Val: ElTy);
4688	Check(VecTy, "atomicrmw elementwise operand must have fixed vector type!",
4689	&RMWI, ElTy);
4690	if (VecTy)
4691	ScalarTy = VecTy->getElementType();
4692	}
4693
4694	if (Op == AtomicRMWInst::Xchg) {
4695	Check(ScalarTy->isIntegerTy() \|\| ScalarTy->isFloatingPointTy() \|\|
4696	ScalarTy->isPointerTy(),
4697	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4698	" operand must have integer or floating point type!",
4699	&RMWI, ElTy);
4700	} else if (AtomicRMWInst::isFPOperation(Op)) {
4701	Check(ElTy->isFPOrFPVectorTy() && !isa<ScalableVectorType>(ElTy),
4702	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4703	" operand must have floating-point or fixed vector of "
4704	"floating-point "
4705	"type!",
4706	&RMWI, ElTy);
4707	} else {
4708	Check(ScalarTy->isIntegerTy(),
4709	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4710	" operand must have integer type!",
4711	&RMWI, ElTy);
4712	}
4713	checkAtomicMemAccessSize(Ty: ElTy, I: &RMWI);
4714	Check(AtomicRMWInst::FIRST_BINOP <= Op && Op <= AtomicRMWInst::LAST_BINOP,
4715	"Invalid binary operation!", &RMWI);
4716	visitInstruction(I&: RMWI);
4717	}
4718
4719	void Verifier::visitFenceInst(FenceInst &FI) {
4720	const AtomicOrdering Ordering = FI.getOrdering();
4721	Check(Ordering == AtomicOrdering::Acquire \|\|
4722	Ordering == AtomicOrdering::Release \|\|
4723	Ordering == AtomicOrdering::AcquireRelease \|\|
4724	Ordering == AtomicOrdering::SequentiallyConsistent,
4725	"fence instructions may only have acquire, release, acq_rel, or "
4726	"seq_cst ordering.",
4727	&FI);
4728	visitInstruction(I&: FI);
4729	}
4730
4731	void Verifier::visitExtractValueInst(ExtractValueInst &EVI) {
4732	Check(ExtractValueInst::getIndexedType(EVI.getAggregateOperand()->getType(),
4733	EVI.getIndices()) == EVI.getType(),
4734	"Invalid ExtractValueInst operands!", &EVI);
4735
4736	visitInstruction(I&: EVI);
4737	}
4738
4739	void Verifier::visitInsertValueInst(InsertValueInst &IVI) {
4740	Check(ExtractValueInst::getIndexedType(IVI.getAggregateOperand()->getType(),
4741	IVI.getIndices()) ==
4742	IVI.getOperand(`1`)->getType(),
4743	"Invalid InsertValueInst operands!", &IVI);
4744
4745	visitInstruction(I&: IVI);
4746	}
4747
4748	static Value getParentPad(Value EHPad) {
4749	if (auto *FPI = dyn_cast<FuncletPadInst>(Val: EHPad))
4750	return FPI->getParentPad();
4751
4752	return cast<CatchSwitchInst>(Val: EHPad)->getParentPad();
4753	}
4754
4755	void Verifier::visitEHPadPredecessors(Instruction &I) {
4756	assert(I.isEHPad());
4757
4758	BasicBlock *BB = I.getParent();
4759	Function *F = BB->getParent();
4760
4761	Check(BB != &F->getEntryBlock(), "EH pad cannot be in entry block.", &I);
4762
4763	if (auto *LPI = dyn_cast<LandingPadInst>(Val: &I)) {
4764	// The landingpad instruction defines its parent as a landing pad block. The
4765	// landing pad block may be branched to only by the unwind edge of an
4766	// invoke.
4767	for (BasicBlock *PredBB : predecessors(BB)) {
4768	const auto *II = dyn_cast<InvokeInst>(Val: PredBB->getTerminator());
4769	Check(II && II->getUnwindDest() == BB && II->getNormalDest() != BB,
4770	"Block containing LandingPadInst must be jumped to "
4771	"only by the unwind edge of an invoke.",
4772	LPI);
4773	}
4774	return;
4775	}
4776	if (auto *CPI = dyn_cast<CatchPadInst>(Val: &I)) {
4777	if (!pred_empty(BB))
4778	Check(BB->getUniquePredecessor() == CPI->getCatchSwitch()->getParent(),
4779	"Block containg CatchPadInst must be jumped to "
4780	"only by its catchswitch.",
4781	CPI);
4782	Check(BB != CPI->getCatchSwitch()->getUnwindDest(),
4783	"Catchswitch cannot unwind to one of its catchpads",
4784	CPI->getCatchSwitch(), CPI);
4785	return;
4786	}
4787
4788	// Verify that each pred has a legal terminator with a legal to/from EH
4789	// pad relationship.
4790	Instruction *ToPad = &I;
4791	Value *ToPadParent = getParentPad(EHPad: ToPad);
4792	for (BasicBlock *PredBB : predecessors(BB)) {
4793	Instruction *TI = PredBB->getTerminator();
4794	Value *FromPad;
4795	if (auto *II = dyn_cast<InvokeInst>(Val: TI)) {
4796	Check(II->getUnwindDest() == BB && II->getNormalDest() != BB,
4797	"EH pad must be jumped to via an unwind edge", ToPad, II);
4798	auto *CalledFn =
4799	dyn_cast<Function>(Val: II->getCalledOperand()->stripPointerCasts());
4800	if (CalledFn && CalledFn->isIntrinsic() && II->doesNotThrow() &&
4801	!IntrinsicInst::mayLowerToFunctionCall(IID: CalledFn->getIntrinsicID()))
4802	continue;
4803	if (auto Bundle = II->getOperandBundle(ID: LLVMContext::OB_funclet))
4804	FromPad = Bundle ->Inputs [`0`];
4805	else
4806	FromPad = ConstantTokenNone::get(Context&: II->getContext());
4807	} else if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: TI)) {
4808	FromPad = CRI->getOperand(i_nocapture: `0`);
4809	Check(FromPad != ToPadParent, "A cleanupret must exit its cleanup", CRI);
4810	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: TI)) {
4811	FromPad = CSI;
4812	} else {
4813	Check(false, "EH pad must be jumped to via an unwind edge", ToPad, TI);
4814	}
4815
4816	// The edge may exit from zero or more nested pads.
4817	SmallPtrSet<Value *, `8`> Seen;
4818	for (;; FromPad = getParentPad(EHPad: FromPad)) {
4819	Check(FromPad != ToPad,
4820	"EH pad cannot handle exceptions raised within it", FromPad, TI);
4821	if (FromPad == ToPadParent) {
4822	// This is a legal unwind edge.
4823	break;
4824	}
4825	Check(!isa<ConstantTokenNone>(FromPad),
4826	"A single unwind edge may only enter one EH pad", TI);
4827	Check(Seen.insert(FromPad).second, "EH pad jumps through a cycle of pads",
4828	FromPad);
4829
4830	// This will be diagnosed on the corresponding instruction already. We
4831	// need the extra check here to make sure getParentPad() works.
4832	Check(isa<FuncletPadInst>(FromPad) \|\| isa<CatchSwitchInst>(FromPad),
4833	"Parent pad must be catchpad/cleanuppad/catchswitch", TI);
4834	}
4835	}
4836	}
4837
4838	void Verifier::visitLandingPadInst(LandingPadInst &LPI) {
4839	// The landingpad instruction is ill-formed if it doesn't have any clauses and
4840	// isn't a cleanup.
4841	Check(LPI.getNumClauses() > `0` \|\| LPI.isCleanup(),
4842	"LandingPadInst needs at least one clause or to be a cleanup.", &LPI);
4843
4844	visitEHPadPredecessors(I&: LPI);
4845
4846	if (!LandingPadResultTy)
4847	LandingPadResultTy = LPI.getType();
4848	else
4849	Check(LandingPadResultTy == LPI.getType(),
4850	"The landingpad instruction should have a consistent result type "
4851	"inside a function.",
4852	&LPI);
4853
4854	Function *F = LPI.getParent()->getParent();
4855	Check(F->hasPersonalityFn(),
4856	"LandingPadInst needs to be in a function with a personality.", &LPI);
4857
4858	// The landingpad instruction must be the first non-PHI instruction in the
4859	// block.
4860	Check(LPI.getParent()->getLandingPadInst() == &LPI,
4861	"LandingPadInst not the first non-PHI instruction in the block.", &LPI);
4862
4863	for (unsigned i = `0`, e = LPI.getNumClauses(); i < e; ++i) {
4864	Constant *Clause = LPI.getClause(Idx: i);
4865	if (LPI.isCatch(Idx: i)) {
4866	Check(isa<PointerType>(Clause->getType()),
4867	"Catch operand does not have pointer type!", &LPI);
4868	} else {
4869	Check(LPI.isFilter(i), "Clause is neither catch nor filter!", &LPI);
4870	Check(isa<ConstantArray>(Clause) \|\| isa<ConstantAggregateZero>(Clause),
4871	"Filter operand is not an array of constants!", &LPI);
4872	}
4873	}
4874
4875	visitInstruction(I&: LPI);
4876	}
4877
4878	void Verifier::visitResumeInst(ResumeInst &RI) {
4879	Check(RI.getFunction()->hasPersonalityFn(),
4880	"ResumeInst needs to be in a function with a personality.", &RI);
4881
4882	if (!LandingPadResultTy)
4883	LandingPadResultTy = RI.getValue()->getType();
4884	else
4885	Check(LandingPadResultTy == RI.getValue()->getType(),
4886	"The resume instruction should have a consistent result type "
4887	"inside a function.",
4888	&RI);
4889
4890	visitTerminator(I&: RI);
4891	}
4892
4893	void Verifier::visitCatchPadInst(CatchPadInst &CPI) {
4894	BasicBlock *BB = CPI.getParent();
4895
4896	Function *F = BB->getParent();
4897	Check(F->hasPersonalityFn(),
4898	"CatchPadInst needs to be in a function with a personality.", &CPI);
4899
4900	Check(isa<CatchSwitchInst>(CPI.getParentPad()),
4901	"CatchPadInst needs to be directly nested in a CatchSwitchInst.",
4902	CPI.getParentPad());
4903
4904	// The catchpad instruction must be the first non-PHI instruction in the
4905	// block.
4906	Check(&*BB->getFirstNonPHIIt() == &CPI,
4907	"CatchPadInst not the first non-PHI instruction in the block.", &CPI);
4908
4909	Check(llvm::all_of(CPI.arg_operands(),
4910	[](Use &U) {
4911	auto *V = U.get();
4912	return isa<Constant>(V) \|\| isa<AllocaInst>(V);
4913	}),
4914	"Argument operand must be alloca or constant.", &CPI);
4915
4916	visitEHPadPredecessors(I&: CPI);
4917	visitFuncletPadInst(FPI&: CPI);
4918	}
4919
4920	void Verifier::visitCatchReturnInst(CatchReturnInst &CatchReturn) {
4921	Check(isa<CatchPadInst>(CatchReturn.getOperand(`0`)),
4922	"CatchReturnInst needs to be provided a CatchPad", &CatchReturn,
4923	CatchReturn.getOperand(`0`));
4924
4925	visitTerminator(I&: CatchReturn);
4926	}
4927
4928	void Verifier::visitCleanupPadInst(CleanupPadInst &CPI) {
4929	BasicBlock *BB = CPI.getParent();
4930
4931	Function *F = BB->getParent();
4932	Check(F->hasPersonalityFn(),
4933	"CleanupPadInst needs to be in a function with a personality.", &CPI);
4934
4935	// The cleanuppad instruction must be the first non-PHI instruction in the
4936	// block.
4937	Check(&*BB->getFirstNonPHIIt() == &CPI,
4938	"CleanupPadInst not the first non-PHI instruction in the block.", &CPI);
4939
4940	auto *ParentPad = CPI.getParentPad();
4941	Check(isa<ConstantTokenNone>(ParentPad) \|\| isa<FuncletPadInst>(ParentPad),
4942	"CleanupPadInst has an invalid parent.", &CPI);
4943
4944	visitEHPadPredecessors(I&: CPI);
4945	visitFuncletPadInst(FPI&: CPI);
4946	}
4947
4948	void Verifier::visitFuncletPadInst(FuncletPadInst &FPI) {
4949	User FirstUser = nullptr*;
4950	Value FirstUnwindPad = nullptr*;
4951	SmallVector<FuncletPadInst *, `8`> Worklist({&FPI});
4952	SmallPtrSet<FuncletPadInst *, `8`> Seen;
4953
4954	while (!Worklist.empty()) {
4955	FuncletPadInst *CurrentPad = Worklist.pop_back_val();
4956	Check(Seen.insert(CurrentPad).second,
4957	"FuncletPadInst must not be nested within itself", CurrentPad);
4958	Value UnresolvedAncestorPad = nullptr*;
4959	for (User *U : CurrentPad->users()) {
4960	BasicBlock *UnwindDest;
4961	if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: U)) {
4962	UnwindDest = CRI->getUnwindDest();
4963	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: U)) {
4964	// We allow catchswitch unwind to caller to nest
4965	// within an outer pad that unwinds somewhere else,
4966	// because catchswitch doesn't have a nounwind variant.
4967	// See e.g. SimplifyCFGOpt::SimplifyUnreachable.
4968	if (CSI->unwindsToCaller())
4969	continue;
4970	UnwindDest = CSI->getUnwindDest();
4971	} else if (auto *II = dyn_cast<InvokeInst>(Val: U)) {
4972	UnwindDest = II->getUnwindDest();
4973	} else if (isa<CallInst>(Val: U)) {
4974	// Calls which don't unwind may be found inside funclet
4975	// pads that unwind somewhere else. We don't require
4976	// such calls to be annotated nounwind.
4977	continue;
4978	} else if (auto *CPI = dyn_cast<CleanupPadInst>(Val: U)) {
4979	// The unwind dest for a cleanup can only be found by
4980	// recursive search. Add it to the worklist, and we'll
4981	// search for its first use that determines where it unwinds.
4982	Worklist.push_back(Elt: CPI);
4983	continue;
4984	} else {
4985	Check(isa<CatchReturnInst>(U), "Bogus funclet pad use", U);
4986	continue;
4987	}
4988
4989	Value *UnwindPad;
4990	bool ExitsFPI;
4991	if (UnwindDest) {
4992	UnwindPad = &*UnwindDest->getFirstNonPHIIt();
4993	if (!cast<Instruction>(Val: UnwindPad)->isEHPad())
4994	continue;
4995	Value *UnwindParent = getParentPad(EHPad: UnwindPad);
4996	// Ignore unwind edges that don't exit CurrentPad.
4997	if (UnwindParent == CurrentPad)
4998	continue;
4999	// Determine whether the original funclet pad is exited,
5000	// and if we are scanning nested pads determine how many
5001	// of them are exited so we can stop searching their
5002	// children.
5003	Value *ExitedPad = CurrentPad;
5004	ExitsFPI = false;
5005	do {
5006	if (ExitedPad == &FPI) {
5007	ExitsFPI = true;
5008	// Now we can resolve any ancestors of CurrentPad up to
5009	// FPI, but not including FPI since we need to make sure
5010	// to check all direct users of FPI for consistency.
5011	UnresolvedAncestorPad = &FPI;
5012	break;
5013	}
5014	Value *ExitedParent = getParentPad(EHPad: ExitedPad);
5015	if (ExitedParent == UnwindParent) {
5016	// ExitedPad is the ancestor-most pad which this unwind
5017	// edge exits, so we can resolve up to it, meaning that
5018	// ExitedParent is the first ancestor still unresolved.
5019	UnresolvedAncestorPad = ExitedParent;
5020	break;
5021	}
5022	ExitedPad = ExitedParent;
5023	} while (!isa<ConstantTokenNone>(Val: ExitedPad));
5024	} else {
5025	// Unwinding to caller exits all pads.
5026	UnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
5027	ExitsFPI = true;
5028	UnresolvedAncestorPad = &FPI;
5029	}
5030
5031	if (ExitsFPI) {
5032	// This unwind edge exits FPI. Make sure it agrees with other
5033	// such edges.
5034	if (FirstUser) {
5035	Check(UnwindPad == FirstUnwindPad,
5036	"Unwind edges out of a funclet "
5037	"pad must have the same unwind "
5038	"dest",
5039	&FPI, U, FirstUser);
5040	} else {
5041	FirstUser = U;
5042	FirstUnwindPad = UnwindPad;
5043	// Record cleanup sibling unwinds for verifySiblingFuncletUnwinds
5044	if (isa<CleanupPadInst>(Val: &FPI) && !isa<ConstantTokenNone>(Val: UnwindPad) &&
5045	getParentPad(EHPad: UnwindPad) == getParentPad(EHPad: &FPI))
5046	SiblingFuncletInfo [&FPI] = cast<Instruction>(Val: U);
5047	}
5048	}
5049	// Make sure we visit all uses of FPI, but for nested pads stop as
5050	// soon as we know where they unwind to.
5051	if (CurrentPad != &FPI)
5052	break;
5053	}
5054	if (UnresolvedAncestorPad) {
5055	if (CurrentPad == UnresolvedAncestorPad) {
5056	// When CurrentPad is FPI itself, we don't mark it as resolved even if
5057	// we've found an unwind edge that exits it, because we need to verify
5058	// all direct uses of FPI.
5059	assert(CurrentPad == &FPI);
5060	continue;
5061	}
5062	// Pop off the worklist any nested pads that we've found an unwind
5063	// destination for. The pads on the worklist are the uncles,
5064	// great-uncles, etc. of CurrentPad. We've found an unwind destination
5065	// for all ancestors of CurrentPad up to but not including
5066	// UnresolvedAncestorPad.
5067	Value *ResolvedPad = CurrentPad;
5068	while (!Worklist.empty()) {
5069	Value *UnclePad = Worklist.back();
5070	Value *AncestorPad = getParentPad(EHPad: UnclePad);
5071	// Walk ResolvedPad up the ancestor list until we either find the
5072	// uncle's parent or the last resolved ancestor.
5073	while (ResolvedPad != AncestorPad) {
5074	Value *ResolvedParent = getParentPad(EHPad: ResolvedPad);
5075	if (ResolvedParent == UnresolvedAncestorPad) {
5076	break;
5077	}
5078	ResolvedPad = ResolvedParent;
5079	}
5080	// If the resolved ancestor search didn't find the uncle's parent,
5081	// then the uncle is not yet resolved.
5082	if (ResolvedPad != AncestorPad)
5083	break;
5084	// This uncle is resolved, so pop it from the worklist.
5085	Worklist.pop_back();
5086	}
5087	}
5088	}
5089
5090	if (FirstUnwindPad) {
5091	if (auto *CatchSwitch = dyn_cast<CatchSwitchInst>(Val: FPI.getParentPad())) {
5092	BasicBlock *SwitchUnwindDest = CatchSwitch->getUnwindDest();
5093	Value *SwitchUnwindPad;
5094	if (SwitchUnwindDest)
5095	SwitchUnwindPad = &*SwitchUnwindDest->getFirstNonPHIIt();
5096	else
5097	SwitchUnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
5098	Check(SwitchUnwindPad == FirstUnwindPad,
5099	"Unwind edges out of a catch must have the same unwind dest as "
5100	"the parent catchswitch",
5101	&FPI, FirstUser, CatchSwitch);
5102	}
5103	}
5104
5105	visitInstruction(I&: FPI);
5106	}
5107
5108	void Verifier::visitCatchSwitchInst(CatchSwitchInst &CatchSwitch) {
5109	BasicBlock *BB = CatchSwitch.getParent();
5110
5111	Function *F = BB->getParent();
5112	Check(F->hasPersonalityFn(),
5113	"CatchSwitchInst needs to be in a function with a personality.",
5114	&CatchSwitch);
5115
5116	// The catchswitch instruction must be the first non-PHI instruction in the
5117	// block.
5118	Check(&*BB->getFirstNonPHIIt() == &CatchSwitch,
5119	"CatchSwitchInst not the first non-PHI instruction in the block.",
5120	&CatchSwitch);
5121
5122	auto *ParentPad = CatchSwitch.getParentPad();
5123	Check(isa<ConstantTokenNone>(ParentPad) \|\| isa<FuncletPadInst>(ParentPad),
5124	"CatchSwitchInst has an invalid parent.", ParentPad);
5125
5126	if (BasicBlock *UnwindDest = CatchSwitch.getUnwindDest()) {
5127	BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
5128	Check(I ->isEHPad() && !isa<LandingPadInst>(I),
5129	"CatchSwitchInst must unwind to an EH block which is not a "
5130	"landingpad.",
5131	&CatchSwitch);
5132
5133	// Record catchswitch sibling unwinds for verifySiblingFuncletUnwinds
5134	if (getParentPad(EHPad: &*I) == ParentPad)
5135	SiblingFuncletInfo [&CatchSwitch] = &CatchSwitch;
5136	}
5137
5138	Check(CatchSwitch.getNumHandlers() != `0`,
5139	"CatchSwitchInst cannot have empty handler list", &CatchSwitch);
5140
5141	for (BasicBlock *Handler : CatchSwitch.handlers()) {
5142	Check(isa<CatchPadInst>(Handler->getFirstNonPHIIt()),
5143	"CatchSwitchInst handlers must be catchpads", &CatchSwitch, Handler);
5144	}
5145
5146	visitEHPadPredecessors(I&: CatchSwitch);
5147	visitTerminator(I&: CatchSwitch);
5148	}
5149
5150	void Verifier::visitCleanupReturnInst(CleanupReturnInst &CRI) {
5151	Check(isa<CleanupPadInst>(CRI.getOperand(`0`)),
5152	"CleanupReturnInst needs to be provided a CleanupPad", &CRI,
5153	CRI.getOperand(`0`));
5154
5155	if (BasicBlock *UnwindDest = CRI.getUnwindDest()) {
5156	BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
5157	Check(I ->isEHPad() && !isa<LandingPadInst>(I),
5158	"CleanupReturnInst must unwind to an EH block which is not a "
5159	"landingpad.",
5160	&CRI);
5161	}
5162
5163	visitTerminator(I&: CRI);
5164	}
5165
5166	void Verifier::verifyDominatesUse(Instruction &I, unsigned i) {
5167	Instruction *Op = cast<Instruction>(Val: I.getOperand(i));
5168	// If the we have an invalid invoke, don't try to compute the dominance.
5169	// We already reject it in the invoke specific checks and the dominance
5170	// computation doesn't handle multiple edges.
5171	if (InvokeInst *II = dyn_cast<InvokeInst>(Val: Op)) {
5172	if (II->getNormalDest() == II->getUnwindDest())
5173	return;
5174	}
5175
5176	// Quick check whether the def has already been encountered in the same block.
5177	// PHI nodes are not checked to prevent accepting preceding PHIs, because PHI
5178	// uses are defined to happen on the incoming edge, not at the instruction.
5179	//
5180	// FIXME: If this operand is a MetadataAsValue (wrapping a LocalAsMetadata)
5181	// wrapping an SSA value, assert that we've already encountered it. See
5182	// related FIXME in Mapper::mapLocalAsMetadata in ValueMapper.cpp.
5183	if (!isa<PHINode>(Val: I) && InstsInThisBlock.count(Ptr: Op))
5184	return;
5185
5186	const Use &U = I.getOperandUse(i);
5187	Check(DT.dominates(Op, U), "Instruction does not dominate all uses!", Op, &I);
5188	}
5189
5190	void Verifier::visitDereferenceableMetadata(Instruction& I, MDNode* MD) {
5191	Check(I.getType()->isPointerTy(),
5192	"dereferenceable, dereferenceable_or_null "
5193	"apply only to pointer types",
5194	&I);
5195	Check((isa<LoadInst>(I) \|\| isa<IntToPtrInst>(I)),
5196	"dereferenceable, dereferenceable_or_null apply only to load"
5197	" and inttoptr instructions, use attributes for calls or invokes",
5198	&I);
5199	Check(MD->getNumOperands() == `1`,
5200	"dereferenceable, dereferenceable_or_null "
5201	"take one operand!",
5202	&I);
5203	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: `0`));
5204	Check(CI && CI->getType()->isIntegerTy(`64`),
5205	"dereferenceable, "
5206	"dereferenceable_or_null metadata value must be an i64!",
5207	&I);
5208	}
5209
5210	void Verifier::visitNofreeMetadata(Instruction &I, MDNode *MD) {
5211	Check(I.getType()->isPointerTy(), "nofree applies only to pointer types", &I);
5212	Check((isa<IntToPtrInst>(I)), "nofree applies only to inttoptr instruction",
5213	&I);
5214	Check(MD->getNumOperands() == `0`, "nofree metadata must be empty", &I);
5215	}
5216
5217	void Verifier::visitProfMetadata(Instruction &I, MDNode *MD) {
5218	auto GetBranchingTerminatorNumOperands = [&]() {
5219	unsigned ExpectedNumOperands = `0`;
5220	if (CondBrInst *BI = dyn_cast<CondBrInst>(Val: &I))
5221	ExpectedNumOperands = BI->getNumSuccessors();
5222	else if (SwitchInst *SI = dyn_cast<SwitchInst>(Val: &I))
5223	ExpectedNumOperands = SI->getNumSuccessors();
5224	else if (isa<CallInst>(Val: &I))
5225	ExpectedNumOperands = `1`;
5226	else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(Val: &I))
5227	ExpectedNumOperands = IBI->getNumDestinations();
5228	else if (isa<SelectInst>(Val: &I))
5229	ExpectedNumOperands = `2`;
5230	else if (CallBrInst *CI = dyn_cast<CallBrInst>(Val: &I))
5231	ExpectedNumOperands = CI->getNumSuccessors();
5232	return ExpectedNumOperands;
5233	};
5234	Check(MD->getNumOperands() >= `1`,
5235	"!prof annotations should have at least 1 operand", MD);
5236	// Check first operand.
5237	Check(MD->getOperand(`0`) != nullptr, "first operand should not be null", MD);
5238	Check(isa<MDString>(MD->getOperand(`0`)),
5239	"expected string with name of the !prof annotation", MD);
5240	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: `0`));
5241	StringRef ProfName = MDS->getString();
5242
5243	if (ProfName == MDProfLabels::UnknownBranchWeightsMarker) {
5244	Check(GetBranchingTerminatorNumOperands() != `0` \|\| isa<InvokeInst>(I),
5245	"'unknown' !prof should only appear on instructions on which "
5246	"'branch_weights' would",
5247	MD);
5248	verifyUnknownProfileMetadata(MD);
5249	return;
5250	}
5251
5252	Check(MD->getNumOperands() >= `2`,
5253	"!prof annotations should have no less than 2 operands", MD);
5254
5255	// Check consistency of !prof branch_weights metadata.
5256	if (ProfName == MDProfLabels::BranchWeights) {
5257	unsigned NumBranchWeights = getNumBranchWeights(ProfileData: *MD);
5258	if (isa<InvokeInst>(Val: &I)) {
5259	Check(NumBranchWeights == `1` \|\| NumBranchWeights == `2`,
5260	"Wrong number of InvokeInst branch_weights operands", MD);
5261	} else {
5262	const unsigned ExpectedNumOperands = GetBranchingTerminatorNumOperands ();
5263	if (ExpectedNumOperands == `0`)
5264	CheckFailed(Message: "!prof branch_weights are not allowed for this instruction",
5265	V1: MD);
5266
5267	Check(NumBranchWeights == ExpectedNumOperands, "Wrong number of operands",
5268	MD);
5269	}
5270	for (unsigned i = getBranchWeightOffset(ProfileData: MD); i < MD->getNumOperands();
5271	++i) {
5272	auto &MDO = MD->getOperand(I: i);
5273	Check(MDO, "second operand should not be null", MD);
5274	Check(mdconst::dyn_extract<ConstantInt>(MDO),
5275	"!prof brunch_weights operand is not a const int");
5276	}
5277	} else if (ProfName == MDProfLabels::ValueProfile) {
5278	Check(isValueProfileMD(MD), "invalid value profiling metadata", MD);
5279	ConstantInt *KindInt = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: `1`));
5280	Check(KindInt, "VP !prof missing kind argument", MD);
5281
5282	auto Kind = KindInt->getZExtValue();
5283	Check(Kind >= InstrProfValueKind::IPVK_First &&
5284	Kind <= InstrProfValueKind::IPVK_Last,
5285	"Invalid VP !prof kind", MD);
5286	Check(MD->getNumOperands() % `2` == `1`,
5287	"VP !prof should have an even number "
5288	"of arguments after 'VP'",
5289	MD);
5290	if (Kind == InstrProfValueKind::IPVK_IndirectCallTarget \|\|
5291	Kind == InstrProfValueKind::IPVK_MemOPSize)
5292	Check(isa<CallBase>(I),
5293	"VP !prof indirect call or memop size expected to be applied to "
5294	"CallBase instructions only",
5295	MD);
5296
5297	DenseSet<uint64_t> ProfileValues;
5298	for (unsigned I = `3`; I < MD->getNumOperands(); I += `2`) {
5299	ConstantInt *ProfileValue =
5300	mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I));
5301	Check(ProfileValue, "VP !prof value operand is not a const int", MD);
5302	uint64_t ProfileValueInt = ProfileValue->getZExtValue();
5303	auto [ValueIt, Inserted] = ProfileValues.insert(V: ProfileValueInt);
5304	Check(Inserted, "VP !prof should not have duplicate profile values", MD);
5305	}
5306	} else {
5307	CheckFailed(Message: "expected either branch_weights or VP profile name", V1: MD);
5308	}
5309	}
5310
5311	void Verifier::visitDIAssignIDMetadata(Instruction &I, MDNode *MD) {
5312	assert(I.hasMetadata(LLVMContext::MD_DIAssignID));
5313	// DIAssignID metadata must be attached to either an alloca or some form of
5314	// store/memory-writing instruction.
5315	// FIXME: We allow all intrinsic insts here to avoid trying to enumerate all
5316	// possible store intrinsics.
5317	bool ExpectedInstTy =
5318	isa<AllocaInst>(Val: I) \|\| isa<StoreInst>(Val: I) \|\| isa<IntrinsicInst>(Val: I);
5319	CheckDI(ExpectedInstTy, "!DIAssignID attached to unexpected instruction kind",
5320	I, MD);
5321	// Iterate over the MetadataAsValue uses of the DIAssignID - these should
5322	// only be found as DbgAssignIntrinsic operands.
5323	if (auto *AsValue = MetadataAsValue::getIfExists(Context, MD)) {
5324	for (auto *User : AsValue->users()) {
5325	CheckDI(isa<DbgAssignIntrinsic>(User),
5326	"!DIAssignID should only be used by llvm.dbg.assign intrinsics",
5327	MD, User);
5328	// All of the dbg.assign intrinsics should be in the same function as I.
5329	if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: User))
5330	CheckDI(DAI->getFunction() == I.getFunction(),
5331	"dbg.assign not in same function as inst", DAI, &I);
5332	}
5333	}
5334	for (DbgVariableRecord *DVR :
5335	cast<DIAssignID>(Val: MD)->getAllDbgVariableRecordUsers()) {
5336	CheckDI(DVR->isDbgAssign(),
5337	"!DIAssignID should only be used by Assign DVRs.", MD, DVR);
5338	CheckDI(DVR->getFunction() == I.getFunction(),
5339	"DVRAssign not in same function as inst", DVR, &I);
5340	}
5341	}
5342
5343	void Verifier::visitMMRAMetadata(Instruction &I, MDNode *MD) {
5344	Check(canInstructionHaveMMRAs(I),
5345	"!mmra metadata attached to unexpected instruction kind", I, MD);
5346
5347	// MMRA Metadata should either be a tag, e.g. !{!"foo", !"bar"}, or a
5348	// list of tags such as !2 in the following example:
5349	// !0 = !{!"a", !"b"}
5350	// !1 = !{!"c", !"d"}
5351	// !2 = !{!0, !1}
5352	if (MMRAMetadata::isTagMD(MD))
5353	return;
5354
5355	Check(isa<MDTuple>(MD), "!mmra expected to be a metadata tuple", I, MD);
5356	for (const MDOperand &MDOp : MD->operands())
5357	Check(MMRAMetadata::isTagMD(MDOp.get()),
5358	"!mmra metadata tuple operand is not an MMRA tag", I, MDOp.get());
5359	}
5360
5361	void Verifier::visitCallStackMetadata(MDNode *MD) {
5362	// Call stack metadata should consist of a list of at least 1 constant int
5363	// (representing a hash of the location).
5364	Check(MD->getNumOperands() >= `1`,
5365	"call stack metadata should have at least 1 operand", MD);
5366
5367	for (const auto &Op : MD->operands())
5368	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op),
5369	"call stack metadata operand should be constant integer", Op);
5370	}
5371
5372	void Verifier::visitMemProfMetadata(Instruction &I, MDNode *MD) {
5373	Check(isa<CallBase>(I), "!memprof metadata should only exist on calls", &I);
5374	if (isa<CallBase>(Val: I))
5375	Check(I.hasMetadata(LLVMContext::MD_callsite),
5376	"!memprof metadata requires !callsite metadata", &I, MD);
5377	Check(MD->getNumOperands() >= `1`,
5378	"!memprof annotations should have at least 1 metadata operand "
5379	"(MemInfoBlock)",
5380	MD);
5381
5382	// Check each MIB
5383	for (auto &MIBOp : MD->operands()) {
5384	MDNode *MIB = dyn_cast<MDNode>(Val: MIBOp);
5385	// The first operand of an MIB should be the call stack metadata.
5386	// There rest of the operands should be MDString tags, and there should be
5387	// at least one.
5388	Check(MIB->getNumOperands() >= `2`,
5389	"Each !memprof MemInfoBlock should have at least 2 operands", MIB);
5390
5391	// Check call stack metadata (first operand).
5392	Check(MIB->getOperand(`0`) != nullptr,
5393	"!memprof MemInfoBlock first operand should not be null", MIB);
5394	Check(isa<MDNode>(MIB->getOperand(`0`)),
5395	"!memprof MemInfoBlock first operand should be an MDNode", MIB);
5396	MDNode *StackMD = dyn_cast<MDNode>(Val: MIB->getOperand(I: `0`));
5397	visitCallStackMetadata(MD: StackMD);
5398
5399	// The second MIB operand should be MDString.
5400	Check(isa<MDString>(MIB->getOperand(`1`)),
5401	"!memprof MemInfoBlock second operand should be an MDString", MIB);
5402
5403	// Any remaining should be MDNode that are pairs of integers
5404	for (unsigned I = `2`; I < MIB->getNumOperands(); ++I) {
5405	MDNode *OpNode = dyn_cast<MDNode>(Val: MIB->getOperand(I));
5406	Check(OpNode, "Not all !memprof MemInfoBlock operands 2 to N are MDNode",
5407	MIB);
5408	Check(OpNode->getNumOperands() == `2`,
5409	"Not all !memprof MemInfoBlock operands 2 to N are MDNode with 2 "
5410	"operands",
5411	MIB);
5412	// Check that all of Op's operands are ConstantInt.
5413	Check(llvm::all_of(OpNode->operands(),
5414	[](const MDOperand &Op) {
5415	return mdconst::hasa<ConstantInt>(Op);
5416	}),
5417	"Not all !memprof MemInfoBlock operands 2 to N are MDNode with "
5418	"ConstantInt operands",
5419	MIB);
5420	}
5421	}
5422	}
5423
5424	void Verifier::visitCallsiteMetadata(Instruction &I, MDNode *MD) {
5425	Check(isa<CallBase>(I), "!callsite metadata should only exist on calls", &I);
5426	// Verify the partial callstack annotated from memprof profiles. This callsite
5427	// is a part of a profiled allocation callstack.
5428	visitCallStackMetadata(MD);
5429	}
5430
5431	static inline bool isConstantIntMetadataOperand(const Metadata *MD) {
5432	if (auto *VAL = dyn_cast<ValueAsMetadata>(Val: MD))
5433	return isa<ConstantInt>(Val: VAL->getValue());
5434	return false;
5435	}
5436
5437	void Verifier::visitCalleeTypeMetadata(Instruction &I, MDNode *MD) {
5438	Check(isa<CallBase>(I), "!callee_type metadata should only exist on calls",
5439	&I);
5440	for (Metadata *Op : MD->operands()) {
5441	Check(isa<MDNode>(Op),
5442	"The callee_type metadata must be a list of type metadata nodes", Op);
5443	auto *TypeMD = cast<MDNode>(Val: Op);
5444	Check(TypeMD->getNumOperands() == `2`,
5445	"Well-formed generalized type metadata must contain exactly two "
5446	"operands",
5447	Op);
5448	Check(isConstantIntMetadataOperand(TypeMD->getOperand(`0`)) &&
5449	mdconst::extract<ConstantInt>(TypeMD->getOperand(`0`))->isZero(),
5450	"The first operand of type metadata for functions must be zero", Op);
5451	Check(TypeMD->hasGeneralizedMDString(),
5452	"Only generalized type metadata can be part of the callee_type "
5453	"metadata list",
5454	Op);
5455	}
5456	}
5457
5458	void Verifier::visitAnnotationMetadata(MDNode *Annotation) {
5459	Check(isa<MDTuple>(Annotation), "annotation must be a tuple");
5460	Check(Annotation->getNumOperands() >= `1`,
5461	"annotation must have at least one operand");
5462	for (const MDOperand &Op : Annotation->operands()) {
5463	bool TupleOfStrings =
5464	isa<MDTuple>(Val: Op.get()) &&
5465	all_of(Range: cast<MDTuple>(Val: Op)->operands(), P: [](auto &Annotation) {
5466	return isa<MDString>(Annotation.get());
5467	});
5468	Check(isa<MDString>(Op.get()) \|\| TupleOfStrings,
5469	"operands must be a string or a tuple of strings");
5470	}
5471	}
5472
5473	void Verifier::visitAliasScopeMetadata(const MDNode *MD) {
5474	unsigned NumOps = MD->getNumOperands();
5475	Check(NumOps >= `2` && NumOps <= `3`, "scope must have two or three operands",
5476	MD);
5477	Check(MD->getOperand(`0`).get() == MD \|\| isa<MDString>(MD->getOperand(`0`)),
5478	"first scope operand must be self-referential or string", MD);
5479	if (NumOps == `3`)
5480	Check(isa<MDString>(MD->getOperand(`2`)),
5481	"third scope operand must be string (if used)", MD);
5482
5483	MDNode *Domain = dyn_cast<MDNode>(Val: MD->getOperand(I: `1`));
5484	Check(Domain != nullptr, "second scope operand must be MDNode", MD);
5485
5486	unsigned NumDomainOps = Domain->getNumOperands();
5487	Check(NumDomainOps >= `1` && NumDomainOps <= `2`,
5488	"domain must have one or two operands", Domain);
5489	Check(Domain->getOperand(`0`).get() == Domain \|\|
5490	isa<MDString>(Domain->getOperand(`0`)),
5491	"first domain operand must be self-referential or string", Domain);
5492	if (NumDomainOps == `2`)
5493	Check(isa<MDString>(Domain->getOperand(`1`)),
5494	"second domain operand must be string (if used)", Domain);
5495	}
5496
5497	void Verifier::visitAliasScopeListMetadata(const MDNode *MD) {
5498	for (const MDOperand &Op : MD->operands()) {
5499	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5500	Check(OpMD != nullptr, "scope list must consist of MDNodes", MD);
5501	visitAliasScopeMetadata(MD: OpMD);
5502	}
5503	}
5504
5505	void Verifier::visitAccessGroupMetadata(const MDNode *MD) {
5506	auto IsValidAccessScope = [](const MDNode *MD) {
5507	return MD->getNumOperands() == `0` && MD->isDistinct();
5508	};
5509
5510	// It must be either an access scope itself...
5511	if (IsValidAccessScope (MD))
5512	return;
5513
5514	// ...or a list of access scopes.
5515	for (const MDOperand &Op : MD->operands()) {
5516	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5517	Check(OpMD != nullptr, "Access scope list must consist of MDNodes", MD);
5518	Check(IsValidAccessScope(OpMD),
5519	"Access scope list contains invalid access scope", MD);
5520	}
5521	}
5522
5523	void Verifier::visitCapturesMetadata(Instruction &I, const MDNode *Captures) {
5524	static const char *ValidArgs[] = {"address_is_null", "address",
5525	"read_provenance", "provenance"};
5526
5527	auto *SI = dyn_cast<StoreInst>(Val: &I);
5528	Check(SI, "!captures metadata can only be applied to store instructions", &I);
5529	Check(SI->getValueOperand()->getType()->isPointerTy(),
5530	"!captures metadata can only be applied to store with value operand of "
5531	"pointer type",
5532	&I);
5533	Check(Captures->getNumOperands() != `0`, "!captures metadata cannot be empty",
5534	&I);
5535
5536	for (Metadata *Op : Captures->operands()) {
5537	auto *Str = dyn_cast<MDString>(Val: Op);
5538	Check(Str, "!captures metadata must be a list of strings", &I);
5539	Check(is_contained(ValidArgs, Str->getString()),
5540	"invalid entry in !captures metadata", &I, Str);
5541	}
5542	}
5543
5544	void Verifier::visitAllocTokenMetadata(Instruction &I, MDNode *MD) {
5545	Check(isa<CallBase>(I), "!alloc_token should only exist on calls", &I);
5546	Check(MD->getNumOperands() == `2`, "!alloc_token must have 2 operands", MD);
5547	Check(isa<MDString>(MD->getOperand(`0`)), "expected string", MD);
5548	Check(mdconst::dyn_extract_or_null<ConstantInt>(MD->getOperand(`1`)),
5549	"expected integer constant", MD);
5550	}
5551
5552	void Verifier::visitInlineHistoryMetadata(Instruction &I, MDNode *MD) {
5553	Check(isa<CallBase>(I), "!inline_history should only exist on calls", &I);
5554	for (Metadata *Op : MD->operands()) {
5555	// Can be null when a function is erased.
5556	if (!Op)
5557	continue;
5558	Check(isa<ValueAsMetadata>(Op) &&
5559	isa<Function>(cast<ValueAsMetadata>(Op)
5560	->getValue()
5561	->stripPointerCastsAndAliases()),
5562	"!inline_history operands must be functions or null", MD);
5563	}
5564	}
5565
5566	void Verifier::visitMemCacheHintMetadata(Instruction &I, MDNode *MD) {
5567	Check(I.mayReadOrWriteMemory(),
5568	"!mem.cache_hint is only valid on memory operations", &I);
5569
5570	Check(MD->getNumOperands() % `2` == `0`,
5571	"!mem.cache_hint must have even number of operands "
5572	"(operand_no, hint_node pairs)",
5573	MD);
5574
5575	const auto *CB = dyn_cast<CallBase>(Val: &I);
5576	if (CB)
5577	Check(CB->getIntrinsicID() != Intrinsic::not_intrinsic,
5578	"!mem.cache_hint is not supported on non-intrinsic calls", &I);
5579
5580	unsigned NumOperands = CB ? CB->arg_size() : I.getNumOperands();
5581
5582	SmallDenseSet<unsigned, `4`> SeenOperandNos;
5583	std::optional<uint64_t> LastOperandNo;
5584
5585	// Top-level metadata alternates: i32 operand_no, MDNode hint_node.
5586	for (unsigned J = `0`; J + `1` < MD->getNumOperands(); J += `2`) {
5587	auto *OpNoCI = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: J));
5588	Check(OpNoCI,
5589	"!mem.cache_hint must alternate between i32 operand numbers and "
5590	"metadata hint nodes",
5591	MD);
5592
5593	Check(OpNoCI->getValue().isNonNegative(),
5594	"!mem.cache_hint operand number must be non-negative", MD);
5595
5596	uint64_t OperandNo = OpNoCI->getZExtValue();
5597	Check(OperandNo < NumOperands,
5598	"!mem.cache_hint operand number is out of range", &I);
5599
5600	Value *Operand =
5601	CB ? CB->getArgOperand(i: OperandNo) : I.getOperand(i: OperandNo);
5602	Check(Operand->getType()->isPtrOrPtrVectorTy(),
5603	"!mem.cache_hint operand number must refer to a pointer operand", &I);
5604
5605	bool Inserted = SeenOperandNos.insert(V: OperandNo).second;
5606	Check(Inserted, "!mem.cache_hint contains duplicate operand number", MD);
5607
5608	Check(!Inserted \|\| !LastOperandNo \|\| OperandNo > *LastOperandNo,
5609	"!mem.cache_hint operand numbers must be in increasing order", MD);
5610	LastOperandNo = OperandNo;
5611
5612	const auto *Node = dyn_cast<MDNode>(Val: MD->getOperand(I: J + `1`));
5613	Check(Node,
5614	"!mem.cache_hint must alternate between i32 operand numbers and "
5615	"metadata hint nodes",
5616	MD);
5617
5618	Check(Node->getNumOperands() % `2` == `0`,
5619	"!mem.cache_hint hint node must have even number of operands "
5620	"(key-value pairs)",
5621	Node);
5622
5623	StringSet<> SeenKeys;
5624	for (unsigned K = `0`; K + `1` < Node->getNumOperands(); K += `2`) {
5625	const auto *Key = dyn_cast<MDString>(Val: Node->getOperand(I: K));
5626	Check(Key, "!mem.cache_hint key must be a string", Node);
5627
5628	StringRef KeyStr = Key->getString();
5629	Check(SeenKeys.insert(KeyStr).second,
5630	"!mem.cache_hint hint node contains duplicate key", Node);
5631
5632	const Metadata *Value = Node->getOperand(I: K + `1`).get();
5633	Check(isa_and_nonnull<MDString>(Value) \|\|
5634	mdconst::dyn_extract<ConstantInt>(Value),
5635	"!mem.cache_hint value must be a string or integer", Node);
5636	}
5637	}
5638	}
5639
5640	/// verifyInstruction - Verify that an instruction is well formed.
5641	///
5642	void Verifier::visitInstruction(Instruction &I) {
5643	BasicBlock *BB = I.getParent();
5644	Check(BB, "Instruction not embedded in basic block!", &I);
5645
5646	if (!isa<PHINode>(Val: I)) { // Check that non-phi nodes are not self referential
5647	for (User *U : I.users()) {
5648	Check(U != (User *)&I \|\| !DT.isReachableFromEntry(BB),
5649	"Only PHI nodes may reference their own value!", &I);
5650	}
5651	}
5652
5653	// Check that void typed values don't have names
5654	Check(!I.getType()->isVoidTy() \|\| !I.hasName(),
5655	"Instruction has a name, but provides a void value!", &I);
5656
5657	// Check that the return value of the instruction is either void or a legal
5658	// value type.
5659	Check(I.getType()->isVoidTy() \|\| I.getType()->isFirstClassType(),
5660	"Instruction returns a non-scalar type!", &I);
5661
5662	// Check that the instruction doesn't produce metadata. Calls are already
5663	// checked against the callee type.
5664	Check(!I.getType()->isMetadataTy() \|\| isa<CallInst>(I) \|\| isa<InvokeInst>(I),
5665	"Invalid use of metadata!", &I);
5666
5667	// Check that all uses of the instruction, if they are instructions
5668	// themselves, actually have parent basic blocks. If the use is not an
5669	// instruction, it is an error!
5670	for (Use &U : I.uses()) {
5671	if (Instruction *Used = dyn_cast<Instruction>(Val: U.getUser()))
5672	Check(Used->getParent() != nullptr,
5673	"Instruction referencing"
5674	" instruction not embedded in a basic block!",
5675	&I, Used);
5676	else {
5677	CheckFailed(Message: "Use of instruction is not an instruction!", V1: U);
5678	return;
5679	}
5680	}
5681
5682	// Get a pointer to the call base of the instruction if it is some form of
5683	// call.
5684	const CallBase *CBI = dyn_cast<CallBase>(Val: &I);
5685
5686	for (unsigned i = `0`, e = I.getNumOperands(); i != e; ++i) {
5687	Check(I.getOperand(i) != nullptr, "Instruction has null operand!", &I);
5688
5689	// Check to make sure that only first-class-values are operands to
5690	// instructions.
5691	if (!I.getOperand(i)->getType()->isFirstClassType()) {
5692	Check(false, "Instruction operands must be first-class values!", &I);
5693	}
5694
5695	if (Function *F = dyn_cast<Function>(Val: I.getOperand(i))) {
5696	// This code checks whether the function is used as the operand of a
5697	// clang_arc_attachedcall operand bundle.
5698	auto IsAttachedCallOperand = [](Function F, const* CallBase *CBI,
5699	int Idx) {
5700	return CBI && CBI->isOperandBundleOfType(
5701	ID: LLVMContext::OB_clang_arc_attachedcall, Idx);
5702	};
5703
5704	// Check to make sure that the "address of" an intrinsic function is never
5705	// taken. Ignore cases where the address of the intrinsic function is used
5706	// as the argument of operand bundle "clang.arc.attachedcall" as those
5707	// cases are handled in verifyAttachedCallBundle.
5708	Check((!F->isIntrinsic() \|\|
5709	(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i)) \|\|
5710	IsAttachedCallOperand(F, CBI, i)),
5711	"Cannot take the address of an intrinsic!", &I);
5712	Check(!F->isIntrinsic() \|\| isa<CallInst>(I) \|\| isa<CallBrInst>(I) \|\|
5713	F->getIntrinsicID() == Intrinsic::donothing \|\|
5714	F->getIntrinsicID() == Intrinsic::seh_try_begin \|\|
5715	F->getIntrinsicID() == Intrinsic::seh_try_end \|\|
5716	F->getIntrinsicID() == Intrinsic::seh_scope_begin \|\|
5717	F->getIntrinsicID() == Intrinsic::seh_scope_end \|\|
5718	F->getIntrinsicID() == Intrinsic::coro_resume \|\|
5719	F->getIntrinsicID() == Intrinsic::coro_destroy \|\|
5720	F->getIntrinsicID() == Intrinsic::coro_await_suspend_void \|\|
5721	F->getIntrinsicID() == Intrinsic::coro_await_suspend_bool \|\|
5722	F->getIntrinsicID() == Intrinsic::coro_await_suspend_handle \|\|
5723	F->getIntrinsicID() ==
5724	Intrinsic::experimental_patchpoint_void \|\|
5725	F->getIntrinsicID() == Intrinsic::experimental_patchpoint \|\|
5726	F->getIntrinsicID() == Intrinsic::fake_use \|\|
5727	F->getIntrinsicID() == Intrinsic::experimental_gc_statepoint \|\|
5728	F->getIntrinsicID() == Intrinsic::wasm_throw \|\|
5729	F->getIntrinsicID() == Intrinsic::wasm_rethrow \|\|
5730	IsAttachedCallOperand(F, CBI, i),
5731	"Cannot invoke an intrinsic other than donothing, patchpoint, "
5732	"statepoint, coro_resume, coro_destroy, clang.arc.attachedcall or "
5733	"wasm.(re)throw",
5734	&I);
5735	Check(F->getParent() == &M, "Referencing function in another module!", &I,
5736	&M, F, F->getParent());
5737	} else if (BasicBlock *OpBB = dyn_cast<BasicBlock>(Val: I.getOperand(i))) {
5738	Check(OpBB->getParent() == BB->getParent(),
5739	"Referring to a basic block in another function!", &I);
5740	} else if (Argument *OpArg = dyn_cast<Argument>(Val: I.getOperand(i))) {
5741	Check(OpArg->getParent() == BB->getParent(),
5742	"Referring to an argument in another function!", &I);
5743	} else if (GlobalValue *GV = dyn_cast<GlobalValue>(Val: I.getOperand(i))) {
5744	Check(GV->getParent() == &M, "Referencing global in another module!", &I,
5745	&M, GV, GV->getParent());
5746	} else if (Instruction *OpInst = dyn_cast<Instruction>(Val: I.getOperand(i))) {
5747	Check(OpInst->getFunction() == BB->getParent(),
5748	"Referring to an instruction in another function!", &I);
5749	verifyDominatesUse(I, i);
5750	} else if (isa<InlineAsm>(Val: I.getOperand(i))) {
5751	Check(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i),
5752	"Cannot take the address of an inline asm!", &I);
5753	} else if (auto *C = dyn_cast<Constant>(Val: I.getOperand(i))) {
5754	visitConstantExprsRecursively(EntryC: C);
5755	}
5756	}
5757
5758	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_fpmath)) {
5759	Check(FPMathOperator::isSupportedFloatingPointType(I.getType()),
5760	"fpmath requires a floating point result!", &I);
5761	Check(MD->getNumOperands() == `1`, "fpmath takes one operand!", &I);
5762	if (ConstantFP *CFP0 =
5763	mdconst::dyn_extract_or_null<ConstantFP>(MD: MD->getOperand(I: `0`))) {
5764	const APFloat &Accuracy = CFP0->getValueAPF();
5765	Check(&Accuracy.getSemantics() == &APFloat::IEEEsingle(),
5766	"fpmath accuracy must have float type", &I);
5767	Check(Accuracy.isFiniteNonZero() && !Accuracy.isNegative(),
5768	"fpmath accuracy not a positive number!", &I);
5769	} else {
5770	Check(false, "invalid fpmath accuracy!", &I);
5771	}
5772	}
5773
5774	if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_range)) {
5775	Check(isa<LoadInst>(I) \|\| isa<CallInst>(I) \|\| isa<InvokeInst>(I),
5776	"Ranges are only for loads, calls and invokes!", &I);
5777	visitRangeMetadata(I, Range, Ty: I.getType());
5778	}
5779
5780	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nofpclass)) {
5781	Check(isa<LoadInst>(I), "nofpclass is only for loads", &I);
5782	visitNoFPClassMetadata(I, NoFPClass: MD, Ty: I.getType());
5783	}
5784
5785	if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_noalias_addrspace)) {
5786	Check(isa<LoadInst>(I) \|\| isa<StoreInst>(I) \|\| isa<AtomicRMWInst>(I) \|\|
5787	isa<AtomicCmpXchgInst>(I) \|\| isa<CallInst>(I),
5788	"noalias.addrspace are only for memory operations!", &I);
5789	visitNoaliasAddrspaceMetadata(I, Range, Ty: I.getType());
5790	}
5791
5792	if (I.hasMetadata(KindID: LLVMContext::MD_invariant_group)) {
5793	Check(isa<LoadInst>(I) \|\| isa<StoreInst>(I),
5794	"invariant.group metadata is only for loads and stores", &I);
5795	}
5796
5797	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nonnull)) {
5798	Check(I.getType()->isPointerTy(), "nonnull applies only to pointer types",
5799	&I);
5800	Check(isa<LoadInst>(I),
5801	"nonnull applies only to load instructions, use attributes"
5802	" for calls or invokes",
5803	&I);
5804	Check(MD->getNumOperands() == `0`, "nonnull metadata must be empty", &I);
5805	}
5806
5807	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_noundef)) {
5808	Check(isa<LoadInst>(I), "noundef applies only to load instructions", &I);
5809	Check(MD->getNumOperands() == `0`, "noundef metadata must be empty", &I);
5810	}
5811
5812	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable))
5813	visitDereferenceableMetadata(I, MD);
5814
5815	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable_or_null))
5816	visitDereferenceableMetadata(I, MD);
5817
5818	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nofree))
5819	visitNofreeMetadata(I, MD);
5820
5821	if (MDNode *TBAA = I.getMetadata(KindID: LLVMContext::MD_tbaa))
5822	TBAAVerifyHelper.visitTBAAMetadata(I: &I, MD: TBAA);
5823
5824	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_noalias))
5825	visitAliasScopeListMetadata(MD);
5826	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alias_scope))
5827	visitAliasScopeListMetadata(MD);
5828
5829	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_access_group))
5830	visitAccessGroupMetadata(MD);
5831
5832	if (MDNode *AlignMD = I.getMetadata(KindID: LLVMContext::MD_align)) {
5833	Check(I.getType()->isPointerTy(), "align applies only to pointer types",
5834	&I);
5835	Check(isa<LoadInst>(I),
5836	"align applies only to load instructions, "
5837	"use attributes for calls or invokes",
5838	&I);
5839	Check(AlignMD->getNumOperands() == `1`, "align takes one operand!", &I);
5840	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: AlignMD->getOperand(I: `0`));
5841	Check(CI && CI->getType()->isIntegerTy(`64`),
5842	"align metadata value must be an i64!", &I);
5843	uint64_t Align = CI->getZExtValue();
5844	Check(isPowerOf2_64(Align), "align metadata value must be a power of 2!",
5845	&I);
5846	Check(Align <= Value::MaximumAlignment,
5847	"alignment is larger that implementation defined limit", &I);
5848	}
5849
5850	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_prof))
5851	visitProfMetadata(I, MD);
5852
5853	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_memprof))
5854	visitMemProfMetadata(I, MD);
5855
5856	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callsite))
5857	visitCallsiteMetadata(I, MD);
5858
5859	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callee_type))
5860	visitCalleeTypeMetadata(I, MD);
5861
5862	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_DIAssignID))
5863	visitDIAssignIDMetadata(I, MD);
5864
5865	if (MDNode *MMRA = I.getMetadata(KindID: LLVMContext::MD_mmra))
5866	visitMMRAMetadata(I, MD: MMRA);
5867
5868	if (MDNode *Annotation = I.getMetadata(KindID: LLVMContext::MD_annotation))
5869	visitAnnotationMetadata(Annotation);
5870
5871	if (MDNode *Captures = I.getMetadata(KindID: LLVMContext::MD_captures))
5872	visitCapturesMetadata(I, Captures);
5873
5874	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alloc_token))
5875	visitAllocTokenMetadata(I, MD);
5876
5877	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_inline_history))
5878	visitInlineHistoryMetadata(I, MD);
5879
5880	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_mem_cache_hint))
5881	visitMemCacheHintMetadata(I, MD);
5882
5883	if (MDNode *N = I.getDebugLoc().getAsMDNode()) {
5884	CheckDI(isa<DILocation>(N), "invalid !dbg metadata attachment", &I, N);
5885	visitMDNode(BaseMD: *N, AllowLocs: AreDebugLocsAllowed::Yes);
5886
5887	if (auto *DL = dyn_cast<DILocation>(Val: N)) {
5888	if (DL->getAtomGroup()) {
5889	CheckDI(DL->getScope()->getSubprogram()->getKeyInstructionsEnabled(),
5890	"DbgLoc uses atomGroup but DISubprogram doesn't have Key "
5891	"Instructions enabled",
5892	DL, DL->getScope()->getSubprogram());
5893	}
5894	}
5895	}
5896
5897	SmallVector<std::pair<unsigned, MDNode *>, `4`> MDs;
5898	I.getAllMetadata(MDs);
5899	for (auto Attachment : MDs) {
5900	unsigned Kind = Attachment.first;
5901	auto AllowLocs =
5902	(Kind == LLVMContext::MD_dbg \|\| Kind == LLVMContext::MD_loop)
5903	? AreDebugLocsAllowed::Yes
5904	: AreDebugLocsAllowed::No;
5905	visitMDNode(BaseMD: *Attachment.second, AllowLocs);
5906	}
5907
5908	InstsInThisBlock.insert(Ptr: &I);
5909	}
5910
5911	/// Allow intrinsics to be verified in different ways.
5912	void Verifier::visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call) {
5913	Function *IF = Call.getCalledFunction();
5914
5915	// If the intrinsic takes MDNode arguments, verify that they are either global
5916	// or are local to this* function.*
5917	for (Value *V : Call.args()) {
5918	if (auto *MD = dyn_cast<MetadataAsValue>(Val: V))
5919	visitMetadataAsValue(MDV: *MD, F: Call.getCaller());
5920	if (auto *Const = dyn_cast<Constant>(Val: V))
5921	Check(!Const->getType()->isX86_AMXTy(),
5922	"const x86_amx is not allowed in argument!");
5923	}
5924
5925	switch (ID) {
5926	default:
5927	break;
5928	case Intrinsic::assume: {
5929	if (Call.hasOperandBundles()) {
5930	auto *Cond = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: `0`));
5931	Check(Cond && Cond->isOne(),
5932	"assume with operand bundles must have i1 true condition", Call);
5933	}
5934	for (auto OBU : Call.operand_bundles()) {
5935	// Separate storage assumptions are special insofar as they're the only
5936	// operand bundles allowed on assumes that aren't parameter attributes.
5937
5938	auto GetTypeAt = [&](unsigned Index) {
5939	return OBU.Inputs [Index]->getType();
5940	};
5941
5942	switch (getBundleAttrFromOBU(OBU)) {
5943	case BundleAttr::None:
5944	CheckFailed(Message: "tags must be valid attribute names", V1: Call);
5945	break;
5946	case BundleAttr::Align:
5947	Check(OBU.Inputs.size() >= `2` && OBU.Inputs.size() <= `3`,
5948	"alignment assumptions should have 2 or 3 arguments", Call);
5949	Check(GetTypeAt(`0`)->isPointerTy(), "first argument should be a pointer",
5950	Call);
5951	Check(GetTypeAt(`1`)->isIntegerTy() &&
5952	GetTypeAt(`1`)->getIntegerBitWidth() <= `64`,
5953	"second argument should be an integer with a maximum width of 64 "
5954	"bits",
5955	Call);
5956	Check(OBU.Inputs.size() < `3` \|\|
5957	GetTypeAt(`2`)->isIntegerTy() &&
5958	GetTypeAt(`2`)->getIntegerBitWidth() <= `64`,
5959	"third argument should be an integer with a maximum width of 64 "
5960	"bits if present",
5961	Call);
5962	break;
5963	case BundleAttr::Cold:
5964	Check(OBU.Inputs.size() == `0`,
5965	"cold assumptions should have no arguments", Call);
5966	break;
5967	case BundleAttr::Dereferenceable:
5968	case BundleAttr::DereferenceableOrNull:
5969	Check(OBU.Inputs.size() == `2`,
5970	"dereferenceable assumptions should have 2 arguments", Call);
5971	Check(GetTypeAt(`0`)->isPointerTy(), "first argument should be a pointer",
5972	Call);
5973	Check(GetTypeAt(`1`)->isIntegerTy() &&
5974	GetTypeAt(`1`)->getIntegerBitWidth() <= `64`,
5975	"second argument should be an integer with a maximum width of 64 "
5976	"bits",
5977	Call);
5978	break;
5979	case BundleAttr::Ignore:
5980	break;
5981	case BundleAttr::NonNull:
5982	Check(OBU.Inputs.size() == `1`,
5983	"nonnull assumptions should have 1 argument", Call);
5984	Check(GetTypeAt(`0`)->isPointerTy(), "first argument should be a pointer",
5985	Call);
5986	break;
5987	case BundleAttr::NoUndef:
5988	Check(OBU.Inputs.size() == `1`,
5989	"noundef assumptions should have 1 argument", Call);
5990	break;
5991	case BundleAttr::SeparateStorage:
5992	Check(OBU.Inputs.size() == `2`,
5993	"separate_storage assumptions should have 2 arguments", Call);
5994	Check(GetTypeAt(`0`)->isPointerTy() && GetTypeAt(`1`)->isPointerTy(),
5995	"arguments to separate_storage assumptions should be pointers",
5996	Call);
5997	break;
5998	}
5999	}
6000	break;
6001	}
6002	case Intrinsic::ucmp:
6003	case Intrinsic::scmp: {
6004	Type *SrcTy = Call.getOperand(i_nocapture: `0`)->getType();
6005	Type *DestTy = Call.getType();
6006
6007	Check(DestTy->getScalarSizeInBits() >= `2`,
6008	"result type must be at least 2 bits wide", Call);
6009
6010	bool IsDestTypeVector = DestTy->isVectorTy();
6011	Check(SrcTy->isVectorTy() == IsDestTypeVector,
6012	"ucmp/scmp argument and result types must both be either vector or "
6013	"scalar types",
6014	Call);
6015	if (IsDestTypeVector) {
6016	auto SrcVecLen = cast<VectorType>(Val: SrcTy)->getElementCount();
6017	auto DestVecLen = cast<VectorType>(Val: DestTy)->getElementCount();
6018	Check(SrcVecLen == DestVecLen,
6019	"return type and arguments must have the same number of "
6020	"elements",
6021	Call);
6022	}
6023	break;
6024	}
6025	case Intrinsic::coro_begin:
6026	case Intrinsic::coro_begin_custom_abi:
6027	Check(isa<AnyCoroIdInst>(Call.getArgOperand(`0`)),
6028	"id argument of llvm.coro.begin must refer to coro.id");
6029	break;
6030	case Intrinsic::coro_id: {
6031	Check(isa<ConstantInt>(Call.getArgOperand(`0`)),
6032	"align argument only accepts constants");
6033	auto *Promise = Call.getArgOperand(i: `1`);
6034	Check(isa<ConstantPointerNull>(Promise) \|\| isa<AllocaInst>(Promise),
6035	"promise argument must refer to an alloca");
6036
6037	auto *CoroAddr = Call.getArgOperand(i: `2`)->stripPointerCastsAndAliases();
6038	bool BeforeCoroEarly = isa<ConstantPointerNull>(Val: CoroAddr);
6039	Check(BeforeCoroEarly \|\| isa<Function>(CoroAddr),
6040	"coro argument must refer to a function");
6041
6042	auto *InfoArg = Call.getArgOperand(i: `3`);
6043	bool BeforeCoroSplit = isa<ConstantPointerNull>(Val: InfoArg);
6044	if (BeforeCoroSplit)
6045	break;
6046
6047	Check(!BeforeCoroEarly, "cannot run CoroSplit before CoroEarly");
6048	auto *GV = dyn_cast<GlobalVariable>(Val: InfoArg);
6049	Check(GV && GV->isConstant() && GV->hasDefinitiveInitializer(),
6050	"info argument of llvm.coro.id must refer to an initialized "
6051	"constant");
6052	Constant *Init = GV->getInitializer();
6053	Check(isa<ConstantStruct>(Init) \|\| isa<ConstantArray>(Init),
6054	"info argument of llvm.coro.id must refer to either a struct or "
6055	"an array");
6056	break;
6057	}
6058	case Intrinsic::is_fpclass: {
6059	const ConstantInt *TestMask = cast<ConstantInt>(Val: Call.getOperand(i_nocapture: `1`));
6060	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == `0`,
6061	"unsupported bits for llvm.is.fpclass test mask");
6062	break;
6063	}
6064	case Intrinsic::fptrunc_round: {
6065	// Check the rounding mode
6066	Metadata MD = nullptr*;
6067	auto *MAV = dyn_cast<MetadataAsValue>(Val: Call.getOperand(i_nocapture: `1`));
6068	if (MAV)
6069	MD = MAV->getMetadata();
6070
6071	Check(MD != nullptr, "missing rounding mode argument", Call);
6072
6073	Check(isa<MDString>(MD),
6074	("invalid value for llvm.fptrunc.round metadata operand"
6075	" (the operand should be a string)"),
6076	MD);
6077
6078	std::optional<RoundingMode> RoundMode =
6079	convertStrToRoundingMode(cast<MDString>(Val: MD)->getString());
6080	Check(RoundMode && *RoundMode != RoundingMode::Dynamic,
6081	"unsupported rounding mode argument", Call);
6082	break;
6083	}
6084	case Intrinsic::convert_to_arbitrary_fp: {
6085	// Check that vector element counts are consistent.
6086	Type *ValueTy = Call.getArgOperand(i: `0`)->getType();
6087	Type *IntTy = Call.getType();
6088
6089	if (auto *ValueVecTy = dyn_cast<VectorType>(Val: ValueTy)) {
6090	auto *IntVecTy = dyn_cast<VectorType>(Val: IntTy);
6091	Check(IntVecTy,
6092	"if floating-point operand is a vector, integer operand must also "
6093	"be a vector",
6094	Call);
6095	Check(ValueVecTy->getElementCount() == IntVecTy->getElementCount(),
6096	"floating-point and integer vector operands must have the same "
6097	"element count",
6098	Call);
6099	}
6100
6101	// Check interpretation metadata (argoperand 1).
6102	auto *InterpMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: `1`));
6103	Check(InterpMAV, "missing interpretation metadata operand", Call);
6104	auto *InterpStr = dyn_cast<MDString>(Val: InterpMAV->getMetadata());
6105	Check(InterpStr, "interpretation metadata operand must be a string", Call);
6106	StringRef Interp = InterpStr->getString();
6107
6108	Check(!Interp.empty(), "interpretation metadata string must not be empty",
6109	Call);
6110
6111	// Valid interpretation strings: mini-float format names.
6112	Check(APFloatBase::isValidArbitraryFPFormat(Interp),
6113	"unsupported interpretation metadata string", Call);
6114
6115	// Check rounding mode metadata (argoperand 2).
6116	auto *RoundingMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: `2`));
6117	Check(RoundingMAV, "missing rounding mode metadata operand", Call);
6118	auto *RoundingStr = dyn_cast<MDString>(Val: RoundingMAV->getMetadata());
6119	Check(RoundingStr, "rounding mode metadata operand must be a string", Call);
6120
6121	std::optional<RoundingMode> RM =
6122	convertStrToRoundingMode(RoundingStr->getString());
6123	Check(RM && *RM != RoundingMode::Dynamic,
6124	"unsupported rounding mode argument", Call);
6125	break;
6126	}
6127	case Intrinsic::convert_from_arbitrary_fp: {
6128	// Check that vector element counts are consistent.
6129	Type *IntTy = Call.getArgOperand(i: `0`)->getType();
6130	Type *ValueTy = Call.getType();
6131
6132	if (auto *ValueVecTy = dyn_cast<VectorType>(Val: ValueTy)) {
6133	auto *IntVecTy = dyn_cast<VectorType>(Val: IntTy);
6134	Check(IntVecTy,
6135	"if floating-point operand is a vector, integer operand must also "
6136	"be a vector",
6137	Call);
6138	Check(ValueVecTy->getElementCount() == IntVecTy->getElementCount(),
6139	"floating-point and integer vector operands must have the same "
6140	"element count",
6141	Call);
6142	}
6143
6144	// Check interpretation metadata (argoperand 1).
6145	auto *InterpMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: `1`));
6146	Check(InterpMAV, "missing interpretation metadata operand", Call);
6147	auto *InterpStr = dyn_cast<MDString>(Val: InterpMAV->getMetadata());
6148	Check(InterpStr, "interpretation metadata operand must be a string", Call);
6149	StringRef Interp = InterpStr->getString();
6150
6151	Check(!Interp.empty(), "interpretation metadata string must not be empty",
6152	Call);
6153
6154	// Valid interpretation strings: mini-float format names.
6155	Check(APFloatBase::isValidArbitraryFPFormat(Interp),
6156	"unsupported interpretation metadata string", Call);
6157	break;
6158	}
6159	#define BEGIN_REGISTER_VP_INTRINSIC(VPID, ...) case Intrinsic::VPID:
6160	#include "llvm/IR/VPIntrinsics.def"
6161	#undef BEGIN_REGISTER_VP_INTRINSIC
6162	visitVPIntrinsic(VPI&: cast<VPIntrinsic>(Val&: Call));
6163	break;
6164	#define INSTRUCTION(NAME, NARGS, ROUND_MODE, INTRINSIC) \
6165	case Intrinsic::INTRINSIC:
6166	#include "llvm/IR/ConstrainedOps.def"
6167	#undef INSTRUCTION
6168	visitConstrainedFPIntrinsic(FPI&: cast<ConstrainedFPIntrinsic>(Val&: Call));
6169	break;
6170	case Intrinsic::dbg_declare: // llvm.dbg.declare
6171	case Intrinsic::dbg_value: // llvm.dbg.value
6172	case Intrinsic::dbg_assign: // llvm.dbg.assign
6173	case Intrinsic::dbg_label: // llvm.dbg.label
6174	// We no longer interpret debug intrinsics (the old variable-location
6175	// design). They're meaningless as far as LLVM is concerned we could make
6176	// it an error for them to appear, but it's possible we'll have users
6177	// converting back to intrinsics for the forseeable future (such as DXIL),
6178	// so tolerate their existance.
6179	break;
6180	case Intrinsic::memcpy:
6181	case Intrinsic::memcpy_inline:
6182	case Intrinsic::memmove:
6183	case Intrinsic::memset:
6184	case Intrinsic::memset_inline:
6185	break;
6186	case Intrinsic::experimental_memset_pattern: {
6187	const auto Memset = cast<MemSetPatternInst>(Val: &Call);
6188	Check(Memset->getValue()->getType()->isSized(),
6189	"unsized types cannot be used as memset patterns", Call);
6190	break;
6191	}
6192	case Intrinsic::memcpy_element_unordered_atomic:
6193	case Intrinsic::memmove_element_unordered_atomic:
6194	case Intrinsic::memset_element_unordered_atomic: {
6195	const auto *AMI = cast<AnyMemIntrinsic>(Val: &Call);
6196
6197	ConstantInt *ElementSizeCI =
6198	cast<ConstantInt>(Val: AMI->getRawElementSizeInBytes());
6199	const APInt &ElementSizeVal = ElementSizeCI->getValue();
6200	Check(ElementSizeVal.isPowerOf2(),
6201	"element size of the element-wise atomic memory intrinsic "
6202	"must be a power of 2",
6203	Call);
6204
6205	auto IsValidAlignment = [&](MaybeAlign Alignment) {
6206	return Alignment && ElementSizeVal.ule(RHS: Alignment ->value());
6207	};
6208	Check(IsValidAlignment(AMI->getDestAlign()),
6209	"incorrect alignment of the destination argument", Call);
6210	if (const auto *AMT = dyn_cast<AnyMemTransferInst>(Val: AMI)) {
6211	Check(IsValidAlignment(AMT->getSourceAlign()),
6212	"incorrect alignment of the source argument", Call);
6213	}
6214	break;
6215	}
6216	case Intrinsic::call_preallocated_setup: {
6217	auto *NumArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: `0`));
6218	bool FoundCall = false;
6219	for (User *U : Call.users()) {
6220	auto *UseCall = dyn_cast<CallBase>(Val: U);
6221	Check(UseCall != nullptr,
6222	"Uses of llvm.call.preallocated.setup must be calls");
6223	Intrinsic::ID IID = UseCall->getIntrinsicID();
6224	if (IID == Intrinsic::call_preallocated_arg) {
6225	auto *AllocArgIndex = dyn_cast<ConstantInt>(Val: UseCall->getArgOperand(i: `1`));
6226	Check(AllocArgIndex != nullptr,
6227	"llvm.call.preallocated.alloc arg index must be a constant");
6228	auto AllocArgIndexInt = AllocArgIndex->getValue();
6229	Check(AllocArgIndexInt.sge(`0`) &&
6230	AllocArgIndexInt.slt(NumArgs->getValue()),
6231	"llvm.call.preallocated.alloc arg index must be between 0 and "
6232	"corresponding "
6233	"llvm.call.preallocated.setup's argument count");
6234	} else if (IID == Intrinsic::call_preallocated_teardown) {
6235	// nothing to do
6236	} else {
6237	Check(!FoundCall, "Can have at most one call corresponding to a "
6238	"llvm.call.preallocated.setup");
6239	FoundCall = true;
6240	size_t NumPreallocatedArgs = `0`;
6241	for (unsigned i = `0`; i < UseCall->arg_size(); i++) {
6242	if (UseCall->paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
6243	++NumPreallocatedArgs;
6244	}
6245	}
6246	Check(NumPreallocatedArgs != `0`,
6247	"cannot use preallocated intrinsics on a call without "
6248	"preallocated arguments");
6249	Check(NumArgs->equalsInt(NumPreallocatedArgs),
6250	"llvm.call.preallocated.setup arg size must be equal to number "
6251	"of preallocated arguments "
6252	"at call site",
6253	Call, *UseCall);
6254	// getOperandBundle() cannot be called if more than one of the operand
6255	// bundle exists. There is already a check elsewhere for this, so skip
6256	// here if we see more than one.
6257	if (UseCall->countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) >
6258	`1`) {
6259	return;
6260	}
6261	auto PreallocatedBundle =
6262	UseCall->getOperandBundle(ID: LLVMContext::OB_preallocated);
6263	Check(PreallocatedBundle,
6264	"Use of llvm.call.preallocated.setup outside intrinsics "
6265	"must be in \"preallocated\" operand bundle");
6266	Check(PreallocatedBundle ->Inputs.front().get() == &Call,
6267	"preallocated bundle must have token from corresponding "
6268	"llvm.call.preallocated.setup");
6269	}
6270	}
6271	break;
6272	}
6273	case Intrinsic::call_preallocated_arg: {
6274	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: `0`));
6275	Check(Token &&
6276	Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
6277	"llvm.call.preallocated.arg token argument must be a "
6278	"llvm.call.preallocated.setup");
6279	Check(Call.hasFnAttr(Attribute::Preallocated),
6280	"llvm.call.preallocated.arg must be called with a \"preallocated\" "
6281	"call site attribute");
6282	break;
6283	}
6284	case Intrinsic::call_preallocated_teardown: {
6285	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: `0`));
6286	Check(Token &&
6287	Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
6288	"llvm.call.preallocated.teardown token argument must be a "
6289	"llvm.call.preallocated.setup");
6290	break;
6291	}
6292	case Intrinsic::gcroot:
6293	case Intrinsic::gcwrite:
6294	case Intrinsic::gcread:
6295	if (ID == Intrinsic::gcroot) {
6296	AllocaInst *AI =
6297	dyn_cast<AllocaInst>(Val: Call.getArgOperand(i: `0`)->stripPointerCasts());
6298	Check(AI, "llvm.gcroot parameter #1 must be an alloca.", Call);
6299	Check(isa<Constant>(Call.getArgOperand(`1`)),
6300	"llvm.gcroot parameter #2 must be a constant.", Call);
6301	if (!AI->getAllocatedType()->isPointerTy()) {
6302	Check(!isa<ConstantPointerNull>(Call.getArgOperand(`1`)),
6303	"llvm.gcroot parameter #1 must either be a pointer alloca, "
6304	"or argument #2 must be a non-null constant.",
6305	Call);
6306	}
6307	}
6308
6309	Check(Call.getParent()->getParent()->hasGC(),
6310	"Enclosing function does not use GC.", Call);
6311	break;
6312	case Intrinsic::init_trampoline:
6313	Check(isa<Function>(Call.getArgOperand(`1`)->stripPointerCasts()),
6314	"llvm.init_trampoline parameter #2 must resolve to a function.",
6315	Call);
6316	break;
6317	case Intrinsic::prefetch:
6318	Check(cast<ConstantInt>(Call.getArgOperand(`1`))->getZExtValue() < `2`,
6319	"rw argument to llvm.prefetch must be 0-1", Call);
6320	Check(cast<ConstantInt>(Call.getArgOperand(`2`))->getZExtValue() < `4`,
6321	"locality argument to llvm.prefetch must be 0-3", Call);
6322	Check(cast<ConstantInt>(Call.getArgOperand(`3`))->getZExtValue() < `2`,
6323	"cache type argument to llvm.prefetch must be 0-1", Call);
6324	break;
6325	case Intrinsic::reloc_none: {
6326	Check(isa<MDString>(
6327	cast<MetadataAsValue>(Call.getArgOperand(`0`))->getMetadata()),
6328	"llvm.reloc.none argument must be a metadata string", &Call);
6329	break;
6330	}
6331	case Intrinsic::stackprotector:
6332	Check(isa<AllocaInst>(Call.getArgOperand(`1`)->stripPointerCasts()),
6333	"llvm.stackprotector parameter #2 must resolve to an alloca.", Call);
6334	break;
6335	case Intrinsic::localescape: {
6336	BasicBlock *BB = Call.getParent();
6337	Check(BB->isEntryBlock(), "llvm.localescape used outside of entry block",
6338	Call);
6339	Check(!SawFrameEscape, "multiple calls to llvm.localescape in one function",
6340	Call);
6341	for (Value *Arg : Call.args()) {
6342	if (isa<ConstantPointerNull>(Val: Arg))
6343	continue; // Null values are allowed as placeholders.
6344	auto *AI = dyn_cast<AllocaInst>(Val: Arg->stripPointerCasts());
6345	Check(AI && AI->isStaticAlloca(),
6346	"llvm.localescape only accepts static allocas", Call);
6347	}
6348	FrameEscapeInfo [BB->getParent()].first = Call.arg_size();
6349	SawFrameEscape = true;
6350	break;
6351	}
6352	case Intrinsic::localrecover: {
6353	Value *FnArg = Call.getArgOperand(i: `0`)->stripPointerCasts();
6354	Function *Fn = dyn_cast<Function>(Val: FnArg);
6355	Check(Fn && !Fn->isDeclaration(),
6356	"llvm.localrecover first "
6357	"argument must be function defined in this module",
6358	Call);
6359	auto *IdxArg = cast<ConstantInt>(Val: Call.getArgOperand(i: `2`));
6360	auto &Entry = FrameEscapeInfo [Fn];
6361	Entry.second = unsigned(
6362	std::max(a: uint64_t(Entry.second), b: IdxArg->getLimitedValue(Limit: ~`0U`) + `1`));
6363	break;
6364	}
6365
6366	case Intrinsic::experimental_gc_statepoint:
6367	if (auto *CI = dyn_cast<CallInst>(Val: &Call))
6368	Check(!CI->isInlineAsm(),
6369	"gc.statepoint support for inline assembly unimplemented", CI);
6370	Check(Call.getParent()->getParent()->hasGC(),
6371	"Enclosing function does not use GC.", Call);
6372
6373	verifyStatepoint(Call);
6374	break;
6375	case Intrinsic::experimental_gc_result: {
6376	Check(Call.getParent()->getParent()->hasGC(),
6377	"Enclosing function does not use GC.", Call);
6378
6379	auto *Statepoint = Call.getArgOperand(i: `0`);
6380	if (isa<UndefValue>(Val: Statepoint))
6381	break;
6382
6383	// Are we tied to a statepoint properly?
6384	const auto *StatepointCall = dyn_cast<CallBase>(Val: Statepoint);
6385	Check(StatepointCall && StatepointCall->getIntrinsicID() ==
6386	Intrinsic::experimental_gc_statepoint,
6387	"gc.result operand #1 must be from a statepoint", Call,
6388	Call.getArgOperand(`0`));
6389
6390	// Check that result type matches wrapped callee.
6391	auto *TargetFuncType =
6392	cast<FunctionType>(Val: StatepointCall->getParamElementType(ArgNo: `2`));
6393	Check(Call.getType() == TargetFuncType->getReturnType(),
6394	"gc.result result type does not match wrapped callee", Call);
6395	break;
6396	}
6397	case Intrinsic::experimental_gc_relocate: {
6398	Check(Call.arg_size() == `3`, "wrong number of arguments", Call);
6399
6400	Check(isa<PointerType>(Call.getType()->getScalarType()),
6401	"gc.relocate must return a pointer or a vector of pointers", Call);
6402
6403	// Check that this relocate is correctly tied to the statepoint
6404
6405	// This is case for relocate on the unwinding path of an invoke statepoint
6406	if (LandingPadInst *LandingPad =
6407	dyn_cast<LandingPadInst>(Val: Call.getArgOperand(i: `0`))) {
6408
6409	const BasicBlock *InvokeBB =
6410	LandingPad->getParent()->getUniquePredecessor();
6411
6412	// Landingpad relocates should have only one predecessor with invoke
6413	// statepoint terminator
6414	Check(InvokeBB, "safepoints should have unique landingpads",
6415	LandingPad->getParent());
6416	Check(InvokeBB->getTerminator(), "safepoint block should be well formed",
6417	InvokeBB);
6418	Check(isa<GCStatepointInst>(InvokeBB->getTerminator()),
6419	"gc relocate should be linked to a statepoint", InvokeBB);
6420	} else {
6421	// In all other cases relocate should be tied to the statepoint directly.
6422	// This covers relocates on a normal return path of invoke statepoint and
6423	// relocates of a call statepoint.
6424	auto *Token = Call.getArgOperand(i: `0`);
6425	Check(isa<GCStatepointInst>(Token) \|\| isa<UndefValue>(Token),
6426	"gc relocate is incorrectly tied to the statepoint", Call, Token);
6427	}
6428
6429	// Verify rest of the relocate arguments.
6430	const Value &StatepointCall = *cast<GCRelocateInst>(Val&: Call).getStatepoint();
6431
6432	// Both the base and derived must be piped through the safepoint.
6433	Value *Base = Call.getArgOperand(i: `1`);
6434	Check(isa<ConstantInt>(Base),
6435	"gc.relocate operand #2 must be integer offset", Call);
6436
6437	Value *Derived = Call.getArgOperand(i: `2`);
6438	Check(isa<ConstantInt>(Derived),
6439	"gc.relocate operand #3 must be integer offset", Call);
6440
6441	const uint64_t BaseIndex = cast<ConstantInt>(Val: Base)->getZExtValue();
6442	const uint64_t DerivedIndex = cast<ConstantInt>(Val: Derived)->getZExtValue();
6443
6444	// Check the bounds
6445	if (isa<UndefValue>(Val: StatepointCall))
6446	break;
6447	if (auto Opt = cast<GCStatepointInst>(Val: StatepointCall)
6448	.getOperandBundle(ID: LLVMContext::OB_gc_live)) {
6449	Check(BaseIndex < Opt ->Inputs.size(),
6450	"gc.relocate: statepoint base index out of bounds", Call);
6451	Check(DerivedIndex < Opt ->Inputs.size(),
6452	"gc.relocate: statepoint derived index out of bounds", Call);
6453	}
6454
6455	// Relocated value must be either a pointer type or vector-of-pointer type,
6456	// but gc_relocate does not need to return the same pointer type as the
6457	// relocated pointer. It can be casted to the correct type later if it's
6458	// desired. However, they must have the same address space and 'vectorness'
6459	GCRelocateInst &Relocate = cast<GCRelocateInst>(Val&: Call);
6460	auto *ResultType = Call.getType();
6461	auto *DerivedType = Relocate.getDerivedPtr()->getType();
6462	auto *BaseType = Relocate.getBasePtr()->getType();
6463
6464	Check(BaseType->isPtrOrPtrVectorTy(),
6465	"gc.relocate: relocated value must be a pointer", Call);
6466	Check(DerivedType->isPtrOrPtrVectorTy(),
6467	"gc.relocate: relocated value must be a pointer", Call);
6468
6469	Check(ResultType->isVectorTy() == DerivedType->isVectorTy(),
6470	"gc.relocate: vector relocates to vector and pointer to pointer",
6471	Call);
6472	Check(
6473	ResultType->getPointerAddressSpace() ==
6474	DerivedType->getPointerAddressSpace(),
6475	"gc.relocate: relocating a pointer shouldn't change its address space",
6476	Call);
6477
6478	auto GC = llvm::getGCStrategy(Name: Relocate.getFunction()->getGC());
6479	Check(GC, "gc.relocate: calling function must have GCStrategy",
6480	Call.getFunction());
6481	if (GC) {
6482	auto isGCPtr = [&GC](Type *PTy) {
6483	return GC ->isGCManagedPointer(Ty: PTy->getScalarType()).value_or(u: true);
6484	};
6485	Check(isGCPtr(ResultType), "gc.relocate: must return gc pointer", Call);
6486	Check(isGCPtr(BaseType),
6487	"gc.relocate: relocated value must be a gc pointer", Call);
6488	Check(isGCPtr(DerivedType),
6489	"gc.relocate: relocated value must be a gc pointer", Call);
6490	}
6491	break;
6492	}
6493	case Intrinsic::experimental_patchpoint: {
6494	if (Call.getCallingConv() == CallingConv::AnyReg) {
6495	Check(Call.getType()->isSingleValueType(),
6496	"patchpoint: invalid return type used with anyregcc", Call);
6497	}
6498	break;
6499	}
6500	case Intrinsic::eh_exceptioncode:
6501	case Intrinsic::eh_exceptionpointer: {
6502	Check(isa<CatchPadInst>(Call.getArgOperand(`0`)),
6503	"eh.exceptionpointer argument must be a catchpad", Call);
6504	break;
6505	}
6506	case Intrinsic::get_active_lane_mask: {
6507	Type *ElemTy = Call.getType()->getScalarType();
6508	Check(ElemTy->isIntegerTy(`1`),
6509	"get_active_lane_mask: element type is not i1", Call);
6510	break;
6511	}
6512	case Intrinsic::experimental_get_vector_length: {
6513	ConstantInt *VF = cast<ConstantInt>(Val: Call.getArgOperand(i: `1`));
6514	Check(!VF->isNegative() && !VF->isZero(),
6515	"get_vector_length: VF must be positive", Call);
6516	break;
6517	}
6518	case Intrinsic::experimental_guard: {
6519	Check(isa<CallInst>(Call), "experimental_guard cannot be invoked", Call);
6520	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == `1`,
6521	"experimental_guard must have exactly one "
6522	"\"deopt\" operand bundle");
6523	break;
6524	}
6525
6526	case Intrinsic::experimental_deoptimize: {
6527	Check(isa<CallInst>(Call), "experimental_deoptimize cannot be invoked",
6528	Call);
6529	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == `1`,
6530	"experimental_deoptimize must have exactly one "
6531	"\"deopt\" operand bundle");
6532	Check(Call.getType() == Call.getFunction()->getReturnType(),
6533	"experimental_deoptimize return type must match caller return type");
6534
6535	if (isa<CallInst>(Val: Call)) {
6536	auto *RI = dyn_cast<ReturnInst>(Val: Call.getNextNode());
6537	Check(RI,
6538	"calls to experimental_deoptimize must be followed by a return");
6539
6540	if (!Call.getType()->isVoidTy() && RI)
6541	Check(RI->getReturnValue() == &Call,
6542	"calls to experimental_deoptimize must be followed by a return "
6543	"of the value computed by experimental_deoptimize");
6544	}
6545
6546	break;
6547	}
6548	case Intrinsic::vastart: {
6549	Check(Call.getFunction()->isVarArg(),
6550	"va_start called in a non-varargs function");
6551	break;
6552	}
6553	case Intrinsic::get_dynamic_area_offset: {
6554	auto *IntTy = dyn_cast<IntegerType>(Val: Call.getType());
6555	Check(IntTy && DL.getPointerSizeInBits(DL.getAllocaAddrSpace()) ==
6556	IntTy->getBitWidth(),
6557	"get_dynamic_area_offset result type must be scalar integer matching "
6558	"alloca address space width",
6559	Call);
6560	break;
6561	}
6562	case Intrinsic::smul_fix:
6563	case Intrinsic::smul_fix_sat:
6564	case Intrinsic::umul_fix:
6565	case Intrinsic::umul_fix_sat:
6566	case Intrinsic::sdiv_fix:
6567	case Intrinsic::sdiv_fix_sat:
6568	case Intrinsic::udiv_fix:
6569	case Intrinsic::udiv_fix_sat: {
6570	Value *Op1 = Call.getArgOperand(i: `0`);
6571	auto *Op3 = cast<ConstantInt>(Val: Call.getArgOperand(i: `2`));
6572
6573	if (ID == Intrinsic::smul_fix \|\| ID == Intrinsic::smul_fix_sat \|\|
6574	ID == Intrinsic::sdiv_fix \|\| ID == Intrinsic::sdiv_fix_sat) {
6575	Check(Op3->getZExtValue() < Op1->getType()->getScalarSizeInBits(),
6576	"the scale of s[mul\|div]_fix[_sat] must be less than the width of "
6577	"the operands");
6578	} else {
6579	Check(Op3->getZExtValue() <= Op1->getType()->getScalarSizeInBits(),
6580	"the scale of u[mul\|div]_fix[_sat] must be less than or equal "
6581	"to the width of the operands");
6582	}
6583	break;
6584	}
6585	case Intrinsic::lrint:
6586	case Intrinsic::llrint:
6587	case Intrinsic::lround:
6588	case Intrinsic::llround: {
6589	Type *ValTy = Call.getArgOperand(i: `0`)->getType();
6590	Type *ResultTy = Call.getType();
6591	Check(ValTy->isVectorTy() == ResultTy->isVectorTy(),
6592	IF->getName() + ": argument and result disagree on vector use",
6593	&Call);
6594	if (auto *VTy = dyn_cast<VectorType>(Val: ValTy)) {
6595	auto *RTy = dyn_cast<VectorType>(Val: ResultTy);
6596	Check(VTy->getElementCount() == RTy->getElementCount(),
6597	IF->getName() + ": argument must be same length as result", &Call);
6598	}
6599	break;
6600	}
6601	case Intrinsic::bswap: {
6602	Type *Ty = Call.getType();
6603	unsigned Size = Ty->getScalarSizeInBits();
6604	Check(Size % `16` == `0`, "bswap must be an even number of bytes", &Call);
6605	break;
6606	}
6607	case Intrinsic::invariant_start: {
6608	ConstantInt *InvariantSize = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: `0`));
6609	Check(InvariantSize &&
6610	(!InvariantSize->isNegative() \|\| InvariantSize->isMinusOne()),
6611	"invariant_start parameter must be -1, 0 or a positive number",
6612	&Call);
6613	break;
6614	}
6615	case Intrinsic::matrix_multiply:
6616	case Intrinsic::matrix_transpose:
6617	case Intrinsic::matrix_column_major_load:
6618	case Intrinsic::matrix_column_major_store: {
6619	Function *IF = Call.getCalledFunction();
6620	ConstantInt Stride = nullptr*;
6621	ConstantInt *NumRows;
6622	ConstantInt *NumColumns;
6623	VectorType *ResultTy;
6624	Type Op0ElemTy = nullptr*;
6625	Type Op1ElemTy = nullptr*;
6626	switch (ID) {
6627	case Intrinsic::matrix_multiply: {
6628	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: `2`));
6629	ConstantInt *N = cast<ConstantInt>(Val: Call.getArgOperand(i: `3`));
6630	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: `4`));
6631	Check(cast<FixedVectorType>(Call.getArgOperand(`0`)->getType())
6632	->getNumElements() ==
6633	NumRows->getZExtValue() * N->getZExtValue(),
6634	"First argument of a matrix operation does not match specified "
6635	"shape!");
6636	Check(cast<FixedVectorType>(Call.getArgOperand(`1`)->getType())
6637	->getNumElements() ==
6638	N->getZExtValue() * NumColumns->getZExtValue(),
6639	"Second argument of a matrix operation does not match specified "
6640	"shape!");
6641
6642	ResultTy = cast<VectorType>(Val: Call.getType());
6643	Op0ElemTy =
6644	cast<VectorType>(Val: Call.getArgOperand(i: `0`)->getType())->getElementType();
6645	Op1ElemTy =
6646	cast<VectorType>(Val: Call.getArgOperand(i: `1`)->getType())->getElementType();
6647	break;
6648	}
6649	case Intrinsic::matrix_transpose:
6650	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: `1`));
6651	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: `2`));
6652	ResultTy = cast<VectorType>(Val: Call.getType());
6653	Op0ElemTy =
6654	cast<VectorType>(Val: Call.getArgOperand(i: `0`)->getType())->getElementType();
6655	break;
6656	case Intrinsic::matrix_column_major_load: {
6657	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: `1`));
6658	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: `3`));
6659	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: `4`));
6660	ResultTy = cast<VectorType>(Val: Call.getType());
6661	break;
6662	}
6663	case Intrinsic::matrix_column_major_store: {
6664	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: `2`));
6665	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: `4`));
6666	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: `5`));
6667	ResultTy = cast<VectorType>(Val: Call.getArgOperand(i: `0`)->getType());
6668	Op0ElemTy =
6669	cast<VectorType>(Val: Call.getArgOperand(i: `0`)->getType())->getElementType();
6670	break;
6671	}
6672	default:
6673	llvm_unreachable("unexpected intrinsic");
6674	}
6675
6676	Check(ResultTy->getElementType()->isIntegerTy() \|\|
6677	ResultTy->getElementType()->isFloatingPointTy(),
6678	"Result type must be an integer or floating-point type!", IF);
6679
6680	if (Op0ElemTy)
6681	Check(ResultTy->getElementType() == Op0ElemTy,
6682	"Vector element type mismatch of the result and first operand "
6683	"vector!",
6684	IF);
6685
6686	if (Op1ElemTy)
6687	Check(ResultTy->getElementType() == Op1ElemTy,
6688	"Vector element type mismatch of the result and second operand "
6689	"vector!",
6690	IF);
6691
6692	Check(cast<FixedVectorType>(ResultTy)->getNumElements() ==
6693	NumRows->getZExtValue() * NumColumns->getZExtValue(),
6694	"Result of a matrix operation does not fit in the returned vector!");
6695
6696	if (Stride) {
6697	Check(Stride->getBitWidth() <= `64`, "Stride bitwidth cannot exceed 64!",
6698	IF);
6699	Check(Stride->getZExtValue() >= NumRows->getZExtValue(),
6700	"Stride must be greater or equal than the number of rows!", IF);
6701	}
6702
6703	break;
6704	}
6705	case Intrinsic::stepvector: {
6706	VectorType *VecTy = dyn_cast<VectorType>(Val: Call.getType());
6707	Check(VecTy && VecTy->getScalarType()->isIntegerTy() &&
6708	VecTy->getScalarSizeInBits() >= `8`,
6709	"stepvector only supported for vectors of integers "
6710	"with a bitwidth of at least 8.",
6711	&Call);
6712	break;
6713	}
6714	case Intrinsic::experimental_vector_match: {
6715	Value *Op1 = Call.getArgOperand(i: `0`);
6716	Value *Op2 = Call.getArgOperand(i: `1`);
6717	Value *Mask = Call.getArgOperand(i: `2`);
6718
6719	VectorType *Op1Ty = dyn_cast<VectorType>(Val: Op1->getType());
6720	VectorType *Op2Ty = dyn_cast<VectorType>(Val: Op2->getType());
6721	VectorType *MaskTy = dyn_cast<VectorType>(Val: Mask->getType());
6722
6723	Check(Op1Ty && Op2Ty && MaskTy, "Operands must be vectors.", &Call);
6724	Check(isa<FixedVectorType>(Op2Ty),
6725	"Second operand must be a fixed length vector.", &Call);
6726	Check(Op1Ty->getElementType()->isIntegerTy(),
6727	"First operand must be a vector of integers.", &Call);
6728	Check(Op1Ty->getElementType() == Op2Ty->getElementType(),
6729	"First two operands must have the same element type.", &Call);
6730	Check(Op1Ty->getElementCount() == MaskTy->getElementCount(),
6731	"First operand and mask must have the same number of elements.",
6732	&Call);
6733	Check(MaskTy->getElementType()->isIntegerTy(`1`),
6734	"Mask must be a vector of i1's.", &Call);
6735	Check(Call.getType() == MaskTy, "Return type must match the mask type.",
6736	&Call);
6737	break;
6738	}
6739	case Intrinsic::vector_insert: {
6740	Value *Vec = Call.getArgOperand(i: `0`);
6741	Value *SubVec = Call.getArgOperand(i: `1`);
6742	Value *Idx = Call.getArgOperand(i: `2`);
6743	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6744
6745	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6746	VectorType *SubVecTy = cast<VectorType>(Val: SubVec->getType());
6747
6748	ElementCount VecEC = VecTy->getElementCount();
6749	ElementCount SubVecEC = SubVecTy->getElementCount();
6750	Check(VecTy->getElementType() == SubVecTy->getElementType(),
6751	"vector_insert parameters must have the same element "
6752	"type.",
6753	&Call);
6754	Check(IdxN % SubVecEC.getKnownMinValue() == `0`,
6755	"vector_insert index must be a constant multiple of "
6756	"the subvector's known minimum vector length.");
6757
6758	// If this insertion is not the 'mixed' case where a fixed vector is
6759	// inserted into a scalable vector, ensure that the insertion of the
6760	// subvector does not overrun the parent vector.
6761	if (VecEC.isScalable() == SubVecEC.isScalable()) {
6762	Check(IdxN < VecEC.getKnownMinValue() &&
6763	IdxN + SubVecEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6764	"subvector operand of vector_insert would overrun the "
6765	"vector being inserted into.");
6766	}
6767	break;
6768	}
6769	case Intrinsic::vector_extract: {
6770	Value *Vec = Call.getArgOperand(i: `0`);
6771	Value *Idx = Call.getArgOperand(i: `1`);
6772	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6773
6774	VectorType *ResultTy = cast<VectorType>(Val: Call.getType());
6775	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6776
6777	ElementCount VecEC = VecTy->getElementCount();
6778	ElementCount ResultEC = ResultTy->getElementCount();
6779
6780	Check(ResultTy->getElementType() == VecTy->getElementType(),
6781	"vector_extract result must have the same element "
6782	"type as the input vector.",
6783	&Call);
6784	Check(IdxN % ResultEC.getKnownMinValue() == `0`,
6785	"vector_extract index must be a constant multiple of "
6786	"the result type's known minimum vector length.");
6787
6788	// If this extraction is not the 'mixed' case where a fixed vector is
6789	// extracted from a scalable vector, ensure that the extraction does not
6790	// overrun the parent vector.
6791	if (VecEC.isScalable() == ResultEC.isScalable()) {
6792	Check(IdxN < VecEC.getKnownMinValue() &&
6793	IdxN + ResultEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6794	"vector_extract would overrun.");
6795	}
6796	break;
6797	}
6798	case Intrinsic::vector_partial_reduce_fadd:
6799	case Intrinsic::vector_partial_reduce_add: {
6800	VectorType *AccTy = cast<VectorType>(Val: Call.getArgOperand(i: `0`)->getType());
6801	VectorType *VecTy = cast<VectorType>(Val: Call.getArgOperand(i: `1`)->getType());
6802
6803	unsigned VecWidth = VecTy->getElementCount().getKnownMinValue();
6804	unsigned AccWidth = AccTy->getElementCount().getKnownMinValue();
6805
6806	Check((VecWidth % AccWidth) == `0`,
6807	"Invalid vector widths for partial "
6808	"reduction. The width of the input vector "
6809	"must be a positive integer multiple of "
6810	"the width of the accumulator vector.");
6811	break;
6812	}
6813	case Intrinsic::experimental_noalias_scope_decl: {
6814	NoAliasScopeDecls.push_back(Elt: cast<IntrinsicInst>(Val: &Call));
6815	break;
6816	}
6817	case Intrinsic::preserve_array_access_index:
6818	case Intrinsic::preserve_struct_access_index:
6819	case Intrinsic::aarch64_ldaxr:
6820	case Intrinsic::aarch64_ldxr:
6821	case Intrinsic::arm_ldaex:
6822	case Intrinsic::arm_ldrex: {
6823	Type *ElemTy = Call.getParamElementType(ArgNo: `0`);
6824	Check(ElemTy, "Intrinsic requires elementtype attribute on first argument.",
6825	&Call);
6826	break;
6827	}
6828	case Intrinsic::aarch64_stlxr:
6829	case Intrinsic::aarch64_stxr:
6830	case Intrinsic::arm_stlex:
6831	case Intrinsic::arm_strex: {
6832	Type *ElemTy = Call.getAttributes().getParamElementType(ArgNo: `1`);
6833	Check(ElemTy,
6834	"Intrinsic requires elementtype attribute on second argument.",
6835	&Call);
6836	break;
6837	}
6838	case Intrinsic::aarch64_prefetch: {
6839	Check(cast<ConstantInt>(Call.getArgOperand(`1`))->getZExtValue() < `2`,
6840	"write argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6841	Check(cast<ConstantInt>(Call.getArgOperand(`2`))->getZExtValue() < `4`,
6842	"target argument to llvm.aarch64.prefetch must be 0-3", Call);
6843	Check(cast<ConstantInt>(Call.getArgOperand(`3`))->getZExtValue() < `2`,
6844	"stream argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6845	Check(cast<ConstantInt>(Call.getArgOperand(`4`))->getZExtValue() < `2`,
6846	"isdata argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6847	break;
6848	}
6849	case Intrinsic::aarch64_range_prefetch: {
6850	Check(cast<ConstantInt>(Call.getArgOperand(`1`))->getZExtValue() < `2`,
6851	"write argument to llvm.aarch64.range.prefetch must be 0 or 1", Call);
6852	Check(cast<ConstantInt>(Call.getArgOperand(`2`))->getZExtValue() < `2`,
6853	"stream argument to llvm.aarch64.range.prefetch must be 0 or 1",
6854	Call);
6855	break;
6856	}
6857	case Intrinsic::callbr_landingpad: {
6858	const auto *CBR = dyn_cast<CallBrInst>(Val: Call.getOperand(i_nocapture: `0`));
6859	Check(CBR, "intrinstic requires callbr operand", &Call);
6860	if (!CBR)
6861	break;
6862
6863	const BasicBlock *LandingPadBB = Call.getParent();
6864	const BasicBlock *PredBB = LandingPadBB->getUniquePredecessor();
6865	if (!PredBB) {
6866	CheckFailed(Message: "Intrinsic in block must have 1 unique predecessor", V1: &Call);
6867	break;
6868	}
6869	if (!isa<CallBrInst>(Val: PredBB->getTerminator())) {
6870	CheckFailed(Message: "Intrinsic must have corresponding callbr in predecessor",
6871	V1: &Call);
6872	break;
6873	}
6874	Check(llvm::is_contained(CBR->getIndirectDests(), LandingPadBB),
6875	"Intrinsic's corresponding callbr must have intrinsic's parent basic "
6876	"block in indirect destination list",
6877	&Call);
6878	const Instruction &First = *LandingPadBB->begin();
6879	Check(&First == &Call, "No other instructions may proceed intrinsic",
6880	&Call);
6881	break;
6882	}
6883	case Intrinsic::structured_gep: {
6884	// Parser should refuse those 2 cases.
6885	assert(Call.arg_size() >= `1`);
6886	assert(Call.getOperand(`0`)->getType()->isPointerTy());
6887
6888	Check(Call.paramHasAttr(`0`, Attribute::ElementType),
6889	"Intrinsic first parameter is missing an ElementType attribute",
6890	&Call);
6891
6892	Type *T = Call.getParamAttr(ArgNo: `0`, Kind: Attribute::ElementType).getValueAsType();
6893	for (unsigned I = `1`; I < Call.arg_size(); ++I) {
6894	Value *Index = Call.getOperand(i_nocapture: I);
6895	ConstantInt *CI = dyn_cast<ConstantInt>(Val: Index);
6896	Check(Index->getType()->isIntegerTy(),
6897	"Index operand type must be an integer", &Call);
6898
6899	if (ArrayType *AT = dyn_cast<ArrayType>(Val: T)) {
6900	T = AT->getElementType();
6901	} else if (StructType *ST = dyn_cast<StructType>(Val: T)) {
6902	Check(CI, "Indexing into a struct requires a constant int", &Call);
6903	Check(CI->getZExtValue() < ST->getNumElements(),
6904	"Indexing in a struct should be inbounds", &Call);
6905	T = ST->getElementType(N: CI->getZExtValue());
6906	} else if (VectorType *VT = dyn_cast<VectorType>(Val: T)) {
6907	T = VT->getElementType();
6908	} else {
6909	CheckFailed(Message: "Reached a non-composite type with more indices to process",
6910	V1: &Call);
6911	}
6912	}
6913	break;
6914	}
6915	case Intrinsic::structured_alloca:
6916	Check(Call.hasRetAttr(Attribute::ElementType),
6917	"@llvm.structured.alloca calls require elementtype attribute.",
6918	&Call);
6919	break;
6920	case Intrinsic::nvvm_setmaxnreg_inc_sync_aligned_u32:
6921	case Intrinsic::nvvm_setmaxnreg_dec_sync_aligned_u32: {
6922	Value *V = Call.getArgOperand(i: `0`);
6923	unsigned RegCount = cast<ConstantInt>(Val: V)->getZExtValue();
6924	Check(RegCount % `8` == `0`,
6925	"reg_count argument to nvvm.setmaxnreg must be in multiples of 8");
6926	break;
6927	}
6928	case Intrinsic::experimental_convergence_entry:
6929	case Intrinsic::experimental_convergence_anchor:
6930	break;
6931	case Intrinsic::experimental_convergence_loop:
6932	break;
6933	case Intrinsic::ptrmask: {
6934	Type *Ty0 = Call.getArgOperand(i: `0`)->getType();
6935	Type *Ty1 = Call.getArgOperand(i: `1`)->getType();
6936	Check(Ty0->isPtrOrPtrVectorTy(),
6937	"llvm.ptrmask intrinsic first argument must be pointer or vector "
6938	"of pointers",
6939	&Call);
6940	Check(
6941	Ty0->isVectorTy() == Ty1->isVectorTy(),
6942	"llvm.ptrmask intrinsic arguments must be both scalars or both vectors",
6943	&Call);
6944	if (Ty0->isVectorTy())
6945	Check(cast<VectorType>(Ty0)->getElementCount() ==
6946	cast<VectorType>(Ty1)->getElementCount(),
6947	"llvm.ptrmask intrinsic arguments must have the same number of "
6948	"elements",
6949	&Call);
6950	Check(DL.getIndexTypeSizeInBits(Ty0) == Ty1->getScalarSizeInBits(),
6951	"llvm.ptrmask intrinsic second argument bitwidth must match "
6952	"pointer index type size of first argument",
6953	&Call);
6954	break;
6955	}
6956	case Intrinsic::thread_pointer: {
6957	Check(Call.getType()->getPointerAddressSpace() ==
6958	DL.getDefaultGlobalsAddressSpace(),
6959	"llvm.thread.pointer intrinsic return type must be for the globals "
6960	"address space",
6961	&Call);
6962	break;
6963	}
6964	case Intrinsic::threadlocal_address: {
6965	const Value &Arg0 = *Call.getArgOperand(i: `0`);
6966	Check(isa<GlobalValue>(Arg0),
6967	"llvm.threadlocal.address first argument must be a GlobalValue");
6968	Check(cast<GlobalValue>(Arg0).isThreadLocal(),
6969	"llvm.threadlocal.address operand isThreadLocal() must be true");
6970	break;
6971	}
6972	case Intrinsic::lifetime_start:
6973	case Intrinsic::lifetime_end: {
6974	Value *Ptr = Call.getArgOperand(i: `0`);
6975	IntrinsicInst *II = dyn_cast<IntrinsicInst>(Val: Ptr);
6976	Check(isa<AllocaInst>(Ptr) \|\| isa<PoisonValue>(Ptr) \|\|
6977	(II && II->getIntrinsicID() == Intrinsic::structured_alloca),
6978	"llvm.lifetime.start/end can only be used on alloca or poison",
6979	&Call);
6980	break;
6981	}
6982	case Intrinsic::sponentry: {
6983	const unsigned StackAS = DL.getAllocaAddrSpace();
6984	const Type *RetTy = Call.getFunctionType()->getReturnType();
6985	Check(RetTy->getPointerAddressSpace() == StackAS,
6986	"llvm.sponentry must return a pointer to the stack", &Call);
6987	break;
6988	}
6989	case Intrinsic::write_volatile_register: {
6990	auto *MD = cast<MDNode>(
6991	Val: cast<MetadataAsValue>(Val: Call.getArgOperand(i: `0`))->getMetadata());
6992	Check(MD->getNumOperands() == `1` && isa<MDString>(MD->getOperand(`0`)),
6993	"llvm.write_volatile_register metadata must be a single MDString",
6994	&Call);
6995	break;
6996	}
6997	};
6998
6999	// Verify that there aren't any unmediated control transfers between funclets.
7000	if (IntrinsicInst::mayLowerToFunctionCall(IID: ID)) {
7001	Function *F = Call.getParent()->getParent();
7002	if (F->hasPersonalityFn() &&
7003	isScopedEHPersonality(Pers: classifyEHPersonality(Pers: F->getPersonalityFn()))) {
7004	// Run EH funclet coloring on-demand and cache results for other intrinsic
7005	// calls in this function
7006	if (BlockEHFuncletColors.empty())
7007	BlockEHFuncletColors = colorEHFunclets(F&: *F);
7008
7009	// Check for catch-/cleanup-pad in first funclet block
7010	bool InEHFunclet = false;
7011	BasicBlock *CallBB = Call.getParent();
7012	const ColorVector &CV = BlockEHFuncletColors.find(Val: CallBB)->second;
7013	assert(CV.size() > `0` && "Uncolored block");
7014	for (BasicBlock *ColorFirstBB : CV)
7015	if (auto It = ColorFirstBB->getFirstNonPHIIt();
7016	It != ColorFirstBB->end())
7017	if (isa_and_nonnull<FuncletPadInst>(Val: &*It))
7018	InEHFunclet = true;
7019
7020	// Check for funclet operand bundle
7021	bool HasToken = false;
7022	for (unsigned I = `0`, E = Call.getNumOperandBundles(); I != E; ++I)
7023	if (Call.getOperandBundleAt(Index: I).getTagID() == LLVMContext::OB_funclet)
7024	HasToken = true;
7025
7026	// This would cause silent code truncation in WinEHPrepare
7027	if (InEHFunclet)
7028	Check(HasToken, "Missing funclet token on intrinsic call", &Call);
7029	}
7030	}
7031
7032	// Target-specific intrinsic call checks.
7033	verifyAMDGPUIntrinsicCall(VS&: *this, ID, Call);
7034	}
7035
7036	/// Carefully grab the subprogram from a local scope.
7037	///
7038	/// This carefully grabs the subprogram from a local scope, avoiding the
7039	/// built-in assertions that would typically fire.
7040	static DISubprogram getSubprogram(Metadata LocalScope) {
7041	if (!LocalScope)
7042	return nullptr;
7043
7044	if (auto *SP = dyn_cast<DISubprogram>(Val: LocalScope))
7045	return SP;
7046
7047	if (auto *LB = dyn_cast<DILexicalBlockBase>(Val: LocalScope))
7048	return getSubprogram(LocalScope: LB->getRawScope());
7049
7050	// Just return null; broken scope chains are checked elsewhere.
7051	assert(!isa<DILocalScope>(LocalScope) && "Unknown type of local scope");
7052	return nullptr;
7053	}
7054
7055	void Verifier::visit(DbgLabelRecord &DLR) {
7056	CheckDI(isa<DILabel>(DLR.getRawLabel()),
7057	"invalid #dbg_label intrinsic variable", &DLR, DLR.getRawLabel());
7058
7059	// Ignore broken !dbg attachments; they're checked elsewhere.
7060	if (MDNode *N = DLR.getDebugLoc().getAsMDNode())
7061	if (!isa<DILocation>(Val: N))
7062	return;
7063
7064	BasicBlock *BB = DLR.getParent();
7065	Function F = BB ? BB->getParent() : nullptr*;
7066
7067	// The scopes for variables and !dbg attachments must agree.
7068	DILabel *Label = DLR.getLabel();
7069	DILocation *Loc = DLR.getDebugLoc();
7070	CheckDI(Loc, "#dbg_label record requires a !dbg attachment", &DLR, BB, F);
7071
7072	DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
7073	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7074	if (!LabelSP \|\| !LocSP)
7075	return;
7076
7077	CheckDI(LabelSP == LocSP,
7078	"mismatched subprogram between #dbg_label label and !dbg attachment",
7079	&DLR, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
7080	Loc->getScope()->getSubprogram());
7081	}
7082
7083	void Verifier::visit(DbgVariableRecord &DVR) {
7084	BasicBlock *BB = DVR.getParent();
7085	Function *F = BB->getParent();
7086
7087	CheckDI(DVR.getType() == DbgVariableRecord::LocationType::Value \|\|
7088	DVR.getType() == DbgVariableRecord::LocationType::Declare \|\|
7089	DVR.getType() == DbgVariableRecord::LocationType::DeclareValue \|\|
7090	DVR.getType() == DbgVariableRecord::LocationType::Assign,
7091	"invalid #dbg record type", &DVR, DVR.getType(), BB, F);
7092
7093	// The location for a DbgVariableRecord must be either a ValueAsMetadata,
7094	// DIArgList, or an empty MDNode (which is a legacy representation for an
7095	// "undef" location).
7096	auto *MD = DVR.getRawLocation();
7097	CheckDI(MD && (isa<ValueAsMetadata>(MD) \|\| isa<DIArgList>(MD) \|\|
7098	(isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands())),
7099	"invalid #dbg record address/value", &DVR, MD, BB, F);
7100	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: MD)) {
7101	visitValueAsMetadata(MD: *VAM, F);
7102	if (DVR.isDbgDeclare()) {
7103	// Allow integers here to support inttoptr salvage.
7104	Type *Ty = VAM->getValue()->getType();
7105	CheckDI(Ty->isPointerTy() \|\| Ty->isIntegerTy(),
7106	"location of #dbg_declare must be a pointer or int", &DVR, MD, BB,
7107	F);
7108	}
7109	} else if (auto *AL = dyn_cast<DIArgList>(Val: MD)) {
7110	visitDIArgList(AL: *AL, F);
7111	}
7112
7113	CheckDI(isa_and_nonnull<DILocalVariable>(DVR.getRawVariable()),
7114	"invalid #dbg record variable", &DVR, DVR.getRawVariable(), BB, F);
7115	visitMDNode(BaseMD: *DVR.getRawVariable(), AllowLocs: AreDebugLocsAllowed::No);
7116
7117	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawExpression()),
7118	"invalid #dbg record expression", &DVR, DVR.getRawExpression(), BB,
7119	F);
7120	visitMDNode(BaseMD: *DVR.getExpression(), AllowLocs: AreDebugLocsAllowed::No);
7121
7122	if (DVR.isDbgAssign()) {
7123	CheckDI(isa_and_nonnull<DIAssignID>(DVR.getRawAssignID()),
7124	"invalid #dbg_assign DIAssignID", &DVR, DVR.getRawAssignID(), BB,
7125	F);
7126	visitMDNode(BaseMD: *cast<DIAssignID>(Val: DVR.getRawAssignID()),
7127	AllowLocs: AreDebugLocsAllowed::No);
7128
7129	const auto *RawAddr = DVR.getRawAddress();
7130	// Similarly to the location above, the address for an assign
7131	// DbgVariableRecord must be a ValueAsMetadata or an empty MDNode, which
7132	// represents an undef address.
7133	CheckDI(
7134	isa<ValueAsMetadata>(RawAddr) \|\|
7135	(isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
7136	"invalid #dbg_assign address", &DVR, DVR.getRawAddress(), BB, F);
7137	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: RawAddr))
7138	visitValueAsMetadata(MD: *VAM, F);
7139
7140	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawAddressExpression()),
7141	"invalid #dbg_assign address expression", &DVR,
7142	DVR.getRawAddressExpression(), BB, F);
7143	visitMDNode(BaseMD: *DVR.getAddressExpression(), AllowLocs: AreDebugLocsAllowed::No);
7144
7145	// All of the linked instructions should be in the same function as DVR.
7146	for (Instruction *I : at::getAssignmentInsts(DVR: &DVR))
7147	CheckDI(DVR.getFunction() == I->getFunction(),
7148	"inst not in same function as #dbg_assign", I, &DVR, BB, F);
7149	}
7150
7151	// This check is redundant with one in visitLocalVariable().
7152	DILocalVariable *Var = DVR.getVariable();
7153	CheckDI(isType(Var->getRawType()), "invalid type ref", Var, Var->getRawType(),
7154	BB, F);
7155
7156	auto *DLNode = DVR.getDebugLoc().getAsMDNode();
7157	CheckDI(isa_and_nonnull<DILocation>(DLNode), "invalid #dbg record DILocation",
7158	&DVR, DLNode, BB, F);
7159	DILocation *Loc = DVR.getDebugLoc();
7160
7161	// The scopes for variables and !dbg attachments must agree.
7162	DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
7163	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7164	if (!VarSP \|\| !LocSP)
7165	return; // Broken scope chains are checked elsewhere.
7166
7167	CheckDI(VarSP == LocSP,
7168	"mismatched subprogram between #dbg record variable and DILocation",
7169	&DVR, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
7170	Loc->getScope()->getSubprogram(), BB, F);
7171
7172	verifyFnArgs(DVR);
7173	}
7174
7175	void Verifier::visitVPIntrinsic(VPIntrinsic &VPI) {
7176	if (auto *VPCast = dyn_cast<VPCastIntrinsic>(Val: &VPI)) {
7177	auto *RetTy = cast<VectorType>(Val: VPCast->getType());
7178	auto *ValTy = cast<VectorType>(Val: VPCast->getOperand(i_nocapture: `0`)->getType());
7179	Check(RetTy->getElementCount() == ValTy->getElementCount(),
7180	"VP cast intrinsic first argument and result vector lengths must be "
7181	"equal",
7182	*VPCast);
7183
7184	switch (VPCast->getIntrinsicID()) {
7185	default:
7186	llvm_unreachable("Unknown VP cast intrinsic");
7187	case Intrinsic::vp_trunc:
7188	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
7189	"llvm.vp.trunc intrinsic first argument and result element type "
7190	"must be integer",
7191	*VPCast);
7192	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
7193	"llvm.vp.trunc intrinsic the bit size of first argument must be "
7194	"larger than the bit size of the return type",
7195	*VPCast);
7196	break;
7197	case Intrinsic::vp_zext:
7198	case Intrinsic::vp_sext:
7199	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
7200	"llvm.vp.zext or llvm.vp.sext intrinsic first argument and result "
7201	"element type must be integer",
7202	*VPCast);
7203	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
7204	"llvm.vp.zext or llvm.vp.sext intrinsic the bit size of first "
7205	"argument must be smaller than the bit size of the return type",
7206	*VPCast);
7207	break;
7208	case Intrinsic::vp_fptoui:
7209	case Intrinsic::vp_fptosi:
7210	case Intrinsic::vp_lrint:
7211	case Intrinsic::vp_llrint:
7212	Check(
7213	RetTy->isIntOrIntVectorTy() && ValTy->isFPOrFPVectorTy(),
7214	"llvm.vp.fptoui, llvm.vp.fptosi, llvm.vp.lrint or llvm.vp.llrint" "intrinsic first argument element "
7215	"type must be floating-point and result element type must be integer",
7216	*VPCast);
7217	break;
7218	case Intrinsic::vp_uitofp:
7219	case Intrinsic::vp_sitofp:
7220	Check(
7221	RetTy->isFPOrFPVectorTy() && ValTy->isIntOrIntVectorTy(),
7222	"llvm.vp.uitofp or llvm.vp.sitofp intrinsic first argument element "
7223	"type must be integer and result element type must be floating-point",
7224	*VPCast);
7225	break;
7226	case Intrinsic::vp_fptrunc:
7227	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
7228	"llvm.vp.fptrunc intrinsic first argument and result element type "
7229	"must be floating-point",
7230	*VPCast);
7231	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
7232	"llvm.vp.fptrunc intrinsic the bit size of first argument must be "
7233	"larger than the bit size of the return type",
7234	*VPCast);
7235	break;
7236	case Intrinsic::vp_fpext:
7237	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
7238	"llvm.vp.fpext intrinsic first argument and result element type "
7239	"must be floating-point",
7240	*VPCast);
7241	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
7242	"llvm.vp.fpext intrinsic the bit size of first argument must be "
7243	"smaller than the bit size of the return type",
7244	*VPCast);
7245	break;
7246	case Intrinsic::vp_ptrtoint:
7247	Check(RetTy->isIntOrIntVectorTy() && ValTy->isPtrOrPtrVectorTy(),
7248	"llvm.vp.ptrtoint intrinsic first argument element type must be "
7249	"pointer and result element type must be integer",
7250	*VPCast);
7251	break;
7252	case Intrinsic::vp_inttoptr:
7253	Check(RetTy->isPtrOrPtrVectorTy() && ValTy->isIntOrIntVectorTy(),
7254	"llvm.vp.inttoptr intrinsic first argument element type must be "
7255	"integer and result element type must be pointer",
7256	*VPCast);
7257	break;
7258	}
7259	}
7260
7261	switch (VPI.getIntrinsicID()) {
7262	case Intrinsic::vp_fcmp: {
7263	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
7264	Check(CmpInst::isFPPredicate(Pred),
7265	"invalid predicate for VP FP comparison intrinsic", &VPI);
7266	break;
7267	}
7268	case Intrinsic::vp_icmp: {
7269	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
7270	Check(CmpInst::isIntPredicate(Pred),
7271	"invalid predicate for VP integer comparison intrinsic", &VPI);
7272	break;
7273	}
7274	case Intrinsic::vp_is_fpclass: {
7275	auto TestMask = cast<ConstantInt>(Val: VPI.getOperand(i_nocapture: `1`));
7276	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == `0`,
7277	"unsupported bits for llvm.vp.is.fpclass test mask");
7278	break;
7279	}
7280	case Intrinsic::experimental_vp_splice: {
7281	VectorType *VecTy = cast<VectorType>(Val: VPI.getType());
7282	int64_t Idx = cast<ConstantInt>(Val: VPI.getArgOperand(i: `2`))->getSExtValue();
7283	int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue();
7284	if (VPI.getParent() && VPI.getParent()->getParent()) {
7285	AttributeList Attrs = VPI.getParent()->getParent()->getAttributes();
7286	if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange))
7287	KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin();
7288	}
7289	Check((Idx < `0` && std::abs(Idx) <= KnownMinNumElements) \|\|
7290	(Idx >= `0` && Idx < KnownMinNumElements),
7291	"The splice index exceeds the range [-VL, VL-1] where VL is the "
7292	"known minimum number of elements in the vector. For scalable "
7293	"vectors the minimum number of elements is determined from "
7294	"vscale_range.",
7295	&VPI);
7296	break;
7297	}
7298	}
7299	}
7300
7301	void Verifier::visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI) {
7302	unsigned NumOperands = FPI.getNonMetadataArgCount();
7303	bool HasRoundingMD =
7304	Intrinsic::hasConstrainedFPRoundingModeOperand(QID: FPI.getIntrinsicID());
7305
7306	// Add the expected number of metadata operands.
7307	NumOperands += (`1` + HasRoundingMD);
7308
7309	// Compare intrinsics carry an extra predicate metadata operand.
7310	if (isa<ConstrainedFPCmpIntrinsic>(Val: FPI))
7311	NumOperands += `1`;
7312	Check((FPI.arg_size() == NumOperands),
7313	"invalid arguments for constrained FP intrinsic", &FPI);
7314
7315	switch (FPI.getIntrinsicID()) {
7316	case Intrinsic::experimental_constrained_fcmp:
7317	case Intrinsic::experimental_constrained_fcmps: {
7318	auto Pred = cast<ConstrainedFPCmpIntrinsic>(Val: &FPI)->getPredicate();
7319	Check(CmpInst::isFPPredicate(Pred),
7320	"invalid predicate for constrained FP comparison intrinsic", &FPI);
7321	break;
7322	}
7323
7324	case Intrinsic::experimental_constrained_fptosi:
7325	case Intrinsic::experimental_constrained_fptoui: {
7326	Value *Operand = FPI.getArgOperand(i: `0`);
7327	ElementCount SrcEC;
7328	Check(Operand->getType()->isFPOrFPVectorTy(),
7329	"Intrinsic first argument must be floating point", &FPI);
7330	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7331	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7332	}
7333
7334	Operand = &FPI;
7335	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7336	"Intrinsic first argument and result disagree on vector use", &FPI);
7337	Check(Operand->getType()->isIntOrIntVectorTy(),
7338	"Intrinsic result must be an integer", &FPI);
7339	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7340	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7341	"Intrinsic first argument and result vector lengths must be equal",
7342	&FPI);
7343	}
7344	break;
7345	}
7346
7347	case Intrinsic::experimental_constrained_sitofp:
7348	case Intrinsic::experimental_constrained_uitofp: {
7349	Value *Operand = FPI.getArgOperand(i: `0`);
7350	ElementCount SrcEC;
7351	Check(Operand->getType()->isIntOrIntVectorTy(),
7352	"Intrinsic first argument must be integer", &FPI);
7353	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7354	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7355	}
7356
7357	Operand = &FPI;
7358	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7359	"Intrinsic first argument and result disagree on vector use", &FPI);
7360	Check(Operand->getType()->isFPOrFPVectorTy(),
7361	"Intrinsic result must be a floating point", &FPI);
7362	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7363	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7364	"Intrinsic first argument and result vector lengths must be equal",
7365	&FPI);
7366	}
7367	break;
7368	}
7369
7370	case Intrinsic::experimental_constrained_fptrunc:
7371	case Intrinsic::experimental_constrained_fpext: {
7372	Value *Operand = FPI.getArgOperand(i: `0`);
7373	Type *OperandTy = Operand->getType();
7374	Value *Result = &FPI;
7375	Type *ResultTy = Result->getType();
7376	Check(OperandTy->isFPOrFPVectorTy(),
7377	"Intrinsic first argument must be FP or FP vector", &FPI);
7378	Check(ResultTy->isFPOrFPVectorTy(),
7379	"Intrinsic result must be FP or FP vector", &FPI);
7380	Check(OperandTy->isVectorTy() == ResultTy->isVectorTy(),
7381	"Intrinsic first argument and result disagree on vector use", &FPI);
7382	if (OperandTy->isVectorTy()) {
7383	Check(cast<VectorType>(OperandTy)->getElementCount() ==
7384	cast<VectorType>(ResultTy)->getElementCount(),
7385	"Intrinsic first argument and result vector lengths must be equal",
7386	&FPI);
7387	}
7388	if (FPI.getIntrinsicID() == Intrinsic::experimental_constrained_fptrunc) {
7389	Check(OperandTy->getScalarSizeInBits() > ResultTy->getScalarSizeInBits(),
7390	"Intrinsic first argument's type must be larger than result type",
7391	&FPI);
7392	} else {
7393	Check(OperandTy->getScalarSizeInBits() < ResultTy->getScalarSizeInBits(),
7394	"Intrinsic first argument's type must be smaller than result type",
7395	&FPI);
7396	}
7397	break;
7398	}
7399
7400	default:
7401	break;
7402	}
7403
7404	// If a non-metadata argument is passed in a metadata slot then the
7405	// error will be caught earlier when the incorrect argument doesn't
7406	// match the specification in the intrinsic call table. Thus, no
7407	// argument type check is needed here.
7408
7409	Check(FPI.getExceptionBehavior().has_value(),
7410	"invalid exception behavior argument", &FPI);
7411	if (HasRoundingMD) {
7412	Check(FPI.getRoundingMode().has_value(), "invalid rounding mode argument",
7413	&FPI);
7414	}
7415	}
7416
7417	void Verifier::verifyFragmentExpression(const DbgVariableRecord &DVR) {
7418	DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: DVR.getRawVariable());
7419	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7420
7421	// We don't know whether this intrinsic verified correctly.
7422	if (!V \|\| !E \|\| !E->isValid())
7423	return;
7424
7425	// Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
7426	auto Fragment = E->getFragmentInfo();
7427	if (!Fragment)
7428	return;
7429
7430	// The frontend helps out GDB by emitting the members of local anonymous
7431	// unions as artificial local variables with shared storage. When SROA splits
7432	// the storage for artificial local variables that are smaller than the entire
7433	// union, the overhang piece will be outside of the allotted space for the
7434	// variable and this check fails.
7435	// FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
7436	if (V->isArtificial())
7437	return;
7438
7439	verifyFragmentExpression(V: V, Fragment: Fragment, Desc: &DVR);
7440	}
7441
7442	template <typename ValueOrMetadata>
7443	void Verifier::verifyFragmentExpression(const DIVariable &V,
7444	DIExpression::FragmentInfo Fragment,
7445	ValueOrMetadata *Desc) {
7446	// If there's no size, the type is broken, but that should be checked
7447	// elsewhere.
7448	auto VarSize = V.getSizeInBits();
7449	if (!VarSize)
7450	return;
7451
7452	unsigned FragSize = Fragment.SizeInBits;
7453	unsigned FragOffset = Fragment.OffsetInBits;
7454	CheckDI(FragSize + FragOffset <= *VarSize,
7455	"fragment is larger than or outside of variable", Desc, &V);
7456	CheckDI(FragSize != *VarSize, "fragment covers entire variable", Desc, &V);
7457	}
7458
7459	void Verifier::verifyFnArgs(const DbgVariableRecord &DVR) {
7460	// This function does not take the scope of noninlined function arguments into
7461	// account. Don't run it if current function is nodebug, because it may
7462	// contain inlined debug intrinsics.
7463	if (!HasDebugInfo)
7464	return;
7465
7466	// For performance reasons only check non-inlined ones.
7467	if (DVR.getDebugLoc()->getInlinedAt())
7468	return;
7469
7470	DILocalVariable *Var = DVR.getVariable();
7471	CheckDI(Var, "#dbg record without variable");
7472
7473	unsigned ArgNo = Var->getArg();
7474	if (!ArgNo)
7475	return;
7476
7477	// Verify there are no duplicate function argument debug info entries.
7478	// These will cause hard-to-debug assertions in the DWARF backend.
7479	if (DebugFnArgs.size() < ArgNo)
7480	DebugFnArgs.resize(N: ArgNo, NV: nullptr);
7481
7482	auto *Prev = DebugFnArgs [ArgNo - `1`];
7483	DebugFnArgs [ArgNo - `1`] = Var;
7484	CheckDI(!Prev \|\| (Prev == Var), "conflicting debug info for argument", &DVR,
7485	Prev, Var);
7486	}
7487
7488	void Verifier::verifyNotEntryValue(const DbgVariableRecord &DVR) {
7489	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7490
7491	// We don't know whether this intrinsic verified correctly.
7492	if (!E \|\| !E->isValid())
7493	return;
7494
7495	if (isa<ValueAsMetadata>(Val: DVR.getRawLocation())) {
7496	Value *VarValue = DVR.getVariableLocationOp(OpIdx: `0`);
7497	if (isa<UndefValue>(Val: VarValue) \|\| isa<PoisonValue>(Val: VarValue))
7498	return;
7499	// We allow EntryValues for swift async arguments, as they have an
7500	// ABI-guarantee to be turned into a specific register.
7501	if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
7502	ArgLoc && ArgLoc->hasAttribute(Kind: Attribute::SwiftAsync))
7503	return;
7504	}
7505
7506	CheckDI(!E->isEntryValue(),
7507	"Entry values are only allowed in MIR unless they target a "
7508	"swiftasync Argument",
7509	&DVR);
7510	}
7511
7512	void Verifier::verifyCompileUnits() {
7513	// When more than one Module is imported into the same context, such as during
7514	// an LTO build before linking the modules, ODR type uniquing may cause types
7515	// to point to a different CU. This check does not make sense in this case.
7516	if (M.getContext().isODRUniquingDebugTypes())
7517	return;
7518	auto *CUs = M.getNamedMetadata(Name: "llvm.dbg.cu");
7519	SmallPtrSet<const Metadata *, `2`> Listed;
7520	if (CUs)
7521	Listed.insert_range(R: CUs->operands());
7522	for (const auto *CU : CUVisited)
7523	CheckDI(Listed.count(CU), "DICompileUnit not listed in llvm.dbg.cu", CU);
7524	CUVisited.clear();
7525	}
7526
7527	void Verifier::verifyDeoptimizeCallingConvs() {
7528	if (DeoptimizeDeclarations.empty())
7529	return;
7530
7531	const Function *First = DeoptimizeDeclarations [`0`];
7532	for (const auto *F : ArrayRef(DeoptimizeDeclarations).slice(N: `1`)) {
7533	Check(First->getCallingConv() == F->getCallingConv(),
7534	"All llvm.experimental.deoptimize declarations must have the same "
7535	"calling convention",
7536	First, F);
7537	}
7538	}
7539
7540	void Verifier::verifyAttachedCallBundle(const CallBase &Call,
7541	const OperandBundleUse &BU) {
7542	FunctionType *FTy = Call.getFunctionType();
7543
7544	Check((FTy->getReturnType()->isPointerTy() \|\|
7545	(Call.doesNotReturn() && FTy->getReturnType()->isVoidTy())),
7546	"a call with operand bundle \"clang.arc.attachedcall\" must call a "
7547	"function returning a pointer or a non-returning function that has a "
7548	"void return type",
7549	Call);
7550
7551	Check(BU.Inputs.size() == `1` && isa<Function>(BU.Inputs.front()),
7552	"operand bundle \"clang.arc.attachedcall\" requires one function as "
7553	"an argument",
7554	Call);
7555
7556	auto *Fn = cast<Function>(Val: BU.Inputs.front());
7557	Intrinsic::ID IID = Fn->getIntrinsicID();
7558
7559	if (IID) {
7560	Check((IID == Intrinsic::objc_retainAutoreleasedReturnValue \|\|
7561	IID == Intrinsic::objc_claimAutoreleasedReturnValue \|\|
7562	IID == Intrinsic::objc_unsafeClaimAutoreleasedReturnValue),
7563	"invalid function argument", Call);
7564	} else {
7565	StringRef FnName = Fn->getName();
7566	Check((FnName == "objc_retainAutoreleasedReturnValue" \|\|
7567	FnName == "objc_claimAutoreleasedReturnValue" \|\|
7568	FnName == "objc_unsafeClaimAutoreleasedReturnValue"),
7569	"invalid function argument", Call);
7570	}
7571	}
7572
7573	void Verifier::verifyNoAliasScopeDecl() {
7574	if (NoAliasScopeDecls.empty())
7575	return;
7576
7577	// only a single scope must be declared at a time.
7578	for (auto *II : NoAliasScopeDecls) {
7579	assert(II->getIntrinsicID() == Intrinsic::experimental_noalias_scope_decl &&
7580	"Not a llvm.experimental.noalias.scope.decl ?");
7581	const auto *ScopeListMV = dyn_cast<MetadataAsValue>(
7582	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7583	Check(ScopeListMV != nullptr,
7584	"llvm.experimental.noalias.scope.decl must have a MetadataAsValue "
7585	"argument",
7586	II);
7587
7588	const auto *ScopeListMD = dyn_cast<MDNode>(Val: ScopeListMV->getMetadata());
7589	Check(ScopeListMD != nullptr, "!id.scope.list must point to an MDNode", II);
7590	Check(ScopeListMD->getNumOperands() == `1`,
7591	"!id.scope.list must point to a list with a single scope", II);
7592	visitAliasScopeListMetadata(MD: ScopeListMD);
7593	}
7594
7595	// Only check the domination rule when requested. Once all passes have been
7596	// adapted this option can go away.
7597	if (!VerifyNoAliasScopeDomination)
7598	return;
7599
7600	// Now sort the intrinsics based on the scope MDNode so that declarations of
7601	// the same scopes are next to each other.
7602	auto GetScope = [](IntrinsicInst *II) {
7603	const auto *ScopeListMV = cast<MetadataAsValue>(
7604	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7605	return &cast<MDNode>(Val: ScopeListMV->getMetadata())->getOperand(I: `0`);
7606	};
7607
7608	// We are sorting on MDNode pointers here. For valid input IR this is ok.
7609	// TODO: Sort on Metadata ID to avoid non-deterministic error messages.
7610	auto Compare = [GetScope](IntrinsicInst Lhs, IntrinsicInst Rhs) {
7611	return GetScope (Lhs) < GetScope (Rhs);
7612	};
7613
7614	llvm::sort(C&: NoAliasScopeDecls, Comp: Compare);
7615
7616	// Go over the intrinsics and check that for the same scope, they are not
7617	// dominating each other.
7618	auto ItCurrent = NoAliasScopeDecls.begin();
7619	while (ItCurrent != NoAliasScopeDecls.end()) {
7620	auto CurScope = GetScope (*ItCurrent);
7621	auto ItNext = ItCurrent;
7622	do {
7623	++ItNext;
7624	} while (ItNext != NoAliasScopeDecls.end() &&
7625	GetScope (*ItNext) == CurScope);
7626
7627	// [ItCurrent, ItNext) represents the declarations for the same scope.
7628	// Ensure they are not dominating each other.. but only if it is not too
7629	// expensive.
7630	if (ItNext - ItCurrent < `32`)
7631	for (auto *I : llvm::make_range(x: ItCurrent, y: ItNext))
7632	for (auto *J : llvm::make_range(x: ItCurrent, y: ItNext))
7633	if (I != J)
7634	Check(!DT.dominates(I, J),
7635	"llvm.experimental.noalias.scope.decl dominates another one "
7636	"with the same scope",
7637	I);
7638	ItCurrent = ItNext;
7639	}
7640	}
7641
7642	//===----------------------------------------------------------------------===//
7643	// Implement the public interfaces to this file...
7644	//===----------------------------------------------------------------------===//
7645
7646	bool llvm::verifyFunction(const Function &f, raw_ostream *OS) {
7647	Function &F = const_cast<Function &>(f);
7648
7649	// Don't use a raw_null_ostream. Printing IR is expensive.
7650	Verifier V(OS, /ShouldTreatBrokenDebugInfoAsError=/true, *f.getParent());
7651
7652	// Note that this function's return value is inverted from what you would
7653	// expect of a function called "verify".
7654	return !V.verify(F);
7655	}
7656
7657	bool llvm::verifyModule(const Module &M, raw_ostream *OS,
7658	bool *BrokenDebugInfo) {
7659	// Don't use a raw_null_ostream. Printing IR is expensive.
7660	Verifier V(OS, /ShouldTreatBrokenDebugInfoAsError=/!BrokenDebugInfo, M);
7661
7662	bool Broken = false;
7663	for (const Function &F : M)
7664	Broken \|= !V.verify(F);
7665
7666	Broken \|= !V.verify();
7667	if (BrokenDebugInfo)
7668	*BrokenDebugInfo = V.hasBrokenDebugInfo();
7669	// Note that this function's return value is inverted from what you would
7670	// expect of a function called "verify".
7671	return Broken;
7672	}
7673
7674	namespace {
7675
7676	struct VerifierLegacyPass : public FunctionPass {
7677	static char ID;
7678
7679	std::unique_ptr<Verifier> V;
7680	bool FatalErrors = true;
7681
7682	VerifierLegacyPass() : FunctionPass (ID) {}
7683	explicit VerifierLegacyPass(bool FatalErrors)
7684	: FunctionPass (ID), FatalErrors(FatalErrors) {}
7685
7686	bool doInitialization(Module &M) override {
7687	V = std::make_unique<Verifier>(
7688	args: &dbgs(), /ShouldTreatBrokenDebugInfoAsError=/args: false, args&: M);
7689	return false;
7690	}
7691
7692	bool runOnFunction(Function &F) override {
7693	if (!V ->verify(F) && FatalErrors) {
7694	errs() << "in function " << F.getName() << `'\n'`;
7695	report_fatal_error(reason: "Broken function found, compilation aborted!");
7696	}
7697	return false;
7698	}
7699
7700	bool doFinalization(Module &M) override {
7701	bool HasErrors = false;
7702	for (Function &F : M)
7703	if (F.isDeclaration())
7704	HasErrors \|= !V ->verify(F);
7705
7706	HasErrors \|= !V ->verify();
7707	if (FatalErrors && (HasErrors \|\| V ->hasBrokenDebugInfo()))
7708	report_fatal_error(reason: "Broken module found, compilation aborted!");
7709	return false;
7710	}
7711
7712	void getAnalysisUsage(AnalysisUsage &AU) const override {
7713	AU.setPreservesAll();
7714	}
7715	};
7716
7717	} // end anonymous namespace
7718
7719	/// Helper to issue failure from the TBAA verification
7720	template <typename... Tys> void TBAAVerifier::CheckFailed(Tys &&... Args) {
7721	if (Diagnostic)
7722	return Diagnostic->CheckFailed(Args...);
7723	}
7724
7725	#define CheckTBAA(C, ...) \
7726	do { \
7727	if (!(C)) { \
7728	CheckFailed(__VA_ARGS__); \
7729	return false; \
7730	} \
7731	} while (false)
7732
7733	/// Verify that \p BaseNode can be used as the "base type" in the struct-path
7734	/// TBAA scheme. This means \p BaseNode is either a scalar node, or a
7735	/// struct-type node describing an aggregate data structure (like a struct).
7736	TBAAVerifier::TBAABaseNodeSummary
7737	TBAAVerifier::verifyTBAABaseNode(const Instruction I, const* MDNode *BaseNode,
7738	bool IsNewFormat) {
7739	if (BaseNode->getNumOperands() < `2`) {
7740	CheckFailed(Args: "Base nodes must have at least two operands", Args&: I, Args&: BaseNode);
7741	return {true, ~`0u`};
7742	}
7743
7744	auto Itr = TBAABaseNodes.find(Val: BaseNode);
7745	if (Itr != TBAABaseNodes.end())
7746	return Itr ->second;
7747
7748	auto Result = verifyTBAABaseNodeImpl(I, BaseNode, IsNewFormat);
7749	auto InsertResult = TBAABaseNodes.insert(KV: {BaseNode, Result});
7750	(void)InsertResult;
7751	assert(InsertResult.second && "We just checked!");
7752	return Result;
7753	}
7754
7755	TBAAVerifier::TBAABaseNodeSummary
7756	TBAAVerifier::verifyTBAABaseNodeImpl(const Instruction *I,
7757	const MDNode BaseNode, bool* IsNewFormat) {
7758	const TBAAVerifier::TBAABaseNodeSummary InvalidNode = {true, ~`0u`};
7759
7760	if (BaseNode->getNumOperands() == `2`) {
7761	// Scalar nodes can only be accessed at offset 0.
7762	return isValidScalarTBAANode(MD: BaseNode)
7763	? TBAAVerifier::TBAABaseNodeSummary({false, `0`})
7764	: InvalidNode;
7765	}
7766
7767	if (IsNewFormat) {
7768	if (BaseNode->getNumOperands() % `3` != `0`) {
7769	CheckFailed(Args: "Access tag nodes must have the number of operands that is a "
7770	"multiple of 3!", Args&: BaseNode);
7771	return InvalidNode;
7772	}
7773	} else {
7774	if (BaseNode->getNumOperands() % `2` != `1`) {
7775	CheckFailed(Args: "Struct tag nodes must have an odd number of operands!",
7776	Args&: BaseNode);
7777	return InvalidNode;
7778	}
7779	}
7780
7781	// Check the type size field.
7782	if (IsNewFormat) {
7783	auto *TypeSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7784	MD: BaseNode->getOperand(I: `1`));
7785	if (!TypeSizeNode) {
7786	CheckFailed(Args: "Type size nodes must be constants!", Args&: I, Args&: BaseNode);
7787	return InvalidNode;
7788	}
7789	}
7790
7791	// Check the type name field. In the new format it can be anything.
7792	if (!IsNewFormat && !isa<MDString>(Val: BaseNode->getOperand(I: `0`))) {
7793	CheckFailed(Args: "Struct tag nodes have a string as their first operand",
7794	Args&: BaseNode);
7795	return InvalidNode;
7796	}
7797
7798	bool Failed = false;
7799
7800	std::optional<APInt> PrevOffset;
7801	unsigned BitWidth = ~`0u`;
7802
7803	// We've already checked that BaseNode is not a degenerate root node with one
7804	// operand in \c verifyTBAABaseNode, so this loop should run at least once.
7805	unsigned FirstFieldOpNo = IsNewFormat ? `3` : `1`;
7806	unsigned NumOpsPerField = IsNewFormat ? `3` : `2`;
7807	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7808	Idx += NumOpsPerField) {
7809	const MDOperand &FieldTy = BaseNode->getOperand(I: Idx);
7810	const MDOperand &FieldOffset = BaseNode->getOperand(I: Idx + `1`);
7811	if (!isa<MDNode>(Val: FieldTy)) {
7812	CheckFailed(Args: "Incorrect field entry in struct type node!", Args&: I, Args&: BaseNode);
7813	Failed = true;
7814	continue;
7815	}
7816
7817	auto *OffsetEntryCI =
7818	mdconst::dyn_extract_or_null<ConstantInt>(MD: FieldOffset);
7819	if (!OffsetEntryCI) {
7820	CheckFailed(Args: "Offset entries must be constants!", Args&: I, Args&: BaseNode);
7821	Failed = true;
7822	continue;
7823	}
7824
7825	if (BitWidth == ~`0u`)
7826	BitWidth = OffsetEntryCI->getBitWidth();
7827
7828	if (OffsetEntryCI->getBitWidth() != BitWidth) {
7829	CheckFailed(
7830	Args: "Bitwidth between the offsets and struct type entries must match", Args&: I,
7831	Args&: BaseNode);
7832	Failed = true;
7833	continue;
7834	}
7835
7836	// NB! As far as I can tell, we generate a non-strictly increasing offset
7837	// sequence only from structs that have zero size bit fields. When
7838	// recursing into a contained struct in \c getFieldNodeFromTBAABaseNode we
7839	// pick the field lexically the latest in struct type metadata node. This
7840	// mirrors the actual behavior of the alias analysis implementation.
7841	bool IsAscending =
7842	!PrevOffset \|\| PrevOffset ->ule(RHS: OffsetEntryCI->getValue());
7843
7844	if (!IsAscending) {
7845	CheckFailed(Args: "Offsets must be increasing!", Args&: I, Args&: BaseNode);
7846	Failed = true;
7847	}
7848
7849	PrevOffset = OffsetEntryCI->getValue();
7850
7851	if (IsNewFormat) {
7852	auto *MemberSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7853	MD: BaseNode->getOperand(I: Idx + `2`));
7854	if (!MemberSizeNode) {
7855	CheckFailed(Args: "Member size entries must be constants!", Args&: I, Args&: BaseNode);
7856	Failed = true;
7857	continue;
7858	}
7859	}
7860	}
7861
7862	return Failed ? InvalidNode
7863	: TBAAVerifier::TBAABaseNodeSummary(false, BitWidth);
7864	}
7865
7866	static bool IsRootTBAANode(const MDNode *MD) {
7867	return MD->getNumOperands() < `2`;
7868	}
7869
7870	static bool IsScalarTBAANodeImpl(const MDNode *MD,
7871	SmallPtrSetImpl<const MDNode *> &Visited) {
7872	if (MD->getNumOperands() != `2` && MD->getNumOperands() != `3`)
7873	return false;
7874
7875	if (!isa<MDString>(Val: MD->getOperand(I: `0`)))
7876	return false;
7877
7878	if (MD->getNumOperands() == `3`) {
7879	auto *Offset = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: `2`));
7880	if (!(Offset && Offset->isZero() && isa<MDString>(Val: MD->getOperand(I: `0`))))
7881	return false;
7882	}
7883
7884	auto *Parent = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: `1`));
7885	return Parent && Visited.insert(Ptr: Parent).second &&
7886	(IsRootTBAANode(MD: Parent) \|\| IsScalarTBAANodeImpl(MD: Parent, Visited));
7887	}
7888
7889	bool TBAAVerifier::isValidScalarTBAANode(const MDNode *MD) {
7890	auto ResultIt = TBAAScalarNodes.find(Val: MD);
7891	if (ResultIt != TBAAScalarNodes.end())
7892	return ResultIt ->second;
7893
7894	SmallPtrSet<const MDNode *, `4`> Visited;
7895	bool Result = IsScalarTBAANodeImpl(MD, Visited);
7896	auto InsertResult = TBAAScalarNodes.insert(KV: {MD, Result});
7897	(void)InsertResult;
7898	assert(InsertResult.second && "Just checked!");
7899
7900	return Result;
7901	}
7902
7903	/// Returns the field node at the offset \p Offset in \p BaseNode. Update \p
7904	/// Offset in place to be the offset within the field node returned.
7905	///
7906	/// We assume we've okayed \p BaseNode via \c verifyTBAABaseNode.
7907	MDNode TBAAVerifier::getFieldNodeFromTBAABaseNode(const* Instruction *I,
7908	const MDNode *BaseNode,
7909	APInt &Offset,
7910	bool IsNewFormat) {
7911	assert(BaseNode->getNumOperands() >= `2` && "Invalid base node!");
7912
7913	// Scalar nodes have only one possible "field" -- their parent in the access
7914	// hierarchy. Offset must be zero at this point, but our caller is supposed
7915	// to check that.
7916	if (BaseNode->getNumOperands() == `2`)
7917	return cast<MDNode>(Val: BaseNode->getOperand(I: `1`));
7918
7919	unsigned FirstFieldOpNo = IsNewFormat ? `3` : `1`;
7920	unsigned NumOpsPerField = IsNewFormat ? `3` : `2`;
7921	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7922	Idx += NumOpsPerField) {
7923	auto *OffsetEntryCI =
7924	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: Idx + `1`));
7925	if (OffsetEntryCI->getValue().ugt(RHS: Offset)) {
7926	if (Idx == FirstFieldOpNo) {
7927	CheckFailed(Args: "Could not find TBAA parent in struct type node", Args&: I,
7928	Args&: BaseNode, Args: &Offset);
7929	return nullptr;
7930	}
7931
7932	unsigned PrevIdx = Idx - NumOpsPerField;
7933	auto *PrevOffsetEntryCI =
7934	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: PrevIdx + `1`));
7935	Offset -= PrevOffsetEntryCI->getValue();
7936	return cast<MDNode>(Val: BaseNode->getOperand(I: PrevIdx));
7937	}
7938	}
7939
7940	unsigned LastIdx = BaseNode->getNumOperands() - NumOpsPerField;
7941	auto *LastOffsetEntryCI = mdconst::extract<ConstantInt>(
7942	MD: BaseNode->getOperand(I: LastIdx + `1`));
7943	Offset -= LastOffsetEntryCI->getValue();
7944	return cast<MDNode>(Val: BaseNode->getOperand(I: LastIdx));
7945	}
7946
7947	static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) {
7948	if (!Type \|\| Type->getNumOperands() < `3`)
7949	return false;
7950
7951	// In the new format type nodes shall have a reference to the parent type as
7952	// its first operand.
7953	return isa_and_nonnull<MDNode>(Val: Type->getOperand(I: `0`));
7954	}
7955
7956	bool TBAAVerifier::visitTBAAMetadata(const Instruction I, const* MDNode *MD) {
7957	CheckTBAA(MD->getNumOperands() > `0`, "TBAA metadata cannot have 0 operands", I,
7958	MD);
7959
7960	if (I)
7961	CheckTBAA(isa<LoadInst>(I) \|\| isa<StoreInst>(I) \|\| isa<CallInst>(I) \|\|
7962	isa<VAArgInst>(I) \|\| isa<AtomicRMWInst>(I) \|\|
7963	isa<AtomicCmpXchgInst>(I),
7964	"This instruction shall not have a TBAA access tag!", I);
7965
7966	bool IsStructPathTBAA =
7967	isa<MDNode>(Val: MD->getOperand(I: `0`)) && MD->getNumOperands() >= `3`;
7968
7969	CheckTBAA(IsStructPathTBAA,
7970	"Old-style TBAA is no longer allowed, use struct-path TBAA instead",
7971	I);
7972
7973	MDNode *BaseNode = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: `0`));
7974	MDNode *AccessType = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: `1`));
7975
7976	bool IsNewFormat = isNewFormatTBAATypeNode(Type: AccessType);
7977
7978	if (IsNewFormat) {
7979	CheckTBAA(MD->getNumOperands() == `4` \|\| MD->getNumOperands() == `5`,
7980	"Access tag metadata must have either 4 or 5 operands", I, MD);
7981	} else {
7982	CheckTBAA(MD->getNumOperands() < `5`,
7983	"Struct tag metadata must have either 3 or 4 operands", I, MD);
7984	}
7985
7986	// Check the access size field.
7987	if (IsNewFormat) {
7988	auto *AccessSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7989	MD: MD->getOperand(I: `3`));
7990	CheckTBAA(AccessSizeNode, "Access size field must be a constant", I, MD);
7991	}
7992
7993	// Check the immutability flag.
7994	unsigned ImmutabilityFlagOpNo = IsNewFormat ? `4` : `3`;
7995	if (MD->getNumOperands() == ImmutabilityFlagOpNo + `1`) {
7996	auto *IsImmutableCI = mdconst::dyn_extract_or_null<ConstantInt>(
7997	MD: MD->getOperand(I: ImmutabilityFlagOpNo));
7998	CheckTBAA(IsImmutableCI,
7999	"Immutability tag on struct tag metadata must be a constant", I,
8000	MD);
8001	CheckTBAA(
8002	IsImmutableCI->isZero() \|\| IsImmutableCI->isOne(),
8003	"Immutability part of the struct tag metadata must be either 0 or 1", I,
8004	MD);
8005	}
8006
8007	CheckTBAA(BaseNode && AccessType,
8008	"Malformed struct tag metadata: base and access-type "
8009	"should be non-null and point to Metadata nodes",
8010	I, MD, BaseNode, AccessType);
8011
8012	if (!IsNewFormat) {
8013	CheckTBAA(isValidScalarTBAANode(AccessType),
8014	"Access type node must be a valid scalar type", I, MD,
8015	AccessType);
8016	}
8017
8018	auto *OffsetCI = mdconst::dyn_extract_or_null<ConstantInt>(MD: MD->getOperand(I: `2`));
8019	CheckTBAA(OffsetCI, "Offset must be constant integer", I, MD);
8020
8021	APInt Offset = OffsetCI->getValue();
8022	bool SeenAccessTypeInPath = false;
8023
8024	SmallPtrSet<MDNode *, `4`> StructPath;
8025
8026	for (/ empty /; BaseNode && !IsRootTBAANode(MD: BaseNode);
8027	BaseNode =
8028	getFieldNodeFromTBAABaseNode(I, BaseNode, Offset, IsNewFormat)) {
8029	if (!StructPath.insert(Ptr: BaseNode).second) {
8030	CheckFailed(Args: "Cycle detected in struct path", Args&: I, Args&: MD);
8031	return false;
8032	}
8033
8034	bool Invalid;
8035	unsigned BaseNodeBitWidth;
8036	std::tie(args&: Invalid, args&: BaseNodeBitWidth) =
8037	verifyTBAABaseNode(I, BaseNode, IsNewFormat);
8038
8039	// If the base node is invalid in itself, then we've already printed all the
8040	// errors we wanted to print.
8041	if (Invalid)
8042	return false;
8043
8044	SeenAccessTypeInPath \|= BaseNode == AccessType;
8045
8046	if (isValidScalarTBAANode(MD: BaseNode) \|\| BaseNode == AccessType)
8047	CheckTBAA(Offset == `0`, "Offset not zero at the point of scalar access", I,
8048	MD, &Offset);
8049
8050	CheckTBAA(BaseNodeBitWidth == Offset.getBitWidth() \|\|
8051	(BaseNodeBitWidth == `0` && Offset == `0`) \|\|
8052	(IsNewFormat && BaseNodeBitWidth == ~`0u`),
8053	"Access bit-width not the same as description bit-width", I, MD,
8054	BaseNodeBitWidth, Offset.getBitWidth());
8055
8056	if (IsNewFormat && SeenAccessTypeInPath)
8057	break;
8058	}
8059
8060	CheckTBAA(SeenAccessTypeInPath, "Did not see access type in access path!", I,
8061	MD);
8062	return true;
8063	}
8064
8065	char VerifierLegacyPass::ID = `0`;
8066	INITIALIZE_PASS(VerifierLegacyPass, "verify", "Module Verifier", false, false)
8067
8068	FunctionPass llvm::createVerifierPass(bool* FatalErrors) {
8069	return new VerifierLegacyPass (FatalErrors);
8070	}
8071
8072	AnalysisKey VerifierAnalysis::Key;
8073	VerifierAnalysis::Result VerifierAnalysis::run(Module &M,
8074	ModuleAnalysisManager &) {
8075	Result Res;
8076	Res.IRBroken = llvm::verifyModule(M, OS: &dbgs(), BrokenDebugInfo: &Res.DebugInfoBroken);
8077	return Res;
8078	}
8079
8080	VerifierAnalysis::Result VerifierAnalysis::run(Function &F,
8081	FunctionAnalysisManager &) {
8082	return { .IRBroken: llvm::verifyFunction(f: F, OS: &dbgs()), .DebugInfoBroken: false };
8083	}
8084
8085	PreservedAnalyses VerifierPass::run(Module &M, ModuleAnalysisManager &AM) {
8086	auto Res = AM.getResult<VerifierAnalysis>(IR&: M);
8087	if (FatalErrors && (Res.IRBroken \|\| Res.DebugInfoBroken))
8088	report_fatal_error(reason: "Broken module found, compilation aborted!");
8089
8090	return PreservedAnalyses::all();
8091	}
8092
8093	PreservedAnalyses VerifierPass::run(Function &F, FunctionAnalysisManager &AM) {
8094	auto res = AM.getResult<VerifierAnalysis>(IR&: F);
8095	if (res.IRBroken && FatalErrors)
8096	report_fatal_error(reason: "Broken function found, compilation aborted!");
8097
8098	return PreservedAnalyses::all();
8099	}
8100

Browse the source code of llvm_projects/llvm/lib/IR/Verifier.cpp