SILOptimzer: correct a case of UB

compnerd · compnerd · commit 8f55cc60e53c · 2022-12-11T18:25:00.000-08:00
The current `UpdatingInstructionIteratorRegistry` referenced `this` in
the member initializer list.  As per class.cdtor 11.9.5p1, this is UB as
for any class with a non-trivial constructor, referencing the base class
of the object before the constructor begins execution is not permitted.
We attempted to capture `this` in the lambda that was used to initialise
the member.  This was being exploited by the MSVC compiler resulting in
incorrect execution of the instruction deleter.
diff --git a/include/swift/SILOptimizer/Utils/UpdatingInstructionIterator.h b/include/swift/SILOptimizer/Utils/UpdatingInstructionIterator.h
@@ -177,24 +177,24 @@ class UpdatingInstructionIteratorRegistry {
 
 
 public:
-  UpdatingInstructionIteratorRegistry() :
-    callbacks(InstModCallbacks()
+  UpdatingInstructionIteratorRegistry() {
+    callbacks = std::move(InstModCallbacks()
                     .onDelete([this](SILInstruction *toDelete) {
                       notifyDelete(toDelete);
                       toDelete->eraseFromParent();
                     })
                     .onCreateNewInst(
                         [this](SILInstruction *newlyCreatedInst) {
                           notifyNew(newlyCreatedInst);
-                        }))
-  {}
+                        }));
+  }
 
   UpdatingInstructionIteratorRegistry(InstModCallbacks &&chainedCallbacks) :
     // Copy the two std::functions that we need. The rest of the callbacks are
     // copied implicitly by assignment.
     chainedDelete(std::move(chainedCallbacks.deleteInstFunc)),
-    chainedNew(std::move(chainedCallbacks.createdNewInstFunc)),
-    callbacks(std::move(chainedCallbacks
+    chainedNew(std::move(chainedCallbacks.createdNewInstFunc)) {
+    callbacks = std::move(chainedCallbacks
                     .onDelete([this](SILInstruction *toDelete) {
                       notifyDelete(toDelete);
                       if (chainedDelete) {
@@ -209,8 +209,8 @@ class UpdatingInstructionIteratorRegistry {
                           if (chainedNew) {
                             chainedNew(newlyCreatedInst);
                           }
-                        })))
-  {}
+                        }));
+  }
 
   // The callbacks capture 'this'. So copying is invalid.
   UpdatingInstructionIteratorRegistry(
diff --git a/lib/SILOptimizer/IPO/GlobalOpt.cpp b/lib/SILOptimizer/IPO/GlobalOpt.cpp
@@ -401,6 +401,7 @@ replaceLoadsByKnownValue(SILFunction *InitF, SILGlobalVariable *SILG,
     // Remove all instructions which are dead now.
     InstructionDeleter deleter;
     deleter.recursivelyDeleteUsersIfDead(initCall);
+
     if (initCall->use_empty()) {
       // The call to the addressor is dead as well and can be removed.
       auto *callee = dyn_cast<FunctionRefInst>(initCall->getCallee());
