1//===-- Verifier.cpp - Implement the Module Verifier -----------------------==//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines the function verifier interface, that can be used for some
10// basic correctness checking of input to the system.
11//
12// Note that this does not provide full `Java style' security and verifications,
13// instead it just tries to ensure that code is well-formed.
14//
15// * Both of a binary operator's parameters are of the same type
16// * Verify that the indices of mem access instructions match other operands
17// * Verify that arithmetic and other things are only performed on first-class
18// types. Verify that shifts & logicals only happen on integrals f.e.
19// * All of the constants in a switch statement are of the correct type
20// * The code is in valid SSA form
21// * It should be illegal to put a label into any other type (like a structure)
22// or to return one. [except constant arrays!]
23// * Only phi nodes can be self referential: 'add i32 %0, %0 ; <int>:0' is bad
24// * PHI nodes must have an entry for each predecessor, with no extras.
25// * PHI nodes must be the first thing in a basic block, all grouped together
26// * All basic blocks should only end with terminator insts, not contain them
27// * The entry node to a function must not have predecessors
28// * All Instructions must be embedded into a basic block
29// * Functions cannot take a void-typed parameter
30// * Verify that a function's argument list agrees with it's declared type.
31// * It is illegal to specify a name for a void value.
32// * It is illegal to have a internal global value with no initializer
33// * It is illegal to have a ret instruction that returns a value that does not
34// agree with the function return value type.
35// * Function call argument types match the function prototype
36// * A landing pad is defined by a landingpad instruction, and can be jumped to
37// only by the unwind edge of an invoke instruction.
38// * A landingpad instruction must be the first non-PHI instruction in the
39// block.
40// * Landingpad instructions must be in a function with a personality function.
41// * Convergence control intrinsics are introduced in ConvergentOperations.rst.
42// The applied restrictions are too numerous to list here.
43// * The convergence entry intrinsic and the loop heart must be the first
44// non-PHI instruction in their respective block. This does not conflict with
45// the landing pads, since these two kinds cannot occur in the same block.
46// * All other things that are tested by asserts spread about the code...
47//
48//===----------------------------------------------------------------------===//
49
50#include "llvm/IR/Verifier.h"
51#include "llvm/ADT/APFloat.h"
52#include "llvm/ADT/APInt.h"
53#include "llvm/ADT/ArrayRef.h"
54#include "llvm/ADT/DenseMap.h"
55#include "llvm/ADT/MapVector.h"
56#include "llvm/ADT/STLExtras.h"
57#include "llvm/ADT/SmallPtrSet.h"
58#include "llvm/ADT/SmallVector.h"
59#include "llvm/ADT/StringExtras.h"
60#include "llvm/ADT/StringRef.h"
61#include "llvm/ADT/Twine.h"
62#include "llvm/BinaryFormat/Dwarf.h"
63#include "llvm/IR/Argument.h"
64#include "llvm/IR/AttributeMask.h"
65#include "llvm/IR/Attributes.h"
66#include "llvm/IR/BasicBlock.h"
67#include "llvm/IR/CFG.h"
68#include "llvm/IR/CallingConv.h"
69#include "llvm/IR/Comdat.h"
70#include "llvm/IR/Constant.h"
71#include "llvm/IR/ConstantRange.h"
72#include "llvm/IR/ConstantRangeList.h"
73#include "llvm/IR/Constants.h"
74#include "llvm/IR/ConvergenceVerifier.h"
75#include "llvm/IR/DataLayout.h"
76#include "llvm/IR/DebugInfo.h"
77#include "llvm/IR/DebugInfoMetadata.h"
78#include "llvm/IR/DebugLoc.h"
79#include "llvm/IR/DerivedTypes.h"
80#include "llvm/IR/Dominators.h"
81#include "llvm/IR/EHPersonalities.h"
82#include "llvm/IR/FPEnv.h"
83#include "llvm/IR/Function.h"
84#include "llvm/IR/GCStrategy.h"
85#include "llvm/IR/GetElementPtrTypeIterator.h"
86#include "llvm/IR/GlobalAlias.h"
87#include "llvm/IR/GlobalValue.h"
88#include "llvm/IR/GlobalVariable.h"
89#include "llvm/IR/InlineAsm.h"
90#include "llvm/IR/InstVisitor.h"
91#include "llvm/IR/InstrTypes.h"
92#include "llvm/IR/Instruction.h"
93#include "llvm/IR/Instructions.h"
94#include "llvm/IR/IntrinsicInst.h"
95#include "llvm/IR/Intrinsics.h"
96#include "llvm/IR/IntrinsicsAArch64.h"
97#include "llvm/IR/IntrinsicsAMDGPU.h"
98#include "llvm/IR/IntrinsicsARM.h"
99#include "llvm/IR/IntrinsicsNVPTX.h"
100#include "llvm/IR/IntrinsicsWebAssembly.h"
101#include "llvm/IR/LLVMContext.h"
102#include "llvm/IR/MemoryModelRelaxationAnnotations.h"
103#include "llvm/IR/Metadata.h"
104#include "llvm/IR/Module.h"
105#include "llvm/IR/ModuleSlotTracker.h"
106#include "llvm/IR/PassManager.h"
107#include "llvm/IR/ProfDataUtils.h"
108#include "llvm/IR/Statepoint.h"
109#include "llvm/IR/Type.h"
110#include "llvm/IR/Use.h"
111#include "llvm/IR/User.h"
112#include "llvm/IR/VFABIDemangler.h"
113#include "llvm/IR/Value.h"
114#include "llvm/InitializePasses.h"
115#include "llvm/Pass.h"
116#include "llvm/ProfileData/InstrProf.h"
117#include "llvm/Support/AMDGPUAddrSpace.h"
118#include "llvm/Support/AtomicOrdering.h"
119#include "llvm/Support/Casting.h"
120#include "llvm/Support/CommandLine.h"
121#include "llvm/Support/ErrorHandling.h"
122#include "llvm/Support/MathExtras.h"
123#include "llvm/Support/ModRef.h"
124#include "llvm/Support/TimeProfiler.h"
125#include "llvm/Support/raw_ostream.h"
126#include <algorithm>
127#include <cassert>
128#include <cstdint>
129#include <memory>
130#include <optional>
131#include <string>
132#include <utility>
133
134using namespace llvm;
135
136static cl::opt<bool> VerifyNoAliasScopeDomination(
137 "verify-noalias-scope-decl-dom", cl::Hidden, cl::init(Val: false),
138 cl::desc("Ensure that llvm.experimental.noalias.scope.decl for identical "
139 "scopes are not dominating"));
140
141struct llvm::VerifierSupport {
142 raw_ostream *OS;
143 const Module &M;
144 ModuleSlotTracker MST;
145 const Triple &TT;
146 const DataLayout &DL;
147 LLVMContext &Context;
148
149 /// Track the brokenness of the module while recursively visiting.
150 bool Broken = false;
151 /// Broken debug info can be "recovered" from by stripping the debug info.
152 bool BrokenDebugInfo = false;
153 /// Whether to treat broken debug info as an error.
154 bool TreatBrokenDebugInfoAsError = true;
155
156 explicit VerifierSupport(raw_ostream *OS, const Module &M)
157 : OS(OS), M(M), MST(&M), TT(M.getTargetTriple()), DL(M.getDataLayout()),
158 Context(M.getContext()) {}
159
160private:
161 void Write(const Module *M) {
162 *OS << "; ModuleID = '" << M->getModuleIdentifier() << "'\n";
163 }
164
165 void Write(const Value *V) {
166 if (V)
167 Write(V: *V);
168 }
169
170 void Write(const Value &V) {
171 if (isa<Instruction>(Val: V)) {
172 V.print(O&: *OS, MST);
173 *OS << '\n';
174 } else {
175 V.printAsOperand(O&: *OS, PrintType: true, MST);
176 *OS << '\n';
177 }
178 }
179
180 void Write(const DbgRecord *DR) {
181 if (DR) {
182 DR->print(O&: *OS, MST, IsForDebug: false);
183 *OS << '\n';
184 }
185 }
186
187 void Write(DbgVariableRecord::LocationType Type) {
188 switch (Type) {
189 case DbgVariableRecord::LocationType::Value:
190 *OS << "value";
191 break;
192 case DbgVariableRecord::LocationType::Declare:
193 *OS << "declare";
194 break;
195 case DbgVariableRecord::LocationType::DeclareValue:
196 *OS << "declare_value";
197 break;
198 case DbgVariableRecord::LocationType::Assign:
199 *OS << "assign";
200 break;
201 case DbgVariableRecord::LocationType::End:
202 *OS << "end";
203 break;
204 case DbgVariableRecord::LocationType::Any:
205 *OS << "any";
206 break;
207 };
208 }
209
210 void Write(const Metadata *MD) {
211 if (!MD)
212 return;
213 MD->print(OS&: *OS, MST, M: &M);
214 *OS << '\n';
215 }
216
217 template <class T> void Write(const MDTupleTypedArrayWrapper<T> &MD) {
218 Write(MD.get());
219 }
220
221 void Write(const NamedMDNode *NMD) {
222 if (!NMD)
223 return;
224 NMD->print(ROS&: *OS, MST);
225 *OS << '\n';
226 }
227
228 void Write(Type *T) {
229 if (!T)
230 return;
231 *OS << ' ' << *T;
232 }
233
234 void Write(const Comdat *C) {
235 if (!C)
236 return;
237 *OS << *C;
238 }
239
240 void Write(const APInt *AI) {
241 if (!AI)
242 return;
243 *OS << *AI << '\n';
244 }
245
246 void Write(const unsigned i) { *OS << i << '\n'; }
247
248 // NOLINTNEXTLINE(readability-identifier-naming)
249 void Write(const Attribute *A) {
250 if (!A)
251 return;
252 *OS << A->getAsString() << '\n';
253 }
254
255 // NOLINTNEXTLINE(readability-identifier-naming)
256 void Write(const AttributeSet *AS) {
257 if (!AS)
258 return;
259 *OS << AS->getAsString() << '\n';
260 }
261
262 // NOLINTNEXTLINE(readability-identifier-naming)
263 void Write(const AttributeList *AL) {
264 if (!AL)
265 return;
266 AL->print(O&: *OS);
267 }
268
269 void Write(Printable P) { *OS << P << '\n'; }
270
271 template <typename T> void Write(ArrayRef<T> Vs) {
272 for (const T &V : Vs)
273 Write(V);
274 }
275
276 template <typename T1, typename... Ts>
277 void WriteTs(const T1 &V1, const Ts &... Vs) {
278 Write(V1);
279 WriteTs(Vs...);
280 }
281
282 template <typename... Ts> void WriteTs() {}
283
284public:
285 /// A check failed, so printout out the condition and the message.
286 ///
287 /// This provides a nice place to put a breakpoint if you want to see why
288 /// something is not correct.
289 void CheckFailed(const Twine &Message) {
290 if (OS)
291 *OS << Message << '\n';
292 Broken = true;
293 }
294
295 /// A check failed (with values to print).
296 ///
297 /// This calls the Message-only version so that the above is easier to set a
298 /// breakpoint on.
299 template <typename T1, typename... Ts>
300 void CheckFailed(const Twine &Message, const T1 &V1, const Ts &... Vs) {
301 CheckFailed(Message);
302 if (OS)
303 WriteTs(V1, Vs...);
304 }
305
306 /// A debug info check failed.
307 void DebugInfoCheckFailed(const Twine &Message) {
308 if (OS)
309 *OS << Message << '\n';
310 Broken |= TreatBrokenDebugInfoAsError;
311 BrokenDebugInfo = true;
312 }
313
314 /// A debug info check failed (with values to print).
315 template <typename T1, typename... Ts>
316 void DebugInfoCheckFailed(const Twine &Message, const T1 &V1,
317 const Ts &... Vs) {
318 DebugInfoCheckFailed(Message);
319 if (OS)
320 WriteTs(V1, Vs...);
321 }
322};
323
324namespace {
325
326class Verifier : public InstVisitor<Verifier>, VerifierSupport {
327 friend class InstVisitor<Verifier>;
328 DominatorTree DT;
329
330 /// When verifying a basic block, keep track of all of the
331 /// instructions we have seen so far.
332 ///
333 /// This allows us to do efficient dominance checks for the case when an
334 /// instruction has an operand that is an instruction in the same block.
335 SmallPtrSet<Instruction *, 16> InstsInThisBlock;
336
337 /// Keep track of the metadata nodes that have been checked already.
338 SmallPtrSet<const Metadata *, 32> MDNodes;
339
340 /// Keep track which DISubprogram is attached to which function.
341 DenseMap<const DISubprogram *, const Function *> DISubprogramAttachments;
342
343 /// Track all DICompileUnits visited.
344 SmallPtrSet<const Metadata *, 2> CUVisited;
345
346 /// The result type for a landingpad.
347 Type *LandingPadResultTy;
348
349 /// Whether we've seen a call to @llvm.localescape in this function
350 /// already.
351 bool SawFrameEscape;
352
353 /// Whether the current function has a DISubprogram attached to it.
354 bool HasDebugInfo = false;
355
356 /// Stores the count of how many objects were passed to llvm.localescape for a
357 /// given function and the largest index passed to llvm.localrecover.
358 DenseMap<Function *, std::pair<unsigned, unsigned>> FrameEscapeInfo;
359
360 // Maps catchswitches and cleanuppads that unwind to siblings to the
361 // terminators that indicate the unwind, used to detect cycles therein.
362 MapVector<Instruction *, Instruction *> SiblingFuncletInfo;
363
364 /// Cache which blocks are in which funclet, if an EH funclet personality is
365 /// in use. Otherwise empty.
366 DenseMap<BasicBlock *, ColorVector> BlockEHFuncletColors;
367
368 /// Cache of constants visited in search of ConstantExprs.
369 SmallPtrSet<const Constant *, 32> ConstantExprVisited;
370
371 /// Cache of declarations of the llvm.experimental.deoptimize.<ty> intrinsic.
372 SmallVector<const Function *, 4> DeoptimizeDeclarations;
373
374 /// Cache of attribute lists verified.
375 SmallPtrSet<const void *, 32> AttributeListsVisited;
376
377 // Verify that this GlobalValue is only used in this module.
378 // This map is used to avoid visiting uses twice. We can arrive at a user
379 // twice, if they have multiple operands. In particular for very large
380 // constant expressions, we can arrive at a particular user many times.
381 SmallPtrSet<const Value *, 32> GlobalValueVisited;
382
383 // Keeps track of duplicate function argument debug info.
384 SmallVector<const DILocalVariable *, 16> DebugFnArgs;
385
386 TBAAVerifier TBAAVerifyHelper;
387 ConvergenceVerifier ConvergenceVerifyHelper;
388
389 SmallVector<IntrinsicInst *, 4> NoAliasScopeDecls;
390
391 void checkAtomicMemAccessSize(Type *Ty, const Instruction *I);
392
393public:
394 explicit Verifier(raw_ostream *OS, bool ShouldTreatBrokenDebugInfoAsError,
395 const Module &M)
396 : VerifierSupport(OS, M), LandingPadResultTy(nullptr),
397 SawFrameEscape(false), TBAAVerifyHelper(this) {
398 TreatBrokenDebugInfoAsError = ShouldTreatBrokenDebugInfoAsError;
399 }
400
401 bool hasBrokenDebugInfo() const { return BrokenDebugInfo; }
402
403 bool verify(const Function &F) {
404 llvm::TimeTraceScope timeScope("Verifier");
405 assert(F.getParent() == &M &&
406 "An instance of this class only works with a specific module!");
407
408 // First ensure the function is well-enough formed to compute dominance
409 // information, and directly compute a dominance tree. We don't rely on the
410 // pass manager to provide this as it isolates us from a potentially
411 // out-of-date dominator tree and makes it significantly more complex to run
412 // this code outside of a pass manager.
413 // FIXME: It's really gross that we have to cast away constness here.
414 if (!F.empty())
415 DT.recalculate(Func&: const_cast<Function &>(F));
416
417 for (const BasicBlock &BB : F) {
418 if (!BB.empty() && BB.back().isTerminator())
419 continue;
420
421 if (OS) {
422 *OS << "Basic Block in function '" << F.getName()
423 << "' does not have terminator!\n";
424 BB.printAsOperand(O&: *OS, PrintType: true, MST);
425 *OS << "\n";
426 }
427 return false;
428 }
429
430 auto FailureCB = [this](const Twine &Message) {
431 this->CheckFailed(Message);
432 };
433 ConvergenceVerifyHelper.initialize(OS, FailureCB, F);
434
435 Broken = false;
436 // FIXME: We strip const here because the inst visitor strips const.
437 visit(F&: const_cast<Function &>(F));
438 verifySiblingFuncletUnwinds();
439
440 if (ConvergenceVerifyHelper.sawTokens())
441 ConvergenceVerifyHelper.verify(DT);
442
443 InstsInThisBlock.clear();
444 DebugFnArgs.clear();
445 LandingPadResultTy = nullptr;
446 SawFrameEscape = false;
447 SiblingFuncletInfo.clear();
448 verifyNoAliasScopeDecl();
449 NoAliasScopeDecls.clear();
450
451 return !Broken;
452 }
453
454 /// Verify the module that this instance of \c Verifier was initialized with.
455 bool verify() {
456 Broken = false;
457
458 // Collect all declarations of the llvm.experimental.deoptimize intrinsic.
459 for (const Function &F : M)
460 if (F.getIntrinsicID() == Intrinsic::experimental_deoptimize)
461 DeoptimizeDeclarations.push_back(Elt: &F);
462
463 // Now that we've visited every function, verify that we never asked to
464 // recover a frame index that wasn't escaped.
465 verifyFrameRecoverIndices();
466 for (const GlobalVariable &GV : M.globals())
467 visitGlobalVariable(GV);
468
469 for (const GlobalAlias &GA : M.aliases())
470 visitGlobalAlias(GA);
471
472 for (const GlobalIFunc &GI : M.ifuncs())
473 visitGlobalIFunc(GI);
474
475 for (const NamedMDNode &NMD : M.named_metadata())
476 visitNamedMDNode(NMD);
477
478 for (const StringMapEntry<Comdat> &SMEC : M.getComdatSymbolTable())
479 visitComdat(C: SMEC.getValue());
480
481 visitModuleFlags();
482 visitModuleIdents();
483 visitModuleCommandLines();
484 visitModuleErrnoTBAA();
485
486 verifyCompileUnits();
487
488 verifyDeoptimizeCallingConvs();
489 DISubprogramAttachments.clear();
490 return !Broken;
491 }
492
493private:
494 /// Whether a metadata node is allowed to be, or contain, a DILocation.
495 enum class AreDebugLocsAllowed { No, Yes };
496
497 /// Metadata that should be treated as a range, with slightly different
498 /// requirements.
499 enum class RangeLikeMetadataKind {
500 Range, // MD_range
501 AbsoluteSymbol, // MD_absolute_symbol
502 NoaliasAddrspace // MD_noalias_addrspace
503 };
504
505 // Verification methods...
506 void visitGlobalValue(const GlobalValue &GV);
507 void visitGlobalVariable(const GlobalVariable &GV);
508 void visitGlobalAlias(const GlobalAlias &GA);
509 void visitGlobalIFunc(const GlobalIFunc &GI);
510 void visitAliaseeSubExpr(const GlobalAlias &A, const Constant &C);
511 void visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias *> &Visited,
512 const GlobalAlias &A, const Constant &C);
513 void visitNamedMDNode(const NamedMDNode &NMD);
514 void visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs);
515 void visitMetadataAsValue(const MetadataAsValue &MD, Function *F);
516 void visitValueAsMetadata(const ValueAsMetadata &MD, Function *F);
517 void visitDIArgList(const DIArgList &AL, Function *F);
518 void visitComdat(const Comdat &C);
519 void visitModuleIdents();
520 void visitModuleCommandLines();
521 void visitModuleErrnoTBAA();
522 void visitModuleFlags();
523 void visitModuleFlag(const MDNode *Op,
524 DenseMap<const MDString *, const MDNode *> &SeenIDs,
525 SmallVectorImpl<const MDNode *> &Requirements);
526 void visitModuleFlagCGProfileEntry(const MDOperand &MDO);
527 void visitFunction(const Function &F);
528 void visitBasicBlock(BasicBlock &BB);
529 void verifyRangeLikeMetadata(const Value &V, const MDNode *Range, Type *Ty,
530 RangeLikeMetadataKind Kind);
531 void visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty);
532 void visitNoFPClassMetadata(Instruction &I, MDNode *Range, Type *Ty);
533 void visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range, Type *Ty);
534 void visitDereferenceableMetadata(Instruction &I, MDNode *MD);
535 void visitNofreeMetadata(Instruction &I, MDNode *MD);
536 void visitProfMetadata(Instruction &I, MDNode *MD);
537 void visitCallStackMetadata(MDNode *MD);
538 void visitMemProfMetadata(Instruction &I, MDNode *MD);
539 void visitCallsiteMetadata(Instruction &I, MDNode *MD);
540 void visitCalleeTypeMetadata(Instruction &I, MDNode *MD);
541 void visitDIAssignIDMetadata(Instruction &I, MDNode *MD);
542 void visitMMRAMetadata(Instruction &I, MDNode *MD);
543 void visitAnnotationMetadata(MDNode *Annotation);
544 void visitAliasScopeMetadata(const MDNode *MD);
545 void visitAliasScopeListMetadata(const MDNode *MD);
546 void visitAccessGroupMetadata(const MDNode *MD);
547 void visitCapturesMetadata(Instruction &I, const MDNode *Captures);
548 void visitAllocTokenMetadata(Instruction &I, MDNode *MD);
549
550 template <class Ty> bool isValidMetadataArray(const MDTuple &N);
551#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) void visit##CLASS(const CLASS &N);
552#include "llvm/IR/Metadata.def"
553 void visitDIScope(const DIScope &N);
554 void visitDIVariable(const DIVariable &N);
555 void visitDILexicalBlockBase(const DILexicalBlockBase &N);
556 void visitDITemplateParameter(const DITemplateParameter &N);
557
558 void visitTemplateParams(const MDNode &N, const Metadata &RawParams);
559
560 void visit(DbgLabelRecord &DLR);
561 void visit(DbgVariableRecord &DVR);
562 // InstVisitor overrides...
563 using InstVisitor<Verifier>::visit;
564 void visitDbgRecords(Instruction &I);
565 void visit(Instruction &I);
566
567 void visitTruncInst(TruncInst &I);
568 void visitZExtInst(ZExtInst &I);
569 void visitSExtInst(SExtInst &I);
570 void visitFPTruncInst(FPTruncInst &I);
571 void visitFPExtInst(FPExtInst &I);
572 void visitFPToUIInst(FPToUIInst &I);
573 void visitFPToSIInst(FPToSIInst &I);
574 void visitUIToFPInst(UIToFPInst &I);
575 void visitSIToFPInst(SIToFPInst &I);
576 void visitIntToPtrInst(IntToPtrInst &I);
577 void checkPtrToAddr(Type *SrcTy, Type *DestTy, const Value &V);
578 void visitPtrToAddrInst(PtrToAddrInst &I);
579 void visitPtrToIntInst(PtrToIntInst &I);
580 void visitBitCastInst(BitCastInst &I);
581 void visitAddrSpaceCastInst(AddrSpaceCastInst &I);
582 void visitPHINode(PHINode &PN);
583 void visitCallBase(CallBase &Call);
584 void visitUnaryOperator(UnaryOperator &U);
585 void visitBinaryOperator(BinaryOperator &B);
586 void visitICmpInst(ICmpInst &IC);
587 void visitFCmpInst(FCmpInst &FC);
588 void visitExtractElementInst(ExtractElementInst &EI);
589 void visitInsertElementInst(InsertElementInst &EI);
590 void visitShuffleVectorInst(ShuffleVectorInst &EI);
591 void visitVAArgInst(VAArgInst &VAA) { visitInstruction(I&: VAA); }
592 void visitCallInst(CallInst &CI);
593 void visitInvokeInst(InvokeInst &II);
594 void visitGetElementPtrInst(GetElementPtrInst &GEP);
595 void visitLoadInst(LoadInst &LI);
596 void visitStoreInst(StoreInst &SI);
597 void verifyDominatesUse(Instruction &I, unsigned i);
598 void visitInstruction(Instruction &I);
599 void visitTerminator(Instruction &I);
600 void visitBranchInst(BranchInst &BI);
601 void visitReturnInst(ReturnInst &RI);
602 void visitSwitchInst(SwitchInst &SI);
603 void visitIndirectBrInst(IndirectBrInst &BI);
604 void visitCallBrInst(CallBrInst &CBI);
605 void visitSelectInst(SelectInst &SI);
606 void visitUserOp1(Instruction &I);
607 void visitUserOp2(Instruction &I) { visitUserOp1(I); }
608 void visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call);
609 void visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI);
610 void visitVPIntrinsic(VPIntrinsic &VPI);
611 void visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI);
612 void visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI);
613 void visitAtomicRMWInst(AtomicRMWInst &RMWI);
614 void visitFenceInst(FenceInst &FI);
615 void visitAllocaInst(AllocaInst &AI);
616 void visitExtractValueInst(ExtractValueInst &EVI);
617 void visitInsertValueInst(InsertValueInst &IVI);
618 void visitEHPadPredecessors(Instruction &I);
619 void visitLandingPadInst(LandingPadInst &LPI);
620 void visitResumeInst(ResumeInst &RI);
621 void visitCatchPadInst(CatchPadInst &CPI);
622 void visitCatchReturnInst(CatchReturnInst &CatchReturn);
623 void visitCleanupPadInst(CleanupPadInst &CPI);
624 void visitFuncletPadInst(FuncletPadInst &FPI);
625 void visitCatchSwitchInst(CatchSwitchInst &CatchSwitch);
626 void visitCleanupReturnInst(CleanupReturnInst &CRI);
627
628 void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal);
629 void verifySwiftErrorValue(const Value *SwiftErrorVal);
630 void verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, StringRef Context);
631 void verifyMustTailCall(CallInst &CI);
632 bool verifyAttributeCount(AttributeList Attrs, unsigned Params);
633 void verifyAttributeTypes(AttributeSet Attrs, const Value *V);
634 void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V);
635 void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
636 const Value *V);
637 void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
638 const Value *V, bool IsIntrinsic, bool IsInlineAsm);
639 void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs);
640 void verifyUnknownProfileMetadata(MDNode *MD);
641 void visitConstantExprsRecursively(const Constant *EntryC);
642 void visitConstantExpr(const ConstantExpr *CE);
643 void visitConstantPtrAuth(const ConstantPtrAuth *CPA);
644 void verifyInlineAsmCall(const CallBase &Call);
645 void verifyStatepoint(const CallBase &Call);
646 void verifyFrameRecoverIndices();
647 void verifySiblingFuncletUnwinds();
648
649 void verifyFragmentExpression(const DbgVariableRecord &I);
650 template <typename ValueOrMetadata>
651 void verifyFragmentExpression(const DIVariable &V,
652 DIExpression::FragmentInfo Fragment,
653 ValueOrMetadata *Desc);
654 void verifyFnArgs(const DbgVariableRecord &DVR);
655 void verifyNotEntryValue(const DbgVariableRecord &I);
656
657 /// Module-level debug info verification...
658 void verifyCompileUnits();
659
660 /// Module-level verification that all @llvm.experimental.deoptimize
661 /// declarations share the same calling convention.
662 void verifyDeoptimizeCallingConvs();
663
664 void verifyAttachedCallBundle(const CallBase &Call,
665 const OperandBundleUse &BU);
666
667 /// Verify the llvm.experimental.noalias.scope.decl declarations
668 void verifyNoAliasScopeDecl();
669};
670
671} // end anonymous namespace
672
673/// We know that cond should be true, if not print an error message.
674#define Check(C, ...) \
675 do { \
676 if (!(C)) { \
677 CheckFailed(__VA_ARGS__); \
678 return; \
679 } \
680 } while (false)
681
682/// We know that a debug info condition should be true, if not print
683/// an error message.
684#define CheckDI(C, ...) \
685 do { \
686 if (!(C)) { \
687 DebugInfoCheckFailed(__VA_ARGS__); \
688 return; \
689 } \
690 } while (false)
691
692void Verifier::visitDbgRecords(Instruction &I) {
693 if (!I.DebugMarker)
694 return;
695 CheckDI(I.DebugMarker->MarkedInstr == &I,
696 "Instruction has invalid DebugMarker", &I);
697 CheckDI(!isa<PHINode>(&I) || !I.hasDbgRecords(),
698 "PHI Node must not have any attached DbgRecords", &I);
699 for (DbgRecord &DR : I.getDbgRecordRange()) {
700 CheckDI(DR.getMarker() == I.DebugMarker,
701 "DbgRecord had invalid DebugMarker", &I, &DR);
702 if (auto *Loc =
703 dyn_cast_or_null<DILocation>(Val: DR.getDebugLoc().getAsMDNode()))
704 visitMDNode(MD: *Loc, AllowLocs: AreDebugLocsAllowed::Yes);
705 if (auto *DVR = dyn_cast<DbgVariableRecord>(Val: &DR)) {
706 visit(DVR&: *DVR);
707 // These have to appear after `visit` for consistency with existing
708 // intrinsic behaviour.
709 verifyFragmentExpression(I: *DVR);
710 verifyNotEntryValue(I: *DVR);
711 } else if (auto *DLR = dyn_cast<DbgLabelRecord>(Val: &DR)) {
712 visit(DLR&: *DLR);
713 }
714 }
715}
716
717void Verifier::visit(Instruction &I) {
718 visitDbgRecords(I);
719 for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i)
720 Check(I.getOperand(i) != nullptr, "Operand is null", &I);
721 InstVisitor<Verifier>::visit(I);
722}
723
724// Helper to iterate over indirect users. By returning false, the callback can ask to stop traversing further.
725static void forEachUser(const Value *User,
726 SmallPtrSet<const Value *, 32> &Visited,
727 llvm::function_ref<bool(const Value *)> Callback) {
728 if (!Visited.insert(Ptr: User).second)
729 return;
730
731 SmallVector<const Value *> WorkList(User->materialized_users());
732 while (!WorkList.empty()) {
733 const Value *Cur = WorkList.pop_back_val();
734 if (!Visited.insert(Ptr: Cur).second)
735 continue;
736 if (Callback(Cur))
737 append_range(C&: WorkList, R: Cur->materialized_users());
738 }
739}
740
741void Verifier::visitGlobalValue(const GlobalValue &GV) {
742 Check(!GV.isDeclaration() || GV.hasValidDeclarationLinkage(),
743 "Global is external, but doesn't have external or weak linkage!", &GV);
744
745 if (const GlobalObject *GO = dyn_cast<GlobalObject>(Val: &GV)) {
746 if (const MDNode *Associated =
747 GO->getMetadata(KindID: LLVMContext::MD_associated)) {
748 Check(Associated->getNumOperands() == 1,
749 "associated metadata must have one operand", &GV, Associated);
750 const Metadata *Op = Associated->getOperand(I: 0).get();
751 Check(Op, "associated metadata must have a global value", GO, Associated);
752
753 const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
754 Check(VM, "associated metadata must be ValueAsMetadata", GO, Associated);
755 if (VM) {
756 Check(isa<PointerType>(VM->getValue()->getType()),
757 "associated value must be pointer typed", GV, Associated);
758
759 const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
760 Check(isa<GlobalObject>(Stripped) || isa<Constant>(Stripped),
761 "associated metadata must point to a GlobalObject", GO, Stripped);
762 Check(Stripped != GO,
763 "global values should not associate to themselves", GO,
764 Associated);
765 }
766 }
767
768 // FIXME: Why is getMetadata on GlobalValue protected?
769 if (const MDNode *AbsoluteSymbol =
770 GO->getMetadata(KindID: LLVMContext::MD_absolute_symbol)) {
771 verifyRangeLikeMetadata(V: *GO, Range: AbsoluteSymbol,
772 Ty: DL.getIntPtrType(GO->getType()),
773 Kind: RangeLikeMetadataKind::AbsoluteSymbol);
774 }
775
776 if (GO->hasMetadata(KindID: LLVMContext::MD_implicit_ref)) {
777 Check(!GO->isDeclaration(),
778 "ref metadata must not be placed on a declaration", GO);
779
780 SmallVector<MDNode *> MDs;
781 GO->getMetadata(KindID: LLVMContext::MD_implicit_ref, MDs);
782 for (const MDNode *MD : MDs) {
783 Check(MD->getNumOperands() == 1, "ref metadata must have one operand",
784 &GV, MD);
785 const Metadata *Op = MD->getOperand(I: 0).get();
786 const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
787 Check(VM, "ref metadata must be ValueAsMetadata", GO, MD);
788 if (VM) {
789 Check(isa<PointerType>(VM->getValue()->getType()),
790 "ref value must be pointer typed", GV, MD);
791
792 const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
793 Check(isa<GlobalObject>(Stripped) || isa<Constant>(Stripped),
794 "ref metadata must point to a GlobalObject", GO, Stripped);
795 Check(Stripped != GO, "values should not reference themselves", GO,
796 MD);
797 }
798 }
799 }
800 }
801
802 Check(!GV.hasAppendingLinkage() || isa<GlobalVariable>(GV),
803 "Only global variables can have appending linkage!", &GV);
804
805 if (GV.hasAppendingLinkage()) {
806 const GlobalVariable *GVar = dyn_cast<GlobalVariable>(Val: &GV);
807 Check(GVar && GVar->getValueType()->isArrayTy(),
808 "Only global arrays can have appending linkage!", GVar);
809 }
810
811 if (GV.isDeclarationForLinker())
812 Check(!GV.hasComdat(), "Declaration may not be in a Comdat!", &GV);
813
814 if (GV.hasDLLExportStorageClass()) {
815 Check(!GV.hasHiddenVisibility(),
816 "dllexport GlobalValue must have default or protected visibility",
817 &GV);
818 }
819 if (GV.hasDLLImportStorageClass()) {
820 Check(GV.hasDefaultVisibility(),
821 "dllimport GlobalValue must have default visibility", &GV);
822 Check(!GV.isDSOLocal(), "GlobalValue with DLLImport Storage is dso_local!",
823 &GV);
824
825 Check((GV.isDeclaration() &&
826 (GV.hasExternalLinkage() || GV.hasExternalWeakLinkage())) ||
827 GV.hasAvailableExternallyLinkage(),
828 "Global is marked as dllimport, but not external", &GV);
829 }
830
831 if (GV.isImplicitDSOLocal())
832 Check(GV.isDSOLocal(),
833 "GlobalValue with local linkage or non-default "
834 "visibility must be dso_local!",
835 &GV);
836
837 forEachUser(User: &GV, Visited&: GlobalValueVisited, Callback: [&](const Value *V) -> bool {
838 if (const Instruction *I = dyn_cast<Instruction>(Val: V)) {
839 if (!I->getParent() || !I->getParent()->getParent())
840 CheckFailed(Message: "Global is referenced by parentless instruction!", V1: &GV, Vs: &M,
841 Vs: I);
842 else if (I->getParent()->getParent()->getParent() != &M)
843 CheckFailed(Message: "Global is referenced in a different module!", V1: &GV, Vs: &M, Vs: I,
844 Vs: I->getParent()->getParent(),
845 Vs: I->getParent()->getParent()->getParent());
846 return false;
847 } else if (const Function *F = dyn_cast<Function>(Val: V)) {
848 if (F->getParent() != &M)
849 CheckFailed(Message: "Global is used by function in a different module", V1: &GV, Vs: &M,
850 Vs: F, Vs: F->getParent());
851 return false;
852 }
853 return true;
854 });
855}
856
857void Verifier::visitGlobalVariable(const GlobalVariable &GV) {
858 Type *GVType = GV.getValueType();
859
860 if (MaybeAlign A = GV.getAlign()) {
861 Check(A->value() <= Value::MaximumAlignment,
862 "huge alignment values are unsupported", &GV);
863 }
864
865 if (GV.hasInitializer()) {
866 Check(GV.getInitializer()->getType() == GVType,
867 "Global variable initializer type does not match global "
868 "variable type!",
869 &GV);
870 Check(GV.getInitializer()->getType()->isSized(),
871 "Global variable initializer must be sized", &GV);
872 visitConstantExprsRecursively(EntryC: GV.getInitializer());
873 // If the global has common linkage, it must have a zero initializer and
874 // cannot be constant.
875 if (GV.hasCommonLinkage()) {
876 Check(GV.getInitializer()->isNullValue(),
877 "'common' global must have a zero initializer!", &GV);
878 Check(!GV.isConstant(), "'common' global may not be marked constant!",
879 &GV);
880 Check(!GV.hasComdat(), "'common' global may not be in a Comdat!", &GV);
881 }
882 }
883
884 if (GV.hasName() && (GV.getName() == "llvm.global_ctors" ||
885 GV.getName() == "llvm.global_dtors")) {
886 Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
887 "invalid linkage for intrinsic global variable", &GV);
888 Check(GV.materialized_use_empty(),
889 "invalid uses of intrinsic global variable", &GV);
890
891 // Don't worry about emitting an error for it not being an array,
892 // visitGlobalValue will complain on appending non-array.
893 if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
894 StructType *STy = dyn_cast<StructType>(Val: ATy->getElementType());
895 PointerType *FuncPtrTy =
896 PointerType::get(C&: Context, AddressSpace: DL.getProgramAddressSpace());
897 Check(STy && (STy->getNumElements() == 2 || STy->getNumElements() == 3) &&
898 STy->getTypeAtIndex(0u)->isIntegerTy(32) &&
899 STy->getTypeAtIndex(1) == FuncPtrTy,
900 "wrong type for intrinsic global variable", &GV);
901 Check(STy->getNumElements() == 3,
902 "the third field of the element type is mandatory, "
903 "specify ptr null to migrate from the obsoleted 2-field form");
904 Type *ETy = STy->getTypeAtIndex(N: 2);
905 Check(ETy->isPointerTy(), "wrong type for intrinsic global variable",
906 &GV);
907 }
908 }
909
910 if (GV.hasName() && (GV.getName() == "llvm.used" ||
911 GV.getName() == "llvm.compiler.used")) {
912 Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
913 "invalid linkage for intrinsic global variable", &GV);
914 Check(GV.materialized_use_empty(),
915 "invalid uses of intrinsic global variable", &GV);
916
917 if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
918 PointerType *PTy = dyn_cast<PointerType>(Val: ATy->getElementType());
919 Check(PTy, "wrong type for intrinsic global variable", &GV);
920 if (GV.hasInitializer()) {
921 const Constant *Init = GV.getInitializer();
922 const ConstantArray *InitArray = dyn_cast<ConstantArray>(Val: Init);
923 Check(InitArray, "wrong initializer for intrinsic global variable",
924 Init);
925 for (Value *Op : InitArray->operands()) {
926 Value *V = Op->stripPointerCasts();
927 Check(isa<GlobalVariable>(V) || isa<Function>(V) ||
928 isa<GlobalAlias>(V),
929 Twine("invalid ") + GV.getName() + " member", V);
930 Check(V->hasName(),
931 Twine("members of ") + GV.getName() + " must be named", V);
932 }
933 }
934 }
935 }
936
937 // Visit any debug info attachments.
938 SmallVector<MDNode *, 1> MDs;
939 GV.getMetadata(KindID: LLVMContext::MD_dbg, MDs);
940 for (auto *MD : MDs) {
941 if (auto *GVE = dyn_cast<DIGlobalVariableExpression>(Val: MD))
942 visitDIGlobalVariableExpression(N: *GVE);
943 else
944 CheckDI(false, "!dbg attachment of global variable must be a "
945 "DIGlobalVariableExpression");
946 }
947
948 // Scalable vectors cannot be global variables, since we don't know
949 // the runtime size.
950 Check(!GVType->isScalableTy(), "Globals cannot contain scalable types", &GV);
951
952 // Check if it is or contains a target extension type that disallows being
953 // used as a global.
954 Check(!GVType->containsNonGlobalTargetExtType(),
955 "Global @" + GV.getName() + " has illegal target extension type",
956 GVType);
957
958 if (!GV.hasInitializer()) {
959 visitGlobalValue(GV);
960 return;
961 }
962
963 // Walk any aggregate initializers looking for bitcasts between address spaces
964 visitConstantExprsRecursively(EntryC: GV.getInitializer());
965
966 visitGlobalValue(GV);
967}
968
969void Verifier::visitAliaseeSubExpr(const GlobalAlias &GA, const Constant &C) {
970 SmallPtrSet<const GlobalAlias*, 4> Visited;
971 Visited.insert(Ptr: &GA);
972 visitAliaseeSubExpr(Visited, A: GA, C);
973}
974
975void Verifier::visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias*> &Visited,
976 const GlobalAlias &GA, const Constant &C) {
977 if (GA.hasAvailableExternallyLinkage()) {
978 Check(isa<GlobalValue>(C) &&
979 cast<GlobalValue>(C).hasAvailableExternallyLinkage(),
980 "available_externally alias must point to available_externally "
981 "global value",
982 &GA);
983 }
984 if (const auto *GV = dyn_cast<GlobalValue>(Val: &C)) {
985 if (!GA.hasAvailableExternallyLinkage()) {
986 Check(!GV->isDeclarationForLinker(), "Alias must point to a definition",
987 &GA);
988 }
989
990 if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: GV)) {
991 Check(Visited.insert(GA2).second, "Aliases cannot form a cycle", &GA);
992
993 Check(!GA2->isInterposable(),
994 "Alias cannot point to an interposable alias", &GA);
995 } else {
996 // Only continue verifying subexpressions of GlobalAliases.
997 // Do not recurse into global initializers.
998 return;
999 }
1000 }
1001
1002 if (const auto *CE = dyn_cast<ConstantExpr>(Val: &C))
1003 visitConstantExprsRecursively(EntryC: CE);
1004
1005 for (const Use &U : C.operands()) {
1006 Value *V = &*U;
1007 if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: V))
1008 visitAliaseeSubExpr(Visited, GA, C: *GA2->getAliasee());
1009 else if (const auto *C2 = dyn_cast<Constant>(Val: V))
1010 visitAliaseeSubExpr(Visited, GA, C: *C2);
1011 }
1012}
1013
1014void Verifier::visitGlobalAlias(const GlobalAlias &GA) {
1015 Check(GlobalAlias::isValidLinkage(GA.getLinkage()),
1016 "Alias should have private, internal, linkonce, weak, linkonce_odr, "
1017 "weak_odr, external, or available_externally linkage!",
1018 &GA);
1019 const Constant *Aliasee = GA.getAliasee();
1020 Check(Aliasee, "Aliasee cannot be NULL!", &GA);
1021 Check(GA.getType() == Aliasee->getType(),
1022 "Alias and aliasee types should match!", &GA);
1023
1024 Check(isa<GlobalValue>(Aliasee) || isa<ConstantExpr>(Aliasee),
1025 "Aliasee should be either GlobalValue or ConstantExpr", &GA);
1026
1027 visitAliaseeSubExpr(GA, C: *Aliasee);
1028
1029 visitGlobalValue(GV: GA);
1030}
1031
1032void Verifier::visitGlobalIFunc(const GlobalIFunc &GI) {
1033 visitGlobalValue(GV: GI);
1034
1035 SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
1036 GI.getAllMetadata(MDs);
1037 for (const auto &I : MDs) {
1038 CheckDI(I.first != LLVMContext::MD_dbg,
1039 "an ifunc may not have a !dbg attachment", &GI);
1040 Check(I.first != LLVMContext::MD_prof,
1041 "an ifunc may not have a !prof attachment", &GI);
1042 visitMDNode(MD: *I.second, AllowLocs: AreDebugLocsAllowed::No);
1043 }
1044
1045 Check(GlobalIFunc::isValidLinkage(GI.getLinkage()),
1046 "IFunc should have private, internal, linkonce, weak, linkonce_odr, "
1047 "weak_odr, or external linkage!",
1048 &GI);
1049 // Pierce through ConstantExprs and GlobalAliases and check that the resolver
1050 // is a Function definition.
1051 const Function *Resolver = GI.getResolverFunction();
1052 Check(Resolver, "IFunc must have a Function resolver", &GI);
1053 Check(!Resolver->isDeclarationForLinker(),
1054 "IFunc resolver must be a definition", &GI);
1055
1056 // Check that the immediate resolver operand (prior to any bitcasts) has the
1057 // correct type.
1058 const Type *ResolverTy = GI.getResolver()->getType();
1059
1060 Check(isa<PointerType>(Resolver->getFunctionType()->getReturnType()),
1061 "IFunc resolver must return a pointer", &GI);
1062
1063 Check(ResolverTy == PointerType::get(Context, GI.getAddressSpace()),
1064 "IFunc resolver has incorrect type", &GI);
1065}
1066
1067void Verifier::visitNamedMDNode(const NamedMDNode &NMD) {
1068 // There used to be various other llvm.dbg.* nodes, but we don't support
1069 // upgrading them and we want to reserve the namespace for future uses.
1070 if (NMD.getName().starts_with(Prefix: "llvm.dbg."))
1071 CheckDI(NMD.getName() == "llvm.dbg.cu",
1072 "unrecognized named metadata node in the llvm.dbg namespace", &NMD);
1073 for (const MDNode *MD : NMD.operands()) {
1074 if (NMD.getName() == "llvm.dbg.cu")
1075 CheckDI(MD && isa<DICompileUnit>(MD), "invalid compile unit", &NMD, MD);
1076
1077 if (!MD)
1078 continue;
1079
1080 visitMDNode(MD: *MD, AllowLocs: AreDebugLocsAllowed::Yes);
1081 }
1082}
1083
1084void Verifier::visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs) {
1085 // Only visit each node once. Metadata can be mutually recursive, so this
1086 // avoids infinite recursion here, as well as being an optimization.
1087 if (!MDNodes.insert(Ptr: &MD).second)
1088 return;
1089
1090 Check(&MD.getContext() == &Context,
1091 "MDNode context does not match Module context!", &MD);
1092
1093 switch (MD.getMetadataID()) {
1094 default:
1095 llvm_unreachable("Invalid MDNode subclass");
1096 case Metadata::MDTupleKind:
1097 break;
1098#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) \
1099 case Metadata::CLASS##Kind: \
1100 visit##CLASS(cast<CLASS>(MD)); \
1101 break;
1102#include "llvm/IR/Metadata.def"
1103 }
1104
1105 for (const Metadata *Op : MD.operands()) {
1106 if (!Op)
1107 continue;
1108 Check(!isa<LocalAsMetadata>(Op), "Invalid operand for global metadata!",
1109 &MD, Op);
1110 CheckDI(!isa<DILocation>(Op) || AllowLocs == AreDebugLocsAllowed::Yes,
1111 "DILocation not allowed within this metadata node", &MD, Op);
1112 if (auto *N = dyn_cast<MDNode>(Val: Op)) {
1113 visitMDNode(MD: *N, AllowLocs);
1114 continue;
1115 }
1116 if (auto *V = dyn_cast<ValueAsMetadata>(Val: Op)) {
1117 visitValueAsMetadata(MD: *V, F: nullptr);
1118 continue;
1119 }
1120 }
1121
1122 // Check llvm.loop.estimated_trip_count.
1123 if (MD.getNumOperands() > 0 &&
1124 MD.getOperand(I: 0).equalsStr(Str: LLVMLoopEstimatedTripCount)) {
1125 Check(MD.getNumOperands() == 2, "Expected two operands", &MD);
1126 auto *Count = dyn_cast_or_null<ConstantAsMetadata>(Val: MD.getOperand(I: 1));
1127 Check(Count && Count->getType()->isIntegerTy() &&
1128 cast<IntegerType>(Count->getType())->getBitWidth() <= 32,
1129 "Expected second operand to be an integer constant of type i32 or "
1130 "smaller",
1131 &MD);
1132 }
1133
1134 // Check these last, so we diagnose problems in operands first.
1135 Check(!MD.isTemporary(), "Expected no forward declarations!", &MD);
1136 Check(MD.isResolved(), "All nodes should be resolved!", &MD);
1137}
1138
1139void Verifier::visitValueAsMetadata(const ValueAsMetadata &MD, Function *F) {
1140 Check(MD.getValue(), "Expected valid value", &MD);
1141 Check(!MD.getValue()->getType()->isMetadataTy(),
1142 "Unexpected metadata round-trip through values", &MD, MD.getValue());
1143
1144 auto *L = dyn_cast<LocalAsMetadata>(Val: &MD);
1145 if (!L)
1146 return;
1147
1148 Check(F, "function-local metadata used outside a function", L);
1149
1150 // If this was an instruction, bb, or argument, verify that it is in the
1151 // function that we expect.
1152 Function *ActualF = nullptr;
1153 if (Instruction *I = dyn_cast<Instruction>(Val: L->getValue())) {
1154 Check(I->getParent(), "function-local metadata not in basic block", L, I);
1155 ActualF = I->getParent()->getParent();
1156 } else if (BasicBlock *BB = dyn_cast<BasicBlock>(Val: L->getValue()))
1157 ActualF = BB->getParent();
1158 else if (Argument *A = dyn_cast<Argument>(Val: L->getValue()))
1159 ActualF = A->getParent();
1160 assert(ActualF && "Unimplemented function local metadata case!");
1161
1162 Check(ActualF == F, "function-local metadata used in wrong function", L);
1163}
1164
1165void Verifier::visitDIArgList(const DIArgList &AL, Function *F) {
1166 for (const ValueAsMetadata *VAM : AL.getArgs())
1167 visitValueAsMetadata(MD: *VAM, F);
1168}
1169
1170void Verifier::visitMetadataAsValue(const MetadataAsValue &MDV, Function *F) {
1171 Metadata *MD = MDV.getMetadata();
1172 if (auto *N = dyn_cast<MDNode>(Val: MD)) {
1173 visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::No);
1174 return;
1175 }
1176
1177 // Only visit each node once. Metadata can be mutually recursive, so this
1178 // avoids infinite recursion here, as well as being an optimization.
1179 if (!MDNodes.insert(Ptr: MD).second)
1180 return;
1181
1182 if (auto *V = dyn_cast<ValueAsMetadata>(Val: MD))
1183 visitValueAsMetadata(MD: *V, F);
1184
1185 if (auto *AL = dyn_cast<DIArgList>(Val: MD))
1186 visitDIArgList(AL: *AL, F);
1187}
1188
1189static bool isType(const Metadata *MD) { return !MD || isa<DIType>(Val: MD); }
1190static bool isScope(const Metadata *MD) { return !MD || isa<DIScope>(Val: MD); }
1191static bool isDINode(const Metadata *MD) { return !MD || isa<DINode>(Val: MD); }
1192static bool isMDTuple(const Metadata *MD) { return !MD || isa<MDTuple>(Val: MD); }
1193
1194void Verifier::visitDILocation(const DILocation &N) {
1195 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1196 "location requires a valid scope", &N, N.getRawScope());
1197 if (auto *IA = N.getRawInlinedAt())
1198 CheckDI(isa<DILocation>(IA), "inlined-at should be a location", &N, IA);
1199 if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1200 CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1201}
1202
1203void Verifier::visitGenericDINode(const GenericDINode &N) {
1204 CheckDI(N.getTag(), "invalid tag", &N);
1205}
1206
1207void Verifier::visitDIScope(const DIScope &N) {
1208 if (auto *F = N.getRawFile())
1209 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1210}
1211
1212void Verifier::visitDISubrangeType(const DISubrangeType &N) {
1213 CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1214 auto *BaseType = N.getRawBaseType();
1215 CheckDI(!BaseType || isType(BaseType), "BaseType must be a type");
1216 auto *LBound = N.getRawLowerBound();
1217 CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) ||
1218 isa<DIVariable>(LBound) || isa<DIExpression>(LBound) ||
1219 isa<DIDerivedType>(LBound),
1220 "LowerBound must be signed constant or DIVariable or DIExpression or "
1221 "DIDerivedType",
1222 &N);
1223 auto *UBound = N.getRawUpperBound();
1224 CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) ||
1225 isa<DIVariable>(UBound) || isa<DIExpression>(UBound) ||
1226 isa<DIDerivedType>(UBound),
1227 "UpperBound must be signed constant or DIVariable or DIExpression or "
1228 "DIDerivedType",
1229 &N);
1230 auto *Stride = N.getRawStride();
1231 CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) ||
1232 isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1233 "Stride must be signed constant or DIVariable or DIExpression", &N);
1234 auto *Bias = N.getRawBias();
1235 CheckDI(!Bias || isa<ConstantAsMetadata>(Bias) || isa<DIVariable>(Bias) ||
1236 isa<DIExpression>(Bias),
1237 "Bias must be signed constant or DIVariable or DIExpression", &N);
1238 // Subrange types currently only support constant size.
1239 auto *Size = N.getRawSizeInBits();
1240 CheckDI(!Size || isa<ConstantAsMetadata>(Size),
1241 "SizeInBits must be a constant");
1242}
1243
1244void Verifier::visitDISubrange(const DISubrange &N) {
1245 CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1246 CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1247 "Subrange can have any one of count or upperBound", &N);
1248 auto *CBound = N.getRawCountNode();
1249 CheckDI(!CBound || isa<ConstantAsMetadata>(CBound) ||
1250 isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1251 "Count must be signed constant or DIVariable or DIExpression", &N);
1252 auto Count = N.getCount();
1253 CheckDI(!Count || !isa<ConstantInt *>(Count) ||
1254 cast<ConstantInt *>(Count)->getSExtValue() >= -1,
1255 "invalid subrange count", &N);
1256 auto *LBound = N.getRawLowerBound();
1257 CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) ||
1258 isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1259 "LowerBound must be signed constant or DIVariable or DIExpression",
1260 &N);
1261 auto *UBound = N.getRawUpperBound();
1262 CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) ||
1263 isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1264 "UpperBound must be signed constant or DIVariable or DIExpression",
1265 &N);
1266 auto *Stride = N.getRawStride();
1267 CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) ||
1268 isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1269 "Stride must be signed constant or DIVariable or DIExpression", &N);
1270}
1271
1272void Verifier::visitDIGenericSubrange(const DIGenericSubrange &N) {
1273 CheckDI(N.getTag() == dwarf::DW_TAG_generic_subrange, "invalid tag", &N);
1274 CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1275 "GenericSubrange can have any one of count or upperBound", &N);
1276 auto *CBound = N.getRawCountNode();
1277 CheckDI(!CBound || isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1278 "Count must be signed constant or DIVariable or DIExpression", &N);
1279 auto *LBound = N.getRawLowerBound();
1280 CheckDI(LBound, "GenericSubrange must contain lowerBound", &N);
1281 CheckDI(isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1282 "LowerBound must be signed constant or DIVariable or DIExpression",
1283 &N);
1284 auto *UBound = N.getRawUpperBound();
1285 CheckDI(!UBound || isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1286 "UpperBound must be signed constant or DIVariable or DIExpression",
1287 &N);
1288 auto *Stride = N.getRawStride();
1289 CheckDI(Stride, "GenericSubrange must contain stride", &N);
1290 CheckDI(isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1291 "Stride must be signed constant or DIVariable or DIExpression", &N);
1292}
1293
1294void Verifier::visitDIEnumerator(const DIEnumerator &N) {
1295 CheckDI(N.getTag() == dwarf::DW_TAG_enumerator, "invalid tag", &N);
1296}
1297
1298void Verifier::visitDIBasicType(const DIBasicType &N) {
1299 CheckDI(N.getTag() == dwarf::DW_TAG_base_type ||
1300 N.getTag() == dwarf::DW_TAG_unspecified_type ||
1301 N.getTag() == dwarf::DW_TAG_string_type,
1302 "invalid tag", &N);
1303 // Basic types currently only support constant size.
1304 auto *Size = N.getRawSizeInBits();
1305 CheckDI(!Size || isa<ConstantAsMetadata>(Size),
1306 "SizeInBits must be a constant");
1307}
1308
1309void Verifier::visitDIFixedPointType(const DIFixedPointType &N) {
1310 visitDIBasicType(N);
1311
1312 CheckDI(N.getTag() == dwarf::DW_TAG_base_type, "invalid tag", &N);
1313 CheckDI(N.getEncoding() == dwarf::DW_ATE_signed_fixed ||
1314 N.getEncoding() == dwarf::DW_ATE_unsigned_fixed,
1315 "invalid encoding", &N);
1316 CheckDI(N.getKind() == DIFixedPointType::FixedPointBinary ||
1317 N.getKind() == DIFixedPointType::FixedPointDecimal ||
1318 N.getKind() == DIFixedPointType::FixedPointRational,
1319 "invalid kind", &N);
1320 CheckDI(N.getKind() != DIFixedPointType::FixedPointRational ||
1321 N.getFactorRaw() == 0,
1322 "factor should be 0 for rationals", &N);
1323 CheckDI(N.getKind() == DIFixedPointType::FixedPointRational ||
1324 (N.getNumeratorRaw() == 0 && N.getDenominatorRaw() == 0),
1325 "numerator and denominator should be 0 for non-rationals", &N);
1326}
1327
1328void Verifier::visitDIStringType(const DIStringType &N) {
1329 CheckDI(N.getTag() == dwarf::DW_TAG_string_type, "invalid tag", &N);
1330 CheckDI(!(N.isBigEndian() && N.isLittleEndian()), "has conflicting flags",
1331 &N);
1332}
1333
1334void Verifier::visitDIDerivedType(const DIDerivedType &N) {
1335 // Common scope checks.
1336 visitDIScope(N);
1337
1338 CheckDI(N.getTag() == dwarf::DW_TAG_typedef ||
1339 N.getTag() == dwarf::DW_TAG_pointer_type ||
1340 N.getTag() == dwarf::DW_TAG_ptr_to_member_type ||
1341 N.getTag() == dwarf::DW_TAG_reference_type ||
1342 N.getTag() == dwarf::DW_TAG_rvalue_reference_type ||
1343 N.getTag() == dwarf::DW_TAG_const_type ||
1344 N.getTag() == dwarf::DW_TAG_immutable_type ||
1345 N.getTag() == dwarf::DW_TAG_volatile_type ||
1346 N.getTag() == dwarf::DW_TAG_restrict_type ||
1347 N.getTag() == dwarf::DW_TAG_atomic_type ||
1348 N.getTag() == dwarf::DW_TAG_LLVM_ptrauth_type ||
1349 N.getTag() == dwarf::DW_TAG_member ||
1350 (N.getTag() == dwarf::DW_TAG_variable && N.isStaticMember()) ||
1351 N.getTag() == dwarf::DW_TAG_inheritance ||
1352 N.getTag() == dwarf::DW_TAG_friend ||
1353 N.getTag() == dwarf::DW_TAG_set_type ||
1354 N.getTag() == dwarf::DW_TAG_template_alias,
1355 "invalid tag", &N);
1356 if (N.getTag() == dwarf::DW_TAG_ptr_to_member_type) {
1357 CheckDI(isType(N.getRawExtraData()), "invalid pointer to member type", &N,
1358 N.getRawExtraData());
1359 } else if (N.getTag() == dwarf::DW_TAG_template_alias) {
1360 CheckDI(isMDTuple(N.getRawExtraData()), "invalid template parameters", &N,
1361 N.getRawExtraData());
1362 } else if (N.getTag() == dwarf::DW_TAG_inheritance ||
1363 N.getTag() == dwarf::DW_TAG_member ||
1364 N.getTag() == dwarf::DW_TAG_variable) {
1365 auto *ExtraData = N.getRawExtraData();
1366 auto IsValidExtraData = [&]() {
1367 if (ExtraData == nullptr)
1368 return true;
1369 if (isa<ConstantAsMetadata>(Val: ExtraData) || isa<MDString>(Val: ExtraData) ||
1370 isa<DIObjCProperty>(Val: ExtraData))
1371 return true;
1372 if (auto *Tuple = dyn_cast<MDTuple>(Val: ExtraData)) {
1373 if (Tuple->getNumOperands() != 1)
1374 return false;
1375 return isa_and_nonnull<ConstantAsMetadata>(Val: Tuple->getOperand(I: 0).get());
1376 }
1377 return false;
1378 };
1379 CheckDI(IsValidExtraData(),
1380 "extraData must be ConstantAsMetadata, MDString, DIObjCProperty, "
1381 "or MDTuple with single ConstantAsMetadata operand",
1382 &N, ExtraData);
1383 }
1384
1385 if (N.getTag() == dwarf::DW_TAG_set_type) {
1386 if (auto *T = N.getRawBaseType()) {
1387 auto *Enum = dyn_cast_or_null<DICompositeType>(Val: T);
1388 auto *Subrange = dyn_cast_or_null<DISubrangeType>(Val: T);
1389 auto *Basic = dyn_cast_or_null<DIBasicType>(Val: T);
1390 CheckDI(
1391 (Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type) ||
1392 (Subrange && Subrange->getTag() == dwarf::DW_TAG_subrange_type) ||
1393 (Basic && (Basic->getEncoding() == dwarf::DW_ATE_unsigned ||
1394 Basic->getEncoding() == dwarf::DW_ATE_signed ||
1395 Basic->getEncoding() == dwarf::DW_ATE_unsigned_char ||
1396 Basic->getEncoding() == dwarf::DW_ATE_signed_char ||
1397 Basic->getEncoding() == dwarf::DW_ATE_boolean)),
1398 "invalid set base type", &N, T);
1399 }
1400 }
1401
1402 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1403 CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1404 N.getRawBaseType());
1405
1406 if (N.getDWARFAddressSpace()) {
1407 CheckDI(N.getTag() == dwarf::DW_TAG_pointer_type ||
1408 N.getTag() == dwarf::DW_TAG_reference_type ||
1409 N.getTag() == dwarf::DW_TAG_rvalue_reference_type,
1410 "DWARF address space only applies to pointer or reference types",
1411 &N);
1412 }
1413
1414 auto *Size = N.getRawSizeInBits();
1415 CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) ||
1416 isa<DIExpression>(Size),
1417 "SizeInBits must be a constant or DIVariable or DIExpression");
1418}
1419
1420/// Detect mutually exclusive flags.
1421static bool hasConflictingReferenceFlags(unsigned Flags) {
1422 return ((Flags & DINode::FlagLValueReference) &&
1423 (Flags & DINode::FlagRValueReference)) ||
1424 ((Flags & DINode::FlagTypePassByValue) &&
1425 (Flags & DINode::FlagTypePassByReference));
1426}
1427
1428void Verifier::visitTemplateParams(const MDNode &N, const Metadata &RawParams) {
1429 auto *Params = dyn_cast<MDTuple>(Val: &RawParams);
1430 CheckDI(Params, "invalid template params", &N, &RawParams);
1431 for (Metadata *Op : Params->operands()) {
1432 CheckDI(Op && isa<DITemplateParameter>(Op), "invalid template parameter",
1433 &N, Params, Op);
1434 }
1435}
1436
1437void Verifier::visitDICompositeType(const DICompositeType &N) {
1438 // Common scope checks.
1439 visitDIScope(N);
1440
1441 CheckDI(N.getTag() == dwarf::DW_TAG_array_type ||
1442 N.getTag() == dwarf::DW_TAG_structure_type ||
1443 N.getTag() == dwarf::DW_TAG_union_type ||
1444 N.getTag() == dwarf::DW_TAG_enumeration_type ||
1445 N.getTag() == dwarf::DW_TAG_class_type ||
1446 N.getTag() == dwarf::DW_TAG_variant_part ||
1447 N.getTag() == dwarf::DW_TAG_variant ||
1448 N.getTag() == dwarf::DW_TAG_namelist,
1449 "invalid tag", &N);
1450
1451 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1452 CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1453 N.getRawBaseType());
1454
1455 CheckDI(!N.getRawElements() || isa<MDTuple>(N.getRawElements()),
1456 "invalid composite elements", &N, N.getRawElements());
1457 CheckDI(isType(N.getRawVTableHolder()), "invalid vtable holder", &N,
1458 N.getRawVTableHolder());
1459 CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1460 "invalid reference flags", &N);
1461 unsigned DIBlockByRefStruct = 1 << 4;
1462 CheckDI((N.getFlags() & DIBlockByRefStruct) == 0,
1463 "DIBlockByRefStruct on DICompositeType is no longer supported", &N);
1464 CheckDI(llvm::all_of(N.getElements(), [](const DINode *N) { return N; }),
1465 "DISubprogram contains null entry in `elements` field", &N);
1466
1467 if (N.isVector()) {
1468 const DINodeArray Elements = N.getElements();
1469 CheckDI(Elements.size() == 1 &&
1470 Elements[0]->getTag() == dwarf::DW_TAG_subrange_type,
1471 "invalid vector, expected one element of type subrange", &N);
1472 }
1473
1474 if (auto *Params = N.getRawTemplateParams())
1475 visitTemplateParams(N, RawParams: *Params);
1476
1477 if (auto *D = N.getRawDiscriminator()) {
1478 CheckDI(isa<DIDerivedType>(D) && N.getTag() == dwarf::DW_TAG_variant_part,
1479 "discriminator can only appear on variant part");
1480 }
1481
1482 if (N.getRawDataLocation()) {
1483 CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1484 "dataLocation can only appear in array type");
1485 }
1486
1487 if (N.getRawAssociated()) {
1488 CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1489 "associated can only appear in array type");
1490 }
1491
1492 if (N.getRawAllocated()) {
1493 CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1494 "allocated can only appear in array type");
1495 }
1496
1497 if (N.getRawRank()) {
1498 CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1499 "rank can only appear in array type");
1500 }
1501
1502 if (N.getTag() == dwarf::DW_TAG_array_type) {
1503 CheckDI(N.getRawBaseType(), "array types must have a base type", &N);
1504 }
1505
1506 auto *Size = N.getRawSizeInBits();
1507 CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) ||
1508 isa<DIExpression>(Size),
1509 "SizeInBits must be a constant or DIVariable or DIExpression");
1510}
1511
1512void Verifier::visitDISubroutineType(const DISubroutineType &N) {
1513 CheckDI(N.getTag() == dwarf::DW_TAG_subroutine_type, "invalid tag", &N);
1514 if (auto *Types = N.getRawTypeArray()) {
1515 CheckDI(isa<MDTuple>(Types), "invalid composite elements", &N, Types);
1516 for (Metadata *Ty : N.getTypeArray()->operands()) {
1517 CheckDI(isType(Ty), "invalid subroutine type ref", &N, Types, Ty);
1518 }
1519 }
1520 CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1521 "invalid reference flags", &N);
1522}
1523
1524void Verifier::visitDIFile(const DIFile &N) {
1525 CheckDI(N.getTag() == dwarf::DW_TAG_file_type, "invalid tag", &N);
1526 std::optional<DIFile::ChecksumInfo<StringRef>> Checksum = N.getChecksum();
1527 if (Checksum) {
1528 CheckDI(Checksum->Kind <= DIFile::ChecksumKind::CSK_Last,
1529 "invalid checksum kind", &N);
1530 size_t Size;
1531 switch (Checksum->Kind) {
1532 case DIFile::CSK_MD5:
1533 Size = 32;
1534 break;
1535 case DIFile::CSK_SHA1:
1536 Size = 40;
1537 break;
1538 case DIFile::CSK_SHA256:
1539 Size = 64;
1540 break;
1541 }
1542 CheckDI(Checksum->Value.size() == Size, "invalid checksum length", &N);
1543 CheckDI(Checksum->Value.find_if_not(llvm::isHexDigit) == StringRef::npos,
1544 "invalid checksum", &N);
1545 }
1546}
1547
1548void Verifier::visitDICompileUnit(const DICompileUnit &N) {
1549 CheckDI(N.isDistinct(), "compile units must be distinct", &N);
1550 CheckDI(N.getTag() == dwarf::DW_TAG_compile_unit, "invalid tag", &N);
1551
1552 // Don't bother verifying the compilation directory or producer string
1553 // as those could be empty.
1554 CheckDI(N.getRawFile() && isa<DIFile>(N.getRawFile()), "invalid file", &N,
1555 N.getRawFile());
1556 CheckDI(!N.getFile()->getFilename().empty(), "invalid filename", &N,
1557 N.getFile());
1558
1559 CheckDI((N.getEmissionKind() <= DICompileUnit::LastEmissionKind),
1560 "invalid emission kind", &N);
1561
1562 if (auto *Array = N.getRawEnumTypes()) {
1563 CheckDI(isa<MDTuple>(Array), "invalid enum list", &N, Array);
1564 for (Metadata *Op : N.getEnumTypes()->operands()) {
1565 auto *Enum = dyn_cast_or_null<DICompositeType>(Val: Op);
1566 CheckDI(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type,
1567 "invalid enum type", &N, N.getEnumTypes(), Op);
1568 }
1569 }
1570 if (auto *Array = N.getRawRetainedTypes()) {
1571 CheckDI(isa<MDTuple>(Array), "invalid retained type list", &N, Array);
1572 for (Metadata *Op : N.getRetainedTypes()->operands()) {
1573 CheckDI(
1574 Op && (isa<DIType>(Op) || (isa<DISubprogram>(Op) &&
1575 !cast<DISubprogram>(Op)->isDefinition())),
1576 "invalid retained type", &N, Op);
1577 }
1578 }
1579 if (auto *Array = N.getRawGlobalVariables()) {
1580 CheckDI(isa<MDTuple>(Array), "invalid global variable list", &N, Array);
1581 for (Metadata *Op : N.getGlobalVariables()->operands()) {
1582 CheckDI(Op && (isa<DIGlobalVariableExpression>(Op)),
1583 "invalid global variable ref", &N, Op);
1584 }
1585 }
1586 if (auto *Array = N.getRawImportedEntities()) {
1587 CheckDI(isa<MDTuple>(Array), "invalid imported entity list", &N, Array);
1588 for (Metadata *Op : N.getImportedEntities()->operands()) {
1589 CheckDI(Op && isa<DIImportedEntity>(Op), "invalid imported entity ref",
1590 &N, Op);
1591 }
1592 }
1593 if (auto *Array = N.getRawMacros()) {
1594 CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1595 for (Metadata *Op : N.getMacros()->operands()) {
1596 CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1597 }
1598 }
1599 CUVisited.insert(Ptr: &N);
1600}
1601
1602void Verifier::visitDISubprogram(const DISubprogram &N) {
1603 CheckDI(N.getTag() == dwarf::DW_TAG_subprogram, "invalid tag", &N);
1604 CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1605 if (auto *F = N.getRawFile())
1606 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1607 else
1608 CheckDI(N.getLine() == 0, "line specified with no file", &N, N.getLine());
1609 if (auto *T = N.getRawType())
1610 CheckDI(isa<DISubroutineType>(T), "invalid subroutine type", &N, T);
1611 CheckDI(isType(N.getRawContainingType()), "invalid containing type", &N,
1612 N.getRawContainingType());
1613 if (auto *Params = N.getRawTemplateParams())
1614 visitTemplateParams(N, RawParams: *Params);
1615 if (auto *S = N.getRawDeclaration())
1616 CheckDI(isa<DISubprogram>(S) && !cast<DISubprogram>(S)->isDefinition(),
1617 "invalid subprogram declaration", &N, S);
1618 if (auto *RawNode = N.getRawRetainedNodes()) {
1619 auto *Node = dyn_cast<MDTuple>(Val: RawNode);
1620 CheckDI(Node, "invalid retained nodes list", &N, RawNode);
1621 for (Metadata *Op : Node->operands()) {
1622 CheckDI(Op, "nullptr in retained nodes", &N, Node);
1623
1624 auto True = [](const Metadata *) { return true; };
1625 auto False = [](const Metadata *) { return false; };
1626 bool IsTypeCorrect =
1627 DISubprogram::visitRetainedNode<bool>(N: Op, FuncLV&: True, FuncLabel&: True, FuncIE&: True, FuncUnknown&: False);
1628 CheckDI(IsTypeCorrect,
1629 "invalid retained nodes, expected DILocalVariable, DILabel or "
1630 "DIImportedEntity",
1631 &N, Node, Op);
1632
1633 auto *RetainedNode = cast<DINode>(Val: Op);
1634 auto *RetainedNodeScope = dyn_cast_or_null<DILocalScope>(
1635 Val: DISubprogram::getRawRetainedNodeScope(N: RetainedNode));
1636 CheckDI(RetainedNodeScope,
1637 "invalid retained nodes, retained node is not local", &N, Node,
1638 RetainedNode);
1639 CheckDI(
1640 RetainedNodeScope->getSubprogram() == &N,
1641 "invalid retained nodes, retained node does not belong to subprogram",
1642 &N, Node, RetainedNode, RetainedNodeScope);
1643 }
1644 }
1645 CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1646 "invalid reference flags", &N);
1647
1648 auto *Unit = N.getRawUnit();
1649 if (N.isDefinition()) {
1650 // Subprogram definitions (not part of the type hierarchy).
1651 CheckDI(N.isDistinct(), "subprogram definitions must be distinct", &N);
1652 CheckDI(Unit, "subprogram definitions must have a compile unit", &N);
1653 CheckDI(isa<DICompileUnit>(Unit), "invalid unit type", &N, Unit);
1654 // There's no good way to cross the CU boundary to insert a nested
1655 // DISubprogram definition in one CU into a type defined in another CU.
1656 auto *CT = dyn_cast_or_null<DICompositeType>(Val: N.getRawScope());
1657 if (CT && CT->getRawIdentifier() &&
1658 M.getContext().isODRUniquingDebugTypes())
1659 CheckDI(N.getDeclaration(),
1660 "definition subprograms cannot be nested within DICompositeType "
1661 "when enabling ODR",
1662 &N);
1663 } else {
1664 // Subprogram declarations (part of the type hierarchy).
1665 CheckDI(!Unit, "subprogram declarations must not have a compile unit", &N);
1666 CheckDI(!N.getRawDeclaration(),
1667 "subprogram declaration must not have a declaration field");
1668 }
1669
1670 if (auto *RawThrownTypes = N.getRawThrownTypes()) {
1671 auto *ThrownTypes = dyn_cast<MDTuple>(Val: RawThrownTypes);
1672 CheckDI(ThrownTypes, "invalid thrown types list", &N, RawThrownTypes);
1673 for (Metadata *Op : ThrownTypes->operands())
1674 CheckDI(Op && isa<DIType>(Op), "invalid thrown type", &N, ThrownTypes,
1675 Op);
1676 }
1677
1678 if (N.areAllCallsDescribed())
1679 CheckDI(N.isDefinition(),
1680 "DIFlagAllCallsDescribed must be attached to a definition");
1681}
1682
1683void Verifier::visitDILexicalBlockBase(const DILexicalBlockBase &N) {
1684 CheckDI(N.getTag() == dwarf::DW_TAG_lexical_block, "invalid tag", &N);
1685 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1686 "invalid local scope", &N, N.getRawScope());
1687 if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1688 CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1689}
1690
1691void Verifier::visitDILexicalBlock(const DILexicalBlock &N) {
1692 visitDILexicalBlockBase(N);
1693
1694 CheckDI(N.getLine() || !N.getColumn(),
1695 "cannot have column info without line info", &N);
1696}
1697
1698void Verifier::visitDILexicalBlockFile(const DILexicalBlockFile &N) {
1699 visitDILexicalBlockBase(N);
1700}
1701
1702void Verifier::visitDICommonBlock(const DICommonBlock &N) {
1703 CheckDI(N.getTag() == dwarf::DW_TAG_common_block, "invalid tag", &N);
1704 if (auto *S = N.getRawScope())
1705 CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1706 if (auto *S = N.getRawDecl())
1707 CheckDI(isa<DIGlobalVariable>(S), "invalid declaration", &N, S);
1708}
1709
1710void Verifier::visitDINamespace(const DINamespace &N) {
1711 CheckDI(N.getTag() == dwarf::DW_TAG_namespace, "invalid tag", &N);
1712 if (auto *S = N.getRawScope())
1713 CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1714}
1715
1716void Verifier::visitDIMacro(const DIMacro &N) {
1717 CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_define ||
1718 N.getMacinfoType() == dwarf::DW_MACINFO_undef,
1719 "invalid macinfo type", &N);
1720 CheckDI(!N.getName().empty(), "anonymous macro", &N);
1721 if (!N.getValue().empty()) {
1722 assert(N.getValue().data()[0] != ' ' && "Macro value has a space prefix");
1723 }
1724}
1725
1726void Verifier::visitDIMacroFile(const DIMacroFile &N) {
1727 CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_start_file,
1728 "invalid macinfo type", &N);
1729 if (auto *F = N.getRawFile())
1730 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1731
1732 if (auto *Array = N.getRawElements()) {
1733 CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1734 for (Metadata *Op : N.getElements()->operands()) {
1735 CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1736 }
1737 }
1738}
1739
1740void Verifier::visitDIModule(const DIModule &N) {
1741 CheckDI(N.getTag() == dwarf::DW_TAG_module, "invalid tag", &N);
1742 CheckDI(!N.getName().empty(), "anonymous module", &N);
1743}
1744
1745void Verifier::visitDITemplateParameter(const DITemplateParameter &N) {
1746 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1747}
1748
1749void Verifier::visitDITemplateTypeParameter(const DITemplateTypeParameter &N) {
1750 visitDITemplateParameter(N);
1751
1752 CheckDI(N.getTag() == dwarf::DW_TAG_template_type_parameter, "invalid tag",
1753 &N);
1754}
1755
1756void Verifier::visitDITemplateValueParameter(
1757 const DITemplateValueParameter &N) {
1758 visitDITemplateParameter(N);
1759
1760 CheckDI(N.getTag() == dwarf::DW_TAG_template_value_parameter ||
1761 N.getTag() == dwarf::DW_TAG_GNU_template_template_param ||
1762 N.getTag() == dwarf::DW_TAG_GNU_template_parameter_pack,
1763 "invalid tag", &N);
1764}
1765
1766void Verifier::visitDIVariable(const DIVariable &N) {
1767 if (auto *S = N.getRawScope())
1768 CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1769 if (auto *F = N.getRawFile())
1770 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1771}
1772
1773void Verifier::visitDIGlobalVariable(const DIGlobalVariable &N) {
1774 // Checks common to all variables.
1775 visitDIVariable(N);
1776
1777 CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1778 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1779 // Check only if the global variable is not an extern
1780 if (N.isDefinition())
1781 CheckDI(N.getType(), "missing global variable type", &N);
1782 if (auto *Member = N.getRawStaticDataMemberDeclaration()) {
1783 CheckDI(isa<DIDerivedType>(Member),
1784 "invalid static data member declaration", &N, Member);
1785 }
1786}
1787
1788void Verifier::visitDILocalVariable(const DILocalVariable &N) {
1789 // Checks common to all variables.
1790 visitDIVariable(N);
1791
1792 CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1793 CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1794 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1795 "local variable requires a valid scope", &N, N.getRawScope());
1796 if (auto Ty = N.getType())
1797 CheckDI(!isa<DISubroutineType>(Ty), "invalid type", &N, N.getType());
1798}
1799
1800void Verifier::visitDIAssignID(const DIAssignID &N) {
1801 CheckDI(!N.getNumOperands(), "DIAssignID has no arguments", &N);
1802 CheckDI(N.isDistinct(), "DIAssignID must be distinct", &N);
1803}
1804
1805void Verifier::visitDILabel(const DILabel &N) {
1806 if (auto *S = N.getRawScope())
1807 CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1808 if (auto *F = N.getRawFile())
1809 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1810
1811 CheckDI(N.getTag() == dwarf::DW_TAG_label, "invalid tag", &N);
1812 CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1813 "label requires a valid scope", &N, N.getRawScope());
1814}
1815
1816void Verifier::visitDIExpression(const DIExpression &N) {
1817 CheckDI(N.isValid(), "invalid expression", &N);
1818}
1819
1820void Verifier::visitDIGlobalVariableExpression(
1821 const DIGlobalVariableExpression &GVE) {
1822 CheckDI(GVE.getVariable(), "missing variable");
1823 if (auto *Var = GVE.getVariable())
1824 visitDIGlobalVariable(N: *Var);
1825 if (auto *Expr = GVE.getExpression()) {
1826 visitDIExpression(N: *Expr);
1827 if (auto Fragment = Expr->getFragmentInfo())
1828 verifyFragmentExpression(V: *GVE.getVariable(), Fragment: *Fragment, Desc: &GVE);
1829 }
1830}
1831
1832void Verifier::visitDIObjCProperty(const DIObjCProperty &N) {
1833 CheckDI(N.getTag() == dwarf::DW_TAG_APPLE_property, "invalid tag", &N);
1834 if (auto *T = N.getRawType())
1835 CheckDI(isType(T), "invalid type ref", &N, T);
1836 if (auto *F = N.getRawFile())
1837 CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1838}
1839
1840void Verifier::visitDIImportedEntity(const DIImportedEntity &N) {
1841 CheckDI(N.getTag() == dwarf::DW_TAG_imported_module ||
1842 N.getTag() == dwarf::DW_TAG_imported_declaration,
1843 "invalid tag", &N);
1844 if (auto *S = N.getRawScope())
1845 CheckDI(isa<DIScope>(S), "invalid scope for imported entity", &N, S);
1846 CheckDI(isDINode(N.getRawEntity()), "invalid imported entity", &N,
1847 N.getRawEntity());
1848}
1849
1850void Verifier::visitComdat(const Comdat &C) {
1851 // In COFF the Module is invalid if the GlobalValue has private linkage.
1852 // Entities with private linkage don't have entries in the symbol table.
1853 if (TT.isOSBinFormatCOFF())
1854 if (const GlobalValue *GV = M.getNamedValue(Name: C.getName()))
1855 Check(!GV->hasPrivateLinkage(), "comdat global value has private linkage",
1856 GV);
1857}
1858
1859void Verifier::visitModuleIdents() {
1860 const NamedMDNode *Idents = M.getNamedMetadata(Name: "llvm.ident");
1861 if (!Idents)
1862 return;
1863
1864 // llvm.ident takes a list of metadata entry. Each entry has only one string.
1865 // Scan each llvm.ident entry and make sure that this requirement is met.
1866 for (const MDNode *N : Idents->operands()) {
1867 Check(N->getNumOperands() == 1,
1868 "incorrect number of operands in llvm.ident metadata", N);
1869 Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1870 ("invalid value for llvm.ident metadata entry operand"
1871 "(the operand should be a string)"),
1872 N->getOperand(0));
1873 }
1874}
1875
1876void Verifier::visitModuleCommandLines() {
1877 const NamedMDNode *CommandLines = M.getNamedMetadata(Name: "llvm.commandline");
1878 if (!CommandLines)
1879 return;
1880
1881 // llvm.commandline takes a list of metadata entry. Each entry has only one
1882 // string. Scan each llvm.commandline entry and make sure that this
1883 // requirement is met.
1884 for (const MDNode *N : CommandLines->operands()) {
1885 Check(N->getNumOperands() == 1,
1886 "incorrect number of operands in llvm.commandline metadata", N);
1887 Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1888 ("invalid value for llvm.commandline metadata entry operand"
1889 "(the operand should be a string)"),
1890 N->getOperand(0));
1891 }
1892}
1893
1894void Verifier::visitModuleErrnoTBAA() {
1895 const NamedMDNode *ErrnoTBAA = M.getNamedMetadata(Name: "llvm.errno.tbaa");
1896 if (!ErrnoTBAA)
1897 return;
1898
1899 Check(ErrnoTBAA->getNumOperands() >= 1,
1900 "llvm.errno.tbaa must have at least one operand", ErrnoTBAA);
1901
1902 for (const MDNode *N : ErrnoTBAA->operands())
1903 TBAAVerifyHelper.visitTBAAMetadata(I: nullptr, MD: N);
1904}
1905
1906void Verifier::visitModuleFlags() {
1907 const NamedMDNode *Flags = M.getModuleFlagsMetadata();
1908 if (!Flags) return;
1909
1910 // Scan each flag, and track the flags and requirements.
1911 DenseMap<const MDString*, const MDNode*> SeenIDs;
1912 SmallVector<const MDNode*, 16> Requirements;
1913 uint64_t PAuthABIPlatform = -1;
1914 uint64_t PAuthABIVersion = -1;
1915 for (const MDNode *MDN : Flags->operands()) {
1916 visitModuleFlag(Op: MDN, SeenIDs, Requirements);
1917 if (MDN->getNumOperands() != 3)
1918 continue;
1919 if (const auto *FlagName = dyn_cast_or_null<MDString>(Val: MDN->getOperand(I: 1))) {
1920 if (FlagName->getString() == "aarch64-elf-pauthabi-platform") {
1921 if (const auto *PAP =
1922 mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1923 PAuthABIPlatform = PAP->getZExtValue();
1924 } else if (FlagName->getString() == "aarch64-elf-pauthabi-version") {
1925 if (const auto *PAV =
1926 mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1927 PAuthABIVersion = PAV->getZExtValue();
1928 }
1929 }
1930 }
1931
1932 if ((PAuthABIPlatform == uint64_t(-1)) != (PAuthABIVersion == uint64_t(-1)))
1933 CheckFailed(Message: "either both or no 'aarch64-elf-pauthabi-platform' and "
1934 "'aarch64-elf-pauthabi-version' module flags must be present");
1935
1936 // Validate that the requirements in the module are valid.
1937 for (const MDNode *Requirement : Requirements) {
1938 const MDString *Flag = cast<MDString>(Val: Requirement->getOperand(I: 0));
1939 const Metadata *ReqValue = Requirement->getOperand(I: 1);
1940
1941 const MDNode *Op = SeenIDs.lookup(Val: Flag);
1942 if (!Op) {
1943 CheckFailed(Message: "invalid requirement on flag, flag is not present in module",
1944 V1: Flag);
1945 continue;
1946 }
1947
1948 if (Op->getOperand(I: 2) != ReqValue) {
1949 CheckFailed(Message: ("invalid requirement on flag, "
1950 "flag does not have the required value"),
1951 V1: Flag);
1952 continue;
1953 }
1954 }
1955}
1956
1957void
1958Verifier::visitModuleFlag(const MDNode *Op,
1959 DenseMap<const MDString *, const MDNode *> &SeenIDs,
1960 SmallVectorImpl<const MDNode *> &Requirements) {
1961 // Each module flag should have three arguments, the merge behavior (a
1962 // constant int), the flag ID (an MDString), and the value.
1963 Check(Op->getNumOperands() == 3,
1964 "incorrect number of operands in module flag", Op);
1965 Module::ModFlagBehavior MFB;
1966 if (!Module::isValidModFlagBehavior(MD: Op->getOperand(I: 0), MFB)) {
1967 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(0)),
1968 "invalid behavior operand in module flag (expected constant integer)",
1969 Op->getOperand(0));
1970 Check(false,
1971 "invalid behavior operand in module flag (unexpected constant)",
1972 Op->getOperand(0));
1973 }
1974 MDString *ID = dyn_cast_or_null<MDString>(Val: Op->getOperand(I: 1));
1975 Check(ID, "invalid ID operand in module flag (expected metadata string)",
1976 Op->getOperand(1));
1977
1978 // Check the values for behaviors with additional requirements.
1979 switch (MFB) {
1980 case Module::Error:
1981 case Module::Warning:
1982 case Module::Override:
1983 // These behavior types accept any value.
1984 break;
1985
1986 case Module::Min: {
1987 auto *V = mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1988 Check(V && V->getValue().isNonNegative(),
1989 "invalid value for 'min' module flag (expected constant non-negative "
1990 "integer)",
1991 Op->getOperand(2));
1992 break;
1993 }
1994
1995 case Module::Max: {
1996 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)),
1997 "invalid value for 'max' module flag (expected constant integer)",
1998 Op->getOperand(2));
1999 break;
2000 }
2001
2002 case Module::Require: {
2003 // The value should itself be an MDNode with two operands, a flag ID (an
2004 // MDString), and a value.
2005 MDNode *Value = dyn_cast<MDNode>(Val: Op->getOperand(I: 2));
2006 Check(Value && Value->getNumOperands() == 2,
2007 "invalid value for 'require' module flag (expected metadata pair)",
2008 Op->getOperand(2));
2009 Check(isa<MDString>(Value->getOperand(0)),
2010 ("invalid value for 'require' module flag "
2011 "(first value operand should be a string)"),
2012 Value->getOperand(0));
2013
2014 // Append it to the list of requirements, to check once all module flags are
2015 // scanned.
2016 Requirements.push_back(Elt: Value);
2017 break;
2018 }
2019
2020 case Module::Append:
2021 case Module::AppendUnique: {
2022 // These behavior types require the operand be an MDNode.
2023 Check(isa<MDNode>(Op->getOperand(2)),
2024 "invalid value for 'append'-type module flag "
2025 "(expected a metadata node)",
2026 Op->getOperand(2));
2027 break;
2028 }
2029 }
2030
2031 // Unless this is a "requires" flag, check the ID is unique.
2032 if (MFB != Module::Require) {
2033 bool Inserted = SeenIDs.insert(KV: std::make_pair(x&: ID, y&: Op)).second;
2034 Check(Inserted,
2035 "module flag identifiers must be unique (or of 'require' type)", ID);
2036 }
2037
2038 if (ID->getString() == "wchar_size") {
2039 ConstantInt *Value
2040 = mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
2041 Check(Value, "wchar_size metadata requires constant integer argument");
2042 }
2043
2044 if (ID->getString() == "Linker Options") {
2045 // If the llvm.linker.options named metadata exists, we assume that the
2046 // bitcode reader has upgraded the module flag. Otherwise the flag might
2047 // have been created by a client directly.
2048 Check(M.getNamedMetadata("llvm.linker.options"),
2049 "'Linker Options' named metadata no longer supported");
2050 }
2051
2052 if (ID->getString() == "SemanticInterposition") {
2053 ConstantInt *Value =
2054 mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
2055 Check(Value,
2056 "SemanticInterposition metadata requires constant integer argument");
2057 }
2058
2059 if (ID->getString() == "CG Profile") {
2060 for (const MDOperand &MDO : cast<MDNode>(Val: Op->getOperand(I: 2))->operands())
2061 visitModuleFlagCGProfileEntry(MDO);
2062 }
2063}
2064
2065void Verifier::visitModuleFlagCGProfileEntry(const MDOperand &MDO) {
2066 auto CheckFunction = [&](const MDOperand &FuncMDO) {
2067 if (!FuncMDO)
2068 return;
2069 auto F = dyn_cast<ValueAsMetadata>(Val: FuncMDO);
2070 Check(F && isa<Function>(F->getValue()->stripPointerCasts()),
2071 "expected a Function or null", FuncMDO);
2072 };
2073 auto Node = dyn_cast_or_null<MDNode>(Val: MDO);
2074 Check(Node && Node->getNumOperands() == 3, "expected a MDNode triple", MDO);
2075 CheckFunction(Node->getOperand(I: 0));
2076 CheckFunction(Node->getOperand(I: 1));
2077 auto Count = dyn_cast_or_null<ConstantAsMetadata>(Val: Node->getOperand(I: 2));
2078 Check(Count && Count->getType()->isIntegerTy(),
2079 "expected an integer constant", Node->getOperand(2));
2080}
2081
2082void Verifier::verifyAttributeTypes(AttributeSet Attrs, const Value *V) {
2083 for (Attribute A : Attrs) {
2084
2085 if (A.isStringAttribute()) {
2086#define GET_ATTR_NAMES
2087#define ATTRIBUTE_ENUM(ENUM_NAME, DISPLAY_NAME)
2088#define ATTRIBUTE_STRBOOL(ENUM_NAME, DISPLAY_NAME) \
2089 if (A.getKindAsString() == #DISPLAY_NAME) { \
2090 auto V = A.getValueAsString(); \
2091 if (!(V.empty() || V == "true" || V == "false")) \
2092 CheckFailed("invalid value for '" #DISPLAY_NAME "' attribute: " + V + \
2093 ""); \
2094 }
2095
2096#include "llvm/IR/Attributes.inc"
2097 continue;
2098 }
2099
2100 if (A.isIntAttribute() != Attribute::isIntAttrKind(Kind: A.getKindAsEnum())) {
2101 CheckFailed(Message: "Attribute '" + A.getAsString() + "' should have an Argument",
2102 V1: V);
2103 return;
2104 }
2105 }
2106}
2107
2108// VerifyParameterAttrs - Check the given attributes for an argument or return
2109// value of the specified type. The value V is printed in error messages.
2110void Verifier::verifyParameterAttrs(AttributeSet Attrs, Type *Ty,
2111 const Value *V) {
2112 if (!Attrs.hasAttributes())
2113 return;
2114
2115 verifyAttributeTypes(Attrs, V);
2116
2117 for (Attribute Attr : Attrs)
2118 Check(Attr.isStringAttribute() ||
2119 Attribute::canUseAsParamAttr(Attr.getKindAsEnum()),
2120 "Attribute '" + Attr.getAsString() + "' does not apply to parameters",
2121 V);
2122
2123 if (Attrs.hasAttribute(Kind: Attribute::ImmArg)) {
2124 unsigned AttrCount =
2125 Attrs.getNumAttributes() - Attrs.hasAttribute(Kind: Attribute::Range);
2126 Check(AttrCount == 1,
2127 "Attribute 'immarg' is incompatible with other attributes except the "
2128 "'range' attribute",
2129 V);
2130 }
2131
2132 // Check for mutually incompatible attributes. Only inreg is compatible with
2133 // sret.
2134 unsigned AttrCount = 0;
2135 AttrCount += Attrs.hasAttribute(Kind: Attribute::ByVal);
2136 AttrCount += Attrs.hasAttribute(Kind: Attribute::InAlloca);
2137 AttrCount += Attrs.hasAttribute(Kind: Attribute::Preallocated);
2138 AttrCount += Attrs.hasAttribute(Kind: Attribute::StructRet) ||
2139 Attrs.hasAttribute(Kind: Attribute::InReg);
2140 AttrCount += Attrs.hasAttribute(Kind: Attribute::Nest);
2141 AttrCount += Attrs.hasAttribute(Kind: Attribute::ByRef);
2142 Check(AttrCount <= 1,
2143 "Attributes 'byval', 'inalloca', 'preallocated', 'inreg', 'nest', "
2144 "'byref', and 'sret' are incompatible!",
2145 V);
2146
2147 Check(!(Attrs.hasAttribute(Attribute::InAlloca) &&
2148 Attrs.hasAttribute(Attribute::ReadOnly)),
2149 "Attributes "
2150 "'inalloca and readonly' are incompatible!",
2151 V);
2152
2153 Check(!(Attrs.hasAttribute(Attribute::StructRet) &&
2154 Attrs.hasAttribute(Attribute::Returned)),
2155 "Attributes "
2156 "'sret and returned' are incompatible!",
2157 V);
2158
2159 Check(!(Attrs.hasAttribute(Attribute::ZExt) &&
2160 Attrs.hasAttribute(Attribute::SExt)),
2161 "Attributes "
2162 "'zeroext and signext' are incompatible!",
2163 V);
2164
2165 Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2166 Attrs.hasAttribute(Attribute::ReadOnly)),
2167 "Attributes "
2168 "'readnone and readonly' are incompatible!",
2169 V);
2170
2171 Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2172 Attrs.hasAttribute(Attribute::WriteOnly)),
2173 "Attributes "
2174 "'readnone and writeonly' are incompatible!",
2175 V);
2176
2177 Check(!(Attrs.hasAttribute(Attribute::ReadOnly) &&
2178 Attrs.hasAttribute(Attribute::WriteOnly)),
2179 "Attributes "
2180 "'readonly and writeonly' are incompatible!",
2181 V);
2182
2183 Check(!(Attrs.hasAttribute(Attribute::NoInline) &&
2184 Attrs.hasAttribute(Attribute::AlwaysInline)),
2185 "Attributes "
2186 "'noinline and alwaysinline' are incompatible!",
2187 V);
2188
2189 Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2190 Attrs.hasAttribute(Attribute::ReadNone)),
2191 "Attributes writable and readnone are incompatible!", V);
2192
2193 Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2194 Attrs.hasAttribute(Attribute::ReadOnly)),
2195 "Attributes writable and readonly are incompatible!", V);
2196
2197 AttributeMask IncompatibleAttrs = AttributeFuncs::typeIncompatible(Ty, AS: Attrs);
2198 for (Attribute Attr : Attrs) {
2199 if (!Attr.isStringAttribute() &&
2200 IncompatibleAttrs.contains(A: Attr.getKindAsEnum())) {
2201 CheckFailed(Message: "Attribute '" + Attr.getAsString() +
2202 "' applied to incompatible type!", V1: V);
2203 return;
2204 }
2205 }
2206
2207 if (isa<PointerType>(Val: Ty)) {
2208 if (Attrs.hasAttribute(Kind: Attribute::Alignment)) {
2209 Align AttrAlign = Attrs.getAlignment().valueOrOne();
2210 Check(AttrAlign.value() <= Value::MaximumAlignment,
2211 "huge alignment values are unsupported", V);
2212 }
2213 if (Attrs.hasAttribute(Kind: Attribute::ByVal)) {
2214 Type *ByValTy = Attrs.getByValType();
2215 SmallPtrSet<Type *, 4> Visited;
2216 Check(ByValTy->isSized(&Visited),
2217 "Attribute 'byval' does not support unsized types!", V);
2218 // Check if it is or contains a target extension type that disallows being
2219 // used on the stack.
2220 Check(!ByValTy->containsNonLocalTargetExtType(),
2221 "'byval' argument has illegal target extension type", V);
2222 Check(DL.getTypeAllocSize(ByValTy).getKnownMinValue() < (1ULL << 32),
2223 "huge 'byval' arguments are unsupported", V);
2224 }
2225 if (Attrs.hasAttribute(Kind: Attribute::ByRef)) {
2226 SmallPtrSet<Type *, 4> Visited;
2227 Check(Attrs.getByRefType()->isSized(&Visited),
2228 "Attribute 'byref' does not support unsized types!", V);
2229 Check(DL.getTypeAllocSize(Attrs.getByRefType()).getKnownMinValue() <
2230 (1ULL << 32),
2231 "huge 'byref' arguments are unsupported", V);
2232 }
2233 if (Attrs.hasAttribute(Kind: Attribute::InAlloca)) {
2234 SmallPtrSet<Type *, 4> Visited;
2235 Check(Attrs.getInAllocaType()->isSized(&Visited),
2236 "Attribute 'inalloca' does not support unsized types!", V);
2237 Check(DL.getTypeAllocSize(Attrs.getInAllocaType()).getKnownMinValue() <
2238 (1ULL << 32),
2239 "huge 'inalloca' arguments are unsupported", V);
2240 }
2241 if (Attrs.hasAttribute(Kind: Attribute::Preallocated)) {
2242 SmallPtrSet<Type *, 4> Visited;
2243 Check(Attrs.getPreallocatedType()->isSized(&Visited),
2244 "Attribute 'preallocated' does not support unsized types!", V);
2245 Check(
2246 DL.getTypeAllocSize(Attrs.getPreallocatedType()).getKnownMinValue() <
2247 (1ULL << 32),
2248 "huge 'preallocated' arguments are unsupported", V);
2249 }
2250 }
2251
2252 if (Attrs.hasAttribute(Kind: Attribute::Initializes)) {
2253 auto Inits = Attrs.getAttribute(Kind: Attribute::Initializes).getInitializes();
2254 Check(!Inits.empty(), "Attribute 'initializes' does not support empty list",
2255 V);
2256 Check(ConstantRangeList::isOrderedRanges(Inits),
2257 "Attribute 'initializes' does not support unordered ranges", V);
2258 }
2259
2260 if (Attrs.hasAttribute(Kind: Attribute::NoFPClass)) {
2261 uint64_t Val = Attrs.getAttribute(Kind: Attribute::NoFPClass).getValueAsInt();
2262 Check(Val != 0, "Attribute 'nofpclass' must have at least one test bit set",
2263 V);
2264 Check((Val & ~static_cast<unsigned>(fcAllFlags)) == 0,
2265 "Invalid value for 'nofpclass' test mask", V);
2266 }
2267 if (Attrs.hasAttribute(Kind: Attribute::Range)) {
2268 const ConstantRange &CR =
2269 Attrs.getAttribute(Kind: Attribute::Range).getValueAsConstantRange();
2270 Check(Ty->isIntOrIntVectorTy(CR.getBitWidth()),
2271 "Range bit width must match type bit width!", V);
2272 }
2273}
2274
2275void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
2276 const Value *V) {
2277 if (Attrs.hasFnAttr(Kind: Attr)) {
2278 StringRef S = Attrs.getFnAttr(Kind: Attr).getValueAsString();
2279 unsigned N;
2280 if (S.getAsInteger(Radix: 10, Result&: N))
2281 CheckFailed(Message: "\"" + Attr + "\" takes an unsigned integer: " + S, V1: V);
2282 }
2283}
2284
2285// Check parameter attributes against a function type.
2286// The value V is printed in error messages.
2287void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
2288 const Value *V, bool IsIntrinsic,
2289 bool IsInlineAsm) {
2290 if (Attrs.isEmpty())
2291 return;
2292
2293 if (AttributeListsVisited.insert(Ptr: Attrs.getRawPointer()).second) {
2294 Check(Attrs.hasParentContext(Context),
2295 "Attribute list does not match Module context!", &Attrs, V);
2296 for (const auto &AttrSet : Attrs) {
2297 Check(!AttrSet.hasAttributes() || AttrSet.hasParentContext(Context),
2298 "Attribute set does not match Module context!", &AttrSet, V);
2299 for (const auto &A : AttrSet) {
2300 Check(A.hasParentContext(Context),
2301 "Attribute does not match Module context!", &A, V);
2302 }
2303 }
2304 }
2305
2306 bool SawNest = false;
2307 bool SawReturned = false;
2308 bool SawSRet = false;
2309 bool SawSwiftSelf = false;
2310 bool SawSwiftAsync = false;
2311 bool SawSwiftError = false;
2312
2313 // Verify return value attributes.
2314 AttributeSet RetAttrs = Attrs.getRetAttrs();
2315 for (Attribute RetAttr : RetAttrs)
2316 Check(RetAttr.isStringAttribute() ||
2317 Attribute::canUseAsRetAttr(RetAttr.getKindAsEnum()),
2318 "Attribute '" + RetAttr.getAsString() +
2319 "' does not apply to function return values",
2320 V);
2321
2322 unsigned MaxParameterWidth = 0;
2323 auto GetMaxParameterWidth = [&MaxParameterWidth](Type *Ty) {
2324 if (Ty->isVectorTy()) {
2325 if (auto *VT = dyn_cast<FixedVectorType>(Val: Ty)) {
2326 unsigned Size = VT->getPrimitiveSizeInBits().getFixedValue();
2327 if (Size > MaxParameterWidth)
2328 MaxParameterWidth = Size;
2329 }
2330 }
2331 };
2332 GetMaxParameterWidth(FT->getReturnType());
2333 verifyParameterAttrs(Attrs: RetAttrs, Ty: FT->getReturnType(), V);
2334
2335 // Verify parameter attributes.
2336 for (unsigned i = 0, e = FT->getNumParams(); i != e; ++i) {
2337 Type *Ty = FT->getParamType(i);
2338 AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: i);
2339
2340 if (!IsIntrinsic) {
2341 Check(!ArgAttrs.hasAttribute(Attribute::ImmArg),
2342 "immarg attribute only applies to intrinsics", V);
2343 if (!IsInlineAsm)
2344 Check(!ArgAttrs.hasAttribute(Attribute::ElementType),
2345 "Attribute 'elementtype' can only be applied to intrinsics"
2346 " and inline asm.",
2347 V);
2348 }
2349
2350 verifyParameterAttrs(Attrs: ArgAttrs, Ty, V);
2351 GetMaxParameterWidth(Ty);
2352
2353 if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
2354 Check(!SawNest, "More than one parameter has attribute nest!", V);
2355 SawNest = true;
2356 }
2357
2358 if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
2359 Check(!SawReturned, "More than one parameter has attribute returned!", V);
2360 Check(Ty->canLosslesslyBitCastTo(FT->getReturnType()),
2361 "Incompatible argument and return types for 'returned' attribute",
2362 V);
2363 SawReturned = true;
2364 }
2365
2366 if (ArgAttrs.hasAttribute(Kind: Attribute::StructRet)) {
2367 Check(!SawSRet, "Cannot have multiple 'sret' parameters!", V);
2368 Check(i == 0 || i == 1,
2369 "Attribute 'sret' is not on first or second parameter!", V);
2370 SawSRet = true;
2371 }
2372
2373 if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftSelf)) {
2374 Check(!SawSwiftSelf, "Cannot have multiple 'swiftself' parameters!", V);
2375 SawSwiftSelf = true;
2376 }
2377
2378 if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftAsync)) {
2379 Check(!SawSwiftAsync, "Cannot have multiple 'swiftasync' parameters!", V);
2380 SawSwiftAsync = true;
2381 }
2382
2383 if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftError)) {
2384 Check(!SawSwiftError, "Cannot have multiple 'swifterror' parameters!", V);
2385 SawSwiftError = true;
2386 }
2387
2388 if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca)) {
2389 Check(i == FT->getNumParams() - 1,
2390 "inalloca isn't on the last parameter!", V);
2391 }
2392 }
2393
2394 if (!Attrs.hasFnAttrs())
2395 return;
2396
2397 verifyAttributeTypes(Attrs: Attrs.getFnAttrs(), V);
2398 for (Attribute FnAttr : Attrs.getFnAttrs())
2399 Check(FnAttr.isStringAttribute() ||
2400 Attribute::canUseAsFnAttr(FnAttr.getKindAsEnum()),
2401 "Attribute '" + FnAttr.getAsString() +
2402 "' does not apply to functions!",
2403 V);
2404
2405 Check(!(Attrs.hasFnAttr(Attribute::NoInline) &&
2406 Attrs.hasFnAttr(Attribute::AlwaysInline)),
2407 "Attributes 'noinline and alwaysinline' are incompatible!", V);
2408
2409 if (Attrs.hasFnAttr(Kind: Attribute::OptimizeNone)) {
2410 Check(Attrs.hasFnAttr(Attribute::NoInline),
2411 "Attribute 'optnone' requires 'noinline'!", V);
2412
2413 Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2414 "Attributes 'optsize and optnone' are incompatible!", V);
2415
2416 Check(!Attrs.hasFnAttr(Attribute::MinSize),
2417 "Attributes 'minsize and optnone' are incompatible!", V);
2418
2419 Check(!Attrs.hasFnAttr(Attribute::OptimizeForDebugging),
2420 "Attributes 'optdebug and optnone' are incompatible!", V);
2421 }
2422
2423 Check(!(Attrs.hasFnAttr(Attribute::SanitizeRealtime) &&
2424 Attrs.hasFnAttr(Attribute::SanitizeRealtimeBlocking)),
2425 "Attributes "
2426 "'sanitize_realtime and sanitize_realtime_blocking' are incompatible!",
2427 V);
2428
2429 if (Attrs.hasFnAttr(Kind: Attribute::OptimizeForDebugging)) {
2430 Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2431 "Attributes 'optsize and optdebug' are incompatible!", V);
2432
2433 Check(!Attrs.hasFnAttr(Attribute::MinSize),
2434 "Attributes 'minsize and optdebug' are incompatible!", V);
2435 }
2436
2437 Check(!Attrs.hasAttrSomewhere(Attribute::Writable) ||
2438 isModSet(Attrs.getMemoryEffects().getModRef(IRMemLocation::ArgMem)),
2439 "Attribute writable and memory without argmem: write are incompatible!",
2440 V);
2441
2442 if (Attrs.hasFnAttr(Kind: "aarch64_pstate_sm_enabled")) {
2443 Check(!Attrs.hasFnAttr("aarch64_pstate_sm_compatible"),
2444 "Attributes 'aarch64_pstate_sm_enabled and "
2445 "aarch64_pstate_sm_compatible' are incompatible!",
2446 V);
2447 }
2448
2449 Check((Attrs.hasFnAttr("aarch64_new_za") + Attrs.hasFnAttr("aarch64_in_za") +
2450 Attrs.hasFnAttr("aarch64_inout_za") +
2451 Attrs.hasFnAttr("aarch64_out_za") +
2452 Attrs.hasFnAttr("aarch64_preserves_za") +
2453 Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1,
2454 "Attributes 'aarch64_new_za', 'aarch64_in_za', 'aarch64_out_za', "
2455 "'aarch64_inout_za', 'aarch64_preserves_za' and "
2456 "'aarch64_za_state_agnostic' are mutually exclusive",
2457 V);
2458
2459 Check((Attrs.hasFnAttr("aarch64_new_zt0") +
2460 Attrs.hasFnAttr("aarch64_in_zt0") +
2461 Attrs.hasFnAttr("aarch64_inout_zt0") +
2462 Attrs.hasFnAttr("aarch64_out_zt0") +
2463 Attrs.hasFnAttr("aarch64_preserves_zt0") +
2464 Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1,
2465 "Attributes 'aarch64_new_zt0', 'aarch64_in_zt0', 'aarch64_out_zt0', "
2466 "'aarch64_inout_zt0', 'aarch64_preserves_zt0' and "
2467 "'aarch64_za_state_agnostic' are mutually exclusive",
2468 V);
2469
2470 if (Attrs.hasFnAttr(Kind: Attribute::JumpTable)) {
2471 const GlobalValue *GV = cast<GlobalValue>(Val: V);
2472 Check(GV->hasGlobalUnnamedAddr(),
2473 "Attribute 'jumptable' requires 'unnamed_addr'", V);
2474 }
2475
2476 if (auto Args = Attrs.getFnAttrs().getAllocSizeArgs()) {
2477 auto CheckParam = [&](StringRef Name, unsigned ParamNo) {
2478 if (ParamNo >= FT->getNumParams()) {
2479 CheckFailed(Message: "'allocsize' " + Name + " argument is out of bounds", V1: V);
2480 return false;
2481 }
2482
2483 if (!FT->getParamType(i: ParamNo)->isIntegerTy()) {
2484 CheckFailed(Message: "'allocsize' " + Name +
2485 " argument must refer to an integer parameter",
2486 V1: V);
2487 return false;
2488 }
2489
2490 return true;
2491 };
2492
2493 if (!CheckParam("element size", Args->first))
2494 return;
2495
2496 if (Args->second && !CheckParam("number of elements", *Args->second))
2497 return;
2498 }
2499
2500 if (Attrs.hasFnAttr(Kind: Attribute::AllocKind)) {
2501 AllocFnKind K = Attrs.getAllocKind();
2502 AllocFnKind Type =
2503 K & (AllocFnKind::Alloc | AllocFnKind::Realloc | AllocFnKind::Free);
2504 if (!is_contained(
2505 Set: {AllocFnKind::Alloc, AllocFnKind::Realloc, AllocFnKind::Free},
2506 Element: Type))
2507 CheckFailed(
2508 Message: "'allockind()' requires exactly one of alloc, realloc, and free");
2509 if ((Type == AllocFnKind::Free) &&
2510 ((K & (AllocFnKind::Uninitialized | AllocFnKind::Zeroed |
2511 AllocFnKind::Aligned)) != AllocFnKind::Unknown))
2512 CheckFailed(Message: "'allockind(\"free\")' doesn't allow uninitialized, zeroed, "
2513 "or aligned modifiers.");
2514 AllocFnKind ZeroedUninit = AllocFnKind::Uninitialized | AllocFnKind::Zeroed;
2515 if ((K & ZeroedUninit) == ZeroedUninit)
2516 CheckFailed(Message: "'allockind()' can't be both zeroed and uninitialized");
2517 }
2518
2519 if (Attribute A = Attrs.getFnAttr(Kind: "alloc-variant-zeroed"); A.isValid()) {
2520 StringRef S = A.getValueAsString();
2521 Check(!S.empty(), "'alloc-variant-zeroed' must not be empty");
2522 Function *Variant = M.getFunction(Name: S);
2523 if (Variant) {
2524 Attribute Family = Attrs.getFnAttr(Kind: "alloc-family");
2525 Attribute VariantFamily = Variant->getFnAttribute(Kind: "alloc-family");
2526 if (Family.isValid())
2527 Check(VariantFamily.isValid() &&
2528 VariantFamily.getValueAsString() == Family.getValueAsString(),
2529 "'alloc-variant-zeroed' must name a function belonging to the "
2530 "same 'alloc-family'");
2531
2532 Check(Variant->hasFnAttribute(Attribute::AllocKind) &&
2533 (Variant->getFnAttribute(Attribute::AllocKind).getAllocKind() &
2534 AllocFnKind::Zeroed) != AllocFnKind::Unknown,
2535 "'alloc-variant-zeroed' must name a function with "
2536 "'allockind(\"zeroed\")'");
2537
2538 Check(FT == Variant->getFunctionType(),
2539 "'alloc-variant-zeroed' must name a function with the same "
2540 "signature");
2541
2542 if (const Function *F = dyn_cast<Function>(Val: V))
2543 Check(F->getCallingConv() == Variant->getCallingConv(),
2544 "'alloc-variant-zeroed' must name a function with the same "
2545 "calling convention");
2546 }
2547 }
2548
2549 if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange)) {
2550 unsigned VScaleMin = Attrs.getFnAttrs().getVScaleRangeMin();
2551 if (VScaleMin == 0)
2552 CheckFailed(Message: "'vscale_range' minimum must be greater than 0", V1: V);
2553 else if (!isPowerOf2_32(Value: VScaleMin))
2554 CheckFailed(Message: "'vscale_range' minimum must be power-of-two value", V1: V);
2555 std::optional<unsigned> VScaleMax = Attrs.getFnAttrs().getVScaleRangeMax();
2556 if (VScaleMax && VScaleMin > VScaleMax)
2557 CheckFailed(Message: "'vscale_range' minimum cannot be greater than maximum", V1: V);
2558 else if (VScaleMax && !isPowerOf2_32(Value: *VScaleMax))
2559 CheckFailed(Message: "'vscale_range' maximum must be power-of-two value", V1: V);
2560 }
2561
2562 if (Attribute FPAttr = Attrs.getFnAttr(Kind: "frame-pointer"); FPAttr.isValid()) {
2563 StringRef FP = FPAttr.getValueAsString();
2564 if (FP != "all" && FP != "non-leaf" && FP != "none" && FP != "reserved" &&
2565 FP != "non-leaf-no-reserve")
2566 CheckFailed(Message: "invalid value for 'frame-pointer' attribute: " + FP, V1: V);
2567 }
2568
2569 checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-prefix", V);
2570 checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-entry", V);
2571 if (Attrs.hasFnAttr(Kind: "patchable-function-entry-section"))
2572 Check(!Attrs.getFnAttr("patchable-function-entry-section")
2573 .getValueAsString()
2574 .empty(),
2575 "\"patchable-function-entry-section\" must not be empty");
2576 checkUnsignedBaseTenFuncAttr(Attrs, Attr: "warn-stack-size", V);
2577
2578 if (auto A = Attrs.getFnAttr(Kind: "sign-return-address"); A.isValid()) {
2579 StringRef S = A.getValueAsString();
2580 if (S != "none" && S != "all" && S != "non-leaf")
2581 CheckFailed(Message: "invalid value for 'sign-return-address' attribute: " + S, V1: V);
2582 }
2583
2584 if (auto A = Attrs.getFnAttr(Kind: "sign-return-address-key"); A.isValid()) {
2585 StringRef S = A.getValueAsString();
2586 if (S != "a_key" && S != "b_key")
2587 CheckFailed(Message: "invalid value for 'sign-return-address-key' attribute: " + S,
2588 V1: V);
2589 if (auto AA = Attrs.getFnAttr(Kind: "sign-return-address"); !AA.isValid()) {
2590 CheckFailed(
2591 Message: "'sign-return-address-key' present without `sign-return-address`");
2592 }
2593 }
2594
2595 if (auto A = Attrs.getFnAttr(Kind: "branch-target-enforcement"); A.isValid()) {
2596 StringRef S = A.getValueAsString();
2597 if (S != "" && S != "true" && S != "false")
2598 CheckFailed(
2599 Message: "invalid value for 'branch-target-enforcement' attribute: " + S, V1: V);
2600 }
2601
2602 if (auto A = Attrs.getFnAttr(Kind: "branch-protection-pauth-lr"); A.isValid()) {
2603 StringRef S = A.getValueAsString();
2604 if (S != "" && S != "true" && S != "false")
2605 CheckFailed(
2606 Message: "invalid value for 'branch-protection-pauth-lr' attribute: " + S, V1: V);
2607 }
2608
2609 if (auto A = Attrs.getFnAttr(Kind: "guarded-control-stack"); A.isValid()) {
2610 StringRef S = A.getValueAsString();
2611 if (S != "" && S != "true" && S != "false")
2612 CheckFailed(Message: "invalid value for 'guarded-control-stack' attribute: " + S,
2613 V1: V);
2614 }
2615
2616 if (auto A = Attrs.getFnAttr(Kind: "vector-function-abi-variant"); A.isValid()) {
2617 StringRef S = A.getValueAsString();
2618 const std::optional<VFInfo> Info = VFABI::tryDemangleForVFABI(MangledName: S, FTy: FT);
2619 if (!Info)
2620 CheckFailed(Message: "invalid name for a VFABI variant: " + S, V1: V);
2621 }
2622
2623 if (auto A = Attrs.getFnAttr(Kind: "denormal-fp-math"); A.isValid()) {
2624 StringRef S = A.getValueAsString();
2625 if (!parseDenormalFPAttribute(Str: S).isValid())
2626 CheckFailed(Message: "invalid value for 'denormal-fp-math' attribute: " + S, V1: V);
2627 }
2628
2629 if (auto A = Attrs.getFnAttr(Kind: "denormal-fp-math-f32"); A.isValid()) {
2630 StringRef S = A.getValueAsString();
2631 if (!parseDenormalFPAttribute(Str: S).isValid())
2632 CheckFailed(Message: "invalid value for 'denormal-fp-math-f32' attribute: " + S,
2633 V1: V);
2634 }
2635
2636 if (auto A = Attrs.getFnAttr(Kind: "modular-format"); A.isValid()) {
2637 StringRef S = A.getValueAsString();
2638 SmallVector<StringRef> Args;
2639 S.split(A&: Args, Separator: ',');
2640 Check(Args.size() >= 5,
2641 "modular-format attribute requires at least 5 arguments", V);
2642 unsigned FirstArgIdx;
2643 Check(!Args[2].getAsInteger(10, FirstArgIdx),
2644 "modular-format attribute first arg index is not an integer", V);
2645 unsigned UpperBound = FT->getNumParams() + (FT->isVarArg() ? 1 : 0);
2646 Check(FirstArgIdx > 0 && FirstArgIdx <= UpperBound,
2647 "modular-format attribute first arg index is out of bounds", V);
2648 }
2649
2650 if (auto A = Attrs.getFnAttr(Kind: "target-features"); A.isValid()) {
2651 StringRef S = A.getValueAsString();
2652 if (!S.empty()) {
2653 for (auto FeatureFlag : split(Str: S, Separator: ',')) {
2654 if (FeatureFlag.empty())
2655 CheckFailed(
2656 Message: "target-features attribute should not contain an empty string");
2657 else
2658 Check(FeatureFlag[0] == '+' || FeatureFlag[0] == '-',
2659 "target feature '" + FeatureFlag +
2660 "' must start with a '+' or '-'",
2661 V);
2662 }
2663 }
2664 }
2665}
2666void Verifier::verifyUnknownProfileMetadata(MDNode *MD) {
2667 Check(MD->getNumOperands() == 2,
2668 "'unknown' !prof should have a single additional operand", MD);
2669 auto *PassName = dyn_cast<MDString>(Val: MD->getOperand(I: 1));
2670 Check(PassName != nullptr,
2671 "'unknown' !prof should have an additional operand of type "
2672 "string");
2673 Check(!PassName->getString().empty(),
2674 "the 'unknown' !prof operand should not be an empty string");
2675}
2676
2677void Verifier::verifyFunctionMetadata(
2678 ArrayRef<std::pair<unsigned, MDNode *>> MDs) {
2679 for (const auto &Pair : MDs) {
2680 if (Pair.first == LLVMContext::MD_prof) {
2681 MDNode *MD = Pair.second;
2682 Check(MD->getNumOperands() >= 2,
2683 "!prof annotations should have no less than 2 operands", MD);
2684 // We may have functions that are synthesized by the compiler, e.g. in
2685 // WPD, that we can't currently determine the entry count.
2686 if (MD->getOperand(I: 0).equalsStr(
2687 Str: MDProfLabels::UnknownBranchWeightsMarker)) {
2688 verifyUnknownProfileMetadata(MD);
2689 continue;
2690 }
2691
2692 // Check first operand.
2693 Check(MD->getOperand(0) != nullptr, "first operand should not be null",
2694 MD);
2695 Check(isa<MDString>(MD->getOperand(0)),
2696 "expected string with name of the !prof annotation", MD);
2697 MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
2698 StringRef ProfName = MDS->getString();
2699 Check(ProfName == MDProfLabels::FunctionEntryCount ||
2700 ProfName == MDProfLabels::SyntheticFunctionEntryCount,
2701 "first operand should be 'function_entry_count'"
2702 " or 'synthetic_function_entry_count'",
2703 MD);
2704
2705 // Check second operand.
2706 Check(MD->getOperand(1) != nullptr, "second operand should not be null",
2707 MD);
2708 Check(isa<ConstantAsMetadata>(MD->getOperand(1)),
2709 "expected integer argument to function_entry_count", MD);
2710 } else if (Pair.first == LLVMContext::MD_kcfi_type) {
2711 MDNode *MD = Pair.second;
2712 Check(MD->getNumOperands() == 1,
2713 "!kcfi_type must have exactly one operand", MD);
2714 Check(MD->getOperand(0) != nullptr, "!kcfi_type operand must not be null",
2715 MD);
2716 Check(isa<ConstantAsMetadata>(MD->getOperand(0)),
2717 "expected a constant operand for !kcfi_type", MD);
2718 Constant *C = cast<ConstantAsMetadata>(Val: MD->getOperand(I: 0))->getValue();
2719 Check(isa<ConstantInt>(C) && isa<IntegerType>(C->getType()),
2720 "expected a constant integer operand for !kcfi_type", MD);
2721 Check(cast<ConstantInt>(C)->getBitWidth() == 32,
2722 "expected a 32-bit integer constant operand for !kcfi_type", MD);
2723 }
2724 }
2725}
2726
2727void Verifier::visitConstantExprsRecursively(const Constant *EntryC) {
2728 if (EntryC->getNumOperands() == 0)
2729 return;
2730
2731 if (!ConstantExprVisited.insert(Ptr: EntryC).second)
2732 return;
2733
2734 SmallVector<const Constant *, 16> Stack;
2735 Stack.push_back(Elt: EntryC);
2736
2737 while (!Stack.empty()) {
2738 const Constant *C = Stack.pop_back_val();
2739
2740 // Check this constant expression.
2741 if (const auto *CE = dyn_cast<ConstantExpr>(Val: C))
2742 visitConstantExpr(CE);
2743
2744 if (const auto *CPA = dyn_cast<ConstantPtrAuth>(Val: C))
2745 visitConstantPtrAuth(CPA);
2746
2747 if (const auto *GV = dyn_cast<GlobalValue>(Val: C)) {
2748 // Global Values get visited separately, but we do need to make sure
2749 // that the global value is in the correct module
2750 Check(GV->getParent() == &M, "Referencing global in another module!",
2751 EntryC, &M, GV, GV->getParent());
2752 continue;
2753 }
2754
2755 // Visit all sub-expressions.
2756 for (const Use &U : C->operands()) {
2757 const auto *OpC = dyn_cast<Constant>(Val: U);
2758 if (!OpC)
2759 continue;
2760 if (!ConstantExprVisited.insert(Ptr: OpC).second)
2761 continue;
2762 Stack.push_back(Elt: OpC);
2763 }
2764 }
2765}
2766
2767void Verifier::visitConstantExpr(const ConstantExpr *CE) {
2768 if (CE->getOpcode() == Instruction::BitCast)
2769 Check(CastInst::castIsValid(Instruction::BitCast, CE->getOperand(0),
2770 CE->getType()),
2771 "Invalid bitcast", CE);
2772 else if (CE->getOpcode() == Instruction::PtrToAddr)
2773 checkPtrToAddr(SrcTy: CE->getOperand(i_nocapture: 0)->getType(), DestTy: CE->getType(), V: *CE);
2774}
2775
2776void Verifier::visitConstantPtrAuth(const ConstantPtrAuth *CPA) {
2777 Check(CPA->getPointer()->getType()->isPointerTy(),
2778 "signed ptrauth constant base pointer must have pointer type");
2779
2780 Check(CPA->getType() == CPA->getPointer()->getType(),
2781 "signed ptrauth constant must have same type as its base pointer");
2782
2783 Check(CPA->getKey()->getBitWidth() == 32,
2784 "signed ptrauth constant key must be i32 constant integer");
2785
2786 Check(CPA->getAddrDiscriminator()->getType()->isPointerTy(),
2787 "signed ptrauth constant address discriminator must be a pointer");
2788
2789 Check(CPA->getDiscriminator()->getBitWidth() == 64,
2790 "signed ptrauth constant discriminator must be i64 constant integer");
2791
2792 Check(CPA->getDeactivationSymbol()->getType()->isPointerTy(),
2793 "signed ptrauth constant deactivation symbol must be a pointer");
2794
2795 Check(isa<GlobalValue>(CPA->getDeactivationSymbol()) ||
2796 CPA->getDeactivationSymbol()->isNullValue(),
2797 "signed ptrauth constant deactivation symbol must be a global value "
2798 "or null");
2799}
2800
2801bool Verifier::verifyAttributeCount(AttributeList Attrs, unsigned Params) {
2802 // There shouldn't be more attribute sets than there are parameters plus the
2803 // function and return value.
2804 return Attrs.getNumAttrSets() <= Params + 2;
2805}
2806
2807void Verifier::verifyInlineAsmCall(const CallBase &Call) {
2808 const InlineAsm *IA = cast<InlineAsm>(Val: Call.getCalledOperand());
2809 unsigned ArgNo = 0;
2810 unsigned LabelNo = 0;
2811 for (const InlineAsm::ConstraintInfo &CI : IA->ParseConstraints()) {
2812 if (CI.Type == InlineAsm::isLabel) {
2813 ++LabelNo;
2814 continue;
2815 }
2816
2817 // Only deal with constraints that correspond to call arguments.
2818 if (!CI.hasArg())
2819 continue;
2820
2821 if (CI.isIndirect) {
2822 const Value *Arg = Call.getArgOperand(i: ArgNo);
2823 Check(Arg->getType()->isPointerTy(),
2824 "Operand for indirect constraint must have pointer type", &Call);
2825
2826 Check(Call.getParamElementType(ArgNo),
2827 "Operand for indirect constraint must have elementtype attribute",
2828 &Call);
2829 } else {
2830 Check(!Call.paramHasAttr(ArgNo, Attribute::ElementType),
2831 "Elementtype attribute can only be applied for indirect "
2832 "constraints",
2833 &Call);
2834 }
2835
2836 ArgNo++;
2837 }
2838
2839 if (auto *CallBr = dyn_cast<CallBrInst>(Val: &Call)) {
2840 Check(LabelNo == CallBr->getNumIndirectDests(),
2841 "Number of label constraints does not match number of callbr dests",
2842 &Call);
2843 } else {
2844 Check(LabelNo == 0, "Label constraints can only be used with callbr",
2845 &Call);
2846 }
2847}
2848
2849/// Verify that statepoint intrinsic is well formed.
2850void Verifier::verifyStatepoint(const CallBase &Call) {
2851 assert(Call.getIntrinsicID() == Intrinsic::experimental_gc_statepoint);
2852
2853 Check(!Call.doesNotAccessMemory() && !Call.onlyReadsMemory() &&
2854 !Call.onlyAccessesArgMemory(),
2855 "gc.statepoint must read and write all memory to preserve "
2856 "reordering restrictions required by safepoint semantics",
2857 Call);
2858
2859 const int64_t NumPatchBytes =
2860 cast<ConstantInt>(Val: Call.getArgOperand(i: 1))->getSExtValue();
2861 assert(isInt<32>(NumPatchBytes) && "NumPatchBytesV is an i32!");
2862 Check(NumPatchBytes >= 0,
2863 "gc.statepoint number of patchable bytes must be "
2864 "positive",
2865 Call);
2866
2867 Type *TargetElemType = Call.getParamElementType(ArgNo: 2);
2868 Check(TargetElemType,
2869 "gc.statepoint callee argument must have elementtype attribute", Call);
2870 FunctionType *TargetFuncType = dyn_cast<FunctionType>(Val: TargetElemType);
2871 Check(TargetFuncType,
2872 "gc.statepoint callee elementtype must be function type", Call);
2873
2874 const int NumCallArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: 3))->getZExtValue();
2875 Check(NumCallArgs >= 0,
2876 "gc.statepoint number of arguments to underlying call "
2877 "must be positive",
2878 Call);
2879 const int NumParams = (int)TargetFuncType->getNumParams();
2880 if (TargetFuncType->isVarArg()) {
2881 Check(NumCallArgs >= NumParams,
2882 "gc.statepoint mismatch in number of vararg call args", Call);
2883
2884 // TODO: Remove this limitation
2885 Check(TargetFuncType->getReturnType()->isVoidTy(),
2886 "gc.statepoint doesn't support wrapping non-void "
2887 "vararg functions yet",
2888 Call);
2889 } else
2890 Check(NumCallArgs == NumParams,
2891 "gc.statepoint mismatch in number of call args", Call);
2892
2893 const uint64_t Flags
2894 = cast<ConstantInt>(Val: Call.getArgOperand(i: 4))->getZExtValue();
2895 Check((Flags & ~(uint64_t)StatepointFlags::MaskAll) == 0,
2896 "unknown flag used in gc.statepoint flags argument", Call);
2897
2898 // Verify that the types of the call parameter arguments match
2899 // the type of the wrapped callee.
2900 AttributeList Attrs = Call.getAttributes();
2901 for (int i = 0; i < NumParams; i++) {
2902 Type *ParamType = TargetFuncType->getParamType(i);
2903 Type *ArgType = Call.getArgOperand(i: 5 + i)->getType();
2904 Check(ArgType == ParamType,
2905 "gc.statepoint call argument does not match wrapped "
2906 "function type",
2907 Call);
2908
2909 if (TargetFuncType->isVarArg()) {
2910 AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: 5 + i);
2911 Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
2912 "Attribute 'sret' cannot be used for vararg call arguments!", Call);
2913 }
2914 }
2915
2916 const int EndCallArgsInx = 4 + NumCallArgs;
2917
2918 const Value *NumTransitionArgsV = Call.getArgOperand(i: EndCallArgsInx + 1);
2919 Check(isa<ConstantInt>(NumTransitionArgsV),
2920 "gc.statepoint number of transition arguments "
2921 "must be constant integer",
2922 Call);
2923 const int NumTransitionArgs =
2924 cast<ConstantInt>(Val: NumTransitionArgsV)->getZExtValue();
2925 Check(NumTransitionArgs == 0,
2926 "gc.statepoint w/inline transition bundle is deprecated", Call);
2927 const int EndTransitionArgsInx = EndCallArgsInx + 1 + NumTransitionArgs;
2928
2929 const Value *NumDeoptArgsV = Call.getArgOperand(i: EndTransitionArgsInx + 1);
2930 Check(isa<ConstantInt>(NumDeoptArgsV),
2931 "gc.statepoint number of deoptimization arguments "
2932 "must be constant integer",
2933 Call);
2934 const int NumDeoptArgs = cast<ConstantInt>(Val: NumDeoptArgsV)->getZExtValue();
2935 Check(NumDeoptArgs == 0,
2936 "gc.statepoint w/inline deopt operands is deprecated", Call);
2937
2938 const int ExpectedNumArgs = 7 + NumCallArgs;
2939 Check(ExpectedNumArgs == (int)Call.arg_size(),
2940 "gc.statepoint too many arguments", Call);
2941
2942 // Check that the only uses of this gc.statepoint are gc.result or
2943 // gc.relocate calls which are tied to this statepoint and thus part
2944 // of the same statepoint sequence
2945 for (const User *U : Call.users()) {
2946 const CallInst *UserCall = dyn_cast<const CallInst>(Val: U);
2947 Check(UserCall, "illegal use of statepoint token", Call, U);
2948 if (!UserCall)
2949 continue;
2950 Check(isa<GCRelocateInst>(UserCall) || isa<GCResultInst>(UserCall),
2951 "gc.result or gc.relocate are the only value uses "
2952 "of a gc.statepoint",
2953 Call, U);
2954 if (isa<GCResultInst>(Val: UserCall)) {
2955 Check(UserCall->getArgOperand(0) == &Call,
2956 "gc.result connected to wrong gc.statepoint", Call, UserCall);
2957 } else if (isa<GCRelocateInst>(Val: Call)) {
2958 Check(UserCall->getArgOperand(0) == &Call,
2959 "gc.relocate connected to wrong gc.statepoint", Call, UserCall);
2960 }
2961 }
2962
2963 // Note: It is legal for a single derived pointer to be listed multiple
2964 // times. It's non-optimal, but it is legal. It can also happen after
2965 // insertion if we strip a bitcast away.
2966 // Note: It is really tempting to check that each base is relocated and
2967 // that a derived pointer is never reused as a base pointer. This turns
2968 // out to be problematic since optimizations run after safepoint insertion
2969 // can recognize equality properties that the insertion logic doesn't know
2970 // about. See example statepoint.ll in the verifier subdirectory
2971}
2972
2973void Verifier::verifyFrameRecoverIndices() {
2974 for (auto &Counts : FrameEscapeInfo) {
2975 Function *F = Counts.first;
2976 unsigned EscapedObjectCount = Counts.second.first;
2977 unsigned MaxRecoveredIndex = Counts.second.second;
2978 Check(MaxRecoveredIndex <= EscapedObjectCount,
2979 "all indices passed to llvm.localrecover must be less than the "
2980 "number of arguments passed to llvm.localescape in the parent "
2981 "function",
2982 F);
2983 }
2984}
2985
2986static Instruction *getSuccPad(Instruction *Terminator) {
2987 BasicBlock *UnwindDest;
2988 if (auto *II = dyn_cast<InvokeInst>(Val: Terminator))
2989 UnwindDest = II->getUnwindDest();
2990 else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: Terminator))
2991 UnwindDest = CSI->getUnwindDest();
2992 else
2993 UnwindDest = cast<CleanupReturnInst>(Val: Terminator)->getUnwindDest();
2994 return &*UnwindDest->getFirstNonPHIIt();
2995}
2996
2997void Verifier::verifySiblingFuncletUnwinds() {
2998 llvm::TimeTraceScope timeScope("Verifier verify sibling funclet unwinds");
2999 SmallPtrSet<Instruction *, 8> Visited;
3000 SmallPtrSet<Instruction *, 8> Active;
3001 for (const auto &Pair : SiblingFuncletInfo) {
3002 Instruction *PredPad = Pair.first;
3003 if (Visited.count(Ptr: PredPad))
3004 continue;
3005 Active.insert(Ptr: PredPad);
3006 Instruction *Terminator = Pair.second;
3007 do {
3008 Instruction *SuccPad = getSuccPad(Terminator);
3009 if (Active.count(Ptr: SuccPad)) {
3010 // Found a cycle; report error
3011 Instruction *CyclePad = SuccPad;
3012 SmallVector<Instruction *, 8> CycleNodes;
3013 do {
3014 CycleNodes.push_back(Elt: CyclePad);
3015 Instruction *CycleTerminator = SiblingFuncletInfo[CyclePad];
3016 if (CycleTerminator != CyclePad)
3017 CycleNodes.push_back(Elt: CycleTerminator);
3018 CyclePad = getSuccPad(Terminator: CycleTerminator);
3019 } while (CyclePad != SuccPad);
3020 Check(false, "EH pads can't handle each other's exceptions",
3021 ArrayRef<Instruction *>(CycleNodes));
3022 }
3023 // Don't re-walk a node we've already checked
3024 if (!Visited.insert(Ptr: SuccPad).second)
3025 break;
3026 // Walk to this successor if it has a map entry.
3027 PredPad = SuccPad;
3028 auto TermI = SiblingFuncletInfo.find(Key: PredPad);
3029 if (TermI == SiblingFuncletInfo.end())
3030 break;
3031 Terminator = TermI->second;
3032 Active.insert(Ptr: PredPad);
3033 } while (true);
3034 // Each node only has one successor, so we've walked all the active
3035 // nodes' successors.
3036 Active.clear();
3037 }
3038}
3039
3040// visitFunction - Verify that a function is ok.
3041//
3042void Verifier::visitFunction(const Function &F) {
3043 visitGlobalValue(GV: F);
3044
3045 // Check function arguments.
3046 FunctionType *FT = F.getFunctionType();
3047 unsigned NumArgs = F.arg_size();
3048
3049 Check(&Context == &F.getContext(),
3050 "Function context does not match Module context!", &F);
3051
3052 Check(!F.hasCommonLinkage(), "Functions may not have common linkage", &F);
3053 Check(FT->getNumParams() == NumArgs,
3054 "# formal arguments must match # of arguments for function type!", &F,
3055 FT);
3056 Check(F.getReturnType()->isFirstClassType() ||
3057 F.getReturnType()->isVoidTy() || F.getReturnType()->isStructTy(),
3058 "Functions cannot return aggregate values!", &F);
3059
3060 Check(!F.hasStructRetAttr() || F.getReturnType()->isVoidTy(),
3061 "Invalid struct return type!", &F);
3062
3063 if (MaybeAlign A = F.getAlign()) {
3064 Check(A->value() <= Value::MaximumAlignment,
3065 "huge alignment values are unsupported", &F);
3066 }
3067
3068 AttributeList Attrs = F.getAttributes();
3069
3070 Check(verifyAttributeCount(Attrs, FT->getNumParams()),
3071 "Attribute after last parameter!", &F);
3072
3073 bool IsIntrinsic = F.isIntrinsic();
3074
3075 // Check function attributes.
3076 verifyFunctionAttrs(FT, Attrs, V: &F, IsIntrinsic, /* IsInlineAsm */ false);
3077
3078 // On function declarations/definitions, we do not support the builtin
3079 // attribute. We do not check this in VerifyFunctionAttrs since that is
3080 // checking for Attributes that can/can not ever be on functions.
3081 Check(!Attrs.hasFnAttr(Attribute::Builtin),
3082 "Attribute 'builtin' can only be applied to a callsite.", &F);
3083
3084 Check(!Attrs.hasAttrSomewhere(Attribute::ElementType),
3085 "Attribute 'elementtype' can only be applied to a callsite.", &F);
3086
3087 Check(!Attrs.hasFnAttr("aarch64_zt0_undef"),
3088 "Attribute 'aarch64_zt0_undef' can only be applied to a callsite.");
3089
3090 if (Attrs.hasFnAttr(Kind: Attribute::Naked))
3091 for (const Argument &Arg : F.args())
3092 Check(Arg.use_empty(), "cannot use argument of naked function", &Arg);
3093
3094 // Check that this function meets the restrictions on this calling convention.
3095 // Sometimes varargs is used for perfectly forwarding thunks, so some of these
3096 // restrictions can be lifted.
3097 switch (F.getCallingConv()) {
3098 default:
3099 case CallingConv::C:
3100 break;
3101 case CallingConv::X86_INTR: {
3102 Check(F.arg_empty() || Attrs.hasParamAttr(0, Attribute::ByVal),
3103 "Calling convention parameter requires byval", &F);
3104 break;
3105 }
3106 case CallingConv::AMDGPU_KERNEL:
3107 case CallingConv::SPIR_KERNEL:
3108 case CallingConv::AMDGPU_CS_Chain:
3109 case CallingConv::AMDGPU_CS_ChainPreserve:
3110 Check(F.getReturnType()->isVoidTy(),
3111 "Calling convention requires void return type", &F);
3112 [[fallthrough]];
3113 case CallingConv::AMDGPU_VS:
3114 case CallingConv::AMDGPU_HS:
3115 case CallingConv::AMDGPU_GS:
3116 case CallingConv::AMDGPU_PS:
3117 case CallingConv::AMDGPU_CS:
3118 Check(!F.hasStructRetAttr(), "Calling convention does not allow sret", &F);
3119 if (F.getCallingConv() != CallingConv::SPIR_KERNEL) {
3120 const unsigned StackAS = DL.getAllocaAddrSpace();
3121 unsigned i = 0;
3122 for (const Argument &Arg : F.args()) {
3123 Check(!Attrs.hasParamAttr(i, Attribute::ByVal),
3124 "Calling convention disallows byval", &F);
3125 Check(!Attrs.hasParamAttr(i, Attribute::Preallocated),
3126 "Calling convention disallows preallocated", &F);
3127 Check(!Attrs.hasParamAttr(i, Attribute::InAlloca),
3128 "Calling convention disallows inalloca", &F);
3129
3130 if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ByRef)) {
3131 // FIXME: Should also disallow LDS and GDS, but we don't have the enum
3132 // value here.
3133 Check(Arg.getType()->getPointerAddressSpace() != StackAS,
3134 "Calling convention disallows stack byref", &F);
3135 }
3136
3137 ++i;
3138 }
3139 }
3140
3141 [[fallthrough]];
3142 case CallingConv::Fast:
3143 case CallingConv::Cold:
3144 case CallingConv::Intel_OCL_BI:
3145 case CallingConv::PTX_Kernel:
3146 case CallingConv::PTX_Device:
3147 Check(!F.isVarArg(),
3148 "Calling convention does not support varargs or "
3149 "perfect forwarding!",
3150 &F);
3151 break;
3152 case CallingConv::AMDGPU_Gfx_WholeWave:
3153 Check(!F.arg_empty() && F.arg_begin()->getType()->isIntegerTy(1),
3154 "Calling convention requires first argument to be i1", &F);
3155 Check(!F.arg_begin()->hasInRegAttr(),
3156 "Calling convention requires first argument to not be inreg", &F);
3157 Check(!F.isVarArg(),
3158 "Calling convention does not support varargs or "
3159 "perfect forwarding!",
3160 &F);
3161 break;
3162 }
3163
3164 // Check that the argument values match the function type for this function...
3165 unsigned i = 0;
3166 for (const Argument &Arg : F.args()) {
3167 Check(Arg.getType() == FT->getParamType(i),
3168 "Argument value does not match function argument type!", &Arg,
3169 FT->getParamType(i));
3170 Check(Arg.getType()->isFirstClassType(),
3171 "Function arguments must have first-class types!", &Arg);
3172 if (!IsIntrinsic) {
3173 Check(!Arg.getType()->isMetadataTy(),
3174 "Function takes metadata but isn't an intrinsic", &Arg, &F);
3175 Check(!Arg.getType()->isTokenLikeTy(),
3176 "Function takes token but isn't an intrinsic", &Arg, &F);
3177 Check(!Arg.getType()->isX86_AMXTy(),
3178 "Function takes x86_amx but isn't an intrinsic", &Arg, &F);
3179 }
3180
3181 // Check that swifterror argument is only used by loads and stores.
3182 if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3183 verifySwiftErrorValue(SwiftErrorVal: &Arg);
3184 }
3185 ++i;
3186 }
3187
3188 if (!IsIntrinsic) {
3189 Check(!F.getReturnType()->isTokenLikeTy(),
3190 "Function returns a token but isn't an intrinsic", &F);
3191 Check(!F.getReturnType()->isX86_AMXTy(),
3192 "Function returns a x86_amx but isn't an intrinsic", &F);
3193 }
3194
3195 // Get the function metadata attachments.
3196 SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
3197 F.getAllMetadata(MDs);
3198 assert(F.hasMetadata() != MDs.empty() && "Bit out-of-sync");
3199 verifyFunctionMetadata(MDs);
3200
3201 // Check validity of the personality function
3202 if (F.hasPersonalityFn()) {
3203 auto *Per = dyn_cast<Function>(Val: F.getPersonalityFn()->stripPointerCasts());
3204 if (Per)
3205 Check(Per->getParent() == F.getParent(),
3206 "Referencing personality function in another module!", &F,
3207 F.getParent(), Per, Per->getParent());
3208 }
3209
3210 // EH funclet coloring can be expensive, recompute on-demand
3211 BlockEHFuncletColors.clear();
3212
3213 if (F.isMaterializable()) {
3214 // Function has a body somewhere we can't see.
3215 Check(MDs.empty(), "unmaterialized function cannot have metadata", &F,
3216 MDs.empty() ? nullptr : MDs.front().second);
3217 } else if (F.isDeclaration()) {
3218 for (const auto &I : MDs) {
3219 // This is used for call site debug information.
3220 CheckDI(I.first != LLVMContext::MD_dbg ||
3221 !cast<DISubprogram>(I.second)->isDistinct(),
3222 "function declaration may only have a unique !dbg attachment",
3223 &F);
3224 Check(I.first != LLVMContext::MD_prof,
3225 "function declaration may not have a !prof attachment", &F);
3226
3227 // Verify the metadata itself.
3228 visitMDNode(MD: *I.second, AllowLocs: AreDebugLocsAllowed::Yes);
3229 }
3230 Check(!F.hasPersonalityFn(),
3231 "Function declaration shouldn't have a personality routine", &F);
3232 } else {
3233 // Verify that this function (which has a body) is not named "llvm.*". It
3234 // is not legal to define intrinsics.
3235 Check(!IsIntrinsic, "llvm intrinsics cannot be defined!", &F);
3236
3237 // Check the entry node
3238 const BasicBlock *Entry = &F.getEntryBlock();
3239 Check(pred_empty(Entry),
3240 "Entry block to function must not have predecessors!", Entry);
3241
3242 // The address of the entry block cannot be taken, unless it is dead.
3243 if (Entry->hasAddressTaken()) {
3244 Check(!BlockAddress::lookup(Entry)->isConstantUsed(),
3245 "blockaddress may not be used with the entry block!", Entry);
3246 }
3247
3248 unsigned NumDebugAttachments = 0, NumProfAttachments = 0,
3249 NumKCFIAttachments = 0;
3250 // Visit metadata attachments.
3251 for (const auto &I : MDs) {
3252 // Verify that the attachment is legal.
3253 auto AllowLocs = AreDebugLocsAllowed::No;
3254 switch (I.first) {
3255 default:
3256 break;
3257 case LLVMContext::MD_dbg: {
3258 ++NumDebugAttachments;
3259 CheckDI(NumDebugAttachments == 1,
3260 "function must have a single !dbg attachment", &F, I.second);
3261 CheckDI(isa<DISubprogram>(I.second),
3262 "function !dbg attachment must be a subprogram", &F, I.second);
3263 CheckDI(cast<DISubprogram>(I.second)->isDistinct(),
3264 "function definition may only have a distinct !dbg attachment",
3265 &F);
3266
3267 auto *SP = cast<DISubprogram>(Val: I.second);
3268 const Function *&AttachedTo = DISubprogramAttachments[SP];
3269 CheckDI(!AttachedTo || AttachedTo == &F,
3270 "DISubprogram attached to more than one function", SP, &F);
3271 AttachedTo = &F;
3272 AllowLocs = AreDebugLocsAllowed::Yes;
3273 break;
3274 }
3275 case LLVMContext::MD_prof:
3276 ++NumProfAttachments;
3277 Check(NumProfAttachments == 1,
3278 "function must have a single !prof attachment", &F, I.second);
3279 break;
3280 case LLVMContext::MD_kcfi_type:
3281 ++NumKCFIAttachments;
3282 Check(NumKCFIAttachments == 1,
3283 "function must have a single !kcfi_type attachment", &F,
3284 I.second);
3285 break;
3286 }
3287
3288 // Verify the metadata itself.
3289 visitMDNode(MD: *I.second, AllowLocs);
3290 }
3291 }
3292
3293 // If this function is actually an intrinsic, verify that it is only used in
3294 // direct call/invokes, never having its "address taken".
3295 // Only do this if the module is materialized, otherwise we don't have all the
3296 // uses.
3297 if (F.isIntrinsic() && F.getParent()->isMaterialized()) {
3298 const User *U;
3299 if (F.hasAddressTaken(&U, IgnoreCallbackUses: false, IgnoreAssumeLikeCalls: true, IngoreLLVMUsed: false,
3300 /*IgnoreARCAttachedCall=*/true))
3301 Check(false, "Invalid user of intrinsic instruction!", U);
3302 }
3303
3304 // Check intrinsics' signatures.
3305 switch (F.getIntrinsicID()) {
3306 case Intrinsic::experimental_gc_get_pointer_base: {
3307 FunctionType *FT = F.getFunctionType();
3308 Check(FT->getNumParams() == 1, "wrong number of parameters", F);
3309 Check(isa<PointerType>(F.getReturnType()),
3310 "gc.get.pointer.base must return a pointer", F);
3311 Check(FT->getParamType(0) == F.getReturnType(),
3312 "gc.get.pointer.base operand and result must be of the same type", F);
3313 break;
3314 }
3315 case Intrinsic::experimental_gc_get_pointer_offset: {
3316 FunctionType *FT = F.getFunctionType();
3317 Check(FT->getNumParams() == 1, "wrong number of parameters", F);
3318 Check(isa<PointerType>(FT->getParamType(0)),
3319 "gc.get.pointer.offset operand must be a pointer", F);
3320 Check(F.getReturnType()->isIntegerTy(),
3321 "gc.get.pointer.offset must return integer", F);
3322 break;
3323 }
3324 }
3325
3326 auto *N = F.getSubprogram();
3327 HasDebugInfo = (N != nullptr);
3328 if (!HasDebugInfo)
3329 return;
3330
3331 // Check that all !dbg attachments lead to back to N.
3332 //
3333 // FIXME: Check this incrementally while visiting !dbg attachments.
3334 // FIXME: Only check when N is the canonical subprogram for F.
3335 SmallPtrSet<const MDNode *, 32> Seen;
3336 auto VisitDebugLoc = [&](const Instruction &I, const MDNode *Node) {
3337 // Be careful about using DILocation here since we might be dealing with
3338 // broken code (this is the Verifier after all).
3339 const DILocation *DL = dyn_cast_or_null<DILocation>(Val: Node);
3340 if (!DL)
3341 return;
3342 if (!Seen.insert(Ptr: DL).second)
3343 return;
3344
3345 Metadata *Parent = DL->getRawScope();
3346 CheckDI(Parent && isa<DILocalScope>(Parent),
3347 "DILocation's scope must be a DILocalScope", N, &F, &I, DL, Parent);
3348
3349 DILocalScope *Scope = DL->getInlinedAtScope();
3350 Check(Scope, "Failed to find DILocalScope", DL);
3351
3352 if (!Seen.insert(Ptr: Scope).second)
3353 return;
3354
3355 DISubprogram *SP = Scope->getSubprogram();
3356
3357 // Scope and SP could be the same MDNode and we don't want to skip
3358 // validation in that case
3359 if ((Scope != SP) && !Seen.insert(Ptr: SP).second)
3360 return;
3361
3362 CheckDI(SP->describes(&F),
3363 "!dbg attachment points at wrong subprogram for function", N, &F,
3364 &I, DL, Scope, SP);
3365 };
3366 for (auto &BB : F)
3367 for (auto &I : BB) {
3368 VisitDebugLoc(I, I.getDebugLoc().getAsMDNode());
3369 // The llvm.loop annotations also contain two DILocations.
3370 if (auto MD = I.getMetadata(KindID: LLVMContext::MD_loop))
3371 for (unsigned i = 1; i < MD->getNumOperands(); ++i)
3372 VisitDebugLoc(I, dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: i)));
3373 if (BrokenDebugInfo)
3374 return;
3375 }
3376}
3377
3378// verifyBasicBlock - Verify that a basic block is well formed...
3379//
3380void Verifier::visitBasicBlock(BasicBlock &BB) {
3381 InstsInThisBlock.clear();
3382 ConvergenceVerifyHelper.visit(BB);
3383
3384 // Ensure that basic blocks have terminators!
3385 Check(BB.getTerminator(), "Basic Block does not have terminator!", &BB);
3386
3387 // Check constraints that this basic block imposes on all of the PHI nodes in
3388 // it.
3389 if (isa<PHINode>(Val: BB.front())) {
3390 SmallVector<BasicBlock *, 8> Preds(predecessors(BB: &BB));
3391 SmallVector<std::pair<BasicBlock*, Value*>, 8> Values;
3392 llvm::sort(C&: Preds);
3393 for (const PHINode &PN : BB.phis()) {
3394 Check(PN.getNumIncomingValues() == Preds.size(),
3395 "PHINode should have one entry for each predecessor of its "
3396 "parent basic block!",
3397 &PN);
3398
3399 // Get and sort all incoming values in the PHI node...
3400 Values.clear();
3401 Values.reserve(N: PN.getNumIncomingValues());
3402 for (unsigned i = 0, e = PN.getNumIncomingValues(); i != e; ++i)
3403 Values.push_back(
3404 Elt: std::make_pair(x: PN.getIncomingBlock(i), y: PN.getIncomingValue(i)));
3405 llvm::sort(C&: Values);
3406
3407 for (unsigned i = 0, e = Values.size(); i != e; ++i) {
3408 // Check to make sure that if there is more than one entry for a
3409 // particular basic block in this PHI node, that the incoming values are
3410 // all identical.
3411 //
3412 Check(i == 0 || Values[i].first != Values[i - 1].first ||
3413 Values[i].second == Values[i - 1].second,
3414 "PHI node has multiple entries for the same basic block with "
3415 "different incoming values!",
3416 &PN, Values[i].first, Values[i].second, Values[i - 1].second);
3417
3418 // Check to make sure that the predecessors and PHI node entries are
3419 // matched up.
3420 Check(Values[i].first == Preds[i],
3421 "PHI node entries do not match predecessors!", &PN,
3422 Values[i].first, Preds[i]);
3423 }
3424 }
3425 }
3426
3427 // Check that all instructions have their parent pointers set up correctly.
3428 for (auto &I : BB)
3429 {
3430 Check(I.getParent() == &BB, "Instruction has bogus parent pointer!");
3431 }
3432
3433 // Confirm that no issues arise from the debug program.
3434 CheckDI(!BB.getTrailingDbgRecords(), "Basic Block has trailing DbgRecords!",
3435 &BB);
3436}
3437
3438void Verifier::visitTerminator(Instruction &I) {
3439 // Ensure that terminators only exist at the end of the basic block.
3440 Check(&I == I.getParent()->getTerminator(),
3441 "Terminator found in the middle of a basic block!", I.getParent());
3442 visitInstruction(I);
3443}
3444
3445void Verifier::visitBranchInst(BranchInst &BI) {
3446 if (BI.isConditional()) {
3447 Check(BI.getCondition()->getType()->isIntegerTy(1),
3448 "Branch condition is not 'i1' type!", &BI, BI.getCondition());
3449 }
3450 visitTerminator(I&: BI);
3451}
3452
3453void Verifier::visitReturnInst(ReturnInst &RI) {
3454 Function *F = RI.getParent()->getParent();
3455 unsigned N = RI.getNumOperands();
3456 if (F->getReturnType()->isVoidTy())
3457 Check(N == 0,
3458 "Found return instr that returns non-void in Function of void "
3459 "return type!",
3460 &RI, F->getReturnType());
3461 else
3462 Check(N == 1 && F->getReturnType() == RI.getOperand(0)->getType(),
3463 "Function return type does not match operand "
3464 "type of return inst!",
3465 &RI, F->getReturnType());
3466
3467 // Check to make sure that the return value has necessary properties for
3468 // terminators...
3469 visitTerminator(I&: RI);
3470}
3471
3472void Verifier::visitSwitchInst(SwitchInst &SI) {
3473 Check(SI.getType()->isVoidTy(), "Switch must have void result type!", &SI);
3474 // Check to make sure that all of the constants in the switch instruction
3475 // have the same type as the switched-on value.
3476 Type *SwitchTy = SI.getCondition()->getType();
3477 SmallPtrSet<ConstantInt*, 32> Constants;
3478 for (auto &Case : SI.cases()) {
3479 Check(isa<ConstantInt>(Case.getCaseValue()),
3480 "Case value is not a constant integer.", &SI);
3481 Check(Case.getCaseValue()->getType() == SwitchTy,
3482 "Switch constants must all be same type as switch value!", &SI);
3483 Check(Constants.insert(Case.getCaseValue()).second,
3484 "Duplicate integer as switch case", &SI, Case.getCaseValue());
3485 }
3486
3487 visitTerminator(I&: SI);
3488}
3489
3490void Verifier::visitIndirectBrInst(IndirectBrInst &BI) {
3491 Check(BI.getAddress()->getType()->isPointerTy(),
3492 "Indirectbr operand must have pointer type!", &BI);
3493 for (unsigned i = 0, e = BI.getNumDestinations(); i != e; ++i)
3494 Check(BI.getDestination(i)->getType()->isLabelTy(),
3495 "Indirectbr destinations must all have pointer type!", &BI);
3496
3497 visitTerminator(I&: BI);
3498}
3499
3500void Verifier::visitCallBrInst(CallBrInst &CBI) {
3501 if (!CBI.isInlineAsm()) {
3502 Check(CBI.getCalledFunction(),
3503 "Callbr: indirect function / invalid signature");
3504 Check(!CBI.hasOperandBundles(),
3505 "Callbr for intrinsics currently doesn't support operand bundles");
3506
3507 switch (CBI.getIntrinsicID()) {
3508 case Intrinsic::amdgcn_kill: {
3509 Check(CBI.getNumIndirectDests() == 1,
3510 "Callbr amdgcn_kill only supports one indirect dest");
3511 bool Unreachable = isa<UnreachableInst>(Val: CBI.getIndirectDest(i: 0)->begin());
3512 CallInst *Call = dyn_cast<CallInst>(Val: CBI.getIndirectDest(i: 0)->begin());
3513 Check(Unreachable || (Call && Call->getIntrinsicID() ==
3514 Intrinsic::amdgcn_unreachable),
3515 "Callbr amdgcn_kill indirect dest needs to be unreachable");
3516 break;
3517 }
3518 default:
3519 CheckFailed(
3520 Message: "Callbr currently only supports asm-goto and selected intrinsics");
3521 }
3522 visitIntrinsicCall(ID: CBI.getIntrinsicID(), Call&: CBI);
3523 } else {
3524 const InlineAsm *IA = cast<InlineAsm>(Val: CBI.getCalledOperand());
3525 Check(!IA->canThrow(), "Unwinding from Callbr is not allowed");
3526
3527 verifyInlineAsmCall(Call: CBI);
3528 }
3529 visitTerminator(I&: CBI);
3530}
3531
3532void Verifier::visitSelectInst(SelectInst &SI) {
3533 Check(!SelectInst::areInvalidOperands(SI.getOperand(0), SI.getOperand(1),
3534 SI.getOperand(2)),
3535 "Invalid operands for select instruction!", &SI);
3536
3537 Check(SI.getTrueValue()->getType() == SI.getType(),
3538 "Select values must have same type as select instruction!", &SI);
3539 visitInstruction(I&: SI);
3540}
3541
3542/// visitUserOp1 - User defined operators shouldn't live beyond the lifetime of
3543/// a pass, if any exist, it's an error.
3544///
3545void Verifier::visitUserOp1(Instruction &I) {
3546 Check(false, "User-defined operators should not live outside of a pass!", &I);
3547}
3548
3549void Verifier::visitTruncInst(TruncInst &I) {
3550 // Get the source and destination types
3551 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3552 Type *DestTy = I.getType();
3553
3554 // Get the size of the types in bits, we'll need this later
3555 unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3556 unsigned DestBitSize = DestTy->getScalarSizeInBits();
3557
3558 Check(SrcTy->isIntOrIntVectorTy(), "Trunc only operates on integer", &I);
3559 Check(DestTy->isIntOrIntVectorTy(), "Trunc only produces integer", &I);
3560 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3561 "trunc source and destination must both be a vector or neither", &I);
3562 Check(SrcBitSize > DestBitSize, "DestTy too big for Trunc", &I);
3563
3564 visitInstruction(I);
3565}
3566
3567void Verifier::visitZExtInst(ZExtInst &I) {
3568 // Get the source and destination types
3569 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3570 Type *DestTy = I.getType();
3571
3572 // Get the size of the types in bits, we'll need this later
3573 Check(SrcTy->isIntOrIntVectorTy(), "ZExt only operates on integer", &I);
3574 Check(DestTy->isIntOrIntVectorTy(), "ZExt only produces an integer", &I);
3575 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3576 "zext source and destination must both be a vector or neither", &I);
3577 unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3578 unsigned DestBitSize = DestTy->getScalarSizeInBits();
3579
3580 Check(SrcBitSize < DestBitSize, "Type too small for ZExt", &I);
3581
3582 visitInstruction(I);
3583}
3584
3585void Verifier::visitSExtInst(SExtInst &I) {
3586 // Get the source and destination types
3587 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3588 Type *DestTy = I.getType();
3589
3590 // Get the size of the types in bits, we'll need this later
3591 unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3592 unsigned DestBitSize = DestTy->getScalarSizeInBits();
3593
3594 Check(SrcTy->isIntOrIntVectorTy(), "SExt only operates on integer", &I);
3595 Check(DestTy->isIntOrIntVectorTy(), "SExt only produces an integer", &I);
3596 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3597 "sext source and destination must both be a vector or neither", &I);
3598 Check(SrcBitSize < DestBitSize, "Type too small for SExt", &I);
3599
3600 visitInstruction(I);
3601}
3602
3603void Verifier::visitFPTruncInst(FPTruncInst &I) {
3604 // Get the source and destination types
3605 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3606 Type *DestTy = I.getType();
3607 // Get the size of the types in bits, we'll need this later
3608 unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3609 unsigned DestBitSize = DestTy->getScalarSizeInBits();
3610
3611 Check(SrcTy->isFPOrFPVectorTy(), "FPTrunc only operates on FP", &I);
3612 Check(DestTy->isFPOrFPVectorTy(), "FPTrunc only produces an FP", &I);
3613 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3614 "fptrunc source and destination must both be a vector or neither", &I);
3615 Check(SrcBitSize > DestBitSize, "DestTy too big for FPTrunc", &I);
3616
3617 visitInstruction(I);
3618}
3619
3620void Verifier::visitFPExtInst(FPExtInst &I) {
3621 // Get the source and destination types
3622 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3623 Type *DestTy = I.getType();
3624
3625 // Get the size of the types in bits, we'll need this later
3626 unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3627 unsigned DestBitSize = DestTy->getScalarSizeInBits();
3628
3629 Check(SrcTy->isFPOrFPVectorTy(), "FPExt only operates on FP", &I);
3630 Check(DestTy->isFPOrFPVectorTy(), "FPExt only produces an FP", &I);
3631 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3632 "fpext source and destination must both be a vector or neither", &I);
3633 Check(SrcBitSize < DestBitSize, "DestTy too small for FPExt", &I);
3634
3635 visitInstruction(I);
3636}
3637
3638void Verifier::visitUIToFPInst(UIToFPInst &I) {
3639 // Get the source and destination types
3640 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3641 Type *DestTy = I.getType();
3642
3643 bool SrcVec = SrcTy->isVectorTy();
3644 bool DstVec = DestTy->isVectorTy();
3645
3646 Check(SrcVec == DstVec,
3647 "UIToFP source and dest must both be vector or scalar", &I);
3648 Check(SrcTy->isIntOrIntVectorTy(),
3649 "UIToFP source must be integer or integer vector", &I);
3650 Check(DestTy->isFPOrFPVectorTy(), "UIToFP result must be FP or FP vector",
3651 &I);
3652
3653 if (SrcVec && DstVec)
3654 Check(cast<VectorType>(SrcTy)->getElementCount() ==
3655 cast<VectorType>(DestTy)->getElementCount(),
3656 "UIToFP source and dest vector length mismatch", &I);
3657
3658 visitInstruction(I);
3659}
3660
3661void Verifier::visitSIToFPInst(SIToFPInst &I) {
3662 // Get the source and destination types
3663 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3664 Type *DestTy = I.getType();
3665
3666 bool SrcVec = SrcTy->isVectorTy();
3667 bool DstVec = DestTy->isVectorTy();
3668
3669 Check(SrcVec == DstVec,
3670 "SIToFP source and dest must both be vector or scalar", &I);
3671 Check(SrcTy->isIntOrIntVectorTy(),
3672 "SIToFP source must be integer or integer vector", &I);
3673 Check(DestTy->isFPOrFPVectorTy(), "SIToFP result must be FP or FP vector",
3674 &I);
3675
3676 if (SrcVec && DstVec)
3677 Check(cast<VectorType>(SrcTy)->getElementCount() ==
3678 cast<VectorType>(DestTy)->getElementCount(),
3679 "SIToFP source and dest vector length mismatch", &I);
3680
3681 visitInstruction(I);
3682}
3683
3684void Verifier::visitFPToUIInst(FPToUIInst &I) {
3685 // Get the source and destination types
3686 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3687 Type *DestTy = I.getType();
3688
3689 bool SrcVec = SrcTy->isVectorTy();
3690 bool DstVec = DestTy->isVectorTy();
3691
3692 Check(SrcVec == DstVec,
3693 "FPToUI source and dest must both be vector or scalar", &I);
3694 Check(SrcTy->isFPOrFPVectorTy(), "FPToUI source must be FP or FP vector", &I);
3695 Check(DestTy->isIntOrIntVectorTy(),
3696 "FPToUI result must be integer or integer vector", &I);
3697
3698 if (SrcVec && DstVec)
3699 Check(cast<VectorType>(SrcTy)->getElementCount() ==
3700 cast<VectorType>(DestTy)->getElementCount(),
3701 "FPToUI source and dest vector length mismatch", &I);
3702
3703 visitInstruction(I);
3704}
3705
3706void Verifier::visitFPToSIInst(FPToSIInst &I) {
3707 // Get the source and destination types
3708 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3709 Type *DestTy = I.getType();
3710
3711 bool SrcVec = SrcTy->isVectorTy();
3712 bool DstVec = DestTy->isVectorTy();
3713
3714 Check(SrcVec == DstVec,
3715 "FPToSI source and dest must both be vector or scalar", &I);
3716 Check(SrcTy->isFPOrFPVectorTy(), "FPToSI source must be FP or FP vector", &I);
3717 Check(DestTy->isIntOrIntVectorTy(),
3718 "FPToSI result must be integer or integer vector", &I);
3719
3720 if (SrcVec && DstVec)
3721 Check(cast<VectorType>(SrcTy)->getElementCount() ==
3722 cast<VectorType>(DestTy)->getElementCount(),
3723 "FPToSI source and dest vector length mismatch", &I);
3724
3725 visitInstruction(I);
3726}
3727
3728void Verifier::checkPtrToAddr(Type *SrcTy, Type *DestTy, const Value &V) {
3729 Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToAddr source must be pointer", V);
3730 Check(DestTy->isIntOrIntVectorTy(), "PtrToAddr result must be integral", V);
3731 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToAddr type mismatch",
3732 V);
3733
3734 if (SrcTy->isVectorTy()) {
3735 auto *VSrc = cast<VectorType>(Val: SrcTy);
3736 auto *VDest = cast<VectorType>(Val: DestTy);
3737 Check(VSrc->getElementCount() == VDest->getElementCount(),
3738 "PtrToAddr vector length mismatch", V);
3739 }
3740
3741 Type *AddrTy = DL.getAddressType(PtrTy: SrcTy);
3742 Check(AddrTy == DestTy, "PtrToAddr result must be address width", V);
3743}
3744
3745void Verifier::visitPtrToAddrInst(PtrToAddrInst &I) {
3746 checkPtrToAddr(SrcTy: I.getOperand(i_nocapture: 0)->getType(), DestTy: I.getType(), V: I);
3747 visitInstruction(I);
3748}
3749
3750void Verifier::visitPtrToIntInst(PtrToIntInst &I) {
3751 // Get the source and destination types
3752 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3753 Type *DestTy = I.getType();
3754
3755 Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToInt source must be pointer", &I);
3756
3757 Check(DestTy->isIntOrIntVectorTy(), "PtrToInt result must be integral", &I);
3758 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToInt type mismatch",
3759 &I);
3760
3761 if (SrcTy->isVectorTy()) {
3762 auto *VSrc = cast<VectorType>(Val: SrcTy);
3763 auto *VDest = cast<VectorType>(Val: DestTy);
3764 Check(VSrc->getElementCount() == VDest->getElementCount(),
3765 "PtrToInt Vector length mismatch", &I);
3766 }
3767
3768 visitInstruction(I);
3769}
3770
3771void Verifier::visitIntToPtrInst(IntToPtrInst &I) {
3772 // Get the source and destination types
3773 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3774 Type *DestTy = I.getType();
3775
3776 Check(SrcTy->isIntOrIntVectorTy(), "IntToPtr source must be an integral", &I);
3777 Check(DestTy->isPtrOrPtrVectorTy(), "IntToPtr result must be a pointer", &I);
3778
3779 Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "IntToPtr type mismatch",
3780 &I);
3781 if (SrcTy->isVectorTy()) {
3782 auto *VSrc = cast<VectorType>(Val: SrcTy);
3783 auto *VDest = cast<VectorType>(Val: DestTy);
3784 Check(VSrc->getElementCount() == VDest->getElementCount(),
3785 "IntToPtr Vector length mismatch", &I);
3786 }
3787 visitInstruction(I);
3788}
3789
3790void Verifier::visitBitCastInst(BitCastInst &I) {
3791 Check(
3792 CastInst::castIsValid(Instruction::BitCast, I.getOperand(0), I.getType()),
3793 "Invalid bitcast", &I);
3794 visitInstruction(I);
3795}
3796
3797void Verifier::visitAddrSpaceCastInst(AddrSpaceCastInst &I) {
3798 Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3799 Type *DestTy = I.getType();
3800
3801 Check(SrcTy->isPtrOrPtrVectorTy(), "AddrSpaceCast source must be a pointer",
3802 &I);
3803 Check(DestTy->isPtrOrPtrVectorTy(), "AddrSpaceCast result must be a pointer",
3804 &I);
3805 Check(SrcTy->getPointerAddressSpace() != DestTy->getPointerAddressSpace(),
3806 "AddrSpaceCast must be between different address spaces", &I);
3807 if (auto *SrcVTy = dyn_cast<VectorType>(Val: SrcTy))
3808 Check(SrcVTy->getElementCount() ==
3809 cast<VectorType>(DestTy)->getElementCount(),
3810 "AddrSpaceCast vector pointer number of elements mismatch", &I);
3811 visitInstruction(I);
3812}
3813
3814/// visitPHINode - Ensure that a PHI node is well formed.
3815///
3816void Verifier::visitPHINode(PHINode &PN) {
3817 // Ensure that the PHI nodes are all grouped together at the top of the block.
3818 // This can be tested by checking whether the instruction before this is
3819 // either nonexistent (because this is begin()) or is a PHI node. If not,
3820 // then there is some other instruction before a PHI.
3821 Check(&PN == &PN.getParent()->front() ||
3822 isa<PHINode>(--BasicBlock::iterator(&PN)),
3823 "PHI nodes not grouped at top of basic block!", &PN, PN.getParent());
3824
3825 // Check that a PHI doesn't yield a Token.
3826 Check(!PN.getType()->isTokenLikeTy(), "PHI nodes cannot have token type!");
3827
3828 // Check that all of the values of the PHI node have the same type as the
3829 // result.
3830 for (Value *IncValue : PN.incoming_values()) {
3831 Check(PN.getType() == IncValue->getType(),
3832 "PHI node operands are not the same type as the result!", &PN);
3833 }
3834
3835 // All other PHI node constraints are checked in the visitBasicBlock method.
3836
3837 visitInstruction(I&: PN);
3838}
3839
3840void Verifier::visitCallBase(CallBase &Call) {
3841 Check(Call.getCalledOperand()->getType()->isPointerTy(),
3842 "Called function must be a pointer!", Call);
3843 FunctionType *FTy = Call.getFunctionType();
3844
3845 // Verify that the correct number of arguments are being passed
3846 if (FTy->isVarArg())
3847 Check(Call.arg_size() >= FTy->getNumParams(),
3848 "Called function requires more parameters than were provided!", Call);
3849 else
3850 Check(Call.arg_size() == FTy->getNumParams(),
3851 "Incorrect number of arguments passed to called function!", Call);
3852
3853 // Verify that all arguments to the call match the function type.
3854 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i)
3855 Check(Call.getArgOperand(i)->getType() == FTy->getParamType(i),
3856 "Call parameter type does not match function signature!",
3857 Call.getArgOperand(i), FTy->getParamType(i), Call);
3858
3859 AttributeList Attrs = Call.getAttributes();
3860
3861 Check(verifyAttributeCount(Attrs, Call.arg_size()),
3862 "Attribute after last parameter!", Call);
3863
3864 Function *Callee =
3865 dyn_cast<Function>(Val: Call.getCalledOperand()->stripPointerCasts());
3866 bool IsIntrinsic = Callee && Callee->isIntrinsic();
3867 if (IsIntrinsic)
3868 Check(Callee->getFunctionType() == FTy,
3869 "Intrinsic called with incompatible signature", Call);
3870
3871 // Verify if the calling convention of the callee is callable.
3872 Check(isCallableCC(Call.getCallingConv()),
3873 "calling convention does not permit calls", Call);
3874
3875 // Disallow passing/returning values with alignment higher than we can
3876 // represent.
3877 // FIXME: Consider making DataLayout cap the alignment, so this isn't
3878 // necessary.
3879 auto VerifyTypeAlign = [&](Type *Ty, const Twine &Message) {
3880 if (!Ty->isSized())
3881 return;
3882 Align ABIAlign = DL.getABITypeAlign(Ty);
3883 Check(ABIAlign.value() <= Value::MaximumAlignment,
3884 "Incorrect alignment of " + Message + " to called function!", Call);
3885 };
3886
3887 if (!IsIntrinsic) {
3888 VerifyTypeAlign(FTy->getReturnType(), "return type");
3889 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3890 Type *Ty = FTy->getParamType(i);
3891 VerifyTypeAlign(Ty, "argument passed");
3892 }
3893 }
3894
3895 if (Attrs.hasFnAttr(Kind: Attribute::Speculatable)) {
3896 // Don't allow speculatable on call sites, unless the underlying function
3897 // declaration is also speculatable.
3898 Check(Callee && Callee->isSpeculatable(),
3899 "speculatable attribute may not apply to call sites", Call);
3900 }
3901
3902 if (Attrs.hasFnAttr(Kind: Attribute::Preallocated)) {
3903 Check(Call.getIntrinsicID() == Intrinsic::call_preallocated_arg,
3904 "preallocated as a call site attribute can only be on "
3905 "llvm.call.preallocated.arg");
3906 }
3907
3908 // Verify call attributes.
3909 verifyFunctionAttrs(FT: FTy, Attrs, V: &Call, IsIntrinsic, IsInlineAsm: Call.isInlineAsm());
3910
3911 // Conservatively check the inalloca argument.
3912 // We have a bug if we can find that there is an underlying alloca without
3913 // inalloca.
3914 if (Call.hasInAllocaArgument()) {
3915 Value *InAllocaArg = Call.getArgOperand(i: FTy->getNumParams() - 1);
3916 if (auto AI = dyn_cast<AllocaInst>(Val: InAllocaArg->stripInBoundsOffsets()))
3917 Check(AI->isUsedWithInAlloca(),
3918 "inalloca argument for call has mismatched alloca", AI, Call);
3919 }
3920
3921 // For each argument of the callsite, if it has the swifterror argument,
3922 // make sure the underlying alloca/parameter it comes from has a swifterror as
3923 // well.
3924 for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3925 if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3926 Value *SwiftErrorArg = Call.getArgOperand(i);
3927 if (auto AI = dyn_cast<AllocaInst>(Val: SwiftErrorArg->stripInBoundsOffsets())) {
3928 Check(AI->isSwiftError(),
3929 "swifterror argument for call has mismatched alloca", AI, Call);
3930 continue;
3931 }
3932 auto ArgI = dyn_cast<Argument>(Val: SwiftErrorArg);
3933 Check(ArgI, "swifterror argument should come from an alloca or parameter",
3934 SwiftErrorArg, Call);
3935 Check(ArgI->hasSwiftErrorAttr(),
3936 "swifterror argument for call has mismatched parameter", ArgI,
3937 Call);
3938 }
3939
3940 if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3941 // Don't allow immarg on call sites, unless the underlying declaration
3942 // also has the matching immarg.
3943 Check(Callee && Callee->hasParamAttribute(i, Attribute::ImmArg),
3944 "immarg may not apply only to call sites", Call.getArgOperand(i),
3945 Call);
3946 }
3947
3948 if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3949 Value *ArgVal = Call.getArgOperand(i);
3950 Check(isa<ConstantInt>(ArgVal) || isa<ConstantFP>(ArgVal),
3951 "immarg operand has non-immediate parameter", ArgVal, Call);
3952
3953 // If the imm-arg is an integer and also has a range attached,
3954 // check if the given value is within the range.
3955 if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Range)) {
3956 if (auto *CI = dyn_cast<ConstantInt>(Val: ArgVal)) {
3957 const ConstantRange &CR =
3958 Call.getParamAttr(ArgNo: i, Kind: Attribute::Range).getValueAsConstantRange();
3959 Check(CR.contains(CI->getValue()),
3960 "immarg value " + Twine(CI->getValue().getSExtValue()) +
3961 " out of range [" + Twine(CR.getLower().getSExtValue()) +
3962 ", " + Twine(CR.getUpper().getSExtValue()) + ")",
3963 Call);
3964 }
3965 }
3966 }
3967
3968 if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
3969 Value *ArgVal = Call.getArgOperand(i);
3970 bool hasOB =
3971 Call.countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) != 0;
3972 bool isMustTail = Call.isMustTailCall();
3973 Check(hasOB != isMustTail,
3974 "preallocated operand either requires a preallocated bundle or "
3975 "the call to be musttail (but not both)",
3976 ArgVal, Call);
3977 }
3978 }
3979
3980 if (FTy->isVarArg()) {
3981 // FIXME? is 'nest' even legal here?
3982 bool SawNest = false;
3983 bool SawReturned = false;
3984
3985 for (unsigned Idx = 0; Idx < FTy->getNumParams(); ++Idx) {
3986 if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Nest))
3987 SawNest = true;
3988 if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Returned))
3989 SawReturned = true;
3990 }
3991
3992 // Check attributes on the varargs part.
3993 for (unsigned Idx = FTy->getNumParams(); Idx < Call.arg_size(); ++Idx) {
3994 Type *Ty = Call.getArgOperand(i: Idx)->getType();
3995 AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: Idx);
3996 verifyParameterAttrs(Attrs: ArgAttrs, Ty, V: &Call);
3997
3998 if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
3999 Check(!SawNest, "More than one parameter has attribute nest!", Call);
4000 SawNest = true;
4001 }
4002
4003 if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
4004 Check(!SawReturned, "More than one parameter has attribute returned!",
4005 Call);
4006 Check(Ty->canLosslesslyBitCastTo(FTy->getReturnType()),
4007 "Incompatible argument and return types for 'returned' "
4008 "attribute",
4009 Call);
4010 SawReturned = true;
4011 }
4012
4013 // Statepoint intrinsic is vararg but the wrapped function may be not.
4014 // Allow sret here and check the wrapped function in verifyStatepoint.
4015 if (Call.getIntrinsicID() != Intrinsic::experimental_gc_statepoint)
4016 Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
4017 "Attribute 'sret' cannot be used for vararg call arguments!",
4018 Call);
4019
4020 if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca))
4021 Check(Idx == Call.arg_size() - 1,
4022 "inalloca isn't on the last argument!", Call);
4023 }
4024 }
4025
4026 // Verify that there's no metadata unless it's a direct call to an intrinsic.
4027 if (!IsIntrinsic) {
4028 for (Type *ParamTy : FTy->params()) {
4029 Check(!ParamTy->isMetadataTy(),
4030 "Function has metadata parameter but isn't an intrinsic", Call);
4031 Check(!ParamTy->isTokenLikeTy(),
4032 "Function has token parameter but isn't an intrinsic", Call);
4033 }
4034 }
4035
4036 // Verify that indirect calls don't return tokens.
4037 if (!Call.getCalledFunction()) {
4038 Check(!FTy->getReturnType()->isTokenLikeTy(),
4039 "Return type cannot be token for indirect call!");
4040 Check(!FTy->getReturnType()->isX86_AMXTy(),
4041 "Return type cannot be x86_amx for indirect call!");
4042 }
4043
4044 if (Intrinsic::ID ID = Call.getIntrinsicID())
4045 visitIntrinsicCall(ID, Call);
4046
4047 // Verify that a callsite has at most one "deopt", at most one "funclet", at
4048 // most one "gc-transition", at most one "cfguardtarget", at most one
4049 // "preallocated" operand bundle, and at most one "ptrauth" operand bundle.
4050 bool FoundDeoptBundle = false, FoundFuncletBundle = false,
4051 FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false,
4052 FoundPreallocatedBundle = false, FoundGCLiveBundle = false,
4053 FoundPtrauthBundle = false, FoundKCFIBundle = false,
4054 FoundAttachedCallBundle = false;
4055 for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) {
4056 OperandBundleUse BU = Call.getOperandBundleAt(Index: i);
4057 uint32_t Tag = BU.getTagID();
4058 if (Tag == LLVMContext::OB_deopt) {
4059 Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call);
4060 FoundDeoptBundle = true;
4061 } else if (Tag == LLVMContext::OB_gc_transition) {
4062 Check(!FoundGCTransitionBundle, "Multiple gc-transition operand bundles",
4063 Call);
4064 FoundGCTransitionBundle = true;
4065 } else if (Tag == LLVMContext::OB_funclet) {
4066 Check(!FoundFuncletBundle, "Multiple funclet operand bundles", Call);
4067 FoundFuncletBundle = true;
4068 Check(BU.Inputs.size() == 1,
4069 "Expected exactly one funclet bundle operand", Call);
4070 Check(isa<FuncletPadInst>(BU.Inputs.front()),
4071 "Funclet bundle operands should correspond to a FuncletPadInst",
4072 Call);
4073 } else if (Tag == LLVMContext::OB_cfguardtarget) {
4074 Check(!FoundCFGuardTargetBundle, "Multiple CFGuardTarget operand bundles",
4075 Call);
4076 FoundCFGuardTargetBundle = true;
4077 Check(BU.Inputs.size() == 1,
4078 "Expected exactly one cfguardtarget bundle operand", Call);
4079 } else if (Tag == LLVMContext::OB_ptrauth) {
4080 Check(!FoundPtrauthBundle, "Multiple ptrauth operand bundles", Call);
4081 FoundPtrauthBundle = true;
4082 Check(BU.Inputs.size() == 2,
4083 "Expected exactly two ptrauth bundle operands", Call);
4084 Check(isa<ConstantInt>(BU.Inputs[0]) &&
4085 BU.Inputs[0]->getType()->isIntegerTy(32),
4086 "Ptrauth bundle key operand must be an i32 constant", Call);
4087 Check(BU.Inputs[1]->getType()->isIntegerTy(64),
4088 "Ptrauth bundle discriminator operand must be an i64", Call);
4089 } else if (Tag == LLVMContext::OB_kcfi) {
4090 Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call);
4091 FoundKCFIBundle = true;
4092 Check(BU.Inputs.size() == 1, "Expected exactly one kcfi bundle operand",
4093 Call);
4094 Check(isa<ConstantInt>(BU.Inputs[0]) &&
4095 BU.Inputs[0]->getType()->isIntegerTy(32),
4096 "Kcfi bundle operand must be an i32 constant", Call);
4097 } else if (Tag == LLVMContext::OB_preallocated) {
4098 Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles",
4099 Call);
4100 FoundPreallocatedBundle = true;
4101 Check(BU.Inputs.size() == 1,
4102 "Expected exactly one preallocated bundle operand", Call);
4103 auto Input = dyn_cast<IntrinsicInst>(Val: BU.Inputs.front());
4104 Check(Input &&
4105 Input->getIntrinsicID() == Intrinsic::call_preallocated_setup,
4106 "\"preallocated\" argument must be a token from "
4107 "llvm.call.preallocated.setup",
4108 Call);
4109 } else if (Tag == LLVMContext::OB_gc_live) {
4110 Check(!FoundGCLiveBundle, "Multiple gc-live operand bundles", Call);
4111 FoundGCLiveBundle = true;
4112 } else if (Tag == LLVMContext::OB_clang_arc_attachedcall) {
4113 Check(!FoundAttachedCallBundle,
4114 "Multiple \"clang.arc.attachedcall\" operand bundles", Call);
4115 FoundAttachedCallBundle = true;
4116 verifyAttachedCallBundle(Call, BU);
4117 }
4118 }
4119
4120 // Verify that callee and callsite agree on whether to use pointer auth.
4121 Check(!(Call.getCalledFunction() && FoundPtrauthBundle),
4122 "Direct call cannot have a ptrauth bundle", Call);
4123
4124 // Verify that each inlinable callsite of a debug-info-bearing function in a
4125 // debug-info-bearing function has a debug location attached to it. Failure to
4126 // do so causes assertion failures when the inliner sets up inline scope info
4127 // (Interposable functions are not inlinable, neither are functions without
4128 // definitions.)
4129 if (Call.getFunction()->getSubprogram() && Call.getCalledFunction() &&
4130 !Call.getCalledFunction()->isInterposable() &&
4131 !Call.getCalledFunction()->isDeclaration() &&
4132 Call.getCalledFunction()->getSubprogram())
4133 CheckDI(Call.getDebugLoc(),
4134 "inlinable function call in a function with "
4135 "debug info must have a !dbg location",
4136 Call);
4137
4138 if (Call.isInlineAsm())
4139 verifyInlineAsmCall(Call);
4140
4141 ConvergenceVerifyHelper.visit(I: Call);
4142
4143 visitInstruction(I&: Call);
4144}
4145
4146void Verifier::verifyTailCCMustTailAttrs(const AttrBuilder &Attrs,
4147 StringRef Context) {
4148 Check(!Attrs.contains(Attribute::InAlloca),
4149 Twine("inalloca attribute not allowed in ") + Context);
4150 Check(!Attrs.contains(Attribute::InReg),
4151 Twine("inreg attribute not allowed in ") + Context);
4152 Check(!Attrs.contains(Attribute::SwiftError),
4153 Twine("swifterror attribute not allowed in ") + Context);
4154 Check(!Attrs.contains(Attribute::Preallocated),
4155 Twine("preallocated attribute not allowed in ") + Context);
4156 Check(!Attrs.contains(Attribute::ByRef),
4157 Twine("byref attribute not allowed in ") + Context);
4158}
4159
4160/// Two types are "congruent" if they are identical, or if they are both pointer
4161/// types with different pointee types and the same address space.
4162static bool isTypeCongruent(Type *L, Type *R) {
4163 if (L == R)
4164 return true;
4165 PointerType *PL = dyn_cast<PointerType>(Val: L);
4166 PointerType *PR = dyn_cast<PointerType>(Val: R);
4167 if (!PL || !PR)
4168 return false;
4169 return PL->getAddressSpace() == PR->getAddressSpace();
4170}
4171
4172static AttrBuilder getParameterABIAttributes(LLVMContext& C, unsigned I, AttributeList Attrs) {
4173 static const Attribute::AttrKind ABIAttrs[] = {
4174 Attribute::StructRet, Attribute::ByVal, Attribute::InAlloca,
4175 Attribute::InReg, Attribute::StackAlignment, Attribute::SwiftSelf,
4176 Attribute::SwiftAsync, Attribute::SwiftError, Attribute::Preallocated,
4177 Attribute::ByRef};
4178 AttrBuilder Copy(C);
4179 for (auto AK : ABIAttrs) {
4180 Attribute Attr = Attrs.getParamAttrs(ArgNo: I).getAttribute(Kind: AK);
4181 if (Attr.isValid())
4182 Copy.addAttribute(A: Attr);
4183 }
4184
4185 // `align` is ABI-affecting only in combination with `byval` or `byref`.
4186 if (Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::Alignment) &&
4187 (Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByVal) ||
4188 Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByRef)))
4189 Copy.addAlignmentAttr(Align: Attrs.getParamAlignment(ArgNo: I));
4190 return Copy;
4191}
4192
4193void Verifier::verifyMustTailCall(CallInst &CI) {
4194 Check(!CI.isInlineAsm(), "cannot use musttail call with inline asm", &CI);
4195
4196 Function *F = CI.getParent()->getParent();
4197 FunctionType *CallerTy = F->getFunctionType();
4198 FunctionType *CalleeTy = CI.getFunctionType();
4199 Check(CallerTy->isVarArg() == CalleeTy->isVarArg(),
4200 "cannot guarantee tail call due to mismatched varargs", &CI);
4201 Check(isTypeCongruent(CallerTy->getReturnType(), CalleeTy->getReturnType()),
4202 "cannot guarantee tail call due to mismatched return types", &CI);
4203
4204 // - The calling conventions of the caller and callee must match.
4205 Check(F->getCallingConv() == CI.getCallingConv(),
4206 "cannot guarantee tail call due to mismatched calling conv", &CI);
4207
4208 // - The call must immediately precede a :ref:`ret <i_ret>` instruction,
4209 // or a pointer bitcast followed by a ret instruction.
4210 // - The ret instruction must return the (possibly bitcasted) value
4211 // produced by the call or void.
4212 Value *RetVal = &CI;
4213 Instruction *Next = CI.getNextNode();
4214
4215 // Handle the optional bitcast.
4216 if (BitCastInst *BI = dyn_cast_or_null<BitCastInst>(Val: Next)) {
4217 Check(BI->getOperand(0) == RetVal,
4218 "bitcast following musttail call must use the call", BI);
4219 RetVal = BI;
4220 Next = BI->getNextNode();
4221 }
4222
4223 // Check the return.
4224 ReturnInst *Ret = dyn_cast_or_null<ReturnInst>(Val: Next);
4225 Check(Ret, "musttail call must precede a ret with an optional bitcast", &CI);
4226 Check(!Ret->getReturnValue() || Ret->getReturnValue() == RetVal ||
4227 isa<UndefValue>(Ret->getReturnValue()),
4228 "musttail call result must be returned", Ret);
4229
4230 AttributeList CallerAttrs = F->getAttributes();
4231 AttributeList CalleeAttrs = CI.getAttributes();
4232 if (CI.getCallingConv() == CallingConv::SwiftTail ||
4233 CI.getCallingConv() == CallingConv::Tail) {
4234 StringRef CCName =
4235 CI.getCallingConv() == CallingConv::Tail ? "tailcc" : "swifttailcc";
4236
4237 // - Only sret, byval, swiftself, and swiftasync ABI-impacting attributes
4238 // are allowed in swifttailcc call
4239 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4240 AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4241 SmallString<32> Context{CCName, StringRef(" musttail caller")};
4242 verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4243 }
4244 for (unsigned I = 0, E = CalleeTy->getNumParams(); I != E; ++I) {
4245 AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4246 SmallString<32> Context{CCName, StringRef(" musttail callee")};
4247 verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4248 }
4249 // - Varargs functions are not allowed
4250 Check(!CallerTy->isVarArg(), Twine("cannot guarantee ") + CCName +
4251 " tail call for varargs function");
4252 return;
4253 }
4254
4255 // - The caller and callee prototypes must match. Pointer types of
4256 // parameters or return types may differ in pointee type, but not
4257 // address space.
4258 if (!CI.getIntrinsicID()) {
4259 Check(CallerTy->getNumParams() == CalleeTy->getNumParams(),
4260 "cannot guarantee tail call due to mismatched parameter counts", &CI);
4261 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4262 Check(
4263 isTypeCongruent(CallerTy->getParamType(I), CalleeTy->getParamType(I)),
4264 "cannot guarantee tail call due to mismatched parameter types", &CI);
4265 }
4266 }
4267
4268 // - All ABI-impacting function attributes, such as sret, byval, inreg,
4269 // returned, preallocated, and inalloca, must match.
4270 for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4271 AttrBuilder CallerABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4272 AttrBuilder CalleeABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4273 Check(CallerABIAttrs == CalleeABIAttrs,
4274 "cannot guarantee tail call due to mismatched ABI impacting "
4275 "function attributes",
4276 &CI, CI.getOperand(I));
4277 }
4278}
4279
4280void Verifier::visitCallInst(CallInst &CI) {
4281 visitCallBase(Call&: CI);
4282
4283 if (CI.isMustTailCall())
4284 verifyMustTailCall(CI);
4285}
4286
4287void Verifier::visitInvokeInst(InvokeInst &II) {
4288 visitCallBase(Call&: II);
4289
4290 // Verify that the first non-PHI instruction of the unwind destination is an
4291 // exception handling instruction.
4292 Check(
4293 II.getUnwindDest()->isEHPad(),
4294 "The unwind destination does not have an exception handling instruction!",
4295 &II);
4296
4297 visitTerminator(I&: II);
4298}
4299
4300/// visitUnaryOperator - Check the argument to the unary operator.
4301///
4302void Verifier::visitUnaryOperator(UnaryOperator &U) {
4303 Check(U.getType() == U.getOperand(0)->getType(),
4304 "Unary operators must have same type for"
4305 "operands and result!",
4306 &U);
4307
4308 switch (U.getOpcode()) {
4309 // Check that floating-point arithmetic operators are only used with
4310 // floating-point operands.
4311 case Instruction::FNeg:
4312 Check(U.getType()->isFPOrFPVectorTy(),
4313 "FNeg operator only works with float types!", &U);
4314 break;
4315 default:
4316 llvm_unreachable("Unknown UnaryOperator opcode!");
4317 }
4318
4319 visitInstruction(I&: U);
4320}
4321
4322/// visitBinaryOperator - Check that both arguments to the binary operator are
4323/// of the same type!
4324///
4325void Verifier::visitBinaryOperator(BinaryOperator &B) {
4326 Check(B.getOperand(0)->getType() == B.getOperand(1)->getType(),
4327 "Both operands to a binary operator are not of the same type!", &B);
4328
4329 switch (B.getOpcode()) {
4330 // Check that integer arithmetic operators are only used with
4331 // integral operands.
4332 case Instruction::Add:
4333 case Instruction::Sub:
4334 case Instruction::Mul:
4335 case Instruction::SDiv:
4336 case Instruction::UDiv:
4337 case Instruction::SRem:
4338 case Instruction::URem:
4339 Check(B.getType()->isIntOrIntVectorTy(),
4340 "Integer arithmetic operators only work with integral types!", &B);
4341 Check(B.getType() == B.getOperand(0)->getType(),
4342 "Integer arithmetic operators must have same type "
4343 "for operands and result!",
4344 &B);
4345 break;
4346 // Check that floating-point arithmetic operators are only used with
4347 // floating-point operands.
4348 case Instruction::FAdd:
4349 case Instruction::FSub:
4350 case Instruction::FMul:
4351 case Instruction::FDiv:
4352 case Instruction::FRem:
4353 Check(B.getType()->isFPOrFPVectorTy(),
4354 "Floating-point arithmetic operators only work with "
4355 "floating-point types!",
4356 &B);
4357 Check(B.getType() == B.getOperand(0)->getType(),
4358 "Floating-point arithmetic operators must have same type "
4359 "for operands and result!",
4360 &B);
4361 break;
4362 // Check that logical operators are only used with integral operands.
4363 case Instruction::And:
4364 case Instruction::Or:
4365 case Instruction::Xor:
4366 Check(B.getType()->isIntOrIntVectorTy(),
4367 "Logical operators only work with integral types!", &B);
4368 Check(B.getType() == B.getOperand(0)->getType(),
4369 "Logical operators must have same type for operands and result!", &B);
4370 break;
4371 case Instruction::Shl:
4372 case Instruction::LShr:
4373 case Instruction::AShr:
4374 Check(B.getType()->isIntOrIntVectorTy(),
4375 "Shifts only work with integral types!", &B);
4376 Check(B.getType() == B.getOperand(0)->getType(),
4377 "Shift return type must be same as operands!", &B);
4378 break;
4379 default:
4380 llvm_unreachable("Unknown BinaryOperator opcode!");
4381 }
4382
4383 visitInstruction(I&: B);
4384}
4385
4386void Verifier::visitICmpInst(ICmpInst &IC) {
4387 // Check that the operands are the same type
4388 Type *Op0Ty = IC.getOperand(i_nocapture: 0)->getType();
4389 Type *Op1Ty = IC.getOperand(i_nocapture: 1)->getType();
4390 Check(Op0Ty == Op1Ty,
4391 "Both operands to ICmp instruction are not of the same type!", &IC);
4392 // Check that the operands are the right type
4393 Check(Op0Ty->isIntOrIntVectorTy() || Op0Ty->isPtrOrPtrVectorTy(),
4394 "Invalid operand types for ICmp instruction", &IC);
4395 // Check that the predicate is valid.
4396 Check(IC.isIntPredicate(), "Invalid predicate in ICmp instruction!", &IC);
4397
4398 visitInstruction(I&: IC);
4399}
4400
4401void Verifier::visitFCmpInst(FCmpInst &FC) {
4402 // Check that the operands are the same type
4403 Type *Op0Ty = FC.getOperand(i_nocapture: 0)->getType();
4404 Type *Op1Ty = FC.getOperand(i_nocapture: 1)->getType();
4405 Check(Op0Ty == Op1Ty,
4406 "Both operands to FCmp instruction are not of the same type!", &FC);
4407 // Check that the operands are the right type
4408 Check(Op0Ty->isFPOrFPVectorTy(), "Invalid operand types for FCmp instruction",
4409 &FC);
4410 // Check that the predicate is valid.
4411 Check(FC.isFPPredicate(), "Invalid predicate in FCmp instruction!", &FC);
4412
4413 visitInstruction(I&: FC);
4414}
4415
4416void Verifier::visitExtractElementInst(ExtractElementInst &EI) {
4417 Check(ExtractElementInst::isValidOperands(EI.getOperand(0), EI.getOperand(1)),
4418 "Invalid extractelement operands!", &EI);
4419 visitInstruction(I&: EI);
4420}
4421
4422void Verifier::visitInsertElementInst(InsertElementInst &IE) {
4423 Check(InsertElementInst::isValidOperands(IE.getOperand(0), IE.getOperand(1),
4424 IE.getOperand(2)),
4425 "Invalid insertelement operands!", &IE);
4426 visitInstruction(I&: IE);
4427}
4428
4429void Verifier::visitShuffleVectorInst(ShuffleVectorInst &SV) {
4430 Check(ShuffleVectorInst::isValidOperands(SV.getOperand(0), SV.getOperand(1),
4431 SV.getShuffleMask()),
4432 "Invalid shufflevector operands!", &SV);
4433 visitInstruction(I&: SV);
4434}
4435
4436void Verifier::visitGetElementPtrInst(GetElementPtrInst &GEP) {
4437 Type *TargetTy = GEP.getPointerOperandType()->getScalarType();
4438
4439 Check(isa<PointerType>(TargetTy),
4440 "GEP base pointer is not a vector or a vector of pointers", &GEP);
4441 Check(GEP.getSourceElementType()->isSized(), "GEP into unsized type!", &GEP);
4442
4443 if (auto *STy = dyn_cast<StructType>(Val: GEP.getSourceElementType())) {
4444 Check(!STy->isScalableTy(),
4445 "getelementptr cannot target structure that contains scalable vector"
4446 "type",
4447 &GEP);
4448 }
4449
4450 SmallVector<Value *, 16> Idxs(GEP.indices());
4451 Check(
4452 all_of(Idxs, [](Value *V) { return V->getType()->isIntOrIntVectorTy(); }),
4453 "GEP indexes must be integers", &GEP);
4454 Type *ElTy =
4455 GetElementPtrInst::getIndexedType(Ty: GEP.getSourceElementType(), IdxList: Idxs);
4456 Check(ElTy, "Invalid indices for GEP pointer type!", &GEP);
4457
4458 PointerType *PtrTy = dyn_cast<PointerType>(Val: GEP.getType()->getScalarType());
4459
4460 Check(PtrTy && GEP.getResultElementType() == ElTy,
4461 "GEP is not of right type for indices!", &GEP, ElTy);
4462
4463 if (auto *GEPVTy = dyn_cast<VectorType>(Val: GEP.getType())) {
4464 // Additional checks for vector GEPs.
4465 ElementCount GEPWidth = GEPVTy->getElementCount();
4466 if (GEP.getPointerOperandType()->isVectorTy())
4467 Check(
4468 GEPWidth ==
4469 cast<VectorType>(GEP.getPointerOperandType())->getElementCount(),
4470 "Vector GEP result width doesn't match operand's", &GEP);
4471 for (Value *Idx : Idxs) {
4472 Type *IndexTy = Idx->getType();
4473 if (auto *IndexVTy = dyn_cast<VectorType>(Val: IndexTy)) {
4474 ElementCount IndexWidth = IndexVTy->getElementCount();
4475 Check(IndexWidth == GEPWidth, "Invalid GEP index vector width", &GEP);
4476 }
4477 Check(IndexTy->isIntOrIntVectorTy(),
4478 "All GEP indices should be of integer type");
4479 }
4480 }
4481
4482 // Check that GEP does not index into a vector with non-byte-addressable
4483 // elements.
4484 for (gep_type_iterator GTI = gep_type_begin(GEP), GTE = gep_type_end(GEP);
4485 GTI != GTE; ++GTI) {
4486 if (GTI.isVector()) {
4487 Type *ElemTy = GTI.getIndexedType();
4488 Check(DL.typeSizeEqualsStoreSize(ElemTy),
4489 "GEP into vector with non-byte-addressable element type", &GEP);
4490 }
4491 }
4492
4493 Check(GEP.getAddressSpace() == PtrTy->getAddressSpace(),
4494 "GEP address space doesn't match type", &GEP);
4495
4496 visitInstruction(I&: GEP);
4497}
4498
4499static bool isContiguous(const ConstantRange &A, const ConstantRange &B) {
4500 return A.getUpper() == B.getLower() || A.getLower() == B.getUpper();
4501}
4502
4503/// Verify !range and !absolute_symbol metadata. These have the same
4504/// restrictions, except !absolute_symbol allows the full set.
4505void Verifier::verifyRangeLikeMetadata(const Value &I, const MDNode *Range,
4506 Type *Ty, RangeLikeMetadataKind Kind) {
4507 unsigned NumOperands = Range->getNumOperands();
4508 Check(NumOperands % 2 == 0, "Unfinished range!", Range);
4509 unsigned NumRanges = NumOperands / 2;
4510 Check(NumRanges >= 1, "It should have at least one range!", Range);
4511
4512 ConstantRange LastRange(1, true); // Dummy initial value
4513 for (unsigned i = 0; i < NumRanges; ++i) {
4514 ConstantInt *Low =
4515 mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i));
4516 Check(Low, "The lower limit must be an integer!", Low);
4517 ConstantInt *High =
4518 mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i + 1));
4519 Check(High, "The upper limit must be an integer!", High);
4520
4521 Check(High->getType() == Low->getType(), "Range pair types must match!",
4522 &I);
4523
4524 if (Kind == RangeLikeMetadataKind::NoaliasAddrspace) {
4525 Check(High->getType()->isIntegerTy(32),
4526 "noalias.addrspace type must be i32!", &I);
4527 } else {
4528 Check(High->getType() == Ty->getScalarType(),
4529 "Range types must match instruction type!", &I);
4530 }
4531
4532 APInt HighV = High->getValue();
4533 APInt LowV = Low->getValue();
4534
4535 // ConstantRange asserts if the ranges are the same except for the min/max
4536 // value. Leave the cases it tolerates for the empty range error below.
4537 Check(LowV != HighV || LowV.isMaxValue() || LowV.isMinValue(),
4538 "The upper and lower limits cannot be the same value", &I);
4539
4540 ConstantRange CurRange(LowV, HighV);
4541 Check(!CurRange.isEmptySet() &&
4542 (Kind == RangeLikeMetadataKind::AbsoluteSymbol ||
4543 !CurRange.isFullSet()),
4544 "Range must not be empty!", Range);
4545 if (i != 0) {
4546 Check(CurRange.intersectWith(LastRange).isEmptySet(),
4547 "Intervals are overlapping", Range);
4548 Check(LowV.sgt(LastRange.getLower()), "Intervals are not in order",
4549 Range);
4550 Check(!isContiguous(CurRange, LastRange), "Intervals are contiguous",
4551 Range);
4552 }
4553 LastRange = ConstantRange(LowV, HighV);
4554 }
4555 if (NumRanges > 2) {
4556 APInt FirstLow =
4557 mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 0))->getValue();
4558 APInt FirstHigh =
4559 mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 1))->getValue();
4560 ConstantRange FirstRange(FirstLow, FirstHigh);
4561 Check(FirstRange.intersectWith(LastRange).isEmptySet(),
4562 "Intervals are overlapping", Range);
4563 Check(!isContiguous(FirstRange, LastRange), "Intervals are contiguous",
4564 Range);
4565 }
4566}
4567
4568void Verifier::visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty) {
4569 assert(Range && Range == I.getMetadata(LLVMContext::MD_range) &&
4570 "precondition violation");
4571 verifyRangeLikeMetadata(I, Range, Ty, Kind: RangeLikeMetadataKind::Range);
4572}
4573
4574void Verifier::visitNoFPClassMetadata(Instruction &I, MDNode *NoFPClass,
4575 Type *Ty) {
4576 Check(AttributeFuncs::isNoFPClassCompatibleType(Ty),
4577 "nofpclass only applies to floating-point typed loads", I);
4578
4579 Check(NoFPClass->getNumOperands() == 1,
4580 "nofpclass must have exactly one entry", NoFPClass);
4581 ConstantInt *MaskVal =
4582 mdconst::dyn_extract<ConstantInt>(MD: NoFPClass->getOperand(I: 0));
4583 Check(MaskVal && MaskVal->getType()->isIntegerTy(32),
4584 "nofpclass entry must be a constant i32", NoFPClass);
4585 uint32_t Val = MaskVal->getZExtValue();
4586 Check(Val != 0, "'nofpclass' must have at least one test bit set", NoFPClass,
4587 I);
4588
4589 Check((Val & ~static_cast<unsigned>(fcAllFlags)) == 0,
4590 "Invalid value for 'nofpclass' test mask", NoFPClass, I);
4591}
4592
4593void Verifier::visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range,
4594 Type *Ty) {
4595 assert(Range && Range == I.getMetadata(LLVMContext::MD_noalias_addrspace) &&
4596 "precondition violation");
4597 verifyRangeLikeMetadata(I, Range, Ty,
4598 Kind: RangeLikeMetadataKind::NoaliasAddrspace);
4599}
4600
4601void Verifier::checkAtomicMemAccessSize(Type *Ty, const Instruction *I) {
4602 unsigned Size = DL.getTypeSizeInBits(Ty).getFixedValue();
4603 Check(Size >= 8, "atomic memory access' size must be byte-sized", Ty, I);
4604 Check(!(Size & (Size - 1)),
4605 "atomic memory access' operand must have a power-of-two size", Ty, I);
4606}
4607
4608void Verifier::visitLoadInst(LoadInst &LI) {
4609 PointerType *PTy = dyn_cast<PointerType>(Val: LI.getOperand(i_nocapture: 0)->getType());
4610 Check(PTy, "Load operand must be a pointer.", &LI);
4611 Type *ElTy = LI.getType();
4612 if (MaybeAlign A = LI.getAlign()) {
4613 Check(A->value() <= Value::MaximumAlignment,
4614 "huge alignment values are unsupported", &LI);
4615 }
4616 Check(ElTy->isSized(), "loading unsized types is not allowed", &LI);
4617 if (LI.isAtomic()) {
4618 Check(LI.getOrdering() != AtomicOrdering::Release &&
4619 LI.getOrdering() != AtomicOrdering::AcquireRelease,
4620 "Load cannot have Release ordering", &LI);
4621 Check(ElTy->getScalarType()->isIntOrPtrTy() ||
4622 ElTy->getScalarType()->isFloatingPointTy(),
4623 "atomic load operand must have integer, pointer, floating point, "
4624 "or vector type!",
4625 ElTy, &LI);
4626
4627 checkAtomicMemAccessSize(Ty: ElTy, I: &LI);
4628 } else {
4629 Check(LI.getSyncScopeID() == SyncScope::System,
4630 "Non-atomic load cannot have SynchronizationScope specified", &LI);
4631 }
4632
4633 visitInstruction(I&: LI);
4634}
4635
4636void Verifier::visitStoreInst(StoreInst &SI) {
4637 PointerType *PTy = dyn_cast<PointerType>(Val: SI.getOperand(i_nocapture: 1)->getType());
4638 Check(PTy, "Store operand must be a pointer.", &SI);
4639 Type *ElTy = SI.getOperand(i_nocapture: 0)->getType();
4640 if (MaybeAlign A = SI.getAlign()) {
4641 Check(A->value() <= Value::MaximumAlignment,
4642 "huge alignment values are unsupported", &SI);
4643 }
4644 Check(ElTy->isSized(), "storing unsized types is not allowed", &SI);
4645 if (SI.isAtomic()) {
4646 Check(SI.getOrdering() != AtomicOrdering::Acquire &&
4647 SI.getOrdering() != AtomicOrdering::AcquireRelease,
4648 "Store cannot have Acquire ordering", &SI);
4649 Check(ElTy->getScalarType()->isIntOrPtrTy() ||
4650 ElTy->getScalarType()->isFloatingPointTy(),
4651 "atomic store operand must have integer, pointer, floating point, "
4652 "or vector type!",
4653 ElTy, &SI);
4654 checkAtomicMemAccessSize(Ty: ElTy, I: &SI);
4655 } else {
4656 Check(SI.getSyncScopeID() == SyncScope::System,
4657 "Non-atomic store cannot have SynchronizationScope specified", &SI);
4658 }
4659 visitInstruction(I&: SI);
4660}
4661
4662/// Check that SwiftErrorVal is used as a swifterror argument in CS.
4663void Verifier::verifySwiftErrorCall(CallBase &Call,
4664 const Value *SwiftErrorVal) {
4665 for (const auto &I : llvm::enumerate(First: Call.args())) {
4666 if (I.value() == SwiftErrorVal) {
4667 Check(Call.paramHasAttr(I.index(), Attribute::SwiftError),
4668 "swifterror value when used in a callsite should be marked "
4669 "with swifterror attribute",
4670 SwiftErrorVal, Call);
4671 }
4672 }
4673}
4674
4675void Verifier::verifySwiftErrorValue(const Value *SwiftErrorVal) {
4676 // Check that swifterror value is only used by loads, stores, or as
4677 // a swifterror argument.
4678 for (const User *U : SwiftErrorVal->users()) {
4679 Check(isa<LoadInst>(U) || isa<StoreInst>(U) || isa<CallInst>(U) ||
4680 isa<InvokeInst>(U),
4681 "swifterror value can only be loaded and stored from, or "
4682 "as a swifterror argument!",
4683 SwiftErrorVal, U);
4684 // If it is used by a store, check it is the second operand.
4685 if (auto StoreI = dyn_cast<StoreInst>(Val: U))
4686 Check(StoreI->getOperand(1) == SwiftErrorVal,
4687 "swifterror value should be the second operand when used "
4688 "by stores",
4689 SwiftErrorVal, U);
4690 if (auto *Call = dyn_cast<CallBase>(Val: U))
4691 verifySwiftErrorCall(Call&: *const_cast<CallBase *>(Call), SwiftErrorVal);
4692 }
4693}
4694
4695void Verifier::visitAllocaInst(AllocaInst &AI) {
4696 Type *Ty = AI.getAllocatedType();
4697 SmallPtrSet<Type*, 4> Visited;
4698 Check(Ty->isSized(&Visited), "Cannot allocate unsized type", &AI);
4699 // Check if it's a target extension type that disallows being used on the
4700 // stack.
4701 Check(!Ty->containsNonLocalTargetExtType(),
4702 "Alloca has illegal target extension type", &AI);
4703 Check(AI.getArraySize()->getType()->isIntegerTy(),
4704 "Alloca array size must have integer type", &AI);
4705 if (MaybeAlign A = AI.getAlign()) {
4706 Check(A->value() <= Value::MaximumAlignment,
4707 "huge alignment values are unsupported", &AI);
4708 }
4709
4710 if (AI.isSwiftError()) {
4711 Check(Ty->isPointerTy(), "swifterror alloca must have pointer type", &AI);
4712 Check(!AI.isArrayAllocation(),
4713 "swifterror alloca must not be array allocation", &AI);
4714 verifySwiftErrorValue(SwiftErrorVal: &AI);
4715 }
4716
4717 if (TT.isAMDGPU()) {
4718 Check(AI.getAddressSpace() == AMDGPUAS::PRIVATE_ADDRESS,
4719 "alloca on amdgpu must be in addrspace(5)", &AI);
4720 }
4721
4722 visitInstruction(I&: AI);
4723}
4724
4725void Verifier::visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI) {
4726 Type *ElTy = CXI.getOperand(i_nocapture: 1)->getType();
4727 Check(ElTy->isIntOrPtrTy(),
4728 "cmpxchg operand must have integer or pointer type", ElTy, &CXI);
4729 checkAtomicMemAccessSize(Ty: ElTy, I: &CXI);
4730 visitInstruction(I&: CXI);
4731}
4732
4733void Verifier::visitAtomicRMWInst(AtomicRMWInst &RMWI) {
4734 Check(RMWI.getOrdering() != AtomicOrdering::Unordered,
4735 "atomicrmw instructions cannot be unordered.", &RMWI);
4736 auto Op = RMWI.getOperation();
4737 Type *ElTy = RMWI.getOperand(i_nocapture: 1)->getType();
4738 if (Op == AtomicRMWInst::Xchg) {
4739 Check(ElTy->isIntegerTy() || ElTy->isFloatingPointTy() ||
4740 ElTy->isPointerTy(),
4741 "atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4742 " operand must have integer or floating point type!",
4743 &RMWI, ElTy);
4744 } else if (AtomicRMWInst::isFPOperation(Op)) {
4745 Check(ElTy->isFPOrFPVectorTy() && !isa<ScalableVectorType>(ElTy),
4746 "atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4747 " operand must have floating-point or fixed vector of floating-point "
4748 "type!",
4749 &RMWI, ElTy);
4750 } else {
4751 Check(ElTy->isIntegerTy(),
4752 "atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4753 " operand must have integer type!",
4754 &RMWI, ElTy);
4755 }
4756 checkAtomicMemAccessSize(Ty: ElTy, I: &RMWI);
4757 Check(AtomicRMWInst::FIRST_BINOP <= Op && Op <= AtomicRMWInst::LAST_BINOP,
4758 "Invalid binary operation!", &RMWI);
4759 visitInstruction(I&: RMWI);
4760}
4761
4762void Verifier::visitFenceInst(FenceInst &FI) {
4763 const AtomicOrdering Ordering = FI.getOrdering();
4764 Check(Ordering == AtomicOrdering::Acquire ||
4765 Ordering == AtomicOrdering::Release ||
4766 Ordering == AtomicOrdering::AcquireRelease ||
4767 Ordering == AtomicOrdering::SequentiallyConsistent,
4768 "fence instructions may only have acquire, release, acq_rel, or "
4769 "seq_cst ordering.",
4770 &FI);
4771 visitInstruction(I&: FI);
4772}
4773
4774void Verifier::visitExtractValueInst(ExtractValueInst &EVI) {
4775 Check(ExtractValueInst::getIndexedType(EVI.getAggregateOperand()->getType(),
4776 EVI.getIndices()) == EVI.getType(),
4777 "Invalid ExtractValueInst operands!", &EVI);
4778
4779 visitInstruction(I&: EVI);
4780}
4781
4782void Verifier::visitInsertValueInst(InsertValueInst &IVI) {
4783 Check(ExtractValueInst::getIndexedType(IVI.getAggregateOperand()->getType(),
4784 IVI.getIndices()) ==
4785 IVI.getOperand(1)->getType(),
4786 "Invalid InsertValueInst operands!", &IVI);
4787
4788 visitInstruction(I&: IVI);
4789}
4790
4791static Value *getParentPad(Value *EHPad) {
4792 if (auto *FPI = dyn_cast<FuncletPadInst>(Val: EHPad))
4793 return FPI->getParentPad();
4794
4795 return cast<CatchSwitchInst>(Val: EHPad)->getParentPad();
4796}
4797
4798void Verifier::visitEHPadPredecessors(Instruction &I) {
4799 assert(I.isEHPad());
4800
4801 BasicBlock *BB = I.getParent();
4802 Function *F = BB->getParent();
4803
4804 Check(BB != &F->getEntryBlock(), "EH pad cannot be in entry block.", &I);
4805
4806 if (auto *LPI = dyn_cast<LandingPadInst>(Val: &I)) {
4807 // The landingpad instruction defines its parent as a landing pad block. The
4808 // landing pad block may be branched to only by the unwind edge of an
4809 // invoke.
4810 for (BasicBlock *PredBB : predecessors(BB)) {
4811 const auto *II = dyn_cast<InvokeInst>(Val: PredBB->getTerminator());
4812 Check(II && II->getUnwindDest() == BB && II->getNormalDest() != BB,
4813 "Block containing LandingPadInst must be jumped to "
4814 "only by the unwind edge of an invoke.",
4815 LPI);
4816 }
4817 return;
4818 }
4819 if (auto *CPI = dyn_cast<CatchPadInst>(Val: &I)) {
4820 if (!pred_empty(BB))
4821 Check(BB->getUniquePredecessor() == CPI->getCatchSwitch()->getParent(),
4822 "Block containg CatchPadInst must be jumped to "
4823 "only by its catchswitch.",
4824 CPI);
4825 Check(BB != CPI->getCatchSwitch()->getUnwindDest(),
4826 "Catchswitch cannot unwind to one of its catchpads",
4827 CPI->getCatchSwitch(), CPI);
4828 return;
4829 }
4830
4831 // Verify that each pred has a legal terminator with a legal to/from EH
4832 // pad relationship.
4833 Instruction *ToPad = &I;
4834 Value *ToPadParent = getParentPad(EHPad: ToPad);
4835 for (BasicBlock *PredBB : predecessors(BB)) {
4836 Instruction *TI = PredBB->getTerminator();
4837 Value *FromPad;
4838 if (auto *II = dyn_cast<InvokeInst>(Val: TI)) {
4839 Check(II->getUnwindDest() == BB && II->getNormalDest() != BB,
4840 "EH pad must be jumped to via an unwind edge", ToPad, II);
4841 auto *CalledFn =
4842 dyn_cast<Function>(Val: II->getCalledOperand()->stripPointerCasts());
4843 if (CalledFn && CalledFn->isIntrinsic() && II->doesNotThrow() &&
4844 !IntrinsicInst::mayLowerToFunctionCall(IID: CalledFn->getIntrinsicID()))
4845 continue;
4846 if (auto Bundle = II->getOperandBundle(ID: LLVMContext::OB_funclet))
4847 FromPad = Bundle->Inputs[0];
4848 else
4849 FromPad = ConstantTokenNone::get(Context&: II->getContext());
4850 } else if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: TI)) {
4851 FromPad = CRI->getOperand(i_nocapture: 0);
4852 Check(FromPad != ToPadParent, "A cleanupret must exit its cleanup", CRI);
4853 } else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: TI)) {
4854 FromPad = CSI;
4855 } else {
4856 Check(false, "EH pad must be jumped to via an unwind edge", ToPad, TI);
4857 }
4858
4859 // The edge may exit from zero or more nested pads.
4860 SmallPtrSet<Value *, 8> Seen;
4861 for (;; FromPad = getParentPad(EHPad: FromPad)) {
4862 Check(FromPad != ToPad,
4863 "EH pad cannot handle exceptions raised within it", FromPad, TI);
4864 if (FromPad == ToPadParent) {
4865 // This is a legal unwind edge.
4866 break;
4867 }
4868 Check(!isa<ConstantTokenNone>(FromPad),
4869 "A single unwind edge may only enter one EH pad", TI);
4870 Check(Seen.insert(FromPad).second, "EH pad jumps through a cycle of pads",
4871 FromPad);
4872
4873 // This will be diagnosed on the corresponding instruction already. We
4874 // need the extra check here to make sure getParentPad() works.
4875 Check(isa<FuncletPadInst>(FromPad) || isa<CatchSwitchInst>(FromPad),
4876 "Parent pad must be catchpad/cleanuppad/catchswitch", TI);
4877 }
4878 }
4879}
4880
4881void Verifier::visitLandingPadInst(LandingPadInst &LPI) {
4882 // The landingpad instruction is ill-formed if it doesn't have any clauses and
4883 // isn't a cleanup.
4884 Check(LPI.getNumClauses() > 0 || LPI.isCleanup(),
4885 "LandingPadInst needs at least one clause or to be a cleanup.", &LPI);
4886
4887 visitEHPadPredecessors(I&: LPI);
4888
4889 if (!LandingPadResultTy)
4890 LandingPadResultTy = LPI.getType();
4891 else
4892 Check(LandingPadResultTy == LPI.getType(),
4893 "The landingpad instruction should have a consistent result type "
4894 "inside a function.",
4895 &LPI);
4896
4897 Function *F = LPI.getParent()->getParent();
4898 Check(F->hasPersonalityFn(),
4899 "LandingPadInst needs to be in a function with a personality.", &LPI);
4900
4901 // The landingpad instruction must be the first non-PHI instruction in the
4902 // block.
4903 Check(LPI.getParent()->getLandingPadInst() == &LPI,
4904 "LandingPadInst not the first non-PHI instruction in the block.", &LPI);
4905
4906 for (unsigned i = 0, e = LPI.getNumClauses(); i < e; ++i) {
4907 Constant *Clause = LPI.getClause(Idx: i);
4908 if (LPI.isCatch(Idx: i)) {
4909 Check(isa<PointerType>(Clause->getType()),
4910 "Catch operand does not have pointer type!", &LPI);
4911 } else {
4912 Check(LPI.isFilter(i), "Clause is neither catch nor filter!", &LPI);
4913 Check(isa<ConstantArray>(Clause) || isa<ConstantAggregateZero>(Clause),
4914 "Filter operand is not an array of constants!", &LPI);
4915 }
4916 }
4917
4918 visitInstruction(I&: LPI);
4919}
4920
4921void Verifier::visitResumeInst(ResumeInst &RI) {
4922 Check(RI.getFunction()->hasPersonalityFn(),
4923 "ResumeInst needs to be in a function with a personality.", &RI);
4924
4925 if (!LandingPadResultTy)
4926 LandingPadResultTy = RI.getValue()->getType();
4927 else
4928 Check(LandingPadResultTy == RI.getValue()->getType(),
4929 "The resume instruction should have a consistent result type "
4930 "inside a function.",
4931 &RI);
4932
4933 visitTerminator(I&: RI);
4934}
4935
4936void Verifier::visitCatchPadInst(CatchPadInst &CPI) {
4937 BasicBlock *BB = CPI.getParent();
4938
4939 Function *F = BB->getParent();
4940 Check(F->hasPersonalityFn(),
4941 "CatchPadInst needs to be in a function with a personality.", &CPI);
4942
4943 Check(isa<CatchSwitchInst>(CPI.getParentPad()),
4944 "CatchPadInst needs to be directly nested in a CatchSwitchInst.",
4945 CPI.getParentPad());
4946
4947 // The catchpad instruction must be the first non-PHI instruction in the
4948 // block.
4949 Check(&*BB->getFirstNonPHIIt() == &CPI,
4950 "CatchPadInst not the first non-PHI instruction in the block.", &CPI);
4951
4952 visitEHPadPredecessors(I&: CPI);
4953 visitFuncletPadInst(FPI&: CPI);
4954}
4955
4956void Verifier::visitCatchReturnInst(CatchReturnInst &CatchReturn) {
4957 Check(isa<CatchPadInst>(CatchReturn.getOperand(0)),
4958 "CatchReturnInst needs to be provided a CatchPad", &CatchReturn,
4959 CatchReturn.getOperand(0));
4960
4961 visitTerminator(I&: CatchReturn);
4962}
4963
4964void Verifier::visitCleanupPadInst(CleanupPadInst &CPI) {
4965 BasicBlock *BB = CPI.getParent();
4966
4967 Function *F = BB->getParent();
4968 Check(F->hasPersonalityFn(),
4969 "CleanupPadInst needs to be in a function with a personality.", &CPI);
4970
4971 // The cleanuppad instruction must be the first non-PHI instruction in the
4972 // block.
4973 Check(&*BB->getFirstNonPHIIt() == &CPI,
4974 "CleanupPadInst not the first non-PHI instruction in the block.", &CPI);
4975
4976 auto *ParentPad = CPI.getParentPad();
4977 Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
4978 "CleanupPadInst has an invalid parent.", &CPI);
4979
4980 visitEHPadPredecessors(I&: CPI);
4981 visitFuncletPadInst(FPI&: CPI);
4982}
4983
4984void Verifier::visitFuncletPadInst(FuncletPadInst &FPI) {
4985 User *FirstUser = nullptr;
4986 Value *FirstUnwindPad = nullptr;
4987 SmallVector<FuncletPadInst *, 8> Worklist({&FPI});
4988 SmallPtrSet<FuncletPadInst *, 8> Seen;
4989
4990 while (!Worklist.empty()) {
4991 FuncletPadInst *CurrentPad = Worklist.pop_back_val();
4992 Check(Seen.insert(CurrentPad).second,
4993 "FuncletPadInst must not be nested within itself", CurrentPad);
4994 Value *UnresolvedAncestorPad = nullptr;
4995 for (User *U : CurrentPad->users()) {
4996 BasicBlock *UnwindDest;
4997 if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: U)) {
4998 UnwindDest = CRI->getUnwindDest();
4999 } else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: U)) {
5000 // We allow catchswitch unwind to caller to nest
5001 // within an outer pad that unwinds somewhere else,
5002 // because catchswitch doesn't have a nounwind variant.
5003 // See e.g. SimplifyCFGOpt::SimplifyUnreachable.
5004 if (CSI->unwindsToCaller())
5005 continue;
5006 UnwindDest = CSI->getUnwindDest();
5007 } else if (auto *II = dyn_cast<InvokeInst>(Val: U)) {
5008 UnwindDest = II->getUnwindDest();
5009 } else if (isa<CallInst>(Val: U)) {
5010 // Calls which don't unwind may be found inside funclet
5011 // pads that unwind somewhere else. We don't *require*
5012 // such calls to be annotated nounwind.
5013 continue;
5014 } else if (auto *CPI = dyn_cast<CleanupPadInst>(Val: U)) {
5015 // The unwind dest for a cleanup can only be found by
5016 // recursive search. Add it to the worklist, and we'll
5017 // search for its first use that determines where it unwinds.
5018 Worklist.push_back(Elt: CPI);
5019 continue;
5020 } else {
5021 Check(isa<CatchReturnInst>(U), "Bogus funclet pad use", U);
5022 continue;
5023 }
5024
5025 Value *UnwindPad;
5026 bool ExitsFPI;
5027 if (UnwindDest) {
5028 UnwindPad = &*UnwindDest->getFirstNonPHIIt();
5029 if (!cast<Instruction>(Val: UnwindPad)->isEHPad())
5030 continue;
5031 Value *UnwindParent = getParentPad(EHPad: UnwindPad);
5032 // Ignore unwind edges that don't exit CurrentPad.
5033 if (UnwindParent == CurrentPad)
5034 continue;
5035 // Determine whether the original funclet pad is exited,
5036 // and if we are scanning nested pads determine how many
5037 // of them are exited so we can stop searching their
5038 // children.
5039 Value *ExitedPad = CurrentPad;
5040 ExitsFPI = false;
5041 do {
5042 if (ExitedPad == &FPI) {
5043 ExitsFPI = true;
5044 // Now we can resolve any ancestors of CurrentPad up to
5045 // FPI, but not including FPI since we need to make sure
5046 // to check all direct users of FPI for consistency.
5047 UnresolvedAncestorPad = &FPI;
5048 break;
5049 }
5050 Value *ExitedParent = getParentPad(EHPad: ExitedPad);
5051 if (ExitedParent == UnwindParent) {
5052 // ExitedPad is the ancestor-most pad which this unwind
5053 // edge exits, so we can resolve up to it, meaning that
5054 // ExitedParent is the first ancestor still unresolved.
5055 UnresolvedAncestorPad = ExitedParent;
5056 break;
5057 }
5058 ExitedPad = ExitedParent;
5059 } while (!isa<ConstantTokenNone>(Val: ExitedPad));
5060 } else {
5061 // Unwinding to caller exits all pads.
5062 UnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
5063 ExitsFPI = true;
5064 UnresolvedAncestorPad = &FPI;
5065 }
5066
5067 if (ExitsFPI) {
5068 // This unwind edge exits FPI. Make sure it agrees with other
5069 // such edges.
5070 if (FirstUser) {
5071 Check(UnwindPad == FirstUnwindPad,
5072 "Unwind edges out of a funclet "
5073 "pad must have the same unwind "
5074 "dest",
5075 &FPI, U, FirstUser);
5076 } else {
5077 FirstUser = U;
5078 FirstUnwindPad = UnwindPad;
5079 // Record cleanup sibling unwinds for verifySiblingFuncletUnwinds
5080 if (isa<CleanupPadInst>(Val: &FPI) && !isa<ConstantTokenNone>(Val: UnwindPad) &&
5081 getParentPad(EHPad: UnwindPad) == getParentPad(EHPad: &FPI))
5082 SiblingFuncletInfo[&FPI] = cast<Instruction>(Val: U);
5083 }
5084 }
5085 // Make sure we visit all uses of FPI, but for nested pads stop as
5086 // soon as we know where they unwind to.
5087 if (CurrentPad != &FPI)
5088 break;
5089 }
5090 if (UnresolvedAncestorPad) {
5091 if (CurrentPad == UnresolvedAncestorPad) {
5092 // When CurrentPad is FPI itself, we don't mark it as resolved even if
5093 // we've found an unwind edge that exits it, because we need to verify
5094 // all direct uses of FPI.
5095 assert(CurrentPad == &FPI);
5096 continue;
5097 }
5098 // Pop off the worklist any nested pads that we've found an unwind
5099 // destination for. The pads on the worklist are the uncles,
5100 // great-uncles, etc. of CurrentPad. We've found an unwind destination
5101 // for all ancestors of CurrentPad up to but not including
5102 // UnresolvedAncestorPad.
5103 Value *ResolvedPad = CurrentPad;
5104 while (!Worklist.empty()) {
5105 Value *UnclePad = Worklist.back();
5106 Value *AncestorPad = getParentPad(EHPad: UnclePad);
5107 // Walk ResolvedPad up the ancestor list until we either find the
5108 // uncle's parent or the last resolved ancestor.
5109 while (ResolvedPad != AncestorPad) {
5110 Value *ResolvedParent = getParentPad(EHPad: ResolvedPad);
5111 if (ResolvedParent == UnresolvedAncestorPad) {
5112 break;
5113 }
5114 ResolvedPad = ResolvedParent;
5115 }
5116 // If the resolved ancestor search didn't find the uncle's parent,
5117 // then the uncle is not yet resolved.
5118 if (ResolvedPad != AncestorPad)
5119 break;
5120 // This uncle is resolved, so pop it from the worklist.
5121 Worklist.pop_back();
5122 }
5123 }
5124 }
5125
5126 if (FirstUnwindPad) {
5127 if (auto *CatchSwitch = dyn_cast<CatchSwitchInst>(Val: FPI.getParentPad())) {
5128 BasicBlock *SwitchUnwindDest = CatchSwitch->getUnwindDest();
5129 Value *SwitchUnwindPad;
5130 if (SwitchUnwindDest)
5131 SwitchUnwindPad = &*SwitchUnwindDest->getFirstNonPHIIt();
5132 else
5133 SwitchUnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
5134 Check(SwitchUnwindPad == FirstUnwindPad,
5135 "Unwind edges out of a catch must have the same unwind dest as "
5136 "the parent catchswitch",
5137 &FPI, FirstUser, CatchSwitch);
5138 }
5139 }
5140
5141 visitInstruction(I&: FPI);
5142}
5143
5144void Verifier::visitCatchSwitchInst(CatchSwitchInst &CatchSwitch) {
5145 BasicBlock *BB = CatchSwitch.getParent();
5146
5147 Function *F = BB->getParent();
5148 Check(F->hasPersonalityFn(),
5149 "CatchSwitchInst needs to be in a function with a personality.",
5150 &CatchSwitch);
5151
5152 // The catchswitch instruction must be the first non-PHI instruction in the
5153 // block.
5154 Check(&*BB->getFirstNonPHIIt() == &CatchSwitch,
5155 "CatchSwitchInst not the first non-PHI instruction in the block.",
5156 &CatchSwitch);
5157
5158 auto *ParentPad = CatchSwitch.getParentPad();
5159 Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
5160 "CatchSwitchInst has an invalid parent.", ParentPad);
5161
5162 if (BasicBlock *UnwindDest = CatchSwitch.getUnwindDest()) {
5163 BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
5164 Check(I->isEHPad() && !isa<LandingPadInst>(I),
5165 "CatchSwitchInst must unwind to an EH block which is not a "
5166 "landingpad.",
5167 &CatchSwitch);
5168
5169 // Record catchswitch sibling unwinds for verifySiblingFuncletUnwinds
5170 if (getParentPad(EHPad: &*I) == ParentPad)
5171 SiblingFuncletInfo[&CatchSwitch] = &CatchSwitch;
5172 }
5173
5174 Check(CatchSwitch.getNumHandlers() != 0,
5175 "CatchSwitchInst cannot have empty handler list", &CatchSwitch);
5176
5177 for (BasicBlock *Handler : CatchSwitch.handlers()) {
5178 Check(isa<CatchPadInst>(Handler->getFirstNonPHIIt()),
5179 "CatchSwitchInst handlers must be catchpads", &CatchSwitch, Handler);
5180 }
5181
5182 visitEHPadPredecessors(I&: CatchSwitch);
5183 visitTerminator(I&: CatchSwitch);
5184}
5185
5186void Verifier::visitCleanupReturnInst(CleanupReturnInst &CRI) {
5187 Check(isa<CleanupPadInst>(CRI.getOperand(0)),
5188 "CleanupReturnInst needs to be provided a CleanupPad", &CRI,
5189 CRI.getOperand(0));
5190
5191 if (BasicBlock *UnwindDest = CRI.getUnwindDest()) {
5192 BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
5193 Check(I->isEHPad() && !isa<LandingPadInst>(I),
5194 "CleanupReturnInst must unwind to an EH block which is not a "
5195 "landingpad.",
5196 &CRI);
5197 }
5198
5199 visitTerminator(I&: CRI);
5200}
5201
5202void Verifier::verifyDominatesUse(Instruction &I, unsigned i) {
5203 Instruction *Op = cast<Instruction>(Val: I.getOperand(i));
5204 // If the we have an invalid invoke, don't try to compute the dominance.
5205 // We already reject it in the invoke specific checks and the dominance
5206 // computation doesn't handle multiple edges.
5207 if (InvokeInst *II = dyn_cast<InvokeInst>(Val: Op)) {
5208 if (II->getNormalDest() == II->getUnwindDest())
5209 return;
5210 }
5211
5212 // Quick check whether the def has already been encountered in the same block.
5213 // PHI nodes are not checked to prevent accepting preceding PHIs, because PHI
5214 // uses are defined to happen on the incoming edge, not at the instruction.
5215 //
5216 // FIXME: If this operand is a MetadataAsValue (wrapping a LocalAsMetadata)
5217 // wrapping an SSA value, assert that we've already encountered it. See
5218 // related FIXME in Mapper::mapLocalAsMetadata in ValueMapper.cpp.
5219 if (!isa<PHINode>(Val: I) && InstsInThisBlock.count(Ptr: Op))
5220 return;
5221
5222 const Use &U = I.getOperandUse(i);
5223 Check(DT.dominates(Op, U), "Instruction does not dominate all uses!", Op, &I);
5224}
5225
5226void Verifier::visitDereferenceableMetadata(Instruction& I, MDNode* MD) {
5227 Check(I.getType()->isPointerTy(),
5228 "dereferenceable, dereferenceable_or_null "
5229 "apply only to pointer types",
5230 &I);
5231 Check((isa<LoadInst>(I) || isa<IntToPtrInst>(I)),
5232 "dereferenceable, dereferenceable_or_null apply only to load"
5233 " and inttoptr instructions, use attributes for calls or invokes",
5234 &I);
5235 Check(MD->getNumOperands() == 1,
5236 "dereferenceable, dereferenceable_or_null "
5237 "take one operand!",
5238 &I);
5239 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 0));
5240 Check(CI && CI->getType()->isIntegerTy(64),
5241 "dereferenceable, "
5242 "dereferenceable_or_null metadata value must be an i64!",
5243 &I);
5244}
5245
5246void Verifier::visitNofreeMetadata(Instruction &I, MDNode *MD) {
5247 Check(I.getType()->isPointerTy(), "nofree applies only to pointer types", &I);
5248 Check((isa<IntToPtrInst>(I)), "nofree applies only to inttoptr instruction",
5249 &I);
5250 Check(MD->getNumOperands() == 0, "nofree metadata must be empty", &I);
5251}
5252
5253void Verifier::visitProfMetadata(Instruction &I, MDNode *MD) {
5254 auto GetBranchingTerminatorNumOperands = [&]() {
5255 unsigned ExpectedNumOperands = 0;
5256 if (BranchInst *BI = dyn_cast<BranchInst>(Val: &I))
5257 ExpectedNumOperands = BI->getNumSuccessors();
5258 else if (SwitchInst *SI = dyn_cast<SwitchInst>(Val: &I))
5259 ExpectedNumOperands = SI->getNumSuccessors();
5260 else if (isa<CallInst>(Val: &I))
5261 ExpectedNumOperands = 1;
5262 else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(Val: &I))
5263 ExpectedNumOperands = IBI->getNumDestinations();
5264 else if (isa<SelectInst>(Val: &I))
5265 ExpectedNumOperands = 2;
5266 else if (CallBrInst *CI = dyn_cast<CallBrInst>(Val: &I))
5267 ExpectedNumOperands = CI->getNumSuccessors();
5268 return ExpectedNumOperands;
5269 };
5270 Check(MD->getNumOperands() >= 1,
5271 "!prof annotations should have at least 1 operand", MD);
5272 // Check first operand.
5273 Check(MD->getOperand(0) != nullptr, "first operand should not be null", MD);
5274 Check(isa<MDString>(MD->getOperand(0)),
5275 "expected string with name of the !prof annotation", MD);
5276 MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
5277 StringRef ProfName = MDS->getString();
5278
5279 if (ProfName == MDProfLabels::UnknownBranchWeightsMarker) {
5280 Check(GetBranchingTerminatorNumOperands() != 0 || isa<InvokeInst>(I),
5281 "'unknown' !prof should only appear on instructions on which "
5282 "'branch_weights' would",
5283 MD);
5284 verifyUnknownProfileMetadata(MD);
5285 return;
5286 }
5287
5288 Check(MD->getNumOperands() >= 2,
5289 "!prof annotations should have no less than 2 operands", MD);
5290
5291 // Check consistency of !prof branch_weights metadata.
5292 if (ProfName == MDProfLabels::BranchWeights) {
5293 unsigned NumBranchWeights = getNumBranchWeights(ProfileData: *MD);
5294 if (isa<InvokeInst>(Val: &I)) {
5295 Check(NumBranchWeights == 1 || NumBranchWeights == 2,
5296 "Wrong number of InvokeInst branch_weights operands", MD);
5297 } else {
5298 const unsigned ExpectedNumOperands = GetBranchingTerminatorNumOperands();
5299 if (ExpectedNumOperands == 0)
5300 CheckFailed(Message: "!prof branch_weights are not allowed for this instruction",
5301 V1: MD);
5302
5303 Check(NumBranchWeights == ExpectedNumOperands, "Wrong number of operands",
5304 MD);
5305 }
5306 for (unsigned i = getBranchWeightOffset(ProfileData: MD); i < MD->getNumOperands();
5307 ++i) {
5308 auto &MDO = MD->getOperand(I: i);
5309 Check(MDO, "second operand should not be null", MD);
5310 Check(mdconst::dyn_extract<ConstantInt>(MDO),
5311 "!prof brunch_weights operand is not a const int");
5312 }
5313 } else if (ProfName == MDProfLabels::ValueProfile) {
5314 Check(isValueProfileMD(MD), "invalid value profiling metadata", MD);
5315 ConstantInt *KindInt = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 1));
5316 Check(KindInt, "VP !prof missing kind argument", MD);
5317
5318 auto Kind = KindInt->getZExtValue();
5319 Check(Kind >= InstrProfValueKind::IPVK_First &&
5320 Kind <= InstrProfValueKind::IPVK_Last,
5321 "Invalid VP !prof kind", MD);
5322 Check(MD->getNumOperands() % 2 == 1,
5323 "VP !prof should have an even number "
5324 "of arguments after 'VP'",
5325 MD);
5326 if (Kind == InstrProfValueKind::IPVK_IndirectCallTarget ||
5327 Kind == InstrProfValueKind::IPVK_MemOPSize)
5328 Check(isa<CallBase>(I),
5329 "VP !prof indirect call or memop size expected to be applied to "
5330 "CallBase instructions only",
5331 MD);
5332 } else {
5333 CheckFailed(Message: "expected either branch_weights or VP profile name", V1: MD);
5334 }
5335}
5336
5337void Verifier::visitDIAssignIDMetadata(Instruction &I, MDNode *MD) {
5338 assert(I.hasMetadata(LLVMContext::MD_DIAssignID));
5339 // DIAssignID metadata must be attached to either an alloca or some form of
5340 // store/memory-writing instruction.
5341 // FIXME: We allow all intrinsic insts here to avoid trying to enumerate all
5342 // possible store intrinsics.
5343 bool ExpectedInstTy =
5344 isa<AllocaInst>(Val: I) || isa<StoreInst>(Val: I) || isa<IntrinsicInst>(Val: I);
5345 CheckDI(ExpectedInstTy, "!DIAssignID attached to unexpected instruction kind",
5346 I, MD);
5347 // Iterate over the MetadataAsValue uses of the DIAssignID - these should
5348 // only be found as DbgAssignIntrinsic operands.
5349 if (auto *AsValue = MetadataAsValue::getIfExists(Context, MD)) {
5350 for (auto *User : AsValue->users()) {
5351 CheckDI(isa<DbgAssignIntrinsic>(User),
5352 "!DIAssignID should only be used by llvm.dbg.assign intrinsics",
5353 MD, User);
5354 // All of the dbg.assign intrinsics should be in the same function as I.
5355 if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: User))
5356 CheckDI(DAI->getFunction() == I.getFunction(),
5357 "dbg.assign not in same function as inst", DAI, &I);
5358 }
5359 }
5360 for (DbgVariableRecord *DVR :
5361 cast<DIAssignID>(Val: MD)->getAllDbgVariableRecordUsers()) {
5362 CheckDI(DVR->isDbgAssign(),
5363 "!DIAssignID should only be used by Assign DVRs.", MD, DVR);
5364 CheckDI(DVR->getFunction() == I.getFunction(),
5365 "DVRAssign not in same function as inst", DVR, &I);
5366 }
5367}
5368
5369void Verifier::visitMMRAMetadata(Instruction &I, MDNode *MD) {
5370 Check(canInstructionHaveMMRAs(I),
5371 "!mmra metadata attached to unexpected instruction kind", I, MD);
5372
5373 // MMRA Metadata should either be a tag, e.g. !{!"foo", !"bar"}, or a
5374 // list of tags such as !2 in the following example:
5375 // !0 = !{!"a", !"b"}
5376 // !1 = !{!"c", !"d"}
5377 // !2 = !{!0, !1}
5378 if (MMRAMetadata::isTagMD(MD))
5379 return;
5380
5381 Check(isa<MDTuple>(MD), "!mmra expected to be a metadata tuple", I, MD);
5382 for (const MDOperand &MDOp : MD->operands())
5383 Check(MMRAMetadata::isTagMD(MDOp.get()),
5384 "!mmra metadata tuple operand is not an MMRA tag", I, MDOp.get());
5385}
5386
5387void Verifier::visitCallStackMetadata(MDNode *MD) {
5388 // Call stack metadata should consist of a list of at least 1 constant int
5389 // (representing a hash of the location).
5390 Check(MD->getNumOperands() >= 1,
5391 "call stack metadata should have at least 1 operand", MD);
5392
5393 for (const auto &Op : MD->operands())
5394 Check(mdconst::dyn_extract_or_null<ConstantInt>(Op),
5395 "call stack metadata operand should be constant integer", Op);
5396}
5397
5398void Verifier::visitMemProfMetadata(Instruction &I, MDNode *MD) {
5399 Check(isa<CallBase>(I), "!memprof metadata should only exist on calls", &I);
5400 Check(MD->getNumOperands() >= 1,
5401 "!memprof annotations should have at least 1 metadata operand "
5402 "(MemInfoBlock)",
5403 MD);
5404
5405 // Check each MIB
5406 for (auto &MIBOp : MD->operands()) {
5407 MDNode *MIB = dyn_cast<MDNode>(Val: MIBOp);
5408 // The first operand of an MIB should be the call stack metadata.
5409 // There rest of the operands should be MDString tags, and there should be
5410 // at least one.
5411 Check(MIB->getNumOperands() >= 2,
5412 "Each !memprof MemInfoBlock should have at least 2 operands", MIB);
5413
5414 // Check call stack metadata (first operand).
5415 Check(MIB->getOperand(0) != nullptr,
5416 "!memprof MemInfoBlock first operand should not be null", MIB);
5417 Check(isa<MDNode>(MIB->getOperand(0)),
5418 "!memprof MemInfoBlock first operand should be an MDNode", MIB);
5419 MDNode *StackMD = dyn_cast<MDNode>(Val: MIB->getOperand(I: 0));
5420 visitCallStackMetadata(MD: StackMD);
5421
5422 // The second MIB operand should be MDString.
5423 Check(isa<MDString>(MIB->getOperand(1)),
5424 "!memprof MemInfoBlock second operand should be an MDString", MIB);
5425
5426 // Any remaining should be MDNode that are pairs of integers
5427 for (unsigned I = 2; I < MIB->getNumOperands(); ++I) {
5428 MDNode *OpNode = dyn_cast<MDNode>(Val: MIB->getOperand(I));
5429 Check(OpNode, "Not all !memprof MemInfoBlock operands 2 to N are MDNode",
5430 MIB);
5431 Check(OpNode->getNumOperands() == 2,
5432 "Not all !memprof MemInfoBlock operands 2 to N are MDNode with 2 "
5433 "operands",
5434 MIB);
5435 // Check that all of Op's operands are ConstantInt.
5436 Check(llvm::all_of(OpNode->operands(),
5437 [](const MDOperand &Op) {
5438 return mdconst::hasa<ConstantInt>(Op);
5439 }),
5440 "Not all !memprof MemInfoBlock operands 2 to N are MDNode with "
5441 "ConstantInt operands",
5442 MIB);
5443 }
5444 }
5445}
5446
5447void Verifier::visitCallsiteMetadata(Instruction &I, MDNode *MD) {
5448 Check(isa<CallBase>(I), "!callsite metadata should only exist on calls", &I);
5449 // Verify the partial callstack annotated from memprof profiles. This callsite
5450 // is a part of a profiled allocation callstack.
5451 visitCallStackMetadata(MD);
5452}
5453
5454static inline bool isConstantIntMetadataOperand(const Metadata *MD) {
5455 if (auto *VAL = dyn_cast<ValueAsMetadata>(Val: MD))
5456 return isa<ConstantInt>(Val: VAL->getValue());
5457 return false;
5458}
5459
5460void Verifier::visitCalleeTypeMetadata(Instruction &I, MDNode *MD) {
5461 Check(isa<CallBase>(I), "!callee_type metadata should only exist on calls",
5462 &I);
5463 for (Metadata *Op : MD->operands()) {
5464 Check(isa<MDNode>(Op),
5465 "The callee_type metadata must be a list of type metadata nodes", Op);
5466 auto *TypeMD = cast<MDNode>(Val: Op);
5467 Check(TypeMD->getNumOperands() == 2,
5468 "Well-formed generalized type metadata must contain exactly two "
5469 "operands",
5470 Op);
5471 Check(isConstantIntMetadataOperand(TypeMD->getOperand(0)) &&
5472 mdconst::extract<ConstantInt>(TypeMD->getOperand(0))->isZero(),
5473 "The first operand of type metadata for functions must be zero", Op);
5474 Check(TypeMD->hasGeneralizedMDString(),
5475 "Only generalized type metadata can be part of the callee_type "
5476 "metadata list",
5477 Op);
5478 }
5479}
5480
5481void Verifier::visitAnnotationMetadata(MDNode *Annotation) {
5482 Check(isa<MDTuple>(Annotation), "annotation must be a tuple");
5483 Check(Annotation->getNumOperands() >= 1,
5484 "annotation must have at least one operand");
5485 for (const MDOperand &Op : Annotation->operands()) {
5486 bool TupleOfStrings =
5487 isa<MDTuple>(Val: Op.get()) &&
5488 all_of(Range: cast<MDTuple>(Val: Op)->operands(), P: [](auto &Annotation) {
5489 return isa<MDString>(Annotation.get());
5490 });
5491 Check(isa<MDString>(Op.get()) || TupleOfStrings,
5492 "operands must be a string or a tuple of strings");
5493 }
5494}
5495
5496void Verifier::visitAliasScopeMetadata(const MDNode *MD) {
5497 unsigned NumOps = MD->getNumOperands();
5498 Check(NumOps >= 2 && NumOps <= 3, "scope must have two or three operands",
5499 MD);
5500 Check(MD->getOperand(0).get() == MD || isa<MDString>(MD->getOperand(0)),
5501 "first scope operand must be self-referential or string", MD);
5502 if (NumOps == 3)
5503 Check(isa<MDString>(MD->getOperand(2)),
5504 "third scope operand must be string (if used)", MD);
5505
5506 MDNode *Domain = dyn_cast<MDNode>(Val: MD->getOperand(I: 1));
5507 Check(Domain != nullptr, "second scope operand must be MDNode", MD);
5508
5509 unsigned NumDomainOps = Domain->getNumOperands();
5510 Check(NumDomainOps >= 1 && NumDomainOps <= 2,
5511 "domain must have one or two operands", Domain);
5512 Check(Domain->getOperand(0).get() == Domain ||
5513 isa<MDString>(Domain->getOperand(0)),
5514 "first domain operand must be self-referential or string", Domain);
5515 if (NumDomainOps == 2)
5516 Check(isa<MDString>(Domain->getOperand(1)),
5517 "second domain operand must be string (if used)", Domain);
5518}
5519
5520void Verifier::visitAliasScopeListMetadata(const MDNode *MD) {
5521 for (const MDOperand &Op : MD->operands()) {
5522 const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5523 Check(OpMD != nullptr, "scope list must consist of MDNodes", MD);
5524 visitAliasScopeMetadata(MD: OpMD);
5525 }
5526}
5527
5528void Verifier::visitAccessGroupMetadata(const MDNode *MD) {
5529 auto IsValidAccessScope = [](const MDNode *MD) {
5530 return MD->getNumOperands() == 0 && MD->isDistinct();
5531 };
5532
5533 // It must be either an access scope itself...
5534 if (IsValidAccessScope(MD))
5535 return;
5536
5537 // ...or a list of access scopes.
5538 for (const MDOperand &Op : MD->operands()) {
5539 const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5540 Check(OpMD != nullptr, "Access scope list must consist of MDNodes", MD);
5541 Check(IsValidAccessScope(OpMD),
5542 "Access scope list contains invalid access scope", MD);
5543 }
5544}
5545
5546void Verifier::visitCapturesMetadata(Instruction &I, const MDNode *Captures) {
5547 static const char *ValidArgs[] = {"address_is_null", "address",
5548 "read_provenance", "provenance"};
5549
5550 auto *SI = dyn_cast<StoreInst>(Val: &I);
5551 Check(SI, "!captures metadata can only be applied to store instructions", &I);
5552 Check(SI->getValueOperand()->getType()->isPointerTy(),
5553 "!captures metadata can only be applied to store with value operand of "
5554 "pointer type",
5555 &I);
5556 Check(Captures->getNumOperands() != 0, "!captures metadata cannot be empty",
5557 &I);
5558
5559 for (Metadata *Op : Captures->operands()) {
5560 auto *Str = dyn_cast<MDString>(Val: Op);
5561 Check(Str, "!captures metadata must be a list of strings", &I);
5562 Check(is_contained(ValidArgs, Str->getString()),
5563 "invalid entry in !captures metadata", &I, Str);
5564 }
5565}
5566
5567void Verifier::visitAllocTokenMetadata(Instruction &I, MDNode *MD) {
5568 Check(isa<CallBase>(I), "!alloc_token should only exist on calls", &I);
5569 Check(MD->getNumOperands() == 2, "!alloc_token must have 2 operands", MD);
5570 Check(isa<MDString>(MD->getOperand(0)), "expected string", MD);
5571 Check(mdconst::dyn_extract_or_null<ConstantInt>(MD->getOperand(1)),
5572 "expected integer constant", MD);
5573}
5574
5575/// verifyInstruction - Verify that an instruction is well formed.
5576///
5577void Verifier::visitInstruction(Instruction &I) {
5578 BasicBlock *BB = I.getParent();
5579 Check(BB, "Instruction not embedded in basic block!", &I);
5580
5581 if (!isa<PHINode>(Val: I)) { // Check that non-phi nodes are not self referential
5582 for (User *U : I.users()) {
5583 Check(U != (User *)&I || !DT.isReachableFromEntry(BB),
5584 "Only PHI nodes may reference their own value!", &I);
5585 }
5586 }
5587
5588 // Check that void typed values don't have names
5589 Check(!I.getType()->isVoidTy() || !I.hasName(),
5590 "Instruction has a name, but provides a void value!", &I);
5591
5592 // Check that the return value of the instruction is either void or a legal
5593 // value type.
5594 Check(I.getType()->isVoidTy() || I.getType()->isFirstClassType(),
5595 "Instruction returns a non-scalar type!", &I);
5596
5597 // Check that the instruction doesn't produce metadata. Calls are already
5598 // checked against the callee type.
5599 Check(!I.getType()->isMetadataTy() || isa<CallInst>(I) || isa<InvokeInst>(I),
5600 "Invalid use of metadata!", &I);
5601
5602 // Check that all uses of the instruction, if they are instructions
5603 // themselves, actually have parent basic blocks. If the use is not an
5604 // instruction, it is an error!
5605 for (Use &U : I.uses()) {
5606 if (Instruction *Used = dyn_cast<Instruction>(Val: U.getUser()))
5607 Check(Used->getParent() != nullptr,
5608 "Instruction referencing"
5609 " instruction not embedded in a basic block!",
5610 &I, Used);
5611 else {
5612 CheckFailed(Message: "Use of instruction is not an instruction!", V1: U);
5613 return;
5614 }
5615 }
5616
5617 // Get a pointer to the call base of the instruction if it is some form of
5618 // call.
5619 const CallBase *CBI = dyn_cast<CallBase>(Val: &I);
5620
5621 for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i) {
5622 Check(I.getOperand(i) != nullptr, "Instruction has null operand!", &I);
5623
5624 // Check to make sure that only first-class-values are operands to
5625 // instructions.
5626 if (!I.getOperand(i)->getType()->isFirstClassType()) {
5627 Check(false, "Instruction operands must be first-class values!", &I);
5628 }
5629
5630 if (Function *F = dyn_cast<Function>(Val: I.getOperand(i))) {
5631 // This code checks whether the function is used as the operand of a
5632 // clang_arc_attachedcall operand bundle.
5633 auto IsAttachedCallOperand = [](Function *F, const CallBase *CBI,
5634 int Idx) {
5635 return CBI && CBI->isOperandBundleOfType(
5636 ID: LLVMContext::OB_clang_arc_attachedcall, Idx);
5637 };
5638
5639 // Check to make sure that the "address of" an intrinsic function is never
5640 // taken. Ignore cases where the address of the intrinsic function is used
5641 // as the argument of operand bundle "clang.arc.attachedcall" as those
5642 // cases are handled in verifyAttachedCallBundle.
5643 Check((!F->isIntrinsic() ||
5644 (CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i)) ||
5645 IsAttachedCallOperand(F, CBI, i)),
5646 "Cannot take the address of an intrinsic!", &I);
5647 Check(!F->isIntrinsic() || isa<CallInst>(I) || isa<CallBrInst>(I) ||
5648 F->getIntrinsicID() == Intrinsic::donothing ||
5649 F->getIntrinsicID() == Intrinsic::seh_try_begin ||
5650 F->getIntrinsicID() == Intrinsic::seh_try_end ||
5651 F->getIntrinsicID() == Intrinsic::seh_scope_begin ||
5652 F->getIntrinsicID() == Intrinsic::seh_scope_end ||
5653 F->getIntrinsicID() == Intrinsic::coro_resume ||
5654 F->getIntrinsicID() == Intrinsic::coro_destroy ||
5655 F->getIntrinsicID() == Intrinsic::coro_await_suspend_void ||
5656 F->getIntrinsicID() == Intrinsic::coro_await_suspend_bool ||
5657 F->getIntrinsicID() == Intrinsic::coro_await_suspend_handle ||
5658 F->getIntrinsicID() ==
5659 Intrinsic::experimental_patchpoint_void ||
5660 F->getIntrinsicID() == Intrinsic::experimental_patchpoint ||
5661 F->getIntrinsicID() == Intrinsic::fake_use ||
5662 F->getIntrinsicID() == Intrinsic::experimental_gc_statepoint ||
5663 F->getIntrinsicID() == Intrinsic::wasm_throw ||
5664 F->getIntrinsicID() == Intrinsic::wasm_rethrow ||
5665 IsAttachedCallOperand(F, CBI, i),
5666 "Cannot invoke an intrinsic other than donothing, patchpoint, "
5667 "statepoint, coro_resume, coro_destroy, clang.arc.attachedcall or "
5668 "wasm.(re)throw",
5669 &I);
5670 Check(F->getParent() == &M, "Referencing function in another module!", &I,
5671 &M, F, F->getParent());
5672 } else if (BasicBlock *OpBB = dyn_cast<BasicBlock>(Val: I.getOperand(i))) {
5673 Check(OpBB->getParent() == BB->getParent(),
5674 "Referring to a basic block in another function!", &I);
5675 } else if (Argument *OpArg = dyn_cast<Argument>(Val: I.getOperand(i))) {
5676 Check(OpArg->getParent() == BB->getParent(),
5677 "Referring to an argument in another function!", &I);
5678 } else if (GlobalValue *GV = dyn_cast<GlobalValue>(Val: I.getOperand(i))) {
5679 Check(GV->getParent() == &M, "Referencing global in another module!", &I,
5680 &M, GV, GV->getParent());
5681 } else if (Instruction *OpInst = dyn_cast<Instruction>(Val: I.getOperand(i))) {
5682 Check(OpInst->getFunction() == BB->getParent(),
5683 "Referring to an instruction in another function!", &I);
5684 verifyDominatesUse(I, i);
5685 } else if (isa<InlineAsm>(Val: I.getOperand(i))) {
5686 Check(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i),
5687 "Cannot take the address of an inline asm!", &I);
5688 } else if (auto *C = dyn_cast<Constant>(Val: I.getOperand(i))) {
5689 visitConstantExprsRecursively(EntryC: C);
5690 }
5691 }
5692
5693 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_fpmath)) {
5694 Check(I.getType()->isFPOrFPVectorTy(),
5695 "fpmath requires a floating point result!", &I);
5696 Check(MD->getNumOperands() == 1, "fpmath takes one operand!", &I);
5697 if (ConstantFP *CFP0 =
5698 mdconst::dyn_extract_or_null<ConstantFP>(MD: MD->getOperand(I: 0))) {
5699 const APFloat &Accuracy = CFP0->getValueAPF();
5700 Check(&Accuracy.getSemantics() == &APFloat::IEEEsingle(),
5701 "fpmath accuracy must have float type", &I);
5702 Check(Accuracy.isFiniteNonZero() && !Accuracy.isNegative(),
5703 "fpmath accuracy not a positive number!", &I);
5704 } else {
5705 Check(false, "invalid fpmath accuracy!", &I);
5706 }
5707 }
5708
5709 if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_range)) {
5710 Check(isa<LoadInst>(I) || isa<CallInst>(I) || isa<InvokeInst>(I),
5711 "Ranges are only for loads, calls and invokes!", &I);
5712 visitRangeMetadata(I, Range, Ty: I.getType());
5713 }
5714
5715 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nofpclass)) {
5716 Check(isa<LoadInst>(I), "nofpclass is only for loads", &I);
5717 visitNoFPClassMetadata(I, NoFPClass: MD, Ty: I.getType());
5718 }
5719
5720 if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_noalias_addrspace)) {
5721 Check(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<AtomicRMWInst>(I) ||
5722 isa<AtomicCmpXchgInst>(I) || isa<CallInst>(I),
5723 "noalias.addrspace are only for memory operations!", &I);
5724 visitNoaliasAddrspaceMetadata(I, Range, Ty: I.getType());
5725 }
5726
5727 if (I.hasMetadata(KindID: LLVMContext::MD_invariant_group)) {
5728 Check(isa<LoadInst>(I) || isa<StoreInst>(I),
5729 "invariant.group metadata is only for loads and stores", &I);
5730 }
5731
5732 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nonnull)) {
5733 Check(I.getType()->isPointerTy(), "nonnull applies only to pointer types",
5734 &I);
5735 Check(isa<LoadInst>(I),
5736 "nonnull applies only to load instructions, use attributes"
5737 " for calls or invokes",
5738 &I);
5739 Check(MD->getNumOperands() == 0, "nonnull metadata must be empty", &I);
5740 }
5741
5742 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable))
5743 visitDereferenceableMetadata(I, MD);
5744
5745 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable_or_null))
5746 visitDereferenceableMetadata(I, MD);
5747
5748 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nofree))
5749 visitNofreeMetadata(I, MD);
5750
5751 if (MDNode *TBAA = I.getMetadata(KindID: LLVMContext::MD_tbaa))
5752 TBAAVerifyHelper.visitTBAAMetadata(I: &I, MD: TBAA);
5753
5754 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_noalias))
5755 visitAliasScopeListMetadata(MD);
5756 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alias_scope))
5757 visitAliasScopeListMetadata(MD);
5758
5759 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_access_group))
5760 visitAccessGroupMetadata(MD);
5761
5762 if (MDNode *AlignMD = I.getMetadata(KindID: LLVMContext::MD_align)) {
5763 Check(I.getType()->isPointerTy(), "align applies only to pointer types",
5764 &I);
5765 Check(isa<LoadInst>(I),
5766 "align applies only to load instructions, "
5767 "use attributes for calls or invokes",
5768 &I);
5769 Check(AlignMD->getNumOperands() == 1, "align takes one operand!", &I);
5770 ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: AlignMD->getOperand(I: 0));
5771 Check(CI && CI->getType()->isIntegerTy(64),
5772 "align metadata value must be an i64!", &I);
5773 uint64_t Align = CI->getZExtValue();
5774 Check(isPowerOf2_64(Align), "align metadata value must be a power of 2!",
5775 &I);
5776 Check(Align <= Value::MaximumAlignment,
5777 "alignment is larger that implementation defined limit", &I);
5778 }
5779
5780 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_prof))
5781 visitProfMetadata(I, MD);
5782
5783 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_memprof))
5784 visitMemProfMetadata(I, MD);
5785
5786 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callsite))
5787 visitCallsiteMetadata(I, MD);
5788
5789 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callee_type))
5790 visitCalleeTypeMetadata(I, MD);
5791
5792 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_DIAssignID))
5793 visitDIAssignIDMetadata(I, MD);
5794
5795 if (MDNode *MMRA = I.getMetadata(KindID: LLVMContext::MD_mmra))
5796 visitMMRAMetadata(I, MD: MMRA);
5797
5798 if (MDNode *Annotation = I.getMetadata(KindID: LLVMContext::MD_annotation))
5799 visitAnnotationMetadata(Annotation);
5800
5801 if (MDNode *Captures = I.getMetadata(KindID: LLVMContext::MD_captures))
5802 visitCapturesMetadata(I, Captures);
5803
5804 if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alloc_token))
5805 visitAllocTokenMetadata(I, MD);
5806
5807 if (MDNode *N = I.getDebugLoc().getAsMDNode()) {
5808 CheckDI(isa<DILocation>(N), "invalid !dbg metadata attachment", &I, N);
5809 visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::Yes);
5810
5811 if (auto *DL = dyn_cast<DILocation>(Val: N)) {
5812 if (DL->getAtomGroup()) {
5813 CheckDI(DL->getScope()->getSubprogram()->getKeyInstructionsEnabled(),
5814 "DbgLoc uses atomGroup but DISubprogram doesn't have Key "
5815 "Instructions enabled",
5816 DL, DL->getScope()->getSubprogram());
5817 }
5818 }
5819 }
5820
5821 SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
5822 I.getAllMetadata(MDs);
5823 for (auto Attachment : MDs) {
5824 unsigned Kind = Attachment.first;
5825 auto AllowLocs =
5826 (Kind == LLVMContext::MD_dbg || Kind == LLVMContext::MD_loop)
5827 ? AreDebugLocsAllowed::Yes
5828 : AreDebugLocsAllowed::No;
5829 visitMDNode(MD: *Attachment.second, AllowLocs);
5830 }
5831
5832 InstsInThisBlock.insert(Ptr: &I);
5833}
5834
5835/// Allow intrinsics to be verified in different ways.
5836void Verifier::visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call) {
5837 Function *IF = Call.getCalledFunction();
5838 Check(IF->isDeclaration(), "Intrinsic functions should never be defined!",
5839 IF);
5840
5841 // Verify that the intrinsic prototype lines up with what the .td files
5842 // describe.
5843 FunctionType *IFTy = IF->getFunctionType();
5844 bool IsVarArg = IFTy->isVarArg();
5845
5846 SmallVector<Intrinsic::IITDescriptor, 8> Table;
5847 getIntrinsicInfoTableEntries(id: ID, T&: Table);
5848 ArrayRef<Intrinsic::IITDescriptor> TableRef = Table;
5849
5850 // Walk the descriptors to extract overloaded types.
5851 SmallVector<Type *, 4> ArgTys;
5852 Intrinsic::MatchIntrinsicTypesResult Res =
5853 Intrinsic::matchIntrinsicSignature(FTy: IFTy, Infos&: TableRef, ArgTys);
5854 Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchRet,
5855 "Intrinsic has incorrect return type!", IF);
5856 Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchArg,
5857 "Intrinsic has incorrect argument type!", IF);
5858
5859 // Verify if the intrinsic call matches the vararg property.
5860 if (IsVarArg)
5861 Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5862 "Intrinsic was not defined with variable arguments!", IF);
5863 else
5864 Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5865 "Callsite was not defined with variable arguments!", IF);
5866
5867 // All descriptors should be absorbed by now.
5868 Check(TableRef.empty(), "Intrinsic has too few arguments!", IF);
5869
5870 // Now that we have the intrinsic ID and the actual argument types (and we
5871 // know they are legal for the intrinsic!) get the intrinsic name through the
5872 // usual means. This allows us to verify the mangling of argument types into
5873 // the name.
5874 const std::string ExpectedName =
5875 Intrinsic::getName(Id: ID, Tys: ArgTys, M: IF->getParent(), FT: IFTy);
5876 Check(ExpectedName == IF->getName(),
5877 "Intrinsic name not mangled correctly for type arguments! "
5878 "Should be: " +
5879 ExpectedName,
5880 IF);
5881
5882 // If the intrinsic takes MDNode arguments, verify that they are either global
5883 // or are local to *this* function.
5884 for (Value *V : Call.args()) {
5885 if (auto *MD = dyn_cast<MetadataAsValue>(Val: V))
5886 visitMetadataAsValue(MDV: *MD, F: Call.getCaller());
5887 if (auto *Const = dyn_cast<Constant>(Val: V))
5888 Check(!Const->getType()->isX86_AMXTy(),
5889 "const x86_amx is not allowed in argument!");
5890 }
5891
5892 switch (ID) {
5893 default:
5894 break;
5895 case Intrinsic::assume: {
5896 if (Call.hasOperandBundles()) {
5897 auto *Cond = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
5898 Check(Cond && Cond->isOne(),
5899 "assume with operand bundles must have i1 true condition", Call);
5900 }
5901 for (auto &Elem : Call.bundle_op_infos()) {
5902 unsigned ArgCount = Elem.End - Elem.Begin;
5903 // Separate storage assumptions are special insofar as they're the only
5904 // operand bundles allowed on assumes that aren't parameter attributes.
5905 if (Elem.Tag->getKey() == "separate_storage") {
5906 Check(ArgCount == 2,
5907 "separate_storage assumptions should have 2 arguments", Call);
5908 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy() &&
5909 Call.getOperand(Elem.Begin + 1)->getType()->isPointerTy(),
5910 "arguments to separate_storage assumptions should be pointers",
5911 Call);
5912 continue;
5913 }
5914 Check(Elem.Tag->getKey() == "ignore" ||
5915 Attribute::isExistingAttribute(Elem.Tag->getKey()),
5916 "tags must be valid attribute names", Call);
5917 Attribute::AttrKind Kind =
5918 Attribute::getAttrKindFromName(AttrName: Elem.Tag->getKey());
5919 if (Kind == Attribute::Alignment) {
5920 Check(ArgCount <= 3 && ArgCount >= 2,
5921 "alignment assumptions should have 2 or 3 arguments", Call);
5922 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(),
5923 "first argument should be a pointer", Call);
5924 Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(),
5925 "second argument should be an integer", Call);
5926 if (ArgCount == 3)
5927 Check(Call.getOperand(Elem.Begin + 2)->getType()->isIntegerTy(),
5928 "third argument should be an integer if present", Call);
5929 continue;
5930 }
5931 if (Kind == Attribute::Dereferenceable) {
5932 Check(ArgCount == 2,
5933 "dereferenceable assumptions should have 2 arguments", Call);
5934 Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(),
5935 "first argument should be a pointer", Call);
5936 Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(),
5937 "second argument should be an integer", Call);
5938 continue;
5939 }
5940 Check(ArgCount <= 2, "too many arguments", Call);
5941 if (Kind == Attribute::None)
5942 break;
5943 if (Attribute::isIntAttrKind(Kind)) {
5944 Check(ArgCount == 2, "this attribute should have 2 arguments", Call);
5945 Check(isa<ConstantInt>(Call.getOperand(Elem.Begin + 1)),
5946 "the second argument should be a constant integral value", Call);
5947 } else if (Attribute::canUseAsParamAttr(Kind)) {
5948 Check((ArgCount) == 1, "this attribute should have one argument", Call);
5949 } else if (Attribute::canUseAsFnAttr(Kind)) {
5950 Check((ArgCount) == 0, "this attribute has no argument", Call);
5951 }
5952 }
5953 break;
5954 }
5955 case Intrinsic::ucmp:
5956 case Intrinsic::scmp: {
5957 Type *SrcTy = Call.getOperand(i_nocapture: 0)->getType();
5958 Type *DestTy = Call.getType();
5959
5960 Check(DestTy->getScalarSizeInBits() >= 2,
5961 "result type must be at least 2 bits wide", Call);
5962
5963 bool IsDestTypeVector = DestTy->isVectorTy();
5964 Check(SrcTy->isVectorTy() == IsDestTypeVector,
5965 "ucmp/scmp argument and result types must both be either vector or "
5966 "scalar types",
5967 Call);
5968 if (IsDestTypeVector) {
5969 auto SrcVecLen = cast<VectorType>(Val: SrcTy)->getElementCount();
5970 auto DestVecLen = cast<VectorType>(Val: DestTy)->getElementCount();
5971 Check(SrcVecLen == DestVecLen,
5972 "return type and arguments must have the same number of "
5973 "elements",
5974 Call);
5975 }
5976 break;
5977 }
5978 case Intrinsic::coro_id: {
5979 auto *InfoArg = Call.getArgOperand(i: 3)->stripPointerCasts();
5980 if (isa<ConstantPointerNull>(Val: InfoArg))
5981 break;
5982 auto *GV = dyn_cast<GlobalVariable>(Val: InfoArg);
5983 Check(GV && GV->isConstant() && GV->hasDefinitiveInitializer(),
5984 "info argument of llvm.coro.id must refer to an initialized "
5985 "constant");
5986 Constant *Init = GV->getInitializer();
5987 Check(isa<ConstantStruct>(Init) || isa<ConstantArray>(Init),
5988 "info argument of llvm.coro.id must refer to either a struct or "
5989 "an array");
5990 break;
5991 }
5992 case Intrinsic::is_fpclass: {
5993 const ConstantInt *TestMask = cast<ConstantInt>(Val: Call.getOperand(i_nocapture: 1));
5994 Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
5995 "unsupported bits for llvm.is.fpclass test mask");
5996 break;
5997 }
5998 case Intrinsic::fptrunc_round: {
5999 // Check the rounding mode
6000 Metadata *MD = nullptr;
6001 auto *MAV = dyn_cast<MetadataAsValue>(Val: Call.getOperand(i_nocapture: 1));
6002 if (MAV)
6003 MD = MAV->getMetadata();
6004
6005 Check(MD != nullptr, "missing rounding mode argument", Call);
6006
6007 Check(isa<MDString>(MD),
6008 ("invalid value for llvm.fptrunc.round metadata operand"
6009 " (the operand should be a string)"),
6010 MD);
6011
6012 std::optional<RoundingMode> RoundMode =
6013 convertStrToRoundingMode(cast<MDString>(Val: MD)->getString());
6014 Check(RoundMode && *RoundMode != RoundingMode::Dynamic,
6015 "unsupported rounding mode argument", Call);
6016 break;
6017 }
6018 case Intrinsic::convert_to_arbitrary_fp: {
6019 // Check that vector element counts are consistent.
6020 Type *ValueTy = Call.getArgOperand(i: 0)->getType();
6021 Type *IntTy = Call.getType();
6022
6023 if (auto *ValueVecTy = dyn_cast<VectorType>(Val: ValueTy)) {
6024 auto *IntVecTy = dyn_cast<VectorType>(Val: IntTy);
6025 Check(IntVecTy,
6026 "if floating-point operand is a vector, integer operand must also "
6027 "be a vector",
6028 Call);
6029 Check(ValueVecTy->getElementCount() == IntVecTy->getElementCount(),
6030 "floating-point and integer vector operands must have the same "
6031 "element count",
6032 Call);
6033 }
6034
6035 // Check interpretation metadata (argoperand 1).
6036 auto *InterpMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: 1));
6037 Check(InterpMAV, "missing interpretation metadata operand", Call);
6038 auto *InterpStr = dyn_cast<MDString>(Val: InterpMAV->getMetadata());
6039 Check(InterpStr, "interpretation metadata operand must be a string", Call);
6040 StringRef Interp = InterpStr->getString();
6041
6042 Check(!Interp.empty(), "interpretation metadata string must not be empty",
6043 Call);
6044
6045 // Valid interpretation strings: mini-float format names.
6046 Check(APFloatBase::isValidArbitraryFPFormat(Interp),
6047 "unsupported interpretation metadata string", Call);
6048
6049 // Check rounding mode metadata (argoperand 2).
6050 auto *RoundingMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: 2));
6051 Check(RoundingMAV, "missing rounding mode metadata operand", Call);
6052 auto *RoundingStr = dyn_cast<MDString>(Val: RoundingMAV->getMetadata());
6053 Check(RoundingStr, "rounding mode metadata operand must be a string", Call);
6054
6055 std::optional<RoundingMode> RM =
6056 convertStrToRoundingMode(RoundingStr->getString());
6057 Check(RM && *RM != RoundingMode::Dynamic,
6058 "unsupported rounding mode argument", Call);
6059 break;
6060 }
6061 case Intrinsic::convert_from_arbitrary_fp: {
6062 // Check that vector element counts are consistent.
6063 Type *IntTy = Call.getArgOperand(i: 0)->getType();
6064 Type *ValueTy = Call.getType();
6065
6066 if (auto *ValueVecTy = dyn_cast<VectorType>(Val: ValueTy)) {
6067 auto *IntVecTy = dyn_cast<VectorType>(Val: IntTy);
6068 Check(IntVecTy,
6069 "if floating-point operand is a vector, integer operand must also "
6070 "be a vector",
6071 Call);
6072 Check(ValueVecTy->getElementCount() == IntVecTy->getElementCount(),
6073 "floating-point and integer vector operands must have the same "
6074 "element count",
6075 Call);
6076 }
6077
6078 // Check interpretation metadata (argoperand 1).
6079 auto *InterpMAV = dyn_cast<MetadataAsValue>(Val: Call.getArgOperand(i: 1));
6080 Check(InterpMAV, "missing interpretation metadata operand", Call);
6081 auto *InterpStr = dyn_cast<MDString>(Val: InterpMAV->getMetadata());
6082 Check(InterpStr, "interpretation metadata operand must be a string", Call);
6083 StringRef Interp = InterpStr->getString();
6084
6085 Check(!Interp.empty(), "interpretation metadata string must not be empty",
6086 Call);
6087
6088 // Valid interpretation strings: mini-float format names.
6089 Check(APFloatBase::isValidArbitraryFPFormat(Interp),
6090 "unsupported interpretation metadata string", Call);
6091 break;
6092 }
6093#define BEGIN_REGISTER_VP_INTRINSIC(VPID, ...) case Intrinsic::VPID:
6094#include "llvm/IR/VPIntrinsics.def"
6095#undef BEGIN_REGISTER_VP_INTRINSIC
6096 visitVPIntrinsic(VPI&: cast<VPIntrinsic>(Val&: Call));
6097 break;
6098#define INSTRUCTION(NAME, NARGS, ROUND_MODE, INTRINSIC) \
6099 case Intrinsic::INTRINSIC:
6100#include "llvm/IR/ConstrainedOps.def"
6101#undef INSTRUCTION
6102 visitConstrainedFPIntrinsic(FPI&: cast<ConstrainedFPIntrinsic>(Val&: Call));
6103 break;
6104 case Intrinsic::dbg_declare: // llvm.dbg.declare
6105 case Intrinsic::dbg_value: // llvm.dbg.value
6106 case Intrinsic::dbg_assign: // llvm.dbg.assign
6107 case Intrinsic::dbg_label: // llvm.dbg.label
6108 // We no longer interpret debug intrinsics (the old variable-location
6109 // design). They're meaningless as far as LLVM is concerned we could make
6110 // it an error for them to appear, but it's possible we'll have users
6111 // converting back to intrinsics for the forseeable future (such as DXIL),
6112 // so tolerate their existance.
6113 break;
6114 case Intrinsic::memcpy:
6115 case Intrinsic::memcpy_inline:
6116 case Intrinsic::memmove:
6117 case Intrinsic::memset:
6118 case Intrinsic::memset_inline:
6119 break;
6120 case Intrinsic::experimental_memset_pattern: {
6121 const auto Memset = cast<MemSetPatternInst>(Val: &Call);
6122 Check(Memset->getValue()->getType()->isSized(),
6123 "unsized types cannot be used as memset patterns", Call);
6124 break;
6125 }
6126 case Intrinsic::memcpy_element_unordered_atomic:
6127 case Intrinsic::memmove_element_unordered_atomic:
6128 case Intrinsic::memset_element_unordered_atomic: {
6129 const auto *AMI = cast<AnyMemIntrinsic>(Val: &Call);
6130
6131 ConstantInt *ElementSizeCI =
6132 cast<ConstantInt>(Val: AMI->getRawElementSizeInBytes());
6133 const APInt &ElementSizeVal = ElementSizeCI->getValue();
6134 Check(ElementSizeVal.isPowerOf2(),
6135 "element size of the element-wise atomic memory intrinsic "
6136 "must be a power of 2",
6137 Call);
6138
6139 auto IsValidAlignment = [&](MaybeAlign Alignment) {
6140 return Alignment && ElementSizeVal.ule(RHS: Alignment->value());
6141 };
6142 Check(IsValidAlignment(AMI->getDestAlign()),
6143 "incorrect alignment of the destination argument", Call);
6144 if (const auto *AMT = dyn_cast<AnyMemTransferInst>(Val: AMI)) {
6145 Check(IsValidAlignment(AMT->getSourceAlign()),
6146 "incorrect alignment of the source argument", Call);
6147 }
6148 break;
6149 }
6150 case Intrinsic::call_preallocated_setup: {
6151 auto *NumArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
6152 bool FoundCall = false;
6153 for (User *U : Call.users()) {
6154 auto *UseCall = dyn_cast<CallBase>(Val: U);
6155 Check(UseCall != nullptr,
6156 "Uses of llvm.call.preallocated.setup must be calls");
6157 Intrinsic::ID IID = UseCall->getIntrinsicID();
6158 if (IID == Intrinsic::call_preallocated_arg) {
6159 auto *AllocArgIndex = dyn_cast<ConstantInt>(Val: UseCall->getArgOperand(i: 1));
6160 Check(AllocArgIndex != nullptr,
6161 "llvm.call.preallocated.alloc arg index must be a constant");
6162 auto AllocArgIndexInt = AllocArgIndex->getValue();
6163 Check(AllocArgIndexInt.sge(0) &&
6164 AllocArgIndexInt.slt(NumArgs->getValue()),
6165 "llvm.call.preallocated.alloc arg index must be between 0 and "
6166 "corresponding "
6167 "llvm.call.preallocated.setup's argument count");
6168 } else if (IID == Intrinsic::call_preallocated_teardown) {
6169 // nothing to do
6170 } else {
6171 Check(!FoundCall, "Can have at most one call corresponding to a "
6172 "llvm.call.preallocated.setup");
6173 FoundCall = true;
6174 size_t NumPreallocatedArgs = 0;
6175 for (unsigned i = 0; i < UseCall->arg_size(); i++) {
6176 if (UseCall->paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
6177 ++NumPreallocatedArgs;
6178 }
6179 }
6180 Check(NumPreallocatedArgs != 0,
6181 "cannot use preallocated intrinsics on a call without "
6182 "preallocated arguments");
6183 Check(NumArgs->equalsInt(NumPreallocatedArgs),
6184 "llvm.call.preallocated.setup arg size must be equal to number "
6185 "of preallocated arguments "
6186 "at call site",
6187 Call, *UseCall);
6188 // getOperandBundle() cannot be called if more than one of the operand
6189 // bundle exists. There is already a check elsewhere for this, so skip
6190 // here if we see more than one.
6191 if (UseCall->countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) >
6192 1) {
6193 return;
6194 }
6195 auto PreallocatedBundle =
6196 UseCall->getOperandBundle(ID: LLVMContext::OB_preallocated);
6197 Check(PreallocatedBundle,
6198 "Use of llvm.call.preallocated.setup outside intrinsics "
6199 "must be in \"preallocated\" operand bundle");
6200 Check(PreallocatedBundle->Inputs.front().get() == &Call,
6201 "preallocated bundle must have token from corresponding "
6202 "llvm.call.preallocated.setup");
6203 }
6204 }
6205 break;
6206 }
6207 case Intrinsic::call_preallocated_arg: {
6208 auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
6209 Check(Token &&
6210 Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
6211 "llvm.call.preallocated.arg token argument must be a "
6212 "llvm.call.preallocated.setup");
6213 Check(Call.hasFnAttr(Attribute::Preallocated),
6214 "llvm.call.preallocated.arg must be called with a \"preallocated\" "
6215 "call site attribute");
6216 break;
6217 }
6218 case Intrinsic::call_preallocated_teardown: {
6219 auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
6220 Check(Token &&
6221 Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
6222 "llvm.call.preallocated.teardown token argument must be a "
6223 "llvm.call.preallocated.setup");
6224 break;
6225 }
6226 case Intrinsic::gcroot:
6227 case Intrinsic::gcwrite:
6228 case Intrinsic::gcread:
6229 if (ID == Intrinsic::gcroot) {
6230 AllocaInst *AI =
6231 dyn_cast<AllocaInst>(Val: Call.getArgOperand(i: 0)->stripPointerCasts());
6232 Check(AI, "llvm.gcroot parameter #1 must be an alloca.", Call);
6233 Check(isa<Constant>(Call.getArgOperand(1)),
6234 "llvm.gcroot parameter #2 must be a constant.", Call);
6235 if (!AI->getAllocatedType()->isPointerTy()) {
6236 Check(!isa<ConstantPointerNull>(Call.getArgOperand(1)),
6237 "llvm.gcroot parameter #1 must either be a pointer alloca, "
6238 "or argument #2 must be a non-null constant.",
6239 Call);
6240 }
6241 }
6242
6243 Check(Call.getParent()->getParent()->hasGC(),
6244 "Enclosing function does not use GC.", Call);
6245 break;
6246 case Intrinsic::init_trampoline:
6247 Check(isa<Function>(Call.getArgOperand(1)->stripPointerCasts()),
6248 "llvm.init_trampoline parameter #2 must resolve to a function.",
6249 Call);
6250 break;
6251 case Intrinsic::prefetch:
6252 Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
6253 "rw argument to llvm.prefetch must be 0-1", Call);
6254 Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
6255 "locality argument to llvm.prefetch must be 0-3", Call);
6256 Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
6257 "cache type argument to llvm.prefetch must be 0-1", Call);
6258 break;
6259 case Intrinsic::reloc_none: {
6260 Check(isa<MDString>(
6261 cast<MetadataAsValue>(Call.getArgOperand(0))->getMetadata()),
6262 "llvm.reloc.none argument must be a metadata string", &Call);
6263 break;
6264 }
6265 case Intrinsic::stackprotector:
6266 Check(isa<AllocaInst>(Call.getArgOperand(1)->stripPointerCasts()),
6267 "llvm.stackprotector parameter #2 must resolve to an alloca.", Call);
6268 break;
6269 case Intrinsic::localescape: {
6270 BasicBlock *BB = Call.getParent();
6271 Check(BB->isEntryBlock(), "llvm.localescape used outside of entry block",
6272 Call);
6273 Check(!SawFrameEscape, "multiple calls to llvm.localescape in one function",
6274 Call);
6275 for (Value *Arg : Call.args()) {
6276 if (isa<ConstantPointerNull>(Val: Arg))
6277 continue; // Null values are allowed as placeholders.
6278 auto *AI = dyn_cast<AllocaInst>(Val: Arg->stripPointerCasts());
6279 Check(AI && AI->isStaticAlloca(),
6280 "llvm.localescape only accepts static allocas", Call);
6281 }
6282 FrameEscapeInfo[BB->getParent()].first = Call.arg_size();
6283 SawFrameEscape = true;
6284 break;
6285 }
6286 case Intrinsic::localrecover: {
6287 Value *FnArg = Call.getArgOperand(i: 0)->stripPointerCasts();
6288 Function *Fn = dyn_cast<Function>(Val: FnArg);
6289 Check(Fn && !Fn->isDeclaration(),
6290 "llvm.localrecover first "
6291 "argument must be function defined in this module",
6292 Call);
6293 auto *IdxArg = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6294 auto &Entry = FrameEscapeInfo[Fn];
6295 Entry.second = unsigned(
6296 std::max(a: uint64_t(Entry.second), b: IdxArg->getLimitedValue(Limit: ~0U) + 1));
6297 break;
6298 }
6299
6300 case Intrinsic::experimental_gc_statepoint:
6301 if (auto *CI = dyn_cast<CallInst>(Val: &Call))
6302 Check(!CI->isInlineAsm(),
6303 "gc.statepoint support for inline assembly unimplemented", CI);
6304 Check(Call.getParent()->getParent()->hasGC(),
6305 "Enclosing function does not use GC.", Call);
6306
6307 verifyStatepoint(Call);
6308 break;
6309 case Intrinsic::experimental_gc_result: {
6310 Check(Call.getParent()->getParent()->hasGC(),
6311 "Enclosing function does not use GC.", Call);
6312
6313 auto *Statepoint = Call.getArgOperand(i: 0);
6314 if (isa<UndefValue>(Val: Statepoint))
6315 break;
6316
6317 // Are we tied to a statepoint properly?
6318 const auto *StatepointCall = dyn_cast<CallBase>(Val: Statepoint);
6319 Check(StatepointCall && StatepointCall->getIntrinsicID() ==
6320 Intrinsic::experimental_gc_statepoint,
6321 "gc.result operand #1 must be from a statepoint", Call,
6322 Call.getArgOperand(0));
6323
6324 // Check that result type matches wrapped callee.
6325 auto *TargetFuncType =
6326 cast<FunctionType>(Val: StatepointCall->getParamElementType(ArgNo: 2));
6327 Check(Call.getType() == TargetFuncType->getReturnType(),
6328 "gc.result result type does not match wrapped callee", Call);
6329 break;
6330 }
6331 case Intrinsic::experimental_gc_relocate: {
6332 Check(Call.arg_size() == 3, "wrong number of arguments", Call);
6333
6334 Check(isa<PointerType>(Call.getType()->getScalarType()),
6335 "gc.relocate must return a pointer or a vector of pointers", Call);
6336
6337 // Check that this relocate is correctly tied to the statepoint
6338
6339 // This is case for relocate on the unwinding path of an invoke statepoint
6340 if (LandingPadInst *LandingPad =
6341 dyn_cast<LandingPadInst>(Val: Call.getArgOperand(i: 0))) {
6342
6343 const BasicBlock *InvokeBB =
6344 LandingPad->getParent()->getUniquePredecessor();
6345
6346 // Landingpad relocates should have only one predecessor with invoke
6347 // statepoint terminator
6348 Check(InvokeBB, "safepoints should have unique landingpads",
6349 LandingPad->getParent());
6350 Check(InvokeBB->getTerminator(), "safepoint block should be well formed",
6351 InvokeBB);
6352 Check(isa<GCStatepointInst>(InvokeBB->getTerminator()),
6353 "gc relocate should be linked to a statepoint", InvokeBB);
6354 } else {
6355 // In all other cases relocate should be tied to the statepoint directly.
6356 // This covers relocates on a normal return path of invoke statepoint and
6357 // relocates of a call statepoint.
6358 auto *Token = Call.getArgOperand(i: 0);
6359 Check(isa<GCStatepointInst>(Token) || isa<UndefValue>(Token),
6360 "gc relocate is incorrectly tied to the statepoint", Call, Token);
6361 }
6362
6363 // Verify rest of the relocate arguments.
6364 const Value &StatepointCall = *cast<GCRelocateInst>(Val&: Call).getStatepoint();
6365
6366 // Both the base and derived must be piped through the safepoint.
6367 Value *Base = Call.getArgOperand(i: 1);
6368 Check(isa<ConstantInt>(Base),
6369 "gc.relocate operand #2 must be integer offset", Call);
6370
6371 Value *Derived = Call.getArgOperand(i: 2);
6372 Check(isa<ConstantInt>(Derived),
6373 "gc.relocate operand #3 must be integer offset", Call);
6374
6375 const uint64_t BaseIndex = cast<ConstantInt>(Val: Base)->getZExtValue();
6376 const uint64_t DerivedIndex = cast<ConstantInt>(Val: Derived)->getZExtValue();
6377
6378 // Check the bounds
6379 if (isa<UndefValue>(Val: StatepointCall))
6380 break;
6381 if (auto Opt = cast<GCStatepointInst>(Val: StatepointCall)
6382 .getOperandBundle(ID: LLVMContext::OB_gc_live)) {
6383 Check(BaseIndex < Opt->Inputs.size(),
6384 "gc.relocate: statepoint base index out of bounds", Call);
6385 Check(DerivedIndex < Opt->Inputs.size(),
6386 "gc.relocate: statepoint derived index out of bounds", Call);
6387 }
6388
6389 // Relocated value must be either a pointer type or vector-of-pointer type,
6390 // but gc_relocate does not need to return the same pointer type as the
6391 // relocated pointer. It can be casted to the correct type later if it's
6392 // desired. However, they must have the same address space and 'vectorness'
6393 GCRelocateInst &Relocate = cast<GCRelocateInst>(Val&: Call);
6394 auto *ResultType = Call.getType();
6395 auto *DerivedType = Relocate.getDerivedPtr()->getType();
6396 auto *BaseType = Relocate.getBasePtr()->getType();
6397
6398 Check(BaseType->isPtrOrPtrVectorTy(),
6399 "gc.relocate: relocated value must be a pointer", Call);
6400 Check(DerivedType->isPtrOrPtrVectorTy(),
6401 "gc.relocate: relocated value must be a pointer", Call);
6402
6403 Check(ResultType->isVectorTy() == DerivedType->isVectorTy(),
6404 "gc.relocate: vector relocates to vector and pointer to pointer",
6405 Call);
6406 Check(
6407 ResultType->getPointerAddressSpace() ==
6408 DerivedType->getPointerAddressSpace(),
6409 "gc.relocate: relocating a pointer shouldn't change its address space",
6410 Call);
6411
6412 auto GC = llvm::getGCStrategy(Name: Relocate.getFunction()->getGC());
6413 Check(GC, "gc.relocate: calling function must have GCStrategy",
6414 Call.getFunction());
6415 if (GC) {
6416 auto isGCPtr = [&GC](Type *PTy) {
6417 return GC->isGCManagedPointer(Ty: PTy->getScalarType()).value_or(u: true);
6418 };
6419 Check(isGCPtr(ResultType), "gc.relocate: must return gc pointer", Call);
6420 Check(isGCPtr(BaseType),
6421 "gc.relocate: relocated value must be a gc pointer", Call);
6422 Check(isGCPtr(DerivedType),
6423 "gc.relocate: relocated value must be a gc pointer", Call);
6424 }
6425 break;
6426 }
6427 case Intrinsic::experimental_patchpoint: {
6428 if (Call.getCallingConv() == CallingConv::AnyReg) {
6429 Check(Call.getType()->isSingleValueType(),
6430 "patchpoint: invalid return type used with anyregcc", Call);
6431 }
6432 break;
6433 }
6434 case Intrinsic::eh_exceptioncode:
6435 case Intrinsic::eh_exceptionpointer: {
6436 Check(isa<CatchPadInst>(Call.getArgOperand(0)),
6437 "eh.exceptionpointer argument must be a catchpad", Call);
6438 break;
6439 }
6440 case Intrinsic::get_active_lane_mask: {
6441 Check(Call.getType()->isVectorTy(),
6442 "get_active_lane_mask: must return a "
6443 "vector",
6444 Call);
6445 auto *ElemTy = Call.getType()->getScalarType();
6446 Check(ElemTy->isIntegerTy(1),
6447 "get_active_lane_mask: element type is not "
6448 "i1",
6449 Call);
6450 break;
6451 }
6452 case Intrinsic::experimental_get_vector_length: {
6453 ConstantInt *VF = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6454 Check(!VF->isNegative() && !VF->isZero(),
6455 "get_vector_length: VF must be positive", Call);
6456 break;
6457 }
6458 case Intrinsic::masked_load: {
6459 Check(Call.getType()->isVectorTy(), "masked_load: must return a vector",
6460 Call);
6461
6462 Value *Mask = Call.getArgOperand(i: 1);
6463 Value *PassThru = Call.getArgOperand(i: 2);
6464 Check(Mask->getType()->isVectorTy(), "masked_load: mask must be vector",
6465 Call);
6466 Check(PassThru->getType() == Call.getType(),
6467 "masked_load: pass through and return type must match", Call);
6468 Check(cast<VectorType>(Mask->getType())->getElementCount() ==
6469 cast<VectorType>(Call.getType())->getElementCount(),
6470 "masked_load: vector mask must be same length as return", Call);
6471 break;
6472 }
6473 case Intrinsic::masked_store: {
6474 Value *Val = Call.getArgOperand(i: 0);
6475 Value *Mask = Call.getArgOperand(i: 2);
6476 Check(Mask->getType()->isVectorTy(), "masked_store: mask must be vector",
6477 Call);
6478 Check(cast<VectorType>(Mask->getType())->getElementCount() ==
6479 cast<VectorType>(Val->getType())->getElementCount(),
6480 "masked_store: vector mask must be same length as value", Call);
6481 break;
6482 }
6483
6484 case Intrinsic::experimental_guard: {
6485 Check(isa<CallInst>(Call), "experimental_guard cannot be invoked", Call);
6486 Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
6487 "experimental_guard must have exactly one "
6488 "\"deopt\" operand bundle");
6489 break;
6490 }
6491
6492 case Intrinsic::experimental_deoptimize: {
6493 Check(isa<CallInst>(Call), "experimental_deoptimize cannot be invoked",
6494 Call);
6495 Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
6496 "experimental_deoptimize must have exactly one "
6497 "\"deopt\" operand bundle");
6498 Check(Call.getType() == Call.getFunction()->getReturnType(),
6499 "experimental_deoptimize return type must match caller return type");
6500
6501 if (isa<CallInst>(Val: Call)) {
6502 auto *RI = dyn_cast<ReturnInst>(Val: Call.getNextNode());
6503 Check(RI,
6504 "calls to experimental_deoptimize must be followed by a return");
6505
6506 if (!Call.getType()->isVoidTy() && RI)
6507 Check(RI->getReturnValue() == &Call,
6508 "calls to experimental_deoptimize must be followed by a return "
6509 "of the value computed by experimental_deoptimize");
6510 }
6511
6512 break;
6513 }
6514 case Intrinsic::vastart: {
6515 Check(Call.getFunction()->isVarArg(),
6516 "va_start called in a non-varargs function");
6517 break;
6518 }
6519 case Intrinsic::get_dynamic_area_offset: {
6520 auto *IntTy = dyn_cast<IntegerType>(Val: Call.getType());
6521 Check(IntTy && DL.getPointerSizeInBits(DL.getAllocaAddrSpace()) ==
6522 IntTy->getBitWidth(),
6523 "get_dynamic_area_offset result type must be scalar integer matching "
6524 "alloca address space width",
6525 Call);
6526 break;
6527 }
6528 case Intrinsic::vector_reduce_and:
6529 case Intrinsic::vector_reduce_or:
6530 case Intrinsic::vector_reduce_xor:
6531 case Intrinsic::vector_reduce_add:
6532 case Intrinsic::vector_reduce_mul:
6533 case Intrinsic::vector_reduce_smax:
6534 case Intrinsic::vector_reduce_smin:
6535 case Intrinsic::vector_reduce_umax:
6536 case Intrinsic::vector_reduce_umin: {
6537 Type *ArgTy = Call.getArgOperand(i: 0)->getType();
6538 Check(ArgTy->isIntOrIntVectorTy() && ArgTy->isVectorTy(),
6539 "Intrinsic has incorrect argument type!");
6540 break;
6541 }
6542 case Intrinsic::vector_reduce_fmax:
6543 case Intrinsic::vector_reduce_fmin: {
6544 Type *ArgTy = Call.getArgOperand(i: 0)->getType();
6545 Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
6546 "Intrinsic has incorrect argument type!");
6547 break;
6548 }
6549 case Intrinsic::vector_reduce_fadd:
6550 case Intrinsic::vector_reduce_fmul: {
6551 // Unlike the other reductions, the first argument is a start value. The
6552 // second argument is the vector to be reduced.
6553 Type *ArgTy = Call.getArgOperand(i: 1)->getType();
6554 Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
6555 "Intrinsic has incorrect argument type!");
6556 break;
6557 }
6558 case Intrinsic::smul_fix:
6559 case Intrinsic::smul_fix_sat:
6560 case Intrinsic::umul_fix:
6561 case Intrinsic::umul_fix_sat:
6562 case Intrinsic::sdiv_fix:
6563 case Intrinsic::sdiv_fix_sat:
6564 case Intrinsic::udiv_fix:
6565 case Intrinsic::udiv_fix_sat: {
6566 Value *Op1 = Call.getArgOperand(i: 0);
6567 Value *Op2 = Call.getArgOperand(i: 1);
6568 Check(Op1->getType()->isIntOrIntVectorTy(),
6569 "first operand of [us][mul|div]_fix[_sat] must be an int type or "
6570 "vector of ints");
6571 Check(Op2->getType()->isIntOrIntVectorTy(),
6572 "second operand of [us][mul|div]_fix[_sat] must be an int type or "
6573 "vector of ints");
6574
6575 auto *Op3 = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6576 Check(Op3->getType()->isIntegerTy(),
6577 "third operand of [us][mul|div]_fix[_sat] must be an int type");
6578 Check(Op3->getBitWidth() <= 32,
6579 "third operand of [us][mul|div]_fix[_sat] must fit within 32 bits");
6580
6581 if (ID == Intrinsic::smul_fix || ID == Intrinsic::smul_fix_sat ||
6582 ID == Intrinsic::sdiv_fix || ID == Intrinsic::sdiv_fix_sat) {
6583 Check(Op3->getZExtValue() < Op1->getType()->getScalarSizeInBits(),
6584 "the scale of s[mul|div]_fix[_sat] must be less than the width of "
6585 "the operands");
6586 } else {
6587 Check(Op3->getZExtValue() <= Op1->getType()->getScalarSizeInBits(),
6588 "the scale of u[mul|div]_fix[_sat] must be less than or equal "
6589 "to the width of the operands");
6590 }
6591 break;
6592 }
6593 case Intrinsic::lrint:
6594 case Intrinsic::llrint:
6595 case Intrinsic::lround:
6596 case Intrinsic::llround: {
6597 Type *ValTy = Call.getArgOperand(i: 0)->getType();
6598 Type *ResultTy = Call.getType();
6599 auto *VTy = dyn_cast<VectorType>(Val: ValTy);
6600 auto *RTy = dyn_cast<VectorType>(Val: ResultTy);
6601 Check(ValTy->isFPOrFPVectorTy() && ResultTy->isIntOrIntVectorTy(),
6602 ExpectedName + ": argument must be floating-point or vector "
6603 "of floating-points, and result must be integer or "
6604 "vector of integers",
6605 &Call);
6606 Check(ValTy->isVectorTy() == ResultTy->isVectorTy(),
6607 ExpectedName + ": argument and result disagree on vector use", &Call);
6608 if (VTy) {
6609 Check(VTy->getElementCount() == RTy->getElementCount(),
6610 ExpectedName + ": argument must be same length as result", &Call);
6611 }
6612 break;
6613 }
6614 case Intrinsic::bswap: {
6615 Type *Ty = Call.getType();
6616 unsigned Size = Ty->getScalarSizeInBits();
6617 Check(Size % 16 == 0, "bswap must be an even number of bytes", &Call);
6618 break;
6619 }
6620 case Intrinsic::invariant_start: {
6621 ConstantInt *InvariantSize = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
6622 Check(InvariantSize &&
6623 (!InvariantSize->isNegative() || InvariantSize->isMinusOne()),
6624 "invariant_start parameter must be -1, 0 or a positive number",
6625 &Call);
6626 break;
6627 }
6628 case Intrinsic::matrix_multiply:
6629 case Intrinsic::matrix_transpose:
6630 case Intrinsic::matrix_column_major_load:
6631 case Intrinsic::matrix_column_major_store: {
6632 Function *IF = Call.getCalledFunction();
6633 ConstantInt *Stride = nullptr;
6634 ConstantInt *NumRows;
6635 ConstantInt *NumColumns;
6636 VectorType *ResultTy;
6637 Type *Op0ElemTy = nullptr;
6638 Type *Op1ElemTy = nullptr;
6639 switch (ID) {
6640 case Intrinsic::matrix_multiply: {
6641 NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6642 ConstantInt *N = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
6643 NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6644 Check(cast<FixedVectorType>(Call.getArgOperand(0)->getType())
6645 ->getNumElements() ==
6646 NumRows->getZExtValue() * N->getZExtValue(),
6647 "First argument of a matrix operation does not match specified "
6648 "shape!");
6649 Check(cast<FixedVectorType>(Call.getArgOperand(1)->getType())
6650 ->getNumElements() ==
6651 N->getZExtValue() * NumColumns->getZExtValue(),
6652 "Second argument of a matrix operation does not match specified "
6653 "shape!");
6654
6655 ResultTy = cast<VectorType>(Val: Call.getType());
6656 Op0ElemTy =
6657 cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6658 Op1ElemTy =
6659 cast<VectorType>(Val: Call.getArgOperand(i: 1)->getType())->getElementType();
6660 break;
6661 }
6662 case Intrinsic::matrix_transpose:
6663 NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6664 NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6665 ResultTy = cast<VectorType>(Val: Call.getType());
6666 Op0ElemTy =
6667 cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6668 break;
6669 case Intrinsic::matrix_column_major_load: {
6670 Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6671 NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
6672 NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6673 ResultTy = cast<VectorType>(Val: Call.getType());
6674 break;
6675 }
6676 case Intrinsic::matrix_column_major_store: {
6677 Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6678 NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6679 NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 5));
6680 ResultTy = cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType());
6681 Op0ElemTy =
6682 cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6683 break;
6684 }
6685 default:
6686 llvm_unreachable("unexpected intrinsic");
6687 }
6688
6689 Check(ResultTy->getElementType()->isIntegerTy() ||
6690 ResultTy->getElementType()->isFloatingPointTy(),
6691 "Result type must be an integer or floating-point type!", IF);
6692
6693 if (Op0ElemTy)
6694 Check(ResultTy->getElementType() == Op0ElemTy,
6695 "Vector element type mismatch of the result and first operand "
6696 "vector!",
6697 IF);
6698
6699 if (Op1ElemTy)
6700 Check(ResultTy->getElementType() == Op1ElemTy,
6701 "Vector element type mismatch of the result and second operand "
6702 "vector!",
6703 IF);
6704
6705 Check(cast<FixedVectorType>(ResultTy)->getNumElements() ==
6706 NumRows->getZExtValue() * NumColumns->getZExtValue(),
6707 "Result of a matrix operation does not fit in the returned vector!");
6708
6709 if (Stride) {
6710 Check(Stride->getBitWidth() <= 64, "Stride bitwidth cannot exceed 64!",
6711 IF);
6712 Check(Stride->getZExtValue() >= NumRows->getZExtValue(),
6713 "Stride must be greater or equal than the number of rows!", IF);
6714 }
6715
6716 break;
6717 }
6718 case Intrinsic::stepvector: {
6719 VectorType *VecTy = dyn_cast<VectorType>(Val: Call.getType());
6720 Check(VecTy && VecTy->getScalarType()->isIntegerTy() &&
6721 VecTy->getScalarSizeInBits() >= 8,
6722 "stepvector only supported for vectors of integers "
6723 "with a bitwidth of at least 8.",
6724 &Call);
6725 break;
6726 }
6727 case Intrinsic::experimental_vector_match: {
6728 Value *Op1 = Call.getArgOperand(i: 0);
6729 Value *Op2 = Call.getArgOperand(i: 1);
6730 Value *Mask = Call.getArgOperand(i: 2);
6731
6732 VectorType *Op1Ty = dyn_cast<VectorType>(Val: Op1->getType());
6733 VectorType *Op2Ty = dyn_cast<VectorType>(Val: Op2->getType());
6734 VectorType *MaskTy = dyn_cast<VectorType>(Val: Mask->getType());
6735
6736 Check(Op1Ty && Op2Ty && MaskTy, "Operands must be vectors.", &Call);
6737 Check(isa<FixedVectorType>(Op2Ty),
6738 "Second operand must be a fixed length vector.", &Call);
6739 Check(Op1Ty->getElementType()->isIntegerTy(),
6740 "First operand must be a vector of integers.", &Call);
6741 Check(Op1Ty->getElementType() == Op2Ty->getElementType(),
6742 "First two operands must have the same element type.", &Call);
6743 Check(Op1Ty->getElementCount() == MaskTy->getElementCount(),
6744 "First operand and mask must have the same number of elements.",
6745 &Call);
6746 Check(MaskTy->getElementType()->isIntegerTy(1),
6747 "Mask must be a vector of i1's.", &Call);
6748 Check(Call.getType() == MaskTy, "Return type must match the mask type.",
6749 &Call);
6750 break;
6751 }
6752 case Intrinsic::vector_insert: {
6753 Value *Vec = Call.getArgOperand(i: 0);
6754 Value *SubVec = Call.getArgOperand(i: 1);
6755 Value *Idx = Call.getArgOperand(i: 2);
6756 unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6757
6758 VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6759 VectorType *SubVecTy = cast<VectorType>(Val: SubVec->getType());
6760
6761 ElementCount VecEC = VecTy->getElementCount();
6762 ElementCount SubVecEC = SubVecTy->getElementCount();
6763 Check(VecTy->getElementType() == SubVecTy->getElementType(),
6764 "vector_insert parameters must have the same element "
6765 "type.",
6766 &Call);
6767 Check(IdxN % SubVecEC.getKnownMinValue() == 0,
6768 "vector_insert index must be a constant multiple of "
6769 "the subvector's known minimum vector length.");
6770
6771 // If this insertion is not the 'mixed' case where a fixed vector is
6772 // inserted into a scalable vector, ensure that the insertion of the
6773 // subvector does not overrun the parent vector.
6774 if (VecEC.isScalable() == SubVecEC.isScalable()) {
6775 Check(IdxN < VecEC.getKnownMinValue() &&
6776 IdxN + SubVecEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6777 "subvector operand of vector_insert would overrun the "
6778 "vector being inserted into.");
6779 }
6780 break;
6781 }
6782 case Intrinsic::vector_extract: {
6783 Value *Vec = Call.getArgOperand(i: 0);
6784 Value *Idx = Call.getArgOperand(i: 1);
6785 unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6786
6787 VectorType *ResultTy = cast<VectorType>(Val: Call.getType());
6788 VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6789
6790 ElementCount VecEC = VecTy->getElementCount();
6791 ElementCount ResultEC = ResultTy->getElementCount();
6792
6793 Check(ResultTy->getElementType() == VecTy->getElementType(),
6794 "vector_extract result must have the same element "
6795 "type as the input vector.",
6796 &Call);
6797 Check(IdxN % ResultEC.getKnownMinValue() == 0,
6798 "vector_extract index must be a constant multiple of "
6799 "the result type's known minimum vector length.");
6800
6801 // If this extraction is not the 'mixed' case where a fixed vector is
6802 // extracted from a scalable vector, ensure that the extraction does not
6803 // overrun the parent vector.
6804 if (VecEC.isScalable() == ResultEC.isScalable()) {
6805 Check(IdxN < VecEC.getKnownMinValue() &&
6806 IdxN + ResultEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6807 "vector_extract would overrun.");
6808 }
6809 break;
6810 }
6811 case Intrinsic::vector_partial_reduce_fadd:
6812 case Intrinsic::vector_partial_reduce_add: {
6813 VectorType *AccTy = cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType());
6814 VectorType *VecTy = cast<VectorType>(Val: Call.getArgOperand(i: 1)->getType());
6815
6816 unsigned VecWidth = VecTy->getElementCount().getKnownMinValue();
6817 unsigned AccWidth = AccTy->getElementCount().getKnownMinValue();
6818
6819 Check((VecWidth % AccWidth) == 0,
6820 "Invalid vector widths for partial "
6821 "reduction. The width of the input vector "
6822 "must be a positive integer multiple of "
6823 "the width of the accumulator vector.");
6824 break;
6825 }
6826 case Intrinsic::experimental_noalias_scope_decl: {
6827 NoAliasScopeDecls.push_back(Elt: cast<IntrinsicInst>(Val: &Call));
6828 break;
6829 }
6830 case Intrinsic::preserve_array_access_index:
6831 case Intrinsic::preserve_struct_access_index:
6832 case Intrinsic::aarch64_ldaxr:
6833 case Intrinsic::aarch64_ldxr:
6834 case Intrinsic::arm_ldaex:
6835 case Intrinsic::arm_ldrex: {
6836 Type *ElemTy = Call.getParamElementType(ArgNo: 0);
6837 Check(ElemTy, "Intrinsic requires elementtype attribute on first argument.",
6838 &Call);
6839 break;
6840 }
6841 case Intrinsic::aarch64_stlxr:
6842 case Intrinsic::aarch64_stxr:
6843 case Intrinsic::arm_stlex:
6844 case Intrinsic::arm_strex: {
6845 Type *ElemTy = Call.getAttributes().getParamElementType(ArgNo: 1);
6846 Check(ElemTy,
6847 "Intrinsic requires elementtype attribute on second argument.",
6848 &Call);
6849 break;
6850 }
6851 case Intrinsic::aarch64_prefetch: {
6852 Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
6853 "write argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6854 Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
6855 "target argument to llvm.aarch64.prefetch must be 0-3", Call);
6856 Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
6857 "stream argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6858 Check(cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue() < 2,
6859 "isdata argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6860 break;
6861 }
6862 case Intrinsic::aarch64_range_prefetch: {
6863 Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
6864 "write argument to llvm.aarch64.range.prefetch must be 0 or 1", Call);
6865 Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 2,
6866 "stream argument to llvm.aarch64.range.prefetch must be 0 or 1",
6867 Call);
6868 break;
6869 }
6870 case Intrinsic::callbr_landingpad: {
6871 const auto *CBR = dyn_cast<CallBrInst>(Val: Call.getOperand(i_nocapture: 0));
6872 Check(CBR, "intrinstic requires callbr operand", &Call);
6873 if (!CBR)
6874 break;
6875
6876 const BasicBlock *LandingPadBB = Call.getParent();
6877 const BasicBlock *PredBB = LandingPadBB->getUniquePredecessor();
6878 if (!PredBB) {
6879 CheckFailed(Message: "Intrinsic in block must have 1 unique predecessor", V1: &Call);
6880 break;
6881 }
6882 if (!isa<CallBrInst>(Val: PredBB->getTerminator())) {
6883 CheckFailed(Message: "Intrinsic must have corresponding callbr in predecessor",
6884 V1: &Call);
6885 break;
6886 }
6887 Check(llvm::is_contained(CBR->getIndirectDests(), LandingPadBB),
6888 "Intrinsic's corresponding callbr must have intrinsic's parent basic "
6889 "block in indirect destination list",
6890 &Call);
6891 const Instruction &First = *LandingPadBB->begin();
6892 Check(&First == &Call, "No other instructions may proceed intrinsic",
6893 &Call);
6894 break;
6895 }
6896 case Intrinsic::structured_gep: {
6897 // Parser should refuse those 2 cases.
6898 assert(Call.arg_size() >= 1);
6899 assert(Call.getOperand(0)->getType()->isPointerTy());
6900
6901 Check(Call.paramHasAttr(0, Attribute::ElementType),
6902 "Intrinsic first parameter is missing an ElementType attribute",
6903 &Call);
6904
6905 Type *T = Call.getParamAttr(ArgNo: 0, Kind: Attribute::ElementType).getValueAsType();
6906 for (unsigned I = 1; I < Call.arg_size(); ++I) {
6907 Value *Index = Call.getOperand(i_nocapture: I);
6908 ConstantInt *CI = dyn_cast<ConstantInt>(Val: Index);
6909 Check(Index->getType()->isIntegerTy(),
6910 "Index operand type must be an integer", &Call);
6911
6912 if (ArrayType *AT = dyn_cast<ArrayType>(Val: T)) {
6913 T = AT->getElementType();
6914 } else if (StructType *ST = dyn_cast<StructType>(Val: T)) {
6915 Check(CI, "Indexing into a struct requires a constant int", &Call);
6916 Check(CI->getZExtValue() < ST->getNumElements(),
6917 "Indexing in a struct should be inbounds", &Call);
6918 T = ST->getElementType(N: CI->getZExtValue());
6919 } else if (VectorType *VT = dyn_cast<VectorType>(Val: T)) {
6920 T = VT->getElementType();
6921 } else {
6922 CheckFailed(Message: "Reached a non-composite type with more indices to process",
6923 V1: &Call);
6924 }
6925 }
6926 break;
6927 }
6928 case Intrinsic::amdgcn_cs_chain: {
6929 auto CallerCC = Call.getCaller()->getCallingConv();
6930 switch (CallerCC) {
6931 case CallingConv::AMDGPU_CS:
6932 case CallingConv::AMDGPU_CS_Chain:
6933 case CallingConv::AMDGPU_CS_ChainPreserve:
6934 case CallingConv::AMDGPU_ES:
6935 case CallingConv::AMDGPU_GS:
6936 case CallingConv::AMDGPU_HS:
6937 case CallingConv::AMDGPU_LS:
6938 case CallingConv::AMDGPU_VS:
6939 break;
6940 default:
6941 CheckFailed(Message: "Intrinsic cannot be called from functions with this "
6942 "calling convention",
6943 V1: &Call);
6944 break;
6945 }
6946
6947 Check(Call.paramHasAttr(2, Attribute::InReg),
6948 "SGPR arguments must have the `inreg` attribute", &Call);
6949 Check(!Call.paramHasAttr(3, Attribute::InReg),
6950 "VGPR arguments must not have the `inreg` attribute", &Call);
6951
6952 auto *Next = Call.getNextNode();
6953 bool IsAMDUnreachable = Next && isa<IntrinsicInst>(Val: Next) &&
6954 cast<IntrinsicInst>(Val: Next)->getIntrinsicID() ==
6955 Intrinsic::amdgcn_unreachable;
6956 Check(Next && (isa<UnreachableInst>(Next) || IsAMDUnreachable),
6957 "llvm.amdgcn.cs.chain must be followed by unreachable", &Call);
6958 break;
6959 }
6960 case Intrinsic::amdgcn_init_exec_from_input: {
6961 const Argument *Arg = dyn_cast<Argument>(Val: Call.getOperand(i_nocapture: 0));
6962 Check(Arg && Arg->hasInRegAttr(),
6963 "only inreg arguments to the parent function are valid as inputs to "
6964 "this intrinsic",
6965 &Call);
6966 break;
6967 }
6968 case Intrinsic::amdgcn_set_inactive_chain_arg: {
6969 auto CallerCC = Call.getCaller()->getCallingConv();
6970 switch (CallerCC) {
6971 case CallingConv::AMDGPU_CS_Chain:
6972 case CallingConv::AMDGPU_CS_ChainPreserve:
6973 break;
6974 default:
6975 CheckFailed(Message: "Intrinsic can only be used from functions with the "
6976 "amdgpu_cs_chain or amdgpu_cs_chain_preserve "
6977 "calling conventions",
6978 V1: &Call);
6979 break;
6980 }
6981
6982 unsigned InactiveIdx = 1;
6983 Check(!Call.paramHasAttr(InactiveIdx, Attribute::InReg),
6984 "Value for inactive lanes must not have the `inreg` attribute",
6985 &Call);
6986 Check(isa<Argument>(Call.getArgOperand(InactiveIdx)),
6987 "Value for inactive lanes must be a function argument", &Call);
6988 Check(!cast<Argument>(Call.getArgOperand(InactiveIdx))->hasInRegAttr(),
6989 "Value for inactive lanes must be a VGPR function argument", &Call);
6990 break;
6991 }
6992 case Intrinsic::amdgcn_call_whole_wave: {
6993 auto F = dyn_cast<Function>(Val: Call.getArgOperand(i: 0));
6994 Check(F, "Indirect whole wave calls are not allowed", &Call);
6995
6996 CallingConv::ID CC = F->getCallingConv();
6997 Check(CC == CallingConv::AMDGPU_Gfx_WholeWave,
6998 "Callee must have the amdgpu_gfx_whole_wave calling convention",
6999 &Call);
7000
7001 Check(!F->isVarArg(), "Variadic whole wave calls are not allowed", &Call);
7002
7003 Check(Call.arg_size() == F->arg_size(),
7004 "Call argument count must match callee argument count", &Call);
7005
7006 // The first argument of the call is the callee, and the first argument of
7007 // the callee is the active mask. The rest of the arguments must match.
7008 Check(F->arg_begin()->getType()->isIntegerTy(1),
7009 "Callee must have i1 as its first argument", &Call);
7010 for (auto [CallArg, FuncArg] :
7011 drop_begin(RangeOrContainer: zip_equal(t: Call.args(), u: F->args()))) {
7012 Check(CallArg->getType() == FuncArg.getType(),
7013 "Argument types must match", &Call);
7014
7015 // Check that inreg attributes match between call site and function
7016 Check(Call.paramHasAttr(FuncArg.getArgNo(), Attribute::InReg) ==
7017 FuncArg.hasInRegAttr(),
7018 "Argument inreg attributes must match", &Call);
7019 }
7020 break;
7021 }
7022 case Intrinsic::amdgcn_s_prefetch_data: {
7023 Check(
7024 AMDGPU::isFlatGlobalAddrSpace(
7025 Call.getArgOperand(0)->getType()->getPointerAddressSpace()),
7026 "llvm.amdgcn.s.prefetch.data only supports global or constant memory");
7027 break;
7028 }
7029 case Intrinsic::amdgcn_mfma_scale_f32_16x16x128_f8f6f4:
7030 case Intrinsic::amdgcn_mfma_scale_f32_32x32x64_f8f6f4: {
7031 Value *Src0 = Call.getArgOperand(i: 0);
7032 Value *Src1 = Call.getArgOperand(i: 1);
7033
7034 uint64_t CBSZ = cast<ConstantInt>(Val: Call.getArgOperand(i: 3))->getZExtValue();
7035 uint64_t BLGP = cast<ConstantInt>(Val: Call.getArgOperand(i: 4))->getZExtValue();
7036 Check(CBSZ <= 4, "invalid value for cbsz format", Call,
7037 Call.getArgOperand(3));
7038 Check(BLGP <= 4, "invalid value for blgp format", Call,
7039 Call.getArgOperand(4));
7040
7041 // AMDGPU::MFMAScaleFormats values
7042 auto getFormatNumRegs = [](unsigned FormatVal) {
7043 switch (FormatVal) {
7044 case 0:
7045 case 1:
7046 return 8u;
7047 case 2:
7048 case 3:
7049 return 6u;
7050 case 4:
7051 return 4u;
7052 default:
7053 llvm_unreachable("invalid format value");
7054 }
7055 };
7056
7057 auto isValidSrcASrcBVector = [](FixedVectorType *Ty) {
7058 if (!Ty || !Ty->getElementType()->isIntegerTy(Bitwidth: 32))
7059 return false;
7060 unsigned NumElts = Ty->getNumElements();
7061 return NumElts == 4 || NumElts == 6 || NumElts == 8;
7062 };
7063
7064 auto *Src0Ty = dyn_cast<FixedVectorType>(Val: Src0->getType());
7065 auto *Src1Ty = dyn_cast<FixedVectorType>(Val: Src1->getType());
7066 Check(isValidSrcASrcBVector(Src0Ty),
7067 "operand 0 must be 4, 6 or 8 element i32 vector", &Call, Src0);
7068 Check(isValidSrcASrcBVector(Src1Ty),
7069 "operand 1 must be 4, 6 or 8 element i32 vector", &Call, Src1);
7070
7071 // Permit excess registers for the format.
7072 Check(Src0Ty->getNumElements() >= getFormatNumRegs(CBSZ),
7073 "invalid vector type for format", &Call, Src0, Call.getArgOperand(3));
7074 Check(Src1Ty->getNumElements() >= getFormatNumRegs(BLGP),
7075 "invalid vector type for format", &Call, Src1, Call.getArgOperand(5));
7076 break;
7077 }
7078 case Intrinsic::amdgcn_wmma_f32_16x16x128_f8f6f4:
7079 case Intrinsic::amdgcn_wmma_scale_f32_16x16x128_f8f6f4:
7080 case Intrinsic::amdgcn_wmma_scale16_f32_16x16x128_f8f6f4: {
7081 Value *Src0 = Call.getArgOperand(i: 1);
7082 Value *Src1 = Call.getArgOperand(i: 3);
7083
7084 unsigned FmtA = cast<ConstantInt>(Val: Call.getArgOperand(i: 0))->getZExtValue();
7085 unsigned FmtB = cast<ConstantInt>(Val: Call.getArgOperand(i: 2))->getZExtValue();
7086 Check(FmtA <= 4, "invalid value for matrix format", Call,
7087 Call.getArgOperand(0));
7088 Check(FmtB <= 4, "invalid value for matrix format", Call,
7089 Call.getArgOperand(2));
7090
7091 // AMDGPU::MatrixFMT values
7092 auto getFormatNumRegs = [](unsigned FormatVal) {
7093 switch (FormatVal) {
7094 case 0:
7095 case 1:
7096 return 16u;
7097 case 2:
7098 case 3:
7099 return 12u;
7100 case 4:
7101 return 8u;
7102 default:
7103 llvm_unreachable("invalid format value");
7104 }
7105 };
7106
7107 auto isValidSrcASrcBVector = [](FixedVectorType *Ty) {
7108 if (!Ty || !Ty->getElementType()->isIntegerTy(Bitwidth: 32))
7109 return false;
7110 unsigned NumElts = Ty->getNumElements();
7111 return NumElts == 16 || NumElts == 12 || NumElts == 8;
7112 };
7113
7114 auto *Src0Ty = dyn_cast<FixedVectorType>(Val: Src0->getType());
7115 auto *Src1Ty = dyn_cast<FixedVectorType>(Val: Src1->getType());
7116 Check(isValidSrcASrcBVector(Src0Ty),
7117 "operand 1 must be 8, 12 or 16 element i32 vector", &Call, Src0);
7118 Check(isValidSrcASrcBVector(Src1Ty),
7119 "operand 3 must be 8, 12 or 16 element i32 vector", &Call, Src1);
7120
7121 // Permit excess registers for the format.
7122 Check(Src0Ty->getNumElements() >= getFormatNumRegs(FmtA),
7123 "invalid vector type for format", &Call, Src0, Call.getArgOperand(0));
7124 Check(Src1Ty->getNumElements() >= getFormatNumRegs(FmtB),
7125 "invalid vector type for format", &Call, Src1, Call.getArgOperand(2));
7126 break;
7127 }
7128 case Intrinsic::amdgcn_cooperative_atomic_load_32x4B:
7129 case Intrinsic::amdgcn_cooperative_atomic_load_16x8B:
7130 case Intrinsic::amdgcn_cooperative_atomic_load_8x16B:
7131 case Intrinsic::amdgcn_cooperative_atomic_store_32x4B:
7132 case Intrinsic::amdgcn_cooperative_atomic_store_16x8B:
7133 case Intrinsic::amdgcn_cooperative_atomic_store_8x16B: {
7134 // Check we only use this intrinsic on the FLAT or GLOBAL address spaces.
7135 Value *PtrArg = Call.getArgOperand(i: 0);
7136 const unsigned AS = PtrArg->getType()->getPointerAddressSpace();
7137 Check(AS == AMDGPUAS::FLAT_ADDRESS || AS == AMDGPUAS::GLOBAL_ADDRESS,
7138 "cooperative atomic intrinsics require a generic or global pointer",
7139 &Call, PtrArg);
7140
7141 // Last argument must be a MD string
7142 auto *Op = cast<MetadataAsValue>(Val: Call.getArgOperand(i: Call.arg_size() - 1));
7143 MDNode *MD = cast<MDNode>(Val: Op->getMetadata());
7144 Check((MD->getNumOperands() == 1) && isa<MDString>(MD->getOperand(0)),
7145 "cooperative atomic intrinsics require that the last argument is a "
7146 "metadata string",
7147 &Call, Op);
7148 break;
7149 }
7150 case Intrinsic::nvvm_setmaxnreg_inc_sync_aligned_u32:
7151 case Intrinsic::nvvm_setmaxnreg_dec_sync_aligned_u32: {
7152 Value *V = Call.getArgOperand(i: 0);
7153 unsigned RegCount = cast<ConstantInt>(Val: V)->getZExtValue();
7154 Check(RegCount % 8 == 0,
7155 "reg_count argument to nvvm.setmaxnreg must be in multiples of 8");
7156 break;
7157 }
7158 case Intrinsic::experimental_convergence_entry:
7159 case Intrinsic::experimental_convergence_anchor:
7160 break;
7161 case Intrinsic::experimental_convergence_loop:
7162 break;
7163 case Intrinsic::ptrmask: {
7164 Type *Ty0 = Call.getArgOperand(i: 0)->getType();
7165 Type *Ty1 = Call.getArgOperand(i: 1)->getType();
7166 Check(Ty0->isPtrOrPtrVectorTy(),
7167 "llvm.ptrmask intrinsic first argument must be pointer or vector "
7168 "of pointers",
7169 &Call);
7170 Check(
7171 Ty0->isVectorTy() == Ty1->isVectorTy(),
7172 "llvm.ptrmask intrinsic arguments must be both scalars or both vectors",
7173 &Call);
7174 if (Ty0->isVectorTy())
7175 Check(cast<VectorType>(Ty0)->getElementCount() ==
7176 cast<VectorType>(Ty1)->getElementCount(),
7177 "llvm.ptrmask intrinsic arguments must have the same number of "
7178 "elements",
7179 &Call);
7180 Check(DL.getIndexTypeSizeInBits(Ty0) == Ty1->getScalarSizeInBits(),
7181 "llvm.ptrmask intrinsic second argument bitwidth must match "
7182 "pointer index type size of first argument",
7183 &Call);
7184 break;
7185 }
7186 case Intrinsic::thread_pointer: {
7187 Check(Call.getType()->getPointerAddressSpace() ==
7188 DL.getDefaultGlobalsAddressSpace(),
7189 "llvm.thread.pointer intrinsic return type must be for the globals "
7190 "address space",
7191 &Call);
7192 break;
7193 }
7194 case Intrinsic::threadlocal_address: {
7195 const Value &Arg0 = *Call.getArgOperand(i: 0);
7196 Check(isa<GlobalValue>(Arg0),
7197 "llvm.threadlocal.address first argument must be a GlobalValue");
7198 Check(cast<GlobalValue>(Arg0).isThreadLocal(),
7199 "llvm.threadlocal.address operand isThreadLocal() must be true");
7200 break;
7201 }
7202 case Intrinsic::lifetime_start:
7203 case Intrinsic::lifetime_end: {
7204 Value *Ptr = Call.getArgOperand(i: 0);
7205 Check(isa<AllocaInst>(Ptr) || isa<PoisonValue>(Ptr),
7206 "llvm.lifetime.start/end can only be used on alloca or poison",
7207 &Call);
7208 break;
7209 }
7210 case Intrinsic::sponentry: {
7211 const unsigned StackAS = DL.getAllocaAddrSpace();
7212 const Type *RetTy = Call.getFunctionType()->getReturnType();
7213 Check(RetTy->getPointerAddressSpace() == StackAS,
7214 "llvm.sponentry must return a pointer to the stack", &Call);
7215 break;
7216 }
7217 };
7218
7219 // Verify that there aren't any unmediated control transfers between funclets.
7220 if (IntrinsicInst::mayLowerToFunctionCall(IID: ID)) {
7221 Function *F = Call.getParent()->getParent();
7222 if (F->hasPersonalityFn() &&
7223 isScopedEHPersonality(Pers: classifyEHPersonality(Pers: F->getPersonalityFn()))) {
7224 // Run EH funclet coloring on-demand and cache results for other intrinsic
7225 // calls in this function
7226 if (BlockEHFuncletColors.empty())
7227 BlockEHFuncletColors = colorEHFunclets(F&: *F);
7228
7229 // Check for catch-/cleanup-pad in first funclet block
7230 bool InEHFunclet = false;
7231 BasicBlock *CallBB = Call.getParent();
7232 const ColorVector &CV = BlockEHFuncletColors.find(Val: CallBB)->second;
7233 assert(CV.size() > 0 && "Uncolored block");
7234 for (BasicBlock *ColorFirstBB : CV)
7235 if (auto It = ColorFirstBB->getFirstNonPHIIt();
7236 It != ColorFirstBB->end())
7237 if (isa_and_nonnull<FuncletPadInst>(Val: &*It))
7238 InEHFunclet = true;
7239
7240 // Check for funclet operand bundle
7241 bool HasToken = false;
7242 for (unsigned I = 0, E = Call.getNumOperandBundles(); I != E; ++I)
7243 if (Call.getOperandBundleAt(Index: I).getTagID() == LLVMContext::OB_funclet)
7244 HasToken = true;
7245
7246 // This would cause silent code truncation in WinEHPrepare
7247 if (InEHFunclet)
7248 Check(HasToken, "Missing funclet token on intrinsic call", &Call);
7249 }
7250 }
7251}
7252
7253/// Carefully grab the subprogram from a local scope.
7254///
7255/// This carefully grabs the subprogram from a local scope, avoiding the
7256/// built-in assertions that would typically fire.
7257static DISubprogram *getSubprogram(Metadata *LocalScope) {
7258 if (!LocalScope)
7259 return nullptr;
7260
7261 if (auto *SP = dyn_cast<DISubprogram>(Val: LocalScope))
7262 return SP;
7263
7264 if (auto *LB = dyn_cast<DILexicalBlockBase>(Val: LocalScope))
7265 return getSubprogram(LocalScope: LB->getRawScope());
7266
7267 // Just return null; broken scope chains are checked elsewhere.
7268 assert(!isa<DILocalScope>(LocalScope) && "Unknown type of local scope");
7269 return nullptr;
7270}
7271
7272void Verifier::visit(DbgLabelRecord &DLR) {
7273 CheckDI(isa<DILabel>(DLR.getRawLabel()),
7274 "invalid #dbg_label intrinsic variable", &DLR, DLR.getRawLabel());
7275
7276 // Ignore broken !dbg attachments; they're checked elsewhere.
7277 if (MDNode *N = DLR.getDebugLoc().getAsMDNode())
7278 if (!isa<DILocation>(Val: N))
7279 return;
7280
7281 BasicBlock *BB = DLR.getParent();
7282 Function *F = BB ? BB->getParent() : nullptr;
7283
7284 // The scopes for variables and !dbg attachments must agree.
7285 DILabel *Label = DLR.getLabel();
7286 DILocation *Loc = DLR.getDebugLoc();
7287 CheckDI(Loc, "#dbg_label record requires a !dbg attachment", &DLR, BB, F);
7288
7289 DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
7290 DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7291 if (!LabelSP || !LocSP)
7292 return;
7293
7294 CheckDI(LabelSP == LocSP,
7295 "mismatched subprogram between #dbg_label label and !dbg attachment",
7296 &DLR, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
7297 Loc->getScope()->getSubprogram());
7298}
7299
7300void Verifier::visit(DbgVariableRecord &DVR) {
7301 BasicBlock *BB = DVR.getParent();
7302 Function *F = BB->getParent();
7303
7304 CheckDI(DVR.getType() == DbgVariableRecord::LocationType::Value ||
7305 DVR.getType() == DbgVariableRecord::LocationType::Declare ||
7306 DVR.getType() == DbgVariableRecord::LocationType::DeclareValue ||
7307 DVR.getType() == DbgVariableRecord::LocationType::Assign,
7308 "invalid #dbg record type", &DVR, DVR.getType(), BB, F);
7309
7310 // The location for a DbgVariableRecord must be either a ValueAsMetadata,
7311 // DIArgList, or an empty MDNode (which is a legacy representation for an
7312 // "undef" location).
7313 auto *MD = DVR.getRawLocation();
7314 CheckDI(MD && (isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) ||
7315 (isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands())),
7316 "invalid #dbg record address/value", &DVR, MD, BB, F);
7317 if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: MD)) {
7318 visitValueAsMetadata(MD: *VAM, F);
7319 if (DVR.isDbgDeclare()) {
7320 // Allow integers here to support inttoptr salvage.
7321 Type *Ty = VAM->getValue()->getType();
7322 CheckDI(Ty->isPointerTy() || Ty->isIntegerTy(),
7323 "location of #dbg_declare must be a pointer or int", &DVR, MD, BB,
7324 F);
7325 }
7326 } else if (auto *AL = dyn_cast<DIArgList>(Val: MD)) {
7327 visitDIArgList(AL: *AL, F);
7328 }
7329
7330 CheckDI(isa_and_nonnull<DILocalVariable>(DVR.getRawVariable()),
7331 "invalid #dbg record variable", &DVR, DVR.getRawVariable(), BB, F);
7332 visitMDNode(MD: *DVR.getRawVariable(), AllowLocs: AreDebugLocsAllowed::No);
7333
7334 CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawExpression()),
7335 "invalid #dbg record expression", &DVR, DVR.getRawExpression(), BB,
7336 F);
7337 visitMDNode(MD: *DVR.getExpression(), AllowLocs: AreDebugLocsAllowed::No);
7338
7339 if (DVR.isDbgAssign()) {
7340 CheckDI(isa_and_nonnull<DIAssignID>(DVR.getRawAssignID()),
7341 "invalid #dbg_assign DIAssignID", &DVR, DVR.getRawAssignID(), BB,
7342 F);
7343 visitMDNode(MD: *cast<DIAssignID>(Val: DVR.getRawAssignID()),
7344 AllowLocs: AreDebugLocsAllowed::No);
7345
7346 const auto *RawAddr = DVR.getRawAddress();
7347 // Similarly to the location above, the address for an assign
7348 // DbgVariableRecord must be a ValueAsMetadata or an empty MDNode, which
7349 // represents an undef address.
7350 CheckDI(
7351 isa<ValueAsMetadata>(RawAddr) ||
7352 (isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
7353 "invalid #dbg_assign address", &DVR, DVR.getRawAddress(), BB, F);
7354 if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: RawAddr))
7355 visitValueAsMetadata(MD: *VAM, F);
7356
7357 CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawAddressExpression()),
7358 "invalid #dbg_assign address expression", &DVR,
7359 DVR.getRawAddressExpression(), BB, F);
7360 visitMDNode(MD: *DVR.getAddressExpression(), AllowLocs: AreDebugLocsAllowed::No);
7361
7362 // All of the linked instructions should be in the same function as DVR.
7363 for (Instruction *I : at::getAssignmentInsts(DVR: &DVR))
7364 CheckDI(DVR.getFunction() == I->getFunction(),
7365 "inst not in same function as #dbg_assign", I, &DVR, BB, F);
7366 }
7367
7368 // This check is redundant with one in visitLocalVariable().
7369 DILocalVariable *Var = DVR.getVariable();
7370 CheckDI(isType(Var->getRawType()), "invalid type ref", Var, Var->getRawType(),
7371 BB, F);
7372
7373 auto *DLNode = DVR.getDebugLoc().getAsMDNode();
7374 CheckDI(isa_and_nonnull<DILocation>(DLNode), "invalid #dbg record DILocation",
7375 &DVR, DLNode, BB, F);
7376 DILocation *Loc = DVR.getDebugLoc();
7377
7378 // The scopes for variables and !dbg attachments must agree.
7379 DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
7380 DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7381 if (!VarSP || !LocSP)
7382 return; // Broken scope chains are checked elsewhere.
7383
7384 CheckDI(VarSP == LocSP,
7385 "mismatched subprogram between #dbg record variable and DILocation",
7386 &DVR, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
7387 Loc->getScope()->getSubprogram(), BB, F);
7388
7389 verifyFnArgs(DVR);
7390}
7391
7392void Verifier::visitVPIntrinsic(VPIntrinsic &VPI) {
7393 if (auto *VPCast = dyn_cast<VPCastIntrinsic>(Val: &VPI)) {
7394 auto *RetTy = cast<VectorType>(Val: VPCast->getType());
7395 auto *ValTy = cast<VectorType>(Val: VPCast->getOperand(i_nocapture: 0)->getType());
7396 Check(RetTy->getElementCount() == ValTy->getElementCount(),
7397 "VP cast intrinsic first argument and result vector lengths must be "
7398 "equal",
7399 *VPCast);
7400
7401 switch (VPCast->getIntrinsicID()) {
7402 default:
7403 llvm_unreachable("Unknown VP cast intrinsic");
7404 case Intrinsic::vp_trunc:
7405 Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
7406 "llvm.vp.trunc intrinsic first argument and result element type "
7407 "must be integer",
7408 *VPCast);
7409 Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
7410 "llvm.vp.trunc intrinsic the bit size of first argument must be "
7411 "larger than the bit size of the return type",
7412 *VPCast);
7413 break;
7414 case Intrinsic::vp_zext:
7415 case Intrinsic::vp_sext:
7416 Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
7417 "llvm.vp.zext or llvm.vp.sext intrinsic first argument and result "
7418 "element type must be integer",
7419 *VPCast);
7420 Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
7421 "llvm.vp.zext or llvm.vp.sext intrinsic the bit size of first "
7422 "argument must be smaller than the bit size of the return type",
7423 *VPCast);
7424 break;
7425 case Intrinsic::vp_fptoui:
7426 case Intrinsic::vp_fptosi:
7427 case Intrinsic::vp_lrint:
7428 case Intrinsic::vp_llrint:
7429 Check(
7430 RetTy->isIntOrIntVectorTy() && ValTy->isFPOrFPVectorTy(),
7431 "llvm.vp.fptoui, llvm.vp.fptosi, llvm.vp.lrint or llvm.vp.llrint" "intrinsic first argument element "
7432 "type must be floating-point and result element type must be integer",
7433 *VPCast);
7434 break;
7435 case Intrinsic::vp_uitofp:
7436 case Intrinsic::vp_sitofp:
7437 Check(
7438 RetTy->isFPOrFPVectorTy() && ValTy->isIntOrIntVectorTy(),
7439 "llvm.vp.uitofp or llvm.vp.sitofp intrinsic first argument element "
7440 "type must be integer and result element type must be floating-point",
7441 *VPCast);
7442 break;
7443 case Intrinsic::vp_fptrunc:
7444 Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
7445 "llvm.vp.fptrunc intrinsic first argument and result element type "
7446 "must be floating-point",
7447 *VPCast);
7448 Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
7449 "llvm.vp.fptrunc intrinsic the bit size of first argument must be "
7450 "larger than the bit size of the return type",
7451 *VPCast);
7452 break;
7453 case Intrinsic::vp_fpext:
7454 Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
7455 "llvm.vp.fpext intrinsic first argument and result element type "
7456 "must be floating-point",
7457 *VPCast);
7458 Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
7459 "llvm.vp.fpext intrinsic the bit size of first argument must be "
7460 "smaller than the bit size of the return type",
7461 *VPCast);
7462 break;
7463 case Intrinsic::vp_ptrtoint:
7464 Check(RetTy->isIntOrIntVectorTy() && ValTy->isPtrOrPtrVectorTy(),
7465 "llvm.vp.ptrtoint intrinsic first argument element type must be "
7466 "pointer and result element type must be integer",
7467 *VPCast);
7468 break;
7469 case Intrinsic::vp_inttoptr:
7470 Check(RetTy->isPtrOrPtrVectorTy() && ValTy->isIntOrIntVectorTy(),
7471 "llvm.vp.inttoptr intrinsic first argument element type must be "
7472 "integer and result element type must be pointer",
7473 *VPCast);
7474 break;
7475 }
7476 }
7477
7478 switch (VPI.getIntrinsicID()) {
7479 case Intrinsic::vp_fcmp: {
7480 auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
7481 Check(CmpInst::isFPPredicate(Pred),
7482 "invalid predicate for VP FP comparison intrinsic", &VPI);
7483 break;
7484 }
7485 case Intrinsic::vp_icmp: {
7486 auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
7487 Check(CmpInst::isIntPredicate(Pred),
7488 "invalid predicate for VP integer comparison intrinsic", &VPI);
7489 break;
7490 }
7491 case Intrinsic::vp_is_fpclass: {
7492 auto TestMask = cast<ConstantInt>(Val: VPI.getOperand(i_nocapture: 1));
7493 Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
7494 "unsupported bits for llvm.vp.is.fpclass test mask");
7495 break;
7496 }
7497 case Intrinsic::experimental_vp_splice: {
7498 VectorType *VecTy = cast<VectorType>(Val: VPI.getType());
7499 int64_t Idx = cast<ConstantInt>(Val: VPI.getArgOperand(i: 2))->getSExtValue();
7500 int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue();
7501 if (VPI.getParent() && VPI.getParent()->getParent()) {
7502 AttributeList Attrs = VPI.getParent()->getParent()->getAttributes();
7503 if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange))
7504 KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin();
7505 }
7506 Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) ||
7507 (Idx >= 0 && Idx < KnownMinNumElements),
7508 "The splice index exceeds the range [-VL, VL-1] where VL is the "
7509 "known minimum number of elements in the vector. For scalable "
7510 "vectors the minimum number of elements is determined from "
7511 "vscale_range.",
7512 &VPI);
7513 break;
7514 }
7515 }
7516}
7517
7518void Verifier::visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI) {
7519 unsigned NumOperands = FPI.getNonMetadataArgCount();
7520 bool HasRoundingMD =
7521 Intrinsic::hasConstrainedFPRoundingModeOperand(QID: FPI.getIntrinsicID());
7522
7523 // Add the expected number of metadata operands.
7524 NumOperands += (1 + HasRoundingMD);
7525
7526 // Compare intrinsics carry an extra predicate metadata operand.
7527 if (isa<ConstrainedFPCmpIntrinsic>(Val: FPI))
7528 NumOperands += 1;
7529 Check((FPI.arg_size() == NumOperands),
7530 "invalid arguments for constrained FP intrinsic", &FPI);
7531
7532 switch (FPI.getIntrinsicID()) {
7533 case Intrinsic::experimental_constrained_lrint:
7534 case Intrinsic::experimental_constrained_llrint: {
7535 Type *ValTy = FPI.getArgOperand(i: 0)->getType();
7536 Type *ResultTy = FPI.getType();
7537 Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
7538 "Intrinsic does not support vectors", &FPI);
7539 break;
7540 }
7541
7542 case Intrinsic::experimental_constrained_lround:
7543 case Intrinsic::experimental_constrained_llround: {
7544 Type *ValTy = FPI.getArgOperand(i: 0)->getType();
7545 Type *ResultTy = FPI.getType();
7546 Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
7547 "Intrinsic does not support vectors", &FPI);
7548 break;
7549 }
7550
7551 case Intrinsic::experimental_constrained_fcmp:
7552 case Intrinsic::experimental_constrained_fcmps: {
7553 auto Pred = cast<ConstrainedFPCmpIntrinsic>(Val: &FPI)->getPredicate();
7554 Check(CmpInst::isFPPredicate(Pred),
7555 "invalid predicate for constrained FP comparison intrinsic", &FPI);
7556 break;
7557 }
7558
7559 case Intrinsic::experimental_constrained_fptosi:
7560 case Intrinsic::experimental_constrained_fptoui: {
7561 Value *Operand = FPI.getArgOperand(i: 0);
7562 ElementCount SrcEC;
7563 Check(Operand->getType()->isFPOrFPVectorTy(),
7564 "Intrinsic first argument must be floating point", &FPI);
7565 if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7566 SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7567 }
7568
7569 Operand = &FPI;
7570 Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7571 "Intrinsic first argument and result disagree on vector use", &FPI);
7572 Check(Operand->getType()->isIntOrIntVectorTy(),
7573 "Intrinsic result must be an integer", &FPI);
7574 if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7575 Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7576 "Intrinsic first argument and result vector lengths must be equal",
7577 &FPI);
7578 }
7579 break;
7580 }
7581
7582 case Intrinsic::experimental_constrained_sitofp:
7583 case Intrinsic::experimental_constrained_uitofp: {
7584 Value *Operand = FPI.getArgOperand(i: 0);
7585 ElementCount SrcEC;
7586 Check(Operand->getType()->isIntOrIntVectorTy(),
7587 "Intrinsic first argument must be integer", &FPI);
7588 if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7589 SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7590 }
7591
7592 Operand = &FPI;
7593 Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7594 "Intrinsic first argument and result disagree on vector use", &FPI);
7595 Check(Operand->getType()->isFPOrFPVectorTy(),
7596 "Intrinsic result must be a floating point", &FPI);
7597 if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7598 Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7599 "Intrinsic first argument and result vector lengths must be equal",
7600 &FPI);
7601 }
7602 break;
7603 }
7604
7605 case Intrinsic::experimental_constrained_fptrunc:
7606 case Intrinsic::experimental_constrained_fpext: {
7607 Value *Operand = FPI.getArgOperand(i: 0);
7608 Type *OperandTy = Operand->getType();
7609 Value *Result = &FPI;
7610 Type *ResultTy = Result->getType();
7611 Check(OperandTy->isFPOrFPVectorTy(),
7612 "Intrinsic first argument must be FP or FP vector", &FPI);
7613 Check(ResultTy->isFPOrFPVectorTy(),
7614 "Intrinsic result must be FP or FP vector", &FPI);
7615 Check(OperandTy->isVectorTy() == ResultTy->isVectorTy(),
7616 "Intrinsic first argument and result disagree on vector use", &FPI);
7617 if (OperandTy->isVectorTy()) {
7618 Check(cast<VectorType>(OperandTy)->getElementCount() ==
7619 cast<VectorType>(ResultTy)->getElementCount(),
7620 "Intrinsic first argument and result vector lengths must be equal",
7621 &FPI);
7622 }
7623 if (FPI.getIntrinsicID() == Intrinsic::experimental_constrained_fptrunc) {
7624 Check(OperandTy->getScalarSizeInBits() > ResultTy->getScalarSizeInBits(),
7625 "Intrinsic first argument's type must be larger than result type",
7626 &FPI);
7627 } else {
7628 Check(OperandTy->getScalarSizeInBits() < ResultTy->getScalarSizeInBits(),
7629 "Intrinsic first argument's type must be smaller than result type",
7630 &FPI);
7631 }
7632 break;
7633 }
7634
7635 default:
7636 break;
7637 }
7638
7639 // If a non-metadata argument is passed in a metadata slot then the
7640 // error will be caught earlier when the incorrect argument doesn't
7641 // match the specification in the intrinsic call table. Thus, no
7642 // argument type check is needed here.
7643
7644 Check(FPI.getExceptionBehavior().has_value(),
7645 "invalid exception behavior argument", &FPI);
7646 if (HasRoundingMD) {
7647 Check(FPI.getRoundingMode().has_value(), "invalid rounding mode argument",
7648 &FPI);
7649 }
7650}
7651
7652void Verifier::verifyFragmentExpression(const DbgVariableRecord &DVR) {
7653 DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: DVR.getRawVariable());
7654 DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7655
7656 // We don't know whether this intrinsic verified correctly.
7657 if (!V || !E || !E->isValid())
7658 return;
7659
7660 // Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
7661 auto Fragment = E->getFragmentInfo();
7662 if (!Fragment)
7663 return;
7664
7665 // The frontend helps out GDB by emitting the members of local anonymous
7666 // unions as artificial local variables with shared storage. When SROA splits
7667 // the storage for artificial local variables that are smaller than the entire
7668 // union, the overhang piece will be outside of the allotted space for the
7669 // variable and this check fails.
7670 // FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
7671 if (V->isArtificial())
7672 return;
7673
7674 verifyFragmentExpression(V: *V, Fragment: *Fragment, Desc: &DVR);
7675}
7676
7677template <typename ValueOrMetadata>
7678void Verifier::verifyFragmentExpression(const DIVariable &V,
7679 DIExpression::FragmentInfo Fragment,
7680 ValueOrMetadata *Desc) {
7681 // If there's no size, the type is broken, but that should be checked
7682 // elsewhere.
7683 auto VarSize = V.getSizeInBits();
7684 if (!VarSize)
7685 return;
7686
7687 unsigned FragSize = Fragment.SizeInBits;
7688 unsigned FragOffset = Fragment.OffsetInBits;
7689 CheckDI(FragSize + FragOffset <= *VarSize,
7690 "fragment is larger than or outside of variable", Desc, &V);
7691 CheckDI(FragSize != *VarSize, "fragment covers entire variable", Desc, &V);
7692}
7693
7694void Verifier::verifyFnArgs(const DbgVariableRecord &DVR) {
7695 // This function does not take the scope of noninlined function arguments into
7696 // account. Don't run it if current function is nodebug, because it may
7697 // contain inlined debug intrinsics.
7698 if (!HasDebugInfo)
7699 return;
7700
7701 // For performance reasons only check non-inlined ones.
7702 if (DVR.getDebugLoc()->getInlinedAt())
7703 return;
7704
7705 DILocalVariable *Var = DVR.getVariable();
7706 CheckDI(Var, "#dbg record without variable");
7707
7708 unsigned ArgNo = Var->getArg();
7709 if (!ArgNo)
7710 return;
7711
7712 // Verify there are no duplicate function argument debug info entries.
7713 // These will cause hard-to-debug assertions in the DWARF backend.
7714 if (DebugFnArgs.size() < ArgNo)
7715 DebugFnArgs.resize(N: ArgNo, NV: nullptr);
7716
7717 auto *Prev = DebugFnArgs[ArgNo - 1];
7718 DebugFnArgs[ArgNo - 1] = Var;
7719 CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &DVR,
7720 Prev, Var);
7721}
7722
7723void Verifier::verifyNotEntryValue(const DbgVariableRecord &DVR) {
7724 DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7725
7726 // We don't know whether this intrinsic verified correctly.
7727 if (!E || !E->isValid())
7728 return;
7729
7730 if (isa<ValueAsMetadata>(Val: DVR.getRawLocation())) {
7731 Value *VarValue = DVR.getVariableLocationOp(OpIdx: 0);
7732 if (isa<UndefValue>(Val: VarValue) || isa<PoisonValue>(Val: VarValue))
7733 return;
7734 // We allow EntryValues for swift async arguments, as they have an
7735 // ABI-guarantee to be turned into a specific register.
7736 if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
7737 ArgLoc && ArgLoc->hasAttribute(Kind: Attribute::SwiftAsync))
7738 return;
7739 }
7740
7741 CheckDI(!E->isEntryValue(),
7742 "Entry values are only allowed in MIR unless they target a "
7743 "swiftasync Argument",
7744 &DVR);
7745}
7746
7747void Verifier::verifyCompileUnits() {
7748 // When more than one Module is imported into the same context, such as during
7749 // an LTO build before linking the modules, ODR type uniquing may cause types
7750 // to point to a different CU. This check does not make sense in this case.
7751 if (M.getContext().isODRUniquingDebugTypes())
7752 return;
7753 auto *CUs = M.getNamedMetadata(Name: "llvm.dbg.cu");
7754 SmallPtrSet<const Metadata *, 2> Listed;
7755 if (CUs)
7756 Listed.insert_range(R: CUs->operands());
7757 for (const auto *CU : CUVisited)
7758 CheckDI(Listed.count(CU), "DICompileUnit not listed in llvm.dbg.cu", CU);
7759 CUVisited.clear();
7760}
7761
7762void Verifier::verifyDeoptimizeCallingConvs() {
7763 if (DeoptimizeDeclarations.empty())
7764 return;
7765
7766 const Function *First = DeoptimizeDeclarations[0];
7767 for (const auto *F : ArrayRef(DeoptimizeDeclarations).slice(N: 1)) {
7768 Check(First->getCallingConv() == F->getCallingConv(),
7769 "All llvm.experimental.deoptimize declarations must have the same "
7770 "calling convention",
7771 First, F);
7772 }
7773}
7774
7775void Verifier::verifyAttachedCallBundle(const CallBase &Call,
7776 const OperandBundleUse &BU) {
7777 FunctionType *FTy = Call.getFunctionType();
7778
7779 Check((FTy->getReturnType()->isPointerTy() ||
7780 (Call.doesNotReturn() && FTy->getReturnType()->isVoidTy())),
7781 "a call with operand bundle \"clang.arc.attachedcall\" must call a "
7782 "function returning a pointer or a non-returning function that has a "
7783 "void return type",
7784 Call);
7785
7786 Check(BU.Inputs.size() == 1 && isa<Function>(BU.Inputs.front()),
7787 "operand bundle \"clang.arc.attachedcall\" requires one function as "
7788 "an argument",
7789 Call);
7790
7791 auto *Fn = cast<Function>(Val: BU.Inputs.front());
7792 Intrinsic::ID IID = Fn->getIntrinsicID();
7793
7794 if (IID) {
7795 Check((IID == Intrinsic::objc_retainAutoreleasedReturnValue ||
7796 IID == Intrinsic::objc_claimAutoreleasedReturnValue ||
7797 IID == Intrinsic::objc_unsafeClaimAutoreleasedReturnValue),
7798 "invalid function argument", Call);
7799 } else {
7800 StringRef FnName = Fn->getName();
7801 Check((FnName == "objc_retainAutoreleasedReturnValue" ||
7802 FnName == "objc_claimAutoreleasedReturnValue" ||
7803 FnName == "objc_unsafeClaimAutoreleasedReturnValue"),
7804 "invalid function argument", Call);
7805 }
7806}
7807
7808void Verifier::verifyNoAliasScopeDecl() {
7809 if (NoAliasScopeDecls.empty())
7810 return;
7811
7812 // only a single scope must be declared at a time.
7813 for (auto *II : NoAliasScopeDecls) {
7814 assert(II->getIntrinsicID() == Intrinsic::experimental_noalias_scope_decl &&
7815 "Not a llvm.experimental.noalias.scope.decl ?");
7816 const auto *ScopeListMV = dyn_cast<MetadataAsValue>(
7817 Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7818 Check(ScopeListMV != nullptr,
7819 "llvm.experimental.noalias.scope.decl must have a MetadataAsValue "
7820 "argument",
7821 II);
7822
7823 const auto *ScopeListMD = dyn_cast<MDNode>(Val: ScopeListMV->getMetadata());
7824 Check(ScopeListMD != nullptr, "!id.scope.list must point to an MDNode", II);
7825 Check(ScopeListMD->getNumOperands() == 1,
7826 "!id.scope.list must point to a list with a single scope", II);
7827 visitAliasScopeListMetadata(MD: ScopeListMD);
7828 }
7829
7830 // Only check the domination rule when requested. Once all passes have been
7831 // adapted this option can go away.
7832 if (!VerifyNoAliasScopeDomination)
7833 return;
7834
7835 // Now sort the intrinsics based on the scope MDNode so that declarations of
7836 // the same scopes are next to each other.
7837 auto GetScope = [](IntrinsicInst *II) {
7838 const auto *ScopeListMV = cast<MetadataAsValue>(
7839 Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7840 return &cast<MDNode>(Val: ScopeListMV->getMetadata())->getOperand(I: 0);
7841 };
7842
7843 // We are sorting on MDNode pointers here. For valid input IR this is ok.
7844 // TODO: Sort on Metadata ID to avoid non-deterministic error messages.
7845 auto Compare = [GetScope](IntrinsicInst *Lhs, IntrinsicInst *Rhs) {
7846 return GetScope(Lhs) < GetScope(Rhs);
7847 };
7848
7849 llvm::sort(C&: NoAliasScopeDecls, Comp: Compare);
7850
7851 // Go over the intrinsics and check that for the same scope, they are not
7852 // dominating each other.
7853 auto ItCurrent = NoAliasScopeDecls.begin();
7854 while (ItCurrent != NoAliasScopeDecls.end()) {
7855 auto CurScope = GetScope(*ItCurrent);
7856 auto ItNext = ItCurrent;
7857 do {
7858 ++ItNext;
7859 } while (ItNext != NoAliasScopeDecls.end() &&
7860 GetScope(*ItNext) == CurScope);
7861
7862 // [ItCurrent, ItNext) represents the declarations for the same scope.
7863 // Ensure they are not dominating each other.. but only if it is not too
7864 // expensive.
7865 if (ItNext - ItCurrent < 32)
7866 for (auto *I : llvm::make_range(x: ItCurrent, y: ItNext))
7867 for (auto *J : llvm::make_range(x: ItCurrent, y: ItNext))
7868 if (I != J)
7869 Check(!DT.dominates(I, J),
7870 "llvm.experimental.noalias.scope.decl dominates another one "
7871 "with the same scope",
7872 I);
7873 ItCurrent = ItNext;
7874 }
7875}
7876
7877//===----------------------------------------------------------------------===//
7878// Implement the public interfaces to this file...
7879//===----------------------------------------------------------------------===//
7880
7881bool llvm::verifyFunction(const Function &f, raw_ostream *OS) {
7882 Function &F = const_cast<Function &>(f);
7883
7884 // Don't use a raw_null_ostream. Printing IR is expensive.
7885 Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/true, *f.getParent());
7886
7887 // Note that this function's return value is inverted from what you would
7888 // expect of a function called "verify".
7889 return !V.verify(F);
7890}
7891
7892bool llvm::verifyModule(const Module &M, raw_ostream *OS,
7893 bool *BrokenDebugInfo) {
7894 // Don't use a raw_null_ostream. Printing IR is expensive.
7895 Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/!BrokenDebugInfo, M);
7896
7897 bool Broken = false;
7898 for (const Function &F : M)
7899 Broken |= !V.verify(F);
7900
7901 Broken |= !V.verify();
7902 if (BrokenDebugInfo)
7903 *BrokenDebugInfo = V.hasBrokenDebugInfo();
7904 // Note that this function's return value is inverted from what you would
7905 // expect of a function called "verify".
7906 return Broken;
7907}
7908
7909namespace {
7910
7911struct VerifierLegacyPass : public FunctionPass {
7912 static char ID;
7913
7914 std::unique_ptr<Verifier> V;
7915 bool FatalErrors = true;
7916
7917 VerifierLegacyPass() : FunctionPass(ID) {
7918 initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7919 }
7920 explicit VerifierLegacyPass(bool FatalErrors)
7921 : FunctionPass(ID),
7922 FatalErrors(FatalErrors) {
7923 initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7924 }
7925
7926 bool doInitialization(Module &M) override {
7927 V = std::make_unique<Verifier>(
7928 args: &dbgs(), /*ShouldTreatBrokenDebugInfoAsError=*/args: false, args&: M);
7929 return false;
7930 }
7931
7932 bool runOnFunction(Function &F) override {
7933 if (!V->verify(F) && FatalErrors) {
7934 errs() << "in function " << F.getName() << '\n';
7935 report_fatal_error(reason: "Broken function found, compilation aborted!");
7936 }
7937 return false;
7938 }
7939
7940 bool doFinalization(Module &M) override {
7941 bool HasErrors = false;
7942 for (Function &F : M)
7943 if (F.isDeclaration())
7944 HasErrors |= !V->verify(F);
7945
7946 HasErrors |= !V->verify();
7947 if (FatalErrors && (HasErrors || V->hasBrokenDebugInfo()))
7948 report_fatal_error(reason: "Broken module found, compilation aborted!");
7949 return false;
7950 }
7951
7952 void getAnalysisUsage(AnalysisUsage &AU) const override {
7953 AU.setPreservesAll();
7954 }
7955};
7956
7957} // end anonymous namespace
7958
7959/// Helper to issue failure from the TBAA verification
7960template <typename... Tys> void TBAAVerifier::CheckFailed(Tys &&... Args) {
7961 if (Diagnostic)
7962 return Diagnostic->CheckFailed(Args...);
7963}
7964
7965#define CheckTBAA(C, ...) \
7966 do { \
7967 if (!(C)) { \
7968 CheckFailed(__VA_ARGS__); \
7969 return false; \
7970 } \
7971 } while (false)
7972
7973/// Verify that \p BaseNode can be used as the "base type" in the struct-path
7974/// TBAA scheme. This means \p BaseNode is either a scalar node, or a
7975/// struct-type node describing an aggregate data structure (like a struct).
7976TBAAVerifier::TBAABaseNodeSummary
7977TBAAVerifier::verifyTBAABaseNode(const Instruction *I, const MDNode *BaseNode,
7978 bool IsNewFormat) {
7979 if (BaseNode->getNumOperands() < 2) {
7980 CheckFailed(Args: "Base nodes must have at least two operands", Args&: I, Args&: BaseNode);
7981 return {true, ~0u};
7982 }
7983
7984 auto Itr = TBAABaseNodes.find(Val: BaseNode);
7985 if (Itr != TBAABaseNodes.end())
7986 return Itr->second;
7987
7988 auto Result = verifyTBAABaseNodeImpl(I, BaseNode, IsNewFormat);
7989 auto InsertResult = TBAABaseNodes.insert(KV: {BaseNode, Result});
7990 (void)InsertResult;
7991 assert(InsertResult.second && "We just checked!");
7992 return Result;
7993}
7994
7995TBAAVerifier::TBAABaseNodeSummary
7996TBAAVerifier::verifyTBAABaseNodeImpl(const Instruction *I,
7997 const MDNode *BaseNode, bool IsNewFormat) {
7998 const TBAAVerifier::TBAABaseNodeSummary InvalidNode = {true, ~0u};
7999
8000 if (BaseNode->getNumOperands() == 2) {
8001 // Scalar nodes can only be accessed at offset 0.
8002 return isValidScalarTBAANode(MD: BaseNode)
8003 ? TBAAVerifier::TBAABaseNodeSummary({false, 0})
8004 : InvalidNode;
8005 }
8006
8007 if (IsNewFormat) {
8008 if (BaseNode->getNumOperands() % 3 != 0) {
8009 CheckFailed(Args: "Access tag nodes must have the number of operands that is a "
8010 "multiple of 3!", Args&: BaseNode);
8011 return InvalidNode;
8012 }
8013 } else {
8014 if (BaseNode->getNumOperands() % 2 != 1) {
8015 CheckFailed(Args: "Struct tag nodes must have an odd number of operands!",
8016 Args&: BaseNode);
8017 return InvalidNode;
8018 }
8019 }
8020
8021 // Check the type size field.
8022 if (IsNewFormat) {
8023 auto *TypeSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
8024 MD: BaseNode->getOperand(I: 1));
8025 if (!TypeSizeNode) {
8026 CheckFailed(Args: "Type size nodes must be constants!", Args&: I, Args&: BaseNode);
8027 return InvalidNode;
8028 }
8029 }
8030
8031 // Check the type name field. In the new format it can be anything.
8032 if (!IsNewFormat && !isa<MDString>(Val: BaseNode->getOperand(I: 0))) {
8033 CheckFailed(Args: "Struct tag nodes have a string as their first operand",
8034 Args&: BaseNode);
8035 return InvalidNode;
8036 }
8037
8038 bool Failed = false;
8039
8040 std::optional<APInt> PrevOffset;
8041 unsigned BitWidth = ~0u;
8042
8043 // We've already checked that BaseNode is not a degenerate root node with one
8044 // operand in \c verifyTBAABaseNode, so this loop should run at least once.
8045 unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
8046 unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
8047 for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
8048 Idx += NumOpsPerField) {
8049 const MDOperand &FieldTy = BaseNode->getOperand(I: Idx);
8050 const MDOperand &FieldOffset = BaseNode->getOperand(I: Idx + 1);
8051 if (!isa<MDNode>(Val: FieldTy)) {
8052 CheckFailed(Args: "Incorrect field entry in struct type node!", Args&: I, Args&: BaseNode);
8053 Failed = true;
8054 continue;
8055 }
8056
8057 auto *OffsetEntryCI =
8058 mdconst::dyn_extract_or_null<ConstantInt>(MD: FieldOffset);
8059 if (!OffsetEntryCI) {
8060 CheckFailed(Args: "Offset entries must be constants!", Args&: I, Args&: BaseNode);
8061 Failed = true;
8062 continue;
8063 }
8064
8065 if (BitWidth == ~0u)
8066 BitWidth = OffsetEntryCI->getBitWidth();
8067
8068 if (OffsetEntryCI->getBitWidth() != BitWidth) {
8069 CheckFailed(
8070 Args: "Bitwidth between the offsets and struct type entries must match", Args&: I,
8071 Args&: BaseNode);
8072 Failed = true;
8073 continue;
8074 }
8075
8076 // NB! As far as I can tell, we generate a non-strictly increasing offset
8077 // sequence only from structs that have zero size bit fields. When
8078 // recursing into a contained struct in \c getFieldNodeFromTBAABaseNode we
8079 // pick the field lexically the latest in struct type metadata node. This
8080 // mirrors the actual behavior of the alias analysis implementation.
8081 bool IsAscending =
8082 !PrevOffset || PrevOffset->ule(RHS: OffsetEntryCI->getValue());
8083
8084 if (!IsAscending) {
8085 CheckFailed(Args: "Offsets must be increasing!", Args&: I, Args&: BaseNode);
8086 Failed = true;
8087 }
8088
8089 PrevOffset = OffsetEntryCI->getValue();
8090
8091 if (IsNewFormat) {
8092 auto *MemberSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
8093 MD: BaseNode->getOperand(I: Idx + 2));
8094 if (!MemberSizeNode) {
8095 CheckFailed(Args: "Member size entries must be constants!", Args&: I, Args&: BaseNode);
8096 Failed = true;
8097 continue;
8098 }
8099 }
8100 }
8101
8102 return Failed ? InvalidNode
8103 : TBAAVerifier::TBAABaseNodeSummary(false, BitWidth);
8104}
8105
8106static bool IsRootTBAANode(const MDNode *MD) {
8107 return MD->getNumOperands() < 2;
8108}
8109
8110static bool IsScalarTBAANodeImpl(const MDNode *MD,
8111 SmallPtrSetImpl<const MDNode *> &Visited) {
8112 if (MD->getNumOperands() != 2 && MD->getNumOperands() != 3)
8113 return false;
8114
8115 if (!isa<MDString>(Val: MD->getOperand(I: 0)))
8116 return false;
8117
8118 if (MD->getNumOperands() == 3) {
8119 auto *Offset = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 2));
8120 if (!(Offset && Offset->isZero() && isa<MDString>(Val: MD->getOperand(I: 0))))
8121 return false;
8122 }
8123
8124 auto *Parent = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
8125 return Parent && Visited.insert(Ptr: Parent).second &&
8126 (IsRootTBAANode(MD: Parent) || IsScalarTBAANodeImpl(MD: Parent, Visited));
8127}
8128
8129bool TBAAVerifier::isValidScalarTBAANode(const MDNode *MD) {
8130 auto ResultIt = TBAAScalarNodes.find(Val: MD);
8131 if (ResultIt != TBAAScalarNodes.end())
8132 return ResultIt->second;
8133
8134 SmallPtrSet<const MDNode *, 4> Visited;
8135 bool Result = IsScalarTBAANodeImpl(MD, Visited);
8136 auto InsertResult = TBAAScalarNodes.insert(KV: {MD, Result});
8137 (void)InsertResult;
8138 assert(InsertResult.second && "Just checked!");
8139
8140 return Result;
8141}
8142
8143/// Returns the field node at the offset \p Offset in \p BaseNode. Update \p
8144/// Offset in place to be the offset within the field node returned.
8145///
8146/// We assume we've okayed \p BaseNode via \c verifyTBAABaseNode.
8147MDNode *TBAAVerifier::getFieldNodeFromTBAABaseNode(const Instruction *I,
8148 const MDNode *BaseNode,
8149 APInt &Offset,
8150 bool IsNewFormat) {
8151 assert(BaseNode->getNumOperands() >= 2 && "Invalid base node!");
8152
8153 // Scalar nodes have only one possible "field" -- their parent in the access
8154 // hierarchy. Offset must be zero at this point, but our caller is supposed
8155 // to check that.
8156 if (BaseNode->getNumOperands() == 2)
8157 return cast<MDNode>(Val: BaseNode->getOperand(I: 1));
8158
8159 unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
8160 unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
8161 for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
8162 Idx += NumOpsPerField) {
8163 auto *OffsetEntryCI =
8164 mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: Idx + 1));
8165 if (OffsetEntryCI->getValue().ugt(RHS: Offset)) {
8166 if (Idx == FirstFieldOpNo) {
8167 CheckFailed(Args: "Could not find TBAA parent in struct type node", Args&: I,
8168 Args&: BaseNode, Args: &Offset);
8169 return nullptr;
8170 }
8171
8172 unsigned PrevIdx = Idx - NumOpsPerField;
8173 auto *PrevOffsetEntryCI =
8174 mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: PrevIdx + 1));
8175 Offset -= PrevOffsetEntryCI->getValue();
8176 return cast<MDNode>(Val: BaseNode->getOperand(I: PrevIdx));
8177 }
8178 }
8179
8180 unsigned LastIdx = BaseNode->getNumOperands() - NumOpsPerField;
8181 auto *LastOffsetEntryCI = mdconst::extract<ConstantInt>(
8182 MD: BaseNode->getOperand(I: LastIdx + 1));
8183 Offset -= LastOffsetEntryCI->getValue();
8184 return cast<MDNode>(Val: BaseNode->getOperand(I: LastIdx));
8185}
8186
8187static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) {
8188 if (!Type || Type->getNumOperands() < 3)
8189 return false;
8190
8191 // In the new format type nodes shall have a reference to the parent type as
8192 // its first operand.
8193 return isa_and_nonnull<MDNode>(Val: Type->getOperand(I: 0));
8194}
8195
8196bool TBAAVerifier::visitTBAAMetadata(const Instruction *I, const MDNode *MD) {
8197 CheckTBAA(MD->getNumOperands() > 0, "TBAA metadata cannot have 0 operands", I,
8198 MD);
8199
8200 if (I)
8201 CheckTBAA(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<CallInst>(I) ||
8202 isa<VAArgInst>(I) || isa<AtomicRMWInst>(I) ||
8203 isa<AtomicCmpXchgInst>(I),
8204 "This instruction shall not have a TBAA access tag!", I);
8205
8206 bool IsStructPathTBAA =
8207 isa<MDNode>(Val: MD->getOperand(I: 0)) && MD->getNumOperands() >= 3;
8208
8209 CheckTBAA(IsStructPathTBAA,
8210 "Old-style TBAA is no longer allowed, use struct-path TBAA instead",
8211 I);
8212
8213 MDNode *BaseNode = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 0));
8214 MDNode *AccessType = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
8215
8216 bool IsNewFormat = isNewFormatTBAATypeNode(Type: AccessType);
8217
8218 if (IsNewFormat) {
8219 CheckTBAA(MD->getNumOperands() == 4 || MD->getNumOperands() == 5,
8220 "Access tag metadata must have either 4 or 5 operands", I, MD);
8221 } else {
8222 CheckTBAA(MD->getNumOperands() < 5,
8223 "Struct tag metadata must have either 3 or 4 operands", I, MD);
8224 }
8225
8226 // Check the access size field.
8227 if (IsNewFormat) {
8228 auto *AccessSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
8229 MD: MD->getOperand(I: 3));
8230 CheckTBAA(AccessSizeNode, "Access size field must be a constant", I, MD);
8231 }
8232
8233 // Check the immutability flag.
8234 unsigned ImmutabilityFlagOpNo = IsNewFormat ? 4 : 3;
8235 if (MD->getNumOperands() == ImmutabilityFlagOpNo + 1) {
8236 auto *IsImmutableCI = mdconst::dyn_extract_or_null<ConstantInt>(
8237 MD: MD->getOperand(I: ImmutabilityFlagOpNo));
8238 CheckTBAA(IsImmutableCI,
8239 "Immutability tag on struct tag metadata must be a constant", I,
8240 MD);
8241 CheckTBAA(
8242 IsImmutableCI->isZero() || IsImmutableCI->isOne(),
8243 "Immutability part of the struct tag metadata must be either 0 or 1", I,
8244 MD);
8245 }
8246
8247 CheckTBAA(BaseNode && AccessType,
8248 "Malformed struct tag metadata: base and access-type "
8249 "should be non-null and point to Metadata nodes",
8250 I, MD, BaseNode, AccessType);
8251
8252 if (!IsNewFormat) {
8253 CheckTBAA(isValidScalarTBAANode(AccessType),
8254 "Access type node must be a valid scalar type", I, MD,
8255 AccessType);
8256 }
8257
8258 auto *OffsetCI = mdconst::dyn_extract_or_null<ConstantInt>(MD: MD->getOperand(I: 2));
8259 CheckTBAA(OffsetCI, "Offset must be constant integer", I, MD);
8260
8261 APInt Offset = OffsetCI->getValue();
8262 bool SeenAccessTypeInPath = false;
8263
8264 SmallPtrSet<MDNode *, 4> StructPath;
8265
8266 for (/* empty */; BaseNode && !IsRootTBAANode(MD: BaseNode);
8267 BaseNode =
8268 getFieldNodeFromTBAABaseNode(I, BaseNode, Offset, IsNewFormat)) {
8269 if (!StructPath.insert(Ptr: BaseNode).second) {
8270 CheckFailed(Args: "Cycle detected in struct path", Args&: I, Args&: MD);
8271 return false;
8272 }
8273
8274 bool Invalid;
8275 unsigned BaseNodeBitWidth;
8276 std::tie(args&: Invalid, args&: BaseNodeBitWidth) =
8277 verifyTBAABaseNode(I, BaseNode, IsNewFormat);
8278
8279 // If the base node is invalid in itself, then we've already printed all the
8280 // errors we wanted to print.
8281 if (Invalid)
8282 return false;
8283
8284 SeenAccessTypeInPath |= BaseNode == AccessType;
8285
8286 if (isValidScalarTBAANode(MD: BaseNode) || BaseNode == AccessType)
8287 CheckTBAA(Offset == 0, "Offset not zero at the point of scalar access", I,
8288 MD, &Offset);
8289
8290 CheckTBAA(BaseNodeBitWidth == Offset.getBitWidth() ||
8291 (BaseNodeBitWidth == 0 && Offset == 0) ||
8292 (IsNewFormat && BaseNodeBitWidth == ~0u),
8293 "Access bit-width not the same as description bit-width", I, MD,
8294 BaseNodeBitWidth, Offset.getBitWidth());
8295
8296 if (IsNewFormat && SeenAccessTypeInPath)
8297 break;
8298 }
8299
8300 CheckTBAA(SeenAccessTypeInPath, "Did not see access type in access path!", I,
8301 MD);
8302 return true;
8303}
8304
8305char VerifierLegacyPass::ID = 0;
8306INITIALIZE_PASS(VerifierLegacyPass, "verify", "Module Verifier", false, false)
8307
8308FunctionPass *llvm::createVerifierPass(bool FatalErrors) {
8309 return new VerifierLegacyPass(FatalErrors);
8310}
8311
8312AnalysisKey VerifierAnalysis::Key;
8313VerifierAnalysis::Result VerifierAnalysis::run(Module &M,
8314 ModuleAnalysisManager &) {
8315 Result Res;
8316 Res.IRBroken = llvm::verifyModule(M, OS: &dbgs(), BrokenDebugInfo: &Res.DebugInfoBroken);
8317 return Res;
8318}
8319
8320VerifierAnalysis::Result VerifierAnalysis::run(Function &F,
8321 FunctionAnalysisManager &) {
8322 return { .IRBroken: llvm::verifyFunction(f: F, OS: &dbgs()), .DebugInfoBroken: false };
8323}
8324
8325PreservedAnalyses VerifierPass::run(Module &M, ModuleAnalysisManager &AM) {
8326 auto Res = AM.getResult<VerifierAnalysis>(IR&: M);
8327 if (FatalErrors && (Res.IRBroken || Res.DebugInfoBroken))
8328 report_fatal_error(reason: "Broken module found, compilation aborted!");
8329
8330 return PreservedAnalyses::all();
8331}
8332
8333PreservedAnalyses VerifierPass::run(Function &F, FunctionAnalysisManager &AM) {
8334 auto res = AM.getResult<VerifierAnalysis>(IR&: F);
8335 if (res.IRBroken && FatalErrors)
8336 report_fatal_error(reason: "Broken function found, compilation aborted!");
8337
8338 return PreservedAnalyses::all();
8339}
8340