1	//===-- Verifier.cpp - Implement the Module Verifier -----------------------==//
2	//
3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4	// See https://llvm.org/LICENSE.txt for license information.
5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6	//
7	//===----------------------------------------------------------------------===//
8	//
9	// This file defines the function verifier interface, that can be used for some
10	// basic correctness checking of input to the system.
11	//
12	// Note that this does not provide full `Java style' security and verifications,
13	// instead it just tries to ensure that code is well-formed.
14	//
15	// * Both of a binary operator's parameters are of the same type
16	// * Verify that the indices of mem access instructions match other operands
17	// * Verify that arithmetic and other things are only performed on first-class
18	// types. Verify that shifts & logicals only happen on integrals f.e.
19	// * All of the constants in a switch statement are of the correct type
20	// * The code is in valid SSA form
21	// * It should be illegal to put a label into any other type (like a structure)
22	// or to return one. [except constant arrays!]
23	// * Only phi nodes can be self referential: 'add i32 %0, %0 ; <int>:0' is bad
24	// * PHI nodes must have an entry for each predecessor, with no extras.
25	// * PHI nodes must be the first thing in a basic block, all grouped together
26	// * All basic blocks should only end with terminator insts, not contain them
27	// * The entry node to a function must not have predecessors
28	// * All Instructions must be embedded into a basic block
29	// * Functions cannot take a void-typed parameter
30	// * Verify that a function's argument list agrees with it's declared type.
31	// * It is illegal to specify a name for a void value.
32	// * It is illegal to have a internal global value with no initializer
33	// * It is illegal to have a ret instruction that returns a value that does not
34	// agree with the function return value type.
35	// * Function call argument types match the function prototype
36	// * A landing pad is defined by a landingpad instruction, and can be jumped to
37	// only by the unwind edge of an invoke instruction.
38	// * A landingpad instruction must be the first non-PHI instruction in the
39	// block.
40	// * Landingpad instructions must be in a function with a personality function.
41	// * Convergence control intrinsics are introduced in ConvergentOperations.rst.
42	// The applied restrictions are too numerous to list here.
43	// * The convergence entry intrinsic and the loop heart must be the first
44	// non-PHI instruction in their respective block. This does not conflict with
45	// the landing pads, since these two kinds cannot occur in the same block.
46	// * All other things that are tested by asserts spread about the code...
47	//
48	//===----------------------------------------------------------------------===//
49
50	#include "llvm/IR/Verifier.h"
51	#include "llvm/ADT/APFloat.h"
52	#include "llvm/ADT/APInt.h"
53	#include "llvm/ADT/ArrayRef.h"
54	#include "llvm/ADT/DenseMap.h"
55	#include "llvm/ADT/MapVector.h"
56	#include "llvm/ADT/STLExtras.h"
57	#include "llvm/ADT/SmallPtrSet.h"
58	#include "llvm/ADT/SmallSet.h"
59	#include "llvm/ADT/SmallVector.h"
60	#include "llvm/ADT/StringExtras.h"
61	#include "llvm/ADT/StringRef.h"
62	#include "llvm/ADT/Twine.h"
63	#include "llvm/BinaryFormat/Dwarf.h"
64	#include "llvm/IR/Argument.h"
65	#include "llvm/IR/AttributeMask.h"
66	#include "llvm/IR/Attributes.h"
67	#include "llvm/IR/BasicBlock.h"
68	#include "llvm/IR/CFG.h"
69	#include "llvm/IR/CallingConv.h"
70	#include "llvm/IR/Comdat.h"
71	#include "llvm/IR/Constant.h"
72	#include "llvm/IR/ConstantRange.h"
73	#include "llvm/IR/ConstantRangeList.h"
74	#include "llvm/IR/Constants.h"
75	#include "llvm/IR/ConvergenceVerifier.h"
76	#include "llvm/IR/DataLayout.h"
77	#include "llvm/IR/DebugInfo.h"
78	#include "llvm/IR/DebugInfoMetadata.h"
79	#include "llvm/IR/DebugLoc.h"
80	#include "llvm/IR/DerivedTypes.h"
81	#include "llvm/IR/Dominators.h"
82	#include "llvm/IR/EHPersonalities.h"
83	#include "llvm/IR/Function.h"
84	#include "llvm/IR/GCStrategy.h"
85	#include "llvm/IR/GlobalAlias.h"
86	#include "llvm/IR/GlobalValue.h"
87	#include "llvm/IR/GlobalVariable.h"
88	#include "llvm/IR/InlineAsm.h"
89	#include "llvm/IR/InstVisitor.h"
90	#include "llvm/IR/InstrTypes.h"
91	#include "llvm/IR/Instruction.h"
92	#include "llvm/IR/Instructions.h"
93	#include "llvm/IR/IntrinsicInst.h"
94	#include "llvm/IR/Intrinsics.h"
95	#include "llvm/IR/IntrinsicsAArch64.h"
96	#include "llvm/IR/IntrinsicsAMDGPU.h"
97	#include "llvm/IR/IntrinsicsARM.h"
98	#include "llvm/IR/IntrinsicsNVPTX.h"
99	#include "llvm/IR/IntrinsicsWebAssembly.h"
100	#include "llvm/IR/LLVMContext.h"
101	#include "llvm/IR/MemoryModelRelaxationAnnotations.h"
102	#include "llvm/IR/Metadata.h"
103	#include "llvm/IR/Module.h"
104	#include "llvm/IR/ModuleSlotTracker.h"
105	#include "llvm/IR/PassManager.h"
106	#include "llvm/IR/ProfDataUtils.h"
107	#include "llvm/IR/Statepoint.h"
108	#include "llvm/IR/Type.h"
109	#include "llvm/IR/Use.h"
110	#include "llvm/IR/User.h"
111	#include "llvm/IR/VFABIDemangler.h"
112	#include "llvm/IR/Value.h"
113	#include "llvm/InitializePasses.h"
114	#include "llvm/Pass.h"
115	#include "llvm/ProfileData/InstrProf.h"
116	#include "llvm/Support/AMDGPUAddrSpace.h"
117	#include "llvm/Support/AtomicOrdering.h"
118	#include "llvm/Support/Casting.h"
119	#include "llvm/Support/CommandLine.h"
120	#include "llvm/Support/ErrorHandling.h"
121	#include "llvm/Support/MathExtras.h"
122	#include "llvm/Support/ModRef.h"
123	#include "llvm/Support/raw_ostream.h"
124	#include <algorithm>
125	#include <cassert>
126	#include <cstdint>
127	#include <memory>
128	#include <optional>
129	#include <string>
130	#include <utility>
131
132	using namespace llvm;
133
134	static cl::opt<bool> VerifyNoAliasScopeDomination(
135	"verify-noalias-scope-decl-dom", cl::Hidden, cl::init(Val: false),
136	cl::desc("Ensure that llvm.experimental.noalias.scope.decl for identical "
137	"scopes are not dominating"));
138
139	namespace llvm {
140
141	struct VerifierSupport {
142	raw_ostream *OS;
143	const Module &M;
144	ModuleSlotTracker MST;
145	const Triple &TT;
146	const DataLayout &DL;
147	LLVMContext &Context;
148
149	/// Track the brokenness of the module while recursively visiting.
150	bool Broken = false;
151	/// Broken debug info can be "recovered" from by stripping the debug info.
152	bool BrokenDebugInfo = false;
153	/// Whether to treat broken debug info as an error.
154	bool TreatBrokenDebugInfoAsError = true;
155
156	explicit VerifierSupport(raw_ostream *OS, const Module &M)
157	: OS(OS), M(M), MST(&M), TT(M.getTargetTriple()), DL(M.getDataLayout()),
158	Context(M.getContext()) {}
159
160	private:
161	void Write(const Module *M) {
162	*OS << "; ModuleID = '" << M->getModuleIdentifier() << "'\n";
163	}
164
165	void Write(const Value *V) {
166	if (V)
167	Write(V: *V);
168	}
169
170	void Write(const Value &V) {
171	if (isa<Instruction>(Val: V)) {
172	V.print(O&: *OS, MST);
173	*OS << '\n';
174	} else {
175	V.printAsOperand(O&: *OS, PrintType: true, MST);
176	*OS << '\n';
177	}
178	}
179
180	void Write(const DbgRecord *DR) {
181	if (DR) {
182	DR->print(O&: *OS, MST, IsForDebug: false);
183	*OS << '\n';
184	}
185	}
186
187	void Write(DbgVariableRecord::LocationType Type) {
188	switch (Type) {
189	case DbgVariableRecord::LocationType::Value:
190	*OS << "value";
191	break;
192	case DbgVariableRecord::LocationType::Declare:
193	*OS << "declare";
194	break;
195	case DbgVariableRecord::LocationType::Assign:
196	*OS << "assign";
197	break;
198	case DbgVariableRecord::LocationType::End:
199	*OS << "end";
200	break;
201	case DbgVariableRecord::LocationType::Any:
202	*OS << "any";
203	break;
204	};
205	}
206
207	void Write(const Metadata *MD) {
208	if (!MD)
209	return;
210	MD->print(OS&: *OS, MST, M: &M);
211	*OS << '\n';
212	}
213
214	template <class T> void Write(const MDTupleTypedArrayWrapper<T> &MD) {
215	Write(MD.get());
216	}
217
218	void Write(const NamedMDNode *NMD) {
219	if (!NMD)
220	return;
221	NMD->print(ROS&: *OS, MST);
222	*OS << '\n';
223	}
224
225	void Write(Type *T) {
226	if (!T)
227	return;
228	*OS << ' ' << *T;
229	}
230
231	void Write(const Comdat *C) {
232	if (!C)
233	return;
234	*OS << *C;
235	}
236
237	void Write(const APInt *AI) {
238	if (!AI)
239	return;
240	*OS << *AI << '\n';
241	}
242
243	void Write(const unsigned i) { *OS << i << '\n'; }
244
245	// NOLINTNEXTLINE(readability-identifier-naming)
246	void Write(const Attribute *A) {
247	if (!A)
248	return;
249	*OS << A->getAsString() << '\n';
250	}
251
252	// NOLINTNEXTLINE(readability-identifier-naming)
253	void Write(const AttributeSet *AS) {
254	if (!AS)
255	return;
256	*OS << AS->getAsString() << '\n';
257	}
258
259	// NOLINTNEXTLINE(readability-identifier-naming)
260	void Write(const AttributeList *AL) {
261	if (!AL)
262	return;
263	AL->print(O&: *OS);
264	}
265
266	void Write(Printable P) { *OS << P << '\n'; }
267
268	template <typename T> void Write(ArrayRef<T> Vs) {
269	for (const T &V : Vs)
270	Write(V);
271	}
272
273	template <typename T1, typename... Ts>
274	void WriteTs(const T1 &V1, const Ts &... Vs) {
275	Write(V1);
276	WriteTs(Vs...);
277	}
278
279	template <typename... Ts> void WriteTs() {}
280
281	public:
282	/// A check failed, so printout out the condition and the message.
283	///
284	/// This provides a nice place to put a breakpoint if you want to see why
285	/// something is not correct.
286	void CheckFailed(const Twine &Message) {
287	if (OS)
288	*OS << Message << '\n';
289	Broken = true;
290	}
291
292	/// A check failed (with values to print).
293	///
294	/// This calls the Message-only version so that the above is easier to set a
295	/// breakpoint on.
296	template <typename T1, typename... Ts>
297	void CheckFailed(const Twine &Message, const T1 &V1, const Ts &... Vs) {
298	CheckFailed(Message);
299	if (OS)
300	WriteTs(V1, Vs...);
301	}
302
303	/// A debug info check failed.
304	void DebugInfoCheckFailed(const Twine &Message) {
305	if (OS)
306	*OS << Message << '\n';
307	Broken |= TreatBrokenDebugInfoAsError;
308	BrokenDebugInfo = true;
309	}
310
311	/// A debug info check failed (with values to print).
312	template <typename T1, typename... Ts>
313	void DebugInfoCheckFailed(const Twine &Message, const T1 &V1,
314	const Ts &... Vs) {
315	DebugInfoCheckFailed(Message);
316	if (OS)
317	WriteTs(V1, Vs...);
318	}
319	};
320
321	} // namespace llvm
322
323	namespace {
324
325	class Verifier : public InstVisitor<Verifier>, VerifierSupport {
326	friend class InstVisitor<Verifier>;
327	DominatorTree DT;
328
329	/// When verifying a basic block, keep track of all of the
330	/// instructions we have seen so far.
331	///
332	/// This allows us to do efficient dominance checks for the case when an
333	/// instruction has an operand that is an instruction in the same block.
334	SmallPtrSet<Instruction *, 16> InstsInThisBlock;
335
336	/// Keep track of the metadata nodes that have been checked already.
337	SmallPtrSet<const Metadata *, 32> MDNodes;
338
339	/// Keep track which DISubprogram is attached to which function.
340	DenseMap<const DISubprogram *, const Function *> DISubprogramAttachments;
341
342	/// Track all DICompileUnits visited.
343	SmallPtrSet<const Metadata *, 2> CUVisited;
344
345	/// The result type for a landingpad.
346	Type *LandingPadResultTy;
347
348	/// Whether we've seen a call to @llvm.localescape in this function
349	/// already.
350	bool SawFrameEscape;
351
352	/// Whether the current function has a DISubprogram attached to it.
353	bool HasDebugInfo = false;
354
355	/// Stores the count of how many objects were passed to llvm.localescape for a
356	/// given function and the largest index passed to llvm.localrecover.
357	DenseMap<Function *, std::pair<unsigned, unsigned>> FrameEscapeInfo;
358
359	// Maps catchswitches and cleanuppads that unwind to siblings to the
360	// terminators that indicate the unwind, used to detect cycles therein.
361	MapVector<Instruction *, Instruction *> SiblingFuncletInfo;
362
363	/// Cache which blocks are in which funclet, if an EH funclet personality is
364	/// in use. Otherwise empty.
365	DenseMap<BasicBlock *, ColorVector> BlockEHFuncletColors;
366
367	/// Cache of constants visited in search of ConstantExprs.
368	SmallPtrSet<const Constant *, 32> ConstantExprVisited;
369
370	/// Cache of declarations of the llvm.experimental.deoptimize.<ty> intrinsic.
371	SmallVector<const Function *, 4> DeoptimizeDeclarations;
372
373	/// Cache of attribute lists verified.
374	SmallPtrSet<const void *, 32> AttributeListsVisited;
375
376	// Verify that this GlobalValue is only used in this module.
377	// This map is used to avoid visiting uses twice. We can arrive at a user
378	// twice, if they have multiple operands. In particular for very large
379	// constant expressions, we can arrive at a particular user many times.
380	SmallPtrSet<const Value *, 32> GlobalValueVisited;
381
382	// Keeps track of duplicate function argument debug info.
383	SmallVector<const DILocalVariable *, 16> DebugFnArgs;
384
385	TBAAVerifier TBAAVerifyHelper;
386	ConvergenceVerifier ConvergenceVerifyHelper;
387
388	SmallVector<IntrinsicInst *, 4> NoAliasScopeDecls;
389
390	void checkAtomicMemAccessSize(Type *Ty, const Instruction *I);
391
392	public:
393	explicit Verifier(raw_ostream *OS, bool ShouldTreatBrokenDebugInfoAsError,
394	const Module &M)
395	: VerifierSupport(OS, M), LandingPadResultTy(nullptr),
396	SawFrameEscape(false), TBAAVerifyHelper(this) {
397	TreatBrokenDebugInfoAsError = ShouldTreatBrokenDebugInfoAsError;
398	}
399
400	bool hasBrokenDebugInfo() const { return BrokenDebugInfo; }
401
402	bool verify(const Function &F) {
403	assert(F.getParent() == &M &&
404	"An instance of this class only works with a specific module!");
405
406	// First ensure the function is well-enough formed to compute dominance
407	// information, and directly compute a dominance tree. We don't rely on the
408	// pass manager to provide this as it isolates us from a potentially
409	// out-of-date dominator tree and makes it significantly more complex to run
410	// this code outside of a pass manager.
411	// FIXME: It's really gross that we have to cast away constness here.
412	if (!F.empty())
413	DT.recalculate(Func&: const_cast<Function &>(F));
414
415	for (const BasicBlock &BB : F) {
416	if (!BB.empty() && BB.back().isTerminator())
417	continue;
418
419	if (OS) {
420	*OS << "Basic Block in function '" << F.getName()
421	<< "' does not have terminator!\n";
422	BB.printAsOperand(O&: *OS, PrintType: true, MST);
423	*OS << "\n";
424	}
425	return false;
426	}
427
428	auto FailureCB = [this](const Twine &Message) {
429	this->CheckFailed(Message);
430	};
431	ConvergenceVerifyHelper.initialize(OS, FailureCB, F);
432
433	Broken = false;
434	// FIXME: We strip const here because the inst visitor strips const.
435	visit(F&: const_cast<Function &>(F));
436	verifySiblingFuncletUnwinds();
437
438	if (ConvergenceVerifyHelper.sawTokens())
439	ConvergenceVerifyHelper.verify(DT);
440
441	InstsInThisBlock.clear();
442	DebugFnArgs.clear();
443	LandingPadResultTy = nullptr;
444	SawFrameEscape = false;
445	SiblingFuncletInfo.clear();
446	verifyNoAliasScopeDecl();
447	NoAliasScopeDecls.clear();
448
449	return !Broken;
450	}
451
452	/// Verify the module that this instance of \c Verifier was initialized with.
453	bool verify() {
454	Broken = false;
455
456	// Collect all declarations of the llvm.experimental.deoptimize intrinsic.
457	for (const Function &F : M)
458	if (F.getIntrinsicID() == Intrinsic::experimental_deoptimize)
459	DeoptimizeDeclarations.push_back(Elt: &F);
460
461	// Now that we've visited every function, verify that we never asked to
462	// recover a frame index that wasn't escaped.
463	verifyFrameRecoverIndices();
464	for (const GlobalVariable &GV : M.globals())
465	visitGlobalVariable(GV);
466
467	for (const GlobalAlias &GA : M.aliases())
468	visitGlobalAlias(GA);
469
470	for (const GlobalIFunc &GI : M.ifuncs())
471	visitGlobalIFunc(GI);
472
473	for (const NamedMDNode &NMD : M.named_metadata())
474	visitNamedMDNode(NMD);
475
476	for (const StringMapEntry<Comdat> &SMEC : M.getComdatSymbolTable())
477	visitComdat(C: SMEC.getValue());
478
479	visitModuleFlags();
480	visitModuleIdents();
481	visitModuleCommandLines();
482
483	verifyCompileUnits();
484
485	verifyDeoptimizeCallingConvs();
486	DISubprogramAttachments.clear();
487	return !Broken;
488	}
489
490	private:
491	/// Whether a metadata node is allowed to be, or contain, a DILocation.
492	enum class AreDebugLocsAllowed { No, Yes };
493
494	/// Metadata that should be treated as a range, with slightly different
495	/// requirements.
496	enum class RangeLikeMetadataKind {
497	Range, // MD_range
498	AbsoluteSymbol, // MD_absolute_symbol
499	NoaliasAddrspace // MD_noalias_addrspace
500	};
501
502	// Verification methods...
503	void visitGlobalValue(const GlobalValue &GV);
504	void visitGlobalVariable(const GlobalVariable &GV);
505	void visitGlobalAlias(const GlobalAlias &GA);
506	void visitGlobalIFunc(const GlobalIFunc &GI);
507	void visitAliaseeSubExpr(const GlobalAlias &A, const Constant &C);
508	void visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias *> &Visited,
509	const GlobalAlias &A, const Constant &C);
510	void visitNamedMDNode(const NamedMDNode &NMD);
511	void visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs);
512	void visitMetadataAsValue(const MetadataAsValue &MD, Function *F);
513	void visitValueAsMetadata(const ValueAsMetadata &MD, Function *F);
514	void visitDIArgList(const DIArgList &AL, Function *F);
515	void visitComdat(const Comdat &C);
516	void visitModuleIdents();
517	void visitModuleCommandLines();
518	void visitModuleFlags();
519	void visitModuleFlag(const MDNode *Op,
520	DenseMap<const MDString *, const MDNode *> &SeenIDs,
521	SmallVectorImpl<const MDNode *> &Requirements);
522	void visitModuleFlagCGProfileEntry(const MDOperand &MDO);
523	void visitFunction(const Function &F);
524	void visitBasicBlock(BasicBlock &BB);
525	void verifyRangeLikeMetadata(const Value &V, const MDNode *Range, Type *Ty,
526	RangeLikeMetadataKind Kind);
527	void visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty);
528	void visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range, Type *Ty);
529	void visitDereferenceableMetadata(Instruction &I, MDNode *MD);
530	void visitProfMetadata(Instruction &I, MDNode *MD);
531	void visitCallStackMetadata(MDNode *MD);
532	void visitMemProfMetadata(Instruction &I, MDNode *MD);
533	void visitCallsiteMetadata(Instruction &I, MDNode *MD);
534	void visitDIAssignIDMetadata(Instruction &I, MDNode *MD);
535	void visitMMRAMetadata(Instruction &I, MDNode *MD);
536	void visitAnnotationMetadata(MDNode *Annotation);
537	void visitAliasScopeMetadata(const MDNode *MD);
538	void visitAliasScopeListMetadata(const MDNode *MD);
539	void visitAccessGroupMetadata(const MDNode *MD);
540
541	template <class Ty> bool isValidMetadataArray(const MDTuple &N);
542	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) void visit##CLASS(const CLASS &N);
543	#include "llvm/IR/Metadata.def"
544	void visitDIScope(const DIScope &N);
545	void visitDIVariable(const DIVariable &N);
546	void visitDILexicalBlockBase(const DILexicalBlockBase &N);
547	void visitDITemplateParameter(const DITemplateParameter &N);
548
549	void visitTemplateParams(const MDNode &N, const Metadata &RawParams);
550
551	void visit(DbgLabelRecord &DLR);
552	void visit(DbgVariableRecord &DVR);
553	// InstVisitor overrides...
554	using InstVisitor<Verifier>::visit;
555	void visitDbgRecords(Instruction &I);
556	void visit(Instruction &I);
557
558	void visitTruncInst(TruncInst &I);
559	void visitZExtInst(ZExtInst &I);
560	void visitSExtInst(SExtInst &I);
561	void visitFPTruncInst(FPTruncInst &I);
562	void visitFPExtInst(FPExtInst &I);
563	void visitFPToUIInst(FPToUIInst &I);
564	void visitFPToSIInst(FPToSIInst &I);
565	void visitUIToFPInst(UIToFPInst &I);
566	void visitSIToFPInst(SIToFPInst &I);
567	void visitIntToPtrInst(IntToPtrInst &I);
568	void visitPtrToIntInst(PtrToIntInst &I);
569	void visitBitCastInst(BitCastInst &I);
570	void visitAddrSpaceCastInst(AddrSpaceCastInst &I);
571	void visitPHINode(PHINode &PN);
572	void visitCallBase(CallBase &Call);
573	void visitUnaryOperator(UnaryOperator &U);
574	void visitBinaryOperator(BinaryOperator &B);
575	void visitICmpInst(ICmpInst &IC);
576	void visitFCmpInst(FCmpInst &FC);
577	void visitExtractElementInst(ExtractElementInst &EI);
578	void visitInsertElementInst(InsertElementInst &EI);
579	void visitShuffleVectorInst(ShuffleVectorInst &EI);
580	void visitVAArgInst(VAArgInst &VAA) { visitInstruction(I&: VAA); }
581	void visitCallInst(CallInst &CI);
582	void visitInvokeInst(InvokeInst &II);
583	void visitGetElementPtrInst(GetElementPtrInst &GEP);
584	void visitLoadInst(LoadInst &LI);
585	void visitStoreInst(StoreInst &SI);
586	void verifyDominatesUse(Instruction &I, unsigned i);
587	void visitInstruction(Instruction &I);
588	void visitTerminator(Instruction &I);
589	void visitBranchInst(BranchInst &BI);
590	void visitReturnInst(ReturnInst &RI);
591	void visitSwitchInst(SwitchInst &SI);
592	void visitIndirectBrInst(IndirectBrInst &BI);
593	void visitCallBrInst(CallBrInst &CBI);
594	void visitSelectInst(SelectInst &SI);
595	void visitUserOp1(Instruction &I);
596	void visitUserOp2(Instruction &I) { visitUserOp1(I); }
597	void visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call);
598	void visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI);
599	void visitVPIntrinsic(VPIntrinsic &VPI);
600	void visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII);
601	void visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI);
602	void visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI);
603	void visitAtomicRMWInst(AtomicRMWInst &RMWI);
604	void visitFenceInst(FenceInst &FI);
605	void visitAllocaInst(AllocaInst &AI);
606	void visitExtractValueInst(ExtractValueInst &EVI);
607	void visitInsertValueInst(InsertValueInst &IVI);
608	void visitEHPadPredecessors(Instruction &I);
609	void visitLandingPadInst(LandingPadInst &LPI);
610	void visitResumeInst(ResumeInst &RI);
611	void visitCatchPadInst(CatchPadInst &CPI);
612	void visitCatchReturnInst(CatchReturnInst &CatchReturn);
613	void visitCleanupPadInst(CleanupPadInst &CPI);
614	void visitFuncletPadInst(FuncletPadInst &FPI);
615	void visitCatchSwitchInst(CatchSwitchInst &CatchSwitch);
616	void visitCleanupReturnInst(CleanupReturnInst &CRI);
617
618	void verifySwiftErrorCall(CallBase &Call, const Value *SwiftErrorVal);
619	void verifySwiftErrorValue(const Value *SwiftErrorVal);
620	void verifyTailCCMustTailAttrs(const AttrBuilder &Attrs, StringRef Context);
621	void verifyMustTailCall(CallInst &CI);
622	bool verifyAttributeCount(AttributeList Attrs, unsigned Params);
623	void verifyAttributeTypes(AttributeSet Attrs, const Value *V);
624	void verifyParameterAttrs(AttributeSet Attrs, Type *Ty, const Value *V);
625	void checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
626	const Value *V);
627	void verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
628	const Value *V, bool IsIntrinsic, bool IsInlineAsm);
629	void verifyFunctionMetadata(ArrayRef<std::pair<unsigned, MDNode *>> MDs);
630
631	void visitConstantExprsRecursively(const Constant *EntryC);
632	void visitConstantExpr(const ConstantExpr *CE);
633	void visitConstantPtrAuth(const ConstantPtrAuth *CPA);
634	void verifyInlineAsmCall(const CallBase &Call);
635	void verifyStatepoint(const CallBase &Call);
636	void verifyFrameRecoverIndices();
637	void verifySiblingFuncletUnwinds();
638
639	void verifyFragmentExpression(const DbgVariableIntrinsic &I);
640	void verifyFragmentExpression(const DbgVariableRecord &I);
641	template <typename ValueOrMetadata>
642	void verifyFragmentExpression(const DIVariable &V,
643	DIExpression::FragmentInfo Fragment,
644	ValueOrMetadata *Desc);
645	void verifyFnArgs(const DbgVariableIntrinsic &I);
646	void verifyFnArgs(const DbgVariableRecord &DVR);
647	void verifyNotEntryValue(const DbgVariableIntrinsic &I);
648	void verifyNotEntryValue(const DbgVariableRecord &I);
649
650	/// Module-level debug info verification...
651	void verifyCompileUnits();
652
653	/// Module-level verification that all @llvm.experimental.deoptimize
654	/// declarations share the same calling convention.
655	void verifyDeoptimizeCallingConvs();
656
657	void verifyAttachedCallBundle(const CallBase &Call,
658	const OperandBundleUse &BU);
659
660	/// Verify the llvm.experimental.noalias.scope.decl declarations
661	void verifyNoAliasScopeDecl();
662	};
663
664	} // end anonymous namespace
665
666	/// We know that cond should be true, if not print an error message.
667	#define Check(C, ...) \
668	do { \
669	if (!(C)) { \
670	CheckFailed(__VA_ARGS__); \
671	return; \
672	} \
673	} while (false)
674
675	/// We know that a debug info condition should be true, if not print
676	/// an error message.
677	#define CheckDI(C, ...) \
678	do { \
679	if (!(C)) { \
680	DebugInfoCheckFailed(__VA_ARGS__); \
681	return; \
682	} \
683	} while (false)
684
685	void Verifier::visitDbgRecords(Instruction &I) {
686	if (!I.DebugMarker)
687	return;
688	CheckDI(I.DebugMarker->MarkedInstr == &I,
689	"Instruction has invalid DebugMarker", &I);
690	CheckDI(!isa<PHINode>(&I) || !I.hasDbgRecords(),
691	"PHI Node must not have any attached DbgRecords", &I);
692	for (DbgRecord &DR : I.getDbgRecordRange()) {
693	CheckDI(DR.getMarker() == I.DebugMarker,
694	"DbgRecord had invalid DebugMarker", &I, &DR);
695	if (auto *Loc =
696	dyn_cast_or_null<DILocation>(Val: DR.getDebugLoc().getAsMDNode()))
697	visitMDNode(MD: *Loc, AllowLocs: AreDebugLocsAllowed::Yes);
698	if (auto *DVR = dyn_cast<DbgVariableRecord>(Val: &DR)) {
699	visit(DVR&: *DVR);
700	// These have to appear after `visit` for consistency with existing
701	// intrinsic behaviour.
702	verifyFragmentExpression(I: *DVR);
703	verifyNotEntryValue(I: *DVR);
704	} else if (auto *DLR = dyn_cast<DbgLabelRecord>(Val: &DR)) {
705	visit(DLR&: *DLR);
706	}
707	}
708	}
709
710	void Verifier::visit(Instruction &I) {
711	visitDbgRecords(I);
712	for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i)
713	Check(I.getOperand(i) != nullptr, "Operand is null", &I);
714	InstVisitor<Verifier>::visit(I);
715	}
716
717	// Helper to iterate over indirect users. By returning false, the callback can ask to stop traversing further.
718	static void forEachUser(const Value *User,
719	SmallPtrSet<const Value *, 32> &Visited,
720	llvm::function_ref<bool(const Value *)> Callback) {
721	if (!Visited.insert(Ptr: User).second)
722	return;
723
724	SmallVector<const Value *> WorkList(User->materialized_users());
725	while (!WorkList.empty()) {
726	const Value *Cur = WorkList.pop_back_val();
727	if (!Visited.insert(Ptr: Cur).second)
728	continue;
729	if (Callback(Cur))
730	append_range(C&: WorkList, R: Cur->materialized_users());
731	}
732	}
733
734	void Verifier::visitGlobalValue(const GlobalValue &GV) {
735	Check(!GV.isDeclaration() || GV.hasValidDeclarationLinkage(),
736	"Global is external, but doesn't have external or weak linkage!", &GV);
737
738	if (const GlobalObject *GO = dyn_cast<GlobalObject>(Val: &GV)) {
739	if (const MDNode *Associated =
740	GO->getMetadata(KindID: LLVMContext::MD_associated)) {
741	Check(Associated->getNumOperands() == 1,
742	"associated metadata must have one operand", &GV, Associated);
743	const Metadata *Op = Associated->getOperand(I: 0).get();
744	Check(Op, "associated metadata must have a global value", GO, Associated);
745
746	const auto *VM = dyn_cast_or_null<ValueAsMetadata>(Val: Op);
747	Check(VM, "associated metadata must be ValueAsMetadata", GO, Associated);
748	if (VM) {
749	Check(isa<PointerType>(VM->getValue()->getType()),
750	"associated value must be pointer typed", GV, Associated);
751
752	const Value *Stripped = VM->getValue()->stripPointerCastsAndAliases();
753	Check(isa<GlobalObject>(Stripped) || isa<Constant>(Stripped),
754	"associated metadata must point to a GlobalObject", GO, Stripped);
755	Check(Stripped != GO,
756	"global values should not associate to themselves", GO,
757	Associated);
758	}
759	}
760
761	// FIXME: Why is getMetadata on GlobalValue protected?
762	if (const MDNode *AbsoluteSymbol =
763	GO->getMetadata(KindID: LLVMContext::MD_absolute_symbol)) {
764	verifyRangeLikeMetadata(V: *GO, Range: AbsoluteSymbol,
765	Ty: DL.getIntPtrType(GO->getType()),
766	Kind: RangeLikeMetadataKind::AbsoluteSymbol);
767	}
768	}
769
770	Check(!GV.hasAppendingLinkage() || isa<GlobalVariable>(GV),
771	"Only global variables can have appending linkage!", &GV);
772
773	if (GV.hasAppendingLinkage()) {
774	const GlobalVariable *GVar = dyn_cast<GlobalVariable>(Val: &GV);
775	Check(GVar && GVar->getValueType()->isArrayTy(),
776	"Only global arrays can have appending linkage!", GVar);
777	}
778
779	if (GV.isDeclarationForLinker())
780	Check(!GV.hasComdat(), "Declaration may not be in a Comdat!", &GV);
781
782	if (GV.hasDLLExportStorageClass()) {
783	Check(!GV.hasHiddenVisibility(),
784	"dllexport GlobalValue must have default or protected visibility",
785	&GV);
786	}
787	if (GV.hasDLLImportStorageClass()) {
788	Check(GV.hasDefaultVisibility(),
789	"dllimport GlobalValue must have default visibility", &GV);
790	Check(!GV.isDSOLocal(), "GlobalValue with DLLImport Storage is dso_local!",
791	&GV);
792
793	Check((GV.isDeclaration() &&
794	(GV.hasExternalLinkage() || GV.hasExternalWeakLinkage())) ||
795	GV.hasAvailableExternallyLinkage(),
796	"Global is marked as dllimport, but not external", &GV);
797	}
798
799	if (GV.isImplicitDSOLocal())
800	Check(GV.isDSOLocal(),
801	"GlobalValue with local linkage or non-default "
802	"visibility must be dso_local!",
803	&GV);
804
805	forEachUser(User: &GV, Visited&: GlobalValueVisited, Callback: [&](const Value *V) -> bool {
806	if (const Instruction *I = dyn_cast<Instruction>(Val: V)) {
807	if (!I->getParent() || !I->getParent()->getParent())
808	CheckFailed(Message: "Global is referenced by parentless instruction!", V1: &GV, Vs: &M,
809	Vs: I);
810	else if (I->getParent()->getParent()->getParent() != &M)
811	CheckFailed(Message: "Global is referenced in a different module!", V1: &GV, Vs: &M, Vs: I,
812	Vs: I->getParent()->getParent(),
813	Vs: I->getParent()->getParent()->getParent());
814	return false;
815	} else if (const Function *F = dyn_cast<Function>(Val: V)) {
816	if (F->getParent() != &M)
817	CheckFailed(Message: "Global is used by function in a different module", V1: &GV, Vs: &M,
818	Vs: F, Vs: F->getParent());
819	return false;
820	}
821	return true;
822	});
823	}
824
825	void Verifier::visitGlobalVariable(const GlobalVariable &GV) {
826	Type *GVType = GV.getValueType();
827
828	if (MaybeAlign A = GV.getAlign()) {
829	Check(A->value() <= Value::MaximumAlignment,
830	"huge alignment values are unsupported", &GV);
831	}
832
833	if (GV.hasInitializer()) {
834	Check(GV.getInitializer()->getType() == GVType,
835	"Global variable initializer type does not match global "
836	"variable type!",
837	&GV);
838	Check(GV.getInitializer()->getType()->isSized(),
839	"Global variable initializer must be sized", &GV);
840	// If the global has common linkage, it must have a zero initializer and
841	// cannot be constant.
842	if (GV.hasCommonLinkage()) {
843	Check(GV.getInitializer()->isNullValue(),
844	"'common' global must have a zero initializer!", &GV);
845	Check(!GV.isConstant(), "'common' global may not be marked constant!",
846	&GV);
847	Check(!GV.hasComdat(), "'common' global may not be in a Comdat!", &GV);
848	}
849	}
850
851	if (GV.hasName() && (GV.getName() == "llvm.global_ctors" ||
852	GV.getName() == "llvm.global_dtors")) {
853	Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
854	"invalid linkage for intrinsic global variable", &GV);
855	Check(GV.materialized_use_empty(),
856	"invalid uses of intrinsic global variable", &GV);
857
858	// Don't worry about emitting an error for it not being an array,
859	// visitGlobalValue will complain on appending non-array.
860	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
861	StructType *STy = dyn_cast<StructType>(Val: ATy->getElementType());
862	PointerType *FuncPtrTy =
863	PointerType::get(C&: Context, AddressSpace: DL.getProgramAddressSpace());
864	Check(STy && (STy->getNumElements() == 2 || STy->getNumElements() == 3) &&
865	STy->getTypeAtIndex(0u)->isIntegerTy(32) &&
866	STy->getTypeAtIndex(1) == FuncPtrTy,
867	"wrong type for intrinsic global variable", &GV);
868	Check(STy->getNumElements() == 3,
869	"the third field of the element type is mandatory, "
870	"specify ptr null to migrate from the obsoleted 2-field form");
871	Type *ETy = STy->getTypeAtIndex(N: 2);
872	Check(ETy->isPointerTy(), "wrong type for intrinsic global variable",
873	&GV);
874	}
875	}
876
877	if (GV.hasName() && (GV.getName() == "llvm.used" ||
878	GV.getName() == "llvm.compiler.used")) {
879	Check(!GV.hasInitializer() || GV.hasAppendingLinkage(),
880	"invalid linkage for intrinsic global variable", &GV);
881	Check(GV.materialized_use_empty(),
882	"invalid uses of intrinsic global variable", &GV);
883
884	if (ArrayType *ATy = dyn_cast<ArrayType>(Val: GVType)) {
885	PointerType *PTy = dyn_cast<PointerType>(Val: ATy->getElementType());
886	Check(PTy, "wrong type for intrinsic global variable", &GV);
887	if (GV.hasInitializer()) {
888	const Constant *Init = GV.getInitializer();
889	const ConstantArray *InitArray = dyn_cast<ConstantArray>(Val: Init);
890	Check(InitArray, "wrong initalizer for intrinsic global variable",
891	Init);
892	for (Value *Op : InitArray->operands()) {
893	Value *V = Op->stripPointerCasts();
894	Check(isa<GlobalVariable>(V) || isa<Function>(V) ||
895	isa<GlobalAlias>(V),
896	Twine("invalid ") + GV.getName() + " member", V);
897	Check(V->hasName(),
898	Twine("members of ") + GV.getName() + " must be named", V);
899	}
900	}
901	}
902	}
903
904	// Visit any debug info attachments.
905	SmallVector<MDNode *, 1> MDs;
906	GV.getMetadata(KindID: LLVMContext::MD_dbg, MDs);
907	for (auto *MD : MDs) {
908	if (auto *GVE = dyn_cast<DIGlobalVariableExpression>(Val: MD))
909	visitDIGlobalVariableExpression(N: *GVE);
910	else
911	CheckDI(false, "!dbg attachment of global variable must be a "
912	"DIGlobalVariableExpression");
913	}
914
915	// Scalable vectors cannot be global variables, since we don't know
916	// the runtime size.
917	Check(!GVType->isScalableTy(), "Globals cannot contain scalable types", &GV);
918
919	// Check if it is or contains a target extension type that disallows being
920	// used as a global.
921	Check(!GVType->containsNonGlobalTargetExtType(),
922	"Global @" + GV.getName() + " has illegal target extension type",
923	GVType);
924
925	if (!GV.hasInitializer()) {
926	visitGlobalValue(GV);
927	return;
928	}
929
930	// Walk any aggregate initializers looking for bitcasts between address spaces
931	visitConstantExprsRecursively(EntryC: GV.getInitializer());
932
933	visitGlobalValue(GV);
934	}
935
936	void Verifier::visitAliaseeSubExpr(const GlobalAlias &GA, const Constant &C) {
937	SmallPtrSet<const GlobalAlias*, 4> Visited;
938	Visited.insert(Ptr: &GA);
939	visitAliaseeSubExpr(Visited, A: GA, C);
940	}
941
942	void Verifier::visitAliaseeSubExpr(SmallPtrSetImpl<const GlobalAlias*> &Visited,
943	const GlobalAlias &GA, const Constant &C) {
944	if (GA.hasAvailableExternallyLinkage()) {
945	Check(isa<GlobalValue>(C) &&
946	cast<GlobalValue>(C).hasAvailableExternallyLinkage(),
947	"available_externally alias must point to available_externally "
948	"global value",
949	&GA);
950	}
951	if (const auto *GV = dyn_cast<GlobalValue>(Val: &C)) {
952	if (!GA.hasAvailableExternallyLinkage()) {
953	Check(!GV->isDeclarationForLinker(), "Alias must point to a definition",
954	&GA);
955	}
956
957	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: GV)) {
958	Check(Visited.insert(GA2).second, "Aliases cannot form a cycle", &GA);
959
960	Check(!GA2->isInterposable(),
961	"Alias cannot point to an interposable alias", &GA);
962	} else {
963	// Only continue verifying subexpressions of GlobalAliases.
964	// Do not recurse into global initializers.
965	return;
966	}
967	}
968
969	if (const auto *CE = dyn_cast<ConstantExpr>(Val: &C))
970	visitConstantExprsRecursively(EntryC: CE);
971
972	for (const Use &U : C.operands()) {
973	Value *V = &*U;
974	if (const auto *GA2 = dyn_cast<GlobalAlias>(Val: V))
975	visitAliaseeSubExpr(Visited, GA, C: *GA2->getAliasee());
976	else if (const auto *C2 = dyn_cast<Constant>(Val: V))
977	visitAliaseeSubExpr(Visited, GA, C: *C2);
978	}
979	}
980
981	void Verifier::visitGlobalAlias(const GlobalAlias &GA) {
982	Check(GlobalAlias::isValidLinkage(GA.getLinkage()),
983	"Alias should have private, internal, linkonce, weak, linkonce_odr, "
984	"weak_odr, external, or available_externally linkage!",
985	&GA);
986	const Constant *Aliasee = GA.getAliasee();
987	Check(Aliasee, "Aliasee cannot be NULL!", &GA);
988	Check(GA.getType() == Aliasee->getType(),
989	"Alias and aliasee types should match!", &GA);
990
991	Check(isa<GlobalValue>(Aliasee) || isa<ConstantExpr>(Aliasee),
992	"Aliasee should be either GlobalValue or ConstantExpr", &GA);
993
994	visitAliaseeSubExpr(GA, C: *Aliasee);
995
996	visitGlobalValue(GV: GA);
997	}
998
999	void Verifier::visitGlobalIFunc(const GlobalIFunc &GI) {
1000	Check(GlobalIFunc::isValidLinkage(GI.getLinkage()),
1001	"IFunc should have private, internal, linkonce, weak, linkonce_odr, "
1002	"weak_odr, or external linkage!",
1003	&GI);
1004	// Pierce through ConstantExprs and GlobalAliases and check that the resolver
1005	// is a Function definition.
1006	const Function *Resolver = GI.getResolverFunction();
1007	Check(Resolver, "IFunc must have a Function resolver", &GI);
1008	Check(!Resolver->isDeclarationForLinker(),
1009	"IFunc resolver must be a definition", &GI);
1010
1011	// Check that the immediate resolver operand (prior to any bitcasts) has the
1012	// correct type.
1013	const Type *ResolverTy = GI.getResolver()->getType();
1014
1015	Check(isa<PointerType>(Resolver->getFunctionType()->getReturnType()),
1016	"IFunc resolver must return a pointer", &GI);
1017
1018	Check(ResolverTy == PointerType::get(Context, GI.getAddressSpace()),
1019	"IFunc resolver has incorrect type", &GI);
1020	}
1021
1022	void Verifier::visitNamedMDNode(const NamedMDNode &NMD) {
1023	// There used to be various other llvm.dbg.* nodes, but we don't support
1024	// upgrading them and we want to reserve the namespace for future uses.
1025	if (NMD.getName().starts_with(Prefix: "llvm.dbg."))
1026	CheckDI(NMD.getName() == "llvm.dbg.cu",
1027	"unrecognized named metadata node in the llvm.dbg namespace", &NMD);
1028	for (const MDNode *MD : NMD.operands()) {
1029	if (NMD.getName() == "llvm.dbg.cu")
1030	CheckDI(MD && isa<DICompileUnit>(MD), "invalid compile unit", &NMD, MD);
1031
1032	if (!MD)
1033	continue;
1034
1035	visitMDNode(MD: *MD, AllowLocs: AreDebugLocsAllowed::Yes);
1036	}
1037	}
1038
1039	void Verifier::visitMDNode(const MDNode &MD, AreDebugLocsAllowed AllowLocs) {
1040	// Only visit each node once. Metadata can be mutually recursive, so this
1041	// avoids infinite recursion here, as well as being an optimization.
1042	if (!MDNodes.insert(Ptr: &MD).second)
1043	return;
1044
1045	Check(&MD.getContext() == &Context,
1046	"MDNode context does not match Module context!", &MD);
1047
1048	switch (MD.getMetadataID()) {
1049	default:
1050	llvm_unreachable("Invalid MDNode subclass");
1051	case Metadata::MDTupleKind:
1052	break;
1053	#define HANDLE_SPECIALIZED_MDNODE_LEAF(CLASS) \
1054	case Metadata::CLASS##Kind: \
1055	visit##CLASS(cast<CLASS>(MD)); \
1056	break;
1057	#include "llvm/IR/Metadata.def"
1058	}
1059
1060	for (const Metadata *Op : MD.operands()) {
1061	if (!Op)
1062	continue;
1063	Check(!isa<LocalAsMetadata>(Op), "Invalid operand for global metadata!",
1064	&MD, Op);
1065	CheckDI(!isa<DILocation>(Op) || AllowLocs == AreDebugLocsAllowed::Yes,
1066	"DILocation not allowed within this metadata node", &MD, Op);
1067	if (auto *N = dyn_cast<MDNode>(Val: Op)) {
1068	visitMDNode(MD: *N, AllowLocs);
1069	continue;
1070	}
1071	if (auto *V = dyn_cast<ValueAsMetadata>(Val: Op)) {
1072	visitValueAsMetadata(MD: *V, F: nullptr);
1073	continue;
1074	}
1075	}
1076
1077	// Check these last, so we diagnose problems in operands first.
1078	Check(!MD.isTemporary(), "Expected no forward declarations!", &MD);
1079	Check(MD.isResolved(), "All nodes should be resolved!", &MD);
1080	}
1081
1082	void Verifier::visitValueAsMetadata(const ValueAsMetadata &MD, Function *F) {
1083	Check(MD.getValue(), "Expected valid value", &MD);
1084	Check(!MD.getValue()->getType()->isMetadataTy(),
1085	"Unexpected metadata round-trip through values", &MD, MD.getValue());
1086
1087	auto *L = dyn_cast<LocalAsMetadata>(Val: &MD);
1088	if (!L)
1089	return;
1090
1091	Check(F, "function-local metadata used outside a function", L);
1092
1093	// If this was an instruction, bb, or argument, verify that it is in the
1094	// function that we expect.
1095	Function *ActualF = nullptr;
1096	if (Instruction *I = dyn_cast<Instruction>(Val: L->getValue())) {
1097	Check(I->getParent(), "function-local metadata not in basic block", L, I);
1098	ActualF = I->getParent()->getParent();
1099	} else if (BasicBlock *BB = dyn_cast<BasicBlock>(Val: L->getValue()))
1100	ActualF = BB->getParent();
1101	else if (Argument *A = dyn_cast<Argument>(Val: L->getValue()))
1102	ActualF = A->getParent();
1103	assert(ActualF && "Unimplemented function local metadata case!");
1104
1105	Check(ActualF == F, "function-local metadata used in wrong function", L);
1106	}
1107
1108	void Verifier::visitDIArgList(const DIArgList &AL, Function *F) {
1109	for (const ValueAsMetadata *VAM : AL.getArgs())
1110	visitValueAsMetadata(MD: *VAM, F);
1111	}
1112
1113	void Verifier::visitMetadataAsValue(const MetadataAsValue &MDV, Function *F) {
1114	Metadata *MD = MDV.getMetadata();
1115	if (auto *N = dyn_cast<MDNode>(Val: MD)) {
1116	visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::No);
1117	return;
1118	}
1119
1120	// Only visit each node once. Metadata can be mutually recursive, so this
1121	// avoids infinite recursion here, as well as being an optimization.
1122	if (!MDNodes.insert(Ptr: MD).second)
1123	return;
1124
1125	if (auto *V = dyn_cast<ValueAsMetadata>(Val: MD))
1126	visitValueAsMetadata(MD: *V, F);
1127
1128	if (auto *AL = dyn_cast<DIArgList>(Val: MD))
1129	visitDIArgList(AL: *AL, F);
1130	}
1131
1132	static bool isType(const Metadata *MD) { return !MD || isa<DIType>(Val: MD); }
1133	static bool isScope(const Metadata *MD) { return !MD || isa<DIScope>(Val: MD); }
1134	static bool isDINode(const Metadata *MD) { return !MD || isa<DINode>(Val: MD); }
1135
1136	void Verifier::visitDILocation(const DILocation &N) {
1137	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1138	"location requires a valid scope", &N, N.getRawScope());
1139	if (auto *IA = N.getRawInlinedAt())
1140	CheckDI(isa<DILocation>(IA), "inlined-at should be a location", &N, IA);
1141	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1142	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1143	}
1144
1145	void Verifier::visitGenericDINode(const GenericDINode &N) {
1146	CheckDI(N.getTag(), "invalid tag", &N);
1147	}
1148
1149	void Verifier::visitDIScope(const DIScope &N) {
1150	if (auto *F = N.getRawFile())
1151	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1152	}
1153
1154	void Verifier::visitDISubrangeType(const DISubrangeType &N) {
1155	CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1156	auto *BaseType = N.getRawBaseType();
1157	CheckDI(!BaseType || isType(BaseType), "BaseType must be a type");
1158	auto *LBound = N.getRawLowerBound();
1159	CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) ||
1160	isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1161	"LowerBound must be signed constant or DIVariable or DIExpression",
1162	&N);
1163	auto *UBound = N.getRawUpperBound();
1164	CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) ||
1165	isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1166	"UpperBound must be signed constant or DIVariable or DIExpression",
1167	&N);
1168	auto *Stride = N.getRawStride();
1169	CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) ||
1170	isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1171	"Stride must be signed constant or DIVariable or DIExpression", &N);
1172	auto *Bias = N.getRawBias();
1173	CheckDI(!Bias || isa<ConstantAsMetadata>(Bias) || isa<DIVariable>(Bias) ||
1174	isa<DIExpression>(Bias),
1175	"Bias must be signed constant or DIVariable or DIExpression", &N);
1176	// Subrange types currently only support constant size.
1177	auto *Size = N.getRawSizeInBits();
1178	CheckDI(!Size || isa<ConstantAsMetadata>(Size),
1179	"SizeInBits must be a constant");
1180	}
1181
1182	void Verifier::visitDISubrange(const DISubrange &N) {
1183	CheckDI(N.getTag() == dwarf::DW_TAG_subrange_type, "invalid tag", &N);
1184	CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1185	"Subrange can have any one of count or upperBound", &N);
1186	auto *CBound = N.getRawCountNode();
1187	CheckDI(!CBound || isa<ConstantAsMetadata>(CBound) ||
1188	isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1189	"Count must be signed constant or DIVariable or DIExpression", &N);
1190	auto Count = N.getCount();
1191	CheckDI(!Count || !isa<ConstantInt *>(Count) ||
1192	cast<ConstantInt *>(Count)->getSExtValue() >= -1,
1193	"invalid subrange count", &N);
1194	auto *LBound = N.getRawLowerBound();
1195	CheckDI(!LBound || isa<ConstantAsMetadata>(LBound) ||
1196	isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1197	"LowerBound must be signed constant or DIVariable or DIExpression",
1198	&N);
1199	auto *UBound = N.getRawUpperBound();
1200	CheckDI(!UBound || isa<ConstantAsMetadata>(UBound) ||
1201	isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1202	"UpperBound must be signed constant or DIVariable or DIExpression",
1203	&N);
1204	auto *Stride = N.getRawStride();
1205	CheckDI(!Stride || isa<ConstantAsMetadata>(Stride) ||
1206	isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1207	"Stride must be signed constant or DIVariable or DIExpression", &N);
1208	}
1209
1210	void Verifier::visitDIGenericSubrange(const DIGenericSubrange &N) {
1211	CheckDI(N.getTag() == dwarf::DW_TAG_generic_subrange, "invalid tag", &N);
1212	CheckDI(!N.getRawCountNode() || !N.getRawUpperBound(),
1213	"GenericSubrange can have any one of count or upperBound", &N);
1214	auto *CBound = N.getRawCountNode();
1215	CheckDI(!CBound || isa<DIVariable>(CBound) || isa<DIExpression>(CBound),
1216	"Count must be signed constant or DIVariable or DIExpression", &N);
1217	auto *LBound = N.getRawLowerBound();
1218	CheckDI(LBound, "GenericSubrange must contain lowerBound", &N);
1219	CheckDI(isa<DIVariable>(LBound) || isa<DIExpression>(LBound),
1220	"LowerBound must be signed constant or DIVariable or DIExpression",
1221	&N);
1222	auto *UBound = N.getRawUpperBound();
1223	CheckDI(!UBound || isa<DIVariable>(UBound) || isa<DIExpression>(UBound),
1224	"UpperBound must be signed constant or DIVariable or DIExpression",
1225	&N);
1226	auto *Stride = N.getRawStride();
1227	CheckDI(Stride, "GenericSubrange must contain stride", &N);
1228	CheckDI(isa<DIVariable>(Stride) || isa<DIExpression>(Stride),
1229	"Stride must be signed constant or DIVariable or DIExpression", &N);
1230	}
1231
1232	void Verifier::visitDIEnumerator(const DIEnumerator &N) {
1233	CheckDI(N.getTag() == dwarf::DW_TAG_enumerator, "invalid tag", &N);
1234	}
1235
1236	void Verifier::visitDIBasicType(const DIBasicType &N) {
1237	CheckDI(N.getTag() == dwarf::DW_TAG_base_type ||
1238	N.getTag() == dwarf::DW_TAG_unspecified_type ||
1239	N.getTag() == dwarf::DW_TAG_string_type,
1240	"invalid tag", &N);
1241	// Basic types currently only support constant size.
1242	auto *Size = N.getRawSizeInBits();
1243	CheckDI(!Size || isa<ConstantAsMetadata>(Size),
1244	"SizeInBits must be a constant");
1245	}
1246
1247	void Verifier::visitDIFixedPointType(const DIFixedPointType &N) {
1248	visitDIBasicType(N);
1249
1250	CheckDI(N.getTag() == dwarf::DW_TAG_base_type, "invalid tag", &N);
1251	CheckDI(N.getEncoding() == dwarf::DW_ATE_signed_fixed ||
1252	N.getEncoding() == dwarf::DW_ATE_unsigned_fixed,
1253	"invalid encoding", &N);
1254	CheckDI(N.getKind() == DIFixedPointType::FixedPointBinary ||
1255	N.getKind() == DIFixedPointType::FixedPointDecimal ||
1256	N.getKind() == DIFixedPointType::FixedPointRational,
1257	"invalid kind", &N);
1258	CheckDI(N.getKind() != DIFixedPointType::FixedPointRational ||
1259	N.getFactorRaw() == 0,
1260	"factor should be 0 for rationals", &N);
1261	CheckDI(N.getKind() == DIFixedPointType::FixedPointRational ||
1262	(N.getNumeratorRaw() == 0 && N.getDenominatorRaw() == 0),
1263	"numerator and denominator should be 0 for non-rationals", &N);
1264	}
1265
1266	void Verifier::visitDIStringType(const DIStringType &N) {
1267	CheckDI(N.getTag() == dwarf::DW_TAG_string_type, "invalid tag", &N);
1268	CheckDI(!(N.isBigEndian() && N.isLittleEndian()), "has conflicting flags",
1269	&N);
1270	}
1271
1272	void Verifier::visitDIDerivedType(const DIDerivedType &N) {
1273	// Common scope checks.
1274	visitDIScope(N);
1275
1276	CheckDI(N.getTag() == dwarf::DW_TAG_typedef ||
1277	N.getTag() == dwarf::DW_TAG_pointer_type ||
1278	N.getTag() == dwarf::DW_TAG_ptr_to_member_type ||
1279	N.getTag() == dwarf::DW_TAG_reference_type ||
1280	N.getTag() == dwarf::DW_TAG_rvalue_reference_type ||
1281	N.getTag() == dwarf::DW_TAG_const_type ||
1282	N.getTag() == dwarf::DW_TAG_immutable_type ||
1283	N.getTag() == dwarf::DW_TAG_volatile_type ||
1284	N.getTag() == dwarf::DW_TAG_restrict_type ||
1285	N.getTag() == dwarf::DW_TAG_atomic_type ||
1286	N.getTag() == dwarf::DW_TAG_LLVM_ptrauth_type ||
1287	N.getTag() == dwarf::DW_TAG_member ||
1288	(N.getTag() == dwarf::DW_TAG_variable && N.isStaticMember()) ||
1289	N.getTag() == dwarf::DW_TAG_inheritance ||
1290	N.getTag() == dwarf::DW_TAG_friend ||
1291	N.getTag() == dwarf::DW_TAG_set_type ||
1292	N.getTag() == dwarf::DW_TAG_template_alias,
1293	"invalid tag", &N);
1294	if (N.getTag() == dwarf::DW_TAG_ptr_to_member_type) {
1295	CheckDI(isType(N.getRawExtraData()), "invalid pointer to member type", &N,
1296	N.getRawExtraData());
1297	}
1298
1299	if (N.getTag() == dwarf::DW_TAG_set_type) {
1300	if (auto *T = N.getRawBaseType()) {
1301	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: T);
1302	auto *Basic = dyn_cast_or_null<DIBasicType>(Val: T);
1303	CheckDI(
1304	(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type) ||
1305	(Basic && (Basic->getEncoding() == dwarf::DW_ATE_unsigned ||
1306	Basic->getEncoding() == dwarf::DW_ATE_signed ||
1307	Basic->getEncoding() == dwarf::DW_ATE_unsigned_char ||
1308	Basic->getEncoding() == dwarf::DW_ATE_signed_char ||
1309	Basic->getEncoding() == dwarf::DW_ATE_boolean)),
1310	"invalid set base type", &N, T);
1311	}
1312	}
1313
1314	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1315	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1316	N.getRawBaseType());
1317
1318	if (N.getDWARFAddressSpace()) {
1319	CheckDI(N.getTag() == dwarf::DW_TAG_pointer_type ||
1320	N.getTag() == dwarf::DW_TAG_reference_type ||
1321	N.getTag() == dwarf::DW_TAG_rvalue_reference_type,
1322	"DWARF address space only applies to pointer or reference types",
1323	&N);
1324	}
1325
1326	auto *Size = N.getRawSizeInBits();
1327	CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) ||
1328	isa<DIExpression>(Size),
1329	"SizeInBits must be a constant or DIVariable or DIExpression");
1330	}
1331
1332	/// Detect mutually exclusive flags.
1333	static bool hasConflictingReferenceFlags(unsigned Flags) {
1334	return ((Flags & DINode::FlagLValueReference) &&
1335	(Flags & DINode::FlagRValueReference)) ||
1336	((Flags & DINode::FlagTypePassByValue) &&
1337	(Flags & DINode::FlagTypePassByReference));
1338	}
1339
1340	void Verifier::visitTemplateParams(const MDNode &N, const Metadata &RawParams) {
1341	auto *Params = dyn_cast<MDTuple>(Val: &RawParams);
1342	CheckDI(Params, "invalid template params", &N, &RawParams);
1343	for (Metadata *Op : Params->operands()) {
1344	CheckDI(Op && isa<DITemplateParameter>(Op), "invalid template parameter",
1345	&N, Params, Op);
1346	}
1347	}
1348
1349	void Verifier::visitDICompositeType(const DICompositeType &N) {
1350	// Common scope checks.
1351	visitDIScope(N);
1352
1353	CheckDI(N.getTag() == dwarf::DW_TAG_array_type ||
1354	N.getTag() == dwarf::DW_TAG_structure_type ||
1355	N.getTag() == dwarf::DW_TAG_union_type ||
1356	N.getTag() == dwarf::DW_TAG_enumeration_type ||
1357	N.getTag() == dwarf::DW_TAG_class_type ||
1358	N.getTag() == dwarf::DW_TAG_variant_part ||
1359	N.getTag() == dwarf::DW_TAG_variant ||
1360	N.getTag() == dwarf::DW_TAG_namelist,
1361	"invalid tag", &N);
1362
1363	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1364	CheckDI(isType(N.getRawBaseType()), "invalid base type", &N,
1365	N.getRawBaseType());
1366
1367	CheckDI(!N.getRawElements() || isa<MDTuple>(N.getRawElements()),
1368	"invalid composite elements", &N, N.getRawElements());
1369	CheckDI(isType(N.getRawVTableHolder()), "invalid vtable holder", &N,
1370	N.getRawVTableHolder());
1371	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1372	"invalid reference flags", &N);
1373	unsigned DIBlockByRefStruct = 1 << 4;
1374	CheckDI((N.getFlags() & DIBlockByRefStruct) == 0,
1375	"DIBlockByRefStruct on DICompositeType is no longer supported", &N);
1376	CheckDI(llvm::all_of(N.getElements(), [](const DINode *N) { return N; }),
1377	"DISubprogram contains null entry in `elements` field", &N);
1378
1379	if (N.isVector()) {
1380	const DINodeArray Elements = N.getElements();
1381	CheckDI(Elements.size() == 1 &&
1382	Elements[0]->getTag() == dwarf::DW_TAG_subrange_type,
1383	"invalid vector, expected one element of type subrange", &N);
1384	}
1385
1386	if (auto *Params = N.getRawTemplateParams())
1387	visitTemplateParams(N, RawParams: *Params);
1388
1389	if (auto *D = N.getRawDiscriminator()) {
1390	CheckDI(isa<DIDerivedType>(D) && N.getTag() == dwarf::DW_TAG_variant_part,
1391	"discriminator can only appear on variant part");
1392	}
1393
1394	if (N.getRawDataLocation()) {
1395	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1396	"dataLocation can only appear in array type");
1397	}
1398
1399	if (N.getRawAssociated()) {
1400	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1401	"associated can only appear in array type");
1402	}
1403
1404	if (N.getRawAllocated()) {
1405	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1406	"allocated can only appear in array type");
1407	}
1408
1409	if (N.getRawRank()) {
1410	CheckDI(N.getTag() == dwarf::DW_TAG_array_type,
1411	"rank can only appear in array type");
1412	}
1413
1414	if (N.getTag() == dwarf::DW_TAG_array_type) {
1415	CheckDI(N.getRawBaseType(), "array types must have a base type", &N);
1416	}
1417
1418	auto *Size = N.getRawSizeInBits();
1419	CheckDI(!Size || isa<ConstantAsMetadata>(Size) || isa<DIVariable>(Size) ||
1420	isa<DIExpression>(Size),
1421	"SizeInBits must be a constant or DIVariable or DIExpression");
1422	}
1423
1424	void Verifier::visitDISubroutineType(const DISubroutineType &N) {
1425	CheckDI(N.getTag() == dwarf::DW_TAG_subroutine_type, "invalid tag", &N);
1426	if (auto *Types = N.getRawTypeArray()) {
1427	CheckDI(isa<MDTuple>(Types), "invalid composite elements", &N, Types);
1428	for (Metadata *Ty : N.getTypeArray()->operands()) {
1429	CheckDI(isType(Ty), "invalid subroutine type ref", &N, Types, Ty);
1430	}
1431	}
1432	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1433	"invalid reference flags", &N);
1434	}
1435
1436	void Verifier::visitDIFile(const DIFile &N) {
1437	CheckDI(N.getTag() == dwarf::DW_TAG_file_type, "invalid tag", &N);
1438	std::optional<DIFile::ChecksumInfo<StringRef>> Checksum = N.getChecksum();
1439	if (Checksum) {
1440	CheckDI(Checksum->Kind <= DIFile::ChecksumKind::CSK_Last,
1441	"invalid checksum kind", &N);
1442	size_t Size;
1443	switch (Checksum->Kind) {
1444	case DIFile::CSK_MD5:
1445	Size = 32;
1446	break;
1447	case DIFile::CSK_SHA1:
1448	Size = 40;
1449	break;
1450	case DIFile::CSK_SHA256:
1451	Size = 64;
1452	break;
1453	}
1454	CheckDI(Checksum->Value.size() == Size, "invalid checksum length", &N);
1455	CheckDI(Checksum->Value.find_if_not(llvm::isHexDigit) == StringRef::npos,
1456	"invalid checksum", &N);
1457	}
1458	}
1459
1460	void Verifier::visitDICompileUnit(const DICompileUnit &N) {
1461	CheckDI(N.isDistinct(), "compile units must be distinct", &N);
1462	CheckDI(N.getTag() == dwarf::DW_TAG_compile_unit, "invalid tag", &N);
1463
1464	// Don't bother verifying the compilation directory or producer string
1465	// as those could be empty.
1466	CheckDI(N.getRawFile() && isa<DIFile>(N.getRawFile()), "invalid file", &N,
1467	N.getRawFile());
1468	CheckDI(!N.getFile()->getFilename().empty(), "invalid filename", &N,
1469	N.getFile());
1470
1471	CheckDI((N.getEmissionKind() <= DICompileUnit::LastEmissionKind),
1472	"invalid emission kind", &N);
1473
1474	if (auto *Array = N.getRawEnumTypes()) {
1475	CheckDI(isa<MDTuple>(Array), "invalid enum list", &N, Array);
1476	for (Metadata *Op : N.getEnumTypes()->operands()) {
1477	auto *Enum = dyn_cast_or_null<DICompositeType>(Val: Op);
1478	CheckDI(Enum && Enum->getTag() == dwarf::DW_TAG_enumeration_type,
1479	"invalid enum type", &N, N.getEnumTypes(), Op);
1480	}
1481	}
1482	if (auto *Array = N.getRawRetainedTypes()) {
1483	CheckDI(isa<MDTuple>(Array), "invalid retained type list", &N, Array);
1484	for (Metadata *Op : N.getRetainedTypes()->operands()) {
1485	CheckDI(
1486	Op && (isa<DIType>(Op) || (isa<DISubprogram>(Op) &&
1487	!cast<DISubprogram>(Op)->isDefinition())),
1488	"invalid retained type", &N, Op);
1489	}
1490	}
1491	if (auto *Array = N.getRawGlobalVariables()) {
1492	CheckDI(isa<MDTuple>(Array), "invalid global variable list", &N, Array);
1493	for (Metadata *Op : N.getGlobalVariables()->operands()) {
1494	CheckDI(Op && (isa<DIGlobalVariableExpression>(Op)),
1495	"invalid global variable ref", &N, Op);
1496	}
1497	}
1498	if (auto *Array = N.getRawImportedEntities()) {
1499	CheckDI(isa<MDTuple>(Array), "invalid imported entity list", &N, Array);
1500	for (Metadata *Op : N.getImportedEntities()->operands()) {
1501	CheckDI(Op && isa<DIImportedEntity>(Op), "invalid imported entity ref",
1502	&N, Op);
1503	}
1504	}
1505	if (auto *Array = N.getRawMacros()) {
1506	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1507	for (Metadata *Op : N.getMacros()->operands()) {
1508	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1509	}
1510	}
1511	CUVisited.insert(Ptr: &N);
1512	}
1513
1514	void Verifier::visitDISubprogram(const DISubprogram &N) {
1515	CheckDI(N.getTag() == dwarf::DW_TAG_subprogram, "invalid tag", &N);
1516	CheckDI(isScope(N.getRawScope()), "invalid scope", &N, N.getRawScope());
1517	if (auto *F = N.getRawFile())
1518	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1519	else
1520	CheckDI(N.getLine() == 0, "line specified with no file", &N, N.getLine());
1521	if (auto *T = N.getRawType())
1522	CheckDI(isa<DISubroutineType>(T), "invalid subroutine type", &N, T);
1523	CheckDI(isType(N.getRawContainingType()), "invalid containing type", &N,
1524	N.getRawContainingType());
1525	if (auto *Params = N.getRawTemplateParams())
1526	visitTemplateParams(N, RawParams: *Params);
1527	if (auto *S = N.getRawDeclaration())
1528	CheckDI(isa<DISubprogram>(S) && !cast<DISubprogram>(S)->isDefinition(),
1529	"invalid subprogram declaration", &N, S);
1530	if (auto *RawNode = N.getRawRetainedNodes()) {
1531	auto *Node = dyn_cast<MDTuple>(Val: RawNode);
1532	CheckDI(Node, "invalid retained nodes list", &N, RawNode);
1533	for (Metadata *Op : Node->operands()) {
1534	CheckDI(Op && (isa<DILocalVariable>(Op) || isa<DILabel>(Op) ||
1535	isa<DIImportedEntity>(Op)),
1536	"invalid retained nodes, expected DILocalVariable, DILabel or "
1537	"DIImportedEntity",
1538	&N, Node, Op);
1539	}
1540	}
1541	CheckDI(!hasConflictingReferenceFlags(N.getFlags()),
1542	"invalid reference flags", &N);
1543
1544	auto *Unit = N.getRawUnit();
1545	if (N.isDefinition()) {
1546	// Subprogram definitions (not part of the type hierarchy).
1547	CheckDI(N.isDistinct(), "subprogram definitions must be distinct", &N);
1548	CheckDI(Unit, "subprogram definitions must have a compile unit", &N);
1549	CheckDI(isa<DICompileUnit>(Unit), "invalid unit type", &N, Unit);
1550	// There's no good way to cross the CU boundary to insert a nested
1551	// DISubprogram definition in one CU into a type defined in another CU.
1552	auto *CT = dyn_cast_or_null<DICompositeType>(Val: N.getRawScope());
1553	if (CT && CT->getRawIdentifier() &&
1554	M.getContext().isODRUniquingDebugTypes())
1555	CheckDI(N.getDeclaration(),
1556	"definition subprograms cannot be nested within DICompositeType "
1557	"when enabling ODR",
1558	&N);
1559	} else {
1560	// Subprogram declarations (part of the type hierarchy).
1561	CheckDI(!Unit, "subprogram declarations must not have a compile unit", &N);
1562	CheckDI(!N.getRawDeclaration(),
1563	"subprogram declaration must not have a declaration field");
1564	}
1565
1566	if (auto *RawThrownTypes = N.getRawThrownTypes()) {
1567	auto *ThrownTypes = dyn_cast<MDTuple>(Val: RawThrownTypes);
1568	CheckDI(ThrownTypes, "invalid thrown types list", &N, RawThrownTypes);
1569	for (Metadata *Op : ThrownTypes->operands())
1570	CheckDI(Op && isa<DIType>(Op), "invalid thrown type", &N, ThrownTypes,
1571	Op);
1572	}
1573
1574	if (N.areAllCallsDescribed())
1575	CheckDI(N.isDefinition(),
1576	"DIFlagAllCallsDescribed must be attached to a definition");
1577	}
1578
1579	void Verifier::visitDILexicalBlockBase(const DILexicalBlockBase &N) {
1580	CheckDI(N.getTag() == dwarf::DW_TAG_lexical_block, "invalid tag", &N);
1581	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1582	"invalid local scope", &N, N.getRawScope());
1583	if (auto *SP = dyn_cast<DISubprogram>(Val: N.getRawScope()))
1584	CheckDI(SP->isDefinition(), "scope points into the type hierarchy", &N);
1585	}
1586
1587	void Verifier::visitDILexicalBlock(const DILexicalBlock &N) {
1588	visitDILexicalBlockBase(N);
1589
1590	CheckDI(N.getLine() || !N.getColumn(),
1591	"cannot have column info without line info", &N);
1592	}
1593
1594	void Verifier::visitDILexicalBlockFile(const DILexicalBlockFile &N) {
1595	visitDILexicalBlockBase(N);
1596	}
1597
1598	void Verifier::visitDICommonBlock(const DICommonBlock &N) {
1599	CheckDI(N.getTag() == dwarf::DW_TAG_common_block, "invalid tag", &N);
1600	if (auto *S = N.getRawScope())
1601	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1602	if (auto *S = N.getRawDecl())
1603	CheckDI(isa<DIGlobalVariable>(S), "invalid declaration", &N, S);
1604	}
1605
1606	void Verifier::visitDINamespace(const DINamespace &N) {
1607	CheckDI(N.getTag() == dwarf::DW_TAG_namespace, "invalid tag", &N);
1608	if (auto *S = N.getRawScope())
1609	CheckDI(isa<DIScope>(S), "invalid scope ref", &N, S);
1610	}
1611
1612	void Verifier::visitDIMacro(const DIMacro &N) {
1613	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_define ||
1614	N.getMacinfoType() == dwarf::DW_MACINFO_undef,
1615	"invalid macinfo type", &N);
1616	CheckDI(!N.getName().empty(), "anonymous macro", &N);
1617	if (!N.getValue().empty()) {
1618	assert(N.getValue().data()[0] != ' ' && "Macro value has a space prefix");
1619	}
1620	}
1621
1622	void Verifier::visitDIMacroFile(const DIMacroFile &N) {
1623	CheckDI(N.getMacinfoType() == dwarf::DW_MACINFO_start_file,
1624	"invalid macinfo type", &N);
1625	if (auto *F = N.getRawFile())
1626	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1627
1628	if (auto *Array = N.getRawElements()) {
1629	CheckDI(isa<MDTuple>(Array), "invalid macro list", &N, Array);
1630	for (Metadata *Op : N.getElements()->operands()) {
1631	CheckDI(Op && isa<DIMacroNode>(Op), "invalid macro ref", &N, Op);
1632	}
1633	}
1634	}
1635
1636	void Verifier::visitDIModule(const DIModule &N) {
1637	CheckDI(N.getTag() == dwarf::DW_TAG_module, "invalid tag", &N);
1638	CheckDI(!N.getName().empty(), "anonymous module", &N);
1639	}
1640
1641	void Verifier::visitDITemplateParameter(const DITemplateParameter &N) {
1642	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1643	}
1644
1645	void Verifier::visitDITemplateTypeParameter(const DITemplateTypeParameter &N) {
1646	visitDITemplateParameter(N);
1647
1648	CheckDI(N.getTag() == dwarf::DW_TAG_template_type_parameter, "invalid tag",
1649	&N);
1650	}
1651
1652	void Verifier::visitDITemplateValueParameter(
1653	const DITemplateValueParameter &N) {
1654	visitDITemplateParameter(N);
1655
1656	CheckDI(N.getTag() == dwarf::DW_TAG_template_value_parameter ||
1657	N.getTag() == dwarf::DW_TAG_GNU_template_template_param ||
1658	N.getTag() == dwarf::DW_TAG_GNU_template_parameter_pack,
1659	"invalid tag", &N);
1660	}
1661
1662	void Verifier::visitDIVariable(const DIVariable &N) {
1663	if (auto *S = N.getRawScope())
1664	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1665	if (auto *F = N.getRawFile())
1666	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1667	}
1668
1669	void Verifier::visitDIGlobalVariable(const DIGlobalVariable &N) {
1670	// Checks common to all variables.
1671	visitDIVariable(N);
1672
1673	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1674	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1675	// Check only if the global variable is not an extern
1676	if (N.isDefinition())
1677	CheckDI(N.getType(), "missing global variable type", &N);
1678	if (auto *Member = N.getRawStaticDataMemberDeclaration()) {
1679	CheckDI(isa<DIDerivedType>(Member),
1680	"invalid static data member declaration", &N, Member);
1681	}
1682	}
1683
1684	void Verifier::visitDILocalVariable(const DILocalVariable &N) {
1685	// Checks common to all variables.
1686	visitDIVariable(N);
1687
1688	CheckDI(isType(N.getRawType()), "invalid type ref", &N, N.getRawType());
1689	CheckDI(N.getTag() == dwarf::DW_TAG_variable, "invalid tag", &N);
1690	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1691	"local variable requires a valid scope", &N, N.getRawScope());
1692	if (auto Ty = N.getType())
1693	CheckDI(!isa<DISubroutineType>(Ty), "invalid type", &N, N.getType());
1694	}
1695
1696	void Verifier::visitDIAssignID(const DIAssignID &N) {
1697	CheckDI(!N.getNumOperands(), "DIAssignID has no arguments", &N);
1698	CheckDI(N.isDistinct(), "DIAssignID must be distinct", &N);
1699	}
1700
1701	void Verifier::visitDILabel(const DILabel &N) {
1702	if (auto *S = N.getRawScope())
1703	CheckDI(isa<DIScope>(S), "invalid scope", &N, S);
1704	if (auto *F = N.getRawFile())
1705	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1706
1707	CheckDI(N.getTag() == dwarf::DW_TAG_label, "invalid tag", &N);
1708	CheckDI(N.getRawScope() && isa<DILocalScope>(N.getRawScope()),
1709	"label requires a valid scope", &N, N.getRawScope());
1710	}
1711
1712	void Verifier::visitDIExpression(const DIExpression &N) {
1713	CheckDI(N.isValid(), "invalid expression", &N);
1714	}
1715
1716	void Verifier::visitDIGlobalVariableExpression(
1717	const DIGlobalVariableExpression &GVE) {
1718	CheckDI(GVE.getVariable(), "missing variable");
1719	if (auto *Var = GVE.getVariable())
1720	visitDIGlobalVariable(N: *Var);
1721	if (auto *Expr = GVE.getExpression()) {
1722	visitDIExpression(N: *Expr);
1723	if (auto Fragment = Expr->getFragmentInfo())
1724	verifyFragmentExpression(V: *GVE.getVariable(), Fragment: *Fragment, Desc: &GVE);
1725	}
1726	}
1727
1728	void Verifier::visitDIObjCProperty(const DIObjCProperty &N) {
1729	CheckDI(N.getTag() == dwarf::DW_TAG_APPLE_property, "invalid tag", &N);
1730	if (auto *T = N.getRawType())
1731	CheckDI(isType(T), "invalid type ref", &N, T);
1732	if (auto *F = N.getRawFile())
1733	CheckDI(isa<DIFile>(F), "invalid file", &N, F);
1734	}
1735
1736	void Verifier::visitDIImportedEntity(const DIImportedEntity &N) {
1737	CheckDI(N.getTag() == dwarf::DW_TAG_imported_module ||
1738	N.getTag() == dwarf::DW_TAG_imported_declaration,
1739	"invalid tag", &N);
1740	if (auto *S = N.getRawScope())
1741	CheckDI(isa<DIScope>(S), "invalid scope for imported entity", &N, S);
1742	CheckDI(isDINode(N.getRawEntity()), "invalid imported entity", &N,
1743	N.getRawEntity());
1744	}
1745
1746	void Verifier::visitComdat(const Comdat &C) {
1747	// In COFF the Module is invalid if the GlobalValue has private linkage.
1748	// Entities with private linkage don't have entries in the symbol table.
1749	if (TT.isOSBinFormatCOFF())
1750	if (const GlobalValue *GV = M.getNamedValue(Name: C.getName()))
1751	Check(!GV->hasPrivateLinkage(), "comdat global value has private linkage",
1752	GV);
1753	}
1754
1755	void Verifier::visitModuleIdents() {
1756	const NamedMDNode *Idents = M.getNamedMetadata(Name: "llvm.ident");
1757	if (!Idents)
1758	return;
1759
1760	// llvm.ident takes a list of metadata entry. Each entry has only one string.
1761	// Scan each llvm.ident entry and make sure that this requirement is met.
1762	for (const MDNode *N : Idents->operands()) {
1763	Check(N->getNumOperands() == 1,
1764	"incorrect number of operands in llvm.ident metadata", N);
1765	Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1766	("invalid value for llvm.ident metadata entry operand"
1767	"(the operand should be a string)"),
1768	N->getOperand(0));
1769	}
1770	}
1771
1772	void Verifier::visitModuleCommandLines() {
1773	const NamedMDNode *CommandLines = M.getNamedMetadata(Name: "llvm.commandline");
1774	if (!CommandLines)
1775	return;
1776
1777	// llvm.commandline takes a list of metadata entry. Each entry has only one
1778	// string. Scan each llvm.commandline entry and make sure that this
1779	// requirement is met.
1780	for (const MDNode *N : CommandLines->operands()) {
1781	Check(N->getNumOperands() == 1,
1782	"incorrect number of operands in llvm.commandline metadata", N);
1783	Check(dyn_cast_or_null<MDString>(N->getOperand(0)),
1784	("invalid value for llvm.commandline metadata entry operand"
1785	"(the operand should be a string)"),
1786	N->getOperand(0));
1787	}
1788	}
1789
1790	void Verifier::visitModuleFlags() {
1791	const NamedMDNode *Flags = M.getModuleFlagsMetadata();
1792	if (!Flags) return;
1793
1794	// Scan each flag, and track the flags and requirements.
1795	DenseMap<const MDString*, const MDNode*> SeenIDs;
1796	SmallVector<const MDNode*, 16> Requirements;
1797	uint64_t PAuthABIPlatform = -1;
1798	uint64_t PAuthABIVersion = -1;
1799	for (const MDNode *MDN : Flags->operands()) {
1800	visitModuleFlag(Op: MDN, SeenIDs, Requirements);
1801	if (MDN->getNumOperands() != 3)
1802	continue;
1803	if (const auto *FlagName = dyn_cast_or_null<MDString>(Val: MDN->getOperand(I: 1))) {
1804	if (FlagName->getString() == "aarch64-elf-pauthabi-platform") {
1805	if (const auto *PAP =
1806	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1807	PAuthABIPlatform = PAP->getZExtValue();
1808	} else if (FlagName->getString() == "aarch64-elf-pauthabi-version") {
1809	if (const auto *PAV =
1810	mdconst::dyn_extract_or_null<ConstantInt>(MD: MDN->getOperand(I: 2)))
1811	PAuthABIVersion = PAV->getZExtValue();
1812	}
1813	}
1814	}
1815
1816	if ((PAuthABIPlatform == uint64_t(-1)) != (PAuthABIVersion == uint64_t(-1)))
1817	CheckFailed(Message: "either both or no 'aarch64-elf-pauthabi-platform' and "
1818	"'aarch64-elf-pauthabi-version' module flags must be present");
1819
1820	// Validate that the requirements in the module are valid.
1821	for (const MDNode *Requirement : Requirements) {
1822	const MDString *Flag = cast<MDString>(Val: Requirement->getOperand(I: 0));
1823	const Metadata *ReqValue = Requirement->getOperand(I: 1);
1824
1825	const MDNode *Op = SeenIDs.lookup(Val: Flag);
1826	if (!Op) {
1827	CheckFailed(Message: "invalid requirement on flag, flag is not present in module",
1828	V1: Flag);
1829	continue;
1830	}
1831
1832	if (Op->getOperand(I: 2) != ReqValue) {
1833	CheckFailed(Message: ("invalid requirement on flag, "
1834	"flag does not have the required value"),
1835	V1: Flag);
1836	continue;
1837	}
1838	}
1839	}
1840
1841	void
1842	Verifier::visitModuleFlag(const MDNode *Op,
1843	DenseMap<const MDString *, const MDNode *> &SeenIDs,
1844	SmallVectorImpl<const MDNode *> &Requirements) {
1845	// Each module flag should have three arguments, the merge behavior (a
1846	// constant int), the flag ID (an MDString), and the value.
1847	Check(Op->getNumOperands() == 3,
1848	"incorrect number of operands in module flag", Op);
1849	Module::ModFlagBehavior MFB;
1850	if (!Module::isValidModFlagBehavior(MD: Op->getOperand(I: 0), MFB)) {
1851	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(0)),
1852	"invalid behavior operand in module flag (expected constant integer)",
1853	Op->getOperand(0));
1854	Check(false,
1855	"invalid behavior operand in module flag (unexpected constant)",
1856	Op->getOperand(0));
1857	}
1858	MDString *ID = dyn_cast_or_null<MDString>(Val: Op->getOperand(I: 1));
1859	Check(ID, "invalid ID operand in module flag (expected metadata string)",
1860	Op->getOperand(1));
1861
1862	// Check the values for behaviors with additional requirements.
1863	switch (MFB) {
1864	case Module::Error:
1865	case Module::Warning:
1866	case Module::Override:
1867	// These behavior types accept any value.
1868	break;
1869
1870	case Module::Min: {
1871	auto *V = mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1872	Check(V && V->getValue().isNonNegative(),
1873	"invalid value for 'min' module flag (expected constant non-negative "
1874	"integer)",
1875	Op->getOperand(2));
1876	break;
1877	}
1878
1879	case Module::Max: {
1880	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op->getOperand(2)),
1881	"invalid value for 'max' module flag (expected constant integer)",
1882	Op->getOperand(2));
1883	break;
1884	}
1885
1886	case Module::Require: {
1887	// The value should itself be an MDNode with two operands, a flag ID (an
1888	// MDString), and a value.
1889	MDNode *Value = dyn_cast<MDNode>(Val: Op->getOperand(I: 2));
1890	Check(Value && Value->getNumOperands() == 2,
1891	"invalid value for 'require' module flag (expected metadata pair)",
1892	Op->getOperand(2));
1893	Check(isa<MDString>(Value->getOperand(0)),
1894	("invalid value for 'require' module flag "
1895	"(first value operand should be a string)"),
1896	Value->getOperand(0));
1897
1898	// Append it to the list of requirements, to check once all module flags are
1899	// scanned.
1900	Requirements.push_back(Elt: Value);
1901	break;
1902	}
1903
1904	case Module::Append:
1905	case Module::AppendUnique: {
1906	// These behavior types require the operand be an MDNode.
1907	Check(isa<MDNode>(Op->getOperand(2)),
1908	"invalid value for 'append'-type module flag "
1909	"(expected a metadata node)",
1910	Op->getOperand(2));
1911	break;
1912	}
1913	}
1914
1915	// Unless this is a "requires" flag, check the ID is unique.
1916	if (MFB != Module::Require) {
1917	bool Inserted = SeenIDs.insert(KV: std::make_pair(x&: ID, y&: Op)).second;
1918	Check(Inserted,
1919	"module flag identifiers must be unique (or of 'require' type)", ID);
1920	}
1921
1922	if (ID->getString() == "wchar_size") {
1923	ConstantInt *Value
1924	= mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1925	Check(Value, "wchar_size metadata requires constant integer argument");
1926	}
1927
1928	if (ID->getString() == "Linker Options") {
1929	// If the llvm.linker.options named metadata exists, we assume that the
1930	// bitcode reader has upgraded the module flag. Otherwise the flag might
1931	// have been created by a client directly.
1932	Check(M.getNamedMetadata("llvm.linker.options"),
1933	"'Linker Options' named metadata no longer supported");
1934	}
1935
1936	if (ID->getString() == "SemanticInterposition") {
1937	ConstantInt *Value =
1938	mdconst::dyn_extract_or_null<ConstantInt>(MD: Op->getOperand(I: 2));
1939	Check(Value,
1940	"SemanticInterposition metadata requires constant integer argument");
1941	}
1942
1943	if (ID->getString() == "CG Profile") {
1944	for (const MDOperand &MDO : cast<MDNode>(Val: Op->getOperand(I: 2))->operands())
1945	visitModuleFlagCGProfileEntry(MDO);
1946	}
1947	}
1948
1949	void Verifier::visitModuleFlagCGProfileEntry(const MDOperand &MDO) {
1950	auto CheckFunction = [&](const MDOperand &FuncMDO) {
1951	if (!FuncMDO)
1952	return;
1953	auto F = dyn_cast<ValueAsMetadata>(Val: FuncMDO);
1954	Check(F && isa<Function>(F->getValue()->stripPointerCasts()),
1955	"expected a Function or null", FuncMDO);
1956	};
1957	auto Node = dyn_cast_or_null<MDNode>(Val: MDO);
1958	Check(Node && Node->getNumOperands() == 3, "expected a MDNode triple", MDO);
1959	CheckFunction(Node->getOperand(I: 0));
1960	CheckFunction(Node->getOperand(I: 1));
1961	auto Count = dyn_cast_or_null<ConstantAsMetadata>(Val: Node->getOperand(I: 2));
1962	Check(Count && Count->getType()->isIntegerTy(),
1963	"expected an integer constant", Node->getOperand(2));
1964	}
1965
1966	void Verifier::verifyAttributeTypes(AttributeSet Attrs, const Value *V) {
1967	for (Attribute A : Attrs) {
1968
1969	if (A.isStringAttribute()) {
1970	#define GET_ATTR_NAMES
1971	#define ATTRIBUTE_ENUM(ENUM_NAME, DISPLAY_NAME)
1972	#define ATTRIBUTE_STRBOOL(ENUM_NAME, DISPLAY_NAME) \
1973	if (A.getKindAsString() == #DISPLAY_NAME) { \
1974	auto V = A.getValueAsString(); \
1975	if (!(V.empty() || V == "true" || V == "false")) \
1976	CheckFailed("invalid value for '" #DISPLAY_NAME "' attribute: " + V + \
1977	""); \
1978	}
1979
1980	#include "llvm/IR/Attributes.inc"
1981	continue;
1982	}
1983
1984	if (A.isIntAttribute() != Attribute::isIntAttrKind(Kind: A.getKindAsEnum())) {
1985	CheckFailed(Message: "Attribute '" + A.getAsString() + "' should have an Argument",
1986	V1: V);
1987	return;
1988	}
1989	}
1990	}
1991
1992	// VerifyParameterAttrs - Check the given attributes for an argument or return
1993	// value of the specified type. The value V is printed in error messages.
1994	void Verifier::verifyParameterAttrs(AttributeSet Attrs, Type *Ty,
1995	const Value *V) {
1996	if (!Attrs.hasAttributes())
1997	return;
1998
1999	verifyAttributeTypes(Attrs, V);
2000
2001	for (Attribute Attr : Attrs)
2002	Check(Attr.isStringAttribute() ||
2003	Attribute::canUseAsParamAttr(Attr.getKindAsEnum()),
2004	"Attribute '" + Attr.getAsString() + "' does not apply to parameters",
2005	V);
2006
2007	if (Attrs.hasAttribute(Kind: Attribute::ImmArg)) {
2008	unsigned AttrCount =
2009	Attrs.getNumAttributes() - Attrs.hasAttribute(Kind: Attribute::Range);
2010	Check(AttrCount == 1,
2011	"Attribute 'immarg' is incompatible with other attributes except the "
2012	"'range' attribute",
2013	V);
2014	}
2015
2016	// Check for mutually incompatible attributes. Only inreg is compatible with
2017	// sret.
2018	unsigned AttrCount = 0;
2019	AttrCount += Attrs.hasAttribute(Kind: Attribute::ByVal);
2020	AttrCount += Attrs.hasAttribute(Kind: Attribute::InAlloca);
2021	AttrCount += Attrs.hasAttribute(Kind: Attribute::Preallocated);
2022	AttrCount += Attrs.hasAttribute(Kind: Attribute::StructRet) ||
2023	Attrs.hasAttribute(Kind: Attribute::InReg);
2024	AttrCount += Attrs.hasAttribute(Kind: Attribute::Nest);
2025	AttrCount += Attrs.hasAttribute(Kind: Attribute::ByRef);
2026	Check(AttrCount <= 1,
2027	"Attributes 'byval', 'inalloca', 'preallocated', 'inreg', 'nest', "
2028	"'byref', and 'sret' are incompatible!",
2029	V);
2030
2031	Check(!(Attrs.hasAttribute(Attribute::InAlloca) &&
2032	Attrs.hasAttribute(Attribute::ReadOnly)),
2033	"Attributes "
2034	"'inalloca and readonly' are incompatible!",
2035	V);
2036
2037	Check(!(Attrs.hasAttribute(Attribute::StructRet) &&
2038	Attrs.hasAttribute(Attribute::Returned)),
2039	"Attributes "
2040	"'sret and returned' are incompatible!",
2041	V);
2042
2043	Check(!(Attrs.hasAttribute(Attribute::ZExt) &&
2044	Attrs.hasAttribute(Attribute::SExt)),
2045	"Attributes "
2046	"'zeroext and signext' are incompatible!",
2047	V);
2048
2049	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2050	Attrs.hasAttribute(Attribute::ReadOnly)),
2051	"Attributes "
2052	"'readnone and readonly' are incompatible!",
2053	V);
2054
2055	Check(!(Attrs.hasAttribute(Attribute::ReadNone) &&
2056	Attrs.hasAttribute(Attribute::WriteOnly)),
2057	"Attributes "
2058	"'readnone and writeonly' are incompatible!",
2059	V);
2060
2061	Check(!(Attrs.hasAttribute(Attribute::ReadOnly) &&
2062	Attrs.hasAttribute(Attribute::WriteOnly)),
2063	"Attributes "
2064	"'readonly and writeonly' are incompatible!",
2065	V);
2066
2067	Check(!(Attrs.hasAttribute(Attribute::NoInline) &&
2068	Attrs.hasAttribute(Attribute::AlwaysInline)),
2069	"Attributes "
2070	"'noinline and alwaysinline' are incompatible!",
2071	V);
2072
2073	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2074	Attrs.hasAttribute(Attribute::ReadNone)),
2075	"Attributes writable and readnone are incompatible!", V);
2076
2077	Check(!(Attrs.hasAttribute(Attribute::Writable) &&
2078	Attrs.hasAttribute(Attribute::ReadOnly)),
2079	"Attributes writable and readonly are incompatible!", V);
2080
2081	AttributeMask IncompatibleAttrs = AttributeFuncs::typeIncompatible(Ty, AS: Attrs);
2082	for (Attribute Attr : Attrs) {
2083	if (!Attr.isStringAttribute() &&
2084	IncompatibleAttrs.contains(A: Attr.getKindAsEnum())) {
2085	CheckFailed(Message: "Attribute '" + Attr.getAsString() +
2086	"' applied to incompatible type!", V1: V);
2087	return;
2088	}
2089	}
2090
2091	if (isa<PointerType>(Val: Ty)) {
2092	if (Attrs.hasAttribute(Kind: Attribute::Alignment)) {
2093	Align AttrAlign = Attrs.getAlignment().valueOrOne();
2094	Check(AttrAlign.value() <= Value::MaximumAlignment,
2095	"huge alignment values are unsupported", V);
2096	}
2097	if (Attrs.hasAttribute(Kind: Attribute::ByVal)) {
2098	Type *ByValTy = Attrs.getByValType();
2099	SmallPtrSet<Type *, 4> Visited;
2100	Check(ByValTy->isSized(&Visited),
2101	"Attribute 'byval' does not support unsized types!", V);
2102	// Check if it is or contains a target extension type that disallows being
2103	// used on the stack.
2104	Check(!ByValTy->containsNonLocalTargetExtType(),
2105	"'byval' argument has illegal target extension type", V);
2106	Check(DL.getTypeAllocSize(ByValTy).getKnownMinValue() < (1ULL << 32),
2107	"huge 'byval' arguments are unsupported", V);
2108	}
2109	if (Attrs.hasAttribute(Kind: Attribute::ByRef)) {
2110	SmallPtrSet<Type *, 4> Visited;
2111	Check(Attrs.getByRefType()->isSized(&Visited),
2112	"Attribute 'byref' does not support unsized types!", V);
2113	Check(DL.getTypeAllocSize(Attrs.getByRefType()).getKnownMinValue() <
2114	(1ULL << 32),
2115	"huge 'byref' arguments are unsupported", V);
2116	}
2117	if (Attrs.hasAttribute(Kind: Attribute::InAlloca)) {
2118	SmallPtrSet<Type *, 4> Visited;
2119	Check(Attrs.getInAllocaType()->isSized(&Visited),
2120	"Attribute 'inalloca' does not support unsized types!", V);
2121	Check(DL.getTypeAllocSize(Attrs.getInAllocaType()).getKnownMinValue() <
2122	(1ULL << 32),
2123	"huge 'inalloca' arguments are unsupported", V);
2124	}
2125	if (Attrs.hasAttribute(Kind: Attribute::Preallocated)) {
2126	SmallPtrSet<Type *, 4> Visited;
2127	Check(Attrs.getPreallocatedType()->isSized(&Visited),
2128	"Attribute 'preallocated' does not support unsized types!", V);
2129	Check(
2130	DL.getTypeAllocSize(Attrs.getPreallocatedType()).getKnownMinValue() <
2131	(1ULL << 32),
2132	"huge 'preallocated' arguments are unsupported", V);
2133	}
2134	}
2135
2136	if (Attrs.hasAttribute(Kind: Attribute::Initializes)) {
2137	auto Inits = Attrs.getAttribute(Kind: Attribute::Initializes).getInitializes();
2138	Check(!Inits.empty(), "Attribute 'initializes' does not support empty list",
2139	V);
2140	Check(ConstantRangeList::isOrderedRanges(Inits),
2141	"Attribute 'initializes' does not support unordered ranges", V);
2142	}
2143
2144	if (Attrs.hasAttribute(Kind: Attribute::NoFPClass)) {
2145	uint64_t Val = Attrs.getAttribute(Kind: Attribute::NoFPClass).getValueAsInt();
2146	Check(Val != 0, "Attribute 'nofpclass' must have at least one test bit set",
2147	V);
2148	Check((Val & ~static_cast<unsigned>(fcAllFlags)) == 0,
2149	"Invalid value for 'nofpclass' test mask", V);
2150	}
2151	if (Attrs.hasAttribute(Kind: Attribute::Range)) {
2152	const ConstantRange &CR =
2153	Attrs.getAttribute(Kind: Attribute::Range).getValueAsConstantRange();
2154	Check(Ty->isIntOrIntVectorTy(CR.getBitWidth()),
2155	"Range bit width must match type bit width!", V);
2156	}
2157	}
2158
2159	void Verifier::checkUnsignedBaseTenFuncAttr(AttributeList Attrs, StringRef Attr,
2160	const Value *V) {
2161	if (Attrs.hasFnAttr(Kind: Attr)) {
2162	StringRef S = Attrs.getFnAttr(Kind: Attr).getValueAsString();
2163	unsigned N;
2164	if (S.getAsInteger(Radix: 10, Result&: N))
2165	CheckFailed(Message: "\"" + Attr + "\" takes an unsigned integer: " + S, V1: V);
2166	}
2167	}
2168
2169	// Check parameter attributes against a function type.
2170	// The value V is printed in error messages.
2171	void Verifier::verifyFunctionAttrs(FunctionType *FT, AttributeList Attrs,
2172	const Value *V, bool IsIntrinsic,
2173	bool IsInlineAsm) {
2174	if (Attrs.isEmpty())
2175	return;
2176
2177	if (AttributeListsVisited.insert(Ptr: Attrs.getRawPointer()).second) {
2178	Check(Attrs.hasParentContext(Context),
2179	"Attribute list does not match Module context!", &Attrs, V);
2180	for (const auto &AttrSet : Attrs) {
2181	Check(!AttrSet.hasAttributes() || AttrSet.hasParentContext(Context),
2182	"Attribute set does not match Module context!", &AttrSet, V);
2183	for (const auto &A : AttrSet) {
2184	Check(A.hasParentContext(Context),
2185	"Attribute does not match Module context!", &A, V);
2186	}
2187	}
2188	}
2189
2190	bool SawNest = false;
2191	bool SawReturned = false;
2192	bool SawSRet = false;
2193	bool SawSwiftSelf = false;
2194	bool SawSwiftAsync = false;
2195	bool SawSwiftError = false;
2196
2197	// Verify return value attributes.
2198	AttributeSet RetAttrs = Attrs.getRetAttrs();
2199	for (Attribute RetAttr : RetAttrs)
2200	Check(RetAttr.isStringAttribute() ||
2201	Attribute::canUseAsRetAttr(RetAttr.getKindAsEnum()),
2202	"Attribute '" + RetAttr.getAsString() +
2203	"' does not apply to function return values",
2204	V);
2205
2206	unsigned MaxParameterWidth = 0;
2207	auto GetMaxParameterWidth = [&MaxParameterWidth](Type *Ty) {
2208	if (Ty->isVectorTy()) {
2209	if (auto *VT = dyn_cast<FixedVectorType>(Val: Ty)) {
2210	unsigned Size = VT->getPrimitiveSizeInBits().getFixedValue();
2211	if (Size > MaxParameterWidth)
2212	MaxParameterWidth = Size;
2213	}
2214	}
2215	};
2216	GetMaxParameterWidth(FT->getReturnType());
2217	verifyParameterAttrs(Attrs: RetAttrs, Ty: FT->getReturnType(), V);
2218
2219	// Verify parameter attributes.
2220	for (unsigned i = 0, e = FT->getNumParams(); i != e; ++i) {
2221	Type *Ty = FT->getParamType(i);
2222	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: i);
2223
2224	if (!IsIntrinsic) {
2225	Check(!ArgAttrs.hasAttribute(Attribute::ImmArg),
2226	"immarg attribute only applies to intrinsics", V);
2227	if (!IsInlineAsm)
2228	Check(!ArgAttrs.hasAttribute(Attribute::ElementType),
2229	"Attribute 'elementtype' can only be applied to intrinsics"
2230	" and inline asm.",
2231	V);
2232	}
2233
2234	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V);
2235	GetMaxParameterWidth(Ty);
2236
2237	if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
2238	Check(!SawNest, "More than one parameter has attribute nest!", V);
2239	SawNest = true;
2240	}
2241
2242	if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
2243	Check(!SawReturned, "More than one parameter has attribute returned!", V);
2244	Check(Ty->canLosslesslyBitCastTo(FT->getReturnType()),
2245	"Incompatible argument and return types for 'returned' attribute",
2246	V);
2247	SawReturned = true;
2248	}
2249
2250	if (ArgAttrs.hasAttribute(Kind: Attribute::StructRet)) {
2251	Check(!SawSRet, "Cannot have multiple 'sret' parameters!", V);
2252	Check(i == 0 || i == 1,
2253	"Attribute 'sret' is not on first or second parameter!", V);
2254	SawSRet = true;
2255	}
2256
2257	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftSelf)) {
2258	Check(!SawSwiftSelf, "Cannot have multiple 'swiftself' parameters!", V);
2259	SawSwiftSelf = true;
2260	}
2261
2262	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftAsync)) {
2263	Check(!SawSwiftAsync, "Cannot have multiple 'swiftasync' parameters!", V);
2264	SawSwiftAsync = true;
2265	}
2266
2267	if (ArgAttrs.hasAttribute(Kind: Attribute::SwiftError)) {
2268	Check(!SawSwiftError, "Cannot have multiple 'swifterror' parameters!", V);
2269	SawSwiftError = true;
2270	}
2271
2272	if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca)) {
2273	Check(i == FT->getNumParams() - 1,
2274	"inalloca isn't on the last parameter!", V);
2275	}
2276	}
2277
2278	if (!Attrs.hasFnAttrs())
2279	return;
2280
2281	verifyAttributeTypes(Attrs: Attrs.getFnAttrs(), V);
2282	for (Attribute FnAttr : Attrs.getFnAttrs())
2283	Check(FnAttr.isStringAttribute() ||
2284	Attribute::canUseAsFnAttr(FnAttr.getKindAsEnum()),
2285	"Attribute '" + FnAttr.getAsString() +
2286	"' does not apply to functions!",
2287	V);
2288
2289	Check(!(Attrs.hasFnAttr(Attribute::NoInline) &&
2290	Attrs.hasFnAttr(Attribute::AlwaysInline)),
2291	"Attributes 'noinline and alwaysinline' are incompatible!", V);
2292
2293	if (Attrs.hasFnAttr(Kind: Attribute::OptimizeNone)) {
2294	Check(Attrs.hasFnAttr(Attribute::NoInline),
2295	"Attribute 'optnone' requires 'noinline'!", V);
2296
2297	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2298	"Attributes 'optsize and optnone' are incompatible!", V);
2299
2300	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2301	"Attributes 'minsize and optnone' are incompatible!", V);
2302
2303	Check(!Attrs.hasFnAttr(Attribute::OptimizeForDebugging),
2304	"Attributes 'optdebug and optnone' are incompatible!", V);
2305	}
2306
2307	Check(!(Attrs.hasFnAttr(Attribute::SanitizeRealtime) &&
2308	Attrs.hasFnAttr(Attribute::SanitizeRealtimeBlocking)),
2309	"Attributes "
2310	"'sanitize_realtime and sanitize_realtime_blocking' are incompatible!",
2311	V);
2312
2313	if (Attrs.hasFnAttr(Kind: Attribute::OptimizeForDebugging)) {
2314	Check(!Attrs.hasFnAttr(Attribute::OptimizeForSize),
2315	"Attributes 'optsize and optdebug' are incompatible!", V);
2316
2317	Check(!Attrs.hasFnAttr(Attribute::MinSize),
2318	"Attributes 'minsize and optdebug' are incompatible!", V);
2319	}
2320
2321	Check(!Attrs.hasAttrSomewhere(Attribute::Writable) ||
2322	isModSet(Attrs.getMemoryEffects().getModRef(IRMemLocation::ArgMem)),
2323	"Attribute writable and memory without argmem: write are incompatible!",
2324	V);
2325
2326	if (Attrs.hasFnAttr(Kind: "aarch64_pstate_sm_enabled")) {
2327	Check(!Attrs.hasFnAttr("aarch64_pstate_sm_compatible"),
2328	"Attributes 'aarch64_pstate_sm_enabled and "
2329	"aarch64_pstate_sm_compatible' are incompatible!",
2330	V);
2331	}
2332
2333	Check((Attrs.hasFnAttr("aarch64_new_za") + Attrs.hasFnAttr("aarch64_in_za") +
2334	Attrs.hasFnAttr("aarch64_inout_za") +
2335	Attrs.hasFnAttr("aarch64_out_za") +
2336	Attrs.hasFnAttr("aarch64_preserves_za") +
2337	Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1,
2338	"Attributes 'aarch64_new_za', 'aarch64_in_za', 'aarch64_out_za', "
2339	"'aarch64_inout_za', 'aarch64_preserves_za' and "
2340	"'aarch64_za_state_agnostic' are mutually exclusive",
2341	V);
2342
2343	Check((Attrs.hasFnAttr("aarch64_new_zt0") +
2344	Attrs.hasFnAttr("aarch64_in_zt0") +
2345	Attrs.hasFnAttr("aarch64_inout_zt0") +
2346	Attrs.hasFnAttr("aarch64_out_zt0") +
2347	Attrs.hasFnAttr("aarch64_preserves_zt0") +
2348	Attrs.hasFnAttr("aarch64_za_state_agnostic")) <= 1,
2349	"Attributes 'aarch64_new_zt0', 'aarch64_in_zt0', 'aarch64_out_zt0', "
2350	"'aarch64_inout_zt0', 'aarch64_preserves_zt0' and "
2351	"'aarch64_za_state_agnostic' are mutually exclusive",
2352	V);
2353
2354	if (Attrs.hasFnAttr(Kind: Attribute::JumpTable)) {
2355	const GlobalValue *GV = cast<GlobalValue>(Val: V);
2356	Check(GV->hasGlobalUnnamedAddr(),
2357	"Attribute 'jumptable' requires 'unnamed_addr'", V);
2358	}
2359
2360	if (auto Args = Attrs.getFnAttrs().getAllocSizeArgs()) {
2361	auto CheckParam = [&](StringRef Name, unsigned ParamNo) {
2362	if (ParamNo >= FT->getNumParams()) {
2363	CheckFailed(Message: "'allocsize' " + Name + " argument is out of bounds", V1: V);
2364	return false;
2365	}
2366
2367	if (!FT->getParamType(i: ParamNo)->isIntegerTy()) {
2368	CheckFailed(Message: "'allocsize' " + Name +
2369	" argument must refer to an integer parameter",
2370	V1: V);
2371	return false;
2372	}
2373
2374	return true;
2375	};
2376
2377	if (!CheckParam("element size", Args->first))
2378	return;
2379
2380	if (Args->second && !CheckParam("number of elements", *Args->second))
2381	return;
2382	}
2383
2384	if (Attrs.hasFnAttr(Kind: Attribute::AllocKind)) {
2385	AllocFnKind K = Attrs.getAllocKind();
2386	AllocFnKind Type =
2387	K & (AllocFnKind::Alloc | AllocFnKind::Realloc | AllocFnKind::Free);
2388	if (!is_contained(
2389	Set: {AllocFnKind::Alloc, AllocFnKind::Realloc, AllocFnKind::Free},
2390	Element: Type))
2391	CheckFailed(
2392	Message: "'allockind()' requires exactly one of alloc, realloc, and free");
2393	if ((Type == AllocFnKind::Free) &&
2394	((K & (AllocFnKind::Uninitialized | AllocFnKind::Zeroed |
2395	AllocFnKind::Aligned)) != AllocFnKind::Unknown))
2396	CheckFailed(Message: "'allockind(\"free\")' doesn't allow uninitialized, zeroed, "
2397	"or aligned modifiers.");
2398	AllocFnKind ZeroedUninit = AllocFnKind::Uninitialized | AllocFnKind::Zeroed;
2399	if ((K & ZeroedUninit) == ZeroedUninit)
2400	CheckFailed(Message: "'allockind()' can't be both zeroed and uninitialized");
2401	}
2402
2403	if (Attribute A = Attrs.getFnAttr(Kind: "alloc-variant-zeroed"); A.isValid()) {
2404	StringRef S = A.getValueAsString();
2405	Check(!S.empty(), "'alloc-variant-zeroed' must not be empty");
2406	Function *Variant = M.getFunction(Name: S);
2407	if (Variant) {
2408	Attribute Family = Attrs.getFnAttr(Kind: "alloc-family");
2409	Attribute VariantFamily = Variant->getFnAttribute(Kind: "alloc-family");
2410	if (Family.isValid())
2411	Check(VariantFamily.isValid() &&
2412	VariantFamily.getValueAsString() == Family.getValueAsString(),
2413	"'alloc-variant-zeroed' must name a function belonging to the "
2414	"same 'alloc-family'");
2415
2416	Check(Variant->hasFnAttribute(Attribute::AllocKind) &&
2417	(Variant->getFnAttribute(Attribute::AllocKind).getAllocKind() &
2418	AllocFnKind::Zeroed) != AllocFnKind::Unknown,
2419	"'alloc-variant-zeroed' must name a function with "
2420	"'allockind(\"zeroed\")'");
2421
2422	Check(FT == Variant->getFunctionType(),
2423	"'alloc-variant-zeroed' must name a function with the same "
2424	"signature");
2425	}
2426	}
2427
2428	if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange)) {
2429	unsigned VScaleMin = Attrs.getFnAttrs().getVScaleRangeMin();
2430	if (VScaleMin == 0)
2431	CheckFailed(Message: "'vscale_range' minimum must be greater than 0", V1: V);
2432	else if (!isPowerOf2_32(Value: VScaleMin))
2433	CheckFailed(Message: "'vscale_range' minimum must be power-of-two value", V1: V);
2434	std::optional<unsigned> VScaleMax = Attrs.getFnAttrs().getVScaleRangeMax();
2435	if (VScaleMax && VScaleMin > VScaleMax)
2436	CheckFailed(Message: "'vscale_range' minimum cannot be greater than maximum", V1: V);
2437	else if (VScaleMax && !isPowerOf2_32(Value: *VScaleMax))
2438	CheckFailed(Message: "'vscale_range' maximum must be power-of-two value", V1: V);
2439	}
2440
2441	if (Attribute FPAttr = Attrs.getFnAttr(Kind: "frame-pointer"); FPAttr.isValid()) {
2442	StringRef FP = FPAttr.getValueAsString();
2443	if (FP != "all" && FP != "non-leaf" && FP != "none" && FP != "reserved")
2444	CheckFailed(Message: "invalid value for 'frame-pointer' attribute: " + FP, V1: V);
2445	}
2446
2447	// Check EVEX512 feature.
2448	if (TT.isX86() && MaxParameterWidth >= 512) {
2449	Attribute TargetFeaturesAttr = Attrs.getFnAttr(Kind: "target-features");
2450	if (TargetFeaturesAttr.isValid()) {
2451	StringRef TF = TargetFeaturesAttr.getValueAsString();
2452	Check(!TF.contains("+avx512f") || !TF.contains("-evex512"),
2453	"512-bit vector arguments require 'evex512' for AVX512", V);
2454	}
2455	}
2456
2457	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-prefix", V);
2458	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "patchable-function-entry", V);
2459	if (Attrs.hasFnAttr(Kind: "patchable-function-entry-section"))
2460	Check(!Attrs.getFnAttr("patchable-function-entry-section")
2461	.getValueAsString()
2462	.empty(),
2463	"\"patchable-function-entry-section\" must not be empty");
2464	checkUnsignedBaseTenFuncAttr(Attrs, Attr: "warn-stack-size", V);
2465
2466	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address"); A.isValid()) {
2467	StringRef S = A.getValueAsString();
2468	if (S != "none" && S != "all" && S != "non-leaf")
2469	CheckFailed(Message: "invalid value for 'sign-return-address' attribute: " + S, V1: V);
2470	}
2471
2472	if (auto A = Attrs.getFnAttr(Kind: "sign-return-address-key"); A.isValid()) {
2473	StringRef S = A.getValueAsString();
2474	if (S != "a_key" && S != "b_key")
2475	CheckFailed(Message: "invalid value for 'sign-return-address-key' attribute: " + S,
2476	V1: V);
2477	if (auto AA = Attrs.getFnAttr(Kind: "sign-return-address"); !AA.isValid()) {
2478	CheckFailed(
2479	Message: "'sign-return-address-key' present without `sign-return-address`");
2480	}
2481	}
2482
2483	if (auto A = Attrs.getFnAttr(Kind: "branch-target-enforcement"); A.isValid()) {
2484	StringRef S = A.getValueAsString();
2485	if (S != "" && S != "true" && S != "false")
2486	CheckFailed(
2487	Message: "invalid value for 'branch-target-enforcement' attribute: " + S, V1: V);
2488	}
2489
2490	if (auto A = Attrs.getFnAttr(Kind: "branch-protection-pauth-lr"); A.isValid()) {
2491	StringRef S = A.getValueAsString();
2492	if (S != "" && S != "true" && S != "false")
2493	CheckFailed(
2494	Message: "invalid value for 'branch-protection-pauth-lr' attribute: " + S, V1: V);
2495	}
2496
2497	if (auto A = Attrs.getFnAttr(Kind: "guarded-control-stack"); A.isValid()) {
2498	StringRef S = A.getValueAsString();
2499	if (S != "" && S != "true" && S != "false")
2500	CheckFailed(Message: "invalid value for 'guarded-control-stack' attribute: " + S,
2501	V1: V);
2502	}
2503
2504	if (auto A = Attrs.getFnAttr(Kind: "vector-function-abi-variant"); A.isValid()) {
2505	StringRef S = A.getValueAsString();
2506	const std::optional<VFInfo> Info = VFABI::tryDemangleForVFABI(MangledName: S, FTy: FT);
2507	if (!Info)
2508	CheckFailed(Message: "invalid name for a VFABI variant: " + S, V1: V);
2509	}
2510
2511	if (auto A = Attrs.getFnAttr(Kind: "denormal-fp-math"); A.isValid()) {
2512	StringRef S = A.getValueAsString();
2513	if (!parseDenormalFPAttribute(Str: S).isValid())
2514	CheckFailed(Message: "invalid value for 'denormal-fp-math' attribute: " + S, V1: V);
2515	}
2516
2517	if (auto A = Attrs.getFnAttr(Kind: "denormal-fp-math-f32"); A.isValid()) {
2518	StringRef S = A.getValueAsString();
2519	if (!parseDenormalFPAttribute(Str: S).isValid())
2520	CheckFailed(Message: "invalid value for 'denormal-fp-math-f32' attribute: " + S,
2521	V1: V);
2522	}
2523	}
2524
2525	void Verifier::verifyFunctionMetadata(
2526	ArrayRef<std::pair<unsigned, MDNode *>> MDs) {
2527	for (const auto &Pair : MDs) {
2528	if (Pair.first == LLVMContext::MD_prof) {
2529	MDNode *MD = Pair.second;
2530	if (isExplicitlyUnknownBranchWeightsMetadata(MD: *MD)) {
2531	CheckFailed(Message: "'unknown' !prof metadata should appear only on "
2532	"instructions supporting the 'branch_weights' metadata",
2533	V1: MD);
2534	continue;
2535	}
2536	Check(MD->getNumOperands() >= 2,
2537	"!prof annotations should have no less than 2 operands", MD);
2538
2539	// Check first operand.
2540	Check(MD->getOperand(0) != nullptr, "first operand should not be null",
2541	MD);
2542	Check(isa<MDString>(MD->getOperand(0)),
2543	"expected string with name of the !prof annotation", MD);
2544	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
2545	StringRef ProfName = MDS->getString();
2546	Check(ProfName == MDProfLabels::FunctionEntryCount ||
2547	ProfName == MDProfLabels::SyntheticFunctionEntryCount,
2548	"first operand should be 'function_entry_count'"
2549	" or 'synthetic_function_entry_count'",
2550	MD);
2551
2552	// Check second operand.
2553	Check(MD->getOperand(1) != nullptr, "second operand should not be null",
2554	MD);
2555	Check(isa<ConstantAsMetadata>(MD->getOperand(1)),
2556	"expected integer argument to function_entry_count", MD);
2557	} else if (Pair.first == LLVMContext::MD_kcfi_type) {
2558	MDNode *MD = Pair.second;
2559	Check(MD->getNumOperands() == 1,
2560	"!kcfi_type must have exactly one operand", MD);
2561	Check(MD->getOperand(0) != nullptr, "!kcfi_type operand must not be null",
2562	MD);
2563	Check(isa<ConstantAsMetadata>(MD->getOperand(0)),
2564	"expected a constant operand for !kcfi_type", MD);
2565	Constant *C = cast<ConstantAsMetadata>(Val: MD->getOperand(I: 0))->getValue();
2566	Check(isa<ConstantInt>(C) && isa<IntegerType>(C->getType()),
2567	"expected a constant integer operand for !kcfi_type", MD);
2568	Check(cast<ConstantInt>(C)->getBitWidth() == 32,
2569	"expected a 32-bit integer constant operand for !kcfi_type", MD);
2570	}
2571	}
2572	}
2573
2574	void Verifier::visitConstantExprsRecursively(const Constant *EntryC) {
2575	if (!ConstantExprVisited.insert(Ptr: EntryC).second)
2576	return;
2577
2578	SmallVector<const Constant *, 16> Stack;
2579	Stack.push_back(Elt: EntryC);
2580
2581	while (!Stack.empty()) {
2582	const Constant *C = Stack.pop_back_val();
2583
2584	// Check this constant expression.
2585	if (const auto *CE = dyn_cast<ConstantExpr>(Val: C))
2586	visitConstantExpr(CE);
2587
2588	if (const auto *CPA = dyn_cast<ConstantPtrAuth>(Val: C))
2589	visitConstantPtrAuth(CPA);
2590
2591	if (const auto *GV = dyn_cast<GlobalValue>(Val: C)) {
2592	// Global Values get visited separately, but we do need to make sure
2593	// that the global value is in the correct module
2594	Check(GV->getParent() == &M, "Referencing global in another module!",
2595	EntryC, &M, GV, GV->getParent());
2596	continue;
2597	}
2598
2599	// Visit all sub-expressions.
2600	for (const Use &U : C->operands()) {
2601	const auto *OpC = dyn_cast<Constant>(Val: U);
2602	if (!OpC)
2603	continue;
2604	if (!ConstantExprVisited.insert(Ptr: OpC).second)
2605	continue;
2606	Stack.push_back(Elt: OpC);
2607	}
2608	}
2609	}
2610
2611	void Verifier::visitConstantExpr(const ConstantExpr *CE) {
2612	if (CE->getOpcode() == Instruction::BitCast)
2613	Check(CastInst::castIsValid(Instruction::BitCast, CE->getOperand(0),
2614	CE->getType()),
2615	"Invalid bitcast", CE);
2616	}
2617
2618	void Verifier::visitConstantPtrAuth(const ConstantPtrAuth *CPA) {
2619	Check(CPA->getPointer()->getType()->isPointerTy(),
2620	"signed ptrauth constant base pointer must have pointer type");
2621
2622	Check(CPA->getType() == CPA->getPointer()->getType(),
2623	"signed ptrauth constant must have same type as its base pointer");
2624
2625	Check(CPA->getKey()->getBitWidth() == 32,
2626	"signed ptrauth constant key must be i32 constant integer");
2627
2628	Check(CPA->getAddrDiscriminator()->getType()->isPointerTy(),
2629	"signed ptrauth constant address discriminator must be a pointer");
2630
2631	Check(CPA->getDiscriminator()->getBitWidth() == 64,
2632	"signed ptrauth constant discriminator must be i64 constant integer");
2633	}
2634
2635	bool Verifier::verifyAttributeCount(AttributeList Attrs, unsigned Params) {
2636	// There shouldn't be more attribute sets than there are parameters plus the
2637	// function and return value.
2638	return Attrs.getNumAttrSets() <= Params + 2;
2639	}
2640
2641	void Verifier::verifyInlineAsmCall(const CallBase &Call) {
2642	const InlineAsm *IA = cast<InlineAsm>(Val: Call.getCalledOperand());
2643	unsigned ArgNo = 0;
2644	unsigned LabelNo = 0;
2645	for (const InlineAsm::ConstraintInfo &CI : IA->ParseConstraints()) {
2646	if (CI.Type == InlineAsm::isLabel) {
2647	++LabelNo;
2648	continue;
2649	}
2650
2651	// Only deal with constraints that correspond to call arguments.
2652	if (!CI.hasArg())
2653	continue;
2654
2655	if (CI.isIndirect) {
2656	const Value *Arg = Call.getArgOperand(i: ArgNo);
2657	Check(Arg->getType()->isPointerTy(),
2658	"Operand for indirect constraint must have pointer type", &Call);
2659
2660	Check(Call.getParamElementType(ArgNo),
2661	"Operand for indirect constraint must have elementtype attribute",
2662	&Call);
2663	} else {
2664	Check(!Call.paramHasAttr(ArgNo, Attribute::ElementType),
2665	"Elementtype attribute can only be applied for indirect "
2666	"constraints",
2667	&Call);
2668	}
2669
2670	ArgNo++;
2671	}
2672
2673	if (auto *CallBr = dyn_cast<CallBrInst>(Val: &Call)) {
2674	Check(LabelNo == CallBr->getNumIndirectDests(),
2675	"Number of label constraints does not match number of callbr dests",
2676	&Call);
2677	} else {
2678	Check(LabelNo == 0, "Label constraints can only be used with callbr",
2679	&Call);
2680	}
2681	}
2682
2683	/// Verify that statepoint intrinsic is well formed.
2684	void Verifier::verifyStatepoint(const CallBase &Call) {
2685	assert(Call.getIntrinsicID() == Intrinsic::experimental_gc_statepoint);
2686
2687	Check(!Call.doesNotAccessMemory() && !Call.onlyReadsMemory() &&
2688	!Call.onlyAccessesArgMemory(),
2689	"gc.statepoint must read and write all memory to preserve "
2690	"reordering restrictions required by safepoint semantics",
2691	Call);
2692
2693	const int64_t NumPatchBytes =
2694	cast<ConstantInt>(Val: Call.getArgOperand(i: 1))->getSExtValue();
2695	assert(isInt<32>(NumPatchBytes) && "NumPatchBytesV is an i32!");
2696	Check(NumPatchBytes >= 0,
2697	"gc.statepoint number of patchable bytes must be "
2698	"positive",
2699	Call);
2700
2701	Type *TargetElemType = Call.getParamElementType(ArgNo: 2);
2702	Check(TargetElemType,
2703	"gc.statepoint callee argument must have elementtype attribute", Call);
2704	FunctionType *TargetFuncType = dyn_cast<FunctionType>(Val: TargetElemType);
2705	Check(TargetFuncType,
2706	"gc.statepoint callee elementtype must be function type", Call);
2707
2708	const int NumCallArgs = cast<ConstantInt>(Val: Call.getArgOperand(i: 3))->getZExtValue();
2709	Check(NumCallArgs >= 0,
2710	"gc.statepoint number of arguments to underlying call "
2711	"must be positive",
2712	Call);
2713	const int NumParams = (int)TargetFuncType->getNumParams();
2714	if (TargetFuncType->isVarArg()) {
2715	Check(NumCallArgs >= NumParams,
2716	"gc.statepoint mismatch in number of vararg call args", Call);
2717
2718	// TODO: Remove this limitation
2719	Check(TargetFuncType->getReturnType()->isVoidTy(),
2720	"gc.statepoint doesn't support wrapping non-void "
2721	"vararg functions yet",
2722	Call);
2723	} else
2724	Check(NumCallArgs == NumParams,
2725	"gc.statepoint mismatch in number of call args", Call);
2726
2727	const uint64_t Flags
2728	= cast<ConstantInt>(Val: Call.getArgOperand(i: 4))->getZExtValue();
2729	Check((Flags & ~(uint64_t)StatepointFlags::MaskAll) == 0,
2730	"unknown flag used in gc.statepoint flags argument", Call);
2731
2732	// Verify that the types of the call parameter arguments match
2733	// the type of the wrapped callee.
2734	AttributeList Attrs = Call.getAttributes();
2735	for (int i = 0; i < NumParams; i++) {
2736	Type *ParamType = TargetFuncType->getParamType(i);
2737	Type *ArgType = Call.getArgOperand(i: 5 + i)->getType();
2738	Check(ArgType == ParamType,
2739	"gc.statepoint call argument does not match wrapped "
2740	"function type",
2741	Call);
2742
2743	if (TargetFuncType->isVarArg()) {
2744	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: 5 + i);
2745	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
2746	"Attribute 'sret' cannot be used for vararg call arguments!", Call);
2747	}
2748	}
2749
2750	const int EndCallArgsInx = 4 + NumCallArgs;
2751
2752	const Value *NumTransitionArgsV = Call.getArgOperand(i: EndCallArgsInx + 1);
2753	Check(isa<ConstantInt>(NumTransitionArgsV),
2754	"gc.statepoint number of transition arguments "
2755	"must be constant integer",
2756	Call);
2757	const int NumTransitionArgs =
2758	cast<ConstantInt>(Val: NumTransitionArgsV)->getZExtValue();
2759	Check(NumTransitionArgs == 0,
2760	"gc.statepoint w/inline transition bundle is deprecated", Call);
2761	const int EndTransitionArgsInx = EndCallArgsInx + 1 + NumTransitionArgs;
2762
2763	const Value *NumDeoptArgsV = Call.getArgOperand(i: EndTransitionArgsInx + 1);
2764	Check(isa<ConstantInt>(NumDeoptArgsV),
2765	"gc.statepoint number of deoptimization arguments "
2766	"must be constant integer",
2767	Call);
2768	const int NumDeoptArgs = cast<ConstantInt>(Val: NumDeoptArgsV)->getZExtValue();
2769	Check(NumDeoptArgs == 0,
2770	"gc.statepoint w/inline deopt operands is deprecated", Call);
2771
2772	const int ExpectedNumArgs = 7 + NumCallArgs;
2773	Check(ExpectedNumArgs == (int)Call.arg_size(),
2774	"gc.statepoint too many arguments", Call);
2775
2776	// Check that the only uses of this gc.statepoint are gc.result or
2777	// gc.relocate calls which are tied to this statepoint and thus part
2778	// of the same statepoint sequence
2779	for (const User *U : Call.users()) {
2780	const CallInst *UserCall = dyn_cast<const CallInst>(Val: U);
2781	Check(UserCall, "illegal use of statepoint token", Call, U);
2782	if (!UserCall)
2783	continue;
2784	Check(isa<GCRelocateInst>(UserCall) || isa<GCResultInst>(UserCall),
2785	"gc.result or gc.relocate are the only value uses "
2786	"of a gc.statepoint",
2787	Call, U);
2788	if (isa<GCResultInst>(Val: UserCall)) {
2789	Check(UserCall->getArgOperand(0) == &Call,
2790	"gc.result connected to wrong gc.statepoint", Call, UserCall);
2791	} else if (isa<GCRelocateInst>(Val: Call)) {
2792	Check(UserCall->getArgOperand(0) == &Call,
2793	"gc.relocate connected to wrong gc.statepoint", Call, UserCall);
2794	}
2795	}
2796
2797	// Note: It is legal for a single derived pointer to be listed multiple
2798	// times. It's non-optimal, but it is legal. It can also happen after
2799	// insertion if we strip a bitcast away.
2800	// Note: It is really tempting to check that each base is relocated and
2801	// that a derived pointer is never reused as a base pointer. This turns
2802	// out to be problematic since optimizations run after safepoint insertion
2803	// can recognize equality properties that the insertion logic doesn't know
2804	// about. See example statepoint.ll in the verifier subdirectory
2805	}
2806
2807	void Verifier::verifyFrameRecoverIndices() {
2808	for (auto &Counts : FrameEscapeInfo) {
2809	Function *F = Counts.first;
2810	unsigned EscapedObjectCount = Counts.second.first;
2811	unsigned MaxRecoveredIndex = Counts.second.second;
2812	Check(MaxRecoveredIndex <= EscapedObjectCount,
2813	"all indices passed to llvm.localrecover must be less than the "
2814	"number of arguments passed to llvm.localescape in the parent "
2815	"function",
2816	F);
2817	}
2818	}
2819
2820	static Instruction *getSuccPad(Instruction *Terminator) {
2821	BasicBlock *UnwindDest;
2822	if (auto *II = dyn_cast<InvokeInst>(Val: Terminator))
2823	UnwindDest = II->getUnwindDest();
2824	else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: Terminator))
2825	UnwindDest = CSI->getUnwindDest();
2826	else
2827	UnwindDest = cast<CleanupReturnInst>(Val: Terminator)->getUnwindDest();
2828	return &*UnwindDest->getFirstNonPHIIt();
2829	}
2830
2831	void Verifier::verifySiblingFuncletUnwinds() {
2832	SmallPtrSet<Instruction *, 8> Visited;
2833	SmallPtrSet<Instruction *, 8> Active;
2834	for (const auto &Pair : SiblingFuncletInfo) {
2835	Instruction *PredPad = Pair.first;
2836	if (Visited.count(Ptr: PredPad))
2837	continue;
2838	Active.insert(Ptr: PredPad);
2839	Instruction *Terminator = Pair.second;
2840	do {
2841	Instruction *SuccPad = getSuccPad(Terminator);
2842	if (Active.count(Ptr: SuccPad)) {
2843	// Found a cycle; report error
2844	Instruction *CyclePad = SuccPad;
2845	SmallVector<Instruction *, 8> CycleNodes;
2846	do {
2847	CycleNodes.push_back(Elt: CyclePad);
2848	Instruction *CycleTerminator = SiblingFuncletInfo[CyclePad];
2849	if (CycleTerminator != CyclePad)
2850	CycleNodes.push_back(Elt: CycleTerminator);
2851	CyclePad = getSuccPad(Terminator: CycleTerminator);
2852	} while (CyclePad != SuccPad);
2853	Check(false, "EH pads can't handle each other's exceptions",
2854	ArrayRef<Instruction *>(CycleNodes));
2855	}
2856	// Don't re-walk a node we've already checked
2857	if (!Visited.insert(Ptr: SuccPad).second)
2858	break;
2859	// Walk to this successor if it has a map entry.
2860	PredPad = SuccPad;
2861	auto TermI = SiblingFuncletInfo.find(Key: PredPad);
2862	if (TermI == SiblingFuncletInfo.end())
2863	break;
2864	Terminator = TermI->second;
2865	Active.insert(Ptr: PredPad);
2866	} while (true);
2867	// Each node only has one successor, so we've walked all the active
2868	// nodes' successors.
2869	Active.clear();
2870	}
2871	}
2872
2873	// visitFunction - Verify that a function is ok.
2874	//
2875	void Verifier::visitFunction(const Function &F) {
2876	visitGlobalValue(GV: F);
2877
2878	// Check function arguments.
2879	FunctionType *FT = F.getFunctionType();
2880	unsigned NumArgs = F.arg_size();
2881
2882	Check(&Context == &F.getContext(),
2883	"Function context does not match Module context!", &F);
2884
2885	Check(!F.hasCommonLinkage(), "Functions may not have common linkage", &F);
2886	Check(FT->getNumParams() == NumArgs,
2887	"# formal arguments must match # of arguments for function type!", &F,
2888	FT);
2889	Check(F.getReturnType()->isFirstClassType() ||
2890	F.getReturnType()->isVoidTy() || F.getReturnType()->isStructTy(),
2891	"Functions cannot return aggregate values!", &F);
2892
2893	Check(!F.hasStructRetAttr() || F.getReturnType()->isVoidTy(),
2894	"Invalid struct return type!", &F);
2895
2896	if (MaybeAlign A = F.getAlign()) {
2897	Check(A->value() <= Value::MaximumAlignment,
2898	"huge alignment values are unsupported", &F);
2899	}
2900
2901	AttributeList Attrs = F.getAttributes();
2902
2903	Check(verifyAttributeCount(Attrs, FT->getNumParams()),
2904	"Attribute after last parameter!", &F);
2905
2906	bool IsIntrinsic = F.isIntrinsic();
2907
2908	// Check function attributes.
2909	verifyFunctionAttrs(FT, Attrs, V: &F, IsIntrinsic, /* IsInlineAsm */ false);
2910
2911	// On function declarations/definitions, we do not support the builtin
2912	// attribute. We do not check this in VerifyFunctionAttrs since that is
2913	// checking for Attributes that can/can not ever be on functions.
2914	Check(!Attrs.hasFnAttr(Attribute::Builtin),
2915	"Attribute 'builtin' can only be applied to a callsite.", &F);
2916
2917	Check(!Attrs.hasAttrSomewhere(Attribute::ElementType),
2918	"Attribute 'elementtype' can only be applied to a callsite.", &F);
2919
2920	Check(!Attrs.hasFnAttr("aarch64_zt0_undef"),
2921	"Attribute 'aarch64_zt0_undef' can only be applied to a callsite.");
2922
2923	if (Attrs.hasFnAttr(Kind: Attribute::Naked))
2924	for (const Argument &Arg : F.args())
2925	Check(Arg.use_empty(), "cannot use argument of naked function", &Arg);
2926
2927	// Check that this function meets the restrictions on this calling convention.
2928	// Sometimes varargs is used for perfectly forwarding thunks, so some of these
2929	// restrictions can be lifted.
2930	switch (F.getCallingConv()) {
2931	default:
2932	case CallingConv::C:
2933	break;
2934	case CallingConv::X86_INTR: {
2935	Check(F.arg_empty() || Attrs.hasParamAttr(0, Attribute::ByVal),
2936	"Calling convention parameter requires byval", &F);
2937	break;
2938	}
2939	case CallingConv::AMDGPU_KERNEL:
2940	case CallingConv::SPIR_KERNEL:
2941	case CallingConv::AMDGPU_CS_Chain:
2942	case CallingConv::AMDGPU_CS_ChainPreserve:
2943	Check(F.getReturnType()->isVoidTy(),
2944	"Calling convention requires void return type", &F);
2945	[[fallthrough]];
2946	case CallingConv::AMDGPU_VS:
2947	case CallingConv::AMDGPU_HS:
2948	case CallingConv::AMDGPU_GS:
2949	case CallingConv::AMDGPU_PS:
2950	case CallingConv::AMDGPU_CS:
2951	Check(!F.hasStructRetAttr(), "Calling convention does not allow sret", &F);
2952	if (F.getCallingConv() != CallingConv::SPIR_KERNEL) {
2953	const unsigned StackAS = DL.getAllocaAddrSpace();
2954	unsigned i = 0;
2955	for (const Argument &Arg : F.args()) {
2956	Check(!Attrs.hasParamAttr(i, Attribute::ByVal),
2957	"Calling convention disallows byval", &F);
2958	Check(!Attrs.hasParamAttr(i, Attribute::Preallocated),
2959	"Calling convention disallows preallocated", &F);
2960	Check(!Attrs.hasParamAttr(i, Attribute::InAlloca),
2961	"Calling convention disallows inalloca", &F);
2962
2963	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ByRef)) {
2964	// FIXME: Should also disallow LDS and GDS, but we don't have the enum
2965	// value here.
2966	Check(Arg.getType()->getPointerAddressSpace() != StackAS,
2967	"Calling convention disallows stack byref", &F);
2968	}
2969
2970	++i;
2971	}
2972	}
2973
2974	[[fallthrough]];
2975	case CallingConv::Fast:
2976	case CallingConv::Cold:
2977	case CallingConv::Intel_OCL_BI:
2978	case CallingConv::PTX_Kernel:
2979	case CallingConv::PTX_Device:
2980	Check(!F.isVarArg(),
2981	"Calling convention does not support varargs or "
2982	"perfect forwarding!",
2983	&F);
2984	break;
2985	}
2986
2987	// Check that the argument values match the function type for this function...
2988	unsigned i = 0;
2989	for (const Argument &Arg : F.args()) {
2990	Check(Arg.getType() == FT->getParamType(i),
2991	"Argument value does not match function argument type!", &Arg,
2992	FT->getParamType(i));
2993	Check(Arg.getType()->isFirstClassType(),
2994	"Function arguments must have first-class types!", &Arg);
2995	if (!IsIntrinsic) {
2996	Check(!Arg.getType()->isMetadataTy(),
2997	"Function takes metadata but isn't an intrinsic", &Arg, &F);
2998	Check(!Arg.getType()->isTokenTy(),
2999	"Function takes token but isn't an intrinsic", &Arg, &F);
3000	Check(!Arg.getType()->isX86_AMXTy(),
3001	"Function takes x86_amx but isn't an intrinsic", &Arg, &F);
3002	}
3003
3004	// Check that swifterror argument is only used by loads and stores.
3005	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3006	verifySwiftErrorValue(SwiftErrorVal: &Arg);
3007	}
3008	++i;
3009	}
3010
3011	if (!IsIntrinsic) {
3012	Check(!F.getReturnType()->isTokenTy(),
3013	"Function returns a token but isn't an intrinsic", &F);
3014	Check(!F.getReturnType()->isX86_AMXTy(),
3015	"Function returns a x86_amx but isn't an intrinsic", &F);
3016	}
3017
3018	// Get the function metadata attachments.
3019	SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
3020	F.getAllMetadata(MDs);
3021	assert(F.hasMetadata() != MDs.empty() && "Bit out-of-sync");
3022	verifyFunctionMetadata(MDs);
3023
3024	// Check validity of the personality function
3025	if (F.hasPersonalityFn()) {
3026	auto *Per = dyn_cast<Function>(Val: F.getPersonalityFn()->stripPointerCasts());
3027	if (Per)
3028	Check(Per->getParent() == F.getParent(),
3029	"Referencing personality function in another module!", &F,
3030	F.getParent(), Per, Per->getParent());
3031	}
3032
3033	// EH funclet coloring can be expensive, recompute on-demand
3034	BlockEHFuncletColors.clear();
3035
3036	if (F.isMaterializable()) {
3037	// Function has a body somewhere we can't see.
3038	Check(MDs.empty(), "unmaterialized function cannot have metadata", &F,
3039	MDs.empty() ? nullptr : MDs.front().second);
3040	} else if (F.isDeclaration()) {
3041	for (const auto &I : MDs) {
3042	// This is used for call site debug information.
3043	CheckDI(I.first != LLVMContext::MD_dbg ||
3044	!cast<DISubprogram>(I.second)->isDistinct(),
3045	"function declaration may only have a unique !dbg attachment",
3046	&F);
3047	Check(I.first != LLVMContext::MD_prof,
3048	"function declaration may not have a !prof attachment", &F);
3049
3050	// Verify the metadata itself.
3051	visitMDNode(MD: *I.second, AllowLocs: AreDebugLocsAllowed::Yes);
3052	}
3053	Check(!F.hasPersonalityFn(),
3054	"Function declaration shouldn't have a personality routine", &F);
3055	} else {
3056	// Verify that this function (which has a body) is not named "llvm.*". It
3057	// is not legal to define intrinsics.
3058	Check(!IsIntrinsic, "llvm intrinsics cannot be defined!", &F);
3059
3060	// Check the entry node
3061	const BasicBlock *Entry = &F.getEntryBlock();
3062	Check(pred_empty(Entry),
3063	"Entry block to function must not have predecessors!", Entry);
3064
3065	// The address of the entry block cannot be taken, unless it is dead.
3066	if (Entry->hasAddressTaken()) {
3067	Check(!BlockAddress::lookup(Entry)->isConstantUsed(),
3068	"blockaddress may not be used with the entry block!", Entry);
3069	}
3070
3071	unsigned NumDebugAttachments = 0, NumProfAttachments = 0,
3072	NumKCFIAttachments = 0;
3073	// Visit metadata attachments.
3074	for (const auto &I : MDs) {
3075	// Verify that the attachment is legal.
3076	auto AllowLocs = AreDebugLocsAllowed::No;
3077	switch (I.first) {
3078	default:
3079	break;
3080	case LLVMContext::MD_dbg: {
3081	++NumDebugAttachments;
3082	CheckDI(NumDebugAttachments == 1,
3083	"function must have a single !dbg attachment", &F, I.second);
3084	CheckDI(isa<DISubprogram>(I.second),
3085	"function !dbg attachment must be a subprogram", &F, I.second);
3086	CheckDI(cast<DISubprogram>(I.second)->isDistinct(),
3087	"function definition may only have a distinct !dbg attachment",
3088	&F);
3089
3090	auto *SP = cast<DISubprogram>(Val: I.second);
3091	const Function *&AttachedTo = DISubprogramAttachments[SP];
3092	CheckDI(!AttachedTo || AttachedTo == &F,
3093	"DISubprogram attached to more than one function", SP, &F);
3094	AttachedTo = &F;
3095	AllowLocs = AreDebugLocsAllowed::Yes;
3096	break;
3097	}
3098	case LLVMContext::MD_prof:
3099	++NumProfAttachments;
3100	Check(NumProfAttachments == 1,
3101	"function must have a single !prof attachment", &F, I.second);
3102	break;
3103	case LLVMContext::MD_kcfi_type:
3104	++NumKCFIAttachments;
3105	Check(NumKCFIAttachments == 1,
3106	"function must have a single !kcfi_type attachment", &F,
3107	I.second);
3108	break;
3109	}
3110
3111	// Verify the metadata itself.
3112	visitMDNode(MD: *I.second, AllowLocs);
3113	}
3114	}
3115
3116	// If this function is actually an intrinsic, verify that it is only used in
3117	// direct call/invokes, never having its "address taken".
3118	// Only do this if the module is materialized, otherwise we don't have all the
3119	// uses.
3120	if (F.isIntrinsic() && F.getParent()->isMaterialized()) {
3121	const User *U;
3122	if (F.hasAddressTaken(&U, IgnoreCallbackUses: false, IgnoreAssumeLikeCalls: true, IngoreLLVMUsed: false,
3123	/*IgnoreARCAttachedCall=*/true))
3124	Check(false, "Invalid user of intrinsic instruction!", U);
3125	}
3126
3127	// Check intrinsics' signatures.
3128	switch (F.getIntrinsicID()) {
3129	case Intrinsic::experimental_gc_get_pointer_base: {
3130	FunctionType *FT = F.getFunctionType();
3131	Check(FT->getNumParams() == 1, "wrong number of parameters", F);
3132	Check(isa<PointerType>(F.getReturnType()),
3133	"gc.get.pointer.base must return a pointer", F);
3134	Check(FT->getParamType(0) == F.getReturnType(),
3135	"gc.get.pointer.base operand and result must be of the same type", F);
3136	break;
3137	}
3138	case Intrinsic::experimental_gc_get_pointer_offset: {
3139	FunctionType *FT = F.getFunctionType();
3140	Check(FT->getNumParams() == 1, "wrong number of parameters", F);
3141	Check(isa<PointerType>(FT->getParamType(0)),
3142	"gc.get.pointer.offset operand must be a pointer", F);
3143	Check(F.getReturnType()->isIntegerTy(),
3144	"gc.get.pointer.offset must return integer", F);
3145	break;
3146	}
3147	}
3148
3149	auto *N = F.getSubprogram();
3150	HasDebugInfo = (N != nullptr);
3151	if (!HasDebugInfo)
3152	return;
3153
3154	// Check that all !dbg attachments lead to back to N.
3155	//
3156	// FIXME: Check this incrementally while visiting !dbg attachments.
3157	// FIXME: Only check when N is the canonical subprogram for F.
3158	SmallPtrSet<const MDNode *, 32> Seen;
3159	auto VisitDebugLoc = [&](const Instruction &I, const MDNode *Node) {
3160	// Be careful about using DILocation here since we might be dealing with
3161	// broken code (this is the Verifier after all).
3162	const DILocation *DL = dyn_cast_or_null<DILocation>(Val: Node);
3163	if (!DL)
3164	return;
3165	if (!Seen.insert(Ptr: DL).second)
3166	return;
3167
3168	Metadata *Parent = DL->getRawScope();
3169	CheckDI(Parent && isa<DILocalScope>(Parent),
3170	"DILocation's scope must be a DILocalScope", N, &F, &I, DL, Parent);
3171
3172	DILocalScope *Scope = DL->getInlinedAtScope();
3173	Check(Scope, "Failed to find DILocalScope", DL);
3174
3175	if (!Seen.insert(Ptr: Scope).second)
3176	return;
3177
3178	DISubprogram *SP = Scope->getSubprogram();
3179
3180	// Scope and SP could be the same MDNode and we don't want to skip
3181	// validation in that case
3182	if (SP && ((Scope != SP) && !Seen.insert(Ptr: SP).second))
3183	return;
3184
3185	CheckDI(SP->describes(&F),
3186	"!dbg attachment points at wrong subprogram for function", N, &F,
3187	&I, DL, Scope, SP);
3188	};
3189	for (auto &BB : F)
3190	for (auto &I : BB) {
3191	VisitDebugLoc(I, I.getDebugLoc().getAsMDNode());
3192	// The llvm.loop annotations also contain two DILocations.
3193	if (auto MD = I.getMetadata(KindID: LLVMContext::MD_loop))
3194	for (unsigned i = 1; i < MD->getNumOperands(); ++i)
3195	VisitDebugLoc(I, dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: i)));
3196	if (BrokenDebugInfo)
3197	return;
3198	}
3199	}
3200
3201	// verifyBasicBlock - Verify that a basic block is well formed...
3202	//
3203	void Verifier::visitBasicBlock(BasicBlock &BB) {
3204	InstsInThisBlock.clear();
3205	ConvergenceVerifyHelper.visit(BB);
3206
3207	// Ensure that basic blocks have terminators!
3208	Check(BB.getTerminator(), "Basic Block does not have terminator!", &BB);
3209
3210	// Check constraints that this basic block imposes on all of the PHI nodes in
3211	// it.
3212	if (isa<PHINode>(Val: BB.front())) {
3213	SmallVector<BasicBlock *, 8> Preds(predecessors(BB: &BB));
3214	SmallVector<std::pair<BasicBlock*, Value*>, 8> Values;
3215	llvm::sort(C&: Preds);
3216	for (const PHINode &PN : BB.phis()) {
3217	Check(PN.getNumIncomingValues() == Preds.size(),
3218	"PHINode should have one entry for each predecessor of its "
3219	"parent basic block!",
3220	&PN);
3221
3222	// Get and sort all incoming values in the PHI node...
3223	Values.clear();
3224	Values.reserve(N: PN.getNumIncomingValues());
3225	for (unsigned i = 0, e = PN.getNumIncomingValues(); i != e; ++i)
3226	Values.push_back(
3227	Elt: std::make_pair(x: PN.getIncomingBlock(i), y: PN.getIncomingValue(i)));
3228	llvm::sort(C&: Values);
3229
3230	for (unsigned i = 0, e = Values.size(); i != e; ++i) {
3231	// Check to make sure that if there is more than one entry for a
3232	// particular basic block in this PHI node, that the incoming values are
3233	// all identical.
3234	//
3235	Check(i == 0 || Values[i].first != Values[i - 1].first ||
3236	Values[i].second == Values[i - 1].second,
3237	"PHI node has multiple entries for the same basic block with "
3238	"different incoming values!",
3239	&PN, Values[i].first, Values[i].second, Values[i - 1].second);
3240
3241	// Check to make sure that the predecessors and PHI node entries are
3242	// matched up.
3243	Check(Values[i].first == Preds[i],
3244	"PHI node entries do not match predecessors!", &PN,
3245	Values[i].first, Preds[i]);
3246	}
3247	}
3248	}
3249
3250	// Check that all instructions have their parent pointers set up correctly.
3251	for (auto &I : BB)
3252	{
3253	Check(I.getParent() == &BB, "Instruction has bogus parent pointer!");
3254	}
3255
3256	// Confirm that no issues arise from the debug program.
3257	CheckDI(!BB.getTrailingDbgRecords(), "Basic Block has trailing DbgRecords!",
3258	&BB);
3259	}
3260
3261	void Verifier::visitTerminator(Instruction &I) {
3262	// Ensure that terminators only exist at the end of the basic block.
3263	Check(&I == I.getParent()->getTerminator(),
3264	"Terminator found in the middle of a basic block!", I.getParent());
3265	visitInstruction(I);
3266	}
3267
3268	void Verifier::visitBranchInst(BranchInst &BI) {
3269	if (BI.isConditional()) {
3270	Check(BI.getCondition()->getType()->isIntegerTy(1),
3271	"Branch condition is not 'i1' type!", &BI, BI.getCondition());
3272	}
3273	visitTerminator(I&: BI);
3274	}
3275
3276	void Verifier::visitReturnInst(ReturnInst &RI) {
3277	Function *F = RI.getParent()->getParent();
3278	unsigned N = RI.getNumOperands();
3279	if (F->getReturnType()->isVoidTy())
3280	Check(N == 0,
3281	"Found return instr that returns non-void in Function of void "
3282	"return type!",
3283	&RI, F->getReturnType());
3284	else
3285	Check(N == 1 && F->getReturnType() == RI.getOperand(0)->getType(),
3286	"Function return type does not match operand "
3287	"type of return inst!",
3288	&RI, F->getReturnType());
3289
3290	// Check to make sure that the return value has necessary properties for
3291	// terminators...
3292	visitTerminator(I&: RI);
3293	}
3294
3295	void Verifier::visitSwitchInst(SwitchInst &SI) {
3296	Check(SI.getType()->isVoidTy(), "Switch must have void result type!", &SI);
3297	// Check to make sure that all of the constants in the switch instruction
3298	// have the same type as the switched-on value.
3299	Type *SwitchTy = SI.getCondition()->getType();
3300	SmallPtrSet<ConstantInt*, 32> Constants;
3301	for (auto &Case : SI.cases()) {
3302	Check(isa<ConstantInt>(SI.getOperand(Case.getCaseIndex() * 2 + 2)),
3303	"Case value is not a constant integer.", &SI);
3304	Check(Case.getCaseValue()->getType() == SwitchTy,
3305	"Switch constants must all be same type as switch value!", &SI);
3306	Check(Constants.insert(Case.getCaseValue()).second,
3307	"Duplicate integer as switch case", &SI, Case.getCaseValue());
3308	}
3309
3310	visitTerminator(I&: SI);
3311	}
3312
3313	void Verifier::visitIndirectBrInst(IndirectBrInst &BI) {
3314	Check(BI.getAddress()->getType()->isPointerTy(),
3315	"Indirectbr operand must have pointer type!", &BI);
3316	for (unsigned i = 0, e = BI.getNumDestinations(); i != e; ++i)
3317	Check(BI.getDestination(i)->getType()->isLabelTy(),
3318	"Indirectbr destinations must all have pointer type!", &BI);
3319
3320	visitTerminator(I&: BI);
3321	}
3322
3323	void Verifier::visitCallBrInst(CallBrInst &CBI) {
3324	Check(CBI.isInlineAsm(), "Callbr is currently only used for asm-goto!", &CBI);
3325	const InlineAsm *IA = cast<InlineAsm>(Val: CBI.getCalledOperand());
3326	Check(!IA->canThrow(), "Unwinding from Callbr is not allowed");
3327
3328	verifyInlineAsmCall(Call: CBI);
3329	visitTerminator(I&: CBI);
3330	}
3331
3332	void Verifier::visitSelectInst(SelectInst &SI) {
3333	Check(!SelectInst::areInvalidOperands(SI.getOperand(0), SI.getOperand(1),
3334	SI.getOperand(2)),
3335	"Invalid operands for select instruction!", &SI);
3336
3337	Check(SI.getTrueValue()->getType() == SI.getType(),
3338	"Select values must have same type as select instruction!", &SI);
3339	visitInstruction(I&: SI);
3340	}
3341
3342	/// visitUserOp1 - User defined operators shouldn't live beyond the lifetime of
3343	/// a pass, if any exist, it's an error.
3344	///
3345	void Verifier::visitUserOp1(Instruction &I) {
3346	Check(false, "User-defined operators should not live outside of a pass!", &I);
3347	}
3348
3349	void Verifier::visitTruncInst(TruncInst &I) {
3350	// Get the source and destination types
3351	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3352	Type *DestTy = I.getType();
3353
3354	// Get the size of the types in bits, we'll need this later
3355	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3356	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3357
3358	Check(SrcTy->isIntOrIntVectorTy(), "Trunc only operates on integer", &I);
3359	Check(DestTy->isIntOrIntVectorTy(), "Trunc only produces integer", &I);
3360	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3361	"trunc source and destination must both be a vector or neither", &I);
3362	Check(SrcBitSize > DestBitSize, "DestTy too big for Trunc", &I);
3363
3364	visitInstruction(I);
3365	}
3366
3367	void Verifier::visitZExtInst(ZExtInst &I) {
3368	// Get the source and destination types
3369	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3370	Type *DestTy = I.getType();
3371
3372	// Get the size of the types in bits, we'll need this later
3373	Check(SrcTy->isIntOrIntVectorTy(), "ZExt only operates on integer", &I);
3374	Check(DestTy->isIntOrIntVectorTy(), "ZExt only produces an integer", &I);
3375	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3376	"zext source and destination must both be a vector or neither", &I);
3377	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3378	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3379
3380	Check(SrcBitSize < DestBitSize, "Type too small for ZExt", &I);
3381
3382	visitInstruction(I);
3383	}
3384
3385	void Verifier::visitSExtInst(SExtInst &I) {
3386	// Get the source and destination types
3387	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3388	Type *DestTy = I.getType();
3389
3390	// Get the size of the types in bits, we'll need this later
3391	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3392	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3393
3394	Check(SrcTy->isIntOrIntVectorTy(), "SExt only operates on integer", &I);
3395	Check(DestTy->isIntOrIntVectorTy(), "SExt only produces an integer", &I);
3396	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3397	"sext source and destination must both be a vector or neither", &I);
3398	Check(SrcBitSize < DestBitSize, "Type too small for SExt", &I);
3399
3400	visitInstruction(I);
3401	}
3402
3403	void Verifier::visitFPTruncInst(FPTruncInst &I) {
3404	// Get the source and destination types
3405	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3406	Type *DestTy = I.getType();
3407	// Get the size of the types in bits, we'll need this later
3408	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3409	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3410
3411	Check(SrcTy->isFPOrFPVectorTy(), "FPTrunc only operates on FP", &I);
3412	Check(DestTy->isFPOrFPVectorTy(), "FPTrunc only produces an FP", &I);
3413	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3414	"fptrunc source and destination must both be a vector or neither", &I);
3415	Check(SrcBitSize > DestBitSize, "DestTy too big for FPTrunc", &I);
3416
3417	visitInstruction(I);
3418	}
3419
3420	void Verifier::visitFPExtInst(FPExtInst &I) {
3421	// Get the source and destination types
3422	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3423	Type *DestTy = I.getType();
3424
3425	// Get the size of the types in bits, we'll need this later
3426	unsigned SrcBitSize = SrcTy->getScalarSizeInBits();
3427	unsigned DestBitSize = DestTy->getScalarSizeInBits();
3428
3429	Check(SrcTy->isFPOrFPVectorTy(), "FPExt only operates on FP", &I);
3430	Check(DestTy->isFPOrFPVectorTy(), "FPExt only produces an FP", &I);
3431	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(),
3432	"fpext source and destination must both be a vector or neither", &I);
3433	Check(SrcBitSize < DestBitSize, "DestTy too small for FPExt", &I);
3434
3435	visitInstruction(I);
3436	}
3437
3438	void Verifier::visitUIToFPInst(UIToFPInst &I) {
3439	// Get the source and destination types
3440	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3441	Type *DestTy = I.getType();
3442
3443	bool SrcVec = SrcTy->isVectorTy();
3444	bool DstVec = DestTy->isVectorTy();
3445
3446	Check(SrcVec == DstVec,
3447	"UIToFP source and dest must both be vector or scalar", &I);
3448	Check(SrcTy->isIntOrIntVectorTy(),
3449	"UIToFP source must be integer or integer vector", &I);
3450	Check(DestTy->isFPOrFPVectorTy(), "UIToFP result must be FP or FP vector",
3451	&I);
3452
3453	if (SrcVec && DstVec)
3454	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3455	cast<VectorType>(DestTy)->getElementCount(),
3456	"UIToFP source and dest vector length mismatch", &I);
3457
3458	visitInstruction(I);
3459	}
3460
3461	void Verifier::visitSIToFPInst(SIToFPInst &I) {
3462	// Get the source and destination types
3463	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3464	Type *DestTy = I.getType();
3465
3466	bool SrcVec = SrcTy->isVectorTy();
3467	bool DstVec = DestTy->isVectorTy();
3468
3469	Check(SrcVec == DstVec,
3470	"SIToFP source and dest must both be vector or scalar", &I);
3471	Check(SrcTy->isIntOrIntVectorTy(),
3472	"SIToFP source must be integer or integer vector", &I);
3473	Check(DestTy->isFPOrFPVectorTy(), "SIToFP result must be FP or FP vector",
3474	&I);
3475
3476	if (SrcVec && DstVec)
3477	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3478	cast<VectorType>(DestTy)->getElementCount(),
3479	"SIToFP source and dest vector length mismatch", &I);
3480
3481	visitInstruction(I);
3482	}
3483
3484	void Verifier::visitFPToUIInst(FPToUIInst &I) {
3485	// Get the source and destination types
3486	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3487	Type *DestTy = I.getType();
3488
3489	bool SrcVec = SrcTy->isVectorTy();
3490	bool DstVec = DestTy->isVectorTy();
3491
3492	Check(SrcVec == DstVec,
3493	"FPToUI source and dest must both be vector or scalar", &I);
3494	Check(SrcTy->isFPOrFPVectorTy(), "FPToUI source must be FP or FP vector", &I);
3495	Check(DestTy->isIntOrIntVectorTy(),
3496	"FPToUI result must be integer or integer vector", &I);
3497
3498	if (SrcVec && DstVec)
3499	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3500	cast<VectorType>(DestTy)->getElementCount(),
3501	"FPToUI source and dest vector length mismatch", &I);
3502
3503	visitInstruction(I);
3504	}
3505
3506	void Verifier::visitFPToSIInst(FPToSIInst &I) {
3507	// Get the source and destination types
3508	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3509	Type *DestTy = I.getType();
3510
3511	bool SrcVec = SrcTy->isVectorTy();
3512	bool DstVec = DestTy->isVectorTy();
3513
3514	Check(SrcVec == DstVec,
3515	"FPToSI source and dest must both be vector or scalar", &I);
3516	Check(SrcTy->isFPOrFPVectorTy(), "FPToSI source must be FP or FP vector", &I);
3517	Check(DestTy->isIntOrIntVectorTy(),
3518	"FPToSI result must be integer or integer vector", &I);
3519
3520	if (SrcVec && DstVec)
3521	Check(cast<VectorType>(SrcTy)->getElementCount() ==
3522	cast<VectorType>(DestTy)->getElementCount(),
3523	"FPToSI source and dest vector length mismatch", &I);
3524
3525	visitInstruction(I);
3526	}
3527
3528	void Verifier::visitPtrToIntInst(PtrToIntInst &I) {
3529	// Get the source and destination types
3530	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3531	Type *DestTy = I.getType();
3532
3533	Check(SrcTy->isPtrOrPtrVectorTy(), "PtrToInt source must be pointer", &I);
3534
3535	Check(DestTy->isIntOrIntVectorTy(), "PtrToInt result must be integral", &I);
3536	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "PtrToInt type mismatch",
3537	&I);
3538
3539	if (SrcTy->isVectorTy()) {
3540	auto *VSrc = cast<VectorType>(Val: SrcTy);
3541	auto *VDest = cast<VectorType>(Val: DestTy);
3542	Check(VSrc->getElementCount() == VDest->getElementCount(),
3543	"PtrToInt Vector width mismatch", &I);
3544	}
3545
3546	visitInstruction(I);
3547	}
3548
3549	void Verifier::visitIntToPtrInst(IntToPtrInst &I) {
3550	// Get the source and destination types
3551	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3552	Type *DestTy = I.getType();
3553
3554	Check(SrcTy->isIntOrIntVectorTy(), "IntToPtr source must be an integral", &I);
3555	Check(DestTy->isPtrOrPtrVectorTy(), "IntToPtr result must be a pointer", &I);
3556
3557	Check(SrcTy->isVectorTy() == DestTy->isVectorTy(), "IntToPtr type mismatch",
3558	&I);
3559	if (SrcTy->isVectorTy()) {
3560	auto *VSrc = cast<VectorType>(Val: SrcTy);
3561	auto *VDest = cast<VectorType>(Val: DestTy);
3562	Check(VSrc->getElementCount() == VDest->getElementCount(),
3563	"IntToPtr Vector width mismatch", &I);
3564	}
3565	visitInstruction(I);
3566	}
3567
3568	void Verifier::visitBitCastInst(BitCastInst &I) {
3569	Check(
3570	CastInst::castIsValid(Instruction::BitCast, I.getOperand(0), I.getType()),
3571	"Invalid bitcast", &I);
3572	visitInstruction(I);
3573	}
3574
3575	void Verifier::visitAddrSpaceCastInst(AddrSpaceCastInst &I) {
3576	Type *SrcTy = I.getOperand(i_nocapture: 0)->getType();
3577	Type *DestTy = I.getType();
3578
3579	Check(SrcTy->isPtrOrPtrVectorTy(), "AddrSpaceCast source must be a pointer",
3580	&I);
3581	Check(DestTy->isPtrOrPtrVectorTy(), "AddrSpaceCast result must be a pointer",
3582	&I);
3583	Check(SrcTy->getPointerAddressSpace() != DestTy->getPointerAddressSpace(),
3584	"AddrSpaceCast must be between different address spaces", &I);
3585	if (auto *SrcVTy = dyn_cast<VectorType>(Val: SrcTy))
3586	Check(SrcVTy->getElementCount() ==
3587	cast<VectorType>(DestTy)->getElementCount(),
3588	"AddrSpaceCast vector pointer number of elements mismatch", &I);
3589	visitInstruction(I);
3590	}
3591
3592	/// visitPHINode - Ensure that a PHI node is well formed.
3593	///
3594	void Verifier::visitPHINode(PHINode &PN) {
3595	// Ensure that the PHI nodes are all grouped together at the top of the block.
3596	// This can be tested by checking whether the instruction before this is
3597	// either nonexistent (because this is begin()) or is a PHI node. If not,
3598	// then there is some other instruction before a PHI.
3599	Check(&PN == &PN.getParent()->front() ||
3600	isa<PHINode>(--BasicBlock::iterator(&PN)),
3601	"PHI nodes not grouped at top of basic block!", &PN, PN.getParent());
3602
3603	// Check that a PHI doesn't yield a Token.
3604	Check(!PN.getType()->isTokenTy(), "PHI nodes cannot have token type!");
3605
3606	// Check that all of the values of the PHI node have the same type as the
3607	// result.
3608	for (Value *IncValue : PN.incoming_values()) {
3609	Check(PN.getType() == IncValue->getType(),
3610	"PHI node operands are not the same type as the result!", &PN);
3611	}
3612
3613	// All other PHI node constraints are checked in the visitBasicBlock method.
3614
3615	visitInstruction(I&: PN);
3616	}
3617
3618	void Verifier::visitCallBase(CallBase &Call) {
3619	Check(Call.getCalledOperand()->getType()->isPointerTy(),
3620	"Called function must be a pointer!", Call);
3621	FunctionType *FTy = Call.getFunctionType();
3622
3623	// Verify that the correct number of arguments are being passed
3624	if (FTy->isVarArg())
3625	Check(Call.arg_size() >= FTy->getNumParams(),
3626	"Called function requires more parameters than were provided!", Call);
3627	else
3628	Check(Call.arg_size() == FTy->getNumParams(),
3629	"Incorrect number of arguments passed to called function!", Call);
3630
3631	// Verify that all arguments to the call match the function type.
3632	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i)
3633	Check(Call.getArgOperand(i)->getType() == FTy->getParamType(i),
3634	"Call parameter type does not match function signature!",
3635	Call.getArgOperand(i), FTy->getParamType(i), Call);
3636
3637	AttributeList Attrs = Call.getAttributes();
3638
3639	Check(verifyAttributeCount(Attrs, Call.arg_size()),
3640	"Attribute after last parameter!", Call);
3641
3642	Function *Callee =
3643	dyn_cast<Function>(Val: Call.getCalledOperand()->stripPointerCasts());
3644	bool IsIntrinsic = Callee && Callee->isIntrinsic();
3645	if (IsIntrinsic)
3646	Check(Callee->getValueType() == FTy,
3647	"Intrinsic called with incompatible signature", Call);
3648
3649	// Verify if the calling convention of the callee is callable.
3650	Check(isCallableCC(Call.getCallingConv()),
3651	"calling convention does not permit calls", Call);
3652
3653	// Disallow passing/returning values with alignment higher than we can
3654	// represent.
3655	// FIXME: Consider making DataLayout cap the alignment, so this isn't
3656	// necessary.
3657	auto VerifyTypeAlign = [&](Type *Ty, const Twine &Message) {
3658	if (!Ty->isSized())
3659	return;
3660	Align ABIAlign = DL.getABITypeAlign(Ty);
3661	Check(ABIAlign.value() <= Value::MaximumAlignment,
3662	"Incorrect alignment of " + Message + " to called function!", Call);
3663	};
3664
3665	if (!IsIntrinsic) {
3666	VerifyTypeAlign(FTy->getReturnType(), "return type");
3667	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3668	Type *Ty = FTy->getParamType(i);
3669	VerifyTypeAlign(Ty, "argument passed");
3670	}
3671	}
3672
3673	if (Attrs.hasFnAttr(Kind: Attribute::Speculatable)) {
3674	// Don't allow speculatable on call sites, unless the underlying function
3675	// declaration is also speculatable.
3676	Check(Callee && Callee->isSpeculatable(),
3677	"speculatable attribute may not apply to call sites", Call);
3678	}
3679
3680	if (Attrs.hasFnAttr(Kind: Attribute::Preallocated)) {
3681	Check(Call.getIntrinsicID() == Intrinsic::call_preallocated_arg,
3682	"preallocated as a call site attribute can only be on "
3683	"llvm.call.preallocated.arg");
3684	}
3685
3686	// Verify call attributes.
3687	verifyFunctionAttrs(FT: FTy, Attrs, V: &Call, IsIntrinsic, IsInlineAsm: Call.isInlineAsm());
3688
3689	// Conservatively check the inalloca argument.
3690	// We have a bug if we can find that there is an underlying alloca without
3691	// inalloca.
3692	if (Call.hasInAllocaArgument()) {
3693	Value *InAllocaArg = Call.getArgOperand(i: FTy->getNumParams() - 1);
3694	if (auto AI = dyn_cast<AllocaInst>(Val: InAllocaArg->stripInBoundsOffsets()))
3695	Check(AI->isUsedWithInAlloca(),
3696	"inalloca argument for call has mismatched alloca", AI, Call);
3697	}
3698
3699	// For each argument of the callsite, if it has the swifterror argument,
3700	// make sure the underlying alloca/parameter it comes from has a swifterror as
3701	// well.
3702	for (unsigned i = 0, e = FTy->getNumParams(); i != e; ++i) {
3703	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::SwiftError)) {
3704	Value *SwiftErrorArg = Call.getArgOperand(i);
3705	if (auto AI = dyn_cast<AllocaInst>(Val: SwiftErrorArg->stripInBoundsOffsets())) {
3706	Check(AI->isSwiftError(),
3707	"swifterror argument for call has mismatched alloca", AI, Call);
3708	continue;
3709	}
3710	auto ArgI = dyn_cast<Argument>(Val: SwiftErrorArg);
3711	Check(ArgI, "swifterror argument should come from an alloca or parameter",
3712	SwiftErrorArg, Call);
3713	Check(ArgI->hasSwiftErrorAttr(),
3714	"swifterror argument for call has mismatched parameter", ArgI,
3715	Call);
3716	}
3717
3718	if (Attrs.hasParamAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3719	// Don't allow immarg on call sites, unless the underlying declaration
3720	// also has the matching immarg.
3721	Check(Callee && Callee->hasParamAttribute(i, Attribute::ImmArg),
3722	"immarg may not apply only to call sites", Call.getArgOperand(i),
3723	Call);
3724	}
3725
3726	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::ImmArg)) {
3727	Value *ArgVal = Call.getArgOperand(i);
3728	Check(isa<ConstantInt>(ArgVal) || isa<ConstantFP>(ArgVal),
3729	"immarg operand has non-immediate parameter", ArgVal, Call);
3730
3731	// If the imm-arg is an integer and also has a range attached,
3732	// check if the given value is within the range.
3733	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Range)) {
3734	if (auto *CI = dyn_cast<ConstantInt>(Val: ArgVal)) {
3735	const ConstantRange &CR =
3736	Call.getParamAttr(ArgNo: i, Kind: Attribute::Range).getValueAsConstantRange();
3737	Check(CR.contains(CI->getValue()),
3738	"immarg value " + Twine(CI->getValue().getSExtValue()) +
3739	" out of range [" + Twine(CR.getLower().getSExtValue()) +
3740	", " + Twine(CR.getUpper().getSExtValue()) + ")",
3741	Call);
3742	}
3743	}
3744	}
3745
3746	if (Call.paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
3747	Value *ArgVal = Call.getArgOperand(i);
3748	bool hasOB =
3749	Call.countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) != 0;
3750	bool isMustTail = Call.isMustTailCall();
3751	Check(hasOB != isMustTail,
3752	"preallocated operand either requires a preallocated bundle or "
3753	"the call to be musttail (but not both)",
3754	ArgVal, Call);
3755	}
3756	}
3757
3758	if (FTy->isVarArg()) {
3759	// FIXME? is 'nest' even legal here?
3760	bool SawNest = false;
3761	bool SawReturned = false;
3762
3763	for (unsigned Idx = 0; Idx < FTy->getNumParams(); ++Idx) {
3764	if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Nest))
3765	SawNest = true;
3766	if (Attrs.hasParamAttr(ArgNo: Idx, Kind: Attribute::Returned))
3767	SawReturned = true;
3768	}
3769
3770	// Check attributes on the varargs part.
3771	for (unsigned Idx = FTy->getNumParams(); Idx < Call.arg_size(); ++Idx) {
3772	Type *Ty = Call.getArgOperand(i: Idx)->getType();
3773	AttributeSet ArgAttrs = Attrs.getParamAttrs(ArgNo: Idx);
3774	verifyParameterAttrs(Attrs: ArgAttrs, Ty, V: &Call);
3775
3776	if (ArgAttrs.hasAttribute(Kind: Attribute::Nest)) {
3777	Check(!SawNest, "More than one parameter has attribute nest!", Call);
3778	SawNest = true;
3779	}
3780
3781	if (ArgAttrs.hasAttribute(Kind: Attribute::Returned)) {
3782	Check(!SawReturned, "More than one parameter has attribute returned!",
3783	Call);
3784	Check(Ty->canLosslesslyBitCastTo(FTy->getReturnType()),
3785	"Incompatible argument and return types for 'returned' "
3786	"attribute",
3787	Call);
3788	SawReturned = true;
3789	}
3790
3791	// Statepoint intrinsic is vararg but the wrapped function may be not.
3792	// Allow sret here and check the wrapped function in verifyStatepoint.
3793	if (Call.getIntrinsicID() != Intrinsic::experimental_gc_statepoint)
3794	Check(!ArgAttrs.hasAttribute(Attribute::StructRet),
3795	"Attribute 'sret' cannot be used for vararg call arguments!",
3796	Call);
3797
3798	if (ArgAttrs.hasAttribute(Kind: Attribute::InAlloca))
3799	Check(Idx == Call.arg_size() - 1,
3800	"inalloca isn't on the last argument!", Call);
3801	}
3802	}
3803
3804	// Verify that there's no metadata unless it's a direct call to an intrinsic.
3805	if (!IsIntrinsic) {
3806	for (Type *ParamTy : FTy->params()) {
3807	Check(!ParamTy->isMetadataTy(),
3808	"Function has metadata parameter but isn't an intrinsic", Call);
3809	Check(!ParamTy->isTokenTy(),
3810	"Function has token parameter but isn't an intrinsic", Call);
3811	}
3812	}
3813
3814	// Verify that indirect calls don't return tokens.
3815	if (!Call.getCalledFunction()) {
3816	Check(!FTy->getReturnType()->isTokenTy(),
3817	"Return type cannot be token for indirect call!");
3818	Check(!FTy->getReturnType()->isX86_AMXTy(),
3819	"Return type cannot be x86_amx for indirect call!");
3820	}
3821
3822	if (Intrinsic::ID ID = Call.getIntrinsicID())
3823	visitIntrinsicCall(ID, Call);
3824
3825	// Verify that a callsite has at most one "deopt", at most one "funclet", at
3826	// most one "gc-transition", at most one "cfguardtarget", at most one
3827	// "preallocated" operand bundle, and at most one "ptrauth" operand bundle.
3828	bool FoundDeoptBundle = false, FoundFuncletBundle = false,
3829	FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false,
3830	FoundPreallocatedBundle = false, FoundGCLiveBundle = false,
3831	FoundPtrauthBundle = false, FoundKCFIBundle = false,
3832	FoundAttachedCallBundle = false;
3833	for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) {
3834	OperandBundleUse BU = Call.getOperandBundleAt(Index: i);
3835	uint32_t Tag = BU.getTagID();
3836	if (Tag == LLVMContext::OB_deopt) {
3837	Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call);
3838	FoundDeoptBundle = true;
3839	} else if (Tag == LLVMContext::OB_gc_transition) {
3840	Check(!FoundGCTransitionBundle, "Multiple gc-transition operand bundles",
3841	Call);
3842	FoundGCTransitionBundle = true;
3843	} else if (Tag == LLVMContext::OB_funclet) {
3844	Check(!FoundFuncletBundle, "Multiple funclet operand bundles", Call);
3845	FoundFuncletBundle = true;
3846	Check(BU.Inputs.size() == 1,
3847	"Expected exactly one funclet bundle operand", Call);
3848	Check(isa<FuncletPadInst>(BU.Inputs.front()),
3849	"Funclet bundle operands should correspond to a FuncletPadInst",
3850	Call);
3851	} else if (Tag == LLVMContext::OB_cfguardtarget) {
3852	Check(!FoundCFGuardTargetBundle, "Multiple CFGuardTarget operand bundles",
3853	Call);
3854	FoundCFGuardTargetBundle = true;
3855	Check(BU.Inputs.size() == 1,
3856	"Expected exactly one cfguardtarget bundle operand", Call);
3857	} else if (Tag == LLVMContext::OB_ptrauth) {
3858	Check(!FoundPtrauthBundle, "Multiple ptrauth operand bundles", Call);
3859	FoundPtrauthBundle = true;
3860	Check(BU.Inputs.size() == 2,
3861	"Expected exactly two ptrauth bundle operands", Call);
3862	Check(isa<ConstantInt>(BU.Inputs[0]) &&
3863	BU.Inputs[0]->getType()->isIntegerTy(32),
3864	"Ptrauth bundle key operand must be an i32 constant", Call);
3865	Check(BU.Inputs[1]->getType()->isIntegerTy(64),
3866	"Ptrauth bundle discriminator operand must be an i64", Call);
3867	} else if (Tag == LLVMContext::OB_kcfi) {
3868	Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call);
3869	FoundKCFIBundle = true;
3870	Check(BU.Inputs.size() == 1, "Expected exactly one kcfi bundle operand",
3871	Call);
3872	Check(isa<ConstantInt>(BU.Inputs[0]) &&
3873	BU.Inputs[0]->getType()->isIntegerTy(32),
3874	"Kcfi bundle operand must be an i32 constant", Call);
3875	} else if (Tag == LLVMContext::OB_preallocated) {
3876	Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles",
3877	Call);
3878	FoundPreallocatedBundle = true;
3879	Check(BU.Inputs.size() == 1,
3880	"Expected exactly one preallocated bundle operand", Call);
3881	auto Input = dyn_cast<IntrinsicInst>(Val: BU.Inputs.front());
3882	Check(Input &&
3883	Input->getIntrinsicID() == Intrinsic::call_preallocated_setup,
3884	"\"preallocated\" argument must be a token from "
3885	"llvm.call.preallocated.setup",
3886	Call);
3887	} else if (Tag == LLVMContext::OB_gc_live) {
3888	Check(!FoundGCLiveBundle, "Multiple gc-live operand bundles", Call);
3889	FoundGCLiveBundle = true;
3890	} else if (Tag == LLVMContext::OB_clang_arc_attachedcall) {
3891	Check(!FoundAttachedCallBundle,
3892	"Multiple \"clang.arc.attachedcall\" operand bundles", Call);
3893	FoundAttachedCallBundle = true;
3894	verifyAttachedCallBundle(Call, BU);
3895	}
3896	}
3897
3898	// Verify that callee and callsite agree on whether to use pointer auth.
3899	Check(!(Call.getCalledFunction() && FoundPtrauthBundle),
3900	"Direct call cannot have a ptrauth bundle", Call);
3901
3902	// Verify that each inlinable callsite of a debug-info-bearing function in a
3903	// debug-info-bearing function has a debug location attached to it. Failure to
3904	// do so causes assertion failures when the inliner sets up inline scope info
3905	// (Interposable functions are not inlinable, neither are functions without
3906	// definitions.)
3907	if (Call.getFunction()->getSubprogram() && Call.getCalledFunction() &&
3908	!Call.getCalledFunction()->isInterposable() &&
3909	!Call.getCalledFunction()->isDeclaration() &&
3910	Call.getCalledFunction()->getSubprogram())
3911	CheckDI(Call.getDebugLoc(),
3912	"inlinable function call in a function with "
3913	"debug info must have a !dbg location",
3914	Call);
3915
3916	if (Call.isInlineAsm())
3917	verifyInlineAsmCall(Call);
3918
3919	ConvergenceVerifyHelper.visit(I: Call);
3920
3921	visitInstruction(I&: Call);
3922	}
3923
3924	void Verifier::verifyTailCCMustTailAttrs(const AttrBuilder &Attrs,
3925	StringRef Context) {
3926	Check(!Attrs.contains(Attribute::InAlloca),
3927	Twine("inalloca attribute not allowed in ") + Context);
3928	Check(!Attrs.contains(Attribute::InReg),
3929	Twine("inreg attribute not allowed in ") + Context);
3930	Check(!Attrs.contains(Attribute::SwiftError),
3931	Twine("swifterror attribute not allowed in ") + Context);
3932	Check(!Attrs.contains(Attribute::Preallocated),
3933	Twine("preallocated attribute not allowed in ") + Context);
3934	Check(!Attrs.contains(Attribute::ByRef),
3935	Twine("byref attribute not allowed in ") + Context);
3936	}
3937
3938	/// Two types are "congruent" if they are identical, or if they are both pointer
3939	/// types with different pointee types and the same address space.
3940	static bool isTypeCongruent(Type *L, Type *R) {
3941	if (L == R)
3942	return true;
3943	PointerType *PL = dyn_cast<PointerType>(Val: L);
3944	PointerType *PR = dyn_cast<PointerType>(Val: R);
3945	if (!PL || !PR)
3946	return false;
3947	return PL->getAddressSpace() == PR->getAddressSpace();
3948	}
3949
3950	static AttrBuilder getParameterABIAttributes(LLVMContext& C, unsigned I, AttributeList Attrs) {
3951	static const Attribute::AttrKind ABIAttrs[] = {
3952	Attribute::StructRet, Attribute::ByVal, Attribute::InAlloca,
3953	Attribute::InReg, Attribute::StackAlignment, Attribute::SwiftSelf,
3954	Attribute::SwiftAsync, Attribute::SwiftError, Attribute::Preallocated,
3955	Attribute::ByRef};
3956	AttrBuilder Copy(C);
3957	for (auto AK : ABIAttrs) {
3958	Attribute Attr = Attrs.getParamAttrs(ArgNo: I).getAttribute(Kind: AK);
3959	if (Attr.isValid())
3960	Copy.addAttribute(A: Attr);
3961	}
3962
3963	// `align` is ABI-affecting only in combination with `byval` or `byref`.
3964	if (Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::Alignment) &&
3965	(Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByVal) ||
3966	Attrs.hasParamAttr(ArgNo: I, Kind: Attribute::ByRef)))
3967	Copy.addAlignmentAttr(Align: Attrs.getParamAlignment(ArgNo: I));
3968	return Copy;
3969	}
3970
3971	void Verifier::verifyMustTailCall(CallInst &CI) {
3972	Check(!CI.isInlineAsm(), "cannot use musttail call with inline asm", &CI);
3973
3974	Function *F = CI.getParent()->getParent();
3975	FunctionType *CallerTy = F->getFunctionType();
3976	FunctionType *CalleeTy = CI.getFunctionType();
3977	Check(CallerTy->isVarArg() == CalleeTy->isVarArg(),
3978	"cannot guarantee tail call due to mismatched varargs", &CI);
3979	Check(isTypeCongruent(CallerTy->getReturnType(), CalleeTy->getReturnType()),
3980	"cannot guarantee tail call due to mismatched return types", &CI);
3981
3982	// - The calling conventions of the caller and callee must match.
3983	Check(F->getCallingConv() == CI.getCallingConv(),
3984	"cannot guarantee tail call due to mismatched calling conv", &CI);
3985
3986	// - The call must immediately precede a :ref:`ret <i_ret>` instruction,
3987	// or a pointer bitcast followed by a ret instruction.
3988	// - The ret instruction must return the (possibly bitcasted) value
3989	// produced by the call or void.
3990	Value *RetVal = &CI;
3991	Instruction *Next = CI.getNextNode();
3992
3993	// Handle the optional bitcast.
3994	if (BitCastInst *BI = dyn_cast_or_null<BitCastInst>(Val: Next)) {
3995	Check(BI->getOperand(0) == RetVal,
3996	"bitcast following musttail call must use the call", BI);
3997	RetVal = BI;
3998	Next = BI->getNextNode();
3999	}
4000
4001	// Check the return.
4002	ReturnInst *Ret = dyn_cast_or_null<ReturnInst>(Val: Next);
4003	Check(Ret, "musttail call must precede a ret with an optional bitcast", &CI);
4004	Check(!Ret->getReturnValue() || Ret->getReturnValue() == RetVal ||
4005	isa<UndefValue>(Ret->getReturnValue()),
4006	"musttail call result must be returned", Ret);
4007
4008	AttributeList CallerAttrs = F->getAttributes();
4009	AttributeList CalleeAttrs = CI.getAttributes();
4010	if (CI.getCallingConv() == CallingConv::SwiftTail ||
4011	CI.getCallingConv() == CallingConv::Tail) {
4012	StringRef CCName =
4013	CI.getCallingConv() == CallingConv::Tail ? "tailcc" : "swifttailcc";
4014
4015	// - Only sret, byval, swiftself, and swiftasync ABI-impacting attributes
4016	// are allowed in swifttailcc call
4017	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4018	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4019	SmallString<32> Context{CCName, StringRef(" musttail caller")};
4020	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4021	}
4022	for (unsigned I = 0, E = CalleeTy->getNumParams(); I != E; ++I) {
4023	AttrBuilder ABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4024	SmallString<32> Context{CCName, StringRef(" musttail callee")};
4025	verifyTailCCMustTailAttrs(Attrs: ABIAttrs, Context);
4026	}
4027	// - Varargs functions are not allowed
4028	Check(!CallerTy->isVarArg(), Twine("cannot guarantee ") + CCName +
4029	" tail call for varargs function");
4030	return;
4031	}
4032
4033	// - The caller and callee prototypes must match. Pointer types of
4034	// parameters or return types may differ in pointee type, but not
4035	// address space.
4036	if (!CI.getIntrinsicID()) {
4037	Check(CallerTy->getNumParams() == CalleeTy->getNumParams(),
4038	"cannot guarantee tail call due to mismatched parameter counts", &CI);
4039	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4040	Check(
4041	isTypeCongruent(CallerTy->getParamType(I), CalleeTy->getParamType(I)),
4042	"cannot guarantee tail call due to mismatched parameter types", &CI);
4043	}
4044	}
4045
4046	// - All ABI-impacting function attributes, such as sret, byval, inreg,
4047	// returned, preallocated, and inalloca, must match.
4048	for (unsigned I = 0, E = CallerTy->getNumParams(); I != E; ++I) {
4049	AttrBuilder CallerABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CallerAttrs);
4050	AttrBuilder CalleeABIAttrs = getParameterABIAttributes(C&: F->getContext(), I, Attrs: CalleeAttrs);
4051	Check(CallerABIAttrs == CalleeABIAttrs,
4052	"cannot guarantee tail call due to mismatched ABI impacting "
4053	"function attributes",
4054	&CI, CI.getOperand(I));
4055	}
4056	}
4057
4058	void Verifier::visitCallInst(CallInst &CI) {
4059	visitCallBase(Call&: CI);
4060
4061	if (CI.isMustTailCall())
4062	verifyMustTailCall(CI);
4063	}
4064
4065	void Verifier::visitInvokeInst(InvokeInst &II) {
4066	visitCallBase(Call&: II);
4067
4068	// Verify that the first non-PHI instruction of the unwind destination is an
4069	// exception handling instruction.
4070	Check(
4071	II.getUnwindDest()->isEHPad(),
4072	"The unwind destination does not have an exception handling instruction!",
4073	&II);
4074
4075	visitTerminator(I&: II);
4076	}
4077
4078	/// visitUnaryOperator - Check the argument to the unary operator.
4079	///
4080	void Verifier::visitUnaryOperator(UnaryOperator &U) {
4081	Check(U.getType() == U.getOperand(0)->getType(),
4082	"Unary operators must have same type for"
4083	"operands and result!",
4084	&U);
4085
4086	switch (U.getOpcode()) {
4087	// Check that floating-point arithmetic operators are only used with
4088	// floating-point operands.
4089	case Instruction::FNeg:
4090	Check(U.getType()->isFPOrFPVectorTy(),
4091	"FNeg operator only works with float types!", &U);
4092	break;
4093	default:
4094	llvm_unreachable("Unknown UnaryOperator opcode!");
4095	}
4096
4097	visitInstruction(I&: U);
4098	}
4099
4100	/// visitBinaryOperator - Check that both arguments to the binary operator are
4101	/// of the same type!
4102	///
4103	void Verifier::visitBinaryOperator(BinaryOperator &B) {
4104	Check(B.getOperand(0)->getType() == B.getOperand(1)->getType(),
4105	"Both operands to a binary operator are not of the same type!", &B);
4106
4107	switch (B.getOpcode()) {
4108	// Check that integer arithmetic operators are only used with
4109	// integral operands.
4110	case Instruction::Add:
4111	case Instruction::Sub:
4112	case Instruction::Mul:
4113	case Instruction::SDiv:
4114	case Instruction::UDiv:
4115	case Instruction::SRem:
4116	case Instruction::URem:
4117	Check(B.getType()->isIntOrIntVectorTy(),
4118	"Integer arithmetic operators only work with integral types!", &B);
4119	Check(B.getType() == B.getOperand(0)->getType(),
4120	"Integer arithmetic operators must have same type "
4121	"for operands and result!",
4122	&B);
4123	break;
4124	// Check that floating-point arithmetic operators are only used with
4125	// floating-point operands.
4126	case Instruction::FAdd:
4127	case Instruction::FSub:
4128	case Instruction::FMul:
4129	case Instruction::FDiv:
4130	case Instruction::FRem:
4131	Check(B.getType()->isFPOrFPVectorTy(),
4132	"Floating-point arithmetic operators only work with "
4133	"floating-point types!",
4134	&B);
4135	Check(B.getType() == B.getOperand(0)->getType(),
4136	"Floating-point arithmetic operators must have same type "
4137	"for operands and result!",
4138	&B);
4139	break;
4140	// Check that logical operators are only used with integral operands.
4141	case Instruction::And:
4142	case Instruction::Or:
4143	case Instruction::Xor:
4144	Check(B.getType()->isIntOrIntVectorTy(),
4145	"Logical operators only work with integral types!", &B);
4146	Check(B.getType() == B.getOperand(0)->getType(),
4147	"Logical operators must have same type for operands and result!", &B);
4148	break;
4149	case Instruction::Shl:
4150	case Instruction::LShr:
4151	case Instruction::AShr:
4152	Check(B.getType()->isIntOrIntVectorTy(),
4153	"Shifts only work with integral types!", &B);
4154	Check(B.getType() == B.getOperand(0)->getType(),
4155	"Shift return type must be same as operands!", &B);
4156	break;
4157	default:
4158	llvm_unreachable("Unknown BinaryOperator opcode!");
4159	}
4160
4161	visitInstruction(I&: B);
4162	}
4163
4164	void Verifier::visitICmpInst(ICmpInst &IC) {
4165	// Check that the operands are the same type
4166	Type *Op0Ty = IC.getOperand(i_nocapture: 0)->getType();
4167	Type *Op1Ty = IC.getOperand(i_nocapture: 1)->getType();
4168	Check(Op0Ty == Op1Ty,
4169	"Both operands to ICmp instruction are not of the same type!", &IC);
4170	// Check that the operands are the right type
4171	Check(Op0Ty->isIntOrIntVectorTy() || Op0Ty->isPtrOrPtrVectorTy(),
4172	"Invalid operand types for ICmp instruction", &IC);
4173	// Check that the predicate is valid.
4174	Check(IC.isIntPredicate(), "Invalid predicate in ICmp instruction!", &IC);
4175
4176	visitInstruction(I&: IC);
4177	}
4178
4179	void Verifier::visitFCmpInst(FCmpInst &FC) {
4180	// Check that the operands are the same type
4181	Type *Op0Ty = FC.getOperand(i_nocapture: 0)->getType();
4182	Type *Op1Ty = FC.getOperand(i_nocapture: 1)->getType();
4183	Check(Op0Ty == Op1Ty,
4184	"Both operands to FCmp instruction are not of the same type!", &FC);
4185	// Check that the operands are the right type
4186	Check(Op0Ty->isFPOrFPVectorTy(), "Invalid operand types for FCmp instruction",
4187	&FC);
4188	// Check that the predicate is valid.
4189	Check(FC.isFPPredicate(), "Invalid predicate in FCmp instruction!", &FC);
4190
4191	visitInstruction(I&: FC);
4192	}
4193
4194	void Verifier::visitExtractElementInst(ExtractElementInst &EI) {
4195	Check(ExtractElementInst::isValidOperands(EI.getOperand(0), EI.getOperand(1)),
4196	"Invalid extractelement operands!", &EI);
4197	visitInstruction(I&: EI);
4198	}
4199
4200	void Verifier::visitInsertElementInst(InsertElementInst &IE) {
4201	Check(InsertElementInst::isValidOperands(IE.getOperand(0), IE.getOperand(1),
4202	IE.getOperand(2)),
4203	"Invalid insertelement operands!", &IE);
4204	visitInstruction(I&: IE);
4205	}
4206
4207	void Verifier::visitShuffleVectorInst(ShuffleVectorInst &SV) {
4208	Check(ShuffleVectorInst::isValidOperands(SV.getOperand(0), SV.getOperand(1),
4209	SV.getShuffleMask()),
4210	"Invalid shufflevector operands!", &SV);
4211	visitInstruction(I&: SV);
4212	}
4213
4214	void Verifier::visitGetElementPtrInst(GetElementPtrInst &GEP) {
4215	Type *TargetTy = GEP.getPointerOperandType()->getScalarType();
4216
4217	Check(isa<PointerType>(TargetTy),
4218	"GEP base pointer is not a vector or a vector of pointers", &GEP);
4219	Check(GEP.getSourceElementType()->isSized(), "GEP into unsized type!", &GEP);
4220
4221	if (auto *STy = dyn_cast<StructType>(Val: GEP.getSourceElementType())) {
4222	Check(!STy->isScalableTy(),
4223	"getelementptr cannot target structure that contains scalable vector"
4224	"type",
4225	&GEP);
4226	}
4227
4228	SmallVector<Value *, 16> Idxs(GEP.indices());
4229	Check(
4230	all_of(Idxs, [](Value *V) { return V->getType()->isIntOrIntVectorTy(); }),
4231	"GEP indexes must be integers", &GEP);
4232	Type *ElTy =
4233	GetElementPtrInst::getIndexedType(Ty: GEP.getSourceElementType(), IdxList: Idxs);
4234	Check(ElTy, "Invalid indices for GEP pointer type!", &GEP);
4235
4236	PointerType *PtrTy = dyn_cast<PointerType>(Val: GEP.getType()->getScalarType());
4237
4238	Check(PtrTy && GEP.getResultElementType() == ElTy,
4239	"GEP is not of right type for indices!", &GEP, ElTy);
4240
4241	if (auto *GEPVTy = dyn_cast<VectorType>(Val: GEP.getType())) {
4242	// Additional checks for vector GEPs.
4243	ElementCount GEPWidth = GEPVTy->getElementCount();
4244	if (GEP.getPointerOperandType()->isVectorTy())
4245	Check(
4246	GEPWidth ==
4247	cast<VectorType>(GEP.getPointerOperandType())->getElementCount(),
4248	"Vector GEP result width doesn't match operand's", &GEP);
4249	for (Value *Idx : Idxs) {
4250	Type *IndexTy = Idx->getType();
4251	if (auto *IndexVTy = dyn_cast<VectorType>(Val: IndexTy)) {
4252	ElementCount IndexWidth = IndexVTy->getElementCount();
4253	Check(IndexWidth == GEPWidth, "Invalid GEP index vector width", &GEP);
4254	}
4255	Check(IndexTy->isIntOrIntVectorTy(),
4256	"All GEP indices should be of integer type");
4257	}
4258	}
4259
4260	Check(GEP.getAddressSpace() == PtrTy->getAddressSpace(),
4261	"GEP address space doesn't match type", &GEP);
4262
4263	visitInstruction(I&: GEP);
4264	}
4265
4266	static bool isContiguous(const ConstantRange &A, const ConstantRange &B) {
4267	return A.getUpper() == B.getLower() || A.getLower() == B.getUpper();
4268	}
4269
4270	/// Verify !range and !absolute_symbol metadata. These have the same
4271	/// restrictions, except !absolute_symbol allows the full set.
4272	void Verifier::verifyRangeLikeMetadata(const Value &I, const MDNode *Range,
4273	Type *Ty, RangeLikeMetadataKind Kind) {
4274	unsigned NumOperands = Range->getNumOperands();
4275	Check(NumOperands % 2 == 0, "Unfinished range!", Range);
4276	unsigned NumRanges = NumOperands / 2;
4277	Check(NumRanges >= 1, "It should have at least one range!", Range);
4278
4279	ConstantRange LastRange(1, true); // Dummy initial value
4280	for (unsigned i = 0; i < NumRanges; ++i) {
4281	ConstantInt *Low =
4282	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i));
4283	Check(Low, "The lower limit must be an integer!", Low);
4284	ConstantInt *High =
4285	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 2 * i + 1));
4286	Check(High, "The upper limit must be an integer!", High);
4287
4288	Check(High->getType() == Low->getType(), "Range pair types must match!",
4289	&I);
4290
4291	if (Kind == RangeLikeMetadataKind::NoaliasAddrspace) {
4292	Check(High->getType()->isIntegerTy(32),
4293	"noalias.addrspace type must be i32!", &I);
4294	} else {
4295	Check(High->getType() == Ty->getScalarType(),
4296	"Range types must match instruction type!", &I);
4297	}
4298
4299	APInt HighV = High->getValue();
4300	APInt LowV = Low->getValue();
4301
4302	// ConstantRange asserts if the ranges are the same except for the min/max
4303	// value. Leave the cases it tolerates for the empty range error below.
4304	Check(LowV != HighV || LowV.isMaxValue() || LowV.isMinValue(),
4305	"The upper and lower limits cannot be the same value", &I);
4306
4307	ConstantRange CurRange(LowV, HighV);
4308	Check(!CurRange.isEmptySet() &&
4309	(Kind == RangeLikeMetadataKind::AbsoluteSymbol ||
4310	!CurRange.isFullSet()),
4311	"Range must not be empty!", Range);
4312	if (i != 0) {
4313	Check(CurRange.intersectWith(LastRange).isEmptySet(),
4314	"Intervals are overlapping", Range);
4315	Check(LowV.sgt(LastRange.getLower()), "Intervals are not in order",
4316	Range);
4317	Check(!isContiguous(CurRange, LastRange), "Intervals are contiguous",
4318	Range);
4319	}
4320	LastRange = ConstantRange(LowV, HighV);
4321	}
4322	if (NumRanges > 2) {
4323	APInt FirstLow =
4324	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 0))->getValue();
4325	APInt FirstHigh =
4326	mdconst::dyn_extract<ConstantInt>(MD: Range->getOperand(I: 1))->getValue();
4327	ConstantRange FirstRange(FirstLow, FirstHigh);
4328	Check(FirstRange.intersectWith(LastRange).isEmptySet(),
4329	"Intervals are overlapping", Range);
4330	Check(!isContiguous(FirstRange, LastRange), "Intervals are contiguous",
4331	Range);
4332	}
4333	}
4334
4335	void Verifier::visitRangeMetadata(Instruction &I, MDNode *Range, Type *Ty) {
4336	assert(Range && Range == I.getMetadata(LLVMContext::MD_range) &&
4337	"precondition violation");
4338	verifyRangeLikeMetadata(I, Range, Ty, Kind: RangeLikeMetadataKind::Range);
4339	}
4340
4341	void Verifier::visitNoaliasAddrspaceMetadata(Instruction &I, MDNode *Range,
4342	Type *Ty) {
4343	assert(Range && Range == I.getMetadata(LLVMContext::MD_noalias_addrspace) &&
4344	"precondition violation");
4345	verifyRangeLikeMetadata(I, Range, Ty,
4346	Kind: RangeLikeMetadataKind::NoaliasAddrspace);
4347	}
4348
4349	void Verifier::checkAtomicMemAccessSize(Type *Ty, const Instruction *I) {
4350	unsigned Size = DL.getTypeSizeInBits(Ty);
4351	Check(Size >= 8, "atomic memory access' size must be byte-sized", Ty, I);
4352	Check(!(Size & (Size - 1)),
4353	"atomic memory access' operand must have a power-of-two size", Ty, I);
4354	}
4355
4356	void Verifier::visitLoadInst(LoadInst &LI) {
4357	PointerType *PTy = dyn_cast<PointerType>(Val: LI.getOperand(i_nocapture: 0)->getType());
4358	Check(PTy, "Load operand must be a pointer.", &LI);
4359	Type *ElTy = LI.getType();
4360	if (MaybeAlign A = LI.getAlign()) {
4361	Check(A->value() <= Value::MaximumAlignment,
4362	"huge alignment values are unsupported", &LI);
4363	}
4364	Check(ElTy->isSized(), "loading unsized types is not allowed", &LI);
4365	if (LI.isAtomic()) {
4366	Check(LI.getOrdering() != AtomicOrdering::Release &&
4367	LI.getOrdering() != AtomicOrdering::AcquireRelease,
4368	"Load cannot have Release ordering", &LI);
4369	Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(),
4370	"atomic load operand must have integer, pointer, or floating point "
4371	"type!",
4372	ElTy, &LI);
4373	checkAtomicMemAccessSize(Ty: ElTy, I: &LI);
4374	} else {
4375	Check(LI.getSyncScopeID() == SyncScope::System,
4376	"Non-atomic load cannot have SynchronizationScope specified", &LI);
4377	}
4378
4379	visitInstruction(I&: LI);
4380	}
4381
4382	void Verifier::visitStoreInst(StoreInst &SI) {
4383	PointerType *PTy = dyn_cast<PointerType>(Val: SI.getOperand(i_nocapture: 1)->getType());
4384	Check(PTy, "Store operand must be a pointer.", &SI);
4385	Type *ElTy = SI.getOperand(i_nocapture: 0)->getType();
4386	if (MaybeAlign A = SI.getAlign()) {
4387	Check(A->value() <= Value::MaximumAlignment,
4388	"huge alignment values are unsupported", &SI);
4389	}
4390	Check(ElTy->isSized(), "storing unsized types is not allowed", &SI);
4391	if (SI.isAtomic()) {
4392	Check(SI.getOrdering() != AtomicOrdering::Acquire &&
4393	SI.getOrdering() != AtomicOrdering::AcquireRelease,
4394	"Store cannot have Acquire ordering", &SI);
4395	Check(ElTy->isIntOrPtrTy() || ElTy->isFloatingPointTy(),
4396	"atomic store operand must have integer, pointer, or floating point "
4397	"type!",
4398	ElTy, &SI);
4399	checkAtomicMemAccessSize(Ty: ElTy, I: &SI);
4400	} else {
4401	Check(SI.getSyncScopeID() == SyncScope::System,
4402	"Non-atomic store cannot have SynchronizationScope specified", &SI);
4403	}
4404	visitInstruction(I&: SI);
4405	}
4406
4407	/// Check that SwiftErrorVal is used as a swifterror argument in CS.
4408	void Verifier::verifySwiftErrorCall(CallBase &Call,
4409	const Value *SwiftErrorVal) {
4410	for (const auto &I : llvm::enumerate(First: Call.args())) {
4411	if (I.value() == SwiftErrorVal) {
4412	Check(Call.paramHasAttr(I.index(), Attribute::SwiftError),
4413	"swifterror value when used in a callsite should be marked "
4414	"with swifterror attribute",
4415	SwiftErrorVal, Call);
4416	}
4417	}
4418	}
4419
4420	void Verifier::verifySwiftErrorValue(const Value *SwiftErrorVal) {
4421	// Check that swifterror value is only used by loads, stores, or as
4422	// a swifterror argument.
4423	for (const User *U : SwiftErrorVal->users()) {
4424	Check(isa<LoadInst>(U) || isa<StoreInst>(U) || isa<CallInst>(U) ||
4425	isa<InvokeInst>(U),
4426	"swifterror value can only be loaded and stored from, or "
4427	"as a swifterror argument!",
4428	SwiftErrorVal, U);
4429	// If it is used by a store, check it is the second operand.
4430	if (auto StoreI = dyn_cast<StoreInst>(Val: U))
4431	Check(StoreI->getOperand(1) == SwiftErrorVal,
4432	"swifterror value should be the second operand when used "
4433	"by stores",
4434	SwiftErrorVal, U);
4435	if (auto *Call = dyn_cast<CallBase>(Val: U))
4436	verifySwiftErrorCall(Call&: *const_cast<CallBase *>(Call), SwiftErrorVal);
4437	}
4438	}
4439
4440	void Verifier::visitAllocaInst(AllocaInst &AI) {
4441	Type *Ty = AI.getAllocatedType();
4442	SmallPtrSet<Type*, 4> Visited;
4443	Check(Ty->isSized(&Visited), "Cannot allocate unsized type", &AI);
4444	// Check if it's a target extension type that disallows being used on the
4445	// stack.
4446	Check(!Ty->containsNonLocalTargetExtType(),
4447	"Alloca has illegal target extension type", &AI);
4448	Check(AI.getArraySize()->getType()->isIntegerTy(),
4449	"Alloca array size must have integer type", &AI);
4450	if (MaybeAlign A = AI.getAlign()) {
4451	Check(A->value() <= Value::MaximumAlignment,
4452	"huge alignment values are unsupported", &AI);
4453	}
4454
4455	if (AI.isSwiftError()) {
4456	Check(Ty->isPointerTy(), "swifterror alloca must have pointer type", &AI);
4457	Check(!AI.isArrayAllocation(),
4458	"swifterror alloca must not be array allocation", &AI);
4459	verifySwiftErrorValue(SwiftErrorVal: &AI);
4460	}
4461
4462	if (TT.isAMDGPU()) {
4463	Check(AI.getAddressSpace() == AMDGPUAS::PRIVATE_ADDRESS,
4464	"alloca on amdgpu must be in addrspace(5)", &AI);
4465	}
4466
4467	visitInstruction(I&: AI);
4468	}
4469
4470	void Verifier::visitAtomicCmpXchgInst(AtomicCmpXchgInst &CXI) {
4471	Type *ElTy = CXI.getOperand(i_nocapture: 1)->getType();
4472	Check(ElTy->isIntOrPtrTy(),
4473	"cmpxchg operand must have integer or pointer type", ElTy, &CXI);
4474	checkAtomicMemAccessSize(Ty: ElTy, I: &CXI);
4475	visitInstruction(I&: CXI);
4476	}
4477
4478	void Verifier::visitAtomicRMWInst(AtomicRMWInst &RMWI) {
4479	Check(RMWI.getOrdering() != AtomicOrdering::Unordered,
4480	"atomicrmw instructions cannot be unordered.", &RMWI);
4481	auto Op = RMWI.getOperation();
4482	Type *ElTy = RMWI.getOperand(i_nocapture: 1)->getType();
4483	if (Op == AtomicRMWInst::Xchg) {
4484	Check(ElTy->isIntegerTy() || ElTy->isFloatingPointTy() ||
4485	ElTy->isPointerTy(),
4486	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4487	" operand must have integer or floating point type!",
4488	&RMWI, ElTy);
4489	} else if (AtomicRMWInst::isFPOperation(Op)) {
4490	Check(ElTy->isFPOrFPVectorTy() && !isa<ScalableVectorType>(ElTy),
4491	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4492	" operand must have floating-point or fixed vector of floating-point "
4493	"type!",
4494	&RMWI, ElTy);
4495	} else {
4496	Check(ElTy->isIntegerTy(),
4497	"atomicrmw " + AtomicRMWInst::getOperationName(Op) +
4498	" operand must have integer type!",
4499	&RMWI, ElTy);
4500	}
4501	checkAtomicMemAccessSize(Ty: ElTy, I: &RMWI);
4502	Check(AtomicRMWInst::FIRST_BINOP <= Op && Op <= AtomicRMWInst::LAST_BINOP,
4503	"Invalid binary operation!", &RMWI);
4504	visitInstruction(I&: RMWI);
4505	}
4506
4507	void Verifier::visitFenceInst(FenceInst &FI) {
4508	const AtomicOrdering Ordering = FI.getOrdering();
4509	Check(Ordering == AtomicOrdering::Acquire ||
4510	Ordering == AtomicOrdering::Release ||
4511	Ordering == AtomicOrdering::AcquireRelease ||
4512	Ordering == AtomicOrdering::SequentiallyConsistent,
4513	"fence instructions may only have acquire, release, acq_rel, or "
4514	"seq_cst ordering.",
4515	&FI);
4516	visitInstruction(I&: FI);
4517	}
4518
4519	void Verifier::visitExtractValueInst(ExtractValueInst &EVI) {
4520	Check(ExtractValueInst::getIndexedType(EVI.getAggregateOperand()->getType(),
4521	EVI.getIndices()) == EVI.getType(),
4522	"Invalid ExtractValueInst operands!", &EVI);
4523
4524	visitInstruction(I&: EVI);
4525	}
4526
4527	void Verifier::visitInsertValueInst(InsertValueInst &IVI) {
4528	Check(ExtractValueInst::getIndexedType(IVI.getAggregateOperand()->getType(),
4529	IVI.getIndices()) ==
4530	IVI.getOperand(1)->getType(),
4531	"Invalid InsertValueInst operands!", &IVI);
4532
4533	visitInstruction(I&: IVI);
4534	}
4535
4536	static Value *getParentPad(Value *EHPad) {
4537	if (auto *FPI = dyn_cast<FuncletPadInst>(Val: EHPad))
4538	return FPI->getParentPad();
4539
4540	return cast<CatchSwitchInst>(Val: EHPad)->getParentPad();
4541	}
4542
4543	void Verifier::visitEHPadPredecessors(Instruction &I) {
4544	assert(I.isEHPad());
4545
4546	BasicBlock *BB = I.getParent();
4547	Function *F = BB->getParent();
4548
4549	Check(BB != &F->getEntryBlock(), "EH pad cannot be in entry block.", &I);
4550
4551	if (auto *LPI = dyn_cast<LandingPadInst>(Val: &I)) {
4552	// The landingpad instruction defines its parent as a landing pad block. The
4553	// landing pad block may be branched to only by the unwind edge of an
4554	// invoke.
4555	for (BasicBlock *PredBB : predecessors(BB)) {
4556	const auto *II = dyn_cast<InvokeInst>(Val: PredBB->getTerminator());
4557	Check(II && II->getUnwindDest() == BB && II->getNormalDest() != BB,
4558	"Block containing LandingPadInst must be jumped to "
4559	"only by the unwind edge of an invoke.",
4560	LPI);
4561	}
4562	return;
4563	}
4564	if (auto *CPI = dyn_cast<CatchPadInst>(Val: &I)) {
4565	if (!pred_empty(BB))
4566	Check(BB->getUniquePredecessor() == CPI->getCatchSwitch()->getParent(),
4567	"Block containg CatchPadInst must be jumped to "
4568	"only by its catchswitch.",
4569	CPI);
4570	Check(BB != CPI->getCatchSwitch()->getUnwindDest(),
4571	"Catchswitch cannot unwind to one of its catchpads",
4572	CPI->getCatchSwitch(), CPI);
4573	return;
4574	}
4575
4576	// Verify that each pred has a legal terminator with a legal to/from EH
4577	// pad relationship.
4578	Instruction *ToPad = &I;
4579	Value *ToPadParent = getParentPad(EHPad: ToPad);
4580	for (BasicBlock *PredBB : predecessors(BB)) {
4581	Instruction *TI = PredBB->getTerminator();
4582	Value *FromPad;
4583	if (auto *II = dyn_cast<InvokeInst>(Val: TI)) {
4584	Check(II->getUnwindDest() == BB && II->getNormalDest() != BB,
4585	"EH pad must be jumped to via an unwind edge", ToPad, II);
4586	auto *CalledFn =
4587	dyn_cast<Function>(Val: II->getCalledOperand()->stripPointerCasts());
4588	if (CalledFn && CalledFn->isIntrinsic() && II->doesNotThrow() &&
4589	!IntrinsicInst::mayLowerToFunctionCall(IID: CalledFn->getIntrinsicID()))
4590	continue;
4591	if (auto Bundle = II->getOperandBundle(ID: LLVMContext::OB_funclet))
4592	FromPad = Bundle->Inputs[0];
4593	else
4594	FromPad = ConstantTokenNone::get(Context&: II->getContext());
4595	} else if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: TI)) {
4596	FromPad = CRI->getOperand(i_nocapture: 0);
4597	Check(FromPad != ToPadParent, "A cleanupret must exit its cleanup", CRI);
4598	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: TI)) {
4599	FromPad = CSI;
4600	} else {
4601	Check(false, "EH pad must be jumped to via an unwind edge", ToPad, TI);
4602	}
4603
4604	// The edge may exit from zero or more nested pads.
4605	SmallSet<Value *, 8> Seen;
4606	for (;; FromPad = getParentPad(EHPad: FromPad)) {
4607	Check(FromPad != ToPad,
4608	"EH pad cannot handle exceptions raised within it", FromPad, TI);
4609	if (FromPad == ToPadParent) {
4610	// This is a legal unwind edge.
4611	break;
4612	}
4613	Check(!isa<ConstantTokenNone>(FromPad),
4614	"A single unwind edge may only enter one EH pad", TI);
4615	Check(Seen.insert(FromPad).second, "EH pad jumps through a cycle of pads",
4616	FromPad);
4617
4618	// This will be diagnosed on the corresponding instruction already. We
4619	// need the extra check here to make sure getParentPad() works.
4620	Check(isa<FuncletPadInst>(FromPad) || isa<CatchSwitchInst>(FromPad),
4621	"Parent pad must be catchpad/cleanuppad/catchswitch", TI);
4622	}
4623	}
4624	}
4625
4626	void Verifier::visitLandingPadInst(LandingPadInst &LPI) {
4627	// The landingpad instruction is ill-formed if it doesn't have any clauses and
4628	// isn't a cleanup.
4629	Check(LPI.getNumClauses() > 0 || LPI.isCleanup(),
4630	"LandingPadInst needs at least one clause or to be a cleanup.", &LPI);
4631
4632	visitEHPadPredecessors(I&: LPI);
4633
4634	if (!LandingPadResultTy)
4635	LandingPadResultTy = LPI.getType();
4636	else
4637	Check(LandingPadResultTy == LPI.getType(),
4638	"The landingpad instruction should have a consistent result type "
4639	"inside a function.",
4640	&LPI);
4641
4642	Function *F = LPI.getParent()->getParent();
4643	Check(F->hasPersonalityFn(),
4644	"LandingPadInst needs to be in a function with a personality.", &LPI);
4645
4646	// The landingpad instruction must be the first non-PHI instruction in the
4647	// block.
4648	Check(LPI.getParent()->getLandingPadInst() == &LPI,
4649	"LandingPadInst not the first non-PHI instruction in the block.", &LPI);
4650
4651	for (unsigned i = 0, e = LPI.getNumClauses(); i < e; ++i) {
4652	Constant *Clause = LPI.getClause(Idx: i);
4653	if (LPI.isCatch(Idx: i)) {
4654	Check(isa<PointerType>(Clause->getType()),
4655	"Catch operand does not have pointer type!", &LPI);
4656	} else {
4657	Check(LPI.isFilter(i), "Clause is neither catch nor filter!", &LPI);
4658	Check(isa<ConstantArray>(Clause) || isa<ConstantAggregateZero>(Clause),
4659	"Filter operand is not an array of constants!", &LPI);
4660	}
4661	}
4662
4663	visitInstruction(I&: LPI);
4664	}
4665
4666	void Verifier::visitResumeInst(ResumeInst &RI) {
4667	Check(RI.getFunction()->hasPersonalityFn(),
4668	"ResumeInst needs to be in a function with a personality.", &RI);
4669
4670	if (!LandingPadResultTy)
4671	LandingPadResultTy = RI.getValue()->getType();
4672	else
4673	Check(LandingPadResultTy == RI.getValue()->getType(),
4674	"The resume instruction should have a consistent result type "
4675	"inside a function.",
4676	&RI);
4677
4678	visitTerminator(I&: RI);
4679	}
4680
4681	void Verifier::visitCatchPadInst(CatchPadInst &CPI) {
4682	BasicBlock *BB = CPI.getParent();
4683
4684	Function *F = BB->getParent();
4685	Check(F->hasPersonalityFn(),
4686	"CatchPadInst needs to be in a function with a personality.", &CPI);
4687
4688	Check(isa<CatchSwitchInst>(CPI.getParentPad()),
4689	"CatchPadInst needs to be directly nested in a CatchSwitchInst.",
4690	CPI.getParentPad());
4691
4692	// The catchpad instruction must be the first non-PHI instruction in the
4693	// block.
4694	Check(&*BB->getFirstNonPHIIt() == &CPI,
4695	"CatchPadInst not the first non-PHI instruction in the block.", &CPI);
4696
4697	visitEHPadPredecessors(I&: CPI);
4698	visitFuncletPadInst(FPI&: CPI);
4699	}
4700
4701	void Verifier::visitCatchReturnInst(CatchReturnInst &CatchReturn) {
4702	Check(isa<CatchPadInst>(CatchReturn.getOperand(0)),
4703	"CatchReturnInst needs to be provided a CatchPad", &CatchReturn,
4704	CatchReturn.getOperand(0));
4705
4706	visitTerminator(I&: CatchReturn);
4707	}
4708
4709	void Verifier::visitCleanupPadInst(CleanupPadInst &CPI) {
4710	BasicBlock *BB = CPI.getParent();
4711
4712	Function *F = BB->getParent();
4713	Check(F->hasPersonalityFn(),
4714	"CleanupPadInst needs to be in a function with a personality.", &CPI);
4715
4716	// The cleanuppad instruction must be the first non-PHI instruction in the
4717	// block.
4718	Check(&*BB->getFirstNonPHIIt() == &CPI,
4719	"CleanupPadInst not the first non-PHI instruction in the block.", &CPI);
4720
4721	auto *ParentPad = CPI.getParentPad();
4722	Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
4723	"CleanupPadInst has an invalid parent.", &CPI);
4724
4725	visitEHPadPredecessors(I&: CPI);
4726	visitFuncletPadInst(FPI&: CPI);
4727	}
4728
4729	void Verifier::visitFuncletPadInst(FuncletPadInst &FPI) {
4730	User *FirstUser = nullptr;
4731	Value *FirstUnwindPad = nullptr;
4732	SmallVector<FuncletPadInst *, 8> Worklist({&FPI});
4733	SmallSet<FuncletPadInst *, 8> Seen;
4734
4735	while (!Worklist.empty()) {
4736	FuncletPadInst *CurrentPad = Worklist.pop_back_val();
4737	Check(Seen.insert(CurrentPad).second,
4738	"FuncletPadInst must not be nested within itself", CurrentPad);
4739	Value *UnresolvedAncestorPad = nullptr;
4740	for (User *U : CurrentPad->users()) {
4741	BasicBlock *UnwindDest;
4742	if (auto *CRI = dyn_cast<CleanupReturnInst>(Val: U)) {
4743	UnwindDest = CRI->getUnwindDest();
4744	} else if (auto *CSI = dyn_cast<CatchSwitchInst>(Val: U)) {
4745	// We allow catchswitch unwind to caller to nest
4746	// within an outer pad that unwinds somewhere else,
4747	// because catchswitch doesn't have a nounwind variant.
4748	// See e.g. SimplifyCFGOpt::SimplifyUnreachable.
4749	if (CSI->unwindsToCaller())
4750	continue;
4751	UnwindDest = CSI->getUnwindDest();
4752	} else if (auto *II = dyn_cast<InvokeInst>(Val: U)) {
4753	UnwindDest = II->getUnwindDest();
4754	} else if (isa<CallInst>(Val: U)) {
4755	// Calls which don't unwind may be found inside funclet
4756	// pads that unwind somewhere else. We don't *require*
4757	// such calls to be annotated nounwind.
4758	continue;
4759	} else if (auto *CPI = dyn_cast<CleanupPadInst>(Val: U)) {
4760	// The unwind dest for a cleanup can only be found by
4761	// recursive search. Add it to the worklist, and we'll
4762	// search for its first use that determines where it unwinds.
4763	Worklist.push_back(Elt: CPI);
4764	continue;
4765	} else {
4766	Check(isa<CatchReturnInst>(U), "Bogus funclet pad use", U);
4767	continue;
4768	}
4769
4770	Value *UnwindPad;
4771	bool ExitsFPI;
4772	if (UnwindDest) {
4773	UnwindPad = &*UnwindDest->getFirstNonPHIIt();
4774	if (!cast<Instruction>(Val: UnwindPad)->isEHPad())
4775	continue;
4776	Value *UnwindParent = getParentPad(EHPad: UnwindPad);
4777	// Ignore unwind edges that don't exit CurrentPad.
4778	if (UnwindParent == CurrentPad)
4779	continue;
4780	// Determine whether the original funclet pad is exited,
4781	// and if we are scanning nested pads determine how many
4782	// of them are exited so we can stop searching their
4783	// children.
4784	Value *ExitedPad = CurrentPad;
4785	ExitsFPI = false;
4786	do {
4787	if (ExitedPad == &FPI) {
4788	ExitsFPI = true;
4789	// Now we can resolve any ancestors of CurrentPad up to
4790	// FPI, but not including FPI since we need to make sure
4791	// to check all direct users of FPI for consistency.
4792	UnresolvedAncestorPad = &FPI;
4793	break;
4794	}
4795	Value *ExitedParent = getParentPad(EHPad: ExitedPad);
4796	if (ExitedParent == UnwindParent) {
4797	// ExitedPad is the ancestor-most pad which this unwind
4798	// edge exits, so we can resolve up to it, meaning that
4799	// ExitedParent is the first ancestor still unresolved.
4800	UnresolvedAncestorPad = ExitedParent;
4801	break;
4802	}
4803	ExitedPad = ExitedParent;
4804	} while (!isa<ConstantTokenNone>(Val: ExitedPad));
4805	} else {
4806	// Unwinding to caller exits all pads.
4807	UnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
4808	ExitsFPI = true;
4809	UnresolvedAncestorPad = &FPI;
4810	}
4811
4812	if (ExitsFPI) {
4813	// This unwind edge exits FPI. Make sure it agrees with other
4814	// such edges.
4815	if (FirstUser) {
4816	Check(UnwindPad == FirstUnwindPad,
4817	"Unwind edges out of a funclet "
4818	"pad must have the same unwind "
4819	"dest",
4820	&FPI, U, FirstUser);
4821	} else {
4822	FirstUser = U;
4823	FirstUnwindPad = UnwindPad;
4824	// Record cleanup sibling unwinds for verifySiblingFuncletUnwinds
4825	if (isa<CleanupPadInst>(Val: &FPI) && !isa<ConstantTokenNone>(Val: UnwindPad) &&
4826	getParentPad(EHPad: UnwindPad) == getParentPad(EHPad: &FPI))
4827	SiblingFuncletInfo[&FPI] = cast<Instruction>(Val: U);
4828	}
4829	}
4830	// Make sure we visit all uses of FPI, but for nested pads stop as
4831	// soon as we know where they unwind to.
4832	if (CurrentPad != &FPI)
4833	break;
4834	}
4835	if (UnresolvedAncestorPad) {
4836	if (CurrentPad == UnresolvedAncestorPad) {
4837	// When CurrentPad is FPI itself, we don't mark it as resolved even if
4838	// we've found an unwind edge that exits it, because we need to verify
4839	// all direct uses of FPI.
4840	assert(CurrentPad == &FPI);
4841	continue;
4842	}
4843	// Pop off the worklist any nested pads that we've found an unwind
4844	// destination for. The pads on the worklist are the uncles,
4845	// great-uncles, etc. of CurrentPad. We've found an unwind destination
4846	// for all ancestors of CurrentPad up to but not including
4847	// UnresolvedAncestorPad.
4848	Value *ResolvedPad = CurrentPad;
4849	while (!Worklist.empty()) {
4850	Value *UnclePad = Worklist.back();
4851	Value *AncestorPad = getParentPad(EHPad: UnclePad);
4852	// Walk ResolvedPad up the ancestor list until we either find the
4853	// uncle's parent or the last resolved ancestor.
4854	while (ResolvedPad != AncestorPad) {
4855	Value *ResolvedParent = getParentPad(EHPad: ResolvedPad);
4856	if (ResolvedParent == UnresolvedAncestorPad) {
4857	break;
4858	}
4859	ResolvedPad = ResolvedParent;
4860	}
4861	// If the resolved ancestor search didn't find the uncle's parent,
4862	// then the uncle is not yet resolved.
4863	if (ResolvedPad != AncestorPad)
4864	break;
4865	// This uncle is resolved, so pop it from the worklist.
4866	Worklist.pop_back();
4867	}
4868	}
4869	}
4870
4871	if (FirstUnwindPad) {
4872	if (auto *CatchSwitch = dyn_cast<CatchSwitchInst>(Val: FPI.getParentPad())) {
4873	BasicBlock *SwitchUnwindDest = CatchSwitch->getUnwindDest();
4874	Value *SwitchUnwindPad;
4875	if (SwitchUnwindDest)
4876	SwitchUnwindPad = &*SwitchUnwindDest->getFirstNonPHIIt();
4877	else
4878	SwitchUnwindPad = ConstantTokenNone::get(Context&: FPI.getContext());
4879	Check(SwitchUnwindPad == FirstUnwindPad,
4880	"Unwind edges out of a catch must have the same unwind dest as "
4881	"the parent catchswitch",
4882	&FPI, FirstUser, CatchSwitch);
4883	}
4884	}
4885
4886	visitInstruction(I&: FPI);
4887	}
4888
4889	void Verifier::visitCatchSwitchInst(CatchSwitchInst &CatchSwitch) {
4890	BasicBlock *BB = CatchSwitch.getParent();
4891
4892	Function *F = BB->getParent();
4893	Check(F->hasPersonalityFn(),
4894	"CatchSwitchInst needs to be in a function with a personality.",
4895	&CatchSwitch);
4896
4897	// The catchswitch instruction must be the first non-PHI instruction in the
4898	// block.
4899	Check(&*BB->getFirstNonPHIIt() == &CatchSwitch,
4900	"CatchSwitchInst not the first non-PHI instruction in the block.",
4901	&CatchSwitch);
4902
4903	auto *ParentPad = CatchSwitch.getParentPad();
4904	Check(isa<ConstantTokenNone>(ParentPad) || isa<FuncletPadInst>(ParentPad),
4905	"CatchSwitchInst has an invalid parent.", ParentPad);
4906
4907	if (BasicBlock *UnwindDest = CatchSwitch.getUnwindDest()) {
4908	BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
4909	Check(I->isEHPad() && !isa<LandingPadInst>(I),
4910	"CatchSwitchInst must unwind to an EH block which is not a "
4911	"landingpad.",
4912	&CatchSwitch);
4913
4914	// Record catchswitch sibling unwinds for verifySiblingFuncletUnwinds
4915	if (getParentPad(EHPad: &*I) == ParentPad)
4916	SiblingFuncletInfo[&CatchSwitch] = &CatchSwitch;
4917	}
4918
4919	Check(CatchSwitch.getNumHandlers() != 0,
4920	"CatchSwitchInst cannot have empty handler list", &CatchSwitch);
4921
4922	for (BasicBlock *Handler : CatchSwitch.handlers()) {
4923	Check(isa<CatchPadInst>(Handler->getFirstNonPHIIt()),
4924	"CatchSwitchInst handlers must be catchpads", &CatchSwitch, Handler);
4925	}
4926
4927	visitEHPadPredecessors(I&: CatchSwitch);
4928	visitTerminator(I&: CatchSwitch);
4929	}
4930
4931	void Verifier::visitCleanupReturnInst(CleanupReturnInst &CRI) {
4932	Check(isa<CleanupPadInst>(CRI.getOperand(0)),
4933	"CleanupReturnInst needs to be provided a CleanupPad", &CRI,
4934	CRI.getOperand(0));
4935
4936	if (BasicBlock *UnwindDest = CRI.getUnwindDest()) {
4937	BasicBlock::iterator I = UnwindDest->getFirstNonPHIIt();
4938	Check(I->isEHPad() && !isa<LandingPadInst>(I),
4939	"CleanupReturnInst must unwind to an EH block which is not a "
4940	"landingpad.",
4941	&CRI);
4942	}
4943
4944	visitTerminator(I&: CRI);
4945	}
4946
4947	void Verifier::verifyDominatesUse(Instruction &I, unsigned i) {
4948	Instruction *Op = cast<Instruction>(Val: I.getOperand(i));
4949	// If the we have an invalid invoke, don't try to compute the dominance.
4950	// We already reject it in the invoke specific checks and the dominance
4951	// computation doesn't handle multiple edges.
4952	if (InvokeInst *II = dyn_cast<InvokeInst>(Val: Op)) {
4953	if (II->getNormalDest() == II->getUnwindDest())
4954	return;
4955	}
4956
4957	// Quick check whether the def has already been encountered in the same block.
4958	// PHI nodes are not checked to prevent accepting preceding PHIs, because PHI
4959	// uses are defined to happen on the incoming edge, not at the instruction.
4960	//
4961	// FIXME: If this operand is a MetadataAsValue (wrapping a LocalAsMetadata)
4962	// wrapping an SSA value, assert that we've already encountered it. See
4963	// related FIXME in Mapper::mapLocalAsMetadata in ValueMapper.cpp.
4964	if (!isa<PHINode>(Val: I) && InstsInThisBlock.count(Ptr: Op))
4965	return;
4966
4967	const Use &U = I.getOperandUse(i);
4968	Check(DT.dominates(Op, U), "Instruction does not dominate all uses!", Op, &I);
4969	}
4970
4971	void Verifier::visitDereferenceableMetadata(Instruction& I, MDNode* MD) {
4972	Check(I.getType()->isPointerTy(),
4973	"dereferenceable, dereferenceable_or_null "
4974	"apply only to pointer types",
4975	&I);
4976	Check((isa<LoadInst>(I) || isa<IntToPtrInst>(I)),
4977	"dereferenceable, dereferenceable_or_null apply only to load"
4978	" and inttoptr instructions, use attributes for calls or invokes",
4979	&I);
4980	Check(MD->getNumOperands() == 1,
4981	"dereferenceable, dereferenceable_or_null "
4982	"take one operand!",
4983	&I);
4984	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 0));
4985	Check(CI && CI->getType()->isIntegerTy(64),
4986	"dereferenceable, "
4987	"dereferenceable_or_null metadata value must be an i64!",
4988	&I);
4989	}
4990
4991	void Verifier::visitProfMetadata(Instruction &I, MDNode *MD) {
4992	auto GetBranchingTerminatorNumOperands = [&]() {
4993	unsigned ExpectedNumOperands = 0;
4994	if (BranchInst *BI = dyn_cast<BranchInst>(Val: &I))
4995	ExpectedNumOperands = BI->getNumSuccessors();
4996	else if (SwitchInst *SI = dyn_cast<SwitchInst>(Val: &I))
4997	ExpectedNumOperands = SI->getNumSuccessors();
4998	else if (isa<CallInst>(Val: &I))
4999	ExpectedNumOperands = 1;
5000	else if (IndirectBrInst *IBI = dyn_cast<IndirectBrInst>(Val: &I))
5001	ExpectedNumOperands = IBI->getNumDestinations();
5002	else if (isa<SelectInst>(Val: &I))
5003	ExpectedNumOperands = 2;
5004	else if (CallBrInst *CI = dyn_cast<CallBrInst>(Val: &I))
5005	ExpectedNumOperands = CI->getNumSuccessors();
5006	return ExpectedNumOperands;
5007	};
5008	Check(MD->getNumOperands() >= 1,
5009	"!prof annotations should have at least 1 operand", MD);
5010	// Check first operand.
5011	Check(MD->getOperand(0) != nullptr, "first operand should not be null", MD);
5012	Check(isa<MDString>(MD->getOperand(0)),
5013	"expected string with name of the !prof annotation", MD);
5014	MDString *MDS = cast<MDString>(Val: MD->getOperand(I: 0));
5015	StringRef ProfName = MDS->getString();
5016
5017	if (ProfName == MDProfLabels::UnknownBranchWeightsMarker) {
5018	Check(GetBranchingTerminatorNumOperands() != 0 || isa<InvokeInst>(I),
5019	"'unknown' !prof should only appear on instructions on which "
5020	"'branch_weights' would",
5021	MD);
5022	Check(MD->getNumOperands() == 1,
5023	"'unknown' !prof should have no additional operands", MD);
5024	return;
5025	}
5026
5027	Check(MD->getNumOperands() >= 2,
5028	"!prof annotations should have no less than 2 operands", MD);
5029
5030	// Check consistency of !prof branch_weights metadata.
5031	if (ProfName == MDProfLabels::BranchWeights) {
5032	unsigned NumBranchWeights = getNumBranchWeights(ProfileData: *MD);
5033	if (isa<InvokeInst>(Val: &I)) {
5034	Check(NumBranchWeights == 1 || NumBranchWeights == 2,
5035	"Wrong number of InvokeInst branch_weights operands", MD);
5036	} else {
5037	const unsigned ExpectedNumOperands = GetBranchingTerminatorNumOperands();
5038	if (ExpectedNumOperands == 0)
5039	CheckFailed(Message: "!prof branch_weights are not allowed for this instruction",
5040	V1: MD);
5041
5042	Check(NumBranchWeights == ExpectedNumOperands, "Wrong number of operands",
5043	MD);
5044	}
5045	for (unsigned i = getBranchWeightOffset(ProfileData: MD); i < MD->getNumOperands();
5046	++i) {
5047	auto &MDO = MD->getOperand(I: i);
5048	Check(MDO, "second operand should not be null", MD);
5049	Check(mdconst::dyn_extract<ConstantInt>(MDO),
5050	"!prof brunch_weights operand is not a const int");
5051	}
5052	} else if (ProfName == MDProfLabels::ValueProfile) {
5053	Check(isValueProfileMD(MD), "invalid value profiling metadata", MD);
5054	ConstantInt *KindInt = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 1));
5055	Check(KindInt, "VP !prof missing kind argument", MD);
5056
5057	auto Kind = KindInt->getZExtValue();
5058	Check(Kind >= InstrProfValueKind::IPVK_First &&
5059	Kind <= InstrProfValueKind::IPVK_Last,
5060	"Invalid VP !prof kind", MD);
5061	Check(MD->getNumOperands() % 2 == 1,
5062	"VP !prof should have an even number "
5063	"of arguments after 'VP'",
5064	MD);
5065	if (Kind == InstrProfValueKind::IPVK_IndirectCallTarget ||
5066	Kind == InstrProfValueKind::IPVK_MemOPSize)
5067	Check(isa<CallBase>(I),
5068	"VP !prof indirect call or memop size expected to be applied to "
5069	"CallBase instructions only",
5070	MD);
5071	} else {
5072	CheckFailed(Message: "expected either branch_weights or VP profile name", V1: MD);
5073	}
5074	}
5075
5076	void Verifier::visitDIAssignIDMetadata(Instruction &I, MDNode *MD) {
5077	assert(I.hasMetadata(LLVMContext::MD_DIAssignID));
5078	// DIAssignID metadata must be attached to either an alloca or some form of
5079	// store/memory-writing instruction.
5080	// FIXME: We allow all intrinsic insts here to avoid trying to enumerate all
5081	// possible store intrinsics.
5082	bool ExpectedInstTy =
5083	isa<AllocaInst>(Val: I) || isa<StoreInst>(Val: I) || isa<IntrinsicInst>(Val: I);
5084	CheckDI(ExpectedInstTy, "!DIAssignID attached to unexpected instruction kind",
5085	I, MD);
5086	// Iterate over the MetadataAsValue uses of the DIAssignID - these should
5087	// only be found as DbgAssignIntrinsic operands.
5088	if (auto *AsValue = MetadataAsValue::getIfExists(Context, MD)) {
5089	for (auto *User : AsValue->users()) {
5090	CheckDI(isa<DbgAssignIntrinsic>(User),
5091	"!DIAssignID should only be used by llvm.dbg.assign intrinsics",
5092	MD, User);
5093	// All of the dbg.assign intrinsics should be in the same function as I.
5094	if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: User))
5095	CheckDI(DAI->getFunction() == I.getFunction(),
5096	"dbg.assign not in same function as inst", DAI, &I);
5097	}
5098	}
5099	for (DbgVariableRecord *DVR :
5100	cast<DIAssignID>(Val: MD)->getAllDbgVariableRecordUsers()) {
5101	CheckDI(DVR->isDbgAssign(),
5102	"!DIAssignID should only be used by Assign DVRs.", MD, DVR);
5103	CheckDI(DVR->getFunction() == I.getFunction(),
5104	"DVRAssign not in same function as inst", DVR, &I);
5105	}
5106	}
5107
5108	void Verifier::visitMMRAMetadata(Instruction &I, MDNode *MD) {
5109	Check(canInstructionHaveMMRAs(I),
5110	"!mmra metadata attached to unexpected instruction kind", I, MD);
5111
5112	// MMRA Metadata should either be a tag, e.g. !{!"foo", !"bar"}, or a
5113	// list of tags such as !2 in the following example:
5114	// !0 = !{!"a", !"b"}
5115	// !1 = !{!"c", !"d"}
5116	// !2 = !{!0, !1}
5117	if (MMRAMetadata::isTagMD(MD))
5118	return;
5119
5120	Check(isa<MDTuple>(MD), "!mmra expected to be a metadata tuple", I, MD);
5121	for (const MDOperand &MDOp : MD->operands())
5122	Check(MMRAMetadata::isTagMD(MDOp.get()),
5123	"!mmra metadata tuple operand is not an MMRA tag", I, MDOp.get());
5124	}
5125
5126	void Verifier::visitCallStackMetadata(MDNode *MD) {
5127	// Call stack metadata should consist of a list of at least 1 constant int
5128	// (representing a hash of the location).
5129	Check(MD->getNumOperands() >= 1,
5130	"call stack metadata should have at least 1 operand", MD);
5131
5132	for (const auto &Op : MD->operands())
5133	Check(mdconst::dyn_extract_or_null<ConstantInt>(Op),
5134	"call stack metadata operand should be constant integer", Op);
5135	}
5136
5137	void Verifier::visitMemProfMetadata(Instruction &I, MDNode *MD) {
5138	Check(isa<CallBase>(I), "!memprof metadata should only exist on calls", &I);
5139	Check(MD->getNumOperands() >= 1,
5140	"!memprof annotations should have at least 1 metadata operand "
5141	"(MemInfoBlock)",
5142	MD);
5143
5144	// Check each MIB
5145	for (auto &MIBOp : MD->operands()) {
5146	MDNode *MIB = dyn_cast<MDNode>(Val: MIBOp);
5147	// The first operand of an MIB should be the call stack metadata.
5148	// There rest of the operands should be MDString tags, and there should be
5149	// at least one.
5150	Check(MIB->getNumOperands() >= 2,
5151	"Each !memprof MemInfoBlock should have at least 2 operands", MIB);
5152
5153	// Check call stack metadata (first operand).
5154	Check(MIB->getOperand(0) != nullptr,
5155	"!memprof MemInfoBlock first operand should not be null", MIB);
5156	Check(isa<MDNode>(MIB->getOperand(0)),
5157	"!memprof MemInfoBlock first operand should be an MDNode", MIB);
5158	MDNode *StackMD = dyn_cast<MDNode>(Val: MIB->getOperand(I: 0));
5159	visitCallStackMetadata(MD: StackMD);
5160
5161	// The next set of 1 or more operands should be MDString.
5162	unsigned I = 1;
5163	for (; I < MIB->getNumOperands(); ++I) {
5164	if (!isa<MDString>(Val: MIB->getOperand(I))) {
5165	Check(I > 1,
5166	"!memprof MemInfoBlock second operand should be an MDString",
5167	MIB);
5168	break;
5169	}
5170	}
5171
5172	// Any remaining should be MDNode that are pairs of integers
5173	for (; I < MIB->getNumOperands(); ++I) {
5174	MDNode *OpNode = dyn_cast<MDNode>(Val: MIB->getOperand(I));
5175	Check(OpNode, "Not all !memprof MemInfoBlock operands 2 to N are MDNode",
5176	MIB);
5177	Check(OpNode->getNumOperands() == 2,
5178	"Not all !memprof MemInfoBlock operands 2 to N are MDNode with 2 "
5179	"operands",
5180	MIB);
5181	// Check that all of Op's operands are ConstantInt.
5182	Check(llvm::all_of(OpNode->operands(),
5183	[](const MDOperand &Op) {
5184	return mdconst::hasa<ConstantInt>(Op);
5185	}),
5186	"Not all !memprof MemInfoBlock operands 2 to N are MDNode with "
5187	"ConstantInt operands",
5188	MIB);
5189	}
5190	}
5191	}
5192
5193	void Verifier::visitCallsiteMetadata(Instruction &I, MDNode *MD) {
5194	Check(isa<CallBase>(I), "!callsite metadata should only exist on calls", &I);
5195	// Verify the partial callstack annotated from memprof profiles. This callsite
5196	// is a part of a profiled allocation callstack.
5197	visitCallStackMetadata(MD);
5198	}
5199
5200	void Verifier::visitAnnotationMetadata(MDNode *Annotation) {
5201	Check(isa<MDTuple>(Annotation), "annotation must be a tuple");
5202	Check(Annotation->getNumOperands() >= 1,
5203	"annotation must have at least one operand");
5204	for (const MDOperand &Op : Annotation->operands()) {
5205	bool TupleOfStrings =
5206	isa<MDTuple>(Val: Op.get()) &&
5207	all_of(Range: cast<MDTuple>(Val: Op)->operands(), P: [](auto &Annotation) {
5208	return isa<MDString>(Annotation.get());
5209	});
5210	Check(isa<MDString>(Op.get()) || TupleOfStrings,
5211	"operands must be a string or a tuple of strings");
5212	}
5213	}
5214
5215	void Verifier::visitAliasScopeMetadata(const MDNode *MD) {
5216	unsigned NumOps = MD->getNumOperands();
5217	Check(NumOps >= 2 && NumOps <= 3, "scope must have two or three operands",
5218	MD);
5219	Check(MD->getOperand(0).get() == MD || isa<MDString>(MD->getOperand(0)),
5220	"first scope operand must be self-referential or string", MD);
5221	if (NumOps == 3)
5222	Check(isa<MDString>(MD->getOperand(2)),
5223	"third scope operand must be string (if used)", MD);
5224
5225	MDNode *Domain = dyn_cast<MDNode>(Val: MD->getOperand(I: 1));
5226	Check(Domain != nullptr, "second scope operand must be MDNode", MD);
5227
5228	unsigned NumDomainOps = Domain->getNumOperands();
5229	Check(NumDomainOps >= 1 && NumDomainOps <= 2,
5230	"domain must have one or two operands", Domain);
5231	Check(Domain->getOperand(0).get() == Domain ||
5232	isa<MDString>(Domain->getOperand(0)),
5233	"first domain operand must be self-referential or string", Domain);
5234	if (NumDomainOps == 2)
5235	Check(isa<MDString>(Domain->getOperand(1)),
5236	"second domain operand must be string (if used)", Domain);
5237	}
5238
5239	void Verifier::visitAliasScopeListMetadata(const MDNode *MD) {
5240	for (const MDOperand &Op : MD->operands()) {
5241	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5242	Check(OpMD != nullptr, "scope list must consist of MDNodes", MD);
5243	visitAliasScopeMetadata(MD: OpMD);
5244	}
5245	}
5246
5247	void Verifier::visitAccessGroupMetadata(const MDNode *MD) {
5248	auto IsValidAccessScope = [](const MDNode *MD) {
5249	return MD->getNumOperands() == 0 && MD->isDistinct();
5250	};
5251
5252	// It must be either an access scope itself...
5253	if (IsValidAccessScope(MD))
5254	return;
5255
5256	// ...or a list of access scopes.
5257	for (const MDOperand &Op : MD->operands()) {
5258	const MDNode *OpMD = dyn_cast<MDNode>(Val: Op);
5259	Check(OpMD != nullptr, "Access scope list must consist of MDNodes", MD);
5260	Check(IsValidAccessScope(OpMD),
5261	"Access scope list contains invalid access scope", MD);
5262	}
5263	}
5264
5265	/// verifyInstruction - Verify that an instruction is well formed.
5266	///
5267	void Verifier::visitInstruction(Instruction &I) {
5268	BasicBlock *BB = I.getParent();
5269	Check(BB, "Instruction not embedded in basic block!", &I);
5270
5271	if (!isa<PHINode>(Val: I)) { // Check that non-phi nodes are not self referential
5272	for (User *U : I.users()) {
5273	Check(U != (User *)&I || !DT.isReachableFromEntry(BB),
5274	"Only PHI nodes may reference their own value!", &I);
5275	}
5276	}
5277
5278	// Check that void typed values don't have names
5279	Check(!I.getType()->isVoidTy() || !I.hasName(),
5280	"Instruction has a name, but provides a void value!", &I);
5281
5282	// Check that the return value of the instruction is either void or a legal
5283	// value type.
5284	Check(I.getType()->isVoidTy() || I.getType()->isFirstClassType(),
5285	"Instruction returns a non-scalar type!", &I);
5286
5287	// Check that the instruction doesn't produce metadata. Calls are already
5288	// checked against the callee type.
5289	Check(!I.getType()->isMetadataTy() || isa<CallInst>(I) || isa<InvokeInst>(I),
5290	"Invalid use of metadata!", &I);
5291
5292	// Check that all uses of the instruction, if they are instructions
5293	// themselves, actually have parent basic blocks. If the use is not an
5294	// instruction, it is an error!
5295	for (Use &U : I.uses()) {
5296	if (Instruction *Used = dyn_cast<Instruction>(Val: U.getUser()))
5297	Check(Used->getParent() != nullptr,
5298	"Instruction referencing"
5299	" instruction not embedded in a basic block!",
5300	&I, Used);
5301	else {
5302	CheckFailed(Message: "Use of instruction is not an instruction!", V1: U);
5303	return;
5304	}
5305	}
5306
5307	// Get a pointer to the call base of the instruction if it is some form of
5308	// call.
5309	const CallBase *CBI = dyn_cast<CallBase>(Val: &I);
5310
5311	for (unsigned i = 0, e = I.getNumOperands(); i != e; ++i) {
5312	Check(I.getOperand(i) != nullptr, "Instruction has null operand!", &I);
5313
5314	// Check to make sure that only first-class-values are operands to
5315	// instructions.
5316	if (!I.getOperand(i)->getType()->isFirstClassType()) {
5317	Check(false, "Instruction operands must be first-class values!", &I);
5318	}
5319
5320	if (Function *F = dyn_cast<Function>(Val: I.getOperand(i))) {
5321	// This code checks whether the function is used as the operand of a
5322	// clang_arc_attachedcall operand bundle.
5323	auto IsAttachedCallOperand = [](Function *F, const CallBase *CBI,
5324	int Idx) {
5325	return CBI && CBI->isOperandBundleOfType(
5326	ID: LLVMContext::OB_clang_arc_attachedcall, Idx);
5327	};
5328
5329	// Check to make sure that the "address of" an intrinsic function is never
5330	// taken. Ignore cases where the address of the intrinsic function is used
5331	// as the argument of operand bundle "clang.arc.attachedcall" as those
5332	// cases are handled in verifyAttachedCallBundle.
5333	Check((!F->isIntrinsic() ||
5334	(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i)) ||
5335	IsAttachedCallOperand(F, CBI, i)),
5336	"Cannot take the address of an intrinsic!", &I);
5337	Check(!F->isIntrinsic() || isa<CallInst>(I) ||
5338	F->getIntrinsicID() == Intrinsic::donothing ||
5339	F->getIntrinsicID() == Intrinsic::seh_try_begin ||
5340	F->getIntrinsicID() == Intrinsic::seh_try_end ||
5341	F->getIntrinsicID() == Intrinsic::seh_scope_begin ||
5342	F->getIntrinsicID() == Intrinsic::seh_scope_end ||
5343	F->getIntrinsicID() == Intrinsic::coro_resume ||
5344	F->getIntrinsicID() == Intrinsic::coro_destroy ||
5345	F->getIntrinsicID() == Intrinsic::coro_await_suspend_void ||
5346	F->getIntrinsicID() == Intrinsic::coro_await_suspend_bool ||
5347	F->getIntrinsicID() == Intrinsic::coro_await_suspend_handle ||
5348	F->getIntrinsicID() ==
5349	Intrinsic::experimental_patchpoint_void ||
5350	F->getIntrinsicID() == Intrinsic::experimental_patchpoint ||
5351	F->getIntrinsicID() == Intrinsic::fake_use ||
5352	F->getIntrinsicID() == Intrinsic::experimental_gc_statepoint ||
5353	F->getIntrinsicID() == Intrinsic::wasm_throw ||
5354	F->getIntrinsicID() == Intrinsic::wasm_rethrow ||
5355	IsAttachedCallOperand(F, CBI, i),
5356	"Cannot invoke an intrinsic other than donothing, patchpoint, "
5357	"statepoint, coro_resume, coro_destroy, clang.arc.attachedcall or "
5358	"wasm.(re)throw",
5359	&I);
5360	Check(F->getParent() == &M, "Referencing function in another module!", &I,
5361	&M, F, F->getParent());
5362	} else if (BasicBlock *OpBB = dyn_cast<BasicBlock>(Val: I.getOperand(i))) {
5363	Check(OpBB->getParent() == BB->getParent(),
5364	"Referring to a basic block in another function!", &I);
5365	} else if (Argument *OpArg = dyn_cast<Argument>(Val: I.getOperand(i))) {
5366	Check(OpArg->getParent() == BB->getParent(),
5367	"Referring to an argument in another function!", &I);
5368	} else if (GlobalValue *GV = dyn_cast<GlobalValue>(Val: I.getOperand(i))) {
5369	Check(GV->getParent() == &M, "Referencing global in another module!", &I,
5370	&M, GV, GV->getParent());
5371	} else if (Instruction *OpInst = dyn_cast<Instruction>(Val: I.getOperand(i))) {
5372	Check(OpInst->getFunction() == BB->getParent(),
5373	"Referring to an instruction in another function!", &I);
5374	verifyDominatesUse(I, i);
5375	} else if (isa<InlineAsm>(Val: I.getOperand(i))) {
5376	Check(CBI && &CBI->getCalledOperandUse() == &I.getOperandUse(i),
5377	"Cannot take the address of an inline asm!", &I);
5378	} else if (auto *CPA = dyn_cast<ConstantPtrAuth>(Val: I.getOperand(i))) {
5379	visitConstantExprsRecursively(EntryC: CPA);
5380	} else if (ConstantExpr *CE = dyn_cast<ConstantExpr>(Val: I.getOperand(i))) {
5381	if (CE->getType()->isPtrOrPtrVectorTy()) {
5382	// If we have a ConstantExpr pointer, we need to see if it came from an
5383	// illegal bitcast.
5384	visitConstantExprsRecursively(EntryC: CE);
5385	}
5386	}
5387	}
5388
5389	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_fpmath)) {
5390	Check(I.getType()->isFPOrFPVectorTy(),
5391	"fpmath requires a floating point result!", &I);
5392	Check(MD->getNumOperands() == 1, "fpmath takes one operand!", &I);
5393	if (ConstantFP *CFP0 =
5394	mdconst::dyn_extract_or_null<ConstantFP>(MD: MD->getOperand(I: 0))) {
5395	const APFloat &Accuracy = CFP0->getValueAPF();
5396	Check(&Accuracy.getSemantics() == &APFloat::IEEEsingle(),
5397	"fpmath accuracy must have float type", &I);
5398	Check(Accuracy.isFiniteNonZero() && !Accuracy.isNegative(),
5399	"fpmath accuracy not a positive number!", &I);
5400	} else {
5401	Check(false, "invalid fpmath accuracy!", &I);
5402	}
5403	}
5404
5405	if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_range)) {
5406	Check(isa<LoadInst>(I) || isa<CallInst>(I) || isa<InvokeInst>(I),
5407	"Ranges are only for loads, calls and invokes!", &I);
5408	visitRangeMetadata(I, Range, Ty: I.getType());
5409	}
5410
5411	if (MDNode *Range = I.getMetadata(KindID: LLVMContext::MD_noalias_addrspace)) {
5412	Check(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<AtomicRMWInst>(I) ||
5413	isa<AtomicCmpXchgInst>(I) || isa<CallInst>(I),
5414	"noalias.addrspace are only for memory operations!", &I);
5415	visitNoaliasAddrspaceMetadata(I, Range, Ty: I.getType());
5416	}
5417
5418	if (I.hasMetadata(KindID: LLVMContext::MD_invariant_group)) {
5419	Check(isa<LoadInst>(I) || isa<StoreInst>(I),
5420	"invariant.group metadata is only for loads and stores", &I);
5421	}
5422
5423	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_nonnull)) {
5424	Check(I.getType()->isPointerTy(), "nonnull applies only to pointer types",
5425	&I);
5426	Check(isa<LoadInst>(I),
5427	"nonnull applies only to load instructions, use attributes"
5428	" for calls or invokes",
5429	&I);
5430	Check(MD->getNumOperands() == 0, "nonnull metadata must be empty", &I);
5431	}
5432
5433	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable))
5434	visitDereferenceableMetadata(I, MD);
5435
5436	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_dereferenceable_or_null))
5437	visitDereferenceableMetadata(I, MD);
5438
5439	if (MDNode *TBAA = I.getMetadata(KindID: LLVMContext::MD_tbaa))
5440	TBAAVerifyHelper.visitTBAAMetadata(I, MD: TBAA);
5441
5442	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_noalias))
5443	visitAliasScopeListMetadata(MD);
5444	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_alias_scope))
5445	visitAliasScopeListMetadata(MD);
5446
5447	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_access_group))
5448	visitAccessGroupMetadata(MD);
5449
5450	if (MDNode *AlignMD = I.getMetadata(KindID: LLVMContext::MD_align)) {
5451	Check(I.getType()->isPointerTy(), "align applies only to pointer types",
5452	&I);
5453	Check(isa<LoadInst>(I),
5454	"align applies only to load instructions, "
5455	"use attributes for calls or invokes",
5456	&I);
5457	Check(AlignMD->getNumOperands() == 1, "align takes one operand!", &I);
5458	ConstantInt *CI = mdconst::dyn_extract<ConstantInt>(MD: AlignMD->getOperand(I: 0));
5459	Check(CI && CI->getType()->isIntegerTy(64),
5460	"align metadata value must be an i64!", &I);
5461	uint64_t Align = CI->getZExtValue();
5462	Check(isPowerOf2_64(Align), "align metadata value must be a power of 2!",
5463	&I);
5464	Check(Align <= Value::MaximumAlignment,
5465	"alignment is larger that implementation defined limit", &I);
5466	}
5467
5468	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_prof))
5469	visitProfMetadata(I, MD);
5470
5471	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_memprof))
5472	visitMemProfMetadata(I, MD);
5473
5474	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_callsite))
5475	visitCallsiteMetadata(I, MD);
5476
5477	if (MDNode *MD = I.getMetadata(KindID: LLVMContext::MD_DIAssignID))
5478	visitDIAssignIDMetadata(I, MD);
5479
5480	if (MDNode *MMRA = I.getMetadata(KindID: LLVMContext::MD_mmra))
5481	visitMMRAMetadata(I, MD: MMRA);
5482
5483	if (MDNode *Annotation = I.getMetadata(KindID: LLVMContext::MD_annotation))
5484	visitAnnotationMetadata(Annotation);
5485
5486	if (MDNode *N = I.getDebugLoc().getAsMDNode()) {
5487	CheckDI(isa<DILocation>(N), "invalid !dbg metadata attachment", &I, N);
5488	visitMDNode(MD: *N, AllowLocs: AreDebugLocsAllowed::Yes);
5489
5490	if (auto *DL = dyn_cast<DILocation>(Val: N)) {
5491	if (DL->getAtomGroup()) {
5492	CheckDI(DL->getScope()->getSubprogram()->getKeyInstructionsEnabled(),
5493	"DbgLoc uses atomGroup but DISubprogram doesn't have Key "
5494	"Instructions enabled",
5495	DL, DL->getScope()->getSubprogram());
5496	}
5497	}
5498	}
5499
5500	if (auto *DII = dyn_cast<DbgVariableIntrinsic>(Val: &I)) {
5501	verifyFragmentExpression(I: *DII);
5502	verifyNotEntryValue(I: *DII);
5503	}
5504
5505	SmallVector<std::pair<unsigned, MDNode *>, 4> MDs;
5506	I.getAllMetadata(MDs);
5507	for (auto Attachment : MDs) {
5508	unsigned Kind = Attachment.first;
5509	auto AllowLocs =
5510	(Kind == LLVMContext::MD_dbg || Kind == LLVMContext::MD_loop)
5511	? AreDebugLocsAllowed::Yes
5512	: AreDebugLocsAllowed::No;
5513	visitMDNode(MD: *Attachment.second, AllowLocs);
5514	}
5515
5516	InstsInThisBlock.insert(Ptr: &I);
5517	}
5518
5519	/// Allow intrinsics to be verified in different ways.
5520	void Verifier::visitIntrinsicCall(Intrinsic::ID ID, CallBase &Call) {
5521	Function *IF = Call.getCalledFunction();
5522	Check(IF->isDeclaration(), "Intrinsic functions should never be defined!",
5523	IF);
5524
5525	// Verify that the intrinsic prototype lines up with what the .td files
5526	// describe.
5527	FunctionType *IFTy = IF->getFunctionType();
5528	bool IsVarArg = IFTy->isVarArg();
5529
5530	SmallVector<Intrinsic::IITDescriptor, 8> Table;
5531	getIntrinsicInfoTableEntries(id: ID, T&: Table);
5532	ArrayRef<Intrinsic::IITDescriptor> TableRef = Table;
5533
5534	// Walk the descriptors to extract overloaded types.
5535	SmallVector<Type *, 4> ArgTys;
5536	Intrinsic::MatchIntrinsicTypesResult Res =
5537	Intrinsic::matchIntrinsicSignature(FTy: IFTy, Infos&: TableRef, ArgTys);
5538	Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchRet,
5539	"Intrinsic has incorrect return type!", IF);
5540	Check(Res != Intrinsic::MatchIntrinsicTypes_NoMatchArg,
5541	"Intrinsic has incorrect argument type!", IF);
5542
5543	// Verify if the intrinsic call matches the vararg property.
5544	if (IsVarArg)
5545	Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5546	"Intrinsic was not defined with variable arguments!", IF);
5547	else
5548	Check(!Intrinsic::matchIntrinsicVarArg(IsVarArg, TableRef),
5549	"Callsite was not defined with variable arguments!", IF);
5550
5551	// All descriptors should be absorbed by now.
5552	Check(TableRef.empty(), "Intrinsic has too few arguments!", IF);
5553
5554	// Now that we have the intrinsic ID and the actual argument types (and we
5555	// know they are legal for the intrinsic!) get the intrinsic name through the
5556	// usual means. This allows us to verify the mangling of argument types into
5557	// the name.
5558	const std::string ExpectedName =
5559	Intrinsic::getName(Id: ID, Tys: ArgTys, M: IF->getParent(), FT: IFTy);
5560	Check(ExpectedName == IF->getName(),
5561	"Intrinsic name not mangled correctly for type arguments! "
5562	"Should be: " +
5563	ExpectedName,
5564	IF);
5565
5566	// If the intrinsic takes MDNode arguments, verify that they are either global
5567	// or are local to *this* function.
5568	for (Value *V : Call.args()) {
5569	if (auto *MD = dyn_cast<MetadataAsValue>(Val: V))
5570	visitMetadataAsValue(MDV: *MD, F: Call.getCaller());
5571	if (auto *Const = dyn_cast<Constant>(Val: V))
5572	Check(!Const->getType()->isX86_AMXTy(),
5573	"const x86_amx is not allowed in argument!");
5574	}
5575
5576	switch (ID) {
5577	default:
5578	break;
5579	case Intrinsic::assume: {
5580	for (auto &Elem : Call.bundle_op_infos()) {
5581	unsigned ArgCount = Elem.End - Elem.Begin;
5582	// Separate storage assumptions are special insofar as they're the only
5583	// operand bundles allowed on assumes that aren't parameter attributes.
5584	if (Elem.Tag->getKey() == "separate_storage") {
5585	Check(ArgCount == 2,
5586	"separate_storage assumptions should have 2 arguments", Call);
5587	Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy() &&
5588	Call.getOperand(Elem.Begin + 1)->getType()->isPointerTy(),
5589	"arguments to separate_storage assumptions should be pointers",
5590	Call);
5591	continue;
5592	}
5593	Check(Elem.Tag->getKey() == "ignore" ||
5594	Attribute::isExistingAttribute(Elem.Tag->getKey()),
5595	"tags must be valid attribute names", Call);
5596	Attribute::AttrKind Kind =
5597	Attribute::getAttrKindFromName(AttrName: Elem.Tag->getKey());
5598	if (Kind == Attribute::Alignment) {
5599	Check(ArgCount <= 3 && ArgCount >= 2,
5600	"alignment assumptions should have 2 or 3 arguments", Call);
5601	Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(),
5602	"first argument should be a pointer", Call);
5603	Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(),
5604	"second argument should be an integer", Call);
5605	if (ArgCount == 3)
5606	Check(Call.getOperand(Elem.Begin + 2)->getType()->isIntegerTy(),
5607	"third argument should be an integer if present", Call);
5608	continue;
5609	}
5610	if (Kind == Attribute::Dereferenceable) {
5611	Check(ArgCount == 2,
5612	"dereferenceable assumptions should have 2 arguments", Call);
5613	Check(Call.getOperand(Elem.Begin)->getType()->isPointerTy(),
5614	"first argument should be a pointer", Call);
5615	Check(Call.getOperand(Elem.Begin + 1)->getType()->isIntegerTy(),
5616	"second argument should be an integer", Call);
5617	continue;
5618	}
5619	Check(ArgCount <= 2, "too many arguments", Call);
5620	if (Kind == Attribute::None)
5621	break;
5622	if (Attribute::isIntAttrKind(Kind)) {
5623	Check(ArgCount == 2, "this attribute should have 2 arguments", Call);
5624	Check(isa<ConstantInt>(Call.getOperand(Elem.Begin + 1)),
5625	"the second argument should be a constant integral value", Call);
5626	} else if (Attribute::canUseAsParamAttr(Kind)) {
5627	Check((ArgCount) == 1, "this attribute should have one argument", Call);
5628	} else if (Attribute::canUseAsFnAttr(Kind)) {
5629	Check((ArgCount) == 0, "this attribute has no argument", Call);
5630	}
5631	}
5632	break;
5633	}
5634	case Intrinsic::ucmp:
5635	case Intrinsic::scmp: {
5636	Type *SrcTy = Call.getOperand(i_nocapture: 0)->getType();
5637	Type *DestTy = Call.getType();
5638
5639	Check(DestTy->getScalarSizeInBits() >= 2,
5640	"result type must be at least 2 bits wide", Call);
5641
5642	bool IsDestTypeVector = DestTy->isVectorTy();
5643	Check(SrcTy->isVectorTy() == IsDestTypeVector,
5644	"ucmp/scmp argument and result types must both be either vector or "
5645	"scalar types",
5646	Call);
5647	if (IsDestTypeVector) {
5648	auto SrcVecLen = cast<VectorType>(Val: SrcTy)->getElementCount();
5649	auto DestVecLen = cast<VectorType>(Val: DestTy)->getElementCount();
5650	Check(SrcVecLen == DestVecLen,
5651	"return type and arguments must have the same number of "
5652	"elements",
5653	Call);
5654	}
5655	break;
5656	}
5657	case Intrinsic::coro_id: {
5658	auto *InfoArg = Call.getArgOperand(i: 3)->stripPointerCasts();
5659	if (isa<ConstantPointerNull>(Val: InfoArg))
5660	break;
5661	auto *GV = dyn_cast<GlobalVariable>(Val: InfoArg);
5662	Check(GV && GV->isConstant() && GV->hasDefinitiveInitializer(),
5663	"info argument of llvm.coro.id must refer to an initialized "
5664	"constant");
5665	Constant *Init = GV->getInitializer();
5666	Check(isa<ConstantStruct>(Init) || isa<ConstantArray>(Init),
5667	"info argument of llvm.coro.id must refer to either a struct or "
5668	"an array");
5669	break;
5670	}
5671	case Intrinsic::is_fpclass: {
5672	const ConstantInt *TestMask = cast<ConstantInt>(Val: Call.getOperand(i_nocapture: 1));
5673	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
5674	"unsupported bits for llvm.is.fpclass test mask");
5675	break;
5676	}
5677	case Intrinsic::fptrunc_round: {
5678	// Check the rounding mode
5679	Metadata *MD = nullptr;
5680	auto *MAV = dyn_cast<MetadataAsValue>(Val: Call.getOperand(i_nocapture: 1));
5681	if (MAV)
5682	MD = MAV->getMetadata();
5683
5684	Check(MD != nullptr, "missing rounding mode argument", Call);
5685
5686	Check(isa<MDString>(MD),
5687	("invalid value for llvm.fptrunc.round metadata operand"
5688	" (the operand should be a string)"),
5689	MD);
5690
5691	std::optional<RoundingMode> RoundMode =
5692	convertStrToRoundingMode(cast<MDString>(Val: MD)->getString());
5693	Check(RoundMode && *RoundMode != RoundingMode::Dynamic,
5694	"unsupported rounding mode argument", Call);
5695	break;
5696	}
5697	#define BEGIN_REGISTER_VP_INTRINSIC(VPID, ...) case Intrinsic::VPID:
5698	#include "llvm/IR/VPIntrinsics.def"
5699	#undef BEGIN_REGISTER_VP_INTRINSIC
5700	visitVPIntrinsic(VPI&: cast<VPIntrinsic>(Val&: Call));
5701	break;
5702	#define INSTRUCTION(NAME, NARGS, ROUND_MODE, INTRINSIC) \
5703	case Intrinsic::INTRINSIC:
5704	#include "llvm/IR/ConstrainedOps.def"
5705	#undef INSTRUCTION
5706	visitConstrainedFPIntrinsic(FPI&: cast<ConstrainedFPIntrinsic>(Val&: Call));
5707	break;
5708	case Intrinsic::dbg_declare: // llvm.dbg.declare
5709	Check(isa<MetadataAsValue>(Call.getArgOperand(0)),
5710	"invalid llvm.dbg.declare intrinsic call 1", Call);
5711	visitDbgIntrinsic(Kind: "declare", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5712	break;
5713	case Intrinsic::dbg_value: // llvm.dbg.value
5714	visitDbgIntrinsic(Kind: "value", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5715	break;
5716	case Intrinsic::dbg_assign: // llvm.dbg.assign
5717	visitDbgIntrinsic(Kind: "assign", DII&: cast<DbgVariableIntrinsic>(Val&: Call));
5718	break;
5719	case Intrinsic::dbg_label: // llvm.dbg.label
5720	visitDbgLabelIntrinsic(Kind: "label", DLI&: cast<DbgLabelInst>(Val&: Call));
5721	break;
5722	case Intrinsic::memcpy:
5723	case Intrinsic::memcpy_inline:
5724	case Intrinsic::memmove:
5725	case Intrinsic::memset:
5726	case Intrinsic::memset_inline:
5727	break;
5728	case Intrinsic::experimental_memset_pattern: {
5729	const auto Memset = cast<MemSetPatternInst>(Val: &Call);
5730	Check(Memset->getValue()->getType()->isSized(),
5731	"unsized types cannot be used as memset patterns", Call);
5732	break;
5733	}
5734	case Intrinsic::memcpy_element_unordered_atomic:
5735	case Intrinsic::memmove_element_unordered_atomic:
5736	case Intrinsic::memset_element_unordered_atomic: {
5737	const auto *AMI = cast<AnyMemIntrinsic>(Val: &Call);
5738
5739	ConstantInt *ElementSizeCI =
5740	cast<ConstantInt>(Val: AMI->getRawElementSizeInBytes());
5741	const APInt &ElementSizeVal = ElementSizeCI->getValue();
5742	Check(ElementSizeVal.isPowerOf2(),
5743	"element size of the element-wise atomic memory intrinsic "
5744	"must be a power of 2",
5745	Call);
5746
5747	auto IsValidAlignment = [&](MaybeAlign Alignment) {
5748	return Alignment && ElementSizeVal.ule(RHS: Alignment->value());
5749	};
5750	Check(IsValidAlignment(AMI->getDestAlign()),
5751	"incorrect alignment of the destination argument", Call);
5752	if (const auto *AMT = dyn_cast<AnyMemTransferInst>(Val: AMI)) {
5753	Check(IsValidAlignment(AMT->getSourceAlign()),
5754	"incorrect alignment of the source argument", Call);
5755	}
5756	break;
5757	}
5758	case Intrinsic::call_preallocated_setup: {
5759	auto *NumArgs = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
5760	Check(NumArgs != nullptr,
5761	"llvm.call.preallocated.setup argument must be a constant");
5762	bool FoundCall = false;
5763	for (User *U : Call.users()) {
5764	auto *UseCall = dyn_cast<CallBase>(Val: U);
5765	Check(UseCall != nullptr,
5766	"Uses of llvm.call.preallocated.setup must be calls");
5767	Intrinsic::ID IID = UseCall->getIntrinsicID();
5768	if (IID == Intrinsic::call_preallocated_arg) {
5769	auto *AllocArgIndex = dyn_cast<ConstantInt>(Val: UseCall->getArgOperand(i: 1));
5770	Check(AllocArgIndex != nullptr,
5771	"llvm.call.preallocated.alloc arg index must be a constant");
5772	auto AllocArgIndexInt = AllocArgIndex->getValue();
5773	Check(AllocArgIndexInt.sge(0) &&
5774	AllocArgIndexInt.slt(NumArgs->getValue()),
5775	"llvm.call.preallocated.alloc arg index must be between 0 and "
5776	"corresponding "
5777	"llvm.call.preallocated.setup's argument count");
5778	} else if (IID == Intrinsic::call_preallocated_teardown) {
5779	// nothing to do
5780	} else {
5781	Check(!FoundCall, "Can have at most one call corresponding to a "
5782	"llvm.call.preallocated.setup");
5783	FoundCall = true;
5784	size_t NumPreallocatedArgs = 0;
5785	for (unsigned i = 0; i < UseCall->arg_size(); i++) {
5786	if (UseCall->paramHasAttr(ArgNo: i, Kind: Attribute::Preallocated)) {
5787	++NumPreallocatedArgs;
5788	}
5789	}
5790	Check(NumPreallocatedArgs != 0,
5791	"cannot use preallocated intrinsics on a call without "
5792	"preallocated arguments");
5793	Check(NumArgs->equalsInt(NumPreallocatedArgs),
5794	"llvm.call.preallocated.setup arg size must be equal to number "
5795	"of preallocated arguments "
5796	"at call site",
5797	Call, *UseCall);
5798	// getOperandBundle() cannot be called if more than one of the operand
5799	// bundle exists. There is already a check elsewhere for this, so skip
5800	// here if we see more than one.
5801	if (UseCall->countOperandBundlesOfType(ID: LLVMContext::OB_preallocated) >
5802	1) {
5803	return;
5804	}
5805	auto PreallocatedBundle =
5806	UseCall->getOperandBundle(ID: LLVMContext::OB_preallocated);
5807	Check(PreallocatedBundle,
5808	"Use of llvm.call.preallocated.setup outside intrinsics "
5809	"must be in \"preallocated\" operand bundle");
5810	Check(PreallocatedBundle->Inputs.front().get() == &Call,
5811	"preallocated bundle must have token from corresponding "
5812	"llvm.call.preallocated.setup");
5813	}
5814	}
5815	break;
5816	}
5817	case Intrinsic::call_preallocated_arg: {
5818	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
5819	Check(Token &&
5820	Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
5821	"llvm.call.preallocated.arg token argument must be a "
5822	"llvm.call.preallocated.setup");
5823	Check(Call.hasFnAttr(Attribute::Preallocated),
5824	"llvm.call.preallocated.arg must be called with a \"preallocated\" "
5825	"call site attribute");
5826	break;
5827	}
5828	case Intrinsic::call_preallocated_teardown: {
5829	auto *Token = dyn_cast<CallBase>(Val: Call.getArgOperand(i: 0));
5830	Check(Token &&
5831	Token->getIntrinsicID() == Intrinsic::call_preallocated_setup,
5832	"llvm.call.preallocated.teardown token argument must be a "
5833	"llvm.call.preallocated.setup");
5834	break;
5835	}
5836	case Intrinsic::gcroot:
5837	case Intrinsic::gcwrite:
5838	case Intrinsic::gcread:
5839	if (ID == Intrinsic::gcroot) {
5840	AllocaInst *AI =
5841	dyn_cast<AllocaInst>(Val: Call.getArgOperand(i: 0)->stripPointerCasts());
5842	Check(AI, "llvm.gcroot parameter #1 must be an alloca.", Call);
5843	Check(isa<Constant>(Call.getArgOperand(1)),
5844	"llvm.gcroot parameter #2 must be a constant.", Call);
5845	if (!AI->getAllocatedType()->isPointerTy()) {
5846	Check(!isa<ConstantPointerNull>(Call.getArgOperand(1)),
5847	"llvm.gcroot parameter #1 must either be a pointer alloca, "
5848	"or argument #2 must be a non-null constant.",
5849	Call);
5850	}
5851	}
5852
5853	Check(Call.getParent()->getParent()->hasGC(),
5854	"Enclosing function does not use GC.", Call);
5855	break;
5856	case Intrinsic::init_trampoline:
5857	Check(isa<Function>(Call.getArgOperand(1)->stripPointerCasts()),
5858	"llvm.init_trampoline parameter #2 must resolve to a function.",
5859	Call);
5860	break;
5861	case Intrinsic::prefetch:
5862	Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
5863	"rw argument to llvm.prefetch must be 0-1", Call);
5864	Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
5865	"locality argument to llvm.prefetch must be 0-3", Call);
5866	Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
5867	"cache type argument to llvm.prefetch must be 0-1", Call);
5868	break;
5869	case Intrinsic::stackprotector:
5870	Check(isa<AllocaInst>(Call.getArgOperand(1)->stripPointerCasts()),
5871	"llvm.stackprotector parameter #2 must resolve to an alloca.", Call);
5872	break;
5873	case Intrinsic::localescape: {
5874	BasicBlock *BB = Call.getParent();
5875	Check(BB->isEntryBlock(), "llvm.localescape used outside of entry block",
5876	Call);
5877	Check(!SawFrameEscape, "multiple calls to llvm.localescape in one function",
5878	Call);
5879	for (Value *Arg : Call.args()) {
5880	if (isa<ConstantPointerNull>(Val: Arg))
5881	continue; // Null values are allowed as placeholders.
5882	auto *AI = dyn_cast<AllocaInst>(Val: Arg->stripPointerCasts());
5883	Check(AI && AI->isStaticAlloca(),
5884	"llvm.localescape only accepts static allocas", Call);
5885	}
5886	FrameEscapeInfo[BB->getParent()].first = Call.arg_size();
5887	SawFrameEscape = true;
5888	break;
5889	}
5890	case Intrinsic::localrecover: {
5891	Value *FnArg = Call.getArgOperand(i: 0)->stripPointerCasts();
5892	Function *Fn = dyn_cast<Function>(Val: FnArg);
5893	Check(Fn && !Fn->isDeclaration(),
5894	"llvm.localrecover first "
5895	"argument must be function defined in this module",
5896	Call);
5897	auto *IdxArg = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
5898	auto &Entry = FrameEscapeInfo[Fn];
5899	Entry.second = unsigned(
5900	std::max(a: uint64_t(Entry.second), b: IdxArg->getLimitedValue(Limit: ~0U) + 1));
5901	break;
5902	}
5903
5904	case Intrinsic::experimental_gc_statepoint:
5905	if (auto *CI = dyn_cast<CallInst>(Val: &Call))
5906	Check(!CI->isInlineAsm(),
5907	"gc.statepoint support for inline assembly unimplemented", CI);
5908	Check(Call.getParent()->getParent()->hasGC(),
5909	"Enclosing function does not use GC.", Call);
5910
5911	verifyStatepoint(Call);
5912	break;
5913	case Intrinsic::experimental_gc_result: {
5914	Check(Call.getParent()->getParent()->hasGC(),
5915	"Enclosing function does not use GC.", Call);
5916
5917	auto *Statepoint = Call.getArgOperand(i: 0);
5918	if (isa<UndefValue>(Val: Statepoint))
5919	break;
5920
5921	// Are we tied to a statepoint properly?
5922	const auto *StatepointCall = dyn_cast<CallBase>(Val: Statepoint);
5923	Check(StatepointCall && StatepointCall->getIntrinsicID() ==
5924	Intrinsic::experimental_gc_statepoint,
5925	"gc.result operand #1 must be from a statepoint", Call,
5926	Call.getArgOperand(0));
5927
5928	// Check that result type matches wrapped callee.
5929	auto *TargetFuncType =
5930	cast<FunctionType>(Val: StatepointCall->getParamElementType(ArgNo: 2));
5931	Check(Call.getType() == TargetFuncType->getReturnType(),
5932	"gc.result result type does not match wrapped callee", Call);
5933	break;
5934	}
5935	case Intrinsic::experimental_gc_relocate: {
5936	Check(Call.arg_size() == 3, "wrong number of arguments", Call);
5937
5938	Check(isa<PointerType>(Call.getType()->getScalarType()),
5939	"gc.relocate must return a pointer or a vector of pointers", Call);
5940
5941	// Check that this relocate is correctly tied to the statepoint
5942
5943	// This is case for relocate on the unwinding path of an invoke statepoint
5944	if (LandingPadInst *LandingPad =
5945	dyn_cast<LandingPadInst>(Val: Call.getArgOperand(i: 0))) {
5946
5947	const BasicBlock *InvokeBB =
5948	LandingPad->getParent()->getUniquePredecessor();
5949
5950	// Landingpad relocates should have only one predecessor with invoke
5951	// statepoint terminator
5952	Check(InvokeBB, "safepoints should have unique landingpads",
5953	LandingPad->getParent());
5954	Check(InvokeBB->getTerminator(), "safepoint block should be well formed",
5955	InvokeBB);
5956	Check(isa<GCStatepointInst>(InvokeBB->getTerminator()),
5957	"gc relocate should be linked to a statepoint", InvokeBB);
5958	} else {
5959	// In all other cases relocate should be tied to the statepoint directly.
5960	// This covers relocates on a normal return path of invoke statepoint and
5961	// relocates of a call statepoint.
5962	auto *Token = Call.getArgOperand(i: 0);
5963	Check(isa<GCStatepointInst>(Token) || isa<UndefValue>(Token),
5964	"gc relocate is incorrectly tied to the statepoint", Call, Token);
5965	}
5966
5967	// Verify rest of the relocate arguments.
5968	const Value &StatepointCall = *cast<GCRelocateInst>(Val&: Call).getStatepoint();
5969
5970	// Both the base and derived must be piped through the safepoint.
5971	Value *Base = Call.getArgOperand(i: 1);
5972	Check(isa<ConstantInt>(Base),
5973	"gc.relocate operand #2 must be integer offset", Call);
5974
5975	Value *Derived = Call.getArgOperand(i: 2);
5976	Check(isa<ConstantInt>(Derived),
5977	"gc.relocate operand #3 must be integer offset", Call);
5978
5979	const uint64_t BaseIndex = cast<ConstantInt>(Val: Base)->getZExtValue();
5980	const uint64_t DerivedIndex = cast<ConstantInt>(Val: Derived)->getZExtValue();
5981
5982	// Check the bounds
5983	if (isa<UndefValue>(Val: StatepointCall))
5984	break;
5985	if (auto Opt = cast<GCStatepointInst>(Val: StatepointCall)
5986	.getOperandBundle(ID: LLVMContext::OB_gc_live)) {
5987	Check(BaseIndex < Opt->Inputs.size(),
5988	"gc.relocate: statepoint base index out of bounds", Call);
5989	Check(DerivedIndex < Opt->Inputs.size(),
5990	"gc.relocate: statepoint derived index out of bounds", Call);
5991	}
5992
5993	// Relocated value must be either a pointer type or vector-of-pointer type,
5994	// but gc_relocate does not need to return the same pointer type as the
5995	// relocated pointer. It can be casted to the correct type later if it's
5996	// desired. However, they must have the same address space and 'vectorness'
5997	GCRelocateInst &Relocate = cast<GCRelocateInst>(Val&: Call);
5998	auto *ResultType = Call.getType();
5999	auto *DerivedType = Relocate.getDerivedPtr()->getType();
6000	auto *BaseType = Relocate.getBasePtr()->getType();
6001
6002	Check(BaseType->isPtrOrPtrVectorTy(),
6003	"gc.relocate: relocated value must be a pointer", Call);
6004	Check(DerivedType->isPtrOrPtrVectorTy(),
6005	"gc.relocate: relocated value must be a pointer", Call);
6006
6007	Check(ResultType->isVectorTy() == DerivedType->isVectorTy(),
6008	"gc.relocate: vector relocates to vector and pointer to pointer",
6009	Call);
6010	Check(
6011	ResultType->getPointerAddressSpace() ==
6012	DerivedType->getPointerAddressSpace(),
6013	"gc.relocate: relocating a pointer shouldn't change its address space",
6014	Call);
6015
6016	auto GC = llvm::getGCStrategy(Name: Relocate.getFunction()->getGC());
6017	Check(GC, "gc.relocate: calling function must have GCStrategy",
6018	Call.getFunction());
6019	if (GC) {
6020	auto isGCPtr = [&GC](Type *PTy) {
6021	return GC->isGCManagedPointer(Ty: PTy->getScalarType()).value_or(u: true);
6022	};
6023	Check(isGCPtr(ResultType), "gc.relocate: must return gc pointer", Call);
6024	Check(isGCPtr(BaseType),
6025	"gc.relocate: relocated value must be a gc pointer", Call);
6026	Check(isGCPtr(DerivedType),
6027	"gc.relocate: relocated value must be a gc pointer", Call);
6028	}
6029	break;
6030	}
6031	case Intrinsic::experimental_patchpoint: {
6032	if (Call.getCallingConv() == CallingConv::AnyReg) {
6033	Check(Call.getType()->isSingleValueType(),
6034	"patchpoint: invalid return type used with anyregcc", Call);
6035	}
6036	break;
6037	}
6038	case Intrinsic::eh_exceptioncode:
6039	case Intrinsic::eh_exceptionpointer: {
6040	Check(isa<CatchPadInst>(Call.getArgOperand(0)),
6041	"eh.exceptionpointer argument must be a catchpad", Call);
6042	break;
6043	}
6044	case Intrinsic::get_active_lane_mask: {
6045	Check(Call.getType()->isVectorTy(),
6046	"get_active_lane_mask: must return a "
6047	"vector",
6048	Call);
6049	auto *ElemTy = Call.getType()->getScalarType();
6050	Check(ElemTy->isIntegerTy(1),
6051	"get_active_lane_mask: element type is not "
6052	"i1",
6053	Call);
6054	break;
6055	}
6056	case Intrinsic::experimental_get_vector_length: {
6057	ConstantInt *VF = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6058	Check(!VF->isNegative() && !VF->isZero(),
6059	"get_vector_length: VF must be positive", Call);
6060	break;
6061	}
6062	case Intrinsic::masked_load: {
6063	Check(Call.getType()->isVectorTy(), "masked_load: must return a vector",
6064	Call);
6065
6066	ConstantInt *Alignment = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6067	Value *Mask = Call.getArgOperand(i: 2);
6068	Value *PassThru = Call.getArgOperand(i: 3);
6069	Check(Mask->getType()->isVectorTy(), "masked_load: mask must be vector",
6070	Call);
6071	Check(Alignment->getValue().isPowerOf2(),
6072	"masked_load: alignment must be a power of 2", Call);
6073	Check(PassThru->getType() == Call.getType(),
6074	"masked_load: pass through and return type must match", Call);
6075	Check(cast<VectorType>(Mask->getType())->getElementCount() ==
6076	cast<VectorType>(Call.getType())->getElementCount(),
6077	"masked_load: vector mask must be same length as return", Call);
6078	break;
6079	}
6080	case Intrinsic::masked_store: {
6081	Value *Val = Call.getArgOperand(i: 0);
6082	ConstantInt *Alignment = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6083	Value *Mask = Call.getArgOperand(i: 3);
6084	Check(Mask->getType()->isVectorTy(), "masked_store: mask must be vector",
6085	Call);
6086	Check(Alignment->getValue().isPowerOf2(),
6087	"masked_store: alignment must be a power of 2", Call);
6088	Check(cast<VectorType>(Mask->getType())->getElementCount() ==
6089	cast<VectorType>(Val->getType())->getElementCount(),
6090	"masked_store: vector mask must be same length as value", Call);
6091	break;
6092	}
6093
6094	case Intrinsic::masked_gather: {
6095	const APInt &Alignment =
6096	cast<ConstantInt>(Val: Call.getArgOperand(i: 1))->getValue();
6097	Check(Alignment.isZero() || Alignment.isPowerOf2(),
6098	"masked_gather: alignment must be 0 or a power of 2", Call);
6099	break;
6100	}
6101	case Intrinsic::masked_scatter: {
6102	const APInt &Alignment =
6103	cast<ConstantInt>(Val: Call.getArgOperand(i: 2))->getValue();
6104	Check(Alignment.isZero() || Alignment.isPowerOf2(),
6105	"masked_scatter: alignment must be 0 or a power of 2", Call);
6106	break;
6107	}
6108
6109	case Intrinsic::experimental_guard: {
6110	Check(isa<CallInst>(Call), "experimental_guard cannot be invoked", Call);
6111	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
6112	"experimental_guard must have exactly one "
6113	"\"deopt\" operand bundle");
6114	break;
6115	}
6116
6117	case Intrinsic::experimental_deoptimize: {
6118	Check(isa<CallInst>(Call), "experimental_deoptimize cannot be invoked",
6119	Call);
6120	Check(Call.countOperandBundlesOfType(LLVMContext::OB_deopt) == 1,
6121	"experimental_deoptimize must have exactly one "
6122	"\"deopt\" operand bundle");
6123	Check(Call.getType() == Call.getFunction()->getReturnType(),
6124	"experimental_deoptimize return type must match caller return type");
6125
6126	if (isa<CallInst>(Val: Call)) {
6127	auto *RI = dyn_cast<ReturnInst>(Val: Call.getNextNode());
6128	Check(RI,
6129	"calls to experimental_deoptimize must be followed by a return");
6130
6131	if (!Call.getType()->isVoidTy() && RI)
6132	Check(RI->getReturnValue() == &Call,
6133	"calls to experimental_deoptimize must be followed by a return "
6134	"of the value computed by experimental_deoptimize");
6135	}
6136
6137	break;
6138	}
6139	case Intrinsic::vastart: {
6140	Check(Call.getFunction()->isVarArg(),
6141	"va_start called in a non-varargs function");
6142	break;
6143	}
6144	case Intrinsic::get_dynamic_area_offset: {
6145	auto *IntTy = dyn_cast<IntegerType>(Val: Call.getType());
6146	Check(IntTy && DL.getPointerSizeInBits(DL.getAllocaAddrSpace()) ==
6147	IntTy->getBitWidth(),
6148	"get_dynamic_area_offset result type must be scalar integer matching "
6149	"alloca address space width",
6150	Call);
6151	break;
6152	}
6153	case Intrinsic::vector_reduce_and:
6154	case Intrinsic::vector_reduce_or:
6155	case Intrinsic::vector_reduce_xor:
6156	case Intrinsic::vector_reduce_add:
6157	case Intrinsic::vector_reduce_mul:
6158	case Intrinsic::vector_reduce_smax:
6159	case Intrinsic::vector_reduce_smin:
6160	case Intrinsic::vector_reduce_umax:
6161	case Intrinsic::vector_reduce_umin: {
6162	Type *ArgTy = Call.getArgOperand(i: 0)->getType();
6163	Check(ArgTy->isIntOrIntVectorTy() && ArgTy->isVectorTy(),
6164	"Intrinsic has incorrect argument type!");
6165	break;
6166	}
6167	case Intrinsic::vector_reduce_fmax:
6168	case Intrinsic::vector_reduce_fmin: {
6169	Type *ArgTy = Call.getArgOperand(i: 0)->getType();
6170	Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
6171	"Intrinsic has incorrect argument type!");
6172	break;
6173	}
6174	case Intrinsic::vector_reduce_fadd:
6175	case Intrinsic::vector_reduce_fmul: {
6176	// Unlike the other reductions, the first argument is a start value. The
6177	// second argument is the vector to be reduced.
6178	Type *ArgTy = Call.getArgOperand(i: 1)->getType();
6179	Check(ArgTy->isFPOrFPVectorTy() && ArgTy->isVectorTy(),
6180	"Intrinsic has incorrect argument type!");
6181	break;
6182	}
6183	case Intrinsic::smul_fix:
6184	case Intrinsic::smul_fix_sat:
6185	case Intrinsic::umul_fix:
6186	case Intrinsic::umul_fix_sat:
6187	case Intrinsic::sdiv_fix:
6188	case Intrinsic::sdiv_fix_sat:
6189	case Intrinsic::udiv_fix:
6190	case Intrinsic::udiv_fix_sat: {
6191	Value *Op1 = Call.getArgOperand(i: 0);
6192	Value *Op2 = Call.getArgOperand(i: 1);
6193	Check(Op1->getType()->isIntOrIntVectorTy(),
6194	"first operand of [us][mul|div]_fix[_sat] must be an int type or "
6195	"vector of ints");
6196	Check(Op2->getType()->isIntOrIntVectorTy(),
6197	"second operand of [us][mul|div]_fix[_sat] must be an int type or "
6198	"vector of ints");
6199
6200	auto *Op3 = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6201	Check(Op3->getType()->isIntegerTy(),
6202	"third operand of [us][mul|div]_fix[_sat] must be an int type");
6203	Check(Op3->getBitWidth() <= 32,
6204	"third operand of [us][mul|div]_fix[_sat] must fit within 32 bits");
6205
6206	if (ID == Intrinsic::smul_fix || ID == Intrinsic::smul_fix_sat ||
6207	ID == Intrinsic::sdiv_fix || ID == Intrinsic::sdiv_fix_sat) {
6208	Check(Op3->getZExtValue() < Op1->getType()->getScalarSizeInBits(),
6209	"the scale of s[mul|div]_fix[_sat] must be less than the width of "
6210	"the operands");
6211	} else {
6212	Check(Op3->getZExtValue() <= Op1->getType()->getScalarSizeInBits(),
6213	"the scale of u[mul|div]_fix[_sat] must be less than or equal "
6214	"to the width of the operands");
6215	}
6216	break;
6217	}
6218	case Intrinsic::lrint:
6219	case Intrinsic::llrint:
6220	case Intrinsic::lround:
6221	case Intrinsic::llround: {
6222	Type *ValTy = Call.getArgOperand(i: 0)->getType();
6223	Type *ResultTy = Call.getType();
6224	auto *VTy = dyn_cast<VectorType>(Val: ValTy);
6225	auto *RTy = dyn_cast<VectorType>(Val: ResultTy);
6226	Check(ValTy->isFPOrFPVectorTy() && ResultTy->isIntOrIntVectorTy(),
6227	ExpectedName + ": argument must be floating-point or vector "
6228	"of floating-points, and result must be integer or "
6229	"vector of integers",
6230	&Call);
6231	Check(ValTy->isVectorTy() == ResultTy->isVectorTy(),
6232	ExpectedName + ": argument and result disagree on vector use", &Call);
6233	if (VTy) {
6234	Check(VTy->getElementCount() == RTy->getElementCount(),
6235	ExpectedName + ": argument must be same length as result", &Call);
6236	}
6237	break;
6238	}
6239	case Intrinsic::bswap: {
6240	Type *Ty = Call.getType();
6241	unsigned Size = Ty->getScalarSizeInBits();
6242	Check(Size % 16 == 0, "bswap must be an even number of bytes", &Call);
6243	break;
6244	}
6245	case Intrinsic::invariant_start: {
6246	ConstantInt *InvariantSize = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 0));
6247	Check(InvariantSize &&
6248	(!InvariantSize->isNegative() || InvariantSize->isMinusOne()),
6249	"invariant_start parameter must be -1, 0 or a positive number",
6250	&Call);
6251	break;
6252	}
6253	case Intrinsic::matrix_multiply:
6254	case Intrinsic::matrix_transpose:
6255	case Intrinsic::matrix_column_major_load:
6256	case Intrinsic::matrix_column_major_store: {
6257	Function *IF = Call.getCalledFunction();
6258	ConstantInt *Stride = nullptr;
6259	ConstantInt *NumRows;
6260	ConstantInt *NumColumns;
6261	VectorType *ResultTy;
6262	Type *Op0ElemTy = nullptr;
6263	Type *Op1ElemTy = nullptr;
6264	switch (ID) {
6265	case Intrinsic::matrix_multiply: {
6266	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6267	ConstantInt *N = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
6268	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6269	Check(cast<FixedVectorType>(Call.getArgOperand(0)->getType())
6270	->getNumElements() ==
6271	NumRows->getZExtValue() * N->getZExtValue(),
6272	"First argument of a matrix operation does not match specified "
6273	"shape!");
6274	Check(cast<FixedVectorType>(Call.getArgOperand(1)->getType())
6275	->getNumElements() ==
6276	N->getZExtValue() * NumColumns->getZExtValue(),
6277	"Second argument of a matrix operation does not match specified "
6278	"shape!");
6279
6280	ResultTy = cast<VectorType>(Val: Call.getType());
6281	Op0ElemTy =
6282	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6283	Op1ElemTy =
6284	cast<VectorType>(Val: Call.getArgOperand(i: 1)->getType())->getElementType();
6285	break;
6286	}
6287	case Intrinsic::matrix_transpose:
6288	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6289	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6290	ResultTy = cast<VectorType>(Val: Call.getType());
6291	Op0ElemTy =
6292	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6293	break;
6294	case Intrinsic::matrix_column_major_load: {
6295	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 1));
6296	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 3));
6297	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6298	ResultTy = cast<VectorType>(Val: Call.getType());
6299	break;
6300	}
6301	case Intrinsic::matrix_column_major_store: {
6302	Stride = dyn_cast<ConstantInt>(Val: Call.getArgOperand(i: 2));
6303	NumRows = cast<ConstantInt>(Val: Call.getArgOperand(i: 4));
6304	NumColumns = cast<ConstantInt>(Val: Call.getArgOperand(i: 5));
6305	ResultTy = cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType());
6306	Op0ElemTy =
6307	cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType())->getElementType();
6308	break;
6309	}
6310	default:
6311	llvm_unreachable("unexpected intrinsic");
6312	}
6313
6314	Check(ResultTy->getElementType()->isIntegerTy() ||
6315	ResultTy->getElementType()->isFloatingPointTy(),
6316	"Result type must be an integer or floating-point type!", IF);
6317
6318	if (Op0ElemTy)
6319	Check(ResultTy->getElementType() == Op0ElemTy,
6320	"Vector element type mismatch of the result and first operand "
6321	"vector!",
6322	IF);
6323
6324	if (Op1ElemTy)
6325	Check(ResultTy->getElementType() == Op1ElemTy,
6326	"Vector element type mismatch of the result and second operand "
6327	"vector!",
6328	IF);
6329
6330	Check(cast<FixedVectorType>(ResultTy)->getNumElements() ==
6331	NumRows->getZExtValue() * NumColumns->getZExtValue(),
6332	"Result of a matrix operation does not fit in the returned vector!");
6333
6334	if (Stride)
6335	Check(Stride->getZExtValue() >= NumRows->getZExtValue(),
6336	"Stride must be greater or equal than the number of rows!", IF);
6337
6338	break;
6339	}
6340	case Intrinsic::vector_splice: {
6341	VectorType *VecTy = cast<VectorType>(Val: Call.getType());
6342	int64_t Idx = cast<ConstantInt>(Val: Call.getArgOperand(i: 2))->getSExtValue();
6343	int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue();
6344	if (Call.getParent() && Call.getParent()->getParent()) {
6345	AttributeList Attrs = Call.getParent()->getParent()->getAttributes();
6346	if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange))
6347	KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin();
6348	}
6349	Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) ||
6350	(Idx >= 0 && Idx < KnownMinNumElements),
6351	"The splice index exceeds the range [-VL, VL-1] where VL is the "
6352	"known minimum number of elements in the vector. For scalable "
6353	"vectors the minimum number of elements is determined from "
6354	"vscale_range.",
6355	&Call);
6356	break;
6357	}
6358	case Intrinsic::stepvector: {
6359	VectorType *VecTy = dyn_cast<VectorType>(Val: Call.getType());
6360	Check(VecTy && VecTy->getScalarType()->isIntegerTy() &&
6361	VecTy->getScalarSizeInBits() >= 8,
6362	"stepvector only supported for vectors of integers "
6363	"with a bitwidth of at least 8.",
6364	&Call);
6365	break;
6366	}
6367	case Intrinsic::experimental_vector_match: {
6368	Value *Op1 = Call.getArgOperand(i: 0);
6369	Value *Op2 = Call.getArgOperand(i: 1);
6370	Value *Mask = Call.getArgOperand(i: 2);
6371
6372	VectorType *Op1Ty = dyn_cast<VectorType>(Val: Op1->getType());
6373	VectorType *Op2Ty = dyn_cast<VectorType>(Val: Op2->getType());
6374	VectorType *MaskTy = dyn_cast<VectorType>(Val: Mask->getType());
6375
6376	Check(Op1Ty && Op2Ty && MaskTy, "Operands must be vectors.", &Call);
6377	Check(isa<FixedVectorType>(Op2Ty),
6378	"Second operand must be a fixed length vector.", &Call);
6379	Check(Op1Ty->getElementType()->isIntegerTy(),
6380	"First operand must be a vector of integers.", &Call);
6381	Check(Op1Ty->getElementType() == Op2Ty->getElementType(),
6382	"First two operands must have the same element type.", &Call);
6383	Check(Op1Ty->getElementCount() == MaskTy->getElementCount(),
6384	"First operand and mask must have the same number of elements.",
6385	&Call);
6386	Check(MaskTy->getElementType()->isIntegerTy(1),
6387	"Mask must be a vector of i1's.", &Call);
6388	Check(Call.getType() == MaskTy, "Return type must match the mask type.",
6389	&Call);
6390	break;
6391	}
6392	case Intrinsic::vector_insert: {
6393	Value *Vec = Call.getArgOperand(i: 0);
6394	Value *SubVec = Call.getArgOperand(i: 1);
6395	Value *Idx = Call.getArgOperand(i: 2);
6396	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6397
6398	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6399	VectorType *SubVecTy = cast<VectorType>(Val: SubVec->getType());
6400
6401	ElementCount VecEC = VecTy->getElementCount();
6402	ElementCount SubVecEC = SubVecTy->getElementCount();
6403	Check(VecTy->getElementType() == SubVecTy->getElementType(),
6404	"vector_insert parameters must have the same element "
6405	"type.",
6406	&Call);
6407	Check(IdxN % SubVecEC.getKnownMinValue() == 0,
6408	"vector_insert index must be a constant multiple of "
6409	"the subvector's known minimum vector length.");
6410
6411	// If this insertion is not the 'mixed' case where a fixed vector is
6412	// inserted into a scalable vector, ensure that the insertion of the
6413	// subvector does not overrun the parent vector.
6414	if (VecEC.isScalable() == SubVecEC.isScalable()) {
6415	Check(IdxN < VecEC.getKnownMinValue() &&
6416	IdxN + SubVecEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6417	"subvector operand of vector_insert would overrun the "
6418	"vector being inserted into.");
6419	}
6420	break;
6421	}
6422	case Intrinsic::vector_extract: {
6423	Value *Vec = Call.getArgOperand(i: 0);
6424	Value *Idx = Call.getArgOperand(i: 1);
6425	unsigned IdxN = cast<ConstantInt>(Val: Idx)->getZExtValue();
6426
6427	VectorType *ResultTy = cast<VectorType>(Val: Call.getType());
6428	VectorType *VecTy = cast<VectorType>(Val: Vec->getType());
6429
6430	ElementCount VecEC = VecTy->getElementCount();
6431	ElementCount ResultEC = ResultTy->getElementCount();
6432
6433	Check(ResultTy->getElementType() == VecTy->getElementType(),
6434	"vector_extract result must have the same element "
6435	"type as the input vector.",
6436	&Call);
6437	Check(IdxN % ResultEC.getKnownMinValue() == 0,
6438	"vector_extract index must be a constant multiple of "
6439	"the result type's known minimum vector length.");
6440
6441	// If this extraction is not the 'mixed' case where a fixed vector is
6442	// extracted from a scalable vector, ensure that the extraction does not
6443	// overrun the parent vector.
6444	if (VecEC.isScalable() == ResultEC.isScalable()) {
6445	Check(IdxN < VecEC.getKnownMinValue() &&
6446	IdxN + ResultEC.getKnownMinValue() <= VecEC.getKnownMinValue(),
6447	"vector_extract would overrun.");
6448	}
6449	break;
6450	}
6451	case Intrinsic::experimental_vector_partial_reduce_add: {
6452	VectorType *AccTy = cast<VectorType>(Val: Call.getArgOperand(i: 0)->getType());
6453	VectorType *VecTy = cast<VectorType>(Val: Call.getArgOperand(i: 1)->getType());
6454
6455	unsigned VecWidth = VecTy->getElementCount().getKnownMinValue();
6456	unsigned AccWidth = AccTy->getElementCount().getKnownMinValue();
6457
6458	Check((VecWidth % AccWidth) == 0,
6459	"Invalid vector widths for partial "
6460	"reduction. The width of the input vector "
6461	"must be a positive integer multiple of "
6462	"the width of the accumulator vector.");
6463	break;
6464	}
6465	case Intrinsic::experimental_noalias_scope_decl: {
6466	NoAliasScopeDecls.push_back(Elt: cast<IntrinsicInst>(Val: &Call));
6467	break;
6468	}
6469	case Intrinsic::preserve_array_access_index:
6470	case Intrinsic::preserve_struct_access_index:
6471	case Intrinsic::aarch64_ldaxr:
6472	case Intrinsic::aarch64_ldxr:
6473	case Intrinsic::arm_ldaex:
6474	case Intrinsic::arm_ldrex: {
6475	Type *ElemTy = Call.getParamElementType(ArgNo: 0);
6476	Check(ElemTy, "Intrinsic requires elementtype attribute on first argument.",
6477	&Call);
6478	break;
6479	}
6480	case Intrinsic::aarch64_stlxr:
6481	case Intrinsic::aarch64_stxr:
6482	case Intrinsic::arm_stlex:
6483	case Intrinsic::arm_strex: {
6484	Type *ElemTy = Call.getAttributes().getParamElementType(ArgNo: 1);
6485	Check(ElemTy,
6486	"Intrinsic requires elementtype attribute on second argument.",
6487	&Call);
6488	break;
6489	}
6490	case Intrinsic::aarch64_prefetch: {
6491	Check(cast<ConstantInt>(Call.getArgOperand(1))->getZExtValue() < 2,
6492	"write argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6493	Check(cast<ConstantInt>(Call.getArgOperand(2))->getZExtValue() < 4,
6494	"target argument to llvm.aarch64.prefetch must be 0-3", Call);
6495	Check(cast<ConstantInt>(Call.getArgOperand(3))->getZExtValue() < 2,
6496	"stream argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6497	Check(cast<ConstantInt>(Call.getArgOperand(4))->getZExtValue() < 2,
6498	"isdata argument to llvm.aarch64.prefetch must be 0 or 1", Call);
6499	break;
6500	}
6501	case Intrinsic::callbr_landingpad: {
6502	const auto *CBR = dyn_cast<CallBrInst>(Val: Call.getOperand(i_nocapture: 0));
6503	Check(CBR, "intrinstic requires callbr operand", &Call);
6504	if (!CBR)
6505	break;
6506
6507	const BasicBlock *LandingPadBB = Call.getParent();
6508	const BasicBlock *PredBB = LandingPadBB->getUniquePredecessor();
6509	if (!PredBB) {
6510	CheckFailed(Message: "Intrinsic in block must have 1 unique predecessor", V1: &Call);
6511	break;
6512	}
6513	if (!isa<CallBrInst>(Val: PredBB->getTerminator())) {
6514	CheckFailed(Message: "Intrinsic must have corresponding callbr in predecessor",
6515	V1: &Call);
6516	break;
6517	}
6518	Check(llvm::is_contained(CBR->getIndirectDests(), LandingPadBB),
6519	"Intrinsic's corresponding callbr must have intrinsic's parent basic "
6520	"block in indirect destination list",
6521	&Call);
6522	const Instruction &First = *LandingPadBB->begin();
6523	Check(&First == &Call, "No other instructions may proceed intrinsic",
6524	&Call);
6525	break;
6526	}
6527	case Intrinsic::amdgcn_cs_chain: {
6528	auto CallerCC = Call.getCaller()->getCallingConv();
6529	switch (CallerCC) {
6530	case CallingConv::AMDGPU_CS:
6531	case CallingConv::AMDGPU_CS_Chain:
6532	case CallingConv::AMDGPU_CS_ChainPreserve:
6533	break;
6534	default:
6535	CheckFailed(Message: "Intrinsic can only be used from functions with the "
6536	"amdgpu_cs, amdgpu_cs_chain or amdgpu_cs_chain_preserve "
6537	"calling conventions",
6538	V1: &Call);
6539	break;
6540	}
6541
6542	Check(Call.paramHasAttr(2, Attribute::InReg),
6543	"SGPR arguments must have the `inreg` attribute", &Call);
6544	Check(!Call.paramHasAttr(3, Attribute::InReg),
6545	"VGPR arguments must not have the `inreg` attribute", &Call);
6546
6547	auto *Next = Call.getNextNonDebugInstruction();
6548	bool IsAMDUnreachable = Next && isa<IntrinsicInst>(Val: Next) &&
6549	cast<IntrinsicInst>(Val: Next)->getIntrinsicID() ==
6550	Intrinsic::amdgcn_unreachable;
6551	Check(Next && (isa<UnreachableInst>(Next) || IsAMDUnreachable),
6552	"llvm.amdgcn.cs.chain must be followed by unreachable", &Call);
6553	break;
6554	}
6555	case Intrinsic::amdgcn_init_exec_from_input: {
6556	const Argument *Arg = dyn_cast<Argument>(Val: Call.getOperand(i_nocapture: 0));
6557	Check(Arg && Arg->hasInRegAttr(),
6558	"only inreg arguments to the parent function are valid as inputs to "
6559	"this intrinsic",
6560	&Call);
6561	break;
6562	}
6563	case Intrinsic::amdgcn_set_inactive_chain_arg: {
6564	auto CallerCC = Call.getCaller()->getCallingConv();
6565	switch (CallerCC) {
6566	case CallingConv::AMDGPU_CS_Chain:
6567	case CallingConv::AMDGPU_CS_ChainPreserve:
6568	break;
6569	default:
6570	CheckFailed(Message: "Intrinsic can only be used from functions with the "
6571	"amdgpu_cs_chain or amdgpu_cs_chain_preserve "
6572	"calling conventions",
6573	V1: &Call);
6574	break;
6575	}
6576
6577	unsigned InactiveIdx = 1;
6578	Check(!Call.paramHasAttr(InactiveIdx, Attribute::InReg),
6579	"Value for inactive lanes must not have the `inreg` attribute",
6580	&Call);
6581	Check(isa<Argument>(Call.getArgOperand(InactiveIdx)),
6582	"Value for inactive lanes must be a function argument", &Call);
6583	Check(!cast<Argument>(Call.getArgOperand(InactiveIdx))->hasInRegAttr(),
6584	"Value for inactive lanes must be a VGPR function argument", &Call);
6585	break;
6586	}
6587	case Intrinsic::amdgcn_s_prefetch_data: {
6588	Check(
6589	AMDGPU::isFlatGlobalAddrSpace(
6590	Call.getArgOperand(0)->getType()->getPointerAddressSpace()),
6591	"llvm.amdgcn.s.prefetch.data only supports global or constant memory");
6592	break;
6593	}
6594	case Intrinsic::amdgcn_mfma_scale_f32_16x16x128_f8f6f4:
6595	case Intrinsic::amdgcn_mfma_scale_f32_32x32x64_f8f6f4: {
6596	Value *Src0 = Call.getArgOperand(i: 0);
6597	Value *Src1 = Call.getArgOperand(i: 1);
6598
6599	uint64_t CBSZ = cast<ConstantInt>(Val: Call.getArgOperand(i: 3))->getZExtValue();
6600	uint64_t BLGP = cast<ConstantInt>(Val: Call.getArgOperand(i: 4))->getZExtValue();
6601	Check(CBSZ <= 4, "invalid value for cbsz format", Call,
6602	Call.getArgOperand(3));
6603	Check(BLGP <= 4, "invalid value for blgp format", Call,
6604	Call.getArgOperand(4));
6605
6606	// AMDGPU::MFMAScaleFormats values
6607	auto getFormatNumRegs = [](unsigned FormatVal) {
6608	switch (FormatVal) {
6609	case 0:
6610	case 1:
6611	return 8u;
6612	case 2:
6613	case 3:
6614	return 6u;
6615	case 4:
6616	return 4u;
6617	default:
6618	llvm_unreachable("invalid format value");
6619	}
6620	};
6621
6622	auto isValidSrcASrcBVector = [](FixedVectorType *Ty) {
6623	if (!Ty || !Ty->getElementType()->isIntegerTy(Bitwidth: 32))
6624	return false;
6625	unsigned NumElts = Ty->getNumElements();
6626	return NumElts == 4 || NumElts == 6 || NumElts == 8;
6627	};
6628
6629	auto *Src0Ty = dyn_cast<FixedVectorType>(Val: Src0->getType());
6630	auto *Src1Ty = dyn_cast<FixedVectorType>(Val: Src1->getType());
6631	Check(isValidSrcASrcBVector(Src0Ty),
6632	"operand 0 must be 4, 6 or 8 element i32 vector", &Call, Src0);
6633	Check(isValidSrcASrcBVector(Src1Ty),
6634	"operand 1 must be 4, 6 or 8 element i32 vector", &Call, Src1);
6635
6636	// Permit excess registers for the format.
6637	Check(Src0Ty->getNumElements() >= getFormatNumRegs(CBSZ),
6638	"invalid vector type for format", &Call, Src0, Call.getArgOperand(3));
6639	Check(Src1Ty->getNumElements() >= getFormatNumRegs(BLGP),
6640	"invalid vector type for format", &Call, Src1, Call.getArgOperand(5));
6641	break;
6642	}
6643	case Intrinsic::nvvm_setmaxnreg_inc_sync_aligned_u32:
6644	case Intrinsic::nvvm_setmaxnreg_dec_sync_aligned_u32: {
6645	Value *V = Call.getArgOperand(i: 0);
6646	unsigned RegCount = cast<ConstantInt>(Val: V)->getZExtValue();
6647	Check(RegCount % 8 == 0,
6648	"reg_count argument to nvvm.setmaxnreg must be in multiples of 8");
6649	break;
6650	}
6651	case Intrinsic::experimental_convergence_entry:
6652	case Intrinsic::experimental_convergence_anchor:
6653	break;
6654	case Intrinsic::experimental_convergence_loop:
6655	break;
6656	case Intrinsic::ptrmask: {
6657	Type *Ty0 = Call.getArgOperand(i: 0)->getType();
6658	Type *Ty1 = Call.getArgOperand(i: 1)->getType();
6659	Check(Ty0->isPtrOrPtrVectorTy(),
6660	"llvm.ptrmask intrinsic first argument must be pointer or vector "
6661	"of pointers",
6662	&Call);
6663	Check(
6664	Ty0->isVectorTy() == Ty1->isVectorTy(),
6665	"llvm.ptrmask intrinsic arguments must be both scalars or both vectors",
6666	&Call);
6667	if (Ty0->isVectorTy())
6668	Check(cast<VectorType>(Ty0)->getElementCount() ==
6669	cast<VectorType>(Ty1)->getElementCount(),
6670	"llvm.ptrmask intrinsic arguments must have the same number of "
6671	"elements",
6672	&Call);
6673	Check(DL.getIndexTypeSizeInBits(Ty0) == Ty1->getScalarSizeInBits(),
6674	"llvm.ptrmask intrinsic second argument bitwidth must match "
6675	"pointer index type size of first argument",
6676	&Call);
6677	break;
6678	}
6679	case Intrinsic::thread_pointer: {
6680	Check(Call.getType()->getPointerAddressSpace() ==
6681	DL.getDefaultGlobalsAddressSpace(),
6682	"llvm.thread.pointer intrinsic return type must be for the globals "
6683	"address space",
6684	&Call);
6685	break;
6686	}
6687	case Intrinsic::threadlocal_address: {
6688	const Value &Arg0 = *Call.getArgOperand(i: 0);
6689	Check(isa<GlobalValue>(Arg0),
6690	"llvm.threadlocal.address first argument must be a GlobalValue");
6691	Check(cast<GlobalValue>(Arg0).isThreadLocal(),
6692	"llvm.threadlocal.address operand isThreadLocal() must be true");
6693	break;
6694	}
6695	};
6696
6697	// Verify that there aren't any unmediated control transfers between funclets.
6698	if (IntrinsicInst::mayLowerToFunctionCall(IID: ID)) {
6699	Function *F = Call.getParent()->getParent();
6700	if (F->hasPersonalityFn() &&
6701	isScopedEHPersonality(Pers: classifyEHPersonality(Pers: F->getPersonalityFn()))) {
6702	// Run EH funclet coloring on-demand and cache results for other intrinsic
6703	// calls in this function
6704	if (BlockEHFuncletColors.empty())
6705	BlockEHFuncletColors = colorEHFunclets(F&: *F);
6706
6707	// Check for catch-/cleanup-pad in first funclet block
6708	bool InEHFunclet = false;
6709	BasicBlock *CallBB = Call.getParent();
6710	const ColorVector &CV = BlockEHFuncletColors.find(Val: CallBB)->second;
6711	assert(CV.size() > 0 && "Uncolored block");
6712	for (BasicBlock *ColorFirstBB : CV)
6713	if (auto It = ColorFirstBB->getFirstNonPHIIt();
6714	It != ColorFirstBB->end())
6715	if (isa_and_nonnull<FuncletPadInst>(Val: &*It))
6716	InEHFunclet = true;
6717
6718	// Check for funclet operand bundle
6719	bool HasToken = false;
6720	for (unsigned I = 0, E = Call.getNumOperandBundles(); I != E; ++I)
6721	if (Call.getOperandBundleAt(Index: I).getTagID() == LLVMContext::OB_funclet)
6722	HasToken = true;
6723
6724	// This would cause silent code truncation in WinEHPrepare
6725	if (InEHFunclet)
6726	Check(HasToken, "Missing funclet token on intrinsic call", &Call);
6727	}
6728	}
6729	}
6730
6731	/// Carefully grab the subprogram from a local scope.
6732	///
6733	/// This carefully grabs the subprogram from a local scope, avoiding the
6734	/// built-in assertions that would typically fire.
6735	static DISubprogram *getSubprogram(Metadata *LocalScope) {
6736	if (!LocalScope)
6737	return nullptr;
6738
6739	if (auto *SP = dyn_cast<DISubprogram>(Val: LocalScope))
6740	return SP;
6741
6742	if (auto *LB = dyn_cast<DILexicalBlockBase>(Val: LocalScope))
6743	return getSubprogram(LocalScope: LB->getRawScope());
6744
6745	// Just return null; broken scope chains are checked elsewhere.
6746	assert(!isa<DILocalScope>(LocalScope) && "Unknown type of local scope");
6747	return nullptr;
6748	}
6749
6750	void Verifier::visit(DbgLabelRecord &DLR) {
6751	CheckDI(isa<DILabel>(DLR.getRawLabel()),
6752	"invalid #dbg_label intrinsic variable", &DLR, DLR.getRawLabel());
6753
6754	// Ignore broken !dbg attachments; they're checked elsewhere.
6755	if (MDNode *N = DLR.getDebugLoc().getAsMDNode())
6756	if (!isa<DILocation>(Val: N))
6757	return;
6758
6759	BasicBlock *BB = DLR.getParent();
6760	Function *F = BB ? BB->getParent() : nullptr;
6761
6762	// The scopes for variables and !dbg attachments must agree.
6763	DILabel *Label = DLR.getLabel();
6764	DILocation *Loc = DLR.getDebugLoc();
6765	CheckDI(Loc, "#dbg_label record requires a !dbg attachment", &DLR, BB, F);
6766
6767	DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
6768	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6769	if (!LabelSP || !LocSP)
6770	return;
6771
6772	CheckDI(LabelSP == LocSP,
6773	"mismatched subprogram between #dbg_label label and !dbg attachment",
6774	&DLR, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
6775	Loc->getScope()->getSubprogram());
6776	}
6777
6778	void Verifier::visit(DbgVariableRecord &DVR) {
6779	BasicBlock *BB = DVR.getParent();
6780	Function *F = BB->getParent();
6781
6782	CheckDI(DVR.getType() == DbgVariableRecord::LocationType::Value ||
6783	DVR.getType() == DbgVariableRecord::LocationType::Declare ||
6784	DVR.getType() == DbgVariableRecord::LocationType::Assign,
6785	"invalid #dbg record type", &DVR, DVR.getType(), BB, F);
6786
6787	// The location for a DbgVariableRecord must be either a ValueAsMetadata,
6788	// DIArgList, or an empty MDNode (which is a legacy representation for an
6789	// "undef" location).
6790	auto *MD = DVR.getRawLocation();
6791	CheckDI(MD && (isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) ||
6792	(isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands())),
6793	"invalid #dbg record address/value", &DVR, MD, BB, F);
6794	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: MD)) {
6795	visitValueAsMetadata(MD: *VAM, F);
6796	if (DVR.isDbgDeclare()) {
6797	// Allow integers here to support inttoptr salvage.
6798	Type *Ty = VAM->getValue()->getType();
6799	CheckDI(Ty->isPointerTy() || Ty->isIntegerTy(),
6800	"location of #dbg_declare must be a pointer or int", &DVR, MD, BB,
6801	F);
6802	}
6803	} else if (auto *AL = dyn_cast<DIArgList>(Val: MD)) {
6804	visitDIArgList(AL: *AL, F);
6805	}
6806
6807	CheckDI(isa_and_nonnull<DILocalVariable>(DVR.getRawVariable()),
6808	"invalid #dbg record variable", &DVR, DVR.getRawVariable(), BB, F);
6809	visitMDNode(MD: *DVR.getRawVariable(), AllowLocs: AreDebugLocsAllowed::No);
6810
6811	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawExpression()),
6812	"invalid #dbg record expression", &DVR, DVR.getRawExpression(), BB,
6813	F);
6814	visitMDNode(MD: *DVR.getExpression(), AllowLocs: AreDebugLocsAllowed::No);
6815
6816	if (DVR.isDbgAssign()) {
6817	CheckDI(isa_and_nonnull<DIAssignID>(DVR.getRawAssignID()),
6818	"invalid #dbg_assign DIAssignID", &DVR, DVR.getRawAssignID(), BB,
6819	F);
6820	visitMDNode(MD: *cast<DIAssignID>(Val: DVR.getRawAssignID()),
6821	AllowLocs: AreDebugLocsAllowed::No);
6822
6823	const auto *RawAddr = DVR.getRawAddress();
6824	// Similarly to the location above, the address for an assign
6825	// DbgVariableRecord must be a ValueAsMetadata or an empty MDNode, which
6826	// represents an undef address.
6827	CheckDI(
6828	isa<ValueAsMetadata>(RawAddr) ||
6829	(isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
6830	"invalid #dbg_assign address", &DVR, DVR.getRawAddress(), BB, F);
6831	if (auto *VAM = dyn_cast<ValueAsMetadata>(Val: RawAddr))
6832	visitValueAsMetadata(MD: *VAM, F);
6833
6834	CheckDI(isa_and_nonnull<DIExpression>(DVR.getRawAddressExpression()),
6835	"invalid #dbg_assign address expression", &DVR,
6836	DVR.getRawAddressExpression(), BB, F);
6837	visitMDNode(MD: *DVR.getAddressExpression(), AllowLocs: AreDebugLocsAllowed::No);
6838
6839	// All of the linked instructions should be in the same function as DVR.
6840	for (Instruction *I : at::getAssignmentInsts(DVR: &DVR))
6841	CheckDI(DVR.getFunction() == I->getFunction(),
6842	"inst not in same function as #dbg_assign", I, &DVR, BB, F);
6843	}
6844
6845	// This check is redundant with one in visitLocalVariable().
6846	DILocalVariable *Var = DVR.getVariable();
6847	CheckDI(isType(Var->getRawType()), "invalid type ref", Var, Var->getRawType(),
6848	BB, F);
6849
6850	auto *DLNode = DVR.getDebugLoc().getAsMDNode();
6851	CheckDI(isa_and_nonnull<DILocation>(DLNode), "invalid #dbg record DILocation",
6852	&DVR, DLNode, BB, F);
6853	DILocation *Loc = DVR.getDebugLoc();
6854
6855	// The scopes for variables and !dbg attachments must agree.
6856	DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
6857	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
6858	if (!VarSP || !LocSP)
6859	return; // Broken scope chains are checked elsewhere.
6860
6861	CheckDI(VarSP == LocSP,
6862	"mismatched subprogram between #dbg record variable and DILocation",
6863	&DVR, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
6864	Loc->getScope()->getSubprogram(), BB, F);
6865
6866	verifyFnArgs(DVR);
6867	}
6868
6869	void Verifier::visitVPIntrinsic(VPIntrinsic &VPI) {
6870	if (auto *VPCast = dyn_cast<VPCastIntrinsic>(Val: &VPI)) {
6871	auto *RetTy = cast<VectorType>(Val: VPCast->getType());
6872	auto *ValTy = cast<VectorType>(Val: VPCast->getOperand(i_nocapture: 0)->getType());
6873	Check(RetTy->getElementCount() == ValTy->getElementCount(),
6874	"VP cast intrinsic first argument and result vector lengths must be "
6875	"equal",
6876	*VPCast);
6877
6878	switch (VPCast->getIntrinsicID()) {
6879	default:
6880	llvm_unreachable("Unknown VP cast intrinsic");
6881	case Intrinsic::vp_trunc:
6882	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
6883	"llvm.vp.trunc intrinsic first argument and result element type "
6884	"must be integer",
6885	*VPCast);
6886	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
6887	"llvm.vp.trunc intrinsic the bit size of first argument must be "
6888	"larger than the bit size of the return type",
6889	*VPCast);
6890	break;
6891	case Intrinsic::vp_zext:
6892	case Intrinsic::vp_sext:
6893	Check(RetTy->isIntOrIntVectorTy() && ValTy->isIntOrIntVectorTy(),
6894	"llvm.vp.zext or llvm.vp.sext intrinsic first argument and result "
6895	"element type must be integer",
6896	*VPCast);
6897	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
6898	"llvm.vp.zext or llvm.vp.sext intrinsic the bit size of first "
6899	"argument must be smaller than the bit size of the return type",
6900	*VPCast);
6901	break;
6902	case Intrinsic::vp_fptoui:
6903	case Intrinsic::vp_fptosi:
6904	case Intrinsic::vp_lrint:
6905	case Intrinsic::vp_llrint:
6906	Check(
6907	RetTy->isIntOrIntVectorTy() && ValTy->isFPOrFPVectorTy(),
6908	"llvm.vp.fptoui, llvm.vp.fptosi, llvm.vp.lrint or llvm.vp.llrint" "intrinsic first argument element "
6909	"type must be floating-point and result element type must be integer",
6910	*VPCast);
6911	break;
6912	case Intrinsic::vp_uitofp:
6913	case Intrinsic::vp_sitofp:
6914	Check(
6915	RetTy->isFPOrFPVectorTy() && ValTy->isIntOrIntVectorTy(),
6916	"llvm.vp.uitofp or llvm.vp.sitofp intrinsic first argument element "
6917	"type must be integer and result element type must be floating-point",
6918	*VPCast);
6919	break;
6920	case Intrinsic::vp_fptrunc:
6921	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
6922	"llvm.vp.fptrunc intrinsic first argument and result element type "
6923	"must be floating-point",
6924	*VPCast);
6925	Check(RetTy->getScalarSizeInBits() < ValTy->getScalarSizeInBits(),
6926	"llvm.vp.fptrunc intrinsic the bit size of first argument must be "
6927	"larger than the bit size of the return type",
6928	*VPCast);
6929	break;
6930	case Intrinsic::vp_fpext:
6931	Check(RetTy->isFPOrFPVectorTy() && ValTy->isFPOrFPVectorTy(),
6932	"llvm.vp.fpext intrinsic first argument and result element type "
6933	"must be floating-point",
6934	*VPCast);
6935	Check(RetTy->getScalarSizeInBits() > ValTy->getScalarSizeInBits(),
6936	"llvm.vp.fpext intrinsic the bit size of first argument must be "
6937	"smaller than the bit size of the return type",
6938	*VPCast);
6939	break;
6940	case Intrinsic::vp_ptrtoint:
6941	Check(RetTy->isIntOrIntVectorTy() && ValTy->isPtrOrPtrVectorTy(),
6942	"llvm.vp.ptrtoint intrinsic first argument element type must be "
6943	"pointer and result element type must be integer",
6944	*VPCast);
6945	break;
6946	case Intrinsic::vp_inttoptr:
6947	Check(RetTy->isPtrOrPtrVectorTy() && ValTy->isIntOrIntVectorTy(),
6948	"llvm.vp.inttoptr intrinsic first argument element type must be "
6949	"integer and result element type must be pointer",
6950	*VPCast);
6951	break;
6952	}
6953	}
6954
6955	switch (VPI.getIntrinsicID()) {
6956	case Intrinsic::vp_fcmp: {
6957	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
6958	Check(CmpInst::isFPPredicate(Pred),
6959	"invalid predicate for VP FP comparison intrinsic", &VPI);
6960	break;
6961	}
6962	case Intrinsic::vp_icmp: {
6963	auto Pred = cast<VPCmpIntrinsic>(Val: &VPI)->getPredicate();
6964	Check(CmpInst::isIntPredicate(Pred),
6965	"invalid predicate for VP integer comparison intrinsic", &VPI);
6966	break;
6967	}
6968	case Intrinsic::vp_is_fpclass: {
6969	auto TestMask = cast<ConstantInt>(Val: VPI.getOperand(i_nocapture: 1));
6970	Check((TestMask->getZExtValue() & ~static_cast<unsigned>(fcAllFlags)) == 0,
6971	"unsupported bits for llvm.vp.is.fpclass test mask");
6972	break;
6973	}
6974	case Intrinsic::experimental_vp_splice: {
6975	VectorType *VecTy = cast<VectorType>(Val: VPI.getType());
6976	int64_t Idx = cast<ConstantInt>(Val: VPI.getArgOperand(i: 2))->getSExtValue();
6977	int64_t KnownMinNumElements = VecTy->getElementCount().getKnownMinValue();
6978	if (VPI.getParent() && VPI.getParent()->getParent()) {
6979	AttributeList Attrs = VPI.getParent()->getParent()->getAttributes();
6980	if (Attrs.hasFnAttr(Kind: Attribute::VScaleRange))
6981	KnownMinNumElements *= Attrs.getFnAttrs().getVScaleRangeMin();
6982	}
6983	Check((Idx < 0 && std::abs(Idx) <= KnownMinNumElements) ||
6984	(Idx >= 0 && Idx < KnownMinNumElements),
6985	"The splice index exceeds the range [-VL, VL-1] where VL is the "
6986	"known minimum number of elements in the vector. For scalable "
6987	"vectors the minimum number of elements is determined from "
6988	"vscale_range.",
6989	&VPI);
6990	break;
6991	}
6992	}
6993	}
6994
6995	void Verifier::visitConstrainedFPIntrinsic(ConstrainedFPIntrinsic &FPI) {
6996	unsigned NumOperands = FPI.getNonMetadataArgCount();
6997	bool HasRoundingMD =
6998	Intrinsic::hasConstrainedFPRoundingModeOperand(QID: FPI.getIntrinsicID());
6999
7000	// Add the expected number of metadata operands.
7001	NumOperands += (1 + HasRoundingMD);
7002
7003	// Compare intrinsics carry an extra predicate metadata operand.
7004	if (isa<ConstrainedFPCmpIntrinsic>(Val: FPI))
7005	NumOperands += 1;
7006	Check((FPI.arg_size() == NumOperands),
7007	"invalid arguments for constrained FP intrinsic", &FPI);
7008
7009	switch (FPI.getIntrinsicID()) {
7010	case Intrinsic::experimental_constrained_lrint:
7011	case Intrinsic::experimental_constrained_llrint: {
7012	Type *ValTy = FPI.getArgOperand(i: 0)->getType();
7013	Type *ResultTy = FPI.getType();
7014	Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
7015	"Intrinsic does not support vectors", &FPI);
7016	break;
7017	}
7018
7019	case Intrinsic::experimental_constrained_lround:
7020	case Intrinsic::experimental_constrained_llround: {
7021	Type *ValTy = FPI.getArgOperand(i: 0)->getType();
7022	Type *ResultTy = FPI.getType();
7023	Check(!ValTy->isVectorTy() && !ResultTy->isVectorTy(),
7024	"Intrinsic does not support vectors", &FPI);
7025	break;
7026	}
7027
7028	case Intrinsic::experimental_constrained_fcmp:
7029	case Intrinsic::experimental_constrained_fcmps: {
7030	auto Pred = cast<ConstrainedFPCmpIntrinsic>(Val: &FPI)->getPredicate();
7031	Check(CmpInst::isFPPredicate(Pred),
7032	"invalid predicate for constrained FP comparison intrinsic", &FPI);
7033	break;
7034	}
7035
7036	case Intrinsic::experimental_constrained_fptosi:
7037	case Intrinsic::experimental_constrained_fptoui: {
7038	Value *Operand = FPI.getArgOperand(i: 0);
7039	ElementCount SrcEC;
7040	Check(Operand->getType()->isFPOrFPVectorTy(),
7041	"Intrinsic first argument must be floating point", &FPI);
7042	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7043	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7044	}
7045
7046	Operand = &FPI;
7047	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7048	"Intrinsic first argument and result disagree on vector use", &FPI);
7049	Check(Operand->getType()->isIntOrIntVectorTy(),
7050	"Intrinsic result must be an integer", &FPI);
7051	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7052	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7053	"Intrinsic first argument and result vector lengths must be equal",
7054	&FPI);
7055	}
7056	break;
7057	}
7058
7059	case Intrinsic::experimental_constrained_sitofp:
7060	case Intrinsic::experimental_constrained_uitofp: {
7061	Value *Operand = FPI.getArgOperand(i: 0);
7062	ElementCount SrcEC;
7063	Check(Operand->getType()->isIntOrIntVectorTy(),
7064	"Intrinsic first argument must be integer", &FPI);
7065	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7066	SrcEC = cast<VectorType>(Val: OperandT)->getElementCount();
7067	}
7068
7069	Operand = &FPI;
7070	Check(SrcEC.isNonZero() == Operand->getType()->isVectorTy(),
7071	"Intrinsic first argument and result disagree on vector use", &FPI);
7072	Check(Operand->getType()->isFPOrFPVectorTy(),
7073	"Intrinsic result must be a floating point", &FPI);
7074	if (auto *OperandT = dyn_cast<VectorType>(Val: Operand->getType())) {
7075	Check(SrcEC == cast<VectorType>(OperandT)->getElementCount(),
7076	"Intrinsic first argument and result vector lengths must be equal",
7077	&FPI);
7078	}
7079	break;
7080	}
7081
7082	case Intrinsic::experimental_constrained_fptrunc:
7083	case Intrinsic::experimental_constrained_fpext: {
7084	Value *Operand = FPI.getArgOperand(i: 0);
7085	Type *OperandTy = Operand->getType();
7086	Value *Result = &FPI;
7087	Type *ResultTy = Result->getType();
7088	Check(OperandTy->isFPOrFPVectorTy(),
7089	"Intrinsic first argument must be FP or FP vector", &FPI);
7090	Check(ResultTy->isFPOrFPVectorTy(),
7091	"Intrinsic result must be FP or FP vector", &FPI);
7092	Check(OperandTy->isVectorTy() == ResultTy->isVectorTy(),
7093	"Intrinsic first argument and result disagree on vector use", &FPI);
7094	if (OperandTy->isVectorTy()) {
7095	Check(cast<VectorType>(OperandTy)->getElementCount() ==
7096	cast<VectorType>(ResultTy)->getElementCount(),
7097	"Intrinsic first argument and result vector lengths must be equal",
7098	&FPI);
7099	}
7100	if (FPI.getIntrinsicID() == Intrinsic::experimental_constrained_fptrunc) {
7101	Check(OperandTy->getScalarSizeInBits() > ResultTy->getScalarSizeInBits(),
7102	"Intrinsic first argument's type must be larger than result type",
7103	&FPI);
7104	} else {
7105	Check(OperandTy->getScalarSizeInBits() < ResultTy->getScalarSizeInBits(),
7106	"Intrinsic first argument's type must be smaller than result type",
7107	&FPI);
7108	}
7109	break;
7110	}
7111
7112	default:
7113	break;
7114	}
7115
7116	// If a non-metadata argument is passed in a metadata slot then the
7117	// error will be caught earlier when the incorrect argument doesn't
7118	// match the specification in the intrinsic call table. Thus, no
7119	// argument type check is needed here.
7120
7121	Check(FPI.getExceptionBehavior().has_value(),
7122	"invalid exception behavior argument", &FPI);
7123	if (HasRoundingMD) {
7124	Check(FPI.getRoundingMode().has_value(), "invalid rounding mode argument",
7125	&FPI);
7126	}
7127	}
7128
7129	void Verifier::visitDbgIntrinsic(StringRef Kind, DbgVariableIntrinsic &DII) {
7130	auto *MD = DII.getRawLocation();
7131	CheckDI(isa<ValueAsMetadata>(MD) || isa<DIArgList>(MD) ||
7132	(isa<MDNode>(MD) && !cast<MDNode>(MD)->getNumOperands()),
7133	"invalid llvm.dbg." + Kind + " intrinsic address/value", &DII, MD);
7134	CheckDI(isa<DILocalVariable>(DII.getRawVariable()),
7135	"invalid llvm.dbg." + Kind + " intrinsic variable", &DII,
7136	DII.getRawVariable());
7137	CheckDI(isa<DIExpression>(DII.getRawExpression()),
7138	"invalid llvm.dbg." + Kind + " intrinsic expression", &DII,
7139	DII.getRawExpression());
7140
7141	if (auto *DAI = dyn_cast<DbgAssignIntrinsic>(Val: &DII)) {
7142	CheckDI(isa<DIAssignID>(DAI->getRawAssignID()),
7143	"invalid llvm.dbg.assign intrinsic DIAssignID", &DII,
7144	DAI->getRawAssignID());
7145	const auto *RawAddr = DAI->getRawAddress();
7146	CheckDI(
7147	isa<ValueAsMetadata>(RawAddr) ||
7148	(isa<MDNode>(RawAddr) && !cast<MDNode>(RawAddr)->getNumOperands()),
7149	"invalid llvm.dbg.assign intrinsic address", &DII,
7150	DAI->getRawAddress());
7151	CheckDI(isa<DIExpression>(DAI->getRawAddressExpression()),
7152	"invalid llvm.dbg.assign intrinsic address expression", &DII,
7153	DAI->getRawAddressExpression());
7154	// All of the linked instructions should be in the same function as DII.
7155	for (Instruction *I : at::getAssignmentInsts(DAI))
7156	CheckDI(DAI->getFunction() == I->getFunction(),
7157	"inst not in same function as dbg.assign", I, DAI);
7158	}
7159
7160	// Ignore broken !dbg attachments; they're checked elsewhere.
7161	if (MDNode *N = DII.getDebugLoc().getAsMDNode())
7162	if (!isa<DILocation>(Val: N))
7163	return;
7164
7165	BasicBlock *BB = DII.getParent();
7166	Function *F = BB ? BB->getParent() : nullptr;
7167
7168	// The scopes for variables and !dbg attachments must agree.
7169	DILocalVariable *Var = DII.getVariable();
7170	DILocation *Loc = DII.getDebugLoc();
7171	CheckDI(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment",
7172	&DII, BB, F);
7173
7174	DISubprogram *VarSP = getSubprogram(LocalScope: Var->getRawScope());
7175	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7176	if (!VarSP || !LocSP)
7177	return; // Broken scope chains are checked elsewhere.
7178
7179	CheckDI(VarSP == LocSP,
7180	"mismatched subprogram between llvm.dbg." + Kind +
7181	" variable and !dbg attachment",
7182	&DII, BB, F, Var, Var->getScope()->getSubprogram(), Loc,
7183	Loc->getScope()->getSubprogram());
7184
7185	// This check is redundant with one in visitLocalVariable().
7186	CheckDI(isType(Var->getRawType()), "invalid type ref", Var,
7187	Var->getRawType());
7188	verifyFnArgs(I: DII);
7189	}
7190
7191	void Verifier::visitDbgLabelIntrinsic(StringRef Kind, DbgLabelInst &DLI) {
7192	CheckDI(isa<DILabel>(DLI.getRawLabel()),
7193	"invalid llvm.dbg." + Kind + " intrinsic variable", &DLI,
7194	DLI.getRawLabel());
7195
7196	// Ignore broken !dbg attachments; they're checked elsewhere.
7197	if (MDNode *N = DLI.getDebugLoc().getAsMDNode())
7198	if (!isa<DILocation>(Val: N))
7199	return;
7200
7201	BasicBlock *BB = DLI.getParent();
7202	Function *F = BB ? BB->getParent() : nullptr;
7203
7204	// The scopes for variables and !dbg attachments must agree.
7205	DILabel *Label = DLI.getLabel();
7206	DILocation *Loc = DLI.getDebugLoc();
7207	Check(Loc, "llvm.dbg." + Kind + " intrinsic requires a !dbg attachment", &DLI,
7208	BB, F);
7209
7210	DISubprogram *LabelSP = getSubprogram(LocalScope: Label->getRawScope());
7211	DISubprogram *LocSP = getSubprogram(LocalScope: Loc->getRawScope());
7212	if (!LabelSP || !LocSP)
7213	return;
7214
7215	CheckDI(LabelSP == LocSP,
7216	"mismatched subprogram between llvm.dbg." + Kind +
7217	" label and !dbg attachment",
7218	&DLI, BB, F, Label, Label->getScope()->getSubprogram(), Loc,
7219	Loc->getScope()->getSubprogram());
7220	}
7221
7222	void Verifier::verifyFragmentExpression(const DbgVariableIntrinsic &I) {
7223	DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: I.getRawVariable());
7224	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: I.getRawExpression());
7225
7226	// We don't know whether this intrinsic verified correctly.
7227	if (!V || !E || !E->isValid())
7228	return;
7229
7230	// Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
7231	auto Fragment = E->getFragmentInfo();
7232	if (!Fragment)
7233	return;
7234
7235	// The frontend helps out GDB by emitting the members of local anonymous
7236	// unions as artificial local variables with shared storage. When SROA splits
7237	// the storage for artificial local variables that are smaller than the entire
7238	// union, the overhang piece will be outside of the allotted space for the
7239	// variable and this check fails.
7240	// FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
7241	if (V->isArtificial())
7242	return;
7243
7244	verifyFragmentExpression(V: *V, Fragment: *Fragment, Desc: &I);
7245	}
7246	void Verifier::verifyFragmentExpression(const DbgVariableRecord &DVR) {
7247	DILocalVariable *V = dyn_cast_or_null<DILocalVariable>(Val: DVR.getRawVariable());
7248	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7249
7250	// We don't know whether this intrinsic verified correctly.
7251	if (!V || !E || !E->isValid())
7252	return;
7253
7254	// Nothing to do if this isn't a DW_OP_LLVM_fragment expression.
7255	auto Fragment = E->getFragmentInfo();
7256	if (!Fragment)
7257	return;
7258
7259	// The frontend helps out GDB by emitting the members of local anonymous
7260	// unions as artificial local variables with shared storage. When SROA splits
7261	// the storage for artificial local variables that are smaller than the entire
7262	// union, the overhang piece will be outside of the allotted space for the
7263	// variable and this check fails.
7264	// FIXME: Remove this check as soon as clang stops doing this; it hides bugs.
7265	if (V->isArtificial())
7266	return;
7267
7268	verifyFragmentExpression(V: *V, Fragment: *Fragment, Desc: &DVR);
7269	}
7270
7271	template <typename ValueOrMetadata>
7272	void Verifier::verifyFragmentExpression(const DIVariable &V,
7273	DIExpression::FragmentInfo Fragment,
7274	ValueOrMetadata *Desc) {
7275	// If there's no size, the type is broken, but that should be checked
7276	// elsewhere.
7277	auto VarSize = V.getSizeInBits();
7278	if (!VarSize)
7279	return;
7280
7281	unsigned FragSize = Fragment.SizeInBits;
7282	unsigned FragOffset = Fragment.OffsetInBits;
7283	CheckDI(FragSize + FragOffset <= *VarSize,
7284	"fragment is larger than or outside of variable", Desc, &V);
7285	CheckDI(FragSize != *VarSize, "fragment covers entire variable", Desc, &V);
7286	}
7287
7288	void Verifier::verifyFnArgs(const DbgVariableIntrinsic &I) {
7289	// This function does not take the scope of noninlined function arguments into
7290	// account. Don't run it if current function is nodebug, because it may
7291	// contain inlined debug intrinsics.
7292	if (!HasDebugInfo)
7293	return;
7294
7295	// For performance reasons only check non-inlined ones.
7296	if (I.getDebugLoc()->getInlinedAt())
7297	return;
7298
7299	DILocalVariable *Var = I.getVariable();
7300	CheckDI(Var, "dbg intrinsic without variable");
7301
7302	unsigned ArgNo = Var->getArg();
7303	if (!ArgNo)
7304	return;
7305
7306	// Verify there are no duplicate function argument debug info entries.
7307	// These will cause hard-to-debug assertions in the DWARF backend.
7308	if (DebugFnArgs.size() < ArgNo)
7309	DebugFnArgs.resize(N: ArgNo, NV: nullptr);
7310
7311	auto *Prev = DebugFnArgs[ArgNo - 1];
7312	DebugFnArgs[ArgNo - 1] = Var;
7313	CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &I,
7314	Prev, Var);
7315	}
7316	void Verifier::verifyFnArgs(const DbgVariableRecord &DVR) {
7317	// This function does not take the scope of noninlined function arguments into
7318	// account. Don't run it if current function is nodebug, because it may
7319	// contain inlined debug intrinsics.
7320	if (!HasDebugInfo)
7321	return;
7322
7323	// For performance reasons only check non-inlined ones.
7324	if (DVR.getDebugLoc()->getInlinedAt())
7325	return;
7326
7327	DILocalVariable *Var = DVR.getVariable();
7328	CheckDI(Var, "#dbg record without variable");
7329
7330	unsigned ArgNo = Var->getArg();
7331	if (!ArgNo)
7332	return;
7333
7334	// Verify there are no duplicate function argument debug info entries.
7335	// These will cause hard-to-debug assertions in the DWARF backend.
7336	if (DebugFnArgs.size() < ArgNo)
7337	DebugFnArgs.resize(N: ArgNo, NV: nullptr);
7338
7339	auto *Prev = DebugFnArgs[ArgNo - 1];
7340	DebugFnArgs[ArgNo - 1] = Var;
7341	CheckDI(!Prev || (Prev == Var), "conflicting debug info for argument", &DVR,
7342	Prev, Var);
7343	}
7344
7345	void Verifier::verifyNotEntryValue(const DbgVariableIntrinsic &I) {
7346	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: I.getRawExpression());
7347
7348	// We don't know whether this intrinsic verified correctly.
7349	if (!E || !E->isValid())
7350	return;
7351
7352	if (isa<ValueAsMetadata>(Val: I.getRawLocation())) {
7353	Value *VarValue = I.getVariableLocationOp(OpIdx: 0);
7354	if (isa<UndefValue>(Val: VarValue) || isa<PoisonValue>(Val: VarValue))
7355	return;
7356	// We allow EntryValues for swift async arguments, as they have an
7357	// ABI-guarantee to be turned into a specific register.
7358	if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
7359	ArgLoc && ArgLoc->hasAttribute(Kind: Attribute::SwiftAsync))
7360	return;
7361	}
7362
7363	CheckDI(!E->isEntryValue(),
7364	"Entry values are only allowed in MIR unless they target a "
7365	"swiftasync Argument",
7366	&I);
7367	}
7368	void Verifier::verifyNotEntryValue(const DbgVariableRecord &DVR) {
7369	DIExpression *E = dyn_cast_or_null<DIExpression>(Val: DVR.getRawExpression());
7370
7371	// We don't know whether this intrinsic verified correctly.
7372	if (!E || !E->isValid())
7373	return;
7374
7375	if (isa<ValueAsMetadata>(Val: DVR.getRawLocation())) {
7376	Value *VarValue = DVR.getVariableLocationOp(OpIdx: 0);
7377	if (isa<UndefValue>(Val: VarValue) || isa<PoisonValue>(Val: VarValue))
7378	return;
7379	// We allow EntryValues for swift async arguments, as they have an
7380	// ABI-guarantee to be turned into a specific register.
7381	if (auto *ArgLoc = dyn_cast_or_null<Argument>(Val: VarValue);
7382	ArgLoc && ArgLoc->hasAttribute(Kind: Attribute::SwiftAsync))
7383	return;
7384	}
7385
7386	CheckDI(!E->isEntryValue(),
7387	"Entry values are only allowed in MIR unless they target a "
7388	"swiftasync Argument",
7389	&DVR);
7390	}
7391
7392	void Verifier::verifyCompileUnits() {
7393	// When more than one Module is imported into the same context, such as during
7394	// an LTO build before linking the modules, ODR type uniquing may cause types
7395	// to point to a different CU. This check does not make sense in this case.
7396	if (M.getContext().isODRUniquingDebugTypes())
7397	return;
7398	auto *CUs = M.getNamedMetadata(Name: "llvm.dbg.cu");
7399	SmallPtrSet<const Metadata *, 2> Listed;
7400	if (CUs)
7401	Listed.insert_range(R: CUs->operands());
7402	for (const auto *CU : CUVisited)
7403	CheckDI(Listed.count(CU), "DICompileUnit not listed in llvm.dbg.cu", CU);
7404	CUVisited.clear();
7405	}
7406
7407	void Verifier::verifyDeoptimizeCallingConvs() {
7408	if (DeoptimizeDeclarations.empty())
7409	return;
7410
7411	const Function *First = DeoptimizeDeclarations[0];
7412	for (const auto *F : ArrayRef(DeoptimizeDeclarations).slice(N: 1)) {
7413	Check(First->getCallingConv() == F->getCallingConv(),
7414	"All llvm.experimental.deoptimize declarations must have the same "
7415	"calling convention",
7416	First, F);
7417	}
7418	}
7419
7420	void Verifier::verifyAttachedCallBundle(const CallBase &Call,
7421	const OperandBundleUse &BU) {
7422	FunctionType *FTy = Call.getFunctionType();
7423
7424	Check((FTy->getReturnType()->isPointerTy() ||
7425	(Call.doesNotReturn() && FTy->getReturnType()->isVoidTy())),
7426	"a call with operand bundle \"clang.arc.attachedcall\" must call a "
7427	"function returning a pointer or a non-returning function that has a "
7428	"void return type",
7429	Call);
7430
7431	Check(BU.Inputs.size() == 1 && isa<Function>(BU.Inputs.front()),
7432	"operand bundle \"clang.arc.attachedcall\" requires one function as "
7433	"an argument",
7434	Call);
7435
7436	auto *Fn = cast<Function>(Val: BU.Inputs.front());
7437	Intrinsic::ID IID = Fn->getIntrinsicID();
7438
7439	if (IID) {
7440	Check((IID == Intrinsic::objc_retainAutoreleasedReturnValue ||
7441	IID == Intrinsic::objc_claimAutoreleasedReturnValue ||
7442	IID == Intrinsic::objc_unsafeClaimAutoreleasedReturnValue),
7443	"invalid function argument", Call);
7444	} else {
7445	StringRef FnName = Fn->getName();
7446	Check((FnName == "objc_retainAutoreleasedReturnValue" ||
7447	FnName == "objc_claimAutoreleasedReturnValue" ||
7448	FnName == "objc_unsafeClaimAutoreleasedReturnValue"),
7449	"invalid function argument", Call);
7450	}
7451	}
7452
7453	void Verifier::verifyNoAliasScopeDecl() {
7454	if (NoAliasScopeDecls.empty())
7455	return;
7456
7457	// only a single scope must be declared at a time.
7458	for (auto *II : NoAliasScopeDecls) {
7459	assert(II->getIntrinsicID() == Intrinsic::experimental_noalias_scope_decl &&
7460	"Not a llvm.experimental.noalias.scope.decl ?");
7461	const auto *ScopeListMV = dyn_cast<MetadataAsValue>(
7462	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7463	Check(ScopeListMV != nullptr,
7464	"llvm.experimental.noalias.scope.decl must have a MetadataAsValue "
7465	"argument",
7466	II);
7467
7468	const auto *ScopeListMD = dyn_cast<MDNode>(Val: ScopeListMV->getMetadata());
7469	Check(ScopeListMD != nullptr, "!id.scope.list must point to an MDNode", II);
7470	Check(ScopeListMD->getNumOperands() == 1,
7471	"!id.scope.list must point to a list with a single scope", II);
7472	visitAliasScopeListMetadata(MD: ScopeListMD);
7473	}
7474
7475	// Only check the domination rule when requested. Once all passes have been
7476	// adapted this option can go away.
7477	if (!VerifyNoAliasScopeDomination)
7478	return;
7479
7480	// Now sort the intrinsics based on the scope MDNode so that declarations of
7481	// the same scopes are next to each other.
7482	auto GetScope = [](IntrinsicInst *II) {
7483	const auto *ScopeListMV = cast<MetadataAsValue>(
7484	Val: II->getOperand(i_nocapture: Intrinsic::NoAliasScopeDeclScopeArg));
7485	return &cast<MDNode>(Val: ScopeListMV->getMetadata())->getOperand(I: 0);
7486	};
7487
7488	// We are sorting on MDNode pointers here. For valid input IR this is ok.
7489	// TODO: Sort on Metadata ID to avoid non-deterministic error messages.
7490	auto Compare = [GetScope](IntrinsicInst *Lhs, IntrinsicInst *Rhs) {
7491	return GetScope(Lhs) < GetScope(Rhs);
7492	};
7493
7494	llvm::sort(C&: NoAliasScopeDecls, Comp: Compare);
7495
7496	// Go over the intrinsics and check that for the same scope, they are not
7497	// dominating each other.
7498	auto ItCurrent = NoAliasScopeDecls.begin();
7499	while (ItCurrent != NoAliasScopeDecls.end()) {
7500	auto CurScope = GetScope(*ItCurrent);
7501	auto ItNext = ItCurrent;
7502	do {
7503	++ItNext;
7504	} while (ItNext != NoAliasScopeDecls.end() &&
7505	GetScope(*ItNext) == CurScope);
7506
7507	// [ItCurrent, ItNext) represents the declarations for the same scope.
7508	// Ensure they are not dominating each other.. but only if it is not too
7509	// expensive.
7510	if (ItNext - ItCurrent < 32)
7511	for (auto *I : llvm::make_range(x: ItCurrent, y: ItNext))
7512	for (auto *J : llvm::make_range(x: ItCurrent, y: ItNext))
7513	if (I != J)
7514	Check(!DT.dominates(I, J),
7515	"llvm.experimental.noalias.scope.decl dominates another one "
7516	"with the same scope",
7517	I);
7518	ItCurrent = ItNext;
7519	}
7520	}
7521
7522	//===----------------------------------------------------------------------===//
7523	// Implement the public interfaces to this file...
7524	//===----------------------------------------------------------------------===//
7525
7526	bool llvm::verifyFunction(const Function &f, raw_ostream *OS) {
7527	Function &F = const_cast<Function &>(f);
7528
7529	// Don't use a raw_null_ostream. Printing IR is expensive.
7530	Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/true, *f.getParent());
7531
7532	// Note that this function's return value is inverted from what you would
7533	// expect of a function called "verify".
7534	return !V.verify(F);
7535	}
7536
7537	bool llvm::verifyModule(const Module &M, raw_ostream *OS,
7538	bool *BrokenDebugInfo) {
7539	// Don't use a raw_null_ostream. Printing IR is expensive.
7540	Verifier V(OS, /*ShouldTreatBrokenDebugInfoAsError=*/!BrokenDebugInfo, M);
7541
7542	bool Broken = false;
7543	for (const Function &F : M)
7544	Broken |= !V.verify(F);
7545
7546	Broken |= !V.verify();
7547	if (BrokenDebugInfo)
7548	*BrokenDebugInfo = V.hasBrokenDebugInfo();
7549	// Note that this function's return value is inverted from what you would
7550	// expect of a function called "verify".
7551	return Broken;
7552	}
7553
7554	namespace {
7555
7556	struct VerifierLegacyPass : public FunctionPass {
7557	static char ID;
7558
7559	std::unique_ptr<Verifier> V;
7560	bool FatalErrors = true;
7561
7562	VerifierLegacyPass() : FunctionPass(ID) {
7563	initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7564	}
7565	explicit VerifierLegacyPass(bool FatalErrors)
7566	: FunctionPass(ID),
7567	FatalErrors(FatalErrors) {
7568	initializeVerifierLegacyPassPass(*PassRegistry::getPassRegistry());
7569	}
7570
7571	bool doInitialization(Module &M) override {
7572	V = std::make_unique<Verifier>(
7573	args: &dbgs(), /*ShouldTreatBrokenDebugInfoAsError=*/args: false, args&: M);
7574	return false;
7575	}
7576
7577	bool runOnFunction(Function &F) override {
7578	if (!V->verify(F) && FatalErrors) {
7579	errs() << "in function " << F.getName() << '\n';
7580	report_fatal_error(reason: "Broken function found, compilation aborted!");
7581	}
7582	return false;
7583	}
7584
7585	bool doFinalization(Module &M) override {
7586	bool HasErrors = false;
7587	for (Function &F : M)
7588	if (F.isDeclaration())
7589	HasErrors |= !V->verify(F);
7590
7591	HasErrors |= !V->verify();
7592	if (FatalErrors && (HasErrors || V->hasBrokenDebugInfo()))
7593	report_fatal_error(reason: "Broken module found, compilation aborted!");
7594	return false;
7595	}
7596
7597	void getAnalysisUsage(AnalysisUsage &AU) const override {
7598	AU.setPreservesAll();
7599	}
7600	};
7601
7602	} // end anonymous namespace
7603
7604	/// Helper to issue failure from the TBAA verification
7605	template <typename... Tys> void TBAAVerifier::CheckFailed(Tys &&... Args) {
7606	if (Diagnostic)
7607	return Diagnostic->CheckFailed(Args...);
7608	}
7609
7610	#define CheckTBAA(C, ...) \
7611	do { \
7612	if (!(C)) { \
7613	CheckFailed(__VA_ARGS__); \
7614	return false; \
7615	} \
7616	} while (false)
7617
7618	/// Verify that \p BaseNode can be used as the "base type" in the struct-path
7619	/// TBAA scheme. This means \p BaseNode is either a scalar node, or a
7620	/// struct-type node describing an aggregate data structure (like a struct).
7621	TBAAVerifier::TBAABaseNodeSummary
7622	TBAAVerifier::verifyTBAABaseNode(Instruction &I, const MDNode *BaseNode,
7623	bool IsNewFormat) {
7624	if (BaseNode->getNumOperands() < 2) {
7625	CheckFailed(Args: "Base nodes must have at least two operands", Args: &I, Args&: BaseNode);
7626	return {true, ~0u};
7627	}
7628
7629	auto Itr = TBAABaseNodes.find(Val: BaseNode);
7630	if (Itr != TBAABaseNodes.end())
7631	return Itr->second;
7632
7633	auto Result = verifyTBAABaseNodeImpl(I, BaseNode, IsNewFormat);
7634	auto InsertResult = TBAABaseNodes.insert(KV: {BaseNode, Result});
7635	(void)InsertResult;
7636	assert(InsertResult.second && "We just checked!");
7637	return Result;
7638	}
7639
7640	TBAAVerifier::TBAABaseNodeSummary
7641	TBAAVerifier::verifyTBAABaseNodeImpl(Instruction &I, const MDNode *BaseNode,
7642	bool IsNewFormat) {
7643	const TBAAVerifier::TBAABaseNodeSummary InvalidNode = {true, ~0u};
7644
7645	if (BaseNode->getNumOperands() == 2) {
7646	// Scalar nodes can only be accessed at offset 0.
7647	return isValidScalarTBAANode(MD: BaseNode)
7648	? TBAAVerifier::TBAABaseNodeSummary({false, 0})
7649	: InvalidNode;
7650	}
7651
7652	if (IsNewFormat) {
7653	if (BaseNode->getNumOperands() % 3 != 0) {
7654	CheckFailed(Args: "Access tag nodes must have the number of operands that is a "
7655	"multiple of 3!", Args&: BaseNode);
7656	return InvalidNode;
7657	}
7658	} else {
7659	if (BaseNode->getNumOperands() % 2 != 1) {
7660	CheckFailed(Args: "Struct tag nodes must have an odd number of operands!",
7661	Args&: BaseNode);
7662	return InvalidNode;
7663	}
7664	}
7665
7666	// Check the type size field.
7667	if (IsNewFormat) {
7668	auto *TypeSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7669	MD: BaseNode->getOperand(I: 1));
7670	if (!TypeSizeNode) {
7671	CheckFailed(Args: "Type size nodes must be constants!", Args: &I, Args&: BaseNode);
7672	return InvalidNode;
7673	}
7674	}
7675
7676	// Check the type name field. In the new format it can be anything.
7677	if (!IsNewFormat && !isa<MDString>(Val: BaseNode->getOperand(I: 0))) {
7678	CheckFailed(Args: "Struct tag nodes have a string as their first operand",
7679	Args&: BaseNode);
7680	return InvalidNode;
7681	}
7682
7683	bool Failed = false;
7684
7685	std::optional<APInt> PrevOffset;
7686	unsigned BitWidth = ~0u;
7687
7688	// We've already checked that BaseNode is not a degenerate root node with one
7689	// operand in \c verifyTBAABaseNode, so this loop should run at least once.
7690	unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
7691	unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
7692	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7693	Idx += NumOpsPerField) {
7694	const MDOperand &FieldTy = BaseNode->getOperand(I: Idx);
7695	const MDOperand &FieldOffset = BaseNode->getOperand(I: Idx + 1);
7696	if (!isa<MDNode>(Val: FieldTy)) {
7697	CheckFailed(Args: "Incorrect field entry in struct type node!", Args: &I, Args&: BaseNode);
7698	Failed = true;
7699	continue;
7700	}
7701
7702	auto *OffsetEntryCI =
7703	mdconst::dyn_extract_or_null<ConstantInt>(MD: FieldOffset);
7704	if (!OffsetEntryCI) {
7705	CheckFailed(Args: "Offset entries must be constants!", Args: &I, Args&: BaseNode);
7706	Failed = true;
7707	continue;
7708	}
7709
7710	if (BitWidth == ~0u)
7711	BitWidth = OffsetEntryCI->getBitWidth();
7712
7713	if (OffsetEntryCI->getBitWidth() != BitWidth) {
7714	CheckFailed(
7715	Args: "Bitwidth between the offsets and struct type entries must match", Args: &I,
7716	Args&: BaseNode);
7717	Failed = true;
7718	continue;
7719	}
7720
7721	// NB! As far as I can tell, we generate a non-strictly increasing offset
7722	// sequence only from structs that have zero size bit fields. When
7723	// recursing into a contained struct in \c getFieldNodeFromTBAABaseNode we
7724	// pick the field lexically the latest in struct type metadata node. This
7725	// mirrors the actual behavior of the alias analysis implementation.
7726	bool IsAscending =
7727	!PrevOffset || PrevOffset->ule(RHS: OffsetEntryCI->getValue());
7728
7729	if (!IsAscending) {
7730	CheckFailed(Args: "Offsets must be increasing!", Args: &I, Args&: BaseNode);
7731	Failed = true;
7732	}
7733
7734	PrevOffset = OffsetEntryCI->getValue();
7735
7736	if (IsNewFormat) {
7737	auto *MemberSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7738	MD: BaseNode->getOperand(I: Idx + 2));
7739	if (!MemberSizeNode) {
7740	CheckFailed(Args: "Member size entries must be constants!", Args: &I, Args&: BaseNode);
7741	Failed = true;
7742	continue;
7743	}
7744	}
7745	}
7746
7747	return Failed ? InvalidNode
7748	: TBAAVerifier::TBAABaseNodeSummary(false, BitWidth);
7749	}
7750
7751	static bool IsRootTBAANode(const MDNode *MD) {
7752	return MD->getNumOperands() < 2;
7753	}
7754
7755	static bool IsScalarTBAANodeImpl(const MDNode *MD,
7756	SmallPtrSetImpl<const MDNode *> &Visited) {
7757	if (MD->getNumOperands() != 2 && MD->getNumOperands() != 3)
7758	return false;
7759
7760	if (!isa<MDString>(Val: MD->getOperand(I: 0)))
7761	return false;
7762
7763	if (MD->getNumOperands() == 3) {
7764	auto *Offset = mdconst::dyn_extract<ConstantInt>(MD: MD->getOperand(I: 2));
7765	if (!(Offset && Offset->isZero() && isa<MDString>(Val: MD->getOperand(I: 0))))
7766	return false;
7767	}
7768
7769	auto *Parent = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
7770	return Parent && Visited.insert(Ptr: Parent).second &&
7771	(IsRootTBAANode(MD: Parent) || IsScalarTBAANodeImpl(MD: Parent, Visited));
7772	}
7773
7774	bool TBAAVerifier::isValidScalarTBAANode(const MDNode *MD) {
7775	auto ResultIt = TBAAScalarNodes.find(Val: MD);
7776	if (ResultIt != TBAAScalarNodes.end())
7777	return ResultIt->second;
7778
7779	SmallPtrSet<const MDNode *, 4> Visited;
7780	bool Result = IsScalarTBAANodeImpl(MD, Visited);
7781	auto InsertResult = TBAAScalarNodes.insert(KV: {MD, Result});
7782	(void)InsertResult;
7783	assert(InsertResult.second && "Just checked!");
7784
7785	return Result;
7786	}
7787
7788	/// Returns the field node at the offset \p Offset in \p BaseNode. Update \p
7789	/// Offset in place to be the offset within the field node returned.
7790	///
7791	/// We assume we've okayed \p BaseNode via \c verifyTBAABaseNode.
7792	MDNode *TBAAVerifier::getFieldNodeFromTBAABaseNode(Instruction &I,
7793	const MDNode *BaseNode,
7794	APInt &Offset,
7795	bool IsNewFormat) {
7796	assert(BaseNode->getNumOperands() >= 2 && "Invalid base node!");
7797
7798	// Scalar nodes have only one possible "field" -- their parent in the access
7799	// hierarchy. Offset must be zero at this point, but our caller is supposed
7800	// to check that.
7801	if (BaseNode->getNumOperands() == 2)
7802	return cast<MDNode>(Val: BaseNode->getOperand(I: 1));
7803
7804	unsigned FirstFieldOpNo = IsNewFormat ? 3 : 1;
7805	unsigned NumOpsPerField = IsNewFormat ? 3 : 2;
7806	for (unsigned Idx = FirstFieldOpNo; Idx < BaseNode->getNumOperands();
7807	Idx += NumOpsPerField) {
7808	auto *OffsetEntryCI =
7809	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: Idx + 1));
7810	if (OffsetEntryCI->getValue().ugt(RHS: Offset)) {
7811	if (Idx == FirstFieldOpNo) {
7812	CheckFailed(Args: "Could not find TBAA parent in struct type node", Args: &I,
7813	Args&: BaseNode, Args: &Offset);
7814	return nullptr;
7815	}
7816
7817	unsigned PrevIdx = Idx - NumOpsPerField;
7818	auto *PrevOffsetEntryCI =
7819	mdconst::extract<ConstantInt>(MD: BaseNode->getOperand(I: PrevIdx + 1));
7820	Offset -= PrevOffsetEntryCI->getValue();
7821	return cast<MDNode>(Val: BaseNode->getOperand(I: PrevIdx));
7822	}
7823	}
7824
7825	unsigned LastIdx = BaseNode->getNumOperands() - NumOpsPerField;
7826	auto *LastOffsetEntryCI = mdconst::extract<ConstantInt>(
7827	MD: BaseNode->getOperand(I: LastIdx + 1));
7828	Offset -= LastOffsetEntryCI->getValue();
7829	return cast<MDNode>(Val: BaseNode->getOperand(I: LastIdx));
7830	}
7831
7832	static bool isNewFormatTBAATypeNode(llvm::MDNode *Type) {
7833	if (!Type || Type->getNumOperands() < 3)
7834	return false;
7835
7836	// In the new format type nodes shall have a reference to the parent type as
7837	// its first operand.
7838	return isa_and_nonnull<MDNode>(Val: Type->getOperand(I: 0));
7839	}
7840
7841	bool TBAAVerifier::visitTBAAMetadata(Instruction &I, const MDNode *MD) {
7842	CheckTBAA(MD->getNumOperands() > 0, "TBAA metadata cannot have 0 operands",
7843	&I, MD);
7844
7845	CheckTBAA(isa<LoadInst>(I) || isa<StoreInst>(I) || isa<CallInst>(I) ||
7846	isa<VAArgInst>(I) || isa<AtomicRMWInst>(I) ||
7847	isa<AtomicCmpXchgInst>(I),
7848	"This instruction shall not have a TBAA access tag!", &I);
7849
7850	bool IsStructPathTBAA =
7851	isa<MDNode>(Val: MD->getOperand(I: 0)) && MD->getNumOperands() >= 3;
7852
7853	CheckTBAA(IsStructPathTBAA,
7854	"Old-style TBAA is no longer allowed, use struct-path TBAA instead",
7855	&I);
7856
7857	MDNode *BaseNode = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 0));
7858	MDNode *AccessType = dyn_cast_or_null<MDNode>(Val: MD->getOperand(I: 1));
7859
7860	bool IsNewFormat = isNewFormatTBAATypeNode(Type: AccessType);
7861
7862	if (IsNewFormat) {
7863	CheckTBAA(MD->getNumOperands() == 4 || MD->getNumOperands() == 5,
7864	"Access tag metadata must have either 4 or 5 operands", &I, MD);
7865	} else {
7866	CheckTBAA(MD->getNumOperands() < 5,
7867	"Struct tag metadata must have either 3 or 4 operands", &I, MD);
7868	}
7869
7870	// Check the access size field.
7871	if (IsNewFormat) {
7872	auto *AccessSizeNode = mdconst::dyn_extract_or_null<ConstantInt>(
7873	MD: MD->getOperand(I: 3));
7874	CheckTBAA(AccessSizeNode, "Access size field must be a constant", &I, MD);
7875	}
7876
7877	// Check the immutability flag.
7878	unsigned ImmutabilityFlagOpNo = IsNewFormat ? 4 : 3;
7879	if (MD->getNumOperands() == ImmutabilityFlagOpNo + 1) {
7880	auto *IsImmutableCI = mdconst::dyn_extract_or_null<ConstantInt>(
7881	MD: MD->getOperand(I: ImmutabilityFlagOpNo));
7882	CheckTBAA(IsImmutableCI,
7883	"Immutability tag on struct tag metadata must be a constant", &I,
7884	MD);
7885	CheckTBAA(
7886	IsImmutableCI->isZero() || IsImmutableCI->isOne(),
7887	"Immutability part of the struct tag metadata must be either 0 or 1",
7888	&I, MD);
7889	}
7890
7891	CheckTBAA(BaseNode && AccessType,
7892	"Malformed struct tag metadata: base and access-type "
7893	"should be non-null and point to Metadata nodes",
7894	&I, MD, BaseNode, AccessType);
7895
7896	if (!IsNewFormat) {
7897	CheckTBAA(isValidScalarTBAANode(AccessType),
7898	"Access type node must be a valid scalar type", &I, MD,
7899	AccessType);
7900	}
7901
7902	auto *OffsetCI = mdconst::dyn_extract_or_null<ConstantInt>(MD: MD->getOperand(I: 2));
7903	CheckTBAA(OffsetCI, "Offset must be constant integer", &I, MD);
7904
7905	APInt Offset = OffsetCI->getValue();
7906	bool SeenAccessTypeInPath = false;
7907
7908	SmallPtrSet<MDNode *, 4> StructPath;
7909
7910	for (/* empty */; BaseNode && !IsRootTBAANode(MD: BaseNode);
7911	BaseNode = getFieldNodeFromTBAABaseNode(I, BaseNode, Offset,
7912	IsNewFormat)) {
7913	if (!StructPath.insert(Ptr: BaseNode).second) {
7914	CheckFailed(Args: "Cycle detected in struct path", Args: &I, Args&: MD);
7915	return false;
7916	}
7917
7918	bool Invalid;
7919	unsigned BaseNodeBitWidth;
7920	std::tie(args&: Invalid, args&: BaseNodeBitWidth) = verifyTBAABaseNode(I, BaseNode,
7921	IsNewFormat);
7922
7923	// If the base node is invalid in itself, then we've already printed all the
7924	// errors we wanted to print.
7925	if (Invalid)
7926	return false;
7927
7928	SeenAccessTypeInPath |= BaseNode == AccessType;
7929
7930	if (isValidScalarTBAANode(MD: BaseNode) || BaseNode == AccessType)
7931	CheckTBAA(Offset == 0, "Offset not zero at the point of scalar access",
7932	&I, MD, &Offset);
7933
7934	CheckTBAA(BaseNodeBitWidth == Offset.getBitWidth() ||
7935	(BaseNodeBitWidth == 0 && Offset == 0) ||
7936	(IsNewFormat && BaseNodeBitWidth == ~0u),
7937	"Access bit-width not the same as description bit-width", &I, MD,
7938	BaseNodeBitWidth, Offset.getBitWidth());
7939
7940	if (IsNewFormat && SeenAccessTypeInPath)
7941	break;
7942	}
7943
7944	CheckTBAA(SeenAccessTypeInPath, "Did not see access type in access path!", &I,
7945	MD);
7946	return true;
7947	}
7948
7949	char VerifierLegacyPass::ID = 0;
7950	INITIALIZE_PASS(VerifierLegacyPass, "verify", "Module Verifier", false, false)
7951
7952	FunctionPass *llvm::createVerifierPass(bool FatalErrors) {
7953	return new VerifierLegacyPass(FatalErrors);
7954	}
7955
7956	AnalysisKey VerifierAnalysis::Key;
7957	VerifierAnalysis::Result VerifierAnalysis::run(Module &M,
7958	ModuleAnalysisManager &) {
7959	Result Res;
7960	Res.IRBroken = llvm::verifyModule(M, OS: &dbgs(), BrokenDebugInfo: &Res.DebugInfoBroken);
7961	return Res;
7962	}
7963
7964	VerifierAnalysis::Result VerifierAnalysis::run(Function &F,
7965	FunctionAnalysisManager &) {
7966	return { .IRBroken: llvm::verifyFunction(f: F, OS: &dbgs()), .DebugInfoBroken: false };
7967	}
7968
7969	PreservedAnalyses VerifierPass::run(Module &M, ModuleAnalysisManager &AM) {
7970	auto Res = AM.getResult<VerifierAnalysis>(IR&: M);
7971	if (FatalErrors && (Res.IRBroken || Res.DebugInfoBroken))
7972	report_fatal_error(reason: "Broken module found, compilation aborted!");
7973
7974	return PreservedAnalyses::all();
7975	}
7976
7977	PreservedAnalyses VerifierPass::run(Function &F, FunctionAnalysisManager &AM) {
7978	auto res = AM.getResult<VerifierAnalysis>(IR&: F);
7979	if (res.IRBroken && FatalErrors)
7980	report_fatal_error(reason: "Broken function found, compilation aborted!");
7981
7982	return PreservedAnalyses::all();
7983	}
7984