1	//===-- Verifier.cpp - Implement the Module Verifier -----------------------==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines the function verifier interface, that can be used for some
10	// basic correctness checking of input to the system.
11	//
12	// Note that this does not provide full `Java style' security and verifications,
13	// instead it just tries to ensure that code is well-formed.
14	//
15	// * Both of a binary operator's parameters are of the same type
16	// * Verify that the indices of mem access instructions match other operands
17	// * Verify that arithmetic and other things are only performed on first-class
18	// types. Verify that shifts & logicals only happen on integrals f.e.
19	// * All of the constants in a switch statement are of the correct type
20	// * The code is in valid SSA form
21	// * It should be illegal to put a label into any other type (like a structure)
22	// or to return one. [except constant arrays!]
23	// * Only phi nodes can be self referential: 'add i32 %0, %0 ; <int>:0' is bad
24	// * PHI nodes must have an entry for each predecessor, with no extras.
25	// * PHI nodes must be the first thing in a basic block, all grouped together
26	// * All basic blocks should only end with terminator insts, not contain them
27	// * The entry node to a function must not have predecessors
28	// * All Instructions must be embedded into a basic block
29	// * Functions cannot take a void-typed parameter
30	// * Verify that a function's argument list agrees with it's declared type.
31	// * It is illegal to specify a name for a void value.
32	// * It is illegal to have a internal global value with no initializer
33	// * It is illegal to have a ret instruction that returns a value that does not
34	// agree with the function return value type.
35	// * Function call argument types match the function prototype
36	// * A landing pad is defined by a landingpad instruction, and can be jumped to
37	// only by the unwind edge of an invoke instruction.
38	// * A landingpad instruction must be the first non-PHI instruction in the
39	// block.
40	// * Landingpad instructions must be in a function with a personality function.
41	// * Convergence control intrinsics are introduced in ConvergentOperations.rst.
42	// The applied restrictions are too numerous to list here.
43	// * The convergence entry intrinsic and the loop heart must be the first
44	// non-PHI instruction in their respective block. This does not conflict with
45	// the landing pads, since these two kinds cannot occur in the same block.
46	// * All other things that are tested by asserts spread about the code...
47	//
48	//===----------------------------------------------------------------------===//
49
50	#include "llvm/IR/Verifier.h"
51	#include "llvm/ADT/APFloat.h"
52	#include "llvm/ADT/APInt.h"
53	#include "llvm/ADT/ArrayRef.h"
54	#include "llvm/ADT/DenseMap.h"
55	#include "llvm/ADT/MapVector.h"
56	#include "llvm/ADT/PostOrderIterator.h"
57	#include "llvm/ADT/STLExtras.h"
58	#include "llvm/ADT/SmallPtrSet.h"
59	#include "llvm/ADT/SmallSet.h"
60	#include "llvm/ADT/SmallVector.h"
61	#include "llvm/ADT/StringExtras.h"
62	#include "llvm/ADT/StringMap.h"
63	#include "llvm/ADT/StringRef.h"
64	#include "llvm/ADT/Twine.h"
65	#include "llvm/BinaryFormat/Dwarf.h"
66	#include "llvm/IR/Argument.h"
67	#include "llvm/IR/AttributeMask.h"
68	#include "llvm/IR/Attributes.h"
69	#include "llvm/IR/BasicBlock.h"
70	#include "llvm/IR/CFG.h"
71	#include "llvm/IR/CallingConv.h"
72	#include "llvm/IR/Comdat.h"
73	#include "llvm/IR/Constant.h"
74	#include "llvm/IR/ConstantRange.h"
75	#include "llvm/IR/Constants.h"
76	#include "llvm/IR/ConvergenceVerifier.h"
77	#include "llvm/IR/DataLayout.h"
78	#include "llvm/IR/DebugInfo.h"
79	#include "llvm/IR/DebugInfoMetadata.h"
80	#include "llvm/IR/DebugLoc.h"
81	#include "llvm/IR/DerivedTypes.h"
82	#include "llvm/IR/Dominators.h"
83	#include "llvm/IR/EHPersonalities.h"
84	#include "llvm/IR/Function.h"
85	#include "llvm/IR/GCStrategy.h"
86	#include "llvm/IR/GlobalAlias.h"
87	#include "llvm/IR/GlobalValue.h"
88	#include "llvm/IR/GlobalVariable.h"
89	#include "llvm/IR/InlineAsm.h"
90	#include "llvm/IR/InstVisitor.h"
91	#include "llvm/IR/InstrTypes.h"
92	#include "llvm/IR/Instruction.h"
93	#include "llvm/IR/Instructions.h"
94	#include "llvm/IR/IntrinsicInst.h"
95	#include "llvm/IR/Intrinsics.h"
96	#include "llvm/IR/IntrinsicsAArch64.h"
97	#include "llvm/IR/IntrinsicsAMDGPU.h"
98	#include "llvm/IR/IntrinsicsARM.h"
99	#include "llvm/IR/IntrinsicsNVPTX.h"
100	#include "llvm/IR/IntrinsicsWebAssembly.h"
101	#include "llvm/IR/LLVMContext.h"
102	#include "llvm/IR/MemoryModelRelaxationAnnotations.h"
103	#include "llvm/IR/Metadata.h"
104	#include "llvm/IR/Module.h"
105	#include "llvm/IR/ModuleSlotTracker.h"
106	#include "llvm/IR/PassManager.h"
107	#include "llvm/IR/Statepoint.h"
108	#include "llvm/IR/Type.h"
109	#include "llvm/IR/Use.h"
110	#include "llvm/IR/User.h"
111	#include "llvm/IR/VFABIDemangler.h"
112	#include "llvm/IR/Value.h"
113	#include "llvm/InitializePasses.h"
114	#include "llvm/Pass.h"
115	#include "llvm/Support/AtomicOrdering.h"
116	#include "llvm/Support/Casting.h"
117	#include "llvm/Support/CommandLine.h"
118	#include "llvm/Support/ErrorHandling.h"
119	#include "llvm/Support/MathExtras.h"
120	#include "llvm/Support/ModRef.h"
121	#include "llvm/Support/raw_ostream.h"
122	#include <algorithm>
123	#include <cassert>
124	#include <cstdint>
125	#include <memory>
126	#include <optional>
127	#include <string>
128	#include <utility>
129
130	using namespace llvm;
131
132	static cl::opt<bool> VerifyNoAliasScopeDomination(
133	"verify-noalias-scope-decl-dom", cl::Hidden, cl::init(Val: false),
134	cl::desc("Ensure that llvm.experimental.noalias.scope.decl for identical "
135	"scopes are not dominating"));
136
137	namespace llvm {
138
139	struct VerifierSupport {
140	raw_ostream *OS;
141	const Module &M;
142	ModuleSlotTracker MST;
143	Triple TT;
144	const DataLayout &DL;
145	LLVMContext &Context;
146
147	/// Track the brokenness of the module while recursively visiting.
148	bool Broken = false;
149	/// Broken debug info can be "recovered" from by stripping the debug info.
150	bool BrokenDebugInfo = false;
151	/// Whether to treat broken debug info as an error.
152	bool TreatBrokenDebugInfoAsError = true;
153
154	explicit VerifierSupport(raw_ostream *OS, const Module &M)
155	: OS(OS), M(M), MST(&M), TT(M.getTargetTriple()), DL(M.getDataLayout()),
156	Context(M.getContext()) {}
157
158	private:
159	void Write(const Module *M) {
160	*OS << "; ModuleID = '" << M->getModuleIdentifier() << "'\n";
161	}
162
163	void Write(const Value *V) {
164	if (V)
165	Write(V: *V);
166	}
167
168	void Write(const Value &V) {
169	if (isa<Instruction>(Val: V)) {
170	V.print(O&: *OS, MST);
171	*OS << '\n';
172	} else {
173	V.printAsOperand(O&: *OS, PrintType: true, MST);
174	*OS << '\n';
175	}
176	}
177
178	void Write(const DbgRecord *DR) {
179	if (DR) {
180	DR->print(O&: *OS, MST, IsForDebug: false);
181	*OS << '\n';
182	}
183	}
184
185	void Write(DbgVariableRecord::LocationType Type) {
186	switch (Type) {
187	case DbgVariableRecord::LocationType::Value:
188	*OS << "value";
189	break;
190	case DbgVariableRecord::LocationType::Declare:
191	*OS << "declare";
192	break;
193	case DbgVariableRecord::LocationType::Assign:
194	*OS << "assign";
195	break;
196	case DbgVariableRecord::LocationType::End:
197	*OS << "end";
198	break;
199	case DbgVariableRecord::LocationType::Any:
200	*OS << "any";
201	break;
202	};
203	}
204
205	void Write(const Metadata *MD) {
206	if (!MD)
207	return;
208	MD->print(OS&: *OS, MST, M: &M);
209	*OS << '\n';
210	}
211
212	template <class T> void Write(const MDTupleTypedArrayWrapper<T> &MD) {
213	Write(MD.get());
214	}
215
216	void Write(const NamedMDNode *NMD) {
217	if (!NMD)
218	return;
219	NMD->print(ROS&: *OS, MST);
220	*OS << '\n';
221	}
222
223	void Write(Type *T) {
224	if (!T)
225	return;
226	*OS << ' ' << *T;
227	}
228
229	void Write(const Comdat *C) {
230	if (!C)
231	return;
232	*OS << *C;
233	}
234
235	void Write(const APInt *AI) {
236	if (!AI)
237	return;
238	*OS << *AI << '\n';
239	}
240
241	void Write(const unsigned i) { *OS << i << '\n'; }
242
243	// NOLINTNEXTLINE(readability-identifier-naming)
244	void Write(const Attribute *A) {
245	if (!A)
246	return;
247	*OS << A->getAsString() << '\n';
248	}
249
250	// NOLINTNEXTLINE(readability-identifier-naming)
251	void Write(const AttributeSet *AS) {
252	if (!AS)
253	return;
254	*OS << AS->getAsString() << '\n';
255	}
256
257	// NOLINTNEXTLINE(readability-identifier-naming)
258	void Write(const AttributeList *AL) {
259	if (!AL)
260	return;
261	AL->print(O&: *OS);
262	}
263
264	void Write(Printable P) { *OS << P << '\n'; }
265
266	template <typename T> void Write(ArrayRef<T> Vs) {
267	for (const T &V : Vs)
268	Write(V);
269	}
270
271	template <typename T1, typename... Ts>
272	void WriteTs(const T1 &V1, const Ts &... Vs) {
273	Write(V1);
274	WriteTs(Vs...);
275	}
276
277	template <typename... Ts> void WriteTs() {}
278
279	public:
280	/// A check failed, so printout out the condition and the message.
281	///
282	/// This provides a nice place to put a breakpoint if you want to see why
283	/// something is not correct.
284	void CheckFailed(const Twine &Message) {
285	if (OS)
286	*OS << Message << '\n';
287	Broken = true;
288	}
289
290	/// A check failed (with values to print).
291	///
292	/// This calls the Message-only version so that the above is easier to set a
293	/// breakpoint on.
294	template <typename T1, typename... Ts>
295	void CheckFailed(const Twine &Message, const T1 &V1, const Ts &... Vs) {
296	CheckFailed(Message);
297	if (OS)
298	WriteTs(V1, Vs...);
299	}
300
301	/// A debug info check failed.
302	void DebugInfoCheckFailed(const Twine &Message) {
303	if (OS)
304	*OS << Message << '\n';
305	Broken |= TreatBrokenDebugInfoAsError;
306	BrokenDebugInfo = true;
307	}
308
309	/// A debug info check failed (with values to print).
310	template <typename T1, typename... Ts>
311	void DebugInfoCheckFailed(const Twine &Message, const T1 &V1,
312	const Ts &... Vs) {
313	DebugInfoCheckFailed(Message);
314	if (OS)
315	WriteTs(V1, Vs...);
316	}
317	};
318
319	} // namespace llvm
320
321	namespace {
322
323	class Verifier : public InstVisitor<Verifier>, VerifierSupport {
324	friend class InstVisitor<Verifier>;
325
326	// ISD::ArgFlagsTy::MemAlign only have 4 bits for alignment, so
327	// the alignment size should not exceed 2^15. Since encode(Align)
328	// would plus the shift value by 1, the alignment size should
329	// not exceed 2^14, otherwise it can NOT be properly lowered
330	// in backend.
331	static constexpr unsigned ParamMaxAlignment = 1 << 14;
332	DominatorTree DT;
333
334	/// When verifying a basic block, keep track of all of the
335	/// instructions we have seen so far.
336	///
337	/// This allows us to do efficient dominance checks for the case when an
338	/// instruction has an operand that is an instruction in the same block.
339	SmallPtrSet<Instruction *, 16> InstsInThisBlock;
340
341	/// Keep track of the metadata nodes that have been checked already.
342	SmallPtrSet<const Metadata *, 32> MDNodes;
343
344	/// Keep track which DISubprogram is attached to which function.
345	DenseMap<const DISubprogram *, const Function *> DISubprogramAttachments;
346
347	/// Track all DICompileUnits visited.
348	SmallPtrSet<const Metadata *, 2> CUVisited;
349
350	/// The result type for a landingpad.
351	Type *LandingPadResultTy;
352
353	/// Whether we've seen a call to @llvm.localescape in this function
354	/// already.
355	bool SawFrameEscape;
356
357	/// Whether the current function has a DISubprogram attached to it.
358	bool HasDebugInfo = false;
359
360	/// The current source language.
361	dwarf::SourceLanguage CurrentSourceLang = dwarf::DW_LANG_lo_user;
362
363	/// Stores the count of how many objects were passed to llvm.localescape for a
364	/// given function and the largest index passed to llvm.localrecover.
365	DenseMap<Function *, std::pair<unsigned, unsigned>> FrameEscapeInfo;
366
367	// Maps catchswitches and cleanuppads that unwind to siblings to the
368	// terminators that indicate the unwind, used to detect cycles therein.
369	MapVector<Instruction *, Instruction *> SiblingFuncletInfo;
370
371	/// Cache which blocks are in which funclet, if an EH funclet personality is
372	/// in use. Otherwise empty.
373	DenseMap<BasicBlock *, ColorVector> BlockEHFuncletColors;
374
375	/// Cache of constants visited in search of ConstantExprs.
376	SmallPtrSet<const Constant *, 32> ConstantExprVisited;
377
378	/// Cache of declarations of the llvm.experimental.deoptimize.<ty> intrinsic.
379	SmallVector<const Function *, 4> DeoptimizeDeclarations;
380
381	/// Cache of attribute lists verified.
382	SmallPtrSet<const void *, 32> AttributeListsVisited;
383
384	// Verify that this GlobalValue is only used in this module.
385	// This map is used to avoid visiting uses twice. We can arrive at a user
386	// twice, if they have multiple operands. In particular for very large
387	// constant expressions, we can arrive at a particular user many times.
388	SmallPtrSet<const Value *, 32> GlobalValueVisited;
389
390	// Keeps track of duplicate function argument debug info.
391	SmallVector<const DILocalVariable *, 16> DebugFnArgs;
392
393	TBAAVerifier TBAAVerifyHelper;
394	ConvergenceVerifier ConvergenceVerifyHelper;
395
396	SmallVector<IntrinsicInst *, 4> NoAliasScopeDecls;
397
398	void checkAtomicMemAccessSize(Type *Ty, const Instruction *I);
399
400	public:
401	explicit Verifier(raw_ostream *OS, bool ShouldTreatBrokenDebugInfoAsError,
402	const Module &M)
403	: VerifierSupport(OS, M), LandingPadResultTy(nullptr),
404	SawFrameEscape(false), TBAAVerifyHelper(this) {
405	TreatBrokenDebugInfoAsError = ShouldTreatBrokenDebugInfoAsError;
406	}
407
408	bool hasBrokenDebugInfo() const { return BrokenDebugInfo; }
409
410	bool verify(const Function &F) {
411	assert(F.getParent() == &M &&
412	"An instance of this class only works with a specific module!");
413
414	// First ensure the function is well-enough formed to compute dominance
415	// information, and directly compute a dominance tree. We don't rely on the
416	// pass manager to provide this as it isolates us from a potentially
417	// out-of-date dominator tree and makes it significantly more complex to run
418	// this code outside of a pass manager.
419	// FIXME: It's really gross that we have to cast away constness here.
420	if (!F.empty())
421	DT.recalculate(Func&: const_cast<Function &>(F));
422
423	for (const BasicBlock &BB : F) {
424	if (!BB.empty() && BB.back().isTerminator())
425	continue;
426
427	if (OS) {
428	*OS << "Basic Block in function '" << F.getName()
429	<< "' does not have terminator!\n";
430	BB.printAsOperand(O&: *OS, PrintType: true, MST);
431	*OS << "\n";
432	}
433	return false;
434	}
435
436	auto FailureCB = [this](const Twine &Message) {
437	this->CheckFailed(Message);
438	};
439	ConvergenceVerifyHelper.initialize(OS, FailureCB, F);
440
441	Broken = false;
442	// FIXME: We strip const here because the inst visitor strips const.
443	visit(F&: const_cast<Function &>(F));
444	verifySiblingFuncletUnwinds();
445
446	if (ConvergenceVerifyHelper.sawTokens())
447	ConvergenceVerifyHelper.verify(DT);
448
449	InstsInThisBlock.clear();
450	DebugFnArgs.clear();
451	LandingPadResultTy = nullptr;
452	SawFrameEscape = false;
453	SiblingFuncletInfo.clear();
454	verifyNoAliasScopeDecl();
455	NoAliasScopeDecls.clear();
456
457	return !Broken;
458	}
459
460	/// Verify the module that this instance of \c Verifier was initialized with.
461	bool verify() {
462	Broken = false;
463
464	// Collect all declarations of the llvm.experimental.deoptimize intrinsic.
465	for (const Function &F : M)
466	if (F.getIntrinsicID() == Intrinsic::experimental_deoptimize)
467	DeoptimizeDeclarations.push_back(Elt: &F);
468
469	// Now that we've visited every function, verify that we never asked to
470	// recover a frame index that wasn't escaped.
471	verifyFrameRecoverIndices();
472	for (const GlobalVariable &GV : M.globals())
473	visitGlobalVariable(GV);
474
475	for (const GlobalAlias &GA : M.aliases())
476	visitGlobalAlias(GA);
477
478	for (const GlobalIFunc &GI : M.ifuncs())
479	visitGlobalIFunc(GI);
480
481	for (const NamedMDNode &NMD : M.named_metadata())
482	visitNamedMDNode(NMD);
483
484	for (const StringMapEntry<Comdat> &SMEC : M.getComdatSymbolTable())
485	visitComdat(C: SMEC.getValue());
486
487	visitModuleFlags();
488	visitModuleIdents();
489	visitModuleCommandLines();
490
491	verifyCompileUnits();
492
493	verifyDeoptimizeCallingConvs();
494	DISubprogramAttachments.clear();
495	return !Broken;
496	}
497
498	private:
499	/// Whether a metadata node is allowed to be, or contain, a DILocation.
500	enum class AreDebugLocsAllowed { No, Yes };
501
502	// Verification methods...
503	void visitGlobalValue(const GlobalValue &GV);
504	void visitGlobalVariable(const GlobalVariable &GV);
505	void visitGlobalAlias(const GlobalAlias &GA);
506	void visitGlobalIFunc(const GlobalIFunc &GI);
507	void visitAliaseeSubExpr(const GlobalAlias &A, const Constant &C);
508	void visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias *> &Visited,
509	const GlobalAlias &A, const Constant &C);
510	void visitNamedMDNode(const NamedMDNode &NMD);
511	void visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs);
512	void visitMetadataAsValue(const MetadataAsValue &MD, Function *F);
513	void visitValueAsMetadata(const ValueAsMetadata &MD, Function *F);
514	void visitDIArgList(const DIArgList &AL, Function *F);
515	void visitComdat(const Comdat &C);
516	void visitModuleIdents();
517	void visitModuleCommandLines();
518	void visitModuleFlags();
519	void visitModuleFlag(const MDNode *Op,
520	DenseMap<const MDString *, const MDNode *> &SeenIDs,
521	SmallVectorImpl<const MDNode *> &Requirements);
522	void visitModuleFlagCGProfileEntry(const MDOperand &MDO);
523	void visitFunction(const Function &F);
524	void visitBasicBlock(BasicBlock &BB);
525	void verifyRangeMetadata(const Value &V, const MDNode *Range, Type *Ty,
526	bool IsAbsoluteSymbol);
527	void visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty);
528	void visitDereferenceableMetadata(Instruction &I, MDNode *MD);
529	void visitProfMetadata(Instruction &I, MDNode *MD);
530	void visitCallStackMetadata(MDNode *MD);
531	void visitMemProfMetadata(Instruction &I, MDNode *MD);
532	void visitCallsiteMetadata(Instruction &I, MDNode *MD);
533	void visitDIAssignIDMetadata(Instruction &I, MDNode *MD);
534	void visitMMRAMetadata(Instruction &I, MDNode *MD);
535	void visitAnnotationMetadata(MDNode *Annotation);
536	void visitAliasScopeMetadata(const MDNode *MD);
537	void visitAliasScopeListMetadata(const MDNode *MD);
538	void visitAccessGroupMetadata(const MDNode *MD);
539
540	template <class Ty> bool isValidMetadataArray(const MDTuple &N);
541	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) void visit##CLASS(const CLASS &N);
542	#include "llvm/IR/Metadata.def"
543	void visitDIScope(const DIScope &N);
544	void visitDIVariable(const DIVariable &N);
545	void visitDILexicalBlockBase(const DILexicalBlockBase &N);
546	void visitDITemplateParameter(const DITemplateParameter &N);
547
548	void visitTemplateParams(const MDNode &N, const Metadata &RawParams);
549
550	void visit(DbgLabelRecord &DLR);
551	void visit(DbgVariableRecord &DVR);
552	// InstVisitor overrides...
553	using InstVisitor<Verifier>::visit;
554	void visitDbgRecords(Instruction &I);
555	void visit(Instruction &I);
556
557	void visitTruncInst(TruncInst &I);
558	void visitZExtInst(ZExtInst &I);
559	void visitSExtInst(SExtInst &I);
560	void visitFPTruncInst(FPTruncInst &I);
561	void visitFPExtInst(FPExtInst &I);
562	void visitFPToUIInst(FPToUIInst &I);
563	void visitFPToSIInst(FPToSIInst &I);
564	void visitUIToFPInst(UIToFPInst &I);
565	void visitSIToFPInst(SIToFPInst &I);
566	void visitIntToPtrInst(IntToPtrInst &I);
567	void visitPtrToIntInst(PtrToIntInst &I);
568	void visitBitCastInst(BitCastInst &I);
569	void visitAddrSpaceCastInst(AddrSpaceCastInst &I);
570	void visitPHINode(PHINode &PN);
571	void visitCallBase(CallBase &Call);
572	void visitUnaryOperator(UnaryOperator &U);
573	void visitBinaryOperator(BinaryOperator &B);
574	void visitICmpInst(ICmpInst &IC);
575	void visitFCmpInst(FCmpInst &FC);
576	void visitExtractElementInst(ExtractElementInst &EI);
577	void visitInsertElementInst(InsertElementInst &EI);
578	void visitShuffleVectorInst(ShuffleVectorInst &EI);
579	void visitVAArgInst(VAArgInst &VAA) { visitInstruction(I&: VAA); }
580	void visitCallInst(CallInst &CI);
581	void visitInvokeInst(InvokeInst &II);
582	void visitGetElementPtrInst(GetElementPtrInst &GEP);
583	void visitLoadInst(LoadInst &LI);
584	void visitStoreInst(StoreInst &SI);
585	void verifyDominatesUse(Instruction &I, unsigned i);
586	void visitInstruction(Instruction &I);
587	void visitTerminator(Instruction &I);
588	void visitBranchInst(BranchInst &BI);
589	void visitReturnInst(ReturnInst &RI);
590	void visitSwitchInst(SwitchInst &SI);
591	void visitIndirectBrInst(IndirectBrInst &BI);
592	void visitCallBrInst(CallBrInst &CBI);
593	void visitSelectInst(SelectInst &SI);
594	void visitUserOp1(Instruction &I);
595	void visitUserOp2(Instruction &I) { visitUserOp1(I); }
596	void visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call);
597	void visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI);
598	void visitVPIntrinsic(VPIntrinsic &VPI);
599	void visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII);
600	void visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI);
601	void visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI);
602	void visitAtomicRMWInst(AtomicRMWInst &RMWI);
603	void visitFenceInst(FenceInst &FI);
604	void visitAllocaInst(AllocaInst &AI);
605	void visitExtractValueInst(ExtractValueInst &EVI);
606	void visitInsertValueInst(InsertValueInst &IVI);
607	void visitEHPadPredecessors(Instruction &I);
608	void visitLandingPadInst(LandingPadInst &LPI);
609	void visitResumeInst(ResumeInst &RI);
610	void visitCatchPadInst(CatchPadInst &CPI);
611	void visitCatchReturnInst(CatchReturnInst &CatchReturn);
612	void visitCleanupPadInst(CleanupPadInst &CPI);
613	void visitFuncletPadInst(FuncletPadInst &FPI);
614	void visitCatchSwitchInst(CatchSwitchInst &CatchSwitch);
615	void visitCleanupReturnInst(CleanupReturnInst &CRI);
616
617	void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal);
618	void verifySwiftErrorValue(const Value *SwiftErrorVal);
619	void verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, StringRef Context);
620	void verifyMustTailCall(CallInst &CI);
621	bool verifyAttributeCount(AttributeList Attrs, unsigned Params);
622	void verifyAttributeTypes(AttributeSet Attrs, const Value *V);
623	void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V);
624	void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
625	const Value *V);
626	void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
627	const Value *V, bool IsIntrinsic, bool IsInlineAsm);
628	void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs);
629
630	void visitConstantExprsRecursively(const Constant *EntryC);
631	void visitConstantExpr(const ConstantExpr *CE);
632	void verifyInlineAsmCall(const CallBase &Call);
633	void verifyStatepoint(const CallBase &Call);
634	void verifyFrameRecoverIndices();
635	void verifySiblingFuncletUnwinds();
636
637	void verifyFragmentExpression(const DbgVariableIntrinsic &I);
638	void verifyFragmentExpression(const DbgVariableRecord &I);
639	template <typename ValueOrMetadata>
640	void verifyFragmentExpression(const DIVariable &V,
641	DIExpression::FragmentInfo Fragment,
642	ValueOrMetadata *Desc);
643	void verifyFnArgs(const DbgVariableIntrinsic &I);
644	void verifyFnArgs(const DbgVariableRecord &DVR);
645	void verifyNotEntryValue(const DbgVariableIntrinsic &I);
646	void verifyNotEntryValue(const DbgVariableRecord &I);
647
648	/// Module-level debug info verification...
649	void verifyCompileUnits();
650
651	/// Module-level verification that all @llvm.experimental.deoptimize
652	/// declarations share the same calling convention.
653	void verifyDeoptimizeCallingConvs();
654
655	void verifyAttachedCallBundle(const CallBase &Call,
656	const OperandBundleUse &BU);
657
658	/// Verify the llvm.experimental.noalias.scope.decl declarations
659	void verifyNoAliasScopeDecl();
660	};
661
662	} // end anonymous namespace
663
664	/// We know that cond should be true, if not print an error message.
665	#define Check(C, ...) \
666	do { \
667	if (!(C)) { \
668	CheckFailed(__VA_ARGS__); \
669	return; \
670	} \
671	} while (false)
672
673	/// We know that a debug info condition should be true, if not print
674	/// an error message.
675	#define CheckDI(C, ...) \
676	do { \
677	if (!(C)) { \
678	DebugInfoCheckFailed(__VA_ARGS__); \
679	return; \
680	} \
681	} while (false)
682
683	void Verifier::visitDbgRecords(Instruction &I) {
684	if (!I.DebugMarker)
685	return;
686	CheckDI(I.DebugMarker->MarkedInstr == &I,
687	"Instruction has invalid DebugMarker", &I);
688	CheckDI(!isa<PHINode>(&I) || !I.hasDbgRecords(),
689	"PHI Node must not have any attached DbgRecords", &I);
690	for (DbgRecord &DR : I.getDbgRecordRange()) {
691	CheckDI(DR.getMarker() == I.DebugMarker,
692	"DbgRecord had invalid DebugMarker", &I, &DR);
693	if (auto *Loc =
694	dyn_cast_or_null<DILocation>(Val: DR.getDebugLoc().getAsMDNode()))
695	visitMDNode(MD: *Loc, AllowLocs: AreDebugLocsAllowed::Yes);
696	if (auto *DVR = dyn_cast<DbgVariableRecord>(Val: &DR)) {
697	visit(DVR&: *DVR);
698	// These have to appear after `visit` for consistency with existing
699	// intrinsic behaviour.
700	verifyFragmentExpression(I: *DVR);
701	verifyNotEntryValue(I: *DVR);
702	} else if (auto *DLR = dyn_cast<DbgLabelRecord>(Val: &DR)) {
703	visit(DLR&: *DLR);
704	}
705	}
706	}
707
708	void Verifier::visit(Instruction &I) {
709	visitDbgRecords(I);
710	for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i)
711	Check(I.getOperand(i) != nullptr, "Operand is null", &I);
712	InstVisitor<Verifier>::visit(I);
713	}
714
715	// Helper to iterate over indirect users. By returning false, the callback can ask to stop traversing further.
716	static void forEachUser(const Value *User,
717	SmallPtrSet<const Value *, 32> &Visited,
718	llvm::function_ref<bool(const Value *)> Callback) {
719	if (!Visited.insert(Ptr: User).second)
720	return;
721
722	SmallVector<const Value *> WorkList;
723	append_range(C&: WorkList, R: User->materialized_users());
724	while (!WorkList.empty()) {
725	const Value *Cur = WorkList.pop_back_val();
726	if (!Visited.insert(Ptr: Cur).second)
727	continue;
728	if (Callback(Cur))
729	append_range(C&: WorkList, R: Cur->materialized_users());
730	}
731	}
732
733	void Verifier::visitGlobalValue(const GlobalValue &GV) {
734	Check(!GV.isDeclaration() || GV.hasValidDeclarationLinkage(),
735	"Global is external, but doesn't have external or weak linkage!", &GV);
736
737	if (const GlobalObject *GO = dyn_cast<GlobalObject>(Val: &GV)) {
738
739	if (MaybeAlign A = GO->getAlign()) {
740	Check(A->value() <= Value::MaximumAlignment,
741	"huge alignment values are unsupported", GO);
742	}
743
744	if (const MDNode *Associated =
745	GO->getMetadata(KindID: LLVMContext::MD_associated)) {
746	Check(Associated->getNumOperands() == 1,
747	"associated metadata must have one operand", &GV, Associated);
748	const Metadata *Op = Associated->getOperand(I: 0).get();
749	Check(Op, "associated metadata must have a global value", GO, Associated);
750
751	const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
752	Check(VM, "associated metadata must be ValueAsMetadata", GO, Associated);
753	if (VM) {
754	Check(isa<PointerType>(VM->getValue()->getType()),
755	"associated value must be pointer typed", GV, Associated);
756
757	const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
758	Check(isa<GlobalObject>(Stripped) || isa<Constant>(Stripped),
759	"associated metadata must point to a GlobalObject", GO, Stripped);
760	Check(Stripped != GO,
761	"global values should not associate to themselves", GO,
762	Associated);
763	}
764	}
765
766	// FIXME: Why is getMetadata on GlobalValue protected?
767	if (const MDNode *AbsoluteSymbol =
768	GO->getMetadata(KindID: LLVMContext::MD_absolute_symbol)) {
769	verifyRangeMetadata(V: *GO, Range: AbsoluteSymbol, Ty: DL.getIntPtrType(GO->getType()),
770	IsAbsoluteSymbol: true);
771	}
772	}
773
774	Check(!GV.hasAppendingLinkage() || isa<GlobalVariable>(GV),
775	"Only global variables can have appending linkage!", &GV);
776
777	if (GV.hasAppendingLinkage()) {
778	const GlobalVariable *GVar = dyn_cast<GlobalVariable>(Val: &GV);
779	Check(GVar && GVar->getValueType()->isArrayTy(),
780	"Only global arrays can have appending linkage!", GVar);
781	}
782
783	if (GV.isDeclarationForLinker())
784	Check(!GV.hasComdat(), "Declaration may not be in a Comdat!", &GV);
785
786	if (GV.hasDLLExportStorageClass()) {
787	Check(!GV.hasHiddenVisibility(),
788	"dllexport GlobalValue must have default or protected visibility",
789	&GV);
790	}
791	if (GV.hasDLLImportStorageClass()) {
792	Check(GV.hasDefaultVisibility(),
793	"dllimport GlobalValue must have default visibility", &GV);
794	Check(!GV.isDSOLocal(), "GlobalValue with DLLImport Storage is dso_local!",
795	&GV);
796
797	Check((GV.isDeclaration() &&
798	(GV.hasExternalLinkage() || GV.hasExternalWeakLinkage())) ||
799	GV.hasAvailableExternallyLinkage(),
800	"Global is marked as dllimport, but not external", &GV);
801	}
802
803	if (GV.isImplicitDSOLocal())
804	Check(GV.isDSOLocal(),
805	"GlobalValue with local linkage or non-default "
806	"visibility must be dso_local!",
807	&GV);
808
809	forEachUser(User: &GV, Visited&: GlobalValueVisited, Callback: [&](const Value *V) -> bool {
810	if (const Instruction *I = dyn_cast<Instruction>(Val: V)) {
811	if (!I->getParent() || !I->getParent()->getParent())
812	CheckFailed(Message: "Global is referenced by parentless instruction!", V1: &GV, Vs: &M,
813	Vs: I);
814	else if (I->getParent()->getParent()->getParent() != &M)
815	CheckFailed(Message: "Global is referenced in a different module!", V1: &GV, Vs: &M, Vs: I,
816	Vs: I->getParent()->getParent(),
817	Vs: I->getParent()->getParent()->getParent());
818	return false;
819	} else if (const Function *F = dyn_cast<Function>(Val: V)) {
820	if (F->getParent() != &M)
821	CheckFailed(Message: "Global is used by function in a different module", V1: &GV, Vs: &M,
822	Vs: F, Vs: F->getParent());
823	return false;
824	}
825	return true;
826	});
827	}
828
829	void Verifier::visitGlobalVariable(const GlobalVariable &GV) {
830	if (GV.hasInitializer()) {
831	Check(GV.getInitializer()->getType() == GV.getValueType(),
832	"Global variable initializer type does not match global "
833	"variable type!",
834	&GV);
835	// If the global has common linkage, it must have a zero initializer and
836	// cannot be constant.
837	if (GV.hasCommonLinkage()) {
838	Check(GV.getInitializer()->isNullValue(),
839	"'common' global must have a zero initializer!", &GV);
840	Check(!GV.isConstant(), "'common' global may not be marked constant!",
841	&GV);
842	Check(!GV.hasComdat(), "'common' global may not be in a Comdat!", &GV);
843	}
844	}
845
846	if (GV.hasName() && (GV.getName() == "llvm.global_ctors" ||
847	GV.getName() == "llvm.global_dtors")) {
848	Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
849	"invalid linkage for intrinsic global variable", &GV);
850	Check(GV.materialized_use_empty(),
851	"invalid uses of intrinsic global variable", &GV);
852
853	// Don't worry about emitting an error for it not being an array,
854	// visitGlobalValue will complain on appending non-array.
855	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GV.getValueType())) {
856	StructType *STy = dyn_cast<StructType>(Val: ATy->getElementType());
857	PointerType *FuncPtrTy =
858	PointerType::get(C&: Context, AddressSpace: DL.getProgramAddressSpace());
859	Check(STy && (STy->getNumElements() == 2 || STy->getNumElements() == 3) &&
860	STy->getTypeAtIndex(0u)->isIntegerTy(32) &&
861	STy->getTypeAtIndex(1) == FuncPtrTy,
862	"wrong type for intrinsic global variable", &GV);
863	Check(STy->getNumElements() == 3,
864	"the third field of the element type is mandatory, "
865	"specify ptr null to migrate from the obsoleted 2-field form");
866	Type *ETy = STy->getTypeAtIndex(N: 2);
867	Check(ETy->isPointerTy(), "wrong type for intrinsic global variable",
868	&GV);
869	}
870	}
871
872	if (GV.hasName() && (GV.getName() == "llvm.used" ||
873	GV.getName() == "llvm.compiler.used")) {
874	Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
875	"invalid linkage for intrinsic global variable", &GV);
876	Check(GV.materialized_use_empty(),
877	"invalid uses of intrinsic global variable", &GV);
878
879	Type *GVType = GV.getValueType();
880	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
881	PointerType *PTy = dyn_cast<PointerType>(Val: ATy->getElementType());
882	Check(PTy, "wrong type for intrinsic global variable", &GV);
883	if (GV.hasInitializer()) {
884	const Constant *Init = GV.getInitializer();
885	const ConstantArray *InitArray = dyn_cast<ConstantArray>(Val: Init);
886	Check(InitArray, "wrong initalizer for intrinsic global variable",
887	Init);
888	for (Value *Op : InitArray->operands()) {
889	Value *V = Op->stripPointerCasts();
890	Check(isa<GlobalVariable>(V) || isa<Function>(V) ||
891	isa<GlobalAlias>(V),
892	Twine("invalid ") + GV.getName() + " member", V);
893	Check(V->hasName(),
894	Twine("members of ") + GV.getName() + " must be named", V);
895	}
896	}
897	}
898	}
899
900	// Visit any debug info attachments.
901	SmallVector<MDNode *, 1> MDs;
902	GV.getMetadata(KindID: LLVMContext::MD_dbg, MDs);
903	for (auto *MD : MDs) {
904	if (auto *GVE = dyn_cast<DIGlobalVariableExpression>(Val: MD))
905	visitDIGlobalVariableExpression(N: *GVE);
906	else
907	CheckDI(false, "!dbg attachment of global variable must be a "
908	"DIGlobalVariableExpression");
909	}
910
911	// Scalable vectors cannot be global variables, since we don't know
912	// the runtime size.
913	Check(!GV.getValueType()->isScalableTy(),
914	"Globals cannot contain scalable types", &GV);
915
916	// Check if it's a target extension type that disallows being used as a
917	// global.
918	if (auto *TTy = dyn_cast<TargetExtType>(Val: GV.getValueType()))
919	Check(TTy->hasProperty(TargetExtType::CanBeGlobal),
920	"Global @" + GV.getName() + " has illegal target extension type",
921	TTy);
922
923	if (!GV.hasInitializer()) {
924	visitGlobalValue(GV);
925	return;
926	}
927
928	// Walk any aggregate initializers looking for bitcasts between address spaces
929	visitConstantExprsRecursively(EntryC: GV.getInitializer());
930
931	visitGlobalValue(GV);
932	}
933
934	void Verifier::visitAliaseeSubExpr(const GlobalAlias &GA, const Constant &C) {
935	SmallPtrSet<const GlobalAlias*, 4> Visited;
936	Visited.insert(Ptr: &GA);
937	visitAliaseeSubExpr(Visited, A: GA, C);
938	}
939
940	void Verifier::visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias*> &Visited,
941	const GlobalAlias &GA, const Constant &C) {
942	if (GA.hasAvailableExternallyLinkage()) {
943	Check(isa<GlobalValue>(C) &&
944	cast<GlobalValue>(C).hasAvailableExternallyLinkage(),
945	"available_externally alias must point to available_externally "
946	"global value",
947	&GA);
948	}
949	if (const auto *GV = dyn_cast<GlobalValue>(Val: &C)) {
950	if (!GA.hasAvailableExternallyLinkage()) {
951	Check(!GV->isDeclarationForLinker(), "Alias must point to a definition",
952	&GA);
953	}
954
955	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: GV)) {
956	Check(Visited.insert(GA2).second, "Aliases cannot form a cycle", &GA);
957
958	Check(!GA2->isInterposable(),
959	"Alias cannot point to an interposable alias", &GA);
960	} else {
961	// Only continue verifying subexpressions of GlobalAliases.
962	// Do not recurse into global initializers.
963	return;
964	}
965	}
966
967	if (const auto *CE = dyn_cast<ConstantExpr>(Val: &C))
968	visitConstantExprsRecursively(EntryC: CE);
969
970	for (const Use &U : C.operands()) {
971	Value *V = &*U;
972	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: V))
973	visitAliaseeSubExpr(Visited, GA, C: *GA2->getAliasee());
974	else if (const auto *C2 = dyn_cast<Constant>(Val: V))
975	visitAliaseeSubExpr(Visited, GA, C: *C2);
976	}
977	}
978
979	void Verifier::visitGlobalAlias(const GlobalAlias &GA) {
980	Check(GlobalAlias::isValidLinkage(GA.getLinkage()),
981	"Alias should have private, internal, linkonce, weak, linkonce_odr, "
982	"weak_odr, external, or available_externally linkage!",
983	&GA);
984	const Constant *Aliasee = GA.getAliasee();
985	Check(Aliasee, "Aliasee cannot be NULL!", &GA);
986	Check(GA.getType() == Aliasee->getType(),
987	"Alias and aliasee types should match!", &GA);
988
989	Check(isa<GlobalValue>(Aliasee) || isa<ConstantExpr>(Aliasee),
990	"Aliasee should be either GlobalValue or ConstantExpr", &GA);
991
992	visitAliaseeSubExpr(GA, C: *Aliasee);
993
994	visitGlobalValue(GV: GA);
995	}
996
997	void Verifier::visitGlobalIFunc(const GlobalIFunc &GI) {
998	Check(GlobalIFunc::isValidLinkage(GI.getLinkage()),
999	"IFunc should have private, internal, linkonce, weak, linkonce_odr, "
1000	"weak_odr, or external linkage!",
1001	&GI);
1002	// Pierce through ConstantExprs and GlobalAliases and check that the resolver
1003	// is a Function definition.
1004	const Function *Resolver = GI.getResolverFunction();
1005	Check(Resolver, "IFunc must have a Function resolver", &GI);
1006	Check(!Resolver->isDeclarationForLinker(),
1007	"IFunc resolver must be a definition", &GI);
1008
1009	// Check that the immediate resolver operand (prior to any bitcasts) has the
1010	// correct type.
1011	const Type *ResolverTy = GI.getResolver()->getType();
1012
1013	Check(isa<PointerType>(Resolver->getFunctionType()->getReturnType()),
1014	"IFunc resolver must return a pointer", &GI);
1015
1016	const Type *ResolverFuncTy =
1017	GlobalIFunc::getResolverFunctionType(IFuncValTy: GI.getValueType());
1018	Check(ResolverTy == ResolverFuncTy->getPointerTo(GI.getAddressSpace()),
1019	"IFunc resolver has incorrect type", &GI);
1020	}
1021
1022	void Verifier::visitNamedMDNode(const NamedMDNode &NMD) {
1023	// There used to be various other llvm.dbg.* nodes, but we don't support
1024	// upgrading them and we want to reserve the namespace for future uses.
1025	if (NMD.getName().starts_with(Prefix: "llvm.dbg."))
1026	CheckDI(NMD.getName() == "llvm.dbg.cu",
1027	"unrecognized named metadata node in the llvm.dbg namespace", &NMD);
1028	for (const MDNode *MD : NMD.operands()) {
1029	if (NMD.getName() == "llvm.dbg.cu")
1030	CheckDI(MD && isa<DICompileUnit>(MD), "invalid compile unit", &NMD, MD);
1031
1032	if (!MD)
1033	continue;
1034
1035	visitMDNode(MD: *MD, AllowLocs: AreDebugLocsAllowed::Yes);
1036	}
1037	}
1038
1039	void Verifier::visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs) {
1040	// Only visit each node once. Metadata can be mutually recursive, so this
1041	// avoids infinite recursion here, as well as being an optimization.
1042	if (!MDNodes.insert(Ptr: &MD).second)
1043	return;
1044
1045	Check(&MD.getContext() == &Context,
1046	"MDNode context does not match Module context!", &MD);
1047
1048	switch (MD.getMetadataID()) {
1049	default:
1050	llvm_unreachable("Invalid MDNode subclass");
1051	case Metadata::MDTupleKind:
1052	break;
1053	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) \
1054	case Metadata::CLASS##Kind: \
1055	visit##CLASS(cast<CLASS>(MD)); \
1056	break;
1057	#include "llvm/IR/Metadata.def"
1058	}
1059
1060	for (const Metadata *Op : MD.operands()) {
1061	if (!Op)
1062	continue;
1063	Check(!isa<LocalAsMetadata>(Op), "Invalid operand for global metadata!",
1064	&MD, Op);
1065	CheckDI(!isa<DILocation>(Op) || AllowLocs == AreDebugLocsAllowed::Yes,
1066	"DILocation not allowed within this metadata node", &MD, Op);
1067	if (auto *N = dyn_cast<MDNode>(Val: Op)) {
1068	visitMDNode(MD: *N, AllowLocs);
1069	continue;
1070	}
1071	if (auto *V = dyn_cast<ValueAsMetadata>(Val: Op)) {
1072	visitValueAsMetadata(MD: *V, F: nullptr);
1073	continue;
1074	}
1075	}
1076
1077	// Check these last, so we diagnose problems in operands first.
1078	Check(!MD.isTemporary(), "Expected no forward declarations!", &MD);
1079	Check(MD.isResolved(), "All nodes should be resolved!", &MD);
1080	}
1081
1082	void Verifier::visitValueAsMetadata(const ValueAsMetadata &MD, Function *F) {
1083	Check(MD.getValue(), "Expected valid value", &MD);
1084	Check(!MD.getValue()->getType()->isMetadataTy(),
1085	"Unexpected metadata round-trip through values", &MD, MD.getValue());
1086
1087	auto *L = dyn_cast<LocalAsMetadata>(Val: &MD);
1088	if (!L)
1089	return;
1090
1091	Check(F, "function-local metadata used outside a function", L);
1092
1093	// If this was an instruction, bb, or argument, verify that it is in the
1094	// function that we expect.
1095	Function *ActualF = nullptr;
1096	if (Instruction *I = dyn_cast<Instruction>(Val: L->getValue())) {
1097	Check(I->getParent(), "function-local metadata not in basic block", L, I);
1098	ActualF = I->getParent()->getParent();
1099	} else if (BasicBlock *BB = dyn_cast<BasicBlock>(Val: L->getValue()))
1100	ActualF = BB->getParent();
1101	else if (Argument *A = dyn_cast<Argument>(Val: L->getValue()))
1102	ActualF = A->getParent();
1103	assert(ActualF && "Unimplemented function local metadata case!");
1104
1105	Check(ActualF == F, "function-local metadata used in wrong function", L);
1106	}
1107
1108	void Verifier::visitDIArgList(const DIArgList &AL, Function *F) {
1109	for (const ValueAsMetadata *VAM : AL.getArgs())
1110	visitValueAsMetadata(MD: *VAM, F);
1111	}
1112
1113	void Verifier::visitMetadataAsValue(const MetadataAsValue &MDV, Function *F) {
1114	Metadata *MD = MDV.getMetadata();
1115	if (auto *N = dyn_cast<MDNode>(Val: MD)) {
1116	visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::No);
1117	return;
1118	}
1119
1120	// Only visit each node once. Metadata can be mutually recursive, so this
1121	// avoids infinite recursion here, as well as being an optimization.
1122	if (!MDNodes.insert(Ptr: MD).second)
1123	return;
1124
1125	if (auto *V = dyn_cast<ValueAsMetadata>(Val: MD))
1126	visitValueAsMetadata(MD: *V, F);
1127
1128	if (auto *AL = dyn_cast<DIArgList>(Val: MD))
1129	visitDIArgList(AL: *AL, F);
1130	}
1131
1132	static bool isType(const Metadata *MD) { return !MD || isa<DIType>(Val: MD); }
1133	static bool isScope(const Metadata *MD) { return !MD || isa<DIScope>(Val: MD); }
1134	static bool isDINode(const Metadata *MD) { return !MD || isa<DINode>(Val: MD); }
1135
1136	void Verifier::visitDILocation(const DILocation &N) {
1137	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1138	"location requires a valid scope", &N, N.getRawScope());
1139	if (auto *IA = N.getRawInlinedAt())
1140	CheckDI(isa<DILocation>(IA), "inlined-at should be a location", &N, IA);
1141	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1142	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1143	}
1144
1145	void Verifier::visitGenericDINode(const GenericDINode &N) {
1146	CheckDI(N.getTag(), "invalid tag", &N);
1147	}
1148
1149	void Verifier::visitDIScope(const DIScope &N) {
1150	if (auto *F = N.getRawFile())
1151	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1152	}
1153
1154	void Verifier::visitDISubrange(const DISubrange &N) {
1155	CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1156	bool HasAssumedSizedArraySupport = dwarf::isFortran(S: CurrentSourceLang);
1157	CheckDI(HasAssumedSizedArraySupport || N.getRawCountNode() ||
1158	N.getRawUpperBound(),
1159	"Subrange must contain count or upperBound", &N);
1160	CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1161	"Subrange can have any one of count or upperBound", &N);
1162	auto *CBound = N.getRawCountNode();
1163	CheckDI(!CBound || isa<ConstantAsMetadata>(CBound) ||
1164	isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1165	"Count must be signed constant or DIVariable or DIExpression", &N);
1166	auto Count = N.getCount();
1167	CheckDI(!Count || !isa<ConstantInt *>(Count) ||
1168	cast<ConstantInt *>(Count)->getSExtValue() >= -1,
1169	"invalid subrange count", &N);
1170	auto *LBound = N.getRawLowerBound();
1171	CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) ||
1172	isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1173	"LowerBound must be signed constant or DIVariable or DIExpression",
1174	&N);
1175	auto *UBound = N.getRawUpperBound();
1176	CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) ||
1177	isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1178	"UpperBound must be signed constant or DIVariable or DIExpression",
1179	&N);
1180	auto *Stride = N.getRawStride();
1181	CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) ||
1182	isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1183	"Stride must be signed constant or DIVariable or DIExpression", &N);
1184	}
1185
1186	void Verifier::visitDIGenericSubrange(const DIGenericSubrange &N) {
1187	CheckDI(N.getTag() == dwarf::DW_TAG_generic_subrange, "invalid tag", &N);
1188	CheckDI(N.getRawCountNode() || N.getRawUpperBound(),
1189	"GenericSubrange must contain count or upperBound", &N);
1190	CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1191	"GenericSubrange can have any one of count or upperBound", &N);
1192	auto *CBound = N.getRawCountNode();
1193	CheckDI(!CBound || isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1194	"Count must be signed constant or DIVariable or DIExpression", &N);
1195	auto *LBound = N.getRawLowerBound();
1196	CheckDI(LBound, "GenericSubrange must contain lowerBound", &N);
1197	CheckDI(isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1198	"LowerBound must be signed constant or DIVariable or DIExpression",
1199	&N);
1200	auto *UBound = N.getRawUpperBound();
1201	CheckDI(!UBound || isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1202	"UpperBound must be signed constant or DIVariable or DIExpression",
1203	&N);
1204	auto *Stride = N.getRawStride();
1205	CheckDI(Stride, "GenericSubrange must contain stride", &N);
1206	CheckDI(isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1207	"Stride must be signed constant or DIVariable or DIExpression", &N);
1208	}
1209
1210	void Verifier::visitDIEnumerator(const DIEnumerator &N) {
1211	CheckDI(N.getTag() == dwarf::DW_TAG_enumerator, "invalid tag", &N);
1212	}
1213
1214	void Verifier::visitDIBasicType(const DIBasicType &N) {
1215	CheckDI(N.getTag() == dwarf::DW_TAG_base_type ||
1216	N.getTag() == dwarf::DW_TAG_unspecified_type ||
1217	N.getTag() == dwarf::DW_TAG_string_type,
1218	"invalid tag", &N);
1219	}
1220
1221	void Verifier::visitDIStringType(const DIStringType &N) {
1222	CheckDI(N.getTag() == dwarf::DW_TAG_string_type, "invalid tag", &N);
1223	CheckDI(!(N.isBigEndian() && N.isLittleEndian()), "has conflicting flags",
1224	&N);
1225	}
1226
1227	void Verifier::visitDIDerivedType(const DIDerivedType &N) {
1228	// Common scope checks.
1229	visitDIScope(N);
1230
1231	CheckDI(N.getTag() == dwarf::DW_TAG_typedef ||
1232	N.getTag() == dwarf::DW_TAG_pointer_type ||
1233	N.getTag() == dwarf::DW_TAG_ptr_to_member_type ||
1234	N.getTag() == dwarf::DW_TAG_reference_type ||
1235	N.getTag() == dwarf::DW_TAG_rvalue_reference_type ||
1236	N.getTag() == dwarf::DW_TAG_const_type ||
1237	N.getTag() == dwarf::DW_TAG_immutable_type ||
1238	N.getTag() == dwarf::DW_TAG_volatile_type ||
1239	N.getTag() == dwarf::DW_TAG_restrict_type ||
1240	N.getTag() == dwarf::DW_TAG_atomic_type ||
1241	N.getTag() == dwarf::DW_TAG_LLVM_ptrauth_type ||
1242	N.getTag() == dwarf::DW_TAG_member ||
1243	(N.getTag() == dwarf::DW_TAG_variable && N.isStaticMember()) ||
1244	N.getTag() == dwarf::DW_TAG_inheritance ||
1245	N.getTag() == dwarf::DW_TAG_friend ||
1246	N.getTag() == dwarf::DW_TAG_set_type ||
1247	N.getTag() == dwarf::DW_TAG_template_alias,
1248	"invalid tag", &N);
1249	if (N.getTag() == dwarf::DW_TAG_ptr_to_member_type) {
1250	CheckDI(isType(N.getRawExtraData()), "invalid pointer to member type", &N,
1251	N.getRawExtraData());
1252	}
1253
1254	if (N.getTag() == dwarf::DW_TAG_set_type) {
1255	if (auto *T = N.getRawBaseType()) {
1256	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: T);
1257	auto *Basic = dyn_cast_or_null<DIBasicType>(Val: T);
1258	CheckDI(
1259	(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type) ||
1260	(Basic && (Basic->getEncoding() == dwarf::DW_ATE_unsigned ||
1261	Basic->getEncoding() == dwarf::DW_ATE_signed ||
1262	Basic->getEncoding() == dwarf::DW_ATE_unsigned_char ||
1263	Basic->getEncoding() == dwarf::DW_ATE_signed_char ||
1264	Basic->getEncoding() == dwarf::DW_ATE_boolean)),
1265	"invalid set base type", &N, T);
1266	}
1267	}
1268
1269	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1270	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1271	N.getRawBaseType());
1272
1273	if (N.getDWARFAddressSpace()) {
1274	CheckDI(N.getTag() == dwarf::DW_TAG_pointer_type ||
1275	N.getTag() == dwarf::DW_TAG_reference_type ||
1276	N.getTag() == dwarf::DW_TAG_rvalue_reference_type,
1277	"DWARF address space only applies to pointer or reference types",
1278	&N);
1279	}
1280	}
1281
1282	/// Detect mutually exclusive flags.
1283	static bool hasConflictingReferenceFlags(unsigned Flags) {
1284	return ((Flags & DINode::FlagLValueReference) &&
1285	(Flags & DINode::FlagRValueReference)) ||
1286	((Flags & DINode::FlagTypePassByValue) &&
1287	(Flags & DINode::FlagTypePassByReference));
1288	}
1289
1290	void Verifier::visitTemplateParams(const MDNode &N, const Metadata &RawParams) {
1291	auto *Params = dyn_cast<MDTuple>(Val: &RawParams);
1292	CheckDI(Params, "invalid template params", &N, &RawParams);
1293	for (Metadata *Op : Params->operands()) {
1294	CheckDI(Op && isa<DITemplateParameter>(Op), "invalid template parameter",
1295	&N, Params, Op);
1296	}
1297	}
1298
1299	void Verifier::visitDICompositeType(const DICompositeType &N) {
1300	// Common scope checks.
1301	visitDIScope(N);
1302
1303	CheckDI(N.getTag() == dwarf::DW_TAG_array_type ||
1304	N.getTag() == dwarf::DW_TAG_structure_type ||
1305	N.getTag() == dwarf::DW_TAG_union_type ||
1306	N.getTag() == dwarf::DW_TAG_enumeration_type ||
1307	N.getTag() == dwarf::DW_TAG_class_type ||
1308	N.getTag() == dwarf::DW_TAG_variant_part ||
1309	N.getTag() == dwarf::DW_TAG_namelist,
1310	"invalid tag", &N);
1311
1312	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1313	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1314	N.getRawBaseType());
1315
1316	CheckDI(!N.getRawElements() || isa<MDTuple>(N.getRawElements()),
1317	"invalid composite elements", &N, N.getRawElements());
1318	CheckDI(isType(N.getRawVTableHolder()), "invalid vtable holder", &N,
1319	N.getRawVTableHolder());
1320	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1321	"invalid reference flags", &N);
1322	unsigned DIBlockByRefStruct = 1 << 4;
1323	CheckDI((N.getFlags() & DIBlockByRefStruct) == 0,
1324	"DIBlockByRefStruct on DICompositeType is no longer supported", &N);
1325
1326	if (N.isVector()) {
1327	const DINodeArray Elements = N.getElements();
1328	CheckDI(Elements.size() == 1 &&
1329	Elements[0]->getTag() == dwarf::DW_TAG_subrange_type,
1330	"invalid vector, expected one element of type subrange", &N);
1331	}
1332
1333	if (auto *Params = N.getRawTemplateParams())
1334	visitTemplateParams(N, RawParams: *Params);
1335
1336	if (auto *D = N.getRawDiscriminator()) {
1337	CheckDI(isa<DIDerivedType>(D) && N.getTag() == dwarf::DW_TAG_variant_part,
1338	"discriminator can only appear on variant part");
1339	}
1340
1341	if (N.getRawDataLocation()) {
1342	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1343	"dataLocation can only appear in array type");
1344	}
1345
1346	if (N.getRawAssociated()) {
1347	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1348	"associated can only appear in array type");
1349	}
1350
1351	if (N.getRawAllocated()) {
1352	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1353	"allocated can only appear in array type");
1354	}
1355
1356	if (N.getRawRank()) {
1357	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1358	"rank can only appear in array type");
1359	}
1360
1361	if (N.getTag() == dwarf::DW_TAG_array_type) {
1362	CheckDI(N.getRawBaseType(), "array types must have a base type", &N);
1363	}
1364	}
1365
1366	void Verifier::visitDISubroutineType(const DISubroutineType &N) {
1367	CheckDI(N.getTag() == dwarf::DW_TAG_subroutine_type, "invalid tag", &N);
1368	if (auto *Types = N.getRawTypeArray()) {
1369	CheckDI(isa<MDTuple>(Types), "invalid composite elements", &N, Types);
1370	for (Metadata *Ty : N.getTypeArray()->operands()) {
1371	CheckDI(isType(Ty), "invalid subroutine type ref", &N, Types, Ty);
1372	}
1373	}
1374	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1375	"invalid reference flags", &N);
1376	}
1377
1378	void Verifier::visitDIFile(const DIFile &N) {
1379	CheckDI(N.getTag() == dwarf::DW_TAG_file_type, "invalid tag", &N);
1380	std::optional<DIFile::ChecksumInfo<StringRef>> Checksum = N.getChecksum();
1381	if (Checksum) {
1382	CheckDI(Checksum->Kind <= DIFile::ChecksumKind::CSK_Last,
1383	"invalid checksum kind", &N);
1384	size_t Size;
1385	switch (Checksum->Kind) {
1386	case DIFile::CSK_MD5:
1387	Size = 32;
1388	break;
1389	case DIFile::CSK_SHA1:
1390	Size = 40;
1391	break;
1392	case DIFile::CSK_SHA256:
1393	Size = 64;
1394	break;
1395	}
1396	CheckDI(Checksum->Value.size() == Size, "invalid checksum length", &N);
1397	CheckDI(Checksum->Value.find_if_not(llvm::isHexDigit) == StringRef::npos,
1398	"invalid checksum", &N);
1399	}
1400	}
1401
1402	void Verifier::visitDICompileUnit(const DICompileUnit &N) {
1403	CheckDI(N.isDistinct(), "compile units must be distinct", &N);
1404	CheckDI(N.getTag() == dwarf::DW_TAG_compile_unit, "invalid tag", &N);
1405
1406	// Don't bother verifying the compilation directory or producer string
1407	// as those could be empty.
1408	CheckDI(N.getRawFile() && isa<DIFile>(N.getRawFile()), "invalid file", &N,
1409	N.getRawFile());
1410	CheckDI(!N.getFile()->getFilename().empty(), "invalid filename", &N,
1411	N.getFile());
1412
1413	CurrentSourceLang = (dwarf::SourceLanguage)N.getSourceLanguage();
1414
1415	CheckDI((N.getEmissionKind() <= DICompileUnit::LastEmissionKind),
1416	"invalid emission kind", &N);
1417
1418	if (auto *Array = N.getRawEnumTypes()) {
1419	CheckDI(isa<MDTuple>(Array), "invalid enum list", &N, Array);
1420	for (Metadata *Op : N.getEnumTypes()->operands()) {
1421	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: Op);
1422	CheckDI(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type,
1423	"invalid enum type", &N, N.getEnumTypes(), Op);
1424	}
1425	}
1426	if (auto *Array = N.getRawRetainedTypes()) {
1427	CheckDI(isa<MDTuple>(Array), "invalid retained type list", &N, Array);
1428	for (Metadata *Op : N.getRetainedTypes()->operands()) {
1429	CheckDI(
1430	Op && (isa<DIType>(Op) || (isa<DISubprogram>(Op) &&
1431	!cast<DISubprogram>(Op)->isDefinition())),
1432	"invalid retained type", &N, Op);
1433	}
1434	}
1435	if (auto *Array = N.getRawGlobalVariables()) {
1436	CheckDI(isa<MDTuple>(Array), "invalid global variable list", &N, Array);
1437	for (Metadata *Op : N.getGlobalVariables()->operands()) {
1438	CheckDI(Op && (isa<DIGlobalVariableExpression>(Op)),
1439	"invalid global variable ref", &N, Op);
1440	}
1441	}
1442	if (auto *Array = N.getRawImportedEntities()) {
1443	CheckDI(isa<MDTuple>(Array), "invalid imported entity list", &N, Array);
1444	for (Metadata *Op : N.getImportedEntities()->operands()) {
1445	CheckDI(Op && isa<DIImportedEntity>(Op), "invalid imported entity ref",
1446	&N, Op);
1447	}
1448	}
1449	if (auto *Array = N.getRawMacros()) {
1450	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1451	for (Metadata *Op : N.getMacros()->operands()) {
1452	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1453	}
1454	}
1455	CUVisited.insert(Ptr: &N);
1456	}
1457
1458	void Verifier::visitDISubprogram(const DISubprogram &N) {
1459	CheckDI(N.getTag() == dwarf::DW_TAG_subprogram, "invalid tag", &N);
1460	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1461	if (auto *F = N.getRawFile())
1462	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1463	else
1464	CheckDI(N.getLine() == 0, "line specified with no file", &N, N.getLine());
1465	if (auto *T = N.getRawType())
1466	CheckDI(isa<DISubroutineType>(T), "invalid subroutine type", &N, T);
1467	CheckDI(isType(N.getRawContainingType()), "invalid containing type", &N,
1468	N.getRawContainingType());
1469	if (auto *Params = N.getRawTemplateParams())
1470	visitTemplateParams(N, RawParams: *Params);
1471	if (auto *S = N.getRawDeclaration())
1472	CheckDI(isa<DISubprogram>(S) && !cast<DISubprogram>(S)->isDefinition(),
1473	"invalid subprogram declaration", &N, S);
1474	if (auto *RawNode = N.getRawRetainedNodes()) {
1475	auto *Node = dyn_cast<MDTuple>(Val: RawNode);
1476	CheckDI(Node, "invalid retained nodes list", &N, RawNode);
1477	for (Metadata *Op : Node->operands()) {
1478	CheckDI(Op && (isa<DILocalVariable>(Op) || isa<DILabel>(Op) ||
1479	isa<DIImportedEntity>(Op)),
1480	"invalid retained nodes, expected DILocalVariable, DILabel or "
1481	"DIImportedEntity",
1482	&N, Node, Op);
1483	}
1484	}
1485	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1486	"invalid reference flags", &N);
1487
1488	auto *Unit = N.getRawUnit();
1489	if (N.isDefinition()) {
1490	// Subprogram definitions (not part of the type hierarchy).
1491	CheckDI(N.isDistinct(), "subprogram definitions must be distinct", &N);
1492	CheckDI(Unit, "subprogram definitions must have a compile unit", &N);
1493	CheckDI(isa<DICompileUnit>(Unit), "invalid unit type", &N, Unit);
1494	// There's no good way to cross the CU boundary to insert a nested
1495	// DISubprogram definition in one CU into a type defined in another CU.
1496	auto *CT = dyn_cast_or_null<DICompositeType>(Val: N.getRawScope());
1497	if (CT && CT->getRawIdentifier() &&
1498	M.getContext().isODRUniquingDebugTypes())
1499	CheckDI(N.getDeclaration(),
1500	"definition subprograms cannot be nested within DICompositeType "
1501	"when enabling ODR",
1502	&N);
1503	} else {
1504	// Subprogram declarations (part of the type hierarchy).
1505	CheckDI(!Unit, "subprogram declarations must not have a compile unit", &N);
1506	CheckDI(!N.getRawDeclaration(),
1507	"subprogram declaration must not have a declaration field");
1508	}
1509
1510	if (auto *RawThrownTypes = N.getRawThrownTypes()) {
1511	auto *ThrownTypes = dyn_cast<MDTuple>(Val: RawThrownTypes);
1512	CheckDI(ThrownTypes, "invalid thrown types list", &N, RawThrownTypes);
1513	for (Metadata *Op : ThrownTypes->operands())
1514	CheckDI(Op && isa<DIType>(Op), "invalid thrown type", &N, ThrownTypes,
1515	Op);
1516	}
1517
1518	if (N.areAllCallsDescribed())
1519	CheckDI(N.isDefinition(),
1520	"DIFlagAllCallsDescribed must be attached to a definition");
1521	}
1522
1523	void Verifier::visitDILexicalBlockBase(const DILexicalBlockBase &N) {
1524	CheckDI(N.getTag() == dwarf::DW_TAG_lexical_block, "invalid tag", &N);
1525	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1526	"invalid local scope", &N, N.getRawScope());
1527	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1528	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1529	}
1530
1531	void Verifier::visitDILexicalBlock(const DILexicalBlock &N) {
1532	visitDILexicalBlockBase(N);
1533
1534	CheckDI(N.getLine() || !N.getColumn(),
1535	"cannot have column info without line info", &N);
1536	}
1537
1538	void Verifier::visitDILexicalBlockFile(const DILexicalBlockFile &N) {
1539	visitDILexicalBlockBase(N);
1540	}
1541
1542	void Verifier::visitDICommonBlock(const DICommonBlock &N) {
1543	CheckDI(N.getTag() == dwarf::DW_TAG_common_block, "invalid tag", &N);
1544	if (auto *S = N.getRawScope())
1545	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1546	if (auto *S = N.getRawDecl())
1547	CheckDI(isa<DIGlobalVariable>(S), "invalid declaration", &N, S);
1548	}
1549
1550	void Verifier::visitDINamespace(const DINamespace &N) {
1551	CheckDI(N.getTag() == dwarf::DW_TAG_namespace, "invalid tag", &N);
1552	if (auto *S = N.getRawScope())
1553	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1554	}
1555
1556	void Verifier::visitDIMacro(const DIMacro &N) {
1557	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_define ||
1558	N.getMacinfoType() == dwarf::DW_MACINFO_undef,
1559	"invalid macinfo type", &N);
1560	CheckDI(!N.getName().empty(), "anonymous macro", &N);
1561	if (!N.getValue().empty()) {
1562	assert(N.getValue().data()[0] != ' ' && "Macro value has a space prefix");
1563	}
1564	}
1565
1566	void Verifier::visitDIMacroFile(const DIMacroFile &N) {
1567	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_start_file,
1568	"invalid macinfo type", &N);
1569	if (auto *F = N.getRawFile())
1570	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1571
1572	if (auto *Array = N.getRawElements()) {
1573	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1574	for (Metadata *Op : N.getElements()->operands()) {
1575	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1576	}
1577	}
1578	}
1579
1580	void Verifier::visitDIModule(const DIModule &N) {
1581	CheckDI(N.getTag() == dwarf::DW_TAG_module, "invalid tag", &N);
1582	CheckDI(!N.getName().empty(), "anonymous module", &N);
1583	}
1584
1585	void Verifier::visitDITemplateParameter(const DITemplateParameter &N) {
1586	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1587	}
1588
1589	void Verifier::visitDITemplateTypeParameter(const DITemplateTypeParameter &N) {
1590	visitDITemplateParameter(N);
1591
1592	CheckDI(N.getTag() == dwarf::DW_TAG_template_type_parameter, "invalid tag",
1593	&N);
1594	}
1595
1596	void Verifier::visitDITemplateValueParameter(
1597	const DITemplateValueParameter &N) {
1598	visitDITemplateParameter(N);
1599
1600	CheckDI(N.getTag() == dwarf::DW_TAG_template_value_parameter ||
1601	N.getTag() == dwarf::DW_TAG_GNU_template_template_param ||
1602	N.getTag() == dwarf::DW_TAG_GNU_template_parameter_pack,
1603	"invalid tag", &N);
1604	}
1605
1606	void Verifier::visitDIVariable(const DIVariable &N) {
1607	if (auto *S = N.getRawScope())
1608	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1609	if (auto *F = N.getRawFile())
1610	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1611	}
1612
1613	void Verifier::visitDIGlobalVariable(const DIGlobalVariable &N) {
1614	// Checks common to all variables.
1615	visitDIVariable(N);
1616
1617	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1618	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1619	// Check only if the global variable is not an extern
1620	if (N.isDefinition())
1621	CheckDI(N.getType(), "missing global variable type", &N);
1622	if (auto *Member = N.getRawStaticDataMemberDeclaration()) {
1623	CheckDI(isa<DIDerivedType>(Member),
1624	"invalid static data member declaration", &N, Member);
1625	}
1626	}
1627
1628	void Verifier::visitDILocalVariable(const DILocalVariable &N) {
1629	// Checks common to all variables.
1630	visitDIVariable(N);
1631
1632	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1633	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1634	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1635	"local variable requires a valid scope", &N, N.getRawScope());
1636	if (auto Ty = N.getType())
1637	CheckDI(!isa<DISubroutineType>(Ty), "invalid type", &N, N.getType());
1638	}
1639
1640	void Verifier::visitDIAssignID(const DIAssignID &N) {
1641	CheckDI(!N.getNumOperands(), "DIAssignID has no arguments", &N);
1642	CheckDI(N.isDistinct(), "DIAssignID must be distinct", &N);
1643	}
1644
1645	void Verifier::visitDILabel(const DILabel &N) {
1646	if (auto *S = N.getRawScope())
1647	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1648	if (auto *F = N.getRawFile())
1649	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1650
1651	CheckDI(N.getTag() == dwarf::DW_TAG_label, "invalid tag", &N);
1652	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1653	"label requires a valid scope", &N, N.getRawScope());
1654	}
1655
1656	void Verifier::visitDIExpression(const DIExpression &N) {
1657	CheckDI(N.isValid(), "invalid expression", &N);
1658	}
1659
1660	void Verifier::visitDIGlobalVariableExpression(
1661	const DIGlobalVariableExpression &GVE) {
1662	CheckDI(GVE.getVariable(), "missing variable");
1663	if (auto *Var = GVE.getVariable())
1664	visitDIGlobalVariable(N: *Var);
1665	if (auto *Expr = GVE.getExpression()) {
1666	visitDIExpression(N: *Expr);
1667	if (auto Fragment = Expr->getFragmentInfo())
1668	verifyFragmentExpression(V: *GVE.getVariable(), Fragment: *Fragment, Desc: &GVE);
1669	}
1670	}
1671
1672	void Verifier::visitDIObjCProperty(const DIObjCProperty &N) {
1673	CheckDI(N.getTag() == dwarf::DW_TAG_APPLE_property, "invalid tag", &N);
1674	if (auto *T = N.getRawType())
1675	CheckDI(isType(T), "invalid type ref", &N, T);
1676	if (auto *F = N.getRawFile())
1677	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1678	}
1679
1680	void Verifier::visitDIImportedEntity(const DIImportedEntity &N) {
1681	CheckDI(N.getTag() == dwarf::DW_TAG_imported_module ||
1682	N.getTag() == dwarf::DW_TAG_imported_declaration,
1683	"invalid tag", &N);
1684	if (auto *S = N.getRawScope())
1685	CheckDI(isa<DIScope>(S), "invalid scope for imported entity", &N, S);
1686	CheckDI(isDINode(N.getRawEntity()), "invalid imported entity", &N,
1687	N.getRawEntity());
1688	}
1689
1690	void Verifier::visitComdat(const Comdat &C) {
1691	// In COFF the Module is invalid if the GlobalValue has private linkage.
1692	// Entities with private linkage don't have entries in the symbol table.
1693	if (TT.isOSBinFormatCOFF())
1694	if (const GlobalValue *GV = M.getNamedValue(Name: C.getName()))
1695	Check(!GV->hasPrivateLinkage(), "comdat global value has private linkage",
1696	GV);
1697	}
1698
1699	void Verifier::visitModuleIdents() {
1700	const NamedMDNode *Idents = M.getNamedMetadata(Name: "llvm.ident");
1701	if (!Idents)
1702	return;
1703
1704	// llvm.ident takes a list of metadata entry. Each entry has only one string.
1705	// Scan each llvm.ident entry and make sure that this requirement is met.
1706	for (const MDNode *N : Idents->operands()) {
1707	Check(N->getNumOperands() == 1,
1708	"incorrect number of operands in llvm.ident metadata", N);
1709	Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1710	("invalid value for llvm.ident metadata entry operand"
1711	"(the operand should be a string)"),
1712	N->getOperand(0));
1713	}
1714	}
1715
1716	void Verifier::visitModuleCommandLines() {
1717	const NamedMDNode *CommandLines = M.getNamedMetadata(Name: "llvm.commandline");
1718	if (!CommandLines)
1719	return;
1720
1721	// llvm.commandline takes a list of metadata entry. Each entry has only one
1722	// string. Scan each llvm.commandline entry and make sure that this
1723	// requirement is met.
1724	for (const MDNode *N : CommandLines->operands()) {
1725	Check(N->getNumOperands() == 1,
1726	"incorrect number of operands in llvm.commandline metadata", N);
1727	Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1728	("invalid value for llvm.commandline metadata entry operand"
1729	"(the operand should be a string)"),
1730	N->getOperand(0));
1731	}
1732	}
1733
1734	void Verifier::visitModuleFlags() {
1735	const NamedMDNode *Flags = M.getModuleFlagsMetadata();
1736	if (!Flags) return;
1737
1738	// Scan each flag, and track the flags and requirements.
1739	DenseMap<const MDString*, const MDNode*> SeenIDs;
1740	SmallVector<const MDNode*, 16> Requirements;
1741	uint64_t PAuthABIPlatform = -1;
1742	uint64_t PAuthABIVersion = -1;
1743	for (const MDNode *MDN : Flags->operands()) {
1744	visitModuleFlag(Op: MDN, SeenIDs, Requirements);
1745	if (MDN->getNumOperands() != 3)
1746	continue;
1747	if (const auto *FlagName = dyn_cast_or_null<MDString>(Val: MDN->getOperand(I: 1))) {
1748	if (FlagName->getString() == "aarch64-elf-pauthabi-platform") {
1749	if (const auto *PAP =
1750	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1751	PAuthABIPlatform = PAP->getZExtValue();
1752	} else if (FlagName->getString() == "aarch64-elf-pauthabi-version") {
1753	if (const auto *PAV =
1754	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1755	PAuthABIVersion = PAV->getZExtValue();
1756	}
1757	}
1758	}
1759
1760	if ((PAuthABIPlatform == uint64_t(-1)) != (PAuthABIVersion == uint64_t(-1)))
1761	CheckFailed(Message: "either both or no 'aarch64-elf-pauthabi-platform' and "
1762	"'aarch64-elf-pauthabi-version' module flags must be present");
1763
1764	// Validate that the requirements in the module are valid.
1765	for (const MDNode *Requirement : Requirements) {
1766	const MDString *Flag = cast<MDString>(Val: Requirement->getOperand(I: 0));
1767	const Metadata *ReqValue = Requirement->getOperand(I: 1);
1768
1769	const MDNode *Op = SeenIDs.lookup(Val: Flag);
1770	if (!Op) {
1771	CheckFailed(Message: "invalid requirement on flag, flag is not present in module",
1772	V1: Flag);
1773	continue;
1774	}
1775
1776	if (Op->getOperand(I: 2) != ReqValue) {
1777	CheckFailed(Message: ("invalid requirement on flag, "
1778	"flag does not have the required value"),
1779	V1: Flag);
1780	continue;
1781	}
1782	}
1783	}
1784
1785	void
1786	Verifier::visitModuleFlag(const MDNode *Op,
1787	DenseMap<const MDString *, const MDNode *> &SeenIDs,
1788	SmallVectorImpl<const MDNode *> &Requirements) {
1789	// Each module flag should have three arguments, the merge behavior (a
1790	// constant int), the flag ID (an MDString), and the value.
1791	Check(Op->getNumOperands() == 3,
1792	"incorrect number of operands in module flag", Op);
1793	Module::ModFlagBehavior MFB;
1794	if (!Module::isValidModFlagBehavior(MD: Op->getOperand(I: 0), MFB)) {
1795	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(0)),
1796	"invalid behavior operand in module flag (expected constant integer)",
1797	Op->getOperand(0));
1798	Check(false,
1799	"invalid behavior operand in module flag (unexpected constant)",
1800	Op->getOperand(0));
1801	}
1802	MDString *ID = dyn_cast_or_null<MDString>(Val: Op->getOperand(I: 1));
1803	Check(ID, "invalid ID operand in module flag (expected metadata string)",
1804	Op->getOperand(1));
1805
1806	// Check the values for behaviors with additional requirements.
1807	switch (MFB) {
1808	case Module::Error:
1809	case Module::Warning:
1810	case Module::Override:
1811	// These behavior types accept any value.
1812	break;
1813
1814	case Module::Min: {
1815	auto *V = mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1816	Check(V && V->getValue().isNonNegative(),
1817	"invalid value for 'min' module flag (expected constant non-negative "
1818	"integer)",
1819	Op->getOperand(2));
1820	break;
1821	}
1822
1823	case Module::Max: {
1824	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)),
1825	"invalid value for 'max' module flag (expected constant integer)",
1826	Op->getOperand(2));
1827	break;
1828	}
1829
1830	case Module::Require: {
1831	// The value should itself be an MDNode with two operands, a flag ID (an
1832	// MDString), and a value.
1833	MDNode *Value = dyn_cast<MDNode>(Val: Op->getOperand(I: 2));
1834	Check(Value && Value->getNumOperands() == 2,
1835	"invalid value for 'require' module flag (expected metadata pair)",
1836	Op->getOperand(2));
1837	Check(isa<MDString>(Value->getOperand(0)),
1838	("invalid value for 'require' module flag "
1839	"(first value operand should be a string)"),
1840	Value->getOperand(0));
1841
1842	// Append it to the list of requirements, to check once all module flags are
1843	// scanned.
1844	Requirements.push_back(Elt: Value);
1845	break;
1846	}
1847
1848	case Module::Append:
1849	case Module::AppendUnique: {
1850	// These behavior types require the operand be an MDNode.
1851	Check(isa<MDNode>(Op->getOperand(2)),
1852	"invalid value for 'append'-type module flag "
1853	"(expected a metadata node)",
1854	Op->getOperand(2));
1855	break;
1856	}
1857	}
1858
1859	// Unless this is a "requires" flag, check the ID is unique.
1860	if (MFB != Module::Require) {
1861	bool Inserted = SeenIDs.insert(KV: std::make_pair(x&: ID, y&: Op)).second;
1862	Check(Inserted,
1863	"module flag identifiers must be unique (or of 'require' type)", ID);
1864	}
1865
1866	if (ID->getString() == "wchar_size") {
1867	ConstantInt *Value
1868	= mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1869	Check(Value, "wchar_size metadata requires constant integer argument");
1870	}
1871
1872	if (ID->getString() == "Linker Options") {
1873	// If the llvm.linker.options named metadata exists, we assume that the
1874	// bitcode reader has upgraded the module flag. Otherwise the flag might
1875	// have been created by a client directly.
1876	Check(M.getNamedMetadata("llvm.linker.options"),
1877	"'Linker Options' named metadata no longer supported");
1878	}
1879
1880	if (ID->getString() == "SemanticInterposition") {
1881	ConstantInt *Value =
1882	mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1883	Check(Value,
1884	"SemanticInterposition metadata requires constant integer argument");
1885	}
1886
1887	if (ID->getString() == "CG Profile") {
1888	for (const MDOperand &MDO : cast<MDNode>(Val: Op->getOperand(I: 2))->operands())
1889	visitModuleFlagCGProfileEntry(MDO);
1890	}
1891	}
1892
1893	void Verifier::visitModuleFlagCGProfileEntry(const MDOperand &MDO) {
1894	auto CheckFunction = [&](const MDOperand &FuncMDO) {
1895	if (!FuncMDO)
1896	return;
1897	auto F = dyn_cast<ValueAsMetadata>(Val: FuncMDO);
1898	Check(F && isa<Function>(F->getValue()->stripPointerCasts()),
1899	"expected a Function or null", FuncMDO);
1900	};
1901	auto Node = dyn_cast_or_null<MDNode>(Val: MDO);
1902	Check(Node && Node->getNumOperands() == 3, "expected a MDNode triple", MDO);
1903	CheckFunction(Node->getOperand(I: 0));
1904	CheckFunction(Node->getOperand(I: 1));
1905	auto Count = dyn_cast_or_null<ConstantAsMetadata>(Val: Node->getOperand(I: 2));
1906	Check(Count && Count->getType()->isIntegerTy(),
1907	"expected an integer constant", Node->getOperand(2));
1908	}
1909
1910	void Verifier::verifyAttributeTypes(AttributeSet Attrs, const Value *V) {
1911	for (Attribute A : Attrs) {
1912
1913	if (A.isStringAttribute()) {
1914	#define GET_ATTR_NAMES
1915	#define ATTRIBUTE_ENUM(ENUM_NAME, DISPLAY_NAME)
1916	#define ATTRIBUTE_STRBOOL(ENUM_NAME, DISPLAY_NAME) \
1917	if (A.getKindAsString() == #DISPLAY_NAME) { \
1918	auto V = A.getValueAsString(); \
1919	if (!(V.empty() || V == "true" || V == "false")) \
1920	CheckFailed("invalid value for '" #DISPLAY_NAME "' attribute: " + V + \
1921	""); \
1922	}
1923
1924	#include "llvm/IR/Attributes.inc"
1925	continue;
1926	}
1927
1928	if (A.isIntAttribute() != Attribute::isIntAttrKind(Kind: A.getKindAsEnum())) {
1929	CheckFailed("Attribute '" + A.getAsString() + "' should have an Argument",
1930	V);
1931	return;
1932	}
1933	}
1934	}
1935
1936	// VerifyParameterAttrs - Check the given attributes for an argument or return
1937	// value of the specified type. The value V is printed in error messages.
1938	void Verifier::verifyParameterAttrs(AttributeSet Attrs, Type *Ty,
1939	const Value *V) {
1940	if (!Attrs.hasAttributes())
1941	return;
1942
1943	verifyAttributeTypes(Attrs, V);
1944
1945	for (Attribute Attr : Attrs)
1946	Check(Attr.isStringAttribute() ||
1947	Attribute::canUseAsParamAttr(Attr.getKindAsEnum()),
1948	"Attribute '" + Attr.getAsString() + "' does not apply to parameters",
1949	V);
1950
1951	if (Attrs.hasAttribute(Attribute::ImmArg)) {
1952	Check(Attrs.getNumAttributes() == 1,
1953	"Attribute 'immarg' is incompatible with other attributes", V);
1954	}
1955
1956	// Check for mutually incompatible attributes. Only inreg is compatible with
1957	// sret.
1958	unsigned AttrCount = 0;
1959	AttrCount += Attrs.hasAttribute(Attribute::ByVal);
1960	AttrCount += Attrs.hasAttribute(Attribute::InAlloca);
1961	AttrCount += Attrs.hasAttribute(Attribute::Preallocated);
1962	AttrCount += Attrs.hasAttribute(Attribute::StructRet) ||
1963	Attrs.hasAttribute(Attribute::InReg);
1964	AttrCount += Attrs.hasAttribute(Attribute::Nest);
1965	AttrCount += Attrs.hasAttribute(Attribute::ByRef);
1966	Check(AttrCount <= 1,
1967	"Attributes 'byval', 'inalloca', 'preallocated', 'inreg', 'nest', "
1968	"'byref', and 'sret' are incompatible!",
1969	V);
1970
1971	Check(!(Attrs.hasAttribute(Attribute::InAlloca) &&
1972	Attrs.hasAttribute(Attribute::ReadOnly)),
1973	"Attributes "
1974	"'inalloca and readonly' are incompatible!",
1975	V);
1976
1977	Check(!(Attrs.hasAttribute(Attribute::StructRet) &&
1978	Attrs.hasAttribute(Attribute::Returned)),
1979	"Attributes "
1980	"'sret and returned' are incompatible!",
1981	V);
1982
1983	Check(!(Attrs.hasAttribute(Attribute::ZExt) &&
1984	Attrs.hasAttribute(Attribute::SExt)),
1985	"Attributes "
1986	"'zeroext and signext' are incompatible!",
1987	V);
1988
1989	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
1990	Attrs.hasAttribute(Attribute::ReadOnly)),
1991	"Attributes "
1992	"'readnone and readonly' are incompatible!",
1993	V);
1994
1995	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
1996	Attrs.hasAttribute(Attribute::WriteOnly)),
1997	"Attributes "
1998	"'readnone and writeonly' are incompatible!",
1999	V);
2000
2001	Check(!(Attrs.hasAttribute(Attribute::ReadOnly) &&
2002	Attrs.hasAttribute(Attribute::WriteOnly)),
2003	"Attributes "
2004	"'readonly and writeonly' are incompatible!",
2005	V);
2006
2007	Check(!(Attrs.hasAttribute(Attribute::NoInline) &&
2008	Attrs.hasAttribute(Attribute::AlwaysInline)),
2009	"Attributes "
2010	"'noinline and alwaysinline' are incompatible!",
2011	V);
2012
2013	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2014	Attrs.hasAttribute(Attribute::ReadNone)),
2015	"Attributes writable and readnone are incompatible!", V);
2016
2017	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2018	Attrs.hasAttribute(Attribute::ReadOnly)),
2019	"Attributes writable and readonly are incompatible!", V);
2020
2021	AttributeMask IncompatibleAttrs = AttributeFuncs::typeIncompatible(Ty);
2022	for (Attribute Attr : Attrs) {
2023	if (!Attr.isStringAttribute() &&
2024	IncompatibleAttrs.contains(A: Attr.getKindAsEnum())) {
2025	CheckFailed(Message: "Attribute '" + Attr.getAsString() +
2026	"' applied to incompatible type!", V1: V);
2027	return;
2028	}
2029	}
2030
2031	if (isa<PointerType>(Val: Ty)) {
2032	if (Attrs.hasAttribute(Attribute::ByVal)) {
2033	if (Attrs.hasAttribute(Attribute::Alignment)) {
2034	Align AttrAlign = Attrs.getAlignment().valueOrOne();
2035	Align MaxAlign(ParamMaxAlignment);
2036	Check(AttrAlign <= MaxAlign,
2037	"Attribute 'align' exceed the max size 2^14", V);
2038	}
2039	SmallPtrSet<Type *, 4> Visited;
2040	Check(Attrs.getByValType()->isSized(&Visited),
2041	"Attribute 'byval' does not support unsized types!", V);
2042	}
2043	if (Attrs.hasAttribute(Attribute::ByRef)) {
2044	SmallPtrSet<Type *, 4> Visited;
2045	Check(Attrs.getByRefType()->isSized(&Visited),
2046	"Attribute 'byref' does not support unsized types!", V);
2047	}
2048	if (Attrs.hasAttribute(Attribute::InAlloca)) {
2049	SmallPtrSet<Type *, 4> Visited;
2050	Check(Attrs.getInAllocaType()->isSized(&Visited),
2051	"Attribute 'inalloca' does not support unsized types!", V);
2052	}
2053	if (Attrs.hasAttribute(Attribute::Preallocated)) {
2054	SmallPtrSet<Type *, 4> Visited;
2055	Check(Attrs.getPreallocatedType()->isSized(&Visited),
2056	"Attribute 'preallocated' does not support unsized types!", V);
2057	}
2058	}
2059
2060	if (Attrs.hasAttribute(Attribute::NoFPClass)) {
2061	uint64_t Val = Attrs.getAttribute(Attribute::NoFPClass).getValueAsInt();
2062	Check(Val != 0, "Attribute 'nofpclass' must have at least one test bit set",
2063	V);
2064	Check((Val & ~static_cast<unsigned>(fcAllFlags)) == 0,
2065	"Invalid value for 'nofpclass' test mask", V);
2066	}
2067	if (Attrs.hasAttribute(Attribute::Range)) {
2068	auto CR = Attrs.getAttribute(Attribute::Range).getValueAsConstantRange();
2069	Check(Ty->isIntOrIntVectorTy(CR.getBitWidth()),
2070	"Range bit width must match type bit width!", V);
2071	}
2072	}
2073
2074	void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
2075	const Value *V) {
2076	if (Attrs.hasFnAttr(Kind: Attr)) {
2077	StringRef S = Attrs.getFnAttr(Kind: Attr).getValueAsString();
2078	unsigned N;
2079	if (S.getAsInteger(Radix: 10, Result&: N))
2080	CheckFailed(Message: "\"" + Attr + "\" takes an unsigned integer: " + S, V1: V);
2081	}
2082	}
2083
2084	// Check parameter attributes against a function type.
2085	// The value V is printed in error messages.
2086	void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
2087	const Value *V, bool IsIntrinsic,
2088	bool IsInlineAsm) {
2089	if (Attrs.isEmpty())
2090	return;
2091
2092	if (AttributeListsVisited.insert(Ptr: Attrs.getRawPointer()).second) {
2093	Check(Attrs.hasParentContext(Context),
2094	"Attribute list does not match Module context!", &Attrs, V);
2095	for (const auto &AttrSet : Attrs) {
2096	Check(!AttrSet.hasAttributes() || AttrSet.hasParentContext(Context),
2097	"Attribute set does not match Module context!", &AttrSet, V);
2098	for (const auto &A : AttrSet) {
2099	Check(A.hasParentContext(Context),
2100	"Attribute does not match Module context!", &A, V);
2101	}
2102	}
2103	}
2104
2105	bool SawNest = false;
2106	bool SawReturned = false;
2107	bool SawSRet = false;
2108	bool SawSwiftSelf = false;
2109	bool SawSwiftAsync = false;
2110	bool SawSwiftError = false;
2111
2112	// Verify return value attributes.
2113	AttributeSet RetAttrs = Attrs.getRetAttrs();
2114	for (Attribute RetAttr : RetAttrs)
2115	Check(RetAttr.isStringAttribute() ||
2116	Attribute::canUseAsRetAttr(RetAttr.getKindAsEnum()),
2117	"Attribute '" + RetAttr.getAsString() +
2118	"' does not apply to function return values",
2119	V);
2120
2121	unsigned MaxParameterWidth = 0;
2122	auto GetMaxParameterWidth = [&MaxParameterWidth](Type *Ty) {
2123	if (Ty->isVectorTy()) {
2124	if (auto *VT = dyn_cast<FixedVectorType>(Val: Ty)) {
2125	unsigned Size = VT->getPrimitiveSizeInBits().getFixedValue();
2126	if (Size > MaxParameterWidth)
2127	MaxParameterWidth = Size;
2128	}
2129	}
2130	};
2131	GetMaxParameterWidth(FT->getReturnType());
2132	verifyParameterAttrs(Attrs: RetAttrs, Ty: FT->getReturnType(), V);
2133
2134	// Verify parameter attributes.
2135	for (unsigned i = 0, e = FT->getNumParams(); i != e; ++i) {
2136	Type *Ty = FT->getParamType(i);
2137	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: i);
2138
2139	if (!IsIntrinsic) {
2140	Check(!ArgAttrs.hasAttribute(Attribute::ImmArg),
2141	"immarg attribute only applies to intrinsics", V);
2142	if (!IsInlineAsm)
2143	Check(!ArgAttrs.hasAttribute(Attribute::ElementType),
2144	"Attribute 'elementtype' can only be applied to intrinsics"
2145	" and inline asm.",
2146	V);
2147	}
2148
2149	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V);
2150	GetMaxParameterWidth(Ty);
2151
2152	if (ArgAttrs.hasAttribute(Attribute::Nest)) {
2153	Check(!SawNest, "More than one parameter has attribute nest!", V);
2154	SawNest = true;
2155	}
2156
2157	if (ArgAttrs.hasAttribute(Attribute::Returned)) {
2158	Check(!SawReturned, "More than one parameter has attribute returned!", V);
2159	Check(Ty->canLosslesslyBitCastTo(FT->getReturnType()),
2160	"Incompatible argument and return types for 'returned' attribute",
2161	V);
2162	SawReturned = true;
2163	}
2164
2165	if (ArgAttrs.hasAttribute(Attribute::StructRet)) {
2166	Check(!SawSRet, "Cannot have multiple 'sret' parameters!", V);
2167	Check(i == 0 || i == 1,
2168	"Attribute 'sret' is not on first or second parameter!", V);
2169	SawSRet = true;
2170	}
2171
2172	if (ArgAttrs.hasAttribute(Attribute::SwiftSelf)) {
2173	Check(!SawSwiftSelf, "Cannot have multiple 'swiftself' parameters!", V);
2174	SawSwiftSelf = true;
2175	}
2176
2177	if (ArgAttrs.hasAttribute(Attribute::SwiftAsync)) {
2178	Check(!SawSwiftAsync, "Cannot have multiple 'swiftasync' parameters!", V);
2179	SawSwiftAsync = true;
2180	}
2181
2182	if (ArgAttrs.hasAttribute(Attribute::SwiftError)) {
2183	Check(!SawSwiftError, "Cannot have multiple 'swifterror' parameters!", V);
2184	SawSwiftError = true;
2185	}
2186
2187	if (ArgAttrs.hasAttribute(Attribute::InAlloca)) {
2188	Check(i == FT->getNumParams() - 1,
2189	"inalloca isn't on the last parameter!", V);
2190	}
2191	}
2192
2193	if (!Attrs.hasFnAttrs())
2194	return;
2195
2196	verifyAttributeTypes(Attrs: Attrs.getFnAttrs(), V);
2197	for (Attribute FnAttr : Attrs.getFnAttrs())
2198	Check(FnAttr.isStringAttribute() ||
2199	Attribute::canUseAsFnAttr(FnAttr.getKindAsEnum()),
2200	"Attribute '" + FnAttr.getAsString() +
2201	"' does not apply to functions!",
2202	V);
2203
2204	Check(!(Attrs.hasFnAttr(Attribute::NoInline) &&
2205	Attrs.hasFnAttr(Attribute::AlwaysInline)),
2206	"Attributes 'noinline and alwaysinline' are incompatible!", V);
2207
2208	if (Attrs.hasFnAttr(Attribute::OptimizeNone)) {
2209	Check(Attrs.hasFnAttr(Attribute::NoInline),
2210	"Attribute 'optnone' requires 'noinline'!", V);
2211
2212	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2213	"Attributes 'optsize and optnone' are incompatible!", V);
2214
2215	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2216	"Attributes 'minsize and optnone' are incompatible!", V);
2217
2218	Check(!Attrs.hasFnAttr(Attribute::OptimizeForDebugging),
2219	"Attributes 'optdebug and optnone' are incompatible!", V);
2220	}
2221
2222	if (Attrs.hasFnAttr(Attribute::OptimizeForDebugging)) {
2223	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2224	"Attributes 'optsize and optdebug' are incompatible!", V);
2225
2226	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2227	"Attributes 'minsize and optdebug' are incompatible!", V);
2228	}
2229
2230	Check(!Attrs.hasAttrSomewhere(Attribute::Writable) ||
2231	isModSet(Attrs.getMemoryEffects().getModRef(IRMemLocation::ArgMem)),
2232	"Attribute writable and memory without argmem: write are incompatible!",
2233	V);
2234
2235	if (Attrs.hasFnAttr(Kind: "aarch64_pstate_sm_enabled")) {
2236	Check(!Attrs.hasFnAttr("aarch64_pstate_sm_compatible"),
2237	"Attributes 'aarch64_pstate_sm_enabled and "
2238	"aarch64_pstate_sm_compatible' are incompatible!",
2239	V);
2240	}
2241
2242	Check((Attrs.hasFnAttr("aarch64_new_za") + Attrs.hasFnAttr("aarch64_in_za") +
2243	Attrs.hasFnAttr("aarch64_inout_za") +
2244	Attrs.hasFnAttr("aarch64_out_za") +
2245	Attrs.hasFnAttr("aarch64_preserves_za")) <= 1,
2246	"Attributes 'aarch64_new_za', 'aarch64_in_za', 'aarch64_out_za', "
2247	"'aarch64_inout_za' and 'aarch64_preserves_za' are mutually exclusive",
2248	V);
2249
2250	Check(
2251	(Attrs.hasFnAttr("aarch64_new_zt0") + Attrs.hasFnAttr("aarch64_in_zt0") +
2252	Attrs.hasFnAttr("aarch64_inout_zt0") +
2253	Attrs.hasFnAttr("aarch64_out_zt0") +
2254	Attrs.hasFnAttr("aarch64_preserves_zt0")) <= 1,
2255	"Attributes 'aarch64_new_zt0', 'aarch64_in_zt0', 'aarch64_out_zt0', "
2256	"'aarch64_inout_zt0' and 'aarch64_preserves_zt0' are mutually exclusive",
2257	V);
2258
2259	if (Attrs.hasFnAttr(Attribute::JumpTable)) {
2260	const GlobalValue *GV = cast<GlobalValue>(Val: V);
2261	Check(GV->hasGlobalUnnamedAddr(),
2262	"Attribute 'jumptable' requires 'unnamed_addr'", V);
2263	}
2264
2265	if (auto Args = Attrs.getFnAttrs().getAllocSizeArgs()) {
2266	auto CheckParam = [&](StringRef Name, unsigned ParamNo) {
2267	if (ParamNo >= FT->getNumParams()) {
2268	CheckFailed(Message: "'allocsize' " + Name + " argument is out of bounds", V1: V);
2269	return false;
2270	}
2271
2272	if (!FT->getParamType(i: ParamNo)->isIntegerTy()) {
2273	CheckFailed(Message: "'allocsize' " + Name +
2274	" argument must refer to an integer parameter",
2275	V1: V);
2276	return false;
2277	}
2278
2279	return true;
2280	};
2281
2282	if (!CheckParam("element size", Args->first))
2283	return;
2284
2285	if (Args->second && !CheckParam("number of elements", *Args->second))
2286	return;
2287	}
2288
2289	if (Attrs.hasFnAttr(Attribute::AllocKind)) {
2290	AllocFnKind K = Attrs.getAllocKind();
2291	AllocFnKind Type =
2292	K & (AllocFnKind::Alloc | AllocFnKind::Realloc | AllocFnKind::Free);
2293	if (!is_contained(
2294	Set: {AllocFnKind::Alloc, AllocFnKind::Realloc, AllocFnKind::Free},
2295	Element: Type))
2296	CheckFailed(
2297	Message: "'allockind()' requires exactly one of alloc, realloc, and free");
2298	if ((Type == AllocFnKind::Free) &&
2299	((K & (AllocFnKind::Uninitialized | AllocFnKind::Zeroed |
2300	AllocFnKind::Aligned)) != AllocFnKind::Unknown))
2301	CheckFailed(Message: "'allockind(\"free\")' doesn't allow uninitialized, zeroed, "
2302	"or aligned modifiers.");
2303	AllocFnKind ZeroedUninit = AllocFnKind::Uninitialized | AllocFnKind::Zeroed;
2304	if ((K & ZeroedUninit) == ZeroedUninit)
2305	CheckFailed(Message: "'allockind()' can't be both zeroed and uninitialized");
2306	}
2307
2308	if (Attrs.hasFnAttr(Attribute::VScaleRange)) {
2309	unsigned VScaleMin = Attrs.getFnAttrs().getVScaleRangeMin();
2310	if (VScaleMin == 0)
2311	CheckFailed(Message: "'vscale_range' minimum must be greater than 0", V1: V);
2312	else if (!isPowerOf2_32(Value: VScaleMin))
2313	CheckFailed(Message: "'vscale_range' minimum must be power-of-two value", V1: V);
2314	std::optional<unsigned> VScaleMax = Attrs.getFnAttrs().getVScaleRangeMax();
2315	if (VScaleMax && VScaleMin > VScaleMax)
2316	CheckFailed(Message: "'vscale_range' minimum cannot be greater than maximum", V1: V);
2317	else if (VScaleMax && !isPowerOf2_32(Value: *VScaleMax))
2318	CheckFailed(Message: "'vscale_range' maximum must be power-of-two value", V1: V);
2319	}
2320
2321	if (Attrs.hasFnAttr(Kind: "frame-pointer")) {
2322	StringRef FP = Attrs.getFnAttr(Kind: "frame-pointer").getValueAsString();
2323	if (FP != "all" && FP != "non-leaf" && FP != "none")
2324	CheckFailed(Message: "invalid value for 'frame-pointer' attribute: " + FP, V1: V);
2325	}
2326
2327	// Check EVEX512 feature.
2328	if (MaxParameterWidth >= 512 && Attrs.hasFnAttr(Kind: "target-features") &&
2329	TT.isX86()) {
2330	StringRef TF = Attrs.getFnAttr(Kind: "target-features").getValueAsString();
2331	Check(!TF.contains("+avx512f") || !TF.contains("-evex512"),
2332	"512-bit vector arguments require 'evex512' for AVX512", V);
2333	}
2334
2335	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-prefix", V);
2336	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-entry", V);
2337	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "warn-stack-size", V);
2338
2339	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address"); A.isValid()) {
2340	StringRef S = A.getValueAsString();
2341	if (S != "none" && S != "all" && S != "non-leaf")
2342	CheckFailed(Message: "invalid value for 'sign-return-address' attribute: " + S, V1: V);
2343	}
2344
2345	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address-key"); A.isValid()) {
2346	StringRef S = A.getValueAsString();
2347	if (S != "a_key" && S != "b_key")
2348	CheckFailed(Message: "invalid value for 'sign-return-address-key' attribute: " + S,
2349	V1: V);
2350	}
2351
2352	if (auto A = Attrs.getFnAttr(Kind: "branch-target-enforcement"); A.isValid()) {
2353	StringRef S = A.getValueAsString();
2354	if (S != "true" && S != "false")
2355	CheckFailed(
2356	Message: "invalid value for 'branch-target-enforcement' attribute: " + S, V1: V);
2357	}
2358
2359	if (auto A = Attrs.getFnAttr(Kind: "vector-function-abi-variant"); A.isValid()) {
2360	StringRef S = A.getValueAsString();
2361	const std::optional<VFInfo> Info = VFABI::tryDemangleForVFABI(MangledName: S, FTy: FT);
2362	if (!Info)
2363	CheckFailed(Message: "invalid name for a VFABI variant: " + S, V1: V);
2364	}
2365	}
2366
2367	void Verifier::verifyFunctionMetadata(
2368	ArrayRef<std::pair<unsigned, MDNode *>> MDs) {
2369	for (const auto &Pair : MDs) {
2370	if (Pair.first == LLVMContext::MD_prof) {
2371	MDNode *MD = Pair.second;
2372	Check(MD->getNumOperands() >= 2,
2373	"!prof annotations should have no less than 2 operands", MD);
2374
2375	// Check first operand.
2376	Check(MD->getOperand(0) != nullptr, "first operand should not be null",
2377	MD);
2378	Check(isa<MDString>(MD->getOperand(0)),
2379	"expected string with name of the !prof annotation", MD);
2380	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
2381	StringRef ProfName = MDS->getString();
2382	Check(ProfName.equals("function_entry_count") ||
2383	ProfName.equals("synthetic_function_entry_count"),
2384	"first operand should be 'function_entry_count'"
2385	" or 'synthetic_function_entry_count'",
2386	MD);
2387
2388	// Check second operand.
2389	Check(MD->getOperand(1) != nullptr, "second operand should not be null",
2390	MD);
2391	Check(isa<ConstantAsMetadata>(MD->getOperand(1)),
2392	"expected integer argument to function_entry_count", MD);
2393	} else if (Pair.first == LLVMContext::MD_kcfi_type) {
2394	MDNode *MD = Pair.second;
2395	Check(MD->getNumOperands() == 1,
2396	"!kcfi_type must have exactly one operand", MD);
2397	Check(MD->getOperand(0) != nullptr, "!kcfi_type operand must not be null",
2398	MD);
2399	Check(isa<ConstantAsMetadata>(MD->getOperand(0)),
2400	"expected a constant operand for !kcfi_type", MD);
2401	Constant *C = cast<ConstantAsMetadata>(Val: MD->getOperand(I: 0))->getValue();
2402	Check(isa<ConstantInt>(C) && isa<IntegerType>(C->getType()),
2403	"expected a constant integer operand for !kcfi_type", MD);
2404	Check(cast<ConstantInt>(C)->getBitWidth() == 32,
2405	"expected a 32-bit integer constant operand for !kcfi_type", MD);
2406	}
2407	}
2408	}
2409
2410	void Verifier::visitConstantExprsRecursively(const Constant *EntryC) {
2411	if (!ConstantExprVisited.insert(Ptr: EntryC).second)
2412	return;
2413
2414	SmallVector<const Constant *, 16> Stack;
2415	Stack.push_back(Elt: EntryC);
2416
2417	while (!Stack.empty()) {
2418	const Constant *C = Stack.pop_back_val();
2419
2420	// Check this constant expression.
2421	if (const auto *CE = dyn_cast<ConstantExpr>(Val: C))
2422	visitConstantExpr(CE);
2423
2424	if (const auto *GV = dyn_cast<GlobalValue>(Val: C)) {
2425	// Global Values get visited separately, but we do need to make sure
2426	// that the global value is in the correct module
2427	Check(GV->getParent() == &M, "Referencing global in another module!",
2428	EntryC, &M, GV, GV->getParent());
2429	continue;
2430	}
2431
2432	// Visit all sub-expressions.
2433	for (const Use &U : C->operands()) {
2434	const auto *OpC = dyn_cast<Constant>(Val: U);
2435	if (!OpC)
2436	continue;
2437	if (!ConstantExprVisited.insert(Ptr: OpC).second)
2438	continue;
2439	Stack.push_back(Elt: OpC);
2440	}
2441	}
2442	}
2443
2444	void Verifier::visitConstantExpr(const ConstantExpr *CE) {
2445	if (CE->getOpcode() == Instruction::BitCast)
2446	Check(CastInst::castIsValid(Instruction::BitCast, CE->getOperand(0),
2447	CE->getType()),
2448	"Invalid bitcast", CE);
2449	}
2450
2451	bool Verifier::verifyAttributeCount(AttributeList Attrs, unsigned Params) {
2452	// There shouldn't be more attribute sets than there are parameters plus the
2453	// function and return value.
2454	return Attrs.getNumAttrSets() <= Params + 2;
2455	}
2456
2457	void Verifier::verifyInlineAsmCall(const CallBase &Call) {
2458	const InlineAsm *IA = cast<InlineAsm>(Val: Call.getCalledOperand());
2459	unsigned ArgNo = 0;
2460	unsigned LabelNo = 0;
2461	for (const InlineAsm::ConstraintInfo &CI : IA->ParseConstraints()) {
2462	if (CI.Type == InlineAsm::isLabel) {
2463	++LabelNo;
2464	continue;
2465	}
2466
2467	// Only deal with constraints that correspond to call arguments.
2468	if (!CI.hasArg())
2469	continue;
2470
2471	if (CI.isIndirect) {
2472	const Value *Arg = Call.getArgOperand(i: ArgNo);
2473	Check(Arg->getType()->isPointerTy(),
2474	"Operand for indirect constraint must have pointer type", &Call);
2475
2476	Check(Call.getParamElementType(ArgNo),
2477	"Operand for indirect constraint must have elementtype attribute",
2478	&Call);
2479	} else {
2480	Check(!Call.paramHasAttr(ArgNo, Attribute::ElementType),
2481	"Elementtype attribute can only be applied for indirect "
2482	"constraints",
2483	&Call);
2484	}
2485
2486	ArgNo++;
2487	}
2488
2489	if (auto *CallBr = dyn_cast<CallBrInst>(Val: &Call)) {
2490	Check(LabelNo == CallBr->getNumIndirectDests(),
2491	"Number of label constraints does not match number of callbr dests",
2492	&Call);
2493	} else {
2494	Check(LabelNo == 0, "Label constraints can only be used with callbr",
2495	&Call);
2496	}
2497	}
2498
2499	/// Verify that statepoint intrinsic is well formed.
2500	void Verifier::verifyStatepoint(const CallBase &Call) {
2501	assert(Call.getCalledFunction() &&
2502	Call.getCalledFunction()->getIntrinsicID() ==
2503	Intrinsic::experimental_gc_statepoint);
2504
2505	Check(!Call.doesNotAccessMemory() && !Call.onlyReadsMemory() &&
2506	!Call.onlyAccessesArgMemory(),
2507	"gc.statepoint must read and write all memory to preserve "
2508	"reordering restrictions required by safepoint semantics",
2509	Call);
2510
2511	const int64_t NumPatchBytes =
2512	cast<ConstantInt>(Val: Call.getArgOperand(i: 1))->getSExtValue();
2513	assert(isInt<32>(NumPatchBytes) && "NumPatchBytesV is an i32!");
2514	Check(NumPatchBytes >= 0,
2515	"gc.statepoint number of patchable bytes must be "
2516	"positive",
2517	Call);
2518
2519	Type *TargetElemType = Call.getParamElementType(ArgNo: 2);
2520	Check(TargetElemType,
2521	"gc.statepoint callee argument must have elementtype attribute", Call);
2522	FunctionType *TargetFuncType = dyn_cast<FunctionType>(Val: TargetElemType);
2523	Check(TargetFuncType,
2524	"gc.statepoint callee elementtype must be function type", Call);
2525
2526	const int NumCallArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: 3))->getZExtValue();
2527	Check(NumCallArgs >= 0,
2528	"gc.statepoint number of arguments to underlying call "
2529	"must be positive",
2530	Call);
2531	const int NumParams = (int)TargetFuncType->getNumParams();
2532	if (TargetFuncType->isVarArg()) {
2533	Check(NumCallArgs >= NumParams,
2534	"gc.statepoint mismatch in number of vararg call args", Call);
2535
2536	// TODO: Remove this limitation
2537	Check(TargetFuncType->getReturnType()->isVoidTy(),
2538	"gc.statepoint doesn't support wrapping non-void "
2539	"vararg functions yet",
2540	Call);
2541	} else
2542	Check(NumCallArgs == NumParams,
2543	"gc.statepoint mismatch in number of call args", Call);
2544
2545	const uint64_t Flags
2546	= cast<ConstantInt>(Val: Call.getArgOperand(i: 4))->getZExtValue();
2547	Check((Flags & ~(uint64_t)StatepointFlags::MaskAll) == 0,
2548	"unknown flag used in gc.statepoint flags argument", Call);
2549
2550	// Verify that the types of the call parameter arguments match
2551	// the type of the wrapped callee.
2552	AttributeList Attrs = Call.getAttributes();
2553	for (int i = 0; i < NumParams; i++) {
2554	Type *ParamType = TargetFuncType->getParamType(i);
2555	Type *ArgType = Call.getArgOperand(i: 5 + i)->getType();
2556	Check(ArgType == ParamType,
2557	"gc.statepoint call argument does not match wrapped "
2558	"function type",
2559	Call);
2560
2561	if (TargetFuncType->isVarArg()) {
2562	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: 5 + i);
2563	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
2564	"Attribute 'sret' cannot be used for vararg call arguments!", Call);
2565	}
2566	}
2567
2568	const int EndCallArgsInx = 4 + NumCallArgs;
2569
2570	const Value *NumTransitionArgsV = Call.getArgOperand(i: EndCallArgsInx + 1);
2571	Check(isa<ConstantInt>(NumTransitionArgsV),
2572	"gc.statepoint number of transition arguments "
2573	"must be constant integer",
2574	Call);
2575	const int NumTransitionArgs =
2576	cast<ConstantInt>(Val: NumTransitionArgsV)->getZExtValue();
2577	Check(NumTransitionArgs == 0,
2578	"gc.statepoint w/inline transition bundle is deprecated", Call);
2579	const int EndTransitionArgsInx = EndCallArgsInx + 1 + NumTransitionArgs;
2580
2581	const Value *NumDeoptArgsV = Call.getArgOperand(i: EndTransitionArgsInx + 1);
2582	Check(isa<ConstantInt>(NumDeoptArgsV),
2583	"gc.statepoint number of deoptimization arguments "
2584	"must be constant integer",
2585	Call);
2586	const int NumDeoptArgs = cast<ConstantInt>(Val: NumDeoptArgsV)->getZExtValue();
2587	Check(NumDeoptArgs == 0,
2588	"gc.statepoint w/inline deopt operands is deprecated", Call);
2589
2590	const int ExpectedNumArgs = 7 + NumCallArgs;
2591	Check(ExpectedNumArgs == (int)Call.arg_size(),
2592	"gc.statepoint too many arguments", Call);
2593
2594	// Check that the only uses of this gc.statepoint are gc.result or
2595	// gc.relocate calls which are tied to this statepoint and thus part
2596	// of the same statepoint sequence
2597	for (const User *U : Call.users()) {
2598	const CallInst *UserCall = dyn_cast<const CallInst>(Val: U);
2599	Check(UserCall, "illegal use of statepoint token", Call, U);
2600	if (!UserCall)
2601	continue;
2602	Check(isa<GCRelocateInst>(UserCall) || isa<GCResultInst>(UserCall),
2603	"gc.result or gc.relocate are the only value uses "
2604	"of a gc.statepoint",
2605	Call, U);
2606	if (isa<GCResultInst>(Val: UserCall)) {
2607	Check(UserCall->getArgOperand(0) == &Call,
2608	"gc.result connected to wrong gc.statepoint", Call, UserCall);
2609	} else if (isa<GCRelocateInst>(Val: Call)) {
2610	Check(UserCall->getArgOperand(0) == &Call,
2611	"gc.relocate connected to wrong gc.statepoint", Call, UserCall);
2612	}
2613	}
2614
2615	// Note: It is legal for a single derived pointer to be listed multiple
2616	// times. It's non-optimal, but it is legal. It can also happen after
2617	// insertion if we strip a bitcast away.
2618	// Note: It is really tempting to check that each base is relocated and
2619	// that a derived pointer is never reused as a base pointer. This turns
2620	// out to be problematic since optimizations run after safepoint insertion
2621	// can recognize equality properties that the insertion logic doesn't know
2622	// about. See example statepoint.ll in the verifier subdirectory
2623	}
2624
2625	void Verifier::verifyFrameRecoverIndices() {
2626	for (auto &Counts : FrameEscapeInfo) {
2627	Function *F = Counts.first;
2628	unsigned EscapedObjectCount = Counts.second.first;
2629	unsigned MaxRecoveredIndex = Counts.second.second;
2630	Check(MaxRecoveredIndex <= EscapedObjectCount,
2631	"all indices passed to llvm.localrecover must be less than the "
2632	"number of arguments passed to llvm.localescape in the parent "
2633	"function",
2634	F);
2635	}
2636	}
2637
2638	static Instruction *getSuccPad(Instruction *Terminator) {
2639	BasicBlock *UnwindDest;
2640	if (auto *II = dyn_cast<InvokeInst>(Val: Terminator))
2641	UnwindDest = II->getUnwindDest();
2642	else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: Terminator))
2643	UnwindDest = CSI->getUnwindDest();
2644	else
2645	UnwindDest = cast<CleanupReturnInst>(Val: Terminator)->getUnwindDest();
2646	return UnwindDest->getFirstNonPHI();
2647	}
2648
2649	void Verifier::verifySiblingFuncletUnwinds() {
2650	SmallPtrSet<Instruction *, 8> Visited;
2651	SmallPtrSet<Instruction *, 8> Active;
2652	for (const auto &Pair : SiblingFuncletInfo) {
2653	Instruction *PredPad = Pair.first;
2654	if (Visited.count(Ptr: PredPad))
2655	continue;
2656	Active.insert(Ptr: PredPad);
2657	Instruction *Terminator = Pair.second;
2658	do {
2659	Instruction *SuccPad = getSuccPad(Terminator);
2660	if (Active.count(Ptr: SuccPad)) {
2661	// Found a cycle; report error
2662	Instruction *CyclePad = SuccPad;
2663	SmallVector<Instruction *, 8> CycleNodes;
2664	do {
2665	CycleNodes.push_back(Elt: CyclePad);
2666	Instruction *CycleTerminator = SiblingFuncletInfo[CyclePad];
2667	if (CycleTerminator != CyclePad)
2668	CycleNodes.push_back(Elt: CycleTerminator);
2669	CyclePad = getSuccPad(Terminator: CycleTerminator);
2670	} while (CyclePad != SuccPad);
2671	Check(false, "EH pads can't handle each other's exceptions",
2672	ArrayRef<Instruction *>(CycleNodes));
2673	}
2674	// Don't re-walk a node we've already checked
2675	if (!Visited.insert(Ptr: SuccPad).second)
2676	break;
2677	// Walk to this successor if it has a map entry.
2678	PredPad = SuccPad;
2679	auto TermI = SiblingFuncletInfo.find(Key: PredPad);
2680	if (TermI == SiblingFuncletInfo.end())
2681	break;
2682	Terminator = TermI->second;
2683	Active.insert(Ptr: PredPad);
2684	} while (true);
2685	// Each node only has one successor, so we've walked all the active
2686	// nodes' successors.
2687	Active.clear();
2688	}
2689	}
2690
2691	// visitFunction - Verify that a function is ok.
2692	//
2693	void Verifier::visitFunction(const Function &F) {
2694	visitGlobalValue(GV: F);
2695
2696	// Check function arguments.
2697	FunctionType *FT = F.getFunctionType();
2698	unsigned NumArgs = F.arg_size();
2699
2700	Check(&Context == &F.getContext(),
2701	"Function context does not match Module context!", &F);
2702
2703	Check(!F.hasCommonLinkage(), "Functions may not have common linkage", &F);
2704	Check(FT->getNumParams() == NumArgs,
2705	"# formal arguments must match # of arguments for function type!", &F,
2706	FT);
2707	Check(F.getReturnType()->isFirstClassType() ||
2708	F.getReturnType()->isVoidTy() || F.getReturnType()->isStructTy(),
2709	"Functions cannot return aggregate values!", &F);
2710
2711	Check(!F.hasStructRetAttr() || F.getReturnType()->isVoidTy(),
2712	"Invalid struct return type!", &F);
2713
2714	AttributeList Attrs = F.getAttributes();
2715
2716	Check(verifyAttributeCount(Attrs, FT->getNumParams()),
2717	"Attribute after last parameter!", &F);
2718
2719	CheckDI(F.IsNewDbgInfoFormat == F.getParent()->IsNewDbgInfoFormat,
2720	"Function debug format should match parent module", &F,
2721	F.IsNewDbgInfoFormat, F.getParent(),
2722	F.getParent()->IsNewDbgInfoFormat);
2723
2724	bool IsIntrinsic = F.isIntrinsic();
2725
2726	// Check function attributes.
2727	verifyFunctionAttrs(FT, Attrs, V: &F, IsIntrinsic, /* IsInlineAsm */ false);
2728
2729	// On function declarations/definitions, we do not support the builtin
2730	// attribute. We do not check this in VerifyFunctionAttrs since that is
2731	// checking for Attributes that can/can not ever be on functions.
2732	Check(!Attrs.hasFnAttr(Attribute::Builtin),
2733	"Attribute 'builtin' can only be applied to a callsite.", &F);
2734
2735	Check(!Attrs.hasAttrSomewhere(Attribute::ElementType),
2736	"Attribute 'elementtype' can only be applied to a callsite.", &F);
2737
2738	// Check that this function meets the restrictions on this calling convention.
2739	// Sometimes varargs is used for perfectly forwarding thunks, so some of these
2740	// restrictions can be lifted.
2741	switch (F.getCallingConv()) {
2742	default:
2743	case CallingConv::C:
2744	break;
2745	case CallingConv::X86_INTR: {
2746	Check(F.arg_empty() || Attrs.hasParamAttr(0, Attribute::ByVal),
2747	"Calling convention parameter requires byval", &F);
2748	break;
2749	}
2750	case CallingConv::AMDGPU_KERNEL:
2751	case CallingConv::SPIR_KERNEL:
2752	case CallingConv::AMDGPU_CS_Chain:
2753	case CallingConv::AMDGPU_CS_ChainPreserve:
2754	Check(F.getReturnType()->isVoidTy(),
2755	"Calling convention requires void return type", &F);
2756	[[fallthrough]];
2757	case CallingConv::AMDGPU_VS:
2758	case CallingConv::AMDGPU_HS:
2759	case CallingConv::AMDGPU_GS:
2760	case CallingConv::AMDGPU_PS:
2761	case CallingConv::AMDGPU_CS:
2762	Check(!F.hasStructRetAttr(), "Calling convention does not allow sret", &F);
2763	if (F.getCallingConv() != CallingConv::SPIR_KERNEL) {
2764	const unsigned StackAS = DL.getAllocaAddrSpace();
2765	unsigned i = 0;
2766	for (const Argument &Arg : F.args()) {
2767	Check(!Attrs.hasParamAttr(i, Attribute::ByVal),
2768	"Calling convention disallows byval", &F);
2769	Check(!Attrs.hasParamAttr(i, Attribute::Preallocated),
2770	"Calling convention disallows preallocated", &F);
2771	Check(!Attrs.hasParamAttr(i, Attribute::InAlloca),
2772	"Calling convention disallows inalloca", &F);
2773
2774	if (Attrs.hasParamAttr(i, Attribute::ByRef)) {
2775	// FIXME: Should also disallow LDS and GDS, but we don't have the enum
2776	// value here.
2777	Check(Arg.getType()->getPointerAddressSpace() != StackAS,
2778	"Calling convention disallows stack byref", &F);
2779	}
2780
2781	++i;
2782	}
2783	}
2784
2785	[[fallthrough]];
2786	case CallingConv::Fast:
2787	case CallingConv::Cold:
2788	case CallingConv::Intel_OCL_BI:
2789	case CallingConv::PTX_Kernel:
2790	case CallingConv::PTX_Device:
2791	Check(!F.isVarArg(),
2792	"Calling convention does not support varargs or "
2793	"perfect forwarding!",
2794	&F);
2795	break;
2796	}
2797
2798	// Check that the argument values match the function type for this function...
2799	unsigned i = 0;
2800	for (const Argument &Arg : F.args()) {
2801	Check(Arg.getType() == FT->getParamType(i),
2802	"Argument value does not match function argument type!", &Arg,
2803	FT->getParamType(i));
2804	Check(Arg.getType()->isFirstClassType(),
2805	"Function arguments must have first-class types!", &Arg);
2806	if (!IsIntrinsic) {
2807	Check(!Arg.getType()->isMetadataTy(),
2808	"Function takes metadata but isn't an intrinsic", &Arg, &F);
2809	Check(!Arg.getType()->isTokenTy(),
2810	"Function takes token but isn't an intrinsic", &Arg, &F);
2811	Check(!Arg.getType()->isX86_AMXTy(),
2812	"Function takes x86_amx but isn't an intrinsic", &Arg, &F);
2813	}
2814
2815	// Check that swifterror argument is only used by loads and stores.
2816	if (Attrs.hasParamAttr(i, Attribute::SwiftError)) {
2817	verifySwiftErrorValue(SwiftErrorVal: &Arg);
2818	}
2819	++i;
2820	}
2821
2822	if (!IsIntrinsic) {
2823	Check(!F.getReturnType()->isTokenTy(),
2824	"Function returns a token but isn't an intrinsic", &F);
2825	Check(!F.getReturnType()->isX86_AMXTy(),
2826	"Function returns a x86_amx but isn't an intrinsic", &F);
2827	}
2828
2829	// Get the function metadata attachments.
2830	SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
2831	F.getAllMetadata(MDs);
2832	assert(F.hasMetadata() != MDs.empty() && "Bit out-of-sync");
2833	verifyFunctionMetadata(MDs);
2834
2835	// Check validity of the personality function
2836	if (F.hasPersonalityFn()) {
2837	auto *Per = dyn_cast<Function>(Val: F.getPersonalityFn()->stripPointerCasts());
2838	if (Per)
2839	Check(Per->getParent() == F.getParent(),
2840	"Referencing personality function in another module!", &F,
2841	F.getParent(), Per, Per->getParent());
2842	}
2843
2844	// EH funclet coloring can be expensive, recompute on-demand
2845	BlockEHFuncletColors.clear();
2846
2847	if (F.isMaterializable()) {
2848	// Function has a body somewhere we can't see.
2849	Check(MDs.empty(), "unmaterialized function cannot have metadata", &F,
2850	MDs.empty() ? nullptr : MDs.front().second);
2851	} else if (F.isDeclaration()) {
2852	for (const auto &I : MDs) {
2853	// This is used for call site debug information.
2854	CheckDI(I.first != LLVMContext::MD_dbg ||
2855	!cast<DISubprogram>(I.second)->isDistinct(),
2856	"function declaration may only have a unique !dbg attachment",
2857	&F);
2858	Check(I.first != LLVMContext::MD_prof,
2859	"function declaration may not have a !prof attachment", &F);
2860
2861	// Verify the metadata itself.
2862	visitMDNode(MD: *I.second, AllowLocs: AreDebugLocsAllowed::Yes);
2863	}
2864	Check(!F.hasPersonalityFn(),
2865	"Function declaration shouldn't have a personality routine", &F);
2866	} else {
2867	// Verify that this function (which has a body) is not named "llvm.*". It
2868	// is not legal to define intrinsics.
2869	Check(!IsIntrinsic, "llvm intrinsics cannot be defined!", &F);
2870
2871	// Check the entry node
2872	const BasicBlock *Entry = &F.getEntryBlock();
2873	Check(pred_empty(Entry),
2874	"Entry block to function must not have predecessors!", Entry);
2875
2876	// The address of the entry block cannot be taken, unless it is dead.
2877	if (Entry->hasAddressTaken()) {
2878	Check(!BlockAddress::lookup(Entry)->isConstantUsed(),
2879	"blockaddress may not be used with the entry block!", Entry);
2880	}
2881
2882	unsigned NumDebugAttachments = 0, NumProfAttachments = 0,
2883	NumKCFIAttachments = 0;
2884	// Visit metadata attachments.
2885	for (const auto &I : MDs) {
2886	// Verify that the attachment is legal.
2887	auto AllowLocs = AreDebugLocsAllowed::No;
2888	switch (I.first) {
2889	default:
2890	break;
2891	case LLVMContext::MD_dbg: {
2892	++NumDebugAttachments;
2893	CheckDI(NumDebugAttachments == 1,
2894	"function must have a single !dbg attachment", &F, I.second);
2895	CheckDI(isa<DISubprogram>(I.second),
2896	"function !dbg attachment must be a subprogram", &F, I.second);
2897	CheckDI(cast<DISubprogram>(I.second)->isDistinct(),
2898	"function definition may only have a distinct !dbg attachment",
2899	&F);
2900
2901	auto *SP = cast<DISubprogram>(Val: I.second);
2902	const Function *&AttachedTo = DISubprogramAttachments[SP];
2903	CheckDI(!AttachedTo || AttachedTo == &F,
2904	"DISubprogram attached to more than one function", SP, &F);
2905	AttachedTo = &F;
2906	AllowLocs = AreDebugLocsAllowed::Yes;
2907	break;
2908	}
2909	case LLVMContext::MD_prof:
2910	++NumProfAttachments;
2911	Check(NumProfAttachments == 1,
2912	"function must have a single !prof attachment", &F, I.second);
2913	break;
2914	case LLVMContext::MD_kcfi_type:
2915	++NumKCFIAttachments;
2916	Check(NumKCFIAttachments == 1,
2917	"function must have a single !kcfi_type attachment", &F,
2918	I.second);
2919	break;
2920	}
2921
2922	// Verify the metadata itself.
2923	visitMDNode(MD: *I.second, AllowLocs);
2924	}
2925	}
2926
2927	// If this function is actually an intrinsic, verify that it is only used in
2928	// direct call/invokes, never having its "address taken".
2929	// Only do this if the module is materialized, otherwise we don't have all the
2930	// uses.
2931	if (F.isIntrinsic() && F.getParent()->isMaterialized()) {
2932	const User *U;
2933	if (F.hasAddressTaken(&U, IgnoreCallbackUses: false, IgnoreAssumeLikeCalls: true, IngoreLLVMUsed: false,
2934	/*IgnoreARCAttachedCall=*/true))
2935	Check(false, "Invalid user of intrinsic instruction!", U);
2936	}
2937
2938	// Check intrinsics' signatures.
2939	switch (F.getIntrinsicID()) {
2940	case Intrinsic::experimental_gc_get_pointer_base: {
2941	FunctionType *FT = F.getFunctionType();
2942	Check(FT->getNumParams() == 1, "wrong number of parameters", F);
2943	Check(isa<PointerType>(F.getReturnType()),
2944	"gc.get.pointer.base must return a pointer", F);
2945	Check(FT->getParamType(0) == F.getReturnType(),
2946	"gc.get.pointer.base operand and result must be of the same type", F);
2947	break;
2948	}
2949	case Intrinsic::experimental_gc_get_pointer_offset: {
2950	FunctionType *FT = F.getFunctionType();
2951	Check(FT->getNumParams() == 1, "wrong number of parameters", F);
2952	Check(isa<PointerType>(FT->getParamType(0)),
2953	"gc.get.pointer.offset operand must be a pointer", F);
2954	Check(F.getReturnType()->isIntegerTy(),
2955	"gc.get.pointer.offset must return integer", F);
2956	break;
2957	}
2958	}
2959
2960	auto *N = F.getSubprogram();
2961	HasDebugInfo = (N != nullptr);
2962	if (!HasDebugInfo)
2963	return;
2964
2965	// Check that all !dbg attachments lead to back to N.
2966	//
2967	// FIXME: Check this incrementally while visiting !dbg attachments.
2968	// FIXME: Only check when N is the canonical subprogram for F.
2969	SmallPtrSet<const MDNode *, 32> Seen;
2970	auto VisitDebugLoc = [&](const Instruction &I, const MDNode *Node) {
2971	// Be careful about using DILocation here since we might be dealing with
2972	// broken code (this is the Verifier after all).
2973	const DILocation *DL = dyn_cast_or_null<DILocation>(Val: Node);
2974	if (!DL)
2975	return;
2976	if (!Seen.insert(Ptr: DL).second)
2977	return;
2978
2979	Metadata *Parent = DL->getRawScope();
2980	CheckDI(Parent && isa<DILocalScope>(Parent),
2981	"DILocation's scope must be a DILocalScope", N, &F, &I, DL, Parent);
2982
2983	DILocalScope *Scope = DL->getInlinedAtScope();
2984	Check(Scope, "Failed to find DILocalScope", DL);
2985
2986	if (!Seen.insert(Ptr: Scope).second)
2987	return;
2988
2989	DISubprogram *SP = Scope->getSubprogram();
2990
2991	// Scope and SP could be the same MDNode and we don't want to skip
2992	// validation in that case
2993	if (SP && ((Scope != SP) && !Seen.insert(Ptr: SP).second))
2994	return;
2995
2996	CheckDI(SP->describes(&F),
2997	"!dbg attachment points at wrong subprogram for function", N, &F,
2998	&I, DL, Scope, SP);
2999	};
3000	for (auto &BB : F)
3001	for (auto &I : BB) {
3002	VisitDebugLoc(I, I.getDebugLoc().getAsMDNode());
3003	// The llvm.loop annotations also contain two DILocations.
3004	if (auto MD = I.getMetadata(KindID: LLVMContext::MD_loop))
3005	for (unsigned i = 1; i < MD->getNumOperands(); ++i)
3006	VisitDebugLoc(I, dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: i)));
3007	if (BrokenDebugInfo)
3008	return;
3009	}
3010	}
3011
3012	// verifyBasicBlock - Verify that a basic block is well formed...
3013	//
3014	void Verifier::visitBasicBlock(BasicBlock &BB) {
3015	InstsInThisBlock.clear();
3016	ConvergenceVerifyHelper.visit(BB);
3017
3018	// Ensure that basic blocks have terminators!
3019	Check(BB.getTerminator(), "Basic Block does not have terminator!", &BB);
3020
3021	// Check constraints that this basic block imposes on all of the PHI nodes in
3022	// it.
3023	if (isa<PHINode>(Val: BB.front())) {
3024	SmallVector<BasicBlock *, 8> Preds(predecessors(BB: &BB));
3025	SmallVector<std::pair<BasicBlock*, Value*>, 8> Values;
3026	llvm::sort(C&: Preds);
3027	for (const PHINode &PN : BB.phis()) {
3028	Check(PN.getNumIncomingValues() == Preds.size(),
3029	"PHINode should have one entry for each predecessor of its "
3030	"parent basic block!",
3031	&PN);
3032
3033	// Get and sort all incoming values in the PHI node...
3034	Values.clear();
3035	Values.reserve(N: PN.getNumIncomingValues());
3036	for (unsigned i = 0, e = PN.getNumIncomingValues(); i != e; ++i)
3037	Values.push_back(
3038	Elt: std::make_pair(x: PN.getIncomingBlock(i), y: PN.getIncomingValue(i)));
3039	llvm::sort(C&: Values);
3040
3041	for (unsigned i = 0, e = Values.size(); i != e; ++i) {
3042	// Check to make sure that if there is more than one entry for a
3043	// particular basic block in this PHI node, that the incoming values are
3044	// all identical.
3045	//
3046	Check(i == 0 || Values[i].first != Values[i - 1].first ||
3047	Values[i].second == Values[i - 1].second,
3048	"PHI node has multiple entries for the same basic block with "
3049	"different incoming values!",
3050	&PN, Values[i].first, Values[i].second, Values[i - 1].second);
3051
3052	// Check to make sure that the predecessors and PHI node entries are
3053	// matched up.
3054	Check(Values[i].first == Preds[i],
3055	"PHI node entries do not match predecessors!", &PN,
3056	Values[i].first, Preds[i]);
3057	}
3058	}
3059	}
3060
3061	// Check that all instructions have their parent pointers set up correctly.
3062	for (auto &I : BB)
3063	{
3064	Check(I.getParent() == &BB, "Instruction has bogus parent pointer!");
3065	}
3066
3067	CheckDI(BB.IsNewDbgInfoFormat == BB.getParent()->IsNewDbgInfoFormat,
3068	"BB debug format should match parent function", &BB,
3069	BB.IsNewDbgInfoFormat, BB.getParent(),
3070	BB.getParent()->IsNewDbgInfoFormat);
3071
3072	// Confirm that no issues arise from the debug program.
3073	if (BB.IsNewDbgInfoFormat)
3074	CheckDI(!BB.getTrailingDbgRecords(), "Basic Block has trailing DbgRecords!",
3075	&BB);
3076	}
3077
3078	void Verifier::visitTerminator(Instruction &I) {
3079	// Ensure that terminators only exist at the end of the basic block.
3080	Check(&I == I.getParent()->getTerminator(),
3081	"Terminator found in the middle of a basic block!", I.getParent());
3082	visitInstruction(I);
3083	}
3084
3085	void Verifier::visitBranchInst(BranchInst &BI) {
3086	if (BI.isConditional()) {
3087	Check(BI.getCondition()->getType()->isIntegerTy(1),
3088	"Branch condition is not 'i1' type!", &BI, BI.getCondition());
3089	}
3090	visitTerminator(I&: BI);
3091	}
3092
3093	void Verifier::visitReturnInst(ReturnInst &RI) {
3094	Function *F = RI.getParent()->getParent();
3095	unsigned N = RI.getNumOperands();
3096	if (F->getReturnType()->isVoidTy())
3097	Check(N == 0,
3098	"Found return instr that returns non-void in Function of void "
3099	"return type!",
3100	&RI, F->getReturnType());
3101	else
3102	Check(N == 1 && F->getReturnType() == RI.getOperand(0)->getType(),
3103	"Function return type does not match operand "
3104	"type of return inst!",
3105	&RI, F->getReturnType());
3106
3107	// Check to make sure that the return value has necessary properties for
3108	// terminators...
3109	visitTerminator(I&: RI);
3110	}
3111
3112	void Verifier::visitSwitchInst(SwitchInst &SI) {
3113	Check(SI.getType()->isVoidTy(), "Switch must have void result type!", &SI);
3114	// Check to make sure that all of the constants in the switch instruction
3115	// have the same type as the switched-on value.
3116	Type *SwitchTy = SI.getCondition()->getType();
3117	SmallPtrSet<ConstantInt*, 32> Constants;
3118	for (auto &Case : SI.cases()) {
3119	Check(isa<ConstantInt>(SI.getOperand(Case.getCaseIndex() * 2 + 2)),
3120	"Case value is not a constant integer.", &SI);
3121	Check(Case.getCaseValue()->getType() == SwitchTy,
3122	"Switch constants must all be same type as switch value!", &SI);
3123	Check(Constants.insert(Case.getCaseValue()).second,
3124	"Duplicate integer as switch case", &SI, Case.getCaseValue());
3125	}
3126
3127	visitTerminator(I&: SI);
3128	}
3129
3130	void Verifier::visitIndirectBrInst(IndirectBrInst &BI) {
3131	Check(BI.getAddress()->getType()->isPointerTy(),
3132	"Indirectbr operand must have pointer type!", &BI);
3133	for (unsigned i = 0, e = BI.getNumDestinations(); i != e; ++i)
3134	Check(BI.getDestination(i)->getType()->isLabelTy(),
3135	"Indirectbr destinations must all have pointer type!", &BI);
3136
3137	visitTerminator(I&: BI);
3138	}
3139
3140	void Verifier::visitCallBrInst(CallBrInst &CBI) {
3141	Check(CBI.isInlineAsm(), "Callbr is currently only used for asm-goto!", &CBI);
3142	const InlineAsm *IA = cast<InlineAsm>(Val: CBI.getCalledOperand());
3143	Check(!IA->canThrow(), "Unwinding from Callbr is not allowed");
3144
3145	verifyInlineAsmCall(Call: CBI);
3146	visitTerminator(I&: CBI);
3147	}
3148
3149	void Verifier::visitSelectInst(SelectInst &SI) {
3150	Check(!SelectInst::areInvalidOperands(SI.getOperand(0), SI.getOperand(1),
3151	SI.getOperand(2)),
3152	"Invalid operands for select instruction!", &SI);
3153
3154	Check(SI.getTrueValue()->getType() == SI.getType(),
3155	"Select values must have same type as select instruction!", &SI);
3156	visitInstruction(I&: SI);
3157	}
3158
3159	/// visitUserOp1 - User defined operators shouldn't live beyond the lifetime of
3160	/// a pass, if any exist, it's an error.
3161	///
3162	void Verifier::visitUserOp1(Instruction &I) {
3163	Check(false, "User-defined operators should not live outside of a pass!", &I);
3164	}
3165
3166	void Verifier::visitTruncInst(TruncInst &I) {
3167	// Get the source and destination types
3168	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3169	Type *DestTy = I.getType();
3170
3171	// Get the size of the types in bits, we'll need this later
3172	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3173	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3174
3175	Check(SrcTy->isIntOrIntVectorTy(), "Trunc only operates on integer", &I);
3176	Check(DestTy->isIntOrIntVectorTy(), "Trunc only produces integer", &I);
3177	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3178	"trunc source and destination must both be a vector or neither", &I);
3179	Check(SrcBitSize > DestBitSize, "DestTy too big for Trunc", &I);
3180
3181	visitInstruction(I);
3182	}
3183
3184	void Verifier::visitZExtInst(ZExtInst &I) {
3185	// Get the source and destination types
3186	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3187	Type *DestTy = I.getType();
3188
3189	// Get the size of the types in bits, we'll need this later
3190	Check(SrcTy->isIntOrIntVectorTy(), "ZExt only operates on integer", &I);
3191	Check(DestTy->isIntOrIntVectorTy(), "ZExt only produces an integer", &I);
3192	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3193	"zext source and destination must both be a vector or neither", &I);
3194	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3195	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3196
3197	Check(SrcBitSize < DestBitSize, "Type too small for ZExt", &I);
3198
3199	visitInstruction(I);
3200	}
3201
3202	void Verifier::visitSExtInst(SExtInst &I) {
3203	// Get the source and destination types
3204	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3205	Type *DestTy = I.getType();
3206
3207	// Get the size of the types in bits, we'll need this later
3208	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3209	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3210
3211	Check(SrcTy->isIntOrIntVectorTy(), "SExt only operates on integer", &I);
3212	Check(DestTy->isIntOrIntVectorTy(), "SExt only produces an integer", &I);
3213	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3214	"sext source and destination must both be a vector or neither", &I);
3215	Check(SrcBitSize < DestBitSize, "Type too small for SExt", &I);
3216
3217	visitInstruction(I);
3218	}
3219
3220	void Verifier::visitFPTruncInst(FPTruncInst &I) {
3221	// Get the source and destination types
3222	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3223	Type *DestTy = I.getType();
3224	// Get the size of the types in bits, we'll need this later
3225	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3226	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3227
3228	Check(SrcTy->isFPOrFPVectorTy(), "FPTrunc only operates on FP", &I);
3229	Check(DestTy->isFPOrFPVectorTy(), "FPTrunc only produces an FP", &I);
3230	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3231	"fptrunc source and destination must both be a vector or neither", &I);
3232	Check(SrcBitSize > DestBitSize, "DestTy too big for FPTrunc", &I);
3233
3234	visitInstruction(I);
3235	}
3236
3237	void Verifier::visitFPExtInst(FPExtInst &I) {
3238	// Get the source and destination types
3239	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3240	Type *DestTy = I.getType();
3241
3242	// Get the size of the types in bits, we'll need this later
3243	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3244	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3245
3246	Check(SrcTy->isFPOrFPVectorTy(), "FPExt only operates on FP", &I);
3247	Check(DestTy->isFPOrFPVectorTy(), "FPExt only produces an FP", &I);
3248	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3249	"fpext source and destination must both be a vector or neither", &I);
3250	Check(SrcBitSize < DestBitSize, "DestTy too small for FPExt", &I);
3251
3252	visitInstruction(I);
3253	}
3254
3255	void Verifier::visitUIToFPInst(UIToFPInst &I) {
3256	// Get the source and destination types
3257	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3258	Type *DestTy = I.getType();
3259
3260	bool SrcVec = SrcTy->isVectorTy();
3261	bool DstVec = DestTy->isVectorTy();
3262
3263	Check(SrcVec == DstVec,
3264	"UIToFP source and dest must both be vector or scalar", &I);
3265	Check(SrcTy->isIntOrIntVectorTy(),
3266	"UIToFP source must be integer or integer vector", &I);
3267	Check(DestTy->isFPOrFPVectorTy(), "UIToFP result must be FP or FP vector",
3268	&I);
3269
3270	if (SrcVec && DstVec)
3271	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3272	cast<VectorType>(DestTy)->getElementCount(),
3273	"UIToFP source and dest vector length mismatch", &I);
3274
3275	visitInstruction(I);
3276	}
3277
3278	void Verifier::visitSIToFPInst(SIToFPInst &I) {
3279	// Get the source and destination types
3280	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3281	Type *DestTy = I.getType();
3282
3283	bool SrcVec = SrcTy->isVectorTy();
3284	bool DstVec = DestTy->isVectorTy();
3285
3286	Check(SrcVec == DstVec,
3287	"SIToFP source and dest must both be vector or scalar", &I);
3288	Check(SrcTy->isIntOrIntVectorTy(),
3289	"SIToFP source must be integer or integer vector", &I);
3290	Check(DestTy->isFPOrFPVectorTy(), "SIToFP result must be FP or FP vector",
3291	&I);
3292
3293	if (SrcVec && DstVec)
3294	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3295	cast<VectorType>(DestTy)->getElementCount(),
3296	"SIToFP source and dest vector length mismatch", &I);
3297
3298	visitInstruction(I);
3299	}
3300
3301	void Verifier::visitFPToUIInst(FPToUIInst &I) {
3302	// Get the source and destination types
3303	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3304	Type *DestTy = I.getType();
3305
3306	bool SrcVec = SrcTy->isVectorTy();
3307	bool DstVec = DestTy->isVectorTy();
3308
3309	Check(SrcVec == DstVec,
3310	"FPToUI source and dest must both be vector or scalar", &I);
3311	Check(SrcTy->isFPOrFPVectorTy(), "FPToUI source must be FP or FP vector", &I);
3312	Check(DestTy->isIntOrIntVectorTy(),
3313	"FPToUI result must be integer or integer vector", &I);
3314
3315	if (SrcVec && DstVec)
3316	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3317	cast<VectorType>(DestTy)->getElementCount(),
3318	"FPToUI source and dest vector length mismatch", &I);
3319
3320	visitInstruction(I);
3321	}
3322
3323	void Verifier::visitFPToSIInst(FPToSIInst &I) {
3324	// Get the source and destination types
3325	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3326	Type *DestTy = I.getType();
3327
3328	bool SrcVec = SrcTy->isVectorTy();
3329	bool DstVec = DestTy->isVectorTy();
3330
3331	Check(SrcVec == DstVec,
3332	"FPToSI source and dest must both be vector or scalar", &I);
3333	Check(SrcTy->isFPOrFPVectorTy(), "FPToSI source must be FP or FP vector", &I);
3334	Check(DestTy->isIntOrIntVectorTy(),
3335	"FPToSI result must be integer or integer vector", &I);
3336
3337	if (SrcVec && DstVec)
3338	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3339	cast<VectorType>(DestTy)->getElementCount(),
3340	"FPToSI source and dest vector length mismatch", &I);
3341
3342	visitInstruction(I);
3343	}
3344
3345	void Verifier::visitPtrToIntInst(PtrToIntInst &I) {
3346	// Get the source and destination types
3347	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3348	Type *DestTy = I.getType();
3349
3350	Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToInt source must be pointer", &I);
3351
3352	Check(DestTy->isIntOrIntVectorTy(), "PtrToInt result must be integral", &I);
3353	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToInt type mismatch",
3354	&I);
3355
3356	if (SrcTy->isVectorTy()) {
3357	auto *VSrc = cast<VectorType>(Val: SrcTy);
3358	auto *VDest = cast<VectorType>(Val: DestTy);
3359	Check(VSrc->getElementCount() == VDest->getElementCount(),
3360	"PtrToInt Vector width mismatch", &I);
3361	}
3362
3363	visitInstruction(I);
3364	}
3365
3366	void Verifier::visitIntToPtrInst(IntToPtrInst &I) {
3367	// Get the source and destination types
3368	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3369	Type *DestTy = I.getType();
3370
3371	Check(SrcTy->isIntOrIntVectorTy(), "IntToPtr source must be an integral", &I);
3372	Check(DestTy->isPtrOrPtrVectorTy(), "IntToPtr result must be a pointer", &I);
3373
3374	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "IntToPtr type mismatch",
3375	&I);
3376	if (SrcTy->isVectorTy()) {
3377	auto *VSrc = cast<VectorType>(Val: SrcTy);
3378	auto *VDest = cast<VectorType>(Val: DestTy);
3379	Check(VSrc->getElementCount() == VDest->getElementCount(),
3380	"IntToPtr Vector width mismatch", &I);
3381	}
3382	visitInstruction(I);
3383	}
3384
3385	void Verifier::visitBitCastInst(BitCastInst &I) {
3386	Check(
3387	CastInst::castIsValid(Instruction::BitCast, I.getOperand(0), I.getType()),
3388	"Invalid bitcast", &I);
3389	visitInstruction(I);
3390	}
3391
3392	void Verifier::visitAddrSpaceCastInst(AddrSpaceCastInst &I) {
3393	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3394	Type *DestTy = I.getType();
3395
3396	Check(SrcTy->isPtrOrPtrVectorTy(), "AddrSpaceCast source must be a pointer",
3397	&I);
3398	Check(DestTy->isPtrOrPtrVectorTy(), "AddrSpaceCast result must be a pointer",
3399	&I);
3400	Check(SrcTy->getPointerAddressSpace() != DestTy->getPointerAddressSpace(),
3401	"AddrSpaceCast must be between different address spaces", &I);
3402	if (auto *SrcVTy = dyn_cast<VectorType>(Val: SrcTy))
3403	Check(SrcVTy->getElementCount() ==
3404	cast<VectorType>(DestTy)->getElementCount(),
3405	"AddrSpaceCast vector pointer number of elements mismatch", &I);
3406	visitInstruction(I);
3407	}
3408
3409	/// visitPHINode - Ensure that a PHI node is well formed.
3410	///
3411	void Verifier::visitPHINode(PHINode &PN) {
3412	// Ensure that the PHI nodes are all grouped together at the top of the block.
3413	// This can be tested by checking whether the instruction before this is
3414	// either nonexistent (because this is begin()) or is a PHI node. If not,
3415	// then there is some other instruction before a PHI.
3416	Check(&PN == &PN.getParent()->front() ||
3417	isa<PHINode>(--BasicBlock::iterator(&PN)),
3418	"PHI nodes not grouped at top of basic block!", &PN, PN.getParent());
3419
3420	// Check that a PHI doesn't yield a Token.
3421	Check(!PN.getType()->isTokenTy(), "PHI nodes cannot have token type!");
3422
3423	// Check that all of the values of the PHI node have the same type as the
3424	// result.
3425	for (Value *IncValue : PN.incoming_values()) {
3426	Check(PN.getType() == IncValue->getType(),
3427	"PHI node operands are not the same type as the result!", &PN);
3428	}
3429
3430	// All other PHI node constraints are checked in the visitBasicBlock method.
3431
3432	visitInstruction(I&: PN);
3433	}
3434
3435	void Verifier::visitCallBase(CallBase &Call) {
3436	Check(Call.getCalledOperand()->getType()->isPointerTy(),
3437	"Called function must be a pointer!", Call);
3438	FunctionType *FTy = Call.getFunctionType();
3439
3440	// Verify that the correct number of arguments are being passed
3441	if (FTy->isVarArg())
3442	Check(Call.arg_size() >= FTy->getNumParams(),
3443	"Called function requires more parameters than were provided!", Call);
3444	else
3445	Check(Call.arg_size() == FTy->getNumParams(),
3446	"Incorrect number of arguments passed to called function!", Call);
3447
3448	// Verify that all arguments to the call match the function type.
3449	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i)
3450	Check(Call.getArgOperand(i)->getType() == FTy->getParamType(i),
3451	"Call parameter type does not match function signature!",
3452	Call.getArgOperand(i), FTy->getParamType(i), Call);
3453
3454	AttributeList Attrs = Call.getAttributes();
3455
3456	Check(verifyAttributeCount(Attrs, Call.arg_size()),
3457	"Attribute after last parameter!", Call);
3458
3459	Function *Callee =
3460	dyn_cast<Function>(Val: Call.getCalledOperand()->stripPointerCasts());
3461	bool IsIntrinsic = Callee && Callee->isIntrinsic();
3462	if (IsIntrinsic)
3463	Check(Callee->getValueType() == FTy,
3464	"Intrinsic called with incompatible signature", Call);
3465
3466	// Disallow calls to functions with the amdgpu_cs_chain[_preserve] calling
3467	// convention.
3468	auto CC = Call.getCallingConv();
3469	Check(CC != CallingConv::AMDGPU_CS_Chain &&
3470	CC != CallingConv::AMDGPU_CS_ChainPreserve,
3471	"Direct calls to amdgpu_cs_chain/amdgpu_cs_chain_preserve functions "
3472	"not allowed. Please use the @llvm.amdgpu.cs.chain intrinsic instead.",
3473	Call);
3474
3475	auto VerifyTypeAlign = [&](Type *Ty, const Twine &Message) {
3476	if (!Ty->isSized())
3477	return;
3478	Align ABIAlign = DL.getABITypeAlign(Ty);
3479	Align MaxAlign(ParamMaxAlignment);
3480	Check(ABIAlign <= MaxAlign,
3481	"Incorrect alignment of " + Message + " to called function!", Call);
3482	};
3483
3484	if (!IsIntrinsic) {
3485	VerifyTypeAlign(FTy->getReturnType(), "return type");
3486	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3487	Type *Ty = FTy->getParamType(i);
3488	VerifyTypeAlign(Ty, "argument passed");
3489	}
3490	}
3491
3492	if (Attrs.hasFnAttr(Attribute::Speculatable)) {
3493	// Don't allow speculatable on call sites, unless the underlying function
3494	// declaration is also speculatable.
3495	Check(Callee && Callee->isSpeculatable(),
3496	"speculatable attribute may not apply to call sites", Call);
3497	}
3498
3499	if (Attrs.hasFnAttr(Attribute::Preallocated)) {
3500	Check(Call.getCalledFunction()->getIntrinsicID() ==
3501	Intrinsic::call_preallocated_arg,
3502	"preallocated as a call site attribute can only be on "
3503	"llvm.call.preallocated.arg");
3504	}
3505
3506	// Verify call attributes.
3507	verifyFunctionAttrs(FT: FTy, Attrs, V: &Call, IsIntrinsic, IsInlineAsm: Call.isInlineAsm());
3508
3509	// Conservatively check the inalloca argument.
3510	// We have a bug if we can find that there is an underlying alloca without
3511	// inalloca.
3512	if (Call.hasInAllocaArgument()) {
3513	Value *InAllocaArg = Call.getArgOperand(i: FTy->getNumParams() - 1);
3514	if (auto AI = dyn_cast<AllocaInst>(Val: InAllocaArg->stripInBoundsOffsets()))
3515	Check(AI->isUsedWithInAlloca(),
3516	"inalloca argument for call has mismatched alloca", AI, Call);
3517	}
3518
3519	// For each argument of the callsite, if it has the swifterror argument,
3520	// make sure the underlying alloca/parameter it comes from has a swifterror as
3521	// well.
3522	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3523	if (Call.paramHasAttr(i, Attribute::SwiftError)) {
3524	Value *SwiftErrorArg = Call.getArgOperand(i);
3525	if (auto AI = dyn_cast<AllocaInst>(Val: SwiftErrorArg->stripInBoundsOffsets())) {
3526	Check(AI->isSwiftError(),
3527	"swifterror argument for call has mismatched alloca", AI, Call);
3528	continue;
3529	}
3530	auto ArgI = dyn_cast<Argument>(Val: SwiftErrorArg);
3531	Check(ArgI, "swifterror argument should come from an alloca or parameter",
3532	SwiftErrorArg, Call);
3533	Check(ArgI->hasSwiftErrorAttr(),
3534	"swifterror argument for call has mismatched parameter", ArgI,
3535	Call);
3536	}
3537
3538	if (Attrs.hasParamAttr(i, Attribute::ImmArg)) {
3539	// Don't allow immarg on call sites, unless the underlying declaration
3540	// also has the matching immarg.
3541	Check(Callee && Callee->hasParamAttribute(i, Attribute::ImmArg),
3542	"immarg may not apply only to call sites", Call.getArgOperand(i),
3543	Call);
3544	}
3545
3546	if (Call.paramHasAttr(i, Attribute::ImmArg)) {
3547	Value *ArgVal = Call.getArgOperand(i);
3548	Check(isa<ConstantInt>(ArgVal) || isa<ConstantFP>(ArgVal),
3549	"immarg operand has non-immediate parameter", ArgVal, Call);
3550	}
3551
3552	if (Call.paramHasAttr(i, Attribute::Preallocated)) {
3553	Value *ArgVal = Call.getArgOperand(i);
3554	bool hasOB =
3555	Call.countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) != 0;
3556	bool isMustTail = Call.isMustTailCall();
3557	Check(hasOB != isMustTail,
3558	"preallocated operand either requires a preallocated bundle or "
3559	"the call to be musttail (but not both)",
3560	ArgVal, Call);
3561	}
3562	}
3563
3564	if (FTy->isVarArg()) {
3565	// FIXME? is 'nest' even legal here?
3566	bool SawNest = false;
3567	bool SawReturned = false;
3568
3569	for (unsigned Idx = 0; Idx < FTy->getNumParams(); ++Idx) {
3570	if (Attrs.hasParamAttr(Idx, Attribute::Nest))
3571	SawNest = true;
3572	if (Attrs.hasParamAttr(Idx, Attribute::Returned))
3573	SawReturned = true;
3574	}
3575
3576	// Check attributes on the varargs part.
3577	for (unsigned Idx = FTy->getNumParams(); Idx < Call.arg_size(); ++Idx) {
3578	Type *Ty = Call.getArgOperand(i: Idx)->getType();
3579	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: Idx);
3580	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V: &Call);
3581
3582	if (ArgAttrs.hasAttribute(Attribute::Nest)) {
3583	Check(!SawNest, "More than one parameter has attribute nest!", Call);
3584	SawNest = true;
3585	}
3586
3587	if (ArgAttrs.hasAttribute(Attribute::Returned)) {
3588	Check(!SawReturned, "More than one parameter has attribute returned!",
3589	Call);
3590	Check(Ty->canLosslesslyBitCastTo(FTy->getReturnType()),
3591	"Incompatible argument and return types for 'returned' "
3592	"attribute",
3593	Call);
3594	SawReturned = true;
3595	}
3596
3597	// Statepoint intrinsic is vararg but the wrapped function may be not.
3598	// Allow sret here and check the wrapped function in verifyStatepoint.
3599	if (!Call.getCalledFunction() ||
3600	Call.getCalledFunction()->getIntrinsicID() !=
3601	Intrinsic::experimental_gc_statepoint)
3602	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
3603	"Attribute 'sret' cannot be used for vararg call arguments!",
3604	Call);
3605
3606	if (ArgAttrs.hasAttribute(Attribute::InAlloca))
3607	Check(Idx == Call.arg_size() - 1,
3608	"inalloca isn't on the last argument!", Call);
3609	}
3610	}
3611
3612	// Verify that there's no metadata unless it's a direct call to an intrinsic.
3613	if (!IsIntrinsic) {
3614	for (Type *ParamTy : FTy->params()) {
3615	Check(!ParamTy->isMetadataTy(),
3616	"Function has metadata parameter but isn't an intrinsic", Call);
3617	Check(!ParamTy->isTokenTy(),
3618	"Function has token parameter but isn't an intrinsic", Call);
3619	}
3620	}
3621
3622	// Verify that indirect calls don't return tokens.
3623	if (!Call.getCalledFunction()) {
3624	Check(!FTy->getReturnType()->isTokenTy(),
3625	"Return type cannot be token for indirect call!");
3626	Check(!FTy->getReturnType()->isX86_AMXTy(),
3627	"Return type cannot be x86_amx for indirect call!");
3628	}
3629
3630	if (Function *F = Call.getCalledFunction())
3631	if (Intrinsic::ID ID = (Intrinsic::ID)F->getIntrinsicID())
3632	visitIntrinsicCall(ID, Call);
3633
3634	// Verify that a callsite has at most one "deopt", at most one "funclet", at
3635	// most one "gc-transition", at most one "cfguardtarget", at most one
3636	// "preallocated" operand bundle, and at most one "ptrauth" operand bundle.
3637	bool FoundDeoptBundle = false, FoundFuncletBundle = false,
3638	FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false,
3639	FoundPreallocatedBundle = false, FoundGCLiveBundle = false,
3640	FoundPtrauthBundle = false, FoundKCFIBundle = false,
3641	FoundAttachedCallBundle = false;
3642	for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) {
3643	OperandBundleUse BU = Call.getOperandBundleAt(Index: i);
3644	uint32_t Tag = BU.getTagID();
3645	if (Tag == LLVMContext::OB_deopt) {
3646	Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call);
3647	FoundDeoptBundle = true;
3648	} else if (Tag == LLVMContext::OB_gc_transition) {
3649	Check(!FoundGCTransitionBundle, "Multiple gc-transition operand bundles",
3650	Call);
3651	FoundGCTransitionBundle = true;
3652	} else if (Tag == LLVMContext::OB_funclet) {
3653	Check(!FoundFuncletBundle, "Multiple funclet operand bundles", Call);
3654	FoundFuncletBundle = true;
3655	Check(BU.Inputs.size() == 1,
3656	"Expected exactly one funclet bundle operand", Call);
3657	Check(isa<FuncletPadInst>(BU.Inputs.front()),
3658	"Funclet bundle operands should correspond to a FuncletPadInst",
3659	Call);
3660	} else if (Tag == LLVMContext::OB_cfguardtarget) {
3661	Check(!FoundCFGuardTargetBundle, "Multiple CFGuardTarget operand bundles",
3662	Call);
3663	FoundCFGuardTargetBundle = true;
3664	Check(BU.Inputs.size() == 1,
3665	"Expected exactly one cfguardtarget bundle operand", Call);
3666	} else if (Tag == LLVMContext::OB_ptrauth) {
3667	Check(!FoundPtrauthBundle, "Multiple ptrauth operand bundles", Call);
3668	FoundPtrauthBundle = true;
3669	Check(BU.Inputs.size() == 2,
3670	"Expected exactly two ptrauth bundle operands", Call);
3671	Check(isa<ConstantInt>(BU.Inputs[0]) &&
3672	BU.Inputs[0]->getType()->isIntegerTy(32),
3673	"Ptrauth bundle key operand must be an i32 constant", Call);
3674	Check(BU.Inputs[1]->getType()->isIntegerTy(64),
3675	"Ptrauth bundle discriminator operand must be an i64", Call);
3676	} else if (Tag == LLVMContext::OB_kcfi) {
3677	Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call);
3678	FoundKCFIBundle = true;
3679	Check(BU.Inputs.size() == 1, "Expected exactly one kcfi bundle operand",
3680	Call);
3681	Check(isa<ConstantInt>(BU.Inputs[0]) &&
3682	BU.Inputs[0]->getType()->isIntegerTy(32),
3683	"Kcfi bundle operand must be an i32 constant", Call);
3684	} else if (Tag == LLVMContext::OB_preallocated) {
3685	Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles",
3686	Call);
3687	FoundPreallocatedBundle = true;
3688	Check(BU.Inputs.size() == 1,
3689	"Expected exactly one preallocated bundle operand", Call);
3690	auto Input = dyn_cast<IntrinsicInst>(Val: BU.Inputs.front());
3691	Check(Input &&
3692	Input->getIntrinsicID() == Intrinsic::call_preallocated_setup,
3693	"\"preallocated\" argument must be a token from "
3694	"llvm.call.preallocated.setup",
3695	Call);
3696	} else if (Tag == LLVMContext::OB_gc_live) {
3697	Check(!FoundGCLiveBundle, "Multiple gc-live operand bundles", Call);
3698	FoundGCLiveBundle = true;
3699	} else if (Tag == LLVMContext::OB_clang_arc_attachedcall) {
3700	Check(!FoundAttachedCallBundle,
3701	"Multiple \"clang.arc.attachedcall\" operand bundles", Call);
3702	FoundAttachedCallBundle = true;
3703	verifyAttachedCallBundle(Call, BU);
3704	}
3705	}
3706
3707	// Verify that callee and callsite agree on whether to use pointer auth.
3708	Check(!(Call.getCalledFunction() && FoundPtrauthBundle),
3709	"Direct call cannot have a ptrauth bundle", Call);
3710
3711	// Verify that each inlinable callsite of a debug-info-bearing function in a
3712	// debug-info-bearing function has a debug location attached to it. Failure to
3713	// do so causes assertion failures when the inliner sets up inline scope info
3714	// (Interposable functions are not inlinable, neither are functions without
3715	// definitions.)
3716	if (Call.getFunction()->getSubprogram() && Call.getCalledFunction() &&
3717	!Call.getCalledFunction()->isInterposable() &&
3718	!Call.getCalledFunction()->isDeclaration() &&
3719	Call.getCalledFunction()->getSubprogram())
3720	CheckDI(Call.getDebugLoc(),
3721	"inlinable function call in a function with "
3722	"debug info must have a !dbg location",
3723	Call);
3724
3725	if (Call.isInlineAsm())
3726	verifyInlineAsmCall(Call);
3727
3728	ConvergenceVerifyHelper.visit(I: Call);
3729
3730	visitInstruction(I&: Call);
3731	}
3732
3733	void Verifier::verifyTailCCMustTailAttrs(const AttrBuilder &Attrs,
3734	StringRef Context) {
3735	Check(!Attrs.contains(Attribute::InAlloca),
3736	Twine("inalloca attribute not allowed in ") + Context);
3737	Check(!Attrs.contains(Attribute::InReg),
3738	Twine("inreg attribute not allowed in ") + Context);
3739	Check(!Attrs.contains(Attribute::SwiftError),
3740	Twine("swifterror attribute not allowed in ") + Context);
3741	Check(!Attrs.contains(Attribute::Preallocated),
3742	Twine("preallocated attribute not allowed in ") + Context);
3743	Check(!Attrs.contains(Attribute::ByRef),
3744	Twine("byref attribute not allowed in ") + Context);
3745	}
3746
3747	/// Two types are "congruent" if they are identical, or if they are both pointer
3748	/// types with different pointee types and the same address space.
3749	static bool isTypeCongruent(Type *L, Type *R) {
3750	if (L == R)
3751	return true;
3752	PointerType *PL = dyn_cast<PointerType>(Val: L);
3753	PointerType *PR = dyn_cast<PointerType>(Val: R);
3754	if (!PL || !PR)
3755	return false;
3756	return PL->getAddressSpace() == PR->getAddressSpace();
3757	}
3758
3759	static AttrBuilder getParameterABIAttributes(LLVMContext& C, unsigned I, AttributeList Attrs) {
3760	static const Attribute::AttrKind ABIAttrs[] = {
3761	Attribute::StructRet, Attribute::ByVal, Attribute::InAlloca,
3762	Attribute::InReg, Attribute::StackAlignment, Attribute::SwiftSelf,
3763	Attribute::SwiftAsync, Attribute::SwiftError, Attribute::Preallocated,
3764	Attribute::ByRef};
3765	AttrBuilder Copy(C);
3766	for (auto AK : ABIAttrs) {
3767	Attribute Attr = Attrs.getParamAttrs(I).getAttribute(AK);
3768	if (Attr.isValid())
3769	Copy.addAttribute(Attr);
3770	}
3771
3772	// `align` is ABI-affecting only in combination with `byval` or `byref`.
3773	if (Attrs.hasParamAttr(I, Attribute::Alignment) &&
3774	(Attrs.hasParamAttr(I, Attribute::ByVal) ||
3775	Attrs.hasParamAttr(I, Attribute::ByRef)))
3776	Copy.addAlignmentAttr(Align: Attrs.getParamAlignment(ArgNo: I));
3777	return Copy;
3778	}
3779
3780	void Verifier::verifyMustTailCall(CallInst &CI) {
3781	Check(!CI.isInlineAsm(), "cannot use musttail call with inline asm", &CI);
3782
3783	Function *F = CI.getParent()->getParent();
3784	FunctionType *CallerTy = F->getFunctionType();
3785	FunctionType *CalleeTy = CI.getFunctionType();
3786	Check(CallerTy->isVarArg() == CalleeTy->isVarArg(),
3787	"cannot guarantee tail call due to mismatched varargs", &CI);
3788	Check(isTypeCongruent(CallerTy->getReturnType(), CalleeTy->getReturnType()),
3789	"cannot guarantee tail call due to mismatched return types", &CI);
3790
3791	// - The calling conventions of the caller and callee must match.
3792	Check(F->getCallingConv() == CI.getCallingConv(),
3793	"cannot guarantee tail call due to mismatched calling conv", &CI);
3794
3795	// - The call must immediately precede a :ref:`ret <i_ret>` instruction,
3796	// or a pointer bitcast followed by a ret instruction.
3797	// - The ret instruction must return the (possibly bitcasted) value
3798	// produced by the call or void.
3799	Value *RetVal = &CI;
3800	Instruction *Next = CI.getNextNode();
3801
3802	// Handle the optional bitcast.
3803	if (BitCastInst *BI = dyn_cast_or_null<BitCastInst>(Val: Next)) {
3804	Check(BI->getOperand(0) == RetVal,
3805	"bitcast following musttail call must use the call", BI);
3806	RetVal = BI;
3807	Next = BI->getNextNode();
3808	}
3809
3810	// Check the return.
3811	ReturnInst *Ret = dyn_cast_or_null<ReturnInst>(Val: Next);
3812	Check(Ret, "musttail call must precede a ret with an optional bitcast", &CI);
3813	Check(!Ret->getReturnValue() || Ret->getReturnValue() == RetVal ||
3814	isa<UndefValue>(Ret->getReturnValue()),
3815	"musttail call result must be returned", Ret);
3816
3817	AttributeList CallerAttrs = F->getAttributes();
3818	AttributeList CalleeAttrs = CI.getAttributes();
3819	if (CI.getCallingConv() == CallingConv::SwiftTail ||
3820	CI.getCallingConv() == CallingConv::Tail) {
3821	StringRef CCName =
3822	CI.getCallingConv() == CallingConv::Tail ? "tailcc" : "swifttailcc";
3823
3824	// - Only sret, byval, swiftself, and swiftasync ABI-impacting attributes
3825	// are allowed in swifttailcc call
3826	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
3827	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
3828	SmallString<32> Context{CCName, StringRef(" musttail caller")};
3829	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
3830	}
3831	for (unsigned I = 0, E = CalleeTy->getNumParams(); I != E; ++I) {
3832	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
3833	SmallString<32> Context{CCName, StringRef(" musttail callee")};
3834	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
3835	}
3836	// - Varargs functions are not allowed
3837	Check(!CallerTy->isVarArg(), Twine("cannot guarantee ") + CCName +
3838	" tail call for varargs function");
3839	return;
3840	}
3841
3842	// - The caller and callee prototypes must match. Pointer types of
3843	// parameters or return types may differ in pointee type, but not
3844	// address space.
3845	if (!CI.getCalledFunction() || !CI.getCalledFunction()->isIntrinsic()) {
3846	Check(CallerTy->getNumParams() == CalleeTy->getNumParams(),
3847	"cannot guarantee tail call due to mismatched parameter counts", &CI);
3848	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
3849	Check(
3850	isTypeCongruent(CallerTy->getParamType(I), CalleeTy->getParamType(I)),
3851	"cannot guarantee tail call due to mismatched parameter types", &CI);
3852	}
3853	}
3854
3855	// - All ABI-impacting function attributes, such as sret, byval, inreg,
3856	// returned, preallocated, and inalloca, must match.
3857	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
3858	AttrBuilder CallerABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
3859	AttrBuilder CalleeABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
3860	Check(CallerABIAttrs == CalleeABIAttrs,
3861	"cannot guarantee tail call due to mismatched ABI impacting "
3862	"function attributes",
3863	&CI, CI.getOperand(I));
3864	}
3865	}
3866
3867	void Verifier::visitCallInst(CallInst &CI) {
3868	visitCallBase(Call&: CI);
3869
3870	if (CI.isMustTailCall())
3871	verifyMustTailCall(CI);
3872	}
3873
3874	void Verifier::visitInvokeInst(InvokeInst &II) {
3875	visitCallBase(Call&: II);
3876
3877	// Verify that the first non-PHI instruction of the unwind destination is an
3878	// exception handling instruction.
3879	Check(
3880	II.getUnwindDest()->isEHPad(),
3881	"The unwind destination does not have an exception handling instruction!",
3882	&II);
3883
3884	visitTerminator(I&: II);
3885	}
3886
3887	/// visitUnaryOperator - Check the argument to the unary operator.
3888	///
3889	void Verifier::visitUnaryOperator(UnaryOperator &U) {
3890	Check(U.getType() == U.getOperand(0)->getType(),
3891	"Unary operators must have same type for"
3892	"operands and result!",
3893	&U);
3894
3895	switch (U.getOpcode()) {
3896	// Check that floating-point arithmetic operators are only used with
3897	// floating-point operands.
3898	case Instruction::FNeg:
3899	Check(U.getType()->isFPOrFPVectorTy(),
3900	"FNeg operator only works with float types!", &U);
3901	break;
3902	default:
3903	llvm_unreachable("Unknown UnaryOperator opcode!");
3904	}
3905
3906	visitInstruction(I&: U);
3907	}
3908
3909	/// visitBinaryOperator - Check that both arguments to the binary operator are
3910	/// of the same type!
3911	///
3912	void Verifier::visitBinaryOperator(BinaryOperator &B) {
3913	Check(B.getOperand(0)->getType() == B.getOperand(1)->getType(),
3914	"Both operands to a binary operator are not of the same type!", &B);
3915
3916	switch (B.getOpcode()) {
3917	// Check that integer arithmetic operators are only used with
3918	// integral operands.
3919	case Instruction::Add:
3920	case Instruction::Sub:
3921	case Instruction::Mul:
3922	case Instruction::SDiv:
3923	case Instruction::UDiv:
3924	case Instruction::SRem:
3925	case Instruction::URem:
3926	Check(B.getType()->isIntOrIntVectorTy(),
3927	"Integer arithmetic operators only work with integral types!", &B);
3928	Check(B.getType() == B.getOperand(0)->getType(),
3929	"Integer arithmetic operators must have same type "
3930	"for operands and result!",
3931	&B);
3932	break;
3933	// Check that floating-point arithmetic operators are only used with
3934	// floating-point operands.
3935	case Instruction::FAdd:
3936	case Instruction::FSub:
3937	case Instruction::FMul:
3938	case Instruction::FDiv:
3939	case Instruction::FRem:
3940	Check(B.getType()->isFPOrFPVectorTy(),
3941	"Floating-point arithmetic operators only work with "
3942	"floating-point types!",
3943	&B);
3944	Check(B.getType() == B.getOperand(0)->getType(),
3945	"Floating-point arithmetic operators must have same type "
3946	"for operands and result!",
3947	&B);
3948	break;
3949	// Check that logical operators are only used with integral operands.
3950	case Instruction::And:
3951	case Instruction::Or:
3952	case Instruction::Xor:
3953	Check(B.getType()->isIntOrIntVectorTy(),
3954	"Logical operators only work with integral types!", &B);
3955	Check(B.getType() == B.getOperand(0)->getType(),
3956	"Logical operators must have same type for operands and result!", &B);
3957	break;
3958	case Instruction::Shl:
3959	case Instruction::LShr:
3960	case Instruction::AShr:
3961	Check(B.getType()->isIntOrIntVectorTy(),
3962	"Shifts only work with integral types!", &B);
3963	Check(B.getType() == B.getOperand(0)->getType(),
3964	"Shift return type must be same as operands!", &B);
3965	break;
3966	default:
3967	llvm_unreachable("Unknown BinaryOperator opcode!");
3968	}
3969
3970	visitInstruction(I&: B);
3971	}
3972
3973	void Verifier::visitICmpInst(ICmpInst &IC) {
3974	// Check that the operands are the same type
3975	Type *Op0Ty = IC.getOperand(i_nocapture: 0)->getType();
3976	Type *Op1Ty = IC.getOperand(i_nocapture: 1)->getType();
3977	Check(Op0Ty == Op1Ty,
3978	"Both operands to ICmp instruction are not of the same type!", &IC);
3979	// Check that the operands are the right type
3980	Check(Op0Ty->isIntOrIntVectorTy() || Op0Ty->isPtrOrPtrVectorTy(),
3981	"Invalid operand types for ICmp instruction", &IC);
3982	// Check that the predicate is valid.
3983	Check(IC.isIntPredicate(), "Invalid predicate in ICmp instruction!", &IC);
3984
3985	visitInstruction(I&: IC);
3986	}
3987
3988	void Verifier::visitFCmpInst(FCmpInst &FC) {
3989	// Check that the operands are the same type
3990	Type *Op0Ty = FC.getOperand(i_nocapture: 0)->getType();
3991	Type *Op1Ty = FC.getOperand(i_nocapture: 1)->getType();
3992	Check(Op0Ty == Op1Ty,
3993	"Both operands to FCmp instruction are not of the same type!", &FC);
3994	// Check that the operands are the right type
3995	Check(Op0Ty->isFPOrFPVectorTy(), "Invalid operand types for FCmp instruction",
3996	&FC);
3997	// Check that the predicate is valid.
3998	Check(FC.isFPPredicate(), "Invalid predicate in FCmp instruction!", &FC);
3999
4000	visitInstruction(I&: FC);
4001	}
4002
4003	void Verifier::visitExtractElementInst(ExtractElementInst &EI) {
4004	Check(ExtractElementInst::isValidOperands(EI.getOperand(0), EI.getOperand(1)),
4005	"Invalid extractelement operands!", &EI);
4006	visitInstruction(I&: EI);
4007	}
4008
4009	void Verifier::visitInsertElementInst(InsertElementInst &IE) {
4010	Check(InsertElementInst::isValidOperands(IE.getOperand(0), IE.getOperand(1),
4011	IE.getOperand(2)),
4012	"Invalid insertelement operands!", &IE);
4013	visitInstruction(I&: IE);
4014	}
4015
4016	void Verifier::visitShuffleVectorInst(ShuffleVectorInst &SV) {
4017	Check(ShuffleVectorInst::isValidOperands(SV.getOperand(0), SV.getOperand(1),
4018	SV.getShuffleMask()),
4019	"Invalid shufflevector operands!", &SV);
4020	visitInstruction(I&: SV);
4021	}
4022
4023	void Verifier::visitGetElementPtrInst(GetElementPtrInst &GEP) {
4024	Type *TargetTy = GEP.getPointerOperandType()->getScalarType();
4025
4026	Check(isa<PointerType>(TargetTy),
4027	"GEP base pointer is not a vector or a vector of pointers", &GEP);
4028	Check(GEP.getSourceElementType()->isSized(), "GEP into unsized type!", &GEP);
4029
4030	if (auto *STy = dyn_cast<StructType>(Val: GEP.getSourceElementType())) {
4031	SmallPtrSet<Type *, 4> Visited;
4032	Check(!STy->containsScalableVectorType(&Visited),
4033	"getelementptr cannot target structure that contains scalable vector"
4034	"type",
4035	&GEP);
4036	}
4037
4038	SmallVector<Value *, 16> Idxs(GEP.indices());
4039	Check(
4040	all_of(Idxs, [](Value *V) { return V->getType()->isIntOrIntVectorTy(); }),
4041	"GEP indexes must be integers", &GEP);
4042	Type *ElTy =
4043	GetElementPtrInst::getIndexedType(Ty: GEP.getSourceElementType(), IdxList: Idxs);
4044	Check(ElTy, "Invalid indices for GEP pointer type!", &GEP);
4045
4046	Check(GEP.getType()->isPtrOrPtrVectorTy() &&
4047	GEP.getResultElementType() == ElTy,
4048	"GEP is not of right type for indices!", &GEP, ElTy);
4049
4050	if (auto *GEPVTy = dyn_cast<VectorType>(Val: GEP.getType())) {
4051	// Additional checks for vector GEPs.
4052	ElementCount GEPWidth = GEPVTy->getElementCount();
4053	if (GEP.getPointerOperandType()->isVectorTy())
4054	Check(
4055	GEPWidth ==
4056	cast<VectorType>(GEP.getPointerOperandType())->getElementCount(),
4057	"Vector GEP result width doesn't match operand's", &GEP);
4058	for (Value *Idx : Idxs) {
4059	Type *IndexTy = Idx->getType();
4060	if (auto *IndexVTy = dyn_cast<VectorType>(Val: IndexTy)) {
4061	ElementCount IndexWidth = IndexVTy->getElementCount();
4062	Check(IndexWidth == GEPWidth, "Invalid GEP index vector width", &GEP);
4063	}
4064	Check(IndexTy->isIntOrIntVectorTy(),
4065	"All GEP indices should be of integer type");
4066	}
4067	}
4068
4069	if (auto *PTy = dyn_cast<PointerType>(Val: GEP.getType())) {
4070	Check(GEP.getAddressSpace() == PTy->getAddressSpace(),
4071	"GEP address space doesn't match type", &GEP);
4072	}
4073
4074	visitInstruction(I&: GEP);
4075	}
4076
4077	static bool isContiguous(const ConstantRange &A, const ConstantRange &B) {
4078	return A.getUpper() == B.getLower() || A.getLower() == B.getUpper();
4079	}
4080
4081	/// Verify !range and !absolute_symbol metadata. These have the same
4082	/// restrictions, except !absolute_symbol allows the full set.
4083	void Verifier::verifyRangeMetadata(const Value &I, const MDNode *Range,
4084	Type *Ty, bool IsAbsoluteSymbol) {
4085	unsigned NumOperands = Range->getNumOperands();
4086	Check(NumOperands % 2 == 0, "Unfinished range!", Range);
4087	unsigned NumRanges = NumOperands / 2;
4088	Check(NumRanges >= 1, "It should have at least one range!", Range);
4089
4090	ConstantRange LastRange(1, true); // Dummy initial value
4091	for (unsigned i = 0; i < NumRanges; ++i) {
4092	ConstantInt *Low =
4093	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i));
4094	Check(Low, "The lower limit must be an integer!", Low);
4095	ConstantInt *High =
4096	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i + 1));
4097	Check(High, "The upper limit must be an integer!", High);
4098	Check(High->getType() == Low->getType() &&
4099	High->getType() == Ty->getScalarType(),
4100	"Range types must match instruction type!", &I);
4101
4102	APInt HighV = High->getValue();
4103	APInt LowV = Low->getValue();
4104
4105	// ConstantRange asserts if the ranges are the same except for the min/max
4106	// value. Leave the cases it tolerates for the empty range error below.
4107	Check(LowV != HighV || LowV.isMaxValue() || LowV.isMinValue(),
4108	"The upper and lower limits cannot be the same value", &I);
4109
4110	ConstantRange CurRange(LowV, HighV);
4111	Check(!CurRange.isEmptySet() && (IsAbsoluteSymbol || !CurRange.isFullSet()),
4112	"Range must not be empty!", Range);
4113	if (i != 0) {
4114	Check(CurRange.intersectWith(LastRange).isEmptySet(),
4115	"Intervals are overlapping", Range);
4116	Check(LowV.sgt(LastRange.getLower()), "Intervals are not in order",
4117	Range);
4118	Check(!isContiguous(CurRange, LastRange), "Intervals are contiguous",
4119	Range);
4120	}
4121	LastRange = ConstantRange(LowV, HighV);
4122	}
4123	if (NumRanges > 2) {
4124	APInt FirstLow =
4125	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 0))->getValue();
4126	APInt FirstHigh =
4127	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 1))->getValue();
4128	ConstantRange FirstRange(FirstLow, FirstHigh);
4129	Check(FirstRange.intersectWith(LastRange).isEmptySet(),
4130	"Intervals are overlapping", Range);
4131	Check(!isContiguous(FirstRange, LastRange), "Intervals are contiguous",
4132	Range);
4133	}
4134	}
4135
4136	void Verifier::visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty) {
4137	assert(Range && Range == I.getMetadata(LLVMContext::MD_range) &&
4138	"precondition violation");
4139	verifyRangeMetadata(I, Range, Ty, IsAbsoluteSymbol: false);
4140	}
4141
4142	void Verifier::checkAtomicMemAccessSize(Type *Ty, const Instruction *I) {
4143	unsigned Size = DL.getTypeSizeInBits(Ty);
4144	Check(Size >= 8, "atomic memory access' size must be byte-sized", Ty, I);
4145	Check(!(Size & (Size - 1)),
4146	"atomic memory access' operand must have a power-of-two size", Ty, I);
4147	}
4148
4149	void Verifier::visitLoadInst(LoadInst &LI) {
4150	PointerType *PTy = dyn_cast<PointerType>(Val: LI.getOperand(i_nocapture: 0)->getType());
4151	Check(PTy, "Load operand must be a pointer.", &LI);
4152	Type *ElTy = LI.getType();
4153	if (MaybeAlign A = LI.getAlign()) {
4154	Check(A->value() <= Value::MaximumAlignment,
4155	"huge alignment values are unsupported", &LI);
4156	}
4157	Check(ElTy->isSized(), "loading unsized types is not allowed", &LI);
4158	if (LI.isAtomic()) {
4159	Check(LI.getOrdering() != AtomicOrdering::Release &&
4160	LI.getOrdering() != AtomicOrdering::AcquireRelease,
4161	"Load cannot have Release ordering", &LI);
4162	Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(),
4163	"atomic load operand must have integer, pointer, or floating point "
4164	"type!",
4165	ElTy, &LI);
4166	checkAtomicMemAccessSize(Ty: ElTy, I: &LI);
4167	} else {
4168	Check(LI.getSyncScopeID() == SyncScope::System,
4169	"Non-atomic load cannot have SynchronizationScope specified", &LI);
4170	}
4171
4172	visitInstruction(I&: LI);
4173	}
4174
4175	void Verifier::visitStoreInst(StoreInst &SI) {
4176	PointerType *PTy = dyn_cast<PointerType>(Val: SI.getOperand(i_nocapture: 1)->getType());
4177	Check(PTy, "Store operand must be a pointer.", &SI);
4178	Type *ElTy = SI.getOperand(i_nocapture: 0)->getType();
4179	if (MaybeAlign A = SI.getAlign()) {
4180	Check(A->value() <= Value::MaximumAlignment,
4181	"huge alignment values are unsupported", &SI);
4182	}
4183	Check(ElTy->isSized(), "storing unsized types is not allowed", &SI);
4184	if (SI.isAtomic()) {
4185	Check(SI.getOrdering() != AtomicOrdering::Acquire &&
4186	SI.getOrdering() != AtomicOrdering::AcquireRelease,
4187	"Store cannot have Acquire ordering", &SI);
4188	Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(),
4189	"atomic store operand must have integer, pointer, or floating point "
4190	"type!",
4191	ElTy, &SI);
4192	checkAtomicMemAccessSize(Ty: ElTy, I: &SI);
4193	} else {
4194	Check(SI.getSyncScopeID() == SyncScope::System,
4195	"Non-atomic store cannot have SynchronizationScope specified", &SI);
4196	}
4197	visitInstruction(I&: SI);
4198	}
4199
4200	/// Check that SwiftErrorVal is used as a swifterror argument in CS.
4201	void Verifier::verifySwiftErrorCall(CallBase &Call,
4202	const Value *SwiftErrorVal) {
4203	for (const auto &I : llvm::enumerate(First: Call.args())) {
4204	if (I.value() == SwiftErrorVal) {
4205	Check(Call.paramHasAttr(I.index(), Attribute::SwiftError),
4206	"swifterror value when used in a callsite should be marked "
4207	"with swifterror attribute",
4208	SwiftErrorVal, Call);
4209	}
4210	}
4211	}
4212
4213	void Verifier::verifySwiftErrorValue(const Value *SwiftErrorVal) {
4214	// Check that swifterror value is only used by loads, stores, or as
4215	// a swifterror argument.
4216	for (const User *U : SwiftErrorVal->users()) {
4217	Check(isa<LoadInst>(U) || isa<StoreInst>(U) || isa<CallInst>(U) ||
4218	isa<InvokeInst>(U),
4219	"swifterror value can only be loaded and stored from, or "
4220	"as a swifterror argument!",
4221	SwiftErrorVal, U);
4222	// If it is used by a store, check it is the second operand.
4223	if (auto StoreI = dyn_cast<StoreInst>(Val: U))
4224	Check(StoreI->getOperand(1) == SwiftErrorVal,
4225	"swifterror value should be the second operand when used "
4226	"by stores",
4227	SwiftErrorVal, U);
4228	if (auto *Call = dyn_cast<CallBase>(Val: U))
4229	verifySwiftErrorCall(Call&: *const_cast<CallBase *>(Call), SwiftErrorVal);
4230	}
4231	}
4232
4233	void Verifier::visitAllocaInst(AllocaInst &AI) {
4234	SmallPtrSet<Type*, 4> Visited;
4235	Check(AI.getAllocatedType()->isSized(&Visited),
4236	"Cannot allocate unsized type", &AI);
4237	Check(AI.getArraySize()->getType()->isIntegerTy(),
4238	"Alloca array size must have integer type", &AI);
4239	if (MaybeAlign A = AI.getAlign()) {
4240	Check(A->value() <= Value::MaximumAlignment,
4241	"huge alignment values are unsupported", &AI);
4242	}
4243
4244	if (AI.isSwiftError()) {
4245	Check(AI.getAllocatedType()->isPointerTy(),
4246	"swifterror alloca must have pointer type", &AI);
4247	Check(!AI.isArrayAllocation(),
4248	"swifterror alloca must not be array allocation", &AI);
4249	verifySwiftErrorValue(SwiftErrorVal: &AI);
4250	}
4251
4252	visitInstruction(I&: AI);
4253	}
4254
4255	void Verifier::visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI) {
4256	Type *ElTy = CXI.getOperand(i_nocapture: 1)->getType();
4257	Check(ElTy->isIntOrPtrTy(),
4258	"cmpxchg operand must have integer or pointer type", ElTy, &CXI);
4259	checkAtomicMemAccessSize(Ty: ElTy, I: &CXI);
4260	visitInstruction(I&: CXI);
4261	}
4262
4263	void Verifier::visitAtomicRMWInst(AtomicRMWInst &RMWI) {
4264	Check(RMWI.getOrdering() != AtomicOrdering::Unordered,
4265	"atomicrmw instructions cannot be unordered.", &RMWI);
4266	auto Op = RMWI.getOperation();
4267	Type *ElTy = RMWI.getOperand(i_nocapture: 1)->getType();
4268	if (Op == AtomicRMWInst::Xchg) {
4269	Check(ElTy->isIntegerTy() || ElTy->isFloatingPointTy() ||
4270	ElTy->isPointerTy(),
4271	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4272	" operand must have integer or floating point type!",
4273	&RMWI, ElTy);
4274	} else if (AtomicRMWInst::isFPOperation(Op)) {
4275	Check(ElTy->isFPOrFPVectorTy() && !isa<ScalableVectorType>(ElTy),
4276	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4277	" operand must have floating-point or fixed vector of floating-point "
4278	"type!",
4279	&RMWI, ElTy);
4280	} else {
4281	Check(ElTy->isIntegerTy(),
4282	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4283	" operand must have integer type!",
4284	&RMWI, ElTy);
4285	}
4286	checkAtomicMemAccessSize(Ty: ElTy, I: &RMWI);
4287	Check(AtomicRMWInst::FIRST_BINOP <= Op && Op <= AtomicRMWInst::LAST_BINOP,
4288	"Invalid binary operation!", &RMWI);
4289	visitInstruction(I&: RMWI);
4290	}
4291
4292	void Verifier::visitFenceInst(FenceInst &FI) {
4293	const AtomicOrdering Ordering = FI.getOrdering();
4294	Check(Ordering == AtomicOrdering::Acquire ||
4295	Ordering == AtomicOrdering::Release ||
4296	Ordering == AtomicOrdering::AcquireRelease ||
4297	Ordering == AtomicOrdering::SequentiallyConsistent,
4298	"fence instructions may only have acquire, release, acq_rel, or "
4299	"seq_cst ordering.",
4300	&FI);
4301	visitInstruction(I&: FI);
4302	}
4303
4304	void Verifier::visitExtractValueInst(ExtractValueInst &EVI) {
4305	Check(ExtractValueInst::getIndexedType(EVI.getAggregateOperand()->getType(),
4306	EVI.getIndices()) == EVI.getType(),
4307	"Invalid ExtractValueInst operands!", &EVI);
4308
4309	visitInstruction(I&: EVI);
4310	}
4311
4312	void Verifier::visitInsertValueInst(InsertValueInst &IVI) {
4313	Check(ExtractValueInst::getIndexedType(IVI.getAggregateOperand()->getType(),
4314	IVI.getIndices()) ==
4315	IVI.getOperand(1)->getType(),
4316	"Invalid InsertValueInst operands!", &IVI);
4317
4318	visitInstruction(I&: IVI);
4319	}
4320
4321	static Value *getParentPad(Value *EHPad) {
4322	if (auto *FPI = dyn_cast<FuncletPadInst>(Val: EHPad))
4323	return FPI->getParentPad();
4324
4325	return cast<CatchSwitchInst>(Val: EHPad)->getParentPad();
4326	}
4327
4328	void Verifier::visitEHPadPredecessors(Instruction &I) {
4329	assert(I.isEHPad());
4330
4331	BasicBlock *BB = I.getParent();
4332	Function *F = BB->getParent();
4333
4334	Check(BB != &F->getEntryBlock(), "EH pad cannot be in entry block.", &I);
4335
4336	if (auto *LPI = dyn_cast<LandingPadInst>(Val: &I)) {
4337	// The landingpad instruction defines its parent as a landing pad block. The
4338	// landing pad block may be branched to only by the unwind edge of an
4339	// invoke.
4340	for (BasicBlock *PredBB : predecessors(BB)) {
4341	const auto *II = dyn_cast<InvokeInst>(Val: PredBB->getTerminator());
4342	Check(II && II->getUnwindDest() == BB && II->getNormalDest() != BB,
4343	"Block containing LandingPadInst must be jumped to "
4344	"only by the unwind edge of an invoke.",
4345	LPI);
4346	}
4347	return;
4348	}
4349	if (auto *CPI = dyn_cast<CatchPadInst>(Val: &I)) {
4350	if (!pred_empty(BB))
4351	Check(BB->getUniquePredecessor() == CPI->getCatchSwitch()->getParent(),
4352	"Block containg CatchPadInst must be jumped to "
4353	"only by its catchswitch.",
4354	CPI);
4355	Check(BB != CPI->getCatchSwitch()->getUnwindDest(),
4356	"Catchswitch cannot unwind to one of its catchpads",
4357	CPI->getCatchSwitch(), CPI);
4358	return;
4359	}
4360
4361	// Verify that each pred has a legal terminator with a legal to/from EH
4362	// pad relationship.
4363	Instruction *ToPad = &I;
4364	Value *ToPadParent = getParentPad(EHPad: ToPad);
4365	for (BasicBlock *PredBB : predecessors(BB)) {
4366	Instruction *TI = PredBB->getTerminator();
4367	Value *FromPad;
4368	if (auto *II = dyn_cast<InvokeInst>(Val: TI)) {
4369	Check(II->getUnwindDest() == BB && II->getNormalDest() != BB,
4370	"EH pad must be jumped to via an unwind edge", ToPad, II);
4371	auto *CalledFn =
4372	dyn_cast<Function>(Val: II->getCalledOperand()->stripPointerCasts());
4373	if (CalledFn && CalledFn->isIntrinsic() && II->doesNotThrow() &&
4374	!IntrinsicInst::mayLowerToFunctionCall(IID: CalledFn->getIntrinsicID()))
4375	continue;
4376	if (auto Bundle = II->getOperandBundle(ID: LLVMContext::OB_funclet))
4377	FromPad = Bundle->Inputs[0];
4378	else
4379	FromPad = ConstantTokenNone::get(Context&: II->getContext());
4380	} else if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: TI)) {
4381	FromPad = CRI->getOperand(i_nocapture: 0);
4382	Check(FromPad != ToPadParent, "A cleanupret must exit its cleanup", CRI);
4383	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: TI)) {
4384	FromPad = CSI;
4385	} else {
4386	Check(false, "EH pad must be jumped to via an unwind edge", ToPad, TI);
4387	}
4388
4389	// The edge may exit from zero or more nested pads.
4390	SmallSet<Value *, 8> Seen;
4391	for (;; FromPad = getParentPad(EHPad: FromPad)) {
4392	Check(FromPad != ToPad,
4393	"EH pad cannot handle exceptions raised within it", FromPad, TI);
4394	if (FromPad == ToPadParent) {
4395	// This is a legal unwind edge.
4396	break;
4397	}
4398	Check(!isa<ConstantTokenNone>(FromPad),
4399	"A single unwind edge may only enter one EH pad", TI);
4400	Check(Seen.insert(FromPad).second, "EH pad jumps through a cycle of pads",
4401	FromPad);
4402
4403	// This will be diagnosed on the corresponding instruction already. We
4404	// need the extra check here to make sure getParentPad() works.
4405	Check(isa<FuncletPadInst>(FromPad) || isa<CatchSwitchInst>(FromPad),
4406	"Parent pad must be catchpad/cleanuppad/catchswitch", TI);
4407	}
4408	}
4409	}
4410
4411	void Verifier::visitLandingPadInst(LandingPadInst &LPI) {
4412	// The landingpad instruction is ill-formed if it doesn't have any clauses and
4413	// isn't a cleanup.
4414	Check(LPI.getNumClauses() > 0 || LPI.isCleanup(),
4415	"LandingPadInst needs at least one clause or to be a cleanup.", &LPI);
4416
4417	visitEHPadPredecessors(I&: LPI);
4418
4419	if (!LandingPadResultTy)
4420	LandingPadResultTy = LPI.getType();
4421	else
4422	Check(LandingPadResultTy == LPI.getType(),
4423	"The landingpad instruction should have a consistent result type "
4424	"inside a function.",
4425	&LPI);
4426
4427	Function *F = LPI.getParent()->getParent();
4428	Check(F->hasPersonalityFn(),
4429	"LandingPadInst needs to be in a function with a personality.", &LPI);
4430
4431	// The landingpad instruction must be the first non-PHI instruction in the
4432	// block.
4433	Check(LPI.getParent()->getLandingPadInst() == &LPI,
4434	"LandingPadInst not the first non-PHI instruction in the block.", &LPI);
4435
4436	for (unsigned i = 0, e = LPI.getNumClauses(); i < e; ++i) {
4437	Constant *Clause = LPI.getClause(Idx: i);
4438	if (LPI.isCatch(Idx: i)) {
4439	Check(isa<PointerType>(Clause->getType()),
4440	"Catch operand does not have pointer type!", &LPI);
4441	} else {
4442	Check(LPI.isFilter(i), "Clause is neither catch nor filter!", &LPI);
4443	Check(isa<ConstantArray>(Clause) || isa<ConstantAggregateZero>(Clause),
4444	"Filter operand is not an array of constants!", &LPI);
4445	}
4446	}
4447
4448	visitInstruction(I&: LPI);
4449	}
4450
4451	void Verifier::visitResumeInst(ResumeInst &RI) {
4452	Check(RI.getFunction()->hasPersonalityFn(),
4453	"ResumeInst needs to be in a function with a personality.", &RI);
4454
4455	if (!LandingPadResultTy)
4456	LandingPadResultTy = RI.getValue()->getType();
4457	else
4458	Check(LandingPadResultTy == RI.getValue()->getType(),
4459	"The resume instruction should have a consistent result type "
4460	"inside a function.",
4461	&RI);
4462
4463	visitTerminator(I&: RI);
4464	}
4465
4466	void Verifier::visitCatchPadInst(CatchPadInst &CPI) {
4467	BasicBlock *BB = CPI.getParent();
4468
4469	Function *F = BB->getParent();
4470	Check(F->hasPersonalityFn(),
4471	"CatchPadInst needs to be in a function with a personality.", &CPI);
4472
4473	Check(isa<CatchSwitchInst>(CPI.getParentPad()),
4474	"CatchPadInst needs to be directly nested in a CatchSwitchInst.",
4475	CPI.getParentPad());
4476
4477	// The catchpad instruction must be the first non-PHI instruction in the
4478	// block.
4479	Check(BB->getFirstNonPHI() == &CPI,
4480	"CatchPadInst not the first non-PHI instruction in the block.", &CPI);
4481
4482	visitEHPadPredecessors(I&: CPI);
4483	visitFuncletPadInst(FPI&: CPI);
4484	}
4485
4486	void Verifier::visitCatchReturnInst(CatchReturnInst &CatchReturn) {
4487	Check(isa<CatchPadInst>(CatchReturn.getOperand(0)),
4488	"CatchReturnInst needs to be provided a CatchPad", &CatchReturn,
4489	CatchReturn.getOperand(0));
4490
4491	visitTerminator(I&: CatchReturn);
4492	}
4493
4494	void Verifier::visitCleanupPadInst(CleanupPadInst &CPI) {
4495	BasicBlock *BB = CPI.getParent();
4496
4497	Function *F = BB->getParent();
4498	Check(F->hasPersonalityFn(),
4499	"CleanupPadInst needs to be in a function with a personality.", &CPI);
4500
4501	// The cleanuppad instruction must be the first non-PHI instruction in the
4502	// block.
4503	Check(BB->getFirstNonPHI() == &CPI,
4504	"CleanupPadInst not the first non-PHI instruction in the block.", &CPI);
4505
4506	auto *ParentPad = CPI.getParentPad();
4507	Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
4508	"CleanupPadInst has an invalid parent.", &CPI);
4509
4510	visitEHPadPredecessors(I&: CPI);
4511	visitFuncletPadInst(FPI&: CPI);
4512	}
4513
4514	void Verifier::visitFuncletPadInst(FuncletPadInst &FPI) {
4515	User *FirstUser = nullptr;
4516	Value *FirstUnwindPad = nullptr;
4517	SmallVector<FuncletPadInst *, 8> Worklist({&FPI});
4518	SmallSet<FuncletPadInst *, 8> Seen;
4519
4520	while (!Worklist.empty()) {
4521	FuncletPadInst *CurrentPad = Worklist.pop_back_val();
4522	Check(Seen.insert(CurrentPad).second,
4523	"FuncletPadInst must not be nested within itself", CurrentPad);
4524	Value *UnresolvedAncestorPad = nullptr;
4525	for (User *U : CurrentPad->users()) {
4526	BasicBlock *UnwindDest;
4527	if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: U)) {
4528	UnwindDest = CRI->getUnwindDest();
4529	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: U)) {
4530	// We allow catchswitch unwind to caller to nest
4531	// within an outer pad that unwinds somewhere else,
4532	// because catchswitch doesn't have a nounwind variant.
4533	// See e.g. SimplifyCFGOpt::SimplifyUnreachable.
4534	if (CSI->unwindsToCaller())
4535	continue;
4536	UnwindDest = CSI->getUnwindDest();
4537	} else if (auto *II = dyn_cast<InvokeInst>(Val: U)) {
4538	UnwindDest = II->getUnwindDest();
4539	} else if (isa<CallInst>(Val: U)) {
4540	// Calls which don't unwind may be found inside funclet
4541	// pads that unwind somewhere else. We don't *require*
4542	// such calls to be annotated nounwind.
4543	continue;
4544	} else if (auto *CPI = dyn_cast<CleanupPadInst>(Val: U)) {
4545	// The unwind dest for a cleanup can only be found by
4546	// recursive search. Add it to the worklist, and we'll
4547	// search for its first use that determines where it unwinds.
4548	Worklist.push_back(Elt: CPI);
4549	continue;
4550	} else {
4551	Check(isa<CatchReturnInst>(U), "Bogus funclet pad use", U);
4552	continue;
4553	}
4554
4555	Value *UnwindPad;
4556	bool ExitsFPI;
4557	if (UnwindDest) {
4558	UnwindPad = UnwindDest->getFirstNonPHI();
4559	if (!cast<Instruction>(Val: UnwindPad)->isEHPad())
4560	continue;
4561	Value *UnwindParent = getParentPad(EHPad: UnwindPad);
4562	// Ignore unwind edges that don't exit CurrentPad.
4563	if (UnwindParent == CurrentPad)
4564	continue;
4565	// Determine whether the original funclet pad is exited,
4566	// and if we are scanning nested pads determine how many
4567	// of them are exited so we can stop searching their
4568	// children.
4569	Value *ExitedPad = CurrentPad;
4570	ExitsFPI = false;
4571	do {
4572	if (ExitedPad == &FPI) {
4573	ExitsFPI = true;
4574	// Now we can resolve any ancestors of CurrentPad up to
4575	// FPI, but not including FPI since we need to make sure
4576	// to check all direct users of FPI for consistency.
4577	UnresolvedAncestorPad = &FPI;
4578	break;
4579	}
4580	Value *ExitedParent = getParentPad(EHPad: ExitedPad);
4581	if (ExitedParent == UnwindParent) {
4582	// ExitedPad is the ancestor-most pad which this unwind
4583	// edge exits, so we can resolve up to it, meaning that
4584	// ExitedParent is the first ancestor still unresolved.
4585	UnresolvedAncestorPad = ExitedParent;
4586	break;
4587	}
4588	ExitedPad = ExitedParent;
4589	} while (!isa<ConstantTokenNone>(Val: ExitedPad));
4590	} else {
4591	// Unwinding to caller exits all pads.
4592	UnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
4593	ExitsFPI = true;
4594	UnresolvedAncestorPad = &FPI;
4595	}
4596
4597	if (ExitsFPI) {
4598	// This unwind edge exits FPI. Make sure it agrees with other
4599	// such edges.
4600	if (FirstUser) {
4601	Check(UnwindPad == FirstUnwindPad,
4602	"Unwind edges out of a funclet "
4603	"pad must have the same unwind "
4604	"dest",
4605	&FPI, U, FirstUser);
4606	} else {
4607	FirstUser = U;
4608	FirstUnwindPad = UnwindPad;
4609	// Record cleanup sibling unwinds for verifySiblingFuncletUnwinds
4610	if (isa<CleanupPadInst>(Val: &FPI) && !isa<ConstantTokenNone>(Val: UnwindPad) &&
4611	getParentPad(EHPad: UnwindPad) == getParentPad(EHPad: &FPI))
4612	SiblingFuncletInfo[&FPI] = cast<Instruction>(Val: U);
4613	}
4614	}
4615	// Make sure we visit all uses of FPI, but for nested pads stop as
4616	// soon as we know where they unwind to.
4617	if (CurrentPad != &FPI)
4618	break;
4619	}
4620	if (UnresolvedAncestorPad) {
4621	if (CurrentPad == UnresolvedAncestorPad) {
4622	// When CurrentPad is FPI itself, we don't mark it as resolved even if
4623	// we've found an unwind edge that exits it, because we need to verify
4624	// all direct uses of FPI.
4625	assert(CurrentPad == &FPI);
4626	continue;
4627	}
4628	// Pop off the worklist any nested pads that we've found an unwind
4629	// destination for. The pads on the worklist are the uncles,
4630	// great-uncles, etc. of CurrentPad. We've found an unwind destination
4631	// for all ancestors of CurrentPad up to but not including
4632	// UnresolvedAncestorPad.
4633	Value *ResolvedPad = CurrentPad;
4634	while (!Worklist.empty()) {
4635	Value *UnclePad = Worklist.back();
4636	Value *AncestorPad = getParentPad(EHPad: UnclePad);
4637	// Walk ResolvedPad up the ancestor list until we either find the
4638	// uncle's parent or the last resolved ancestor.
4639	while (ResolvedPad != AncestorPad) {
4640	Value *ResolvedParent = getParentPad(EHPad: ResolvedPad);
4641	if (ResolvedParent == UnresolvedAncestorPad) {
4642	break;
4643	}
4644	ResolvedPad = ResolvedParent;
4645	}
4646	// If the resolved ancestor search didn't find the uncle's parent,
4647	// then the uncle is not yet resolved.
4648	if (ResolvedPad != AncestorPad)
4649	break;
4650	// This uncle is resolved, so pop it from the worklist.
4651	Worklist.pop_back();
4652	}
4653	}
4654	}
4655
4656	if (FirstUnwindPad) {
4657	if (auto *CatchSwitch = dyn_cast<CatchSwitchInst>(Val: FPI.getParentPad())) {
4658	BasicBlock *SwitchUnwindDest = CatchSwitch->getUnwindDest();
4659	Value *SwitchUnwindPad;
4660	if (SwitchUnwindDest)
4661	SwitchUnwindPad = SwitchUnwindDest->getFirstNonPHI();
4662	else
4663	SwitchUnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
4664	Check(SwitchUnwindPad == FirstUnwindPad,
4665	"Unwind edges out of a catch must have the same unwind dest as "
4666	"the parent catchswitch",
4667	&FPI, FirstUser, CatchSwitch);
4668	}
4669	}
4670
4671	visitInstruction(I&: FPI);
4672	}
4673
4674	void Verifier::visitCatchSwitchInst(CatchSwitchInst &CatchSwitch) {
4675	BasicBlock *BB = CatchSwitch.getParent();
4676
4677	Function *F = BB->getParent();
4678	Check(F->hasPersonalityFn(),
4679	"CatchSwitchInst needs to be in a function with a personality.",
4680	&CatchSwitch);
4681
4682	// The catchswitch instruction must be the first non-PHI instruction in the
4683	// block.
4684	Check(BB->getFirstNonPHI() == &CatchSwitch,
4685	"CatchSwitchInst not the first non-PHI instruction in the block.",
4686	&CatchSwitch);
4687
4688	auto *ParentPad = CatchSwitch.getParentPad();
4689	Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
4690	"CatchSwitchInst has an invalid parent.", ParentPad);
4691
4692	if (BasicBlock *UnwindDest = CatchSwitch.getUnwindDest()) {
4693	Instruction *I = UnwindDest->getFirstNonPHI();
4694	Check(I->isEHPad() && !isa<LandingPadInst>(I),
4695	"CatchSwitchInst must unwind to an EH block which is not a "
4696	"landingpad.",
4697	&CatchSwitch);
4698
4699	// Record catchswitch sibling unwinds for verifySiblingFuncletUnwinds
4700	if (getParentPad(EHPad: I) == ParentPad)
4701	SiblingFuncletInfo[&CatchSwitch] = &CatchSwitch;
4702	}
4703
4704	Check(CatchSwitch.getNumHandlers() != 0,
4705	"CatchSwitchInst cannot have empty handler list", &CatchSwitch);
4706
4707	for (BasicBlock *Handler : CatchSwitch.handlers()) {
4708	Check(isa<CatchPadInst>(Handler->getFirstNonPHI()),
4709	"CatchSwitchInst handlers must be catchpads", &CatchSwitch, Handler);
4710	}
4711
4712	visitEHPadPredecessors(I&: CatchSwitch);
4713	visitTerminator(I&: CatchSwitch);
4714	}
4715
4716	void Verifier::visitCleanupReturnInst(CleanupReturnInst &CRI) {
4717	Check(isa<CleanupPadInst>(CRI.getOperand(0)),
4718	"CleanupReturnInst needs to be provided a CleanupPad", &CRI,
4719	CRI.getOperand(0));
4720
4721	if (BasicBlock *UnwindDest = CRI.getUnwindDest()) {
4722	Instruction *I = UnwindDest->getFirstNonPHI();
4723	Check(I->isEHPad() && !isa<LandingPadInst>(I),
4724	"CleanupReturnInst must unwind to an EH block which is not a "
4725	"landingpad.",
4726	&CRI);
4727	}
4728
4729	visitTerminator(I&: CRI);
4730	}
4731
4732	void Verifier::verifyDominatesUse(Instruction &I, unsigned i) {
4733	Instruction *Op = cast<Instruction>(Val: I.getOperand(i));
4734	// If the we have an invalid invoke, don't try to compute the dominance.
4735	// We already reject it in the invoke specific checks and the dominance
4736	// computation doesn't handle multiple edges.
4737	if (InvokeInst *II = dyn_cast<InvokeInst>(Val: Op)) {
4738	if (II->getNormalDest() == II->getUnwindDest())
4739	return;
4740	}
4741
4742	// Quick check whether the def has already been encountered in the same block.
4743	// PHI nodes are not checked to prevent accepting preceding PHIs, because PHI
4744	// uses are defined to happen on the incoming edge, not at the instruction.
4745	//
4746	// FIXME: If this operand is a MetadataAsValue (wrapping a LocalAsMetadata)
4747	// wrapping an SSA value, assert that we've already encountered it. See
4748	// related FIXME in Mapper::mapLocalAsMetadata in ValueMapper.cpp.
4749	if (!isa<PHINode>(Val: I) && InstsInThisBlock.count(Ptr: Op))
4750	return;
4751
4752	const Use &U = I.getOperandUse(i);
4753	Check(DT.dominates(Op, U), "Instruction does not dominate all uses!", Op, &I);
4754	}
4755
4756	void Verifier::visitDereferenceableMetadata(Instruction& I, MDNode* MD) {
4757	Check(I.getType()->isPointerTy(),
4758	"dereferenceable, dereferenceable_or_null "
4759	"apply only to pointer types",
4760	&I);
4761	Check((isa<LoadInst>(I) || isa<IntToPtrInst>(I)),
4762	"dereferenceable, dereferenceable_or_null apply only to load"
4763	" and inttoptr instructions, use attributes for calls or invokes",
4764	&I);
4765	Check(MD->getNumOperands() == 1,
4766	"dereferenceable, dereferenceable_or_null "
4767	"take one operand!",
4768	&I);
4769	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 0));
4770	Check(CI && CI->getType()->isIntegerTy(64),
4771	"dereferenceable, "
4772	"dereferenceable_or_null metadata value must be an i64!",
4773	&I);
4774	}
4775
4776	void Verifier::visitProfMetadata(Instruction &I, MDNode *MD) {
4777	Check(MD->getNumOperands() >= 2,
4778	"!prof annotations should have no less than 2 operands", MD);
4779
4780	// Check first operand.
4781	Check(MD->getOperand(0) != nullptr, "first operand should not be null", MD);
4782	Check(isa<MDString>(MD->getOperand(0)),
4783	"expected string with name of the !prof annotation", MD);
4784	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
4785	StringRef ProfName = MDS->getString();
4786
4787	// Check consistency of !prof branch_weights metadata.
4788	if (ProfName.equals(RHS: "branch_weights")) {
4789	if (isa<InvokeInst>(Val: &I)) {
4790	Check(MD->getNumOperands() == 2 || MD->getNumOperands() == 3,
4791	"Wrong number of InvokeInst branch_weights operands", MD);
4792	} else {
4793	unsigned ExpectedNumOperands = 0;
4794	if (BranchInst *BI = dyn_cast<BranchInst>(Val: &I))
4795	ExpectedNumOperands = BI->getNumSuccessors();
4796	else if (SwitchInst *SI = dyn_cast<SwitchInst>(Val: &I))
4797	ExpectedNumOperands = SI->getNumSuccessors();
4798	else if (isa<CallInst>(Val: &I))
4799	ExpectedNumOperands = 1;
4800	else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(Val: &I))
4801	ExpectedNumOperands = IBI->getNumDestinations();
4802	else if (isa<SelectInst>(Val: &I))
4803	ExpectedNumOperands = 2;
4804	else if (CallBrInst *CI = dyn_cast<CallBrInst>(Val: &I))
4805	ExpectedNumOperands = CI->getNumSuccessors();
4806	else
4807	CheckFailed(Message: "!prof branch_weights are not allowed for this instruction",
4808	V1: MD);
4809
4810	Check(MD->getNumOperands() == 1 + ExpectedNumOperands,
4811	"Wrong number of operands", MD);
4812	}
4813	for (unsigned i = 1; i < MD->getNumOperands(); ++i) {
4814	auto &MDO = MD->getOperand(I: i);
4815	Check(MDO, "second operand should not be null", MD);
4816	Check(mdconst::dyn_extract<ConstantInt>(MDO),
4817	"!prof brunch_weights operand is not a const int");
4818	}
4819	}
4820	}
4821
4822	void Verifier::visitDIAssignIDMetadata(Instruction &I, MDNode *MD) {
4823	assert(I.hasMetadata(LLVMContext::MD_DIAssignID));
4824	bool ExpectedInstTy =
4825	isa<AllocaInst>(Val: I) || isa<StoreInst>(Val: I) || isa<MemIntrinsic>(Val: I);
4826	CheckDI(ExpectedInstTy, "!DIAssignID attached to unexpected instruction kind",
4827	I, MD);
4828	// Iterate over the MetadataAsValue uses of the DIAssignID - these should
4829	// only be found as DbgAssignIntrinsic operands.
4830	if (auto *AsValue = MetadataAsValue::getIfExists(Context, MD)) {
4831	for (auto *User : AsValue->users()) {
4832	CheckDI(isa<DbgAssignIntrinsic>(User),
4833	"!DIAssignID should only be used by llvm.dbg.assign intrinsics",
4834	MD, User);
4835	// All of the dbg.assign intrinsics should be in the same function as I.
4836	if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: User))
4837	CheckDI(DAI->getFunction() == I.getFunction(),
4838	"dbg.assign not in same function as inst", DAI, &I);
4839	}
4840	}
4841	for (DbgVariableRecord *DVR :
4842	cast<DIAssignID>(Val: MD)->getAllDbgVariableRecordUsers()) {
4843	CheckDI(DVR->isDbgAssign(),
4844	"!DIAssignID should only be used by Assign DVRs.", MD, DVR);
4845	CheckDI(DVR->getFunction() == I.getFunction(),
4846	"DVRAssign not in same function as inst", DVR, &I);
4847	}
4848	}
4849
4850	void Verifier::visitMMRAMetadata(Instruction &I, MDNode *MD) {
4851	Check(canInstructionHaveMMRAs(I),
4852	"!mmra metadata attached to unexpected instruction kind", I, MD);
4853
4854	// MMRA Metadata should either be a tag, e.g. !{!"foo", !"bar"}, or a
4855	// list of tags such as !2 in the following example:
4856	// !0 = !{!"a", !"b"}
4857	// !1 = !{!"c", !"d"}
4858	// !2 = !{!0, !1}
4859	if (MMRAMetadata::isTagMD(MD))
4860	return;
4861
4862	Check(isa<MDTuple>(MD), "!mmra expected to be a metadata tuple", I, MD);
4863	for (const MDOperand &MDOp : MD->operands())
4864	Check(MMRAMetadata::isTagMD(MDOp.get()),
4865	"!mmra metadata tuple operand is not an MMRA tag", I, MDOp.get());
4866	}
4867
4868	void Verifier::visitCallStackMetadata(MDNode *MD) {
4869	// Call stack metadata should consist of a list of at least 1 constant int
4870	// (representing a hash of the location).
4871	Check(MD->getNumOperands() >= 1,
4872	"call stack metadata should have at least 1 operand", MD);
4873
4874	for (const auto &Op : MD->operands())
4875	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op),
4876	"call stack metadata operand should be constant integer", Op);
4877	}
4878
4879	void Verifier::visitMemProfMetadata(Instruction &I, MDNode *MD) {
4880	Check(isa<CallBase>(I), "!memprof metadata should only exist on calls", &I);
4881	Check(MD->getNumOperands() >= 1,
4882	"!memprof annotations should have at least 1 metadata operand "
4883	"(MemInfoBlock)",
4884	MD);
4885
4886	// Check each MIB
4887	for (auto &MIBOp : MD->operands()) {
4888	MDNode *MIB = dyn_cast<MDNode>(Val: MIBOp);
4889	// The first operand of an MIB should be the call stack metadata.
4890	// There rest of the operands should be MDString tags, and there should be
4891	// at least one.
4892	Check(MIB->getNumOperands() >= 2,
4893	"Each !memprof MemInfoBlock should have at least 2 operands", MIB);
4894
4895	// Check call stack metadata (first operand).
4896	Check(MIB->getOperand(0) != nullptr,
4897	"!memprof MemInfoBlock first operand should not be null", MIB);
4898	Check(isa<MDNode>(MIB->getOperand(0)),
4899	"!memprof MemInfoBlock first operand should be an MDNode", MIB);
4900	MDNode *StackMD = dyn_cast<MDNode>(Val: MIB->getOperand(I: 0));
4901	visitCallStackMetadata(MD: StackMD);
4902
4903	// Check that remaining operands are MDString.
4904	Check(llvm::all_of(llvm::drop_begin(MIB->operands()),
4905	[](const MDOperand &Op) { return isa<MDString>(Op); }),
4906	"Not all !memprof MemInfoBlock operands 1 to N are MDString", MIB);
4907	}
4908	}
4909
4910	void Verifier::visitCallsiteMetadata(Instruction &I, MDNode *MD) {
4911	Check(isa<CallBase>(I), "!callsite metadata should only exist on calls", &I);
4912	// Verify the partial callstack annotated from memprof profiles. This callsite
4913	// is a part of a profiled allocation callstack.
4914	visitCallStackMetadata(MD);
4915	}
4916
4917	void Verifier::visitAnnotationMetadata(MDNode *Annotation) {
4918	Check(isa<MDTuple>(Annotation), "annotation must be a tuple");
4919	Check(Annotation->getNumOperands() >= 1,
4920	"annotation must have at least one operand");
4921	for (const MDOperand &Op : Annotation->operands()) {
4922	bool TupleOfStrings =
4923	isa<MDTuple>(Val: Op.get()) &&
4924	all_of(Range: cast<MDTuple>(Val: Op)->operands(), P: [](auto &Annotation) {
4925	return isa<MDString>(Annotation.get());
4926	});
4927	Check(isa<MDString>(Op.get()) || TupleOfStrings,
4928	"operands must be a string or a tuple of strings");
4929	}
4930	}
4931
4932	void Verifier::visitAliasScopeMetadata(const MDNode *MD) {
4933	unsigned NumOps = MD->getNumOperands();
4934	Check(NumOps >= 2 && NumOps <= 3, "scope must have two or three operands",
4935	MD);
4936	Check(MD->getOperand(0).get() == MD || isa<MDString>(MD->getOperand(0)),
4937	"first scope operand must be self-referential or string", MD);
4938	if (NumOps == 3)
4939	Check(isa<MDString>(MD->getOperand(2)),
4940	"third scope operand must be string (if used)", MD);
4941
4942	MDNode *Domain = dyn_cast<MDNode>(Val: MD->getOperand(I: 1));
4943	Check(Domain != nullptr, "second scope operand must be MDNode", MD);
4944
4945	unsigned NumDomainOps = Domain->getNumOperands();
4946	Check(NumDomainOps >= 1 && NumDomainOps <= 2,
4947	"domain must have one or two operands", Domain);
4948	Check(Domain->getOperand(0).get() == Domain ||
4949	isa<MDString>(Domain->getOperand(0)),
4950	"first domain operand must be self-referential or string", Domain);
4951	if (NumDomainOps == 2)
4952	Check(isa<MDString>(Domain->getOperand(1)),
4953	"second domain operand must be string (if used)", Domain);
4954	}
4955
4956	void Verifier::visitAliasScopeListMetadata(const MDNode *MD) {
4957	for (const MDOperand &Op : MD->operands()) {
4958	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
4959	Check(OpMD != nullptr, "scope list must consist of MDNodes", MD);
4960	visitAliasScopeMetadata(MD: OpMD);
4961	}
4962	}
4963
4964	void Verifier::visitAccessGroupMetadata(const MDNode *MD) {
4965	auto IsValidAccessScope = [](const MDNode *MD) {
4966	return MD->getNumOperands() == 0 && MD->isDistinct();
4967	};
4968
4969	// It must be either an access scope itself...
4970	if (IsValidAccessScope(MD))
4971	return;
4972
4973	// ...or a list of access scopes.
4974	for (const MDOperand &Op : MD->operands()) {
4975	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
4976	Check(OpMD != nullptr, "Access scope list must consist of MDNodes", MD);
4977	Check(IsValidAccessScope(OpMD),
4978	"Access scope list contains invalid access scope", MD);
4979	}
4980	}
4981
4982	/// verifyInstruction - Verify that an instruction is well formed.
4983	///
4984	void Verifier::visitInstruction(Instruction &I) {
4985	BasicBlock *BB = I.getParent();
4986	Check(BB, "Instruction not embedded in basic block!", &I);
4987
4988	if (!isa<PHINode>(Val: I)) { // Check that non-phi nodes are not self referential
4989	for (User *U : I.users()) {
4990	Check(U != (User *)&I || !DT.isReachableFromEntry(BB),
4991	"Only PHI nodes may reference their own value!", &I);
4992	}
4993	}
4994
4995	// Check that void typed values don't have names
4996	Check(!I.getType()->isVoidTy() || !I.hasName(),
4997	"Instruction has a name, but provides a void value!", &I);
4998
4999	// Check that the return value of the instruction is either void or a legal
5000	// value type.
5001	Check(I.getType()->isVoidTy() || I.getType()->isFirstClassType(),
5002	"Instruction returns a non-scalar type!", &I);
5003
5004	// Check that the instruction doesn't produce metadata. Calls are already
5005	// checked against the callee type.
5006	Check(!I.getType()->isMetadataTy() || isa<CallInst>(I) || isa<InvokeInst>(I),
5007	"Invalid use of metadata!", &I);
5008
5009	// Check that all uses of the instruction, if they are instructions
5010	// themselves, actually have parent basic blocks. If the use is not an
5011	// instruction, it is an error!
5012	for (Use &U : I.uses()) {
5013	if (Instruction *Used = dyn_cast<Instruction>(Val: U.getUser()))
5014	Check(Used->getParent() != nullptr,
5015	"Instruction referencing"
5016	" instruction not embedded in a basic block!",
5017	&I, Used);
5018	else {
5019	CheckFailed(Message: "Use of instruction is not an instruction!", V1: U);
5020	return;
5021	}
5022	}
5023
5024	// Get a pointer to the call base of the instruction if it is some form of
5025	// call.
5026	const CallBase *CBI = dyn_cast<CallBase>(Val: &I);
5027
5028	for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i) {
5029	Check(I.getOperand(i) != nullptr, "Instruction has null operand!", &I);
5030
5031	// Check to make sure that only first-class-values are operands to
5032	// instructions.
5033	if (!I.getOperand(i)->getType()->isFirstClassType()) {
5034	Check(false, "Instruction operands must be first-class values!", &I);
5035	}
5036
5037	if (Function *F = dyn_cast<Function>(Val: I.getOperand(i))) {
5038	// This code checks whether the function is used as the operand of a
5039	// clang_arc_attachedcall operand bundle.
5040	auto IsAttachedCallOperand = [](Function *F, const CallBase *CBI,
5041	int Idx) {
5042	return CBI && CBI->isOperandBundleOfType(
5043	ID: LLVMContext::OB_clang_arc_attachedcall, Idx);
5044	};
5045
5046	// Check to make sure that the "address of" an intrinsic function is never
5047	// taken. Ignore cases where the address of the intrinsic function is used
5048	// as the argument of operand bundle "clang.arc.attachedcall" as those
5049	// cases are handled in verifyAttachedCallBundle.
5050	Check((!F->isIntrinsic() ||
5051	(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i)) ||
5052	IsAttachedCallOperand(F, CBI, i)),
5053	"Cannot take the address of an intrinsic!", &I);
5054	Check(!F->isIntrinsic() || isa<CallInst>(I) ||
5055	F->getIntrinsicID() == Intrinsic::donothing ||
5056	F->getIntrinsicID() == Intrinsic::seh_try_begin ||
5057	F->getIntrinsicID() == Intrinsic::seh_try_end ||
5058	F->getIntrinsicID() == Intrinsic::seh_scope_begin ||
5059	F->getIntrinsicID() == Intrinsic::seh_scope_end ||
5060	F->getIntrinsicID() == Intrinsic::coro_resume ||
5061	F->getIntrinsicID() == Intrinsic::coro_destroy ||
5062	F->getIntrinsicID() == Intrinsic::coro_await_suspend_void ||
5063	F->getIntrinsicID() == Intrinsic::coro_await_suspend_bool ||
5064	F->getIntrinsicID() == Intrinsic::coro_await_suspend_handle ||
5065	F->getIntrinsicID() ==
5066	Intrinsic::experimental_patchpoint_void ||
5067	F->getIntrinsicID() == Intrinsic::experimental_patchpoint ||
5068	F->getIntrinsicID() == Intrinsic::experimental_gc_statepoint ||
5069	F->getIntrinsicID() == Intrinsic::wasm_rethrow ||
5070	IsAttachedCallOperand(F, CBI, i),
5071	"Cannot invoke an intrinsic other than donothing, patchpoint, "
5072	"statepoint, coro_resume, coro_destroy or clang.arc.attachedcall",
5073	&I);
5074	Check(F->getParent() == &M, "Referencing function in another module!", &I,
5075	&M, F, F->getParent());
5076	} else if (BasicBlock *OpBB = dyn_cast<BasicBlock>(Val: I.getOperand(i))) {
5077	Check(OpBB->getParent() == BB->getParent(),
5078	"Referring to a basic block in another function!", &I);
5079	} else if (Argument *OpArg = dyn_cast<Argument>(Val: I.getOperand(i))) {
5080	Check(OpArg->getParent() == BB->getParent(),
5081	"Referring to an argument in another function!", &I);
5082	} else if (GlobalValue *GV = dyn_cast<GlobalValue>(Val: I.getOperand(i))) {
5083	Check(GV->getParent() == &M, "Referencing global in another module!", &I,
5084	&M, GV, GV->getParent());
5085	} else if (Instruction *OpInst = dyn_cast<Instruction>(Val: I.getOperand(i))) {
5086	Check(OpInst->getFunction() == BB->getParent(),
5087	"Referring to an instruction in another function!", &I);
5088	verifyDominatesUse(I, i);
5089	} else if (isa<InlineAsm>(Val: I.getOperand(i))) {
5090	Check(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i),
5091	"Cannot take the address of an inline asm!", &I);
5092	} else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(Val: I.getOperand(i))) {
5093	if (CE->getType()->isPtrOrPtrVectorTy()) {
5094	// If we have a ConstantExpr pointer, we need to see if it came from an
5095	// illegal bitcast.
5096	visitConstantExprsRecursively(EntryC: CE);
5097	}
5098	}
5099	}
5100
5101	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_fpmath)) {
5102	Check(I.getType()->isFPOrFPVectorTy(),
5103	"fpmath requires a floating point result!", &I);
5104	Check(MD->getNumOperands() == 1, "fpmath takes one operand!", &I);
5105	if (ConstantFP *CFP0 =
5106	mdconst::dyn_extract_or_null<ConstantFP>(MD: MD->getOperand(I: 0))) {
5107	const APFloat &Accuracy = CFP0->getValueAPF();
5108	Check(&Accuracy.getSemantics() == &APFloat::IEEEsingle(),
5109	"fpmath accuracy must have float type", &I);
5110	Check(Accuracy.isFiniteNonZero() && !Accuracy.isNegative(),
5111	"fpmath accuracy not a positive number!", &I);
5112	} else {
5113	Check(false, "invalid fpmath accuracy!", &I);
5114	}
5115	}
5116
5117	if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_range)) {
5118	Check(isa<LoadInst>(I) || isa<CallInst>(I) || isa<InvokeInst>(I),
5119	"Ranges are only for loads, calls and invokes!", &I);
5120	visitRangeMetadata(I, Range, Ty: I.getType());
5121	}
5122
5123	if (I.hasMetadata(KindID: LLVMContext::MD_invariant_group)) {
5124	Check(isa<LoadInst>(I) || isa<StoreInst>(I),
5125	"invariant.group metadata is only for loads and stores", &I);
5126	}
5127
5128	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nonnull)) {
5129	Check(I.getType()->isPointerTy(), "nonnull applies only to pointer types",
5130	&I);
5131	Check(isa<LoadInst>(I),
5132	"nonnull applies only to load instructions, use attributes"
5133	" for calls or invokes",
5134	&I);
5135	Check(MD->getNumOperands() == 0, "nonnull metadata must be empty", &I);
5136	}
5137
5138	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable))
5139	visitDereferenceableMetadata(I, MD);
5140
5141	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable_or_null))
5142	visitDereferenceableMetadata(I, MD);
5143
5144	if (MDNode *TBAA = I.getMetadata(KindID: LLVMContext::MD_tbaa))
5145	TBAAVerifyHelper.visitTBAAMetadata(I, MD: TBAA);
5146
5147	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_noalias))
5148	visitAliasScopeListMetadata(MD);
5149	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alias_scope))
5150	visitAliasScopeListMetadata(MD);
5151
5152	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_access_group))
5153	visitAccessGroupMetadata(MD);
5154
5155	if (MDNode *AlignMD = I.getMetadata(KindID: LLVMContext::MD_align)) {
5156	Check(I.getType()->isPointerTy(), "align applies only to pointer types",
5157	&I);
5158	Check(isa<LoadInst>(I),
5159	"align applies only to load instructions, "
5160	"use attributes for calls or invokes",
5161	&I);
5162	Check(AlignMD->getNumOperands() == 1, "align takes one operand!", &I);
5163	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: AlignMD->getOperand(I: 0));
5164	Check(CI && CI->getType()->isIntegerTy(64),
5165	"align metadata value must be an i64!", &I);
5166	uint64_t Align = CI->getZExtValue();
5167	Check(isPowerOf2_64(Align), "align metadata value must be a power of 2!",
5168	&I);
5169	Check(Align <= Value::MaximumAlignment,
5170	"alignment is larger that implementation defined limit", &I);
5171	}
5172
5173	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_prof))
5174	visitProfMetadata(I, MD);
5175
5176	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_memprof))
5177	visitMemProfMetadata(I, MD);
5178
5179	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callsite))
5180	visitCallsiteMetadata(I, MD);
5181
5182	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_DIAssignID))
5183	visitDIAssignIDMetadata(I, MD);
5184
5185	if (MDNode *MMRA = I.getMetadata(KindID: LLVMContext::MD_mmra))
5186	visitMMRAMetadata(I, MD: MMRA);
5187
5188	if (MDNode *Annotation = I.getMetadata(KindID: LLVMContext::MD_annotation))
5189	visitAnnotationMetadata(Annotation);
5190
5191	if (MDNode *N = I.getDebugLoc().getAsMDNode()) {
5192	CheckDI(isa<DILocation>(N), "invalid !dbg metadata attachment", &I, N);
5193	visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::Yes);
5194	}
5195
5196	if (auto *DII = dyn_cast<DbgVariableIntrinsic>(Val: &I)) {
5197	verifyFragmentExpression(I: *DII);
5198	verifyNotEntryValue(I: *DII);
5199	}
5200
5201	SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
5202	I.getAllMetadata(MDs);
5203	for (auto Attachment : MDs) {
5204	unsigned Kind = Attachment.first;
5205	auto AllowLocs =
5206	(Kind == LLVMContext::MD_dbg || Kind == LLVMContext::MD_loop)
5207	? AreDebugLocsAllowed::Yes
5208	: AreDebugLocsAllowed::No;
5209	visitMDNode(MD: *Attachment.second, AllowLocs);
5210	}
5211
5212	InstsInThisBlock.insert(Ptr: &I);
5213	}
5214
5215	/// Allow intrinsics to be verified in different ways.
5216	void Verifier::visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call) {
5217	Function *IF = Call.getCalledFunction();
5218	Check(IF->isDeclaration(), "Intrinsic functions should never be defined!",
5219	IF);
5220
5221	// Verify that the intrinsic prototype lines up with what the .td files
5222	// describe.
5223	FunctionType *IFTy = IF->getFunctionType();
5224	bool IsVarArg = IFTy->isVarArg();
5225
5226	SmallVector<Intrinsic::IITDescriptor, 8> Table;
5227	getIntrinsicInfoTableEntries(id: ID, T&: Table);
5228	ArrayRef<Intrinsic::IITDescriptor> TableRef = Table;
5229
5230	// Walk the descriptors to extract overloaded types.
5231	SmallVector<Type *, 4> ArgTys;
5232	Intrinsic::MatchIntrinsicTypesResult Res =
5233	Intrinsic::matchIntrinsicSignature(FTy: IFTy, Infos&: TableRef, ArgTys);
5234	Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchRet,
5235	"Intrinsic has incorrect return type!", IF);
5236	Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchArg,
5237	"Intrinsic has incorrect argument type!", IF);
5238
5239	// Verify if the intrinsic call matches the vararg property.
5240	if (IsVarArg)
5241	Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5242	"Intrinsic was not defined with variable arguments!", IF);
5243	else
5244	Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5245	"Callsite was not defined with variable arguments!", IF);
5246
5247	// All descriptors should be absorbed by now.
5248	Check(TableRef.empty(), "Intrinsic has too few arguments!", IF);
5249
5250	// Now that we have the intrinsic ID and the actual argument types (and we
5251	// know they are legal for the intrinsic!) get the intrinsic name through the
5252	// usual means. This allows us to verify the mangling of argument types into
5253	// the name.
5254	const std::string ExpectedName =
5255	Intrinsic::getName(Id: ID, Tys: ArgTys, M: IF->getParent(), FT: IFTy);
5256	Check(ExpectedName == IF->getName(),
5257	"Intrinsic name not mangled correctly for type arguments! "
5258	"Should be: " +
5259	ExpectedName,
5260	IF);
5261
5262	// If the intrinsic takes MDNode arguments, verify that they are either global
5263	// or are local to *this* function.
5264	for (Value *V : Call.args()) {
5265	if (auto *MD = dyn_cast<MetadataAsValue>(Val: V))
5266	visitMetadataAsValue(MDV: *MD, F: Call.getCaller());
5267	if (auto *Const = dyn_cast<Constant>(Val: V))
5268	Check(!Const->getType()->isX86_AMXTy(),
5269	"const x86_amx is not allowed in argument!");
5270	}
5271
5272	switch (ID) {
5273	default:
5274	break;
5275	case Intrinsic::assume: {
5276	for (auto &Elem : Call.bundle_op_infos()) {
5277	unsigned ArgCount = Elem.End - Elem.Begin;
5278	// Separate storage assumptions are special insofar as they're the only
5279	// operand bundles allowed on assumes that aren't parameter attributes.
5280	if (Elem.Tag->getKey() == "separate_storage") {
5281	Check(ArgCount == 2,
5282	"separate_storage assumptions should have 2 arguments", Call);
5283	Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy() &&
5284	Call.getOperand(Elem.Begin + 1)->getType()->isPointerTy(),
5285	"arguments to separate_storage assumptions should be pointers",
5286	Call);
5287	return;
5288	}
5289	Check(Elem.Tag->getKey() == "ignore" ||
5290	Attribute::isExistingAttribute(Elem.Tag->getKey()),
5291	"tags must be valid attribute names", Call);
5292	Attribute::AttrKind Kind =
5293	Attribute::getAttrKindFromName(AttrName: Elem.Tag->getKey());
5294	if (Kind == Attribute::Alignment) {
5295	Check(ArgCount <= 3 && ArgCount >= 2,
5296	"alignment assumptions should have 2 or 3 arguments", Call);
5297	Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(),
5298	"first argument should be a pointer", Call);
5299	Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(),
5300	"second argument should be an integer", Call);
5301	if (ArgCount == 3)
5302	Check(Call.getOperand(Elem.Begin + 2)->getType()->isIntegerTy(),
5303	"third argument should be an integer if present", Call);
5304	return;
5305	}
5306	Check(ArgCount <= 2, "too many arguments", Call);
5307	if (Kind == Attribute::None)
5308	break;
5309	if (Attribute::isIntAttrKind(Kind)) {
5310	Check(ArgCount == 2, "this attribute should have 2 arguments", Call);
5311	Check(isa<ConstantInt>(Call.getOperand(Elem.Begin + 1)),
5312	"the second argument should be a constant integral value", Call);
5313	} else if (Attribute::canUseAsParamAttr(Kind)) {
5314	Check((ArgCount) == 1, "this attribute should have one argument", Call);
5315	} else if (Attribute::canUseAsFnAttr(Kind)) {
5316	Check((ArgCount) == 0, "this attribute has no argument", Call);
5317	}
5318	}
5319	break;
5320	}
5321	case Intrinsic::ucmp:
5322	case Intrinsic::scmp: {
5323	Type *SrcTy = Call.getOperand(i_nocapture: 0)->getType();
5324	Type *DestTy = Call.getType();
5325
5326	Check(DestTy->getScalarSizeInBits() >= 2,
5327	"result type must be at least 2 bits wide", Call);
5328
5329	bool IsDestTypeVector = DestTy->isVectorTy();
5330	Check(SrcTy->isVectorTy() == IsDestTypeVector,
5331	"ucmp/scmp argument and result types must both be either vector or "
5332	"scalar types",
5333	Call);
5334	if (IsDestTypeVector) {
5335	auto SrcVecLen = cast<VectorType>(Val: SrcTy)->getElementCount();
5336	auto DestVecLen = cast<VectorType>(Val: DestTy)->getElementCount();
5337	Check(SrcVecLen == DestVecLen,
5338	"return type and arguments must have the same number of "
5339	"elements",
5340	Call);
5341	}
5342	break;
5343	}
5344	case Intrinsic::coro_id: {
5345	auto *InfoArg = Call.getArgOperand(i: 3)->stripPointerCasts();
5346	if (isa<ConstantPointerNull>(Val: InfoArg))
5347	break;
5348	auto *GV = dyn_cast<GlobalVariable>(Val: InfoArg);
5349	Check(GV && GV->isConstant() && GV->hasDefinitiveInitializer(),
5350	"info argument of llvm.coro.id must refer to an initialized "
5351	"constant");
5352	Constant *Init = GV->getInitializer();
5353	Check(isa<ConstantStruct>(Init) || isa<ConstantArray>(Init),
5354	"info argument of llvm.coro.id must refer to either a struct or "
5355	"an array");
5356	break;
5357	}
5358	case Intrinsic::is_fpclass: {
5359	const ConstantInt *TestMask = cast<ConstantInt>(Val: Call.getOperand(i_nocapture: 1));
5360	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
5361	"unsupported bits for llvm.is.fpclass test mask");
5362	break;
5363	}
5364	case Intrinsic::fptrunc_round: {
5365	// Check the rounding mode
5366	Metadata *MD = nullptr;
5367	auto *MAV = dyn_cast<MetadataAsValue>(Val: Call.getOperand(i_nocapture: 1));
5368	if (MAV)
5369	MD = MAV->getMetadata();
5370
5371	Check(MD != nullptr, "missing rounding mode argument", Call);
5372
5373	Check(isa<MDString>(MD),
5374	("invalid value for llvm.fptrunc.round metadata operand"
5375	" (the operand should be a string)"),
5376	MD);
5377
5378	std::optional<RoundingMode> RoundMode =
5379	convertStrToRoundingMode(cast<MDString>(Val: MD)->getString());
5380	Check(RoundMode && *RoundMode != RoundingMode::Dynamic,
5381	"unsupported rounding mode argument", Call);
5382	break;
5383	}
5384	#define BEGIN_REGISTER_VP_INTRINSIC(VPID, ...) case Intrinsic::VPID:
5385	#include "llvm/IR/VPIntrinsics.def"
5386	visitVPIntrinsic(VPI&: cast<VPIntrinsic>(Val&: Call));
5387	break;
5388	#define INSTRUCTION(NAME, NARGS, ROUND_MODE, INTRINSIC) \
5389	case Intrinsic::INTRINSIC:
5390	#include "llvm/IR/ConstrainedOps.def"
5391	visitConstrainedFPIntrinsic(FPI&: cast<ConstrainedFPIntrinsic>(Val&: Call));
5392	break;
5393	case Intrinsic::dbg_declare: // llvm.dbg.declare
5394	Check(isa<MetadataAsValue>(Call.getArgOperand(0)),
5395	"invalid llvm.dbg.declare intrinsic call 1", Call);
5396	visitDbgIntrinsic(Kind: "declare", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5397	break;
5398	case Intrinsic::dbg_value: // llvm.dbg.value
5399	visitDbgIntrinsic(Kind: "value", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5400	break;
5401	case Intrinsic::dbg_assign: // llvm.dbg.assign
5402	visitDbgIntrinsic(Kind: "assign", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5403	break;
5404	case Intrinsic::dbg_label: // llvm.dbg.label
5405	visitDbgLabelIntrinsic(Kind: "label", DLI&: cast<DbgLabelInst>(Val&: Call));
5406	break;
5407	case Intrinsic::memcpy:
5408	case Intrinsic::memcpy_inline:
5409	case Intrinsic::memmove:
5410	case Intrinsic::memset:
5411	case Intrinsic::memset_inline: {
5412	break;
5413	}
5414	case Intrinsic::memcpy_element_unordered_atomic:
5415	case Intrinsic::memmove_element_unordered_atomic:
5416	case Intrinsic::memset_element_unordered_atomic: {
5417	const auto *AMI = cast<AtomicMemIntrinsic>(Val: &Call);
5418
5419	ConstantInt *ElementSizeCI =
5420	cast<ConstantInt>(Val: AMI->getRawElementSizeInBytes());
5421	const APInt &ElementSizeVal = ElementSizeCI->getValue();
5422	Check(ElementSizeVal.isPowerOf2(),
5423	"element size of the element-wise atomic memory intrinsic "
5424	"must be a power of 2",
5425	Call);
5426
5427	auto IsValidAlignment = [&](MaybeAlign Alignment) {
5428	return Alignment && ElementSizeVal.ule(RHS: Alignment->value());
5429	};
5430	Check(IsValidAlignment(AMI->getDestAlign()),
5431	"incorrect alignment of the destination argument", Call);
5432	if (const auto *AMT = dyn_cast<AtomicMemTransferInst>(Val: AMI)) {
5433	Check(IsValidAlignment(AMT->getSourceAlign()),
5434	"incorrect alignment of the source argument", Call);
5435	}
5436	break;
5437	}
5438	case Intrinsic::call_preallocated_setup: {
5439	auto *NumArgs = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
5440	Check(NumArgs != nullptr,
5441	"llvm.call.preallocated.setup argument must be a constant");
5442	bool FoundCall = false;
5443	for (User *U : Call.users()) {
5444	auto *UseCall = dyn_cast<CallBase>(Val: U);
5445	Check(UseCall != nullptr,
5446	"Uses of llvm.call.preallocated.setup must be calls");
5447	const Function *Fn = UseCall->getCalledFunction();
5448	if (Fn && Fn->getIntrinsicID() == Intrinsic::call_preallocated_arg) {
5449	auto *AllocArgIndex = dyn_cast<ConstantInt>(Val: UseCall->getArgOperand(i: 1));
5450	Check(AllocArgIndex != nullptr,
5451	"llvm.call.preallocated.alloc arg index must be a constant");
5452	auto AllocArgIndexInt = AllocArgIndex->getValue();
5453	Check(AllocArgIndexInt.sge(0) &&
5454	AllocArgIndexInt.slt(NumArgs->getValue()),
5455	"llvm.call.preallocated.alloc arg index must be between 0 and "
5456	"corresponding "
5457	"llvm.call.preallocated.setup's argument count");
5458	} else if (Fn && Fn->getIntrinsicID() ==
5459	Intrinsic::call_preallocated_teardown) {
5460	// nothing to do
5461	} else {
5462	Check(!FoundCall, "Can have at most one call corresponding to a "
5463	"llvm.call.preallocated.setup");
5464	FoundCall = true;
5465	size_t NumPreallocatedArgs = 0;
5466	for (unsigned i = 0; i < UseCall->arg_size(); i++) {
5467	if (UseCall->paramHasAttr(i, Attribute::Preallocated)) {
5468	++NumPreallocatedArgs;
5469	}
5470	}
5471	Check(NumPreallocatedArgs != 0,
5472	"cannot use preallocated intrinsics on a call without "
5473	"preallocated arguments");
5474	Check(NumArgs->equalsInt(NumPreallocatedArgs),
5475	"llvm.call.preallocated.setup arg size must be equal to number "
5476	"of preallocated arguments "
5477	"at call site",
5478	Call, *UseCall);
5479	// getOperandBundle() cannot be called if more than one of the operand
5480	// bundle exists. There is already a check elsewhere for this, so skip
5481	// here if we see more than one.
5482	if (UseCall->countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) >
5483	1) {
5484	return;
5485	}
5486	auto PreallocatedBundle =
5487	UseCall->getOperandBundle(ID: LLVMContext::OB_preallocated);
5488	Check(PreallocatedBundle,
5489	"Use of llvm.call.preallocated.setup outside intrinsics "
5490	"must be in \"preallocated\" operand bundle");
5491	Check(PreallocatedBundle->Inputs.front().get() == &Call,
5492	"preallocated bundle must have token from corresponding "
5493	"llvm.call.preallocated.setup");
5494	}
5495	}
5496	break;
5497	}
5498	case Intrinsic::call_preallocated_arg: {
5499	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
5500	Check(Token && Token->getCalledFunction()->getIntrinsicID() ==
5501	Intrinsic::call_preallocated_setup,
5502	"llvm.call.preallocated.arg token argument must be a "
5503	"llvm.call.preallocated.setup");
5504	Check(Call.hasFnAttr(Attribute::Preallocated),
5505	"llvm.call.preallocated.arg must be called with a \"preallocated\" "
5506	"call site attribute");
5507	break;
5508	}
5509	case Intrinsic::call_preallocated_teardown: {
5510	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
5511	Check(Token && Token->getCalledFunction()->getIntrinsicID() ==
5512	Intrinsic::call_preallocated_setup,
5513	"llvm.call.preallocated.teardown token argument must be a "
5514	"llvm.call.preallocated.setup");
5515	break;
5516	}
5517	case Intrinsic::gcroot:
5518	case Intrinsic::gcwrite:
5519	case Intrinsic::gcread:
5520	if (ID == Intrinsic::gcroot) {
5521	AllocaInst *AI =
5522	dyn_cast<AllocaInst>(Val: Call.getArgOperand(i: 0)->stripPointerCasts());
5523	Check(AI, "llvm.gcroot parameter #1 must be an alloca.", Call);
5524	Check(isa<Constant>(Call.getArgOperand(1)),
5525	"llvm.gcroot parameter #2 must be a constant.", Call);
5526	if (!AI->getAllocatedType()->isPointerTy()) {
5527	Check(!isa<ConstantPointerNull>(Call.getArgOperand(1)),
5528	"llvm.gcroot parameter #1 must either be a pointer alloca, "
5529	"or argument #2 must be a non-null constant.",
5530	Call);
5531	}
5532	}
5533
5534	Check(Call.getParent()->getParent()->hasGC(),
5535	"Enclosing function does not use GC.", Call);
5536	break;
5537	case Intrinsic::init_trampoline:
5538	Check(isa<Function>(Call.getArgOperand(1)->stripPointerCasts()),
5539	"llvm.init_trampoline parameter #2 must resolve to a function.",
5540	Call);
5541	break;
5542	case Intrinsic::prefetch:
5543	Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
5544	"rw argument to llvm.prefetch must be 0-1", Call);
5545	Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
5546	"locality argument to llvm.prefetch must be 0-3", Call);
5547	Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
5548	"cache type argument to llvm.prefetch must be 0-1", Call);
5549	break;
5550	case Intrinsic::stackprotector:
5551	Check(isa<AllocaInst>(Call.getArgOperand(1)->stripPointerCasts()),
5552	"llvm.stackprotector parameter #2 must resolve to an alloca.", Call);
5553	break;
5554	case Intrinsic::localescape: {
5555	BasicBlock *BB = Call.getParent();
5556	Check(BB->isEntryBlock(), "llvm.localescape used outside of entry block",
5557	Call);
5558	Check(!SawFrameEscape, "multiple calls to llvm.localescape in one function",
5559	Call);
5560	for (Value *Arg : Call.args()) {
5561	if (isa<ConstantPointerNull>(Val: Arg))
5562	continue; // Null values are allowed as placeholders.
5563	auto *AI = dyn_cast<AllocaInst>(Val: Arg->stripPointerCasts());
5564	Check(AI && AI->isStaticAlloca(),
5565	"llvm.localescape only accepts static allocas", Call);
5566	}
5567	FrameEscapeInfo[BB->getParent()].first = Call.arg_size();
5568	SawFrameEscape = true;
5569	break;
5570	}
5571	case Intrinsic::localrecover: {
5572	Value *FnArg = Call.getArgOperand(i: 0)->stripPointerCasts();
5573	Function *Fn = dyn_cast<Function>(Val: FnArg);
5574	Check(Fn && !Fn->isDeclaration(),
5575	"llvm.localrecover first "
5576	"argument must be function defined in this module",
5577	Call);
5578	auto *IdxArg = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5579	auto &Entry = FrameEscapeInfo[Fn];
5580	Entry.second = unsigned(
5581	std::max(a: uint64_t(Entry.second), b: IdxArg->getLimitedValue(Limit: ~0U) + 1));
5582	break;
5583	}
5584
5585	case Intrinsic::experimental_gc_statepoint:
5586	if (auto *CI = dyn_cast<CallInst>(Val: &Call))
5587	Check(!CI->isInlineAsm(),
5588	"gc.statepoint support for inline assembly unimplemented", CI);
5589	Check(Call.getParent()->getParent()->hasGC(),
5590	"Enclosing function does not use GC.", Call);
5591
5592	verifyStatepoint(Call);
5593	break;
5594	case Intrinsic::experimental_gc_result: {
5595	Check(Call.getParent()->getParent()->hasGC(),
5596	"Enclosing function does not use GC.", Call);
5597
5598	auto *Statepoint = Call.getArgOperand(i: 0);
5599	if (isa<UndefValue>(Val: Statepoint))
5600	break;
5601
5602	// Are we tied to a statepoint properly?
5603	const auto *StatepointCall = dyn_cast<CallBase>(Val: Statepoint);
5604	const Function *StatepointFn =
5605	StatepointCall ? StatepointCall->getCalledFunction() : nullptr;
5606	Check(StatepointFn && StatepointFn->isDeclaration() &&
5607	StatepointFn->getIntrinsicID() ==
5608	Intrinsic::experimental_gc_statepoint,
5609	"gc.result operand #1 must be from a statepoint", Call,
5610	Call.getArgOperand(0));
5611
5612	// Check that result type matches wrapped callee.
5613	auto *TargetFuncType =
5614	cast<FunctionType>(Val: StatepointCall->getParamElementType(ArgNo: 2));
5615	Check(Call.getType() == TargetFuncType->getReturnType(),
5616	"gc.result result type does not match wrapped callee", Call);
5617	break;
5618	}
5619	case Intrinsic::experimental_gc_relocate: {
5620	Check(Call.arg_size() == 3, "wrong number of arguments", Call);
5621
5622	Check(isa<PointerType>(Call.getType()->getScalarType()),
5623	"gc.relocate must return a pointer or a vector of pointers", Call);
5624
5625	// Check that this relocate is correctly tied to the statepoint
5626
5627	// This is case for relocate on the unwinding path of an invoke statepoint
5628	if (LandingPadInst *LandingPad =
5629	dyn_cast<LandingPadInst>(Val: Call.getArgOperand(i: 0))) {
5630
5631	const BasicBlock *InvokeBB =
5632	LandingPad->getParent()->getUniquePredecessor();
5633
5634	// Landingpad relocates should have only one predecessor with invoke
5635	// statepoint terminator
5636	Check(InvokeBB, "safepoints should have unique landingpads",
5637	LandingPad->getParent());
5638	Check(InvokeBB->getTerminator(), "safepoint block should be well formed",
5639	InvokeBB);
5640	Check(isa<GCStatepointInst>(InvokeBB->getTerminator()),
5641	"gc relocate should be linked to a statepoint", InvokeBB);
5642	} else {
5643	// In all other cases relocate should be tied to the statepoint directly.
5644	// This covers relocates on a normal return path of invoke statepoint and
5645	// relocates of a call statepoint.
5646	auto *Token = Call.getArgOperand(i: 0);
5647	Check(isa<GCStatepointInst>(Token) || isa<UndefValue>(Token),
5648	"gc relocate is incorrectly tied to the statepoint", Call, Token);
5649	}
5650
5651	// Verify rest of the relocate arguments.
5652	const Value &StatepointCall = *cast<GCRelocateInst>(Val&: Call).getStatepoint();
5653
5654	// Both the base and derived must be piped through the safepoint.
5655	Value *Base = Call.getArgOperand(i: 1);
5656	Check(isa<ConstantInt>(Base),
5657	"gc.relocate operand #2 must be integer offset", Call);
5658
5659	Value *Derived = Call.getArgOperand(i: 2);
5660	Check(isa<ConstantInt>(Derived),
5661	"gc.relocate operand #3 must be integer offset", Call);
5662
5663	const uint64_t BaseIndex = cast<ConstantInt>(Val: Base)->getZExtValue();
5664	const uint64_t DerivedIndex = cast<ConstantInt>(Val: Derived)->getZExtValue();
5665
5666	// Check the bounds
5667	if (isa<UndefValue>(Val: StatepointCall))
5668	break;
5669	if (auto Opt = cast<GCStatepointInst>(Val: StatepointCall)
5670	.getOperandBundle(ID: LLVMContext::OB_gc_live)) {
5671	Check(BaseIndex < Opt->Inputs.size(),
5672	"gc.relocate: statepoint base index out of bounds", Call);
5673	Check(DerivedIndex < Opt->Inputs.size(),
5674	"gc.relocate: statepoint derived index out of bounds", Call);
5675	}
5676
5677	// Relocated value must be either a pointer type or vector-of-pointer type,
5678	// but gc_relocate does not need to return the same pointer type as the
5679	// relocated pointer. It can be casted to the correct type later if it's
5680	// desired. However, they must have the same address space and 'vectorness'
5681	GCRelocateInst &Relocate = cast<GCRelocateInst>(Val&: Call);
5682	auto *ResultType = Call.getType();
5683	auto *DerivedType = Relocate.getDerivedPtr()->getType();
5684	auto *BaseType = Relocate.getBasePtr()->getType();
5685
5686	Check(BaseType->isPtrOrPtrVectorTy(),
5687	"gc.relocate: relocated value must be a pointer", Call);
5688	Check(DerivedType->isPtrOrPtrVectorTy(),
5689	"gc.relocate: relocated value must be a pointer", Call);
5690
5691	Check(ResultType->isVectorTy() == DerivedType->isVectorTy(),
5692	"gc.relocate: vector relocates to vector and pointer to pointer",
5693	Call);
5694	Check(
5695	ResultType->getPointerAddressSpace() ==
5696	DerivedType->getPointerAddressSpace(),
5697	"gc.relocate: relocating a pointer shouldn't change its address space",
5698	Call);
5699
5700	auto GC = llvm::getGCStrategy(Name: Relocate.getFunction()->getGC());
5701	Check(GC, "gc.relocate: calling function must have GCStrategy",
5702	Call.getFunction());
5703	if (GC) {
5704	auto isGCPtr = [&GC](Type *PTy) {
5705	return GC->isGCManagedPointer(Ty: PTy->getScalarType()).value_or(u: true);
5706	};
5707	Check(isGCPtr(ResultType), "gc.relocate: must return gc pointer", Call);
5708	Check(isGCPtr(BaseType),
5709	"gc.relocate: relocated value must be a gc pointer", Call);
5710	Check(isGCPtr(DerivedType),
5711	"gc.relocate: relocated value must be a gc pointer", Call);
5712	}
5713	break;
5714	}
5715	case Intrinsic::experimental_patchpoint: {
5716	if (Call.getCallingConv() == CallingConv::AnyReg) {
5717	Check(Call.getType()->isSingleValueType(),
5718	"patchpoint: invalid return type used with anyregcc", Call);
5719	}
5720	break;
5721	}
5722	case Intrinsic::eh_exceptioncode:
5723	case Intrinsic::eh_exceptionpointer: {
5724	Check(isa<CatchPadInst>(Call.getArgOperand(0)),
5725	"eh.exceptionpointer argument must be a catchpad", Call);
5726	break;
5727	}
5728	case Intrinsic::get_active_lane_mask: {
5729	Check(Call.getType()->isVectorTy(),
5730	"get_active_lane_mask: must return a "
5731	"vector",
5732	Call);
5733	auto *ElemTy = Call.getType()->getScalarType();
5734	Check(ElemTy->isIntegerTy(1),
5735	"get_active_lane_mask: element type is not "
5736	"i1",
5737	Call);
5738	break;
5739	}
5740	case Intrinsic::experimental_get_vector_length: {
5741	ConstantInt *VF = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
5742	Check(!VF->isNegative() && !VF->isZero(),
5743	"get_vector_length: VF must be positive", Call);
5744	break;
5745	}
5746	case Intrinsic::masked_load: {
5747	Check(Call.getType()->isVectorTy(), "masked_load: must return a vector",
5748	Call);
5749
5750	ConstantInt *Alignment = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
5751	Value *Mask = Call.getArgOperand(i: 2);
5752	Value *PassThru = Call.getArgOperand(i: 3);
5753	Check(Mask->getType()->isVectorTy(), "masked_load: mask must be vector",
5754	Call);
5755	Check(Alignment->getValue().isPowerOf2(),
5756	"masked_load: alignment must be a power of 2", Call);
5757	Check(PassThru->getType() == Call.getType(),
5758	"masked_load: pass through and return type must match", Call);
5759	Check(cast<VectorType>(Mask->getType())->getElementCount() ==
5760	cast<VectorType>(Call.getType())->getElementCount(),
5761	"masked_load: vector mask must be same length as return", Call);
5762	break;
5763	}
5764	case Intrinsic::masked_store: {
5765	Value *Val = Call.getArgOperand(i: 0);
5766	ConstantInt *Alignment = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5767	Value *Mask = Call.getArgOperand(i: 3);
5768	Check(Mask->getType()->isVectorTy(), "masked_store: mask must be vector",
5769	Call);
5770	Check(Alignment->getValue().isPowerOf2(),
5771	"masked_store: alignment must be a power of 2", Call);
5772	Check(cast<VectorType>(Mask->getType())->getElementCount() ==
5773	cast<VectorType>(Val->getType())->getElementCount(),
5774	"masked_store: vector mask must be same length as value", Call);
5775	break;
5776	}
5777
5778	case Intrinsic::masked_gather: {
5779	const APInt &Alignment =
5780	cast<ConstantInt>(Val: Call.getArgOperand(i: 1))->getValue();
5781	Check(Alignment.isZero() || Alignment.isPowerOf2(),
5782	"masked_gather: alignment must be 0 or a power of 2", Call);
5783	break;
5784	}
5785	case Intrinsic::masked_scatter: {
5786	const APInt &Alignment =
5787	cast<ConstantInt>(Val: Call.getArgOperand(i: 2))->getValue();
5788	Check(Alignment.isZero() || Alignment.isPowerOf2(),
5789	"masked_scatter: alignment must be 0 or a power of 2", Call);
5790	break;
5791	}
5792
5793	case Intrinsic::experimental_guard: {
5794	Check(isa<CallInst>(Call), "experimental_guard cannot be invoked", Call);
5795	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
5796	"experimental_guard must have exactly one "
5797	"\"deopt\" operand bundle");
5798	break;
5799	}
5800
5801	case Intrinsic::experimental_deoptimize: {
5802	Check(isa<CallInst>(Call), "experimental_deoptimize cannot be invoked",
5803	Call);
5804	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
5805	"experimental_deoptimize must have exactly one "
5806	"\"deopt\" operand bundle");
5807	Check(Call.getType() == Call.getFunction()->getReturnType(),
5808	"experimental_deoptimize return type must match caller return type");
5809
5810	if (isa<CallInst>(Val: Call)) {
5811	auto *RI = dyn_cast<ReturnInst>(Val: Call.getNextNode());
5812	Check(RI,
5813	"calls to experimental_deoptimize must be followed by a return");
5814
5815	if (!Call.getType()->isVoidTy() && RI)
5816	Check(RI->getReturnValue() == &Call,
5817	"calls to experimental_deoptimize must be followed by a return "
5818	"of the value computed by experimental_deoptimize");
5819	}
5820
5821	break;
5822	}
5823	case Intrinsic::vastart: {
5824	Check(Call.getFunction()->isVarArg(),
5825	"va_start called in a non-varargs function");
5826	break;
5827	}
5828	case Intrinsic::vector_reduce_and:
5829	case Intrinsic::vector_reduce_or:
5830	case Intrinsic::vector_reduce_xor:
5831	case Intrinsic::vector_reduce_add:
5832	case Intrinsic::vector_reduce_mul:
5833	case Intrinsic::vector_reduce_smax:
5834	case Intrinsic::vector_reduce_smin:
5835	case Intrinsic::vector_reduce_umax:
5836	case Intrinsic::vector_reduce_umin: {
5837	Type *ArgTy = Call.getArgOperand(i: 0)->getType();
5838	Check(ArgTy->isIntOrIntVectorTy() && ArgTy->isVectorTy(),
5839	"Intrinsic has incorrect argument type!");
5840	break;
5841	}
5842	case Intrinsic::vector_reduce_fmax:
5843	case Intrinsic::vector_reduce_fmin: {
5844	Type *ArgTy = Call.getArgOperand(i: 0)->getType();
5845	Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
5846	"Intrinsic has incorrect argument type!");
5847	break;
5848	}
5849	case Intrinsic::vector_reduce_fadd:
5850	case Intrinsic::vector_reduce_fmul: {
5851	// Unlike the other reductions, the first argument is a start value. The
5852	// second argument is the vector to be reduced.
5853	Type *ArgTy = Call.getArgOperand(i: 1)->getType();
5854	Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
5855	"Intrinsic has incorrect argument type!");
5856	break;
5857	}
5858	case Intrinsic::smul_fix:
5859	case Intrinsic::smul_fix_sat:
5860	case Intrinsic::umul_fix:
5861	case Intrinsic::umul_fix_sat:
5862	case Intrinsic::sdiv_fix:
5863	case Intrinsic::sdiv_fix_sat:
5864	case Intrinsic::udiv_fix:
5865	case Intrinsic::udiv_fix_sat: {
5866	Value *Op1 = Call.getArgOperand(i: 0);
5867	Value *Op2 = Call.getArgOperand(i: 1);
5868	Check(Op1->getType()->isIntOrIntVectorTy(),
5869	"first operand of [us][mul|div]_fix[_sat] must be an int type or "
5870	"vector of ints");
5871	Check(Op2->getType()->isIntOrIntVectorTy(),
5872	"second operand of [us][mul|div]_fix[_sat] must be an int type or "
5873	"vector of ints");
5874
5875	auto *Op3 = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5876	Check(Op3->getType()->isIntegerTy(),
5877	"third operand of [us][mul|div]_fix[_sat] must be an int type");
5878	Check(Op3->getBitWidth() <= 32,
5879	"third operand of [us][mul|div]_fix[_sat] must fit within 32 bits");
5880
5881	if (ID == Intrinsic::smul_fix || ID == Intrinsic::smul_fix_sat ||
5882	ID == Intrinsic::sdiv_fix || ID == Intrinsic::sdiv_fix_sat) {
5883	Check(Op3->getZExtValue() < Op1->getType()->getScalarSizeInBits(),
5884	"the scale of s[mul|div]_fix[_sat] must be less than the width of "
5885	"the operands");
5886	} else {
5887	Check(Op3->getZExtValue() <= Op1->getType()->getScalarSizeInBits(),
5888	"the scale of u[mul|div]_fix[_sat] must be less than or equal "
5889	"to the width of the operands");
5890	}
5891	break;
5892	}
5893	case Intrinsic::lrint:
5894	case Intrinsic::llrint: {
5895	Type *ValTy = Call.getArgOperand(i: 0)->getType();
5896	Type *ResultTy = Call.getType();
5897	Check(
5898	ValTy->isFPOrFPVectorTy() && ResultTy->isIntOrIntVectorTy(),
5899	"llvm.lrint, llvm.llrint: argument must be floating-point or vector "
5900	"of floating-points, and result must be integer or vector of integers",
5901	&Call);
5902	Check(ValTy->isVectorTy() == ResultTy->isVectorTy(),
5903	"llvm.lrint, llvm.llrint: argument and result disagree on vector use",
5904	&Call);
5905	if (ValTy->isVectorTy()) {
5906	Check(cast<VectorType>(ValTy)->getElementCount() ==
5907	cast<VectorType>(ResultTy)->getElementCount(),
5908	"llvm.lrint, llvm.llrint: argument must be same length as result",
5909	&Call);
5910	}
5911	break;
5912	}
5913	case Intrinsic::lround:
5914	case Intrinsic::llround: {
5915	Type *ValTy = Call.getArgOperand(i: 0)->getType();
5916	Type *ResultTy = Call.getType();
5917	Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
5918	"Intrinsic does not support vectors", &Call);
5919	break;
5920	}
5921	case Intrinsic::bswap: {
5922	Type *Ty = Call.getType();
5923	unsigned Size = Ty->getScalarSizeInBits();
5924	Check(Size % 16 == 0, "bswap must be an even number of bytes", &Call);
5925	break;
5926	}
5927	case Intrinsic::invariant_start: {
5928	ConstantInt *InvariantSize = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
5929	Check(InvariantSize &&
5930	(!InvariantSize->isNegative() || InvariantSize->isMinusOne()),
5931	"invariant_start parameter must be -1, 0 or a positive number",
5932	&Call);
5933	break;
5934	}
5935	case Intrinsic::matrix_multiply:
5936	case Intrinsic::matrix_transpose:
5937	case Intrinsic::matrix_column_major_load:
5938	case Intrinsic::matrix_column_major_store: {
5939	Function *IF = Call.getCalledFunction();
5940	ConstantInt *Stride = nullptr;
5941	ConstantInt *NumRows;
5942	ConstantInt *NumColumns;
5943	VectorType *ResultTy;
5944	Type *Op0ElemTy = nullptr;
5945	Type *Op1ElemTy = nullptr;
5946	switch (ID) {
5947	case Intrinsic::matrix_multiply: {
5948	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5949	ConstantInt *N = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
5950	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
5951	Check(cast<FixedVectorType>(Call.getArgOperand(0)->getType())
5952	->getNumElements() ==
5953	NumRows->getZExtValue() * N->getZExtValue(),
5954	"First argument of a matrix operation does not match specified "
5955	"shape!");
5956	Check(cast<FixedVectorType>(Call.getArgOperand(1)->getType())
5957	->getNumElements() ==
5958	N->getZExtValue() * NumColumns->getZExtValue(),
5959	"Second argument of a matrix operation does not match specified "
5960	"shape!");
5961
5962	ResultTy = cast<VectorType>(Val: Call.getType());
5963	Op0ElemTy =
5964	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
5965	Op1ElemTy =
5966	cast<VectorType>(Val: Call.getArgOperand(i: 1)->getType())->getElementType();
5967	break;
5968	}
5969	case Intrinsic::matrix_transpose:
5970	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
5971	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5972	ResultTy = cast<VectorType>(Val: Call.getType());
5973	Op0ElemTy =
5974	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
5975	break;
5976	case Intrinsic::matrix_column_major_load: {
5977	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
5978	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
5979	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
5980	ResultTy = cast<VectorType>(Val: Call.getType());
5981	break;
5982	}
5983	case Intrinsic::matrix_column_major_store: {
5984	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5985	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
5986	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 5));
5987	ResultTy = cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType());
5988	Op0ElemTy =
5989	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
5990	break;
5991	}
5992	default:
5993	llvm_unreachable("unexpected intrinsic");
5994	}
5995
5996	Check(ResultTy->getElementType()->isIntegerTy() ||
5997	ResultTy->getElementType()->isFloatingPointTy(),
5998	"Result type must be an integer or floating-point type!", IF);
5999
6000	if (Op0ElemTy)
6001	Check(ResultTy->getElementType() == Op0ElemTy,
6002	"Vector element type mismatch of the result and first operand "
6003	"vector!",
6004	IF);
6005
6006	if (Op1ElemTy)
6007	Check(ResultTy->getElementType() == Op1ElemTy,
6008	"Vector element type mismatch of the result and second operand "
6009	"vector!",
6010	IF);
6011
6012	Check(cast<FixedVectorType>(ResultTy)->getNumElements() ==
6013	NumRows->getZExtValue() * NumColumns->getZExtValue(),
6014	"Result of a matrix operation does not fit in the returned vector!");
6015
6016	if (Stride)
6017	Check(Stride->getZExtValue() >= NumRows->getZExtValue(),
6018	"Stride must be greater or equal than the number of rows!", IF);
6019
6020	break;
6021	}
6022	case Intrinsic::experimental_vector_splice: {
6023	VectorType *VecTy = cast<VectorType>(Val: Call.getType());
6024	int64_t Idx = cast<ConstantInt>(Val: Call.getArgOperand(i: 2))->getSExtValue();
6025	int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue();
6026	if (Call.getParent() && Call.getParent()->getParent()) {
6027	AttributeList Attrs = Call.getParent()->getParent()->getAttributes();
6028	if (Attrs.hasFnAttr(Attribute::VScaleRange))
6029	KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin();
6030	}
6031	Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) ||
6032	(Idx >= 0 && Idx < KnownMinNumElements),
6033	"The splice index exceeds the range [-VL, VL-1] where VL is the "
6034	"known minimum number of elements in the vector. For scalable "
6035	"vectors the minimum number of elements is determined from "
6036	"vscale_range.",
6037	&Call);
6038	break;
6039	}
6040	case Intrinsic::experimental_stepvector: {
6041	VectorType *VecTy = dyn_cast<VectorType>(Val: Call.getType());
6042	Check(VecTy && VecTy->getScalarType()->isIntegerTy() &&
6043	VecTy->getScalarSizeInBits() >= 8,
6044	"experimental_stepvector only supported for vectors of integers "
6045	"with a bitwidth of at least 8.",
6046	&Call);
6047	break;
6048	}
6049	case Intrinsic::vector_insert: {
6050	Value *Vec = Call.getArgOperand(i: 0);
6051	Value *SubVec = Call.getArgOperand(i: 1);
6052	Value *Idx = Call.getArgOperand(i: 2);
6053	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6054
6055	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6056	VectorType *SubVecTy = cast<VectorType>(Val: SubVec->getType());
6057
6058	ElementCount VecEC = VecTy->getElementCount();
6059	ElementCount SubVecEC = SubVecTy->getElementCount();
6060	Check(VecTy->getElementType() == SubVecTy->getElementType(),
6061	"vector_insert parameters must have the same element "
6062	"type.",
6063	&Call);
6064	Check(IdxN % SubVecEC.getKnownMinValue() == 0,
6065	"vector_insert index must be a constant multiple of "
6066	"the subvector's known minimum vector length.");
6067
6068	// If this insertion is not the 'mixed' case where a fixed vector is
6069	// inserted into a scalable vector, ensure that the insertion of the
6070	// subvector does not overrun the parent vector.
6071	if (VecEC.isScalable() == SubVecEC.isScalable()) {
6072	Check(IdxN < VecEC.getKnownMinValue() &&
6073	IdxN + SubVecEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6074	"subvector operand of vector_insert would overrun the "
6075	"vector being inserted into.");
6076	}
6077	break;
6078	}
6079	case Intrinsic::vector_extract: {
6080	Value *Vec = Call.getArgOperand(i: 0);
6081	Value *Idx = Call.getArgOperand(i: 1);
6082	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6083
6084	VectorType *ResultTy = cast<VectorType>(Val: Call.getType());
6085	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6086
6087	ElementCount VecEC = VecTy->getElementCount();
6088	ElementCount ResultEC = ResultTy->getElementCount();
6089
6090	Check(ResultTy->getElementType() == VecTy->getElementType(),
6091	"vector_extract result must have the same element "
6092	"type as the input vector.",
6093	&Call);
6094	Check(IdxN % ResultEC.getKnownMinValue() == 0,
6095	"vector_extract index must be a constant multiple of "
6096	"the result type's known minimum vector length.");
6097
6098	// If this extraction is not the 'mixed' case where a fixed vector is
6099	// extracted from a scalable vector, ensure that the extraction does not
6100	// overrun the parent vector.
6101	if (VecEC.isScalable() == ResultEC.isScalable()) {
6102	Check(IdxN < VecEC.getKnownMinValue() &&
6103	IdxN + ResultEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6104	"vector_extract would overrun.");
6105	}
6106	break;
6107	}
6108	case Intrinsic::experimental_noalias_scope_decl: {
6109	NoAliasScopeDecls.push_back(Elt: cast<IntrinsicInst>(Val: &Call));
6110	break;
6111	}
6112	case Intrinsic::preserve_array_access_index:
6113	case Intrinsic::preserve_struct_access_index:
6114	case Intrinsic::aarch64_ldaxr:
6115	case Intrinsic::aarch64_ldxr:
6116	case Intrinsic::arm_ldaex:
6117	case Intrinsic::arm_ldrex: {
6118	Type *ElemTy = Call.getParamElementType(ArgNo: 0);
6119	Check(ElemTy, "Intrinsic requires elementtype attribute on first argument.",
6120	&Call);
6121	break;
6122	}
6123	case Intrinsic::aarch64_stlxr:
6124	case Intrinsic::aarch64_stxr:
6125	case Intrinsic::arm_stlex:
6126	case Intrinsic::arm_strex: {
6127	Type *ElemTy = Call.getAttributes().getParamElementType(ArgNo: 1);
6128	Check(ElemTy,
6129	"Intrinsic requires elementtype attribute on second argument.",
6130	&Call);
6131	break;
6132	}
6133	case Intrinsic::aarch64_prefetch: {
6134	Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
6135	"write argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6136	Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
6137	"target argument to llvm.aarch64.prefetch must be 0-3", Call);
6138	Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
6139	"stream argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6140	Check(cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue() < 2,
6141	"isdata argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6142	break;
6143	}
6144	case Intrinsic::callbr_landingpad: {
6145	const auto *CBR = dyn_cast<CallBrInst>(Val: Call.getOperand(i_nocapture: 0));
6146	Check(CBR, "intrinstic requires callbr operand", &Call);
6147	if (!CBR)
6148	break;
6149
6150	const BasicBlock *LandingPadBB = Call.getParent();
6151	const BasicBlock *PredBB = LandingPadBB->getUniquePredecessor();
6152	if (!PredBB) {
6153	CheckFailed(Message: "Intrinsic in block must have 1 unique predecessor", V1: &Call);
6154	break;
6155	}
6156	if (!isa<CallBrInst>(Val: PredBB->getTerminator())) {
6157	CheckFailed(Message: "Intrinsic must have corresponding callbr in predecessor",
6158	V1: &Call);
6159	break;
6160	}
6161	Check(llvm::any_of(CBR->getIndirectDests(),
6162	[LandingPadBB](const BasicBlock *IndDest) {
6163	return IndDest == LandingPadBB;
6164	}),
6165	"Intrinsic's corresponding callbr must have intrinsic's parent basic "
6166	"block in indirect destination list",
6167	&Call);
6168	const Instruction &First = *LandingPadBB->begin();
6169	Check(&First == &Call, "No other instructions may proceed intrinsic",
6170	&Call);
6171	break;
6172	}
6173	case Intrinsic::amdgcn_cs_chain: {
6174	auto CallerCC = Call.getCaller()->getCallingConv();
6175	switch (CallerCC) {
6176	case CallingConv::AMDGPU_CS:
6177	case CallingConv::AMDGPU_CS_Chain:
6178	case CallingConv::AMDGPU_CS_ChainPreserve:
6179	break;
6180	default:
6181	CheckFailed(Message: "Intrinsic can only be used from functions with the "
6182	"amdgpu_cs, amdgpu_cs_chain or amdgpu_cs_chain_preserve "
6183	"calling conventions",
6184	V1: &Call);
6185	break;
6186	}
6187
6188	Check(Call.paramHasAttr(2, Attribute::InReg),
6189	"SGPR arguments must have the `inreg` attribute", &Call);
6190	Check(!Call.paramHasAttr(3, Attribute::InReg),
6191	"VGPR arguments must not have the `inreg` attribute", &Call);
6192	break;
6193	}
6194	case Intrinsic::amdgcn_set_inactive_chain_arg: {
6195	auto CallerCC = Call.getCaller()->getCallingConv();
6196	switch (CallerCC) {
6197	case CallingConv::AMDGPU_CS_Chain:
6198	case CallingConv::AMDGPU_CS_ChainPreserve:
6199	break;
6200	default:
6201	CheckFailed(Message: "Intrinsic can only be used from functions with the "
6202	"amdgpu_cs_chain or amdgpu_cs_chain_preserve "
6203	"calling conventions",
6204	V1: &Call);
6205	break;
6206	}
6207
6208	unsigned InactiveIdx = 1;
6209	Check(!Call.paramHasAttr(InactiveIdx, Attribute::InReg),
6210	"Value for inactive lanes must not have the `inreg` attribute",
6211	&Call);
6212	Check(isa<Argument>(Call.getArgOperand(InactiveIdx)),
6213	"Value for inactive lanes must be a function argument", &Call);
6214	Check(!cast<Argument>(Call.getArgOperand(InactiveIdx))->hasInRegAttr(),
6215	"Value for inactive lanes must be a VGPR function argument", &Call);
6216	break;
6217	}
6218	case Intrinsic::nvvm_setmaxnreg_inc_sync_aligned_u32:
6219	case Intrinsic::nvvm_setmaxnreg_dec_sync_aligned_u32: {
6220	Value *V = Call.getArgOperand(i: 0);
6221	unsigned RegCount = cast<ConstantInt>(Val: V)->getZExtValue();
6222	Check(RegCount % 8 == 0,
6223	"reg_count argument to nvvm.setmaxnreg must be in multiples of 8");
6224	Check((RegCount >= 24 && RegCount <= 256),
6225	"reg_count argument to nvvm.setmaxnreg must be within [24, 256]");
6226	break;
6227	}
6228	case Intrinsic::experimental_convergence_entry:
6229	LLVM_FALLTHROUGH;
6230	case Intrinsic::experimental_convergence_anchor:
6231	break;
6232	case Intrinsic::experimental_convergence_loop:
6233	break;
6234	case Intrinsic::ptrmask: {
6235	Type *Ty0 = Call.getArgOperand(i: 0)->getType();
6236	Type *Ty1 = Call.getArgOperand(i: 1)->getType();
6237	Check(Ty0->isPtrOrPtrVectorTy(),
6238	"llvm.ptrmask intrinsic first argument must be pointer or vector "
6239	"of pointers",
6240	&Call);
6241	Check(
6242	Ty0->isVectorTy() == Ty1->isVectorTy(),
6243	"llvm.ptrmask intrinsic arguments must be both scalars or both vectors",
6244	&Call);
6245	if (Ty0->isVectorTy())
6246	Check(cast<VectorType>(Ty0)->getElementCount() ==
6247	cast<VectorType>(Ty1)->getElementCount(),
6248	"llvm.ptrmask intrinsic arguments must have the same number of "
6249	"elements",
6250	&Call);
6251	Check(DL.getIndexTypeSizeInBits(Ty0) == Ty1->getScalarSizeInBits(),
6252	"llvm.ptrmask intrinsic second argument bitwidth must match "
6253	"pointer index type size of first argument",
6254	&Call);
6255	break;
6256	}
6257	case Intrinsic::threadlocal_address: {
6258	const Value &Arg0 = *Call.getArgOperand(i: 0);
6259	Check(isa<GlobalValue>(Arg0),
6260	"llvm.threadlocal.address first argument must be a GlobalValue");
6261	Check(cast<GlobalValue>(Arg0).isThreadLocal(),
6262	"llvm.threadlocal.address operand isThreadLocal() must be true");
6263	break;
6264	}
6265	};
6266
6267	// Verify that there aren't any unmediated control transfers between funclets.
6268	if (IntrinsicInst::mayLowerToFunctionCall(IID: ID)) {
6269	Function *F = Call.getParent()->getParent();
6270	if (F->hasPersonalityFn() &&
6271	isScopedEHPersonality(Pers: classifyEHPersonality(Pers: F->getPersonalityFn()))) {
6272	// Run EH funclet coloring on-demand and cache results for other intrinsic
6273	// calls in this function
6274	if (BlockEHFuncletColors.empty())
6275	BlockEHFuncletColors = colorEHFunclets(F&: *F);
6276
6277	// Check for catch-/cleanup-pad in first funclet block
6278	bool InEHFunclet = false;
6279	BasicBlock *CallBB = Call.getParent();
6280	const ColorVector &CV = BlockEHFuncletColors.find(Val: CallBB)->second;
6281	assert(CV.size() > 0 && "Uncolored block");
6282	for (BasicBlock *ColorFirstBB : CV)
6283	if (dyn_cast_or_null<FuncletPadInst>(Val: ColorFirstBB->getFirstNonPHI()))
6284	InEHFunclet = true;
6285
6286	// Check for funclet operand bundle
6287	bool HasToken = false;
6288	for (unsigned I = 0, E = Call.getNumOperandBundles(); I != E; ++I)
6289	if (Call.getOperandBundleAt(Index: I).getTagID() == LLVMContext::OB_funclet)
6290	HasToken = true;
6291
6292	// This would cause silent code truncation in WinEHPrepare
6293	if (InEHFunclet)
6294	Check(HasToken, "Missing funclet token on intrinsic call", &Call);
6295	}
6296	}
6297	}
6298
6299	/// Carefully grab the subprogram from a local scope.
6300	///
6301	/// This carefully grabs the subprogram from a local scope, avoiding the
6302	/// built-in assertions that would typically fire.
6303	static DISubprogram *getSubprogram(Metadata *LocalScope) {
6304	if (!LocalScope)
6305	return nullptr;
6306
6307	if (auto *SP = dyn_cast<DISubprogram>(Val: LocalScope))
6308	return SP;
6309
6310	if (auto *LB = dyn_cast<DILexicalBlockBase>(Val: LocalScope))
6311	return getSubprogram(LocalScope: LB->getRawScope());
6312
6313	// Just return null; broken scope chains are checked elsewhere.
6314	assert(!isa<DILocalScope>(LocalScope) && "Unknown type of local scope");
6315	return nullptr;
6316	}
6317
6318	void Verifier::visit(DbgLabelRecord &DLR) {
6319	CheckDI(isa<DILabel>(DLR.getRawLabel()),
6320	"invalid #dbg_label intrinsic variable", &DLR, DLR.getRawLabel());
6321
6322	// Ignore broken !dbg attachments; they're checked elsewhere.
6323	if (MDNode *N = DLR.getDebugLoc().getAsMDNode())
6324	if (!isa<DILocation>(Val: N))
6325	return;
6326
6327	BasicBlock *BB = DLR.getParent();
6328	Function *F = BB ? BB->getParent() : nullptr;
6329
6330	// The scopes for variables and !dbg attachments must agree.
6331	DILabel *Label = DLR.getLabel();
6332	DILocation *Loc = DLR.getDebugLoc();
6333	CheckDI(Loc, "#dbg_label record requires a !dbg attachment", &DLR, BB, F);
6334
6335	DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
6336	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6337	if (!LabelSP || !LocSP)
6338	return;
6339
6340	CheckDI(LabelSP == LocSP,
6341	"mismatched subprogram between #dbg_label label and !dbg attachment",
6342	&DLR, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
6343	Loc->getScope()->getSubprogram());
6344	}
6345
6346	void Verifier::visit(DbgVariableRecord &DVR) {
6347	BasicBlock *BB = DVR.getParent();
6348	Function *F = BB->getParent();
6349
6350	CheckDI(DVR.getType() == DbgVariableRecord::LocationType::Value ||
6351	DVR.getType() == DbgVariableRecord::LocationType::Declare ||
6352	DVR.getType() == DbgVariableRecord::LocationType::Assign,
6353	"invalid #dbg record type", &DVR, DVR.getType());
6354
6355	// The location for a DbgVariableRecord must be either a ValueAsMetadata,
6356	// DIArgList, or an empty MDNode (which is a legacy representation for an
6357	// "undef" location).
6358	auto *MD = DVR.getRawLocation();
6359	CheckDI(MD && (isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) ||
6360	(isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands())),
6361	"invalid #dbg record address/value", &DVR, MD);
6362	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: MD))
6363	visitValueAsMetadata(MD: *VAM, F);
6364	else if (auto *AL = dyn_cast<DIArgList>(Val: MD))
6365	visitDIArgList(AL: *AL, F);
6366
6367	CheckDI(isa_and_nonnull<DILocalVariable>(DVR.getRawVariable()),
6368	"invalid #dbg record variable", &DVR, DVR.getRawVariable());
6369	visitMDNode(MD: *DVR.getRawVariable(), AllowLocs: AreDebugLocsAllowed::No);
6370
6371	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawExpression()),
6372	"invalid #dbg record expression", &DVR, DVR.getRawExpression());
6373	visitMDNode(MD: *DVR.getExpression(), AllowLocs: AreDebugLocsAllowed::No);
6374
6375	if (DVR.isDbgAssign()) {
6376	CheckDI(isa_and_nonnull<DIAssignID>(DVR.getRawAssignID()),
6377	"invalid #dbg_assign DIAssignID", &DVR, DVR.getRawAssignID());
6378	visitMDNode(MD: *cast<DIAssignID>(Val: DVR.getRawAssignID()),
6379	AllowLocs: AreDebugLocsAllowed::No);
6380
6381	const auto *RawAddr = DVR.getRawAddress();
6382	// Similarly to the location above, the address for an assign
6383	// DbgVariableRecord must be a ValueAsMetadata or an empty MDNode, which
6384	// represents an undef address.
6385	CheckDI(
6386	isa<ValueAsMetadata>(RawAddr) ||
6387	(isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
6388	"invalid #dbg_assign address", &DVR, DVR.getRawAddress());
6389	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: RawAddr))
6390	visitValueAsMetadata(MD: *VAM, F);
6391
6392	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawAddressExpression()),
6393	"invalid #dbg_assign address expression", &DVR,
6394	DVR.getRawAddressExpression());
6395	visitMDNode(MD: *DVR.getAddressExpression(), AllowLocs: AreDebugLocsAllowed::No);
6396
6397	// All of the linked instructions should be in the same function as DVR.
6398	for (Instruction *I : at::getAssignmentInsts(DVR: &DVR))
6399	CheckDI(DVR.getFunction() == I->getFunction(),
6400	"inst not in same function as #dbg_assign", I, &DVR);
6401	}
6402
6403	// This check is redundant with one in visitLocalVariable().
6404	DILocalVariable *Var = DVR.getVariable();
6405	CheckDI(isType(Var->getRawType()), "invalid type ref", Var,
6406	Var->getRawType());
6407
6408	auto *DLNode = DVR.getDebugLoc().getAsMDNode();
6409	CheckDI(isa_and_nonnull<DILocation>(DLNode), "invalid #dbg record DILocation",
6410	&DVR, DLNode);
6411	DILocation *Loc = DVR.getDebugLoc();
6412
6413	// The scopes for variables and !dbg attachments must agree.
6414	DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
6415	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6416	if (!VarSP || !LocSP)
6417	return; // Broken scope chains are checked elsewhere.
6418
6419	CheckDI(VarSP == LocSP,
6420	"mismatched subprogram between #dbg record variable and DILocation",
6421	&DVR, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
6422	Loc->getScope()->getSubprogram());
6423
6424	verifyFnArgs(DVR);
6425	}
6426
6427	void Verifier::visitVPIntrinsic(VPIntrinsic &VPI) {
6428	if (auto *VPCast = dyn_cast<VPCastIntrinsic>(Val: &VPI)) {
6429	auto *RetTy = cast<VectorType>(Val: VPCast->getType());
6430	auto *ValTy = cast<VectorType>(Val: VPCast->getOperand(i_nocapture: 0)->getType());
6431	Check(RetTy->getElementCount() == ValTy->getElementCount(),
6432	"VP cast intrinsic first argument and result vector lengths must be "
6433	"equal",
6434	*VPCast);
6435
6436	switch (VPCast->getIntrinsicID()) {
6437	default:
6438	llvm_unreachable("Unknown VP cast intrinsic");
6439	case Intrinsic::vp_trunc:
6440	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
6441	"llvm.vp.trunc intrinsic first argument and result element type "
6442	"must be integer",
6443	*VPCast);
6444	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
6445	"llvm.vp.trunc intrinsic the bit size of first argument must be "
6446	"larger than the bit size of the return type",
6447	*VPCast);
6448	break;
6449	case Intrinsic::vp_zext:
6450	case Intrinsic::vp_sext:
6451	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
6452	"llvm.vp.zext or llvm.vp.sext intrinsic first argument and result "
6453	"element type must be integer",
6454	*VPCast);
6455	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
6456	"llvm.vp.zext or llvm.vp.sext intrinsic the bit size of first "
6457	"argument must be smaller than the bit size of the return type",
6458	*VPCast);
6459	break;
6460	case Intrinsic::vp_fptoui:
6461	case Intrinsic::vp_fptosi:
6462	case Intrinsic::vp_lrint:
6463	case Intrinsic::vp_llrint:
6464	Check(
6465	RetTy->isIntOrIntVectorTy() && ValTy->isFPOrFPVectorTy(),
6466	"llvm.vp.fptoui, llvm.vp.fptosi, llvm.vp.lrint or llvm.vp.llrint" "intrinsic first argument element "
6467	"type must be floating-point and result element type must be integer",
6468	*VPCast);
6469	break;
6470	case Intrinsic::vp_uitofp:
6471	case Intrinsic::vp_sitofp:
6472	Check(
6473	RetTy->isFPOrFPVectorTy() && ValTy->isIntOrIntVectorTy(),
6474	"llvm.vp.uitofp or llvm.vp.sitofp intrinsic first argument element "
6475	"type must be integer and result element type must be floating-point",
6476	*VPCast);
6477	break;
6478	case Intrinsic::vp_fptrunc:
6479	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
6480	"llvm.vp.fptrunc intrinsic first argument and result element type "
6481	"must be floating-point",
6482	*VPCast);
6483	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
6484	"llvm.vp.fptrunc intrinsic the bit size of first argument must be "
6485	"larger than the bit size of the return type",
6486	*VPCast);
6487	break;
6488	case Intrinsic::vp_fpext:
6489	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
6490	"llvm.vp.fpext intrinsic first argument and result element type "
6491	"must be floating-point",
6492	*VPCast);
6493	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
6494	"llvm.vp.fpext intrinsic the bit size of first argument must be "
6495	"smaller than the bit size of the return type",
6496	*VPCast);
6497	break;
6498	case Intrinsic::vp_ptrtoint:
6499	Check(RetTy->isIntOrIntVectorTy() && ValTy->isPtrOrPtrVectorTy(),
6500	"llvm.vp.ptrtoint intrinsic first argument element type must be "
6501	"pointer and result element type must be integer",
6502	*VPCast);
6503	break;
6504	case Intrinsic::vp_inttoptr:
6505	Check(RetTy->isPtrOrPtrVectorTy() && ValTy->isIntOrIntVectorTy(),
6506	"llvm.vp.inttoptr intrinsic first argument element type must be "
6507	"integer and result element type must be pointer",
6508	*VPCast);
6509	break;
6510	}
6511	}
6512	if (VPI.getIntrinsicID() == Intrinsic::vp_fcmp) {
6513	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
6514	Check(CmpInst::isFPPredicate(Pred),
6515	"invalid predicate for VP FP comparison intrinsic", &VPI);
6516	}
6517	if (VPI.getIntrinsicID() == Intrinsic::vp_icmp) {
6518	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
6519	Check(CmpInst::isIntPredicate(Pred),
6520	"invalid predicate for VP integer comparison intrinsic", &VPI);
6521	}
6522	if (VPI.getIntrinsicID() == Intrinsic::vp_is_fpclass) {
6523	auto TestMask = cast<ConstantInt>(Val: VPI.getOperand(i_nocapture: 1));
6524	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
6525	"unsupported bits for llvm.vp.is.fpclass test mask");
6526	}
6527	}
6528
6529	void Verifier::visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI) {
6530	unsigned NumOperands;
6531	bool HasRoundingMD;
6532	switch (FPI.getIntrinsicID()) {
6533	#define INSTRUCTION(NAME, NARG, ROUND_MODE, INTRINSIC) \
6534	case Intrinsic::INTRINSIC: \
6535	NumOperands = NARG; \
6536	HasRoundingMD = ROUND_MODE; \
6537	break;
6538	#include "llvm/IR/ConstrainedOps.def"
6539	default:
6540	llvm_unreachable("Invalid constrained FP intrinsic!");
6541	}
6542	NumOperands += (1 + HasRoundingMD);
6543	// Compare intrinsics carry an extra predicate metadata operand.
6544	if (isa<ConstrainedFPCmpIntrinsic>(Val: FPI))
6545	NumOperands += 1;
6546	Check((FPI.arg_size() == NumOperands),
6547	"invalid arguments for constrained FP intrinsic", &FPI);
6548
6549	switch (FPI.getIntrinsicID()) {
6550	case Intrinsic::experimental_constrained_lrint:
6551	case Intrinsic::experimental_constrained_llrint: {
6552	Type *ValTy = FPI.getArgOperand(i: 0)->getType();
6553	Type *ResultTy = FPI.getType();
6554	Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
6555	"Intrinsic does not support vectors", &FPI);
6556	}
6557	break;
6558
6559	case Intrinsic::experimental_constrained_lround:
6560	case Intrinsic::experimental_constrained_llround: {
6561	Type *ValTy = FPI.getArgOperand(i: 0)->getType();
6562	Type *ResultTy = FPI.getType();
6563	Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
6564	"Intrinsic does not support vectors", &FPI);
6565	break;
6566	}
6567
6568	case Intrinsic::experimental_constrained_fcmp:
6569	case Intrinsic::experimental_constrained_fcmps: {
6570	auto Pred = cast<ConstrainedFPCmpIntrinsic>(Val: &FPI)->getPredicate();
6571	Check(CmpInst::isFPPredicate(Pred),
6572	"invalid predicate for constrained FP comparison intrinsic", &FPI);
6573	break;
6574	}
6575
6576	case Intrinsic::experimental_constrained_fptosi:
6577	case Intrinsic::experimental_constrained_fptoui: {
6578	Value *Operand = FPI.getArgOperand(i: 0);
6579	ElementCount SrcEC;
6580	Check(Operand->getType()->isFPOrFPVectorTy(),
6581	"Intrinsic first argument must be floating point", &FPI);
6582	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
6583	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
6584	}
6585
6586	Operand = &FPI;
6587	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
6588	"Intrinsic first argument and result disagree on vector use", &FPI);
6589	Check(Operand->getType()->isIntOrIntVectorTy(),
6590	"Intrinsic result must be an integer", &FPI);
6591	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
6592	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
6593	"Intrinsic first argument and result vector lengths must be equal",
6594	&FPI);
6595	}
6596	}
6597	break;
6598
6599	case Intrinsic::experimental_constrained_sitofp:
6600	case Intrinsic::experimental_constrained_uitofp: {
6601	Value *Operand = FPI.getArgOperand(i: 0);
6602	ElementCount SrcEC;
6603	Check(Operand->getType()->isIntOrIntVectorTy(),
6604	"Intrinsic first argument must be integer", &FPI);
6605	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
6606	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
6607	}
6608
6609	Operand = &FPI;
6610	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
6611	"Intrinsic first argument and result disagree on vector use", &FPI);
6612	Check(Operand->getType()->isFPOrFPVectorTy(),
6613	"Intrinsic result must be a floating point", &FPI);
6614	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
6615	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
6616	"Intrinsic first argument and result vector lengths must be equal",
6617	&FPI);
6618	}
6619	} break;
6620
6621	case Intrinsic::experimental_constrained_fptrunc:
6622	case Intrinsic::experimental_constrained_fpext: {
6623	Value *Operand = FPI.getArgOperand(i: 0);
6624	Type *OperandTy = Operand->getType();
6625	Value *Result = &FPI;
6626	Type *ResultTy = Result->getType();
6627	Check(OperandTy->isFPOrFPVectorTy(),
6628	"Intrinsic first argument must be FP or FP vector", &FPI);
6629	Check(ResultTy->isFPOrFPVectorTy(),
6630	"Intrinsic result must be FP or FP vector", &FPI);
6631	Check(OperandTy->isVectorTy() == ResultTy->isVectorTy(),
6632	"Intrinsic first argument and result disagree on vector use", &FPI);
6633	if (OperandTy->isVectorTy()) {
6634	Check(cast<VectorType>(OperandTy)->getElementCount() ==
6635	cast<VectorType>(ResultTy)->getElementCount(),
6636	"Intrinsic first argument and result vector lengths must be equal",
6637	&FPI);
6638	}
6639	if (FPI.getIntrinsicID() == Intrinsic::experimental_constrained_fptrunc) {
6640	Check(OperandTy->getScalarSizeInBits() > ResultTy->getScalarSizeInBits(),
6641	"Intrinsic first argument's type must be larger than result type",
6642	&FPI);
6643	} else {
6644	Check(OperandTy->getScalarSizeInBits() < ResultTy->getScalarSizeInBits(),
6645	"Intrinsic first argument's type must be smaller than result type",
6646	&FPI);
6647	}
6648	}
6649	break;
6650
6651	default:
6652	break;
6653	}
6654
6655	// If a non-metadata argument is passed in a metadata slot then the
6656	// error will be caught earlier when the incorrect argument doesn't
6657	// match the specification in the intrinsic call table. Thus, no
6658	// argument type check is needed here.
6659
6660	Check(FPI.getExceptionBehavior().has_value(),
6661	"invalid exception behavior argument", &FPI);
6662	if (HasRoundingMD) {
6663	Check(FPI.getRoundingMode().has_value(), "invalid rounding mode argument",
6664	&FPI);
6665	}
6666	}
6667
6668	void Verifier::visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII) {
6669	auto *MD = DII.getRawLocation();
6670	CheckDI(isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) ||
6671	(isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands()),
6672	"invalid llvm.dbg." + Kind + " intrinsic address/value", &DII, MD);
6673	CheckDI(isa<DILocalVariable>(DII.getRawVariable()),
6674	"invalid llvm.dbg." + Kind + " intrinsic variable", &DII,
6675	DII.getRawVariable());
6676	CheckDI(isa<DIExpression>(DII.getRawExpression()),
6677	"invalid llvm.dbg." + Kind + " intrinsic expression", &DII,
6678	DII.getRawExpression());
6679
6680	if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: &DII)) {
6681	CheckDI(isa<DIAssignID>(DAI->getRawAssignID()),
6682	"invalid llvm.dbg.assign intrinsic DIAssignID", &DII,
6683	DAI->getRawAssignID());
6684	const auto *RawAddr = DAI->getRawAddress();
6685	CheckDI(
6686	isa<ValueAsMetadata>(RawAddr) ||
6687	(isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
6688	"invalid llvm.dbg.assign intrinsic address", &DII,
6689	DAI->getRawAddress());
6690	CheckDI(isa<DIExpression>(DAI->getRawAddressExpression()),
6691	"invalid llvm.dbg.assign intrinsic address expression", &DII,
6692	DAI->getRawAddressExpression());
6693	// All of the linked instructions should be in the same function as DII.
6694	for (Instruction *I : at::getAssignmentInsts(DAI))
6695	CheckDI(DAI->getFunction() == I->getFunction(),
6696	"inst not in same function as dbg.assign", I, DAI);
6697	}
6698
6699	// Ignore broken !dbg attachments; they're checked elsewhere.
6700	if (MDNode *N = DII.getDebugLoc().getAsMDNode())
6701	if (!isa<DILocation>(Val: N))
6702	return;
6703
6704	BasicBlock *BB = DII.getParent();
6705	Function *F = BB ? BB->getParent() : nullptr;
6706
6707	// The scopes for variables and !dbg attachments must agree.
6708	DILocalVariable *Var = DII.getVariable();
6709	DILocation *Loc = DII.getDebugLoc();
6710	CheckDI(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment",
6711	&DII, BB, F);
6712
6713	DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
6714	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6715	if (!VarSP || !LocSP)
6716	return; // Broken scope chains are checked elsewhere.
6717
6718	CheckDI(VarSP == LocSP,
6719	"mismatched subprogram between llvm.dbg." + Kind +
6720	" variable and !dbg attachment",
6721	&DII, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
6722	Loc->getScope()->getSubprogram());
6723
6724	// This check is redundant with one in visitLocalVariable().
6725	CheckDI(isType(Var->getRawType()), "invalid type ref", Var,
6726	Var->getRawType());
6727	verifyFnArgs(I: DII);
6728	}
6729
6730	void Verifier::visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI) {
6731	CheckDI(isa<DILabel>(DLI.getRawLabel()),
6732	"invalid llvm.dbg." + Kind + " intrinsic variable", &DLI,
6733	DLI.getRawLabel());
6734
6735	// Ignore broken !dbg attachments; they're checked elsewhere.
6736	if (MDNode *N = DLI.getDebugLoc().getAsMDNode())
6737	if (!isa<DILocation>(Val: N))
6738	return;
6739
6740	BasicBlock *BB = DLI.getParent();
6741	Function *F = BB ? BB->getParent() : nullptr;
6742
6743	// The scopes for variables and !dbg attachments must agree.
6744	DILabel *Label = DLI.getLabel();
6745	DILocation *Loc = DLI.getDebugLoc();
6746	Check(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment", &DLI,
6747	BB, F);
6748
6749	DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
6750	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6751	if (!LabelSP || !LocSP)
6752	return;
6753
6754	CheckDI(LabelSP == LocSP,
6755	"mismatched subprogram between llvm.dbg." + Kind +
6756	" label and !dbg attachment",
6757	&DLI, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
6758	Loc->getScope()->getSubprogram());
6759	}
6760
6761	void Verifier::verifyFragmentExpression(const DbgVariableIntrinsic &I) {
6762	DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: I.getRawVariable());
6763	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: I.getRawExpression());
6764
6765	// We don't know whether this intrinsic verified correctly.
6766	if (!V || !E || !E->isValid())
6767	return;
6768
6769	// Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
6770	auto Fragment = E->getFragmentInfo();
6771	if (!Fragment)
6772	return;
6773
6774	// The frontend helps out GDB by emitting the members of local anonymous
6775	// unions as artificial local variables with shared storage. When SROA splits
6776	// the storage for artificial local variables that are smaller than the entire
6777	// union, the overhang piece will be outside of the allotted space for the
6778	// variable and this check fails.
6779	// FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
6780	if (V->isArtificial())
6781	return;
6782
6783	verifyFragmentExpression(V: *V, Fragment: *Fragment, Desc: &I);
6784	}
6785	void Verifier::verifyFragmentExpression(const DbgVariableRecord &DVR) {
6786	DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: DVR.getRawVariable());
6787	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
6788
6789	// We don't know whether this intrinsic verified correctly.
6790	if (!V || !E || !E->isValid())
6791	return;
6792
6793	// Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
6794	auto Fragment = E->getFragmentInfo();
6795	if (!Fragment)
6796	return;
6797
6798	// The frontend helps out GDB by emitting the members of local anonymous
6799	// unions as artificial local variables with shared storage. When SROA splits
6800	// the storage for artificial local variables that are smaller than the entire
6801	// union, the overhang piece will be outside of the allotted space for the
6802	// variable and this check fails.
6803	// FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
6804	if (V->isArtificial())
6805	return;
6806
6807	verifyFragmentExpression(V: *V, Fragment: *Fragment, Desc: &DVR);
6808	}
6809
6810	template <typename ValueOrMetadata>
6811	void Verifier::verifyFragmentExpression(const DIVariable &V,
6812	DIExpression::FragmentInfo Fragment,
6813	ValueOrMetadata *Desc) {
6814	// If there's no size, the type is broken, but that should be checked
6815	// elsewhere.
6816	auto VarSize = V.getSizeInBits();
6817	if (!VarSize)
6818	return;
6819
6820	unsigned FragSize = Fragment.SizeInBits;
6821	unsigned FragOffset = Fragment.OffsetInBits;
6822	CheckDI(FragSize + FragOffset <= *VarSize,
6823	"fragment is larger than or outside of variable", Desc, &V);
6824	CheckDI(FragSize != *VarSize, "fragment covers entire variable", Desc, &V);
6825	}
6826
6827	void Verifier::verifyFnArgs(const DbgVariableIntrinsic &I) {
6828	// This function does not take the scope of noninlined function arguments into
6829	// account. Don't run it if current function is nodebug, because it may
6830	// contain inlined debug intrinsics.
6831	if (!HasDebugInfo)
6832	return;
6833
6834	// For performance reasons only check non-inlined ones.
6835	if (I.getDebugLoc()->getInlinedAt())
6836	return;
6837
6838	DILocalVariable *Var = I.getVariable();
6839	CheckDI(Var, "dbg intrinsic without variable");
6840
6841	unsigned ArgNo = Var->getArg();
6842	if (!ArgNo)
6843	return;
6844
6845	// Verify there are no duplicate function argument debug info entries.
6846	// These will cause hard-to-debug assertions in the DWARF backend.
6847	if (DebugFnArgs.size() < ArgNo)
6848	DebugFnArgs.resize(N: ArgNo, NV: nullptr);
6849
6850	auto *Prev = DebugFnArgs[ArgNo - 1];
6851	DebugFnArgs[ArgNo - 1] = Var;
6852	CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &I,
6853	Prev, Var);
6854	}
6855	void Verifier::verifyFnArgs(const DbgVariableRecord &DVR) {
6856	// This function does not take the scope of noninlined function arguments into
6857	// account. Don't run it if current function is nodebug, because it may
6858	// contain inlined debug intrinsics.
6859	if (!HasDebugInfo)
6860	return;
6861
6862	// For performance reasons only check non-inlined ones.
6863	if (DVR.getDebugLoc()->getInlinedAt())
6864	return;
6865
6866	DILocalVariable *Var = DVR.getVariable();
6867	CheckDI(Var, "#dbg record without variable");
6868
6869	unsigned ArgNo = Var->getArg();
6870	if (!ArgNo)
6871	return;
6872
6873	// Verify there are no duplicate function argument debug info entries.
6874	// These will cause hard-to-debug assertions in the DWARF backend.
6875	if (DebugFnArgs.size() < ArgNo)
6876	DebugFnArgs.resize(N: ArgNo, NV: nullptr);
6877
6878	auto *Prev = DebugFnArgs[ArgNo - 1];
6879	DebugFnArgs[ArgNo - 1] = Var;
6880	CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &DVR,
6881	Prev, Var);
6882	}
6883
6884	void Verifier::verifyNotEntryValue(const DbgVariableIntrinsic &I) {
6885	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: I.getRawExpression());
6886
6887	// We don't know whether this intrinsic verified correctly.
6888	if (!E || !E->isValid())
6889	return;
6890
6891	if (isa<ValueAsMetadata>(Val: I.getRawLocation())) {
6892	Value *VarValue = I.getVariableLocationOp(OpIdx: 0);
6893	if (isa<UndefValue>(Val: VarValue) || isa<PoisonValue>(Val: VarValue))
6894	return;
6895	// We allow EntryValues for swift async arguments, as they have an
6896	// ABI-guarantee to be turned into a specific register.
6897	if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
6898	ArgLoc && ArgLoc->hasAttribute(Attribute::SwiftAsync))
6899	return;
6900	}
6901
6902	CheckDI(!E->isEntryValue(),
6903	"Entry values are only allowed in MIR unless they target a "
6904	"swiftasync Argument",
6905	&I);
6906	}
6907	void Verifier::verifyNotEntryValue(const DbgVariableRecord &DVR) {
6908	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
6909
6910	// We don't know whether this intrinsic verified correctly.
6911	if (!E || !E->isValid())
6912	return;
6913
6914	if (isa<ValueAsMetadata>(Val: DVR.getRawLocation())) {
6915	Value *VarValue = DVR.getVariableLocationOp(OpIdx: 0);
6916	if (isa<UndefValue>(Val: VarValue) || isa<PoisonValue>(Val: VarValue))
6917	return;
6918	// We allow EntryValues for swift async arguments, as they have an
6919	// ABI-guarantee to be turned into a specific register.
6920	if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
6921	ArgLoc && ArgLoc->hasAttribute(Attribute::SwiftAsync))
6922	return;
6923	}
6924
6925	CheckDI(!E->isEntryValue(),
6926	"Entry values are only allowed in MIR unless they target a "
6927	"swiftasync Argument",
6928	&DVR);
6929	}
6930
6931	void Verifier::verifyCompileUnits() {
6932	// When more than one Module is imported into the same context, such as during
6933	// an LTO build before linking the modules, ODR type uniquing may cause types
6934	// to point to a different CU. This check does not make sense in this case.
6935	if (M.getContext().isODRUniquingDebugTypes())
6936	return;
6937	auto *CUs = M.getNamedMetadata(Name: "llvm.dbg.cu");
6938	SmallPtrSet<const Metadata *, 2> Listed;
6939	if (CUs)
6940	Listed.insert(I: CUs->op_begin(), E: CUs->op_end());
6941	for (const auto *CU : CUVisited)
6942	CheckDI(Listed.count(CU), "DICompileUnit not listed in llvm.dbg.cu", CU);
6943	CUVisited.clear();
6944	}
6945
6946	void Verifier::verifyDeoptimizeCallingConvs() {
6947	if (DeoptimizeDeclarations.empty())
6948	return;
6949
6950	const Function *First = DeoptimizeDeclarations[0];
6951	for (const auto *F : ArrayRef(DeoptimizeDeclarations).slice(N: 1)) {
6952	Check(First->getCallingConv() == F->getCallingConv(),
6953	"All llvm.experimental.deoptimize declarations must have the same "
6954	"calling convention",
6955	First, F);
6956	}
6957	}
6958
6959	void Verifier::verifyAttachedCallBundle(const CallBase &Call,
6960	const OperandBundleUse &BU) {
6961	FunctionType *FTy = Call.getFunctionType();
6962
6963	Check((FTy->getReturnType()->isPointerTy() ||
6964	(Call.doesNotReturn() && FTy->getReturnType()->isVoidTy())),
6965	"a call with operand bundle \"clang.arc.attachedcall\" must call a "
6966	"function returning a pointer or a non-returning function that has a "
6967	"void return type",
6968	Call);
6969
6970	Check(BU.Inputs.size() == 1 && isa<Function>(BU.Inputs.front()),
6971	"operand bundle \"clang.arc.attachedcall\" requires one function as "
6972	"an argument",
6973	Call);
6974
6975	auto *Fn = cast<Function>(Val: BU.Inputs.front());
6976	Intrinsic::ID IID = Fn->getIntrinsicID();
6977
6978	if (IID) {
6979	Check((IID == Intrinsic::objc_retainAutoreleasedReturnValue ||
6980	IID == Intrinsic::objc_unsafeClaimAutoreleasedReturnValue),
6981	"invalid function argument", Call);
6982	} else {
6983	StringRef FnName = Fn->getName();
6984	Check((FnName == "objc_retainAutoreleasedReturnValue" ||
6985	FnName == "objc_unsafeClaimAutoreleasedReturnValue"),
6986	"invalid function argument", Call);
6987	}
6988	}
6989
6990	void Verifier::verifyNoAliasScopeDecl() {
6991	if (NoAliasScopeDecls.empty())
6992	return;
6993
6994	// only a single scope must be declared at a time.
6995	for (auto *II : NoAliasScopeDecls) {
6996	assert(II->getIntrinsicID() == Intrinsic::experimental_noalias_scope_decl &&
6997	"Not a llvm.experimental.noalias.scope.decl ?");
6998	const auto *ScopeListMV = dyn_cast<MetadataAsValue>(
6999	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7000	Check(ScopeListMV != nullptr,
7001	"llvm.experimental.noalias.scope.decl must have a MetadataAsValue "
7002	"argument",
7003	II);
7004
7005	const auto *ScopeListMD = dyn_cast<MDNode>(Val: ScopeListMV->getMetadata());
7006	Check(ScopeListMD != nullptr, "!id.scope.list must point to an MDNode", II);
7007	Check(ScopeListMD->getNumOperands() == 1,
7008	"!id.scope.list must point to a list with a single scope", II);
7009	visitAliasScopeListMetadata(MD: ScopeListMD);
7010	}
7011
7012	// Only check the domination rule when requested. Once all passes have been
7013	// adapted this option can go away.
7014	if (!VerifyNoAliasScopeDomination)
7015	return;
7016
7017	// Now sort the intrinsics based on the scope MDNode so that declarations of
7018	// the same scopes are next to each other.
7019	auto GetScope = [](IntrinsicInst *II) {
7020	const auto *ScopeListMV = cast<MetadataAsValue>(
7021	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7022	return &cast<MDNode>(Val: ScopeListMV->getMetadata())->getOperand(I: 0);
7023	};
7024
7025	// We are sorting on MDNode pointers here. For valid input IR this is ok.
7026	// TODO: Sort on Metadata ID to avoid non-deterministic error messages.
7027	auto Compare = [GetScope](IntrinsicInst *Lhs, IntrinsicInst *Rhs) {
7028	return GetScope(Lhs) < GetScope(Rhs);
7029	};
7030
7031	llvm::sort(C&: NoAliasScopeDecls, Comp: Compare);
7032
7033	// Go over the intrinsics and check that for the same scope, they are not
7034	// dominating each other.
7035	auto ItCurrent = NoAliasScopeDecls.begin();
7036	while (ItCurrent != NoAliasScopeDecls.end()) {
7037	auto CurScope = GetScope(*ItCurrent);
7038	auto ItNext = ItCurrent;
7039	do {
7040	++ItNext;
7041	} while (ItNext != NoAliasScopeDecls.end() &&
7042	GetScope(*ItNext) == CurScope);
7043
7044	// [ItCurrent, ItNext) represents the declarations for the same scope.
7045	// Ensure they are not dominating each other.. but only if it is not too
7046	// expensive.
7047	if (ItNext - ItCurrent < 32)
7048	for (auto *I : llvm::make_range(x: ItCurrent, y: ItNext))
7049	for (auto *J : llvm::make_range(x: ItCurrent, y: ItNext))
7050	if (I != J)
7051	Check(!DT.dominates(I, J),
7052	"llvm.experimental.noalias.scope.decl dominates another one "
7053	"with the same scope",
7054	I);
7055	ItCurrent = ItNext;
7056	}
7057	}
7058
7059	//===----------------------------------------------------------------------===//
7060	// Implement the public interfaces to this file...
7061	//===----------------------------------------------------------------------===//
7062
7063	bool llvm::verifyFunction(const Function &f, raw_ostream *OS) {
7064	Function &F = const_cast<Function &>(f);
7065
7066	// Don't use a raw_null_ostream. Printing IR is expensive.
7067	Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/true, *f.getParent());
7068
7069	// Note that this function's return value is inverted from what you would
7070	// expect of a function called "verify".
7071	return !V.verify(F);
7072	}
7073
7074	bool llvm::verifyModule(const Module &M, raw_ostream *OS,
7075	bool *BrokenDebugInfo) {
7076	// Don't use a raw_null_ostream. Printing IR is expensive.
7077	Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/!BrokenDebugInfo, M);
7078
7079	bool Broken = false;
7080	for (const Function &F : M)
7081	Broken |= !V.verify(F);
7082
7083	Broken |= !V.verify();
7084	if (BrokenDebugInfo)
7085	*BrokenDebugInfo = V.hasBrokenDebugInfo();
7086	// Note that this function's return value is inverted from what you would
7087	// expect of a function called "verify".
7088	return Broken;
7089	}
7090
7091	namespace {
7092
7093	struct VerifierLegacyPass : public FunctionPass {
7094	static char ID;
7095
7096	std::unique_ptr<Verifier> V;
7097	bool FatalErrors = true;
7098
7099	VerifierLegacyPass() : FunctionPass(ID) {
7100	initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7101	}
7102	explicit VerifierLegacyPass(bool FatalErrors)
7103	: FunctionPass(ID),
7104	FatalErrors(FatalErrors) {
7105	initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7106	}
7107
7108	bool doInitialization(Module &M) override {
7109	V = std::make_unique<Verifier>(
7110	args: &dbgs(), /*ShouldTreatBrokenDebugInfoAsError=*/args: false, args&: M);
7111	return false;
7112	}
7113
7114	bool runOnFunction(Function &F) override {
7115	if (!V->verify(F) && FatalErrors) {
7116	errs() << "in function " << F.getName() << '\n';
7117	report_fatal_error(reason: "Broken function found, compilation aborted!");
7118	}
7119	return false;
7120	}
7121
7122	bool doFinalization(Module &M) override {
7123	bool HasErrors = false;
7124	for (Function &F : M)
7125	if (F.isDeclaration())
7126	HasErrors |= !V->verify(F);
7127
7128	HasErrors |= !V->verify();
7129	if (FatalErrors && (HasErrors || V->hasBrokenDebugInfo()))
7130	report_fatal_error(reason: "Broken module found, compilation aborted!");
7131	return false;
7132	}
7133
7134	void getAnalysisUsage(AnalysisUsage &AU) const override {
7135	AU.setPreservesAll();
7136	}
7137	};
7138
7139	} // end anonymous namespace
7140
7141	/// Helper to issue failure from the TBAA verification
7142	template <typename... Tys> void TBAAVerifier::CheckFailed(Tys &&... Args) {
7143	if (Diagnostic)
7144	return Diagnostic->CheckFailed(Args...);
7145	}
7146
7147	#define CheckTBAA(C, ...) \
7148	do { \
7149	if (!(C)) { \
7150	CheckFailed(__VA_ARGS__); \
7151	return false; \
7152	} \
7153	} while (false)
7154
7155	/// Verify that \p BaseNode can be used as the "base type" in the struct-path
7156	/// TBAA scheme. This means \p BaseNode is either a scalar node, or a
7157	/// struct-type node describing an aggregate data structure (like a struct).
7158	TBAAVerifier::TBAABaseNodeSummary
7159	TBAAVerifier::verifyTBAABaseNode(Instruction &I, const MDNode *BaseNode,
7160	bool IsNewFormat) {
7161	if (BaseNode->getNumOperands() < 2) {
7162	CheckFailed(Args: "Base nodes must have at least two operands", Args: &I, Args&: BaseNode);
7163	return {true, ~0u};
7164	}
7165
7166	auto Itr = TBAABaseNodes.find(Val: BaseNode);
7167	if (Itr != TBAABaseNodes.end())
7168	return Itr->second;
7169
7170	auto Result = verifyTBAABaseNodeImpl(I, BaseNode, IsNewFormat);
7171	auto InsertResult = TBAABaseNodes.insert(KV: {BaseNode, Result});
7172	(void)InsertResult;
7173	assert(InsertResult.second && "We just checked!");
7174	return Result;
7175	}
7176
7177	TBAAVerifier::TBAABaseNodeSummary
7178	TBAAVerifier::verifyTBAABaseNodeImpl(Instruction &I, const MDNode *BaseNode,
7179	bool IsNewFormat) {
7180	const TBAAVerifier::TBAABaseNodeSummary InvalidNode = {true, ~0u};
7181
7182	if (BaseNode->getNumOperands() == 2) {
7183	// Scalar nodes can only be accessed at offset 0.
7184	return isValidScalarTBAANode(MD: BaseNode)
7185	? TBAAVerifier::TBAABaseNodeSummary({false, 0})
7186	: InvalidNode;
7187	}
7188
7189	if (IsNewFormat) {
7190	if (BaseNode->getNumOperands() % 3 != 0) {
7191	CheckFailed(Args: "Access tag nodes must have the number of operands that is a "
7192	"multiple of 3!", Args&: BaseNode);
7193	return InvalidNode;
7194	}
7195	} else {
7196	if (BaseNode->getNumOperands() % 2 != 1) {
7197	CheckFailed(Args: "Struct tag nodes must have an odd number of operands!",
7198	Args&: BaseNode);
7199	return InvalidNode;
7200	}
7201	}
7202
7203	// Check the type size field.
7204	if (IsNewFormat) {
7205	auto *TypeSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7206	MD: BaseNode->getOperand(I: 1));
7207	if (!TypeSizeNode) {
7208	CheckFailed(Args: "Type size nodes must be constants!", Args: &I, Args&: BaseNode);
7209	return InvalidNode;
7210	}
7211	}
7212
7213	// Check the type name field. In the new format it can be anything.
7214	if (!IsNewFormat && !isa<MDString>(Val: BaseNode->getOperand(I: 0))) {
7215	CheckFailed(Args: "Struct tag nodes have a string as their first operand",
7216	Args&: BaseNode);
7217	return InvalidNode;
7218	}
7219
7220	bool Failed = false;
7221
7222	std::optional<APInt> PrevOffset;
7223	unsigned BitWidth = ~0u;
7224
7225	// We've already checked that BaseNode is not a degenerate root node with one
7226	// operand in \c verifyTBAABaseNode, so this loop should run at least once.
7227	unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
7228	unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
7229	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7230	Idx += NumOpsPerField) {
7231	const MDOperand &FieldTy = BaseNode->getOperand(I: Idx);
7232	const MDOperand &FieldOffset = BaseNode->getOperand(I: Idx + 1);
7233	if (!isa<MDNode>(Val: FieldTy)) {
7234	CheckFailed(Args: "Incorrect field entry in struct type node!", Args: &I, Args&: BaseNode);
7235	Failed = true;
7236	continue;
7237	}
7238
7239	auto *OffsetEntryCI =
7240	mdconst::dyn_extract_or_null<ConstantInt>(MD: FieldOffset);
7241	if (!OffsetEntryCI) {
7242	CheckFailed(Args: "Offset entries must be constants!", Args: &I, Args&: BaseNode);
7243	Failed = true;
7244	continue;
7245	}
7246
7247	if (BitWidth == ~0u)
7248	BitWidth = OffsetEntryCI->getBitWidth();
7249
7250	if (OffsetEntryCI->getBitWidth() != BitWidth) {
7251	CheckFailed(
7252	Args: "Bitwidth between the offsets and struct type entries must match", Args: &I,
7253	Args&: BaseNode);
7254	Failed = true;
7255	continue;
7256	}
7257
7258	// NB! As far as I can tell, we generate a non-strictly increasing offset
7259	// sequence only from structs that have zero size bit fields. When
7260	// recursing into a contained struct in \c getFieldNodeFromTBAABaseNode we
7261	// pick the field lexically the latest in struct type metadata node. This
7262	// mirrors the actual behavior of the alias analysis implementation.
7263	bool IsAscending =
7264	!PrevOffset || PrevOffset->ule(RHS: OffsetEntryCI->getValue());
7265
7266	if (!IsAscending) {
7267	CheckFailed(Args: "Offsets must be increasing!", Args: &I, Args&: BaseNode);
7268	Failed = true;
7269	}
7270
7271	PrevOffset = OffsetEntryCI->getValue();
7272
7273	if (IsNewFormat) {
7274	auto *MemberSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7275	MD: BaseNode->getOperand(I: Idx + 2));
7276	if (!MemberSizeNode) {
7277	CheckFailed(Args: "Member size entries must be constants!", Args: &I, Args&: BaseNode);
7278	Failed = true;
7279	continue;
7280	}
7281	}
7282	}
7283
7284	return Failed ? InvalidNode
7285	: TBAAVerifier::TBAABaseNodeSummary(false, BitWidth);
7286	}
7287
7288	static bool IsRootTBAANode(const MDNode *MD) {
7289	return MD->getNumOperands() < 2;
7290	}
7291
7292	static bool IsScalarTBAANodeImpl(const MDNode *MD,
7293	SmallPtrSetImpl<const MDNode *> &Visited) {
7294	if (MD->getNumOperands() != 2 && MD->getNumOperands() != 3)
7295	return false;
7296
7297	if (!isa<MDString>(Val: MD->getOperand(I: 0)))
7298	return false;
7299
7300	if (MD->getNumOperands() == 3) {
7301	auto *Offset = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 2));
7302	if (!(Offset && Offset->isZero() && isa<MDString>(Val: MD->getOperand(I: 0))))
7303	return false;
7304	}
7305
7306	auto *Parent = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
7307	return Parent && Visited.insert(Ptr: Parent).second &&
7308	(IsRootTBAANode(MD: Parent) || IsScalarTBAANodeImpl(MD: Parent, Visited));
7309	}
7310
7311	bool TBAAVerifier::isValidScalarTBAANode(const MDNode *MD) {
7312	auto ResultIt = TBAAScalarNodes.find(Val: MD);
7313	if (ResultIt != TBAAScalarNodes.end())
7314	return ResultIt->second;
7315
7316	SmallPtrSet<const MDNode *, 4> Visited;
7317	bool Result = IsScalarTBAANodeImpl(MD, Visited);
7318	auto InsertResult = TBAAScalarNodes.insert(KV: {MD, Result});
7319	(void)InsertResult;
7320	assert(InsertResult.second && "Just checked!");
7321
7322	return Result;
7323	}
7324
7325	/// Returns the field node at the offset \p Offset in \p BaseNode. Update \p
7326	/// Offset in place to be the offset within the field node returned.
7327	///
7328	/// We assume we've okayed \p BaseNode via \c verifyTBAABaseNode.
7329	MDNode *TBAAVerifier::getFieldNodeFromTBAABaseNode(Instruction &I,
7330	const MDNode *BaseNode,
7331	APInt &Offset,
7332	bool IsNewFormat) {
7333	assert(BaseNode->getNumOperands() >= 2 && "Invalid base node!");
7334
7335	// Scalar nodes have only one possible "field" -- their parent in the access
7336	// hierarchy. Offset must be zero at this point, but our caller is supposed
7337	// to check that.
7338	if (BaseNode->getNumOperands() == 2)
7339	return cast<MDNode>(Val: BaseNode->getOperand(I: 1));
7340
7341	unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
7342	unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
7343	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7344	Idx += NumOpsPerField) {
7345	auto *OffsetEntryCI =
7346	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: Idx + 1));
7347	if (OffsetEntryCI->getValue().ugt(RHS: Offset)) {
7348	if (Idx == FirstFieldOpNo) {
7349	CheckFailed(Args: "Could not find TBAA parent in struct type node", Args: &I,
7350	Args&: BaseNode, Args: &Offset);
7351	return nullptr;
7352	}
7353
7354	unsigned PrevIdx = Idx - NumOpsPerField;
7355	auto *PrevOffsetEntryCI =
7356	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: PrevIdx + 1));
7357	Offset -= PrevOffsetEntryCI->getValue();
7358	return cast<MDNode>(Val: BaseNode->getOperand(I: PrevIdx));
7359	}
7360	}
7361
7362	unsigned LastIdx = BaseNode->getNumOperands() - NumOpsPerField;
7363	auto *LastOffsetEntryCI = mdconst::extract<ConstantInt>(
7364	MD: BaseNode->getOperand(I: LastIdx + 1));
7365	Offset -= LastOffsetEntryCI->getValue();
7366	return cast<MDNode>(Val: BaseNode->getOperand(I: LastIdx));
7367	}
7368
7369	static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) {
7370	if (!Type || Type->getNumOperands() < 3)
7371	return false;
7372
7373	// In the new format type nodes shall have a reference to the parent type as
7374	// its first operand.
7375	return isa_and_nonnull<MDNode>(Val: Type->getOperand(I: 0));
7376	}
7377
7378	bool TBAAVerifier::visitTBAAMetadata(Instruction &I, const MDNode *MD) {
7379	CheckTBAA(MD->getNumOperands() > 0, "TBAA metadata cannot have 0 operands",
7380	&I, MD);
7381
7382	CheckTBAA(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<CallInst>(I) ||
7383	isa<VAArgInst>(I) || isa<AtomicRMWInst>(I) ||
7384	isa<AtomicCmpXchgInst>(I),
7385	"This instruction shall not have a TBAA access tag!", &I);
7386
7387	bool IsStructPathTBAA =
7388	isa<MDNode>(Val: MD->getOperand(I: 0)) && MD->getNumOperands() >= 3;
7389
7390	CheckTBAA(IsStructPathTBAA,
7391	"Old-style TBAA is no longer allowed, use struct-path TBAA instead",
7392	&I);
7393
7394	MDNode *BaseNode = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 0));
7395	MDNode *AccessType = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
7396
7397	bool IsNewFormat = isNewFormatTBAATypeNode(Type: AccessType);
7398
7399	if (IsNewFormat) {
7400	CheckTBAA(MD->getNumOperands() == 4 || MD->getNumOperands() == 5,
7401	"Access tag metadata must have either 4 or 5 operands", &I, MD);
7402	} else {
7403	CheckTBAA(MD->getNumOperands() < 5,
7404	"Struct tag metadata must have either 3 or 4 operands", &I, MD);
7405	}
7406
7407	// Check the access size field.
7408	if (IsNewFormat) {
7409	auto *AccessSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7410	MD: MD->getOperand(I: 3));
7411	CheckTBAA(AccessSizeNode, "Access size field must be a constant", &I, MD);
7412	}
7413
7414	// Check the immutability flag.
7415	unsigned ImmutabilityFlagOpNo = IsNewFormat ? 4 : 3;
7416	if (MD->getNumOperands() == ImmutabilityFlagOpNo + 1) {
7417	auto *IsImmutableCI = mdconst::dyn_extract_or_null<ConstantInt>(
7418	MD: MD->getOperand(I: ImmutabilityFlagOpNo));
7419	CheckTBAA(IsImmutableCI,
7420	"Immutability tag on struct tag metadata must be a constant", &I,
7421	MD);
7422	CheckTBAA(
7423	IsImmutableCI->isZero() || IsImmutableCI->isOne(),
7424	"Immutability part of the struct tag metadata must be either 0 or 1",
7425	&I, MD);
7426	}
7427
7428	CheckTBAA(BaseNode && AccessType,
7429	"Malformed struct tag metadata: base and access-type "
7430	"should be non-null and point to Metadata nodes",
7431	&I, MD, BaseNode, AccessType);
7432
7433	if (!IsNewFormat) {
7434	CheckTBAA(isValidScalarTBAANode(AccessType),
7435	"Access type node must be a valid scalar type", &I, MD,
7436	AccessType);
7437	}
7438
7439	auto *OffsetCI = mdconst::dyn_extract_or_null<ConstantInt>(MD: MD->getOperand(I: 2));
7440	CheckTBAA(OffsetCI, "Offset must be constant integer", &I, MD);
7441
7442	APInt Offset = OffsetCI->getValue();
7443	bool SeenAccessTypeInPath = false;
7444
7445	SmallPtrSet<MDNode *, 4> StructPath;
7446
7447	for (/* empty */; BaseNode && !IsRootTBAANode(MD: BaseNode);
7448	BaseNode = getFieldNodeFromTBAABaseNode(I, BaseNode, Offset,
7449	IsNewFormat)) {
7450	if (!StructPath.insert(Ptr: BaseNode).second) {
7451	CheckFailed(Args: "Cycle detected in struct path", Args: &I, Args&: MD);
7452	return false;
7453	}
7454
7455	bool Invalid;
7456	unsigned BaseNodeBitWidth;
7457	std::tie(args&: Invalid, args&: BaseNodeBitWidth) = verifyTBAABaseNode(I, BaseNode,
7458	IsNewFormat);
7459
7460	// If the base node is invalid in itself, then we've already printed all the
7461	// errors we wanted to print.
7462	if (Invalid)
7463	return false;
7464
7465	SeenAccessTypeInPath |= BaseNode == AccessType;
7466
7467	if (isValidScalarTBAANode(MD: BaseNode) || BaseNode == AccessType)
7468	CheckTBAA(Offset == 0, "Offset not zero at the point of scalar access",
7469	&I, MD, &Offset);
7470
7471	CheckTBAA(BaseNodeBitWidth == Offset.getBitWidth() ||
7472	(BaseNodeBitWidth == 0 && Offset == 0) ||
7473	(IsNewFormat && BaseNodeBitWidth == ~0u),
7474	"Access bit-width not the same as description bit-width", &I, MD,
7475	BaseNodeBitWidth, Offset.getBitWidth());
7476
7477	if (IsNewFormat && SeenAccessTypeInPath)
7478	break;
7479	}
7480
7481	CheckTBAA(SeenAccessTypeInPath, "Did not see access type in access path!", &I,
7482	MD);
7483	return true;
7484	}
7485
7486	char VerifierLegacyPass::ID = 0;
7487	INITIALIZE_PASS(VerifierLegacyPass, "verify", "Module Verifier", false, false)
7488
7489	FunctionPass *llvm::createVerifierPass(bool FatalErrors) {
7490	return new VerifierLegacyPass(FatalErrors);
7491	}
7492
7493	AnalysisKey VerifierAnalysis::Key;
7494	VerifierAnalysis::Result VerifierAnalysis::run(Module &M,
7495	ModuleAnalysisManager &) {
7496	Result Res;
7497	Res.IRBroken = llvm::verifyModule(M, OS: &dbgs(), BrokenDebugInfo: &Res.DebugInfoBroken);
7498	return Res;
7499	}
7500
7501	VerifierAnalysis::Result VerifierAnalysis::run(Function &F,
7502	FunctionAnalysisManager &) {
7503	return { .IRBroken: llvm::verifyFunction(f: F, OS: &dbgs()), .DebugInfoBroken: false };
7504	}
7505
7506	PreservedAnalyses VerifierPass::run(Module &M, ModuleAnalysisManager &AM) {
7507	auto Res = AM.getResult<VerifierAnalysis>(IR&: M);
7508	if (FatalErrors && (Res.IRBroken || Res.DebugInfoBroken))
7509	report_fatal_error(reason: "Broken module found, compilation aborted!");
7510
7511	return PreservedAnalyses::all();
7512	}
7513
7514	PreservedAnalyses VerifierPass::run(Function &F, FunctionAnalysisManager &AM) {
7515	auto res = AM.getResult<VerifierAnalysis>(IR&: F);
7516	if (res.IRBroken && FatalErrors)
7517	report_fatal_error(reason: "Broken function found, compilation aborted!");
7518
7519	return PreservedAnalyses::all();
7520	}
7521