Introduce an assertion configuration for "release with bounds safety"

DougGregor · DougGregor · commit ae9238e10bd1 · 2024-01-30T18:11:22.000-08:00
To support the introduction of bounds checks for the unsafe buffer pointer
types, introduce a new assertion confirmation that is for release builds
that also have this buffer safety. It can be enabled with the experimental
feature `UnsafePointerBoundsSafety` in normal builds, or (for testing)
the `ReleaseWithBoundsSafety` assert configuration.

The end goal of this approach to change the experimental feature to
an upcoming feature, which will also enabled with Swift 6.
diff --git a/include/swift/AST/SILOptions.h b/include/swift/AST/SILOptions.h
@@ -198,6 +198,7 @@ class SILOptions {
     Debug = 0,     // Enables all asserts.
     Release = 1,   // Disables asserts.
     Unchecked = 2, // Disables asserts, preconditions, and runtime checks.
+    ReleaseWithBoundsSafety = 3, // Enables all asserts + bounds checks for unsafe pointers
 
     // Leave the assert_configuration instruction around.
     DisableReplacement = UINT_MAX
diff --git a/include/swift/Basic/Features.def b/include/swift/Basic/Features.def
@@ -129,6 +129,8 @@ UPCOMING_FEATURE(FullTypedThrows, 413, 6)
 
 UPCOMING_FEATURE(ExistentialAny, 335, 7)
 
+EXPERIMENTAL_FEATURE(UnsafePointerBoundsSafety, true)
+
 EXPERIMENTAL_FEATURE(StaticAssert, false)
 EXPERIMENTAL_FEATURE(NamedOpaqueTypes, false)
 EXPERIMENTAL_FEATURE(FlowSensitiveConcurrencyCaptures, false)
diff --git a/include/swift/Option/Options.td b/include/swift/Option/Options.td
@@ -1055,7 +1055,7 @@ def debug_info_store_invocation : Flag<["-"], "debug-info-store-invocation">,
 def AssertConfig : Separate<["-"], "assert-config">,
   Flags<[FrontendOption, ModuleInterfaceOption]>,
   HelpText<"Specify the assert_configuration replacement. "
-           "Possible values are Debug, Release, Unchecked, DisableReplacement.">;
+           "Possible values are Debug, Release, Unchecked, ReleaseWithBoundsSafety, DisableReplacement.">;
 
 // Code formatting options
 
diff --git a/include/swift/SILOptimizer/OptimizerBridging.h b/include/swift/SILOptimizer/OptimizerBridging.h
@@ -298,7 +298,8 @@ struct BridgedPassContext {
   enum class AssertConfiguration {
     Debug = 0,
     Release = 1,
-    Unchecked = 2
+    Unchecked = 2,
+    ReleaseWithBoundsSafety = 3,
   };
 
   BRIDGED_INLINE bool enableStackProtection() const;
diff --git a/include/swift/SILOptimizer/OptimizerBridgingImpl.h b/include/swift/SILOptimizer/OptimizerBridgingImpl.h
@@ -443,6 +443,7 @@ static_assert((int)BridgedPassContext::SILStage::Lowered == (int)swift::SILStage
 static_assert((int)BridgedPassContext::AssertConfiguration::Debug == (int)swift::SILOptions::Debug);
 static_assert((int)BridgedPassContext::AssertConfiguration::Release == (int)swift::SILOptions::Release);
 static_assert((int)BridgedPassContext::AssertConfiguration::Unchecked == (int)swift::SILOptions::Unchecked);
+static_assert((int)BridgedPassContext::AssertConfiguration::ReleaseWithBoundsSafety == (int)swift::SILOptions::ReleaseWithBoundsSafety);
 
 SWIFT_END_NULLABILITY_ANNOTATIONS
 
diff --git a/lib/AST/ASTPrinter.cpp b/lib/AST/ASTPrinter.cpp
@@ -3940,6 +3940,10 @@ static bool usesFeaturePreconcurrencyConformances(Decl *decl) {
 
 static bool usesFeatureBorrowingSwitch(Decl *decl) { return false; }
 
+static bool usesFeatureUnsafePointerBoundsSafety(Decl *decl) {
+  return false;
+}
+
 /// Suppress the printing of a particular feature.
 static void suppressingFeature(PrintOptions &options, Feature feature,
                                llvm::function_ref<void()> action) {
diff --git a/lib/ASTGen/Sources/ASTGen/Macros.swift b/lib/ASTGen/Sources/ASTGen/Macros.swift
@@ -608,7 +608,7 @@ func findSyntaxNodeInSourceFile<Node: SyntaxProtocol>(
 
   let sourceFilePtr = sourceFilePtr.assumingMemoryBound(to: ExportedSourceFile.self)
 
-  // Find the offset.
+  // Find the offset in this buffer.
   let buffer = sourceFilePtr.pointee.buffer
   let offset = sourceLocationPtr - buffer.baseAddress!
   if offset < 0 || offset >= buffer.count {
diff --git a/lib/Frontend/CompilerInvocation.cpp b/lib/Frontend/CompilerInvocation.cpp
@@ -2023,6 +2023,7 @@ void parseExclusivityEnforcementOptions(const llvm::opt::Arg *A,
 
 static bool ParseSILArgs(SILOptions &Opts, ArgList &Args,
                          IRGenOptions &IRGenOpts,
+                         const LangOptions &LangOpts,
                          const FrontendOptions &FEOpts,
                          const TypeCheckerOptions &TCOpts,
                          DiagnosticEngine &Diags,
@@ -2111,6 +2112,8 @@ static bool ParseSILArgs(SILOptions &Opts, ArgList &Args,
       Opts.AssertConfig = SILOptions::Release;
     } else if (Configuration == "Unchecked") {
       Opts.AssertConfig = SILOptions::Unchecked;
+    } else if (Configuration == "ReleaseWithBoundsSafety") {
+      Opts.AssertConfig = SILOptions::ReleaseWithBoundsSafety;
     } else {
       Diags.diagnose(SourceLoc(), diag::error_invalid_arg_value,
                      A->getAsString(Args), A->getValue());
@@ -2124,7 +2127,11 @@ static bool ParseSILArgs(SILOptions &Opts, ArgList &Args,
     // Set the assert configuration according to the optimization level if it
     // has not been set by the -Ounchecked flag.
     Opts.AssertConfig =
-        (IRGenOpts.shouldOptimize() ? SILOptions::Release : SILOptions::Debug);
+        IRGenOpts.shouldOptimize()
+         ? (LangOpts.hasFeature(Feature::UnsafePointerBoundsSafety)
+              ? SILOptions::ReleaseWithBoundsSafety
+              : SILOptions::Release)
+         : SILOptions::Debug;
   }
 
   // -Ounchecked might also set removal of runtime asserts (cond_fail).
@@ -3193,7 +3200,7 @@ bool CompilerInvocation::parseArgs(
     return true;
   }
 
-  if (ParseSILArgs(SILOpts, ParsedArgs, IRGenOpts, FrontendOpts,
+  if (ParseSILArgs(SILOpts, ParsedArgs, IRGenOpts, LangOpts, FrontendOpts,
                    TypeCheckerOpts, Diags,
                    LangOpts.Target, ClangImporterOpts)) {
     return true;
diff --git a/stdlib/public/Concurrency/ExecutorAssertions.swift b/stdlib/public/Concurrency/ExecutorAssertions.swift
@@ -53,7 +53,8 @@ extension SerialExecutor {
       _ message: @autoclosure () -> String = String(),
       file: StaticString = #fileID, line: UInt = #line
   ) {
-    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() else {
+    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() ||
+        _isReleaseAssertWithBoundsSafetyConfiguration() else {
       return
     }
 
@@ -102,7 +103,8 @@ extension Actor {
       _ message: @autoclosure () -> String = String(),
       file: StaticString = #fileID, line: UInt = #line
   ) {
-    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() else {
+    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() ||
+        _isReleaseAssertWithBoundsSafetyConfiguration() else {
       return
     }
 
diff --git a/stdlib/public/Distributed/DistributedAssertions.swift b/stdlib/public/Distributed/DistributedAssertions.swift
@@ -47,7 +47,8 @@ extension DistributedActor {
       _ message: @autoclosure () -> String = String(),
       file: StaticString = #fileID, line: UInt = #line
   ) {
-    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() else {
+    guard _isDebugAssertConfiguration() || _isReleaseAssertConfiguration() ||
+        _isReleaseAssertWithBoundsSafetyConfiguration() else {
       return
     }
 
diff --git a/stdlib/public/core/Assert.swift b/stdlib/public/core/Assert.swift
@@ -110,7 +110,7 @@ public func precondition(
       _assertionFailure("Precondition failed", message(), file: file, line: line,
         flags: _fatalErrorFlags())
     }
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     let error = !condition()
     Builtin.condfail_message(error._value,
       StaticString("precondition failure").unsafeRawPointer)
@@ -130,7 +130,7 @@ public func precondition(
       _assertionFailure("Precondition failed", message(), file: file, line: line,
         flags: _fatalErrorFlags())
     }
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     let error = !condition()
     Builtin.condfail_message(error._value,
       StaticString("precondition failure").unsafeRawPointer)
@@ -229,7 +229,7 @@ public func preconditionFailure(
   if _isDebugAssertConfiguration() {
     _assertionFailure("Fatal error", message(), file: file, line: line,
       flags: _fatalErrorFlags())
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     Builtin.condfail_message(true._value,
       StaticString("precondition failure").unsafeRawPointer)
   }
@@ -246,7 +246,7 @@ public func preconditionFailure(
   if _isDebugAssertConfiguration() {
     _assertionFailure("Fatal error", message(), file: file, line: line,
       flags: _fatalErrorFlags())
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     Builtin.condfail_message(true._value,
       StaticString("precondition failure").unsafeRawPointer)
   }
@@ -300,7 +300,7 @@ internal func _precondition(
       _assertionFailure("Fatal error", message, file: file, line: line,
         flags: _fatalErrorFlags())
     }
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     let error = !condition()
     Builtin.condfail_message(error._value, message.unsafeRawPointer)
   }
@@ -441,7 +441,7 @@ internal func _precondition(
       _assertionFailure("Fatal error", message, file: file, line: line,
         flags: _fatalErrorFlags())
     }
-  } else if _isReleaseAssertConfiguration() {
+  } else if _isReleaseAssertConfiguration() || _isReleaseAssertWithBoundsSafetyConfiguration() {
     let error = (!condition() && _isExecutableLinkedOnOrAfter(version))
     Builtin.condfail_message(error._value, message.unsafeRawPointer)
   }
diff --git a/stdlib/public/core/AssertCommon.swift b/stdlib/public/core/AssertCommon.swift
@@ -26,6 +26,7 @@ func _isDebugAssertConfiguration() -> Bool {
   // 0: Debug
   // 1: Release
   // 2: Fast
+  // 3: Release w/ UnsafePointerBoundsSafety
   return Int32(Builtin.assert_configuration()) == 0
 }
 
@@ -36,16 +37,30 @@ func _isReleaseAssertConfiguration() -> Bool {
   // 0: Debug
   // 1: Release
   // 2: Fast
+  // 3: Release w/ UnsafePointerBoundsSafety
   return Int32(Builtin.assert_configuration()) == 1
 }
 
+@_transparent
+@_alwaysEmitIntoClient
+public // @testable, used in _Concurrency executor preconditions
+func _isReleaseAssertWithBoundsSafetyConfiguration() -> Bool {
+  // The values for the assert_configuration call are:
+  // 0: Debug
+  // 1: Release
+  // 2: Fast
+  // 3: Release w/ UnsafePointerBoundsSafety
+  return Int32(Builtin.assert_configuration()) == 3
+}
+
 @_transparent
 public // @testable
 func _isFastAssertConfiguration() -> Bool {
   // The values for the assert_configuration call are:
   // 0: Debug
   // 1: Release
   // 2: Fast
+  // 3: Release w/ UnsafePointerBoundsSafety
   return Int32(Builtin.assert_configuration()) == 2
 }
 
diff --git a/test/SILGen/conditionally_unreachable.swift b/test/SILGen/conditionally_unreachable.swift
@@ -3,6 +3,7 @@
 // RUN: %target-swift-emit-sil -O -assert-config Debug -parse-stdlib -primary-file %s | %FileCheck -check-prefix=DEBUG %s
 // RUN: %target-swift-emit-sil -assert-config Release -parse-stdlib -primary-file %s | %FileCheck -check-prefix=RELEASE %s
 // RUN: %target-swift-emit-sil -O -assert-config Release -parse-stdlib -primary-file %s | %FileCheck -check-prefix=RELEASE %s
+// RUN: %target-swift-emit-sil -assert-config ReleaseWithBoundsSafety -parse-stdlib -primary-file %s | %FileCheck -check-prefix=RELWITHBOUNDSSAFETY %s
 
 import Swift
 
@@ -35,3 +36,26 @@ func condUnreachable() {
 // RELEASE-NOT:     return
 // RELEASE-NOT:     builtin
 // RELEASE:         {{ unreachable}}
+
+
+@_silgen_name("bar") func bar()
+
+// RELEASE-LABEL: sil hidden @$s25conditionally_unreachable14doBoundsChecksyyF : $@convention(thin) () -> ()
+// RELEASE-NOT:     cond_br
+// RELEASE-NOT:     function_ref @bar
+// RELEASE-NOT:     return
+// RELEASE-NOT:     builtin
+// RELEASE: unreachable
+
+// RELWITHBOUNDSSAFETY-LABEL: sil hidden @$s25conditionally_unreachable14doBoundsChecksyyF : $@convention(thin) () -> ()
+// RELWITHBOUNDSSAFETY-NOT: cond_br
+// RELWITHBOUNDSSAFETY-NOT: builtin
+// RELWITHBOUNDSSAFETY: function_ref @bar : $@convention(thin) () -> ()
+// RELWITHBOUNDSSAFETY: return
+func doBoundsChecks() {
+  if Int32(Builtin.assert_configuration()) == 3 {
+    bar()
+  } else {
+    Builtin.conditionallyUnreachable()
+  }
+}

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,8 @@ extension DistributedActor {`
`47`	`47`	`_ message: @autoclosure () -> String = String(),`
`48`	`48`	`file: StaticString = #fileID, line: UInt = #line`
`49`	`49`	`) {`
`50`		`- guard _isDebugAssertConfiguration() \|\| _isReleaseAssertConfiguration() else {`
	`50`	`+ guard _isDebugAssertConfiguration() \|\| _isReleaseAssertConfiguration() \|\|`
	`51`	`+ _isReleaseAssertWithBoundsSafetyConfiguration() else {`
`51`	`52`	`return`
`52`	`53`	`}`
`53`	`54`