88// See https://swift.org/LICENSE.txt for license information
99// See https://swift.org/CONTRIBUTORS.txt for the list of Swift project authors
1010//
11- // These utilities live in SIL/ so they be used by SIL verification.
12- //
11+ // ===----------------------------------------------------------------------===//
12+ // /
13+ // / These utilities model formal memory access locations as marked by
14+ // / begin_access and end_access instructions. The formal memory locations
15+ // / identified here must be consistent with language rules for exclusity
16+ // / enforcement. This is not meant to be a utility to reason about other general
17+ // / properties of SIL memory operations such as reference count identity,
18+ // / ownership, or aliasing. Code that queries the properties of arbitrary memory
19+ // / operations independent of begin_access instructions should use a different
20+ // / interface.
21+ // /
22+ // / SIL memory addresses used for formal access need to meet special
23+ // / requirements. In particular, it must be possible to identifiy the storage by
24+ // / following the pointer's provenance. This is *not* true for SIL memory
25+ // / operations in general. The utilities cannot simply bailout on unrecognized
26+ // / patterns. Doing so would lead to undefined program behavior, which isn't
27+ // / something that can be directly tested (i.e. if this breaks, we won't see
28+ // / test failures).
29+ // /
30+ // / These utilities are mainly meant to be used by AccessEnforcement passes,
31+ // / which optimize exclusivity enforcement. They live in SIL so they can be used
32+ // / by SIL verification.
33+ // /
1334// ===----------------------------------------------------------------------===//
1435
1536#ifndef SWIFT_SIL_MEMACCESSUTILS_H
@@ -31,6 +52,23 @@ inline bool accessKindMayConflict(SILAccessKind a, SILAccessKind b) {
3152
3253// / Represents the identity of a storage object being accessed.
3354// /
55+ // / AccessedStorage is carefully designed to solve three problems:
56+ // /
57+ // / 1. Full specification and verification of SIL's model for exclusive
58+ // / formal memory access, as enforced by "access markers". It is not a
59+ // / model to encompass all SIL memory operations.
60+ // /
61+ // / 2. A bitwise comparable encoding and hash key to identify each location
62+ // / being formally accessed. Any two accesses of uniquely identified storage
63+ // / must have the same key if they access the same storage and distinct keys
64+ // / if they access distinct storage. Accesses to non-uniquely identified
65+ // / storage should ideally have the same key if they may point to the same
66+ // / storage.
67+ // /
68+ // / 3. Complete identification of all class or global accesses. Failing to
69+ // / identify a class or global access will introduce undefined program
70+ // / behavior which can't be tested.
71+ // /
3472// / AccessedStorage may be one of several kinds of "identified" storage
3573// / objects, or may be valid, but Unidentified storage. An identified object
3674// / is known to identify the base of the accessed storage, whether that is a
@@ -220,7 +258,8 @@ class AccessedStorage {
220258 // / Return true if the given storage objects have identical storage locations.
221259 // /
222260 // / This compares only the AccessedStorage base class bits, ignoring the
223- // / subclass bits. It is used for hash lookup equality.
261+ // / subclass bits. It is used for hash lookup equality, so it should not
262+ // / perform any additional lookups or dereference memory outside itself.
224263 bool hasIdenticalBase (const AccessedStorage &other) const {
225264 if (getKind () != other.getKind ())
226265 return false ;
0 commit comments