Summary
The coroutinize pass produces IR that fails verifyModule:
- The .resume/.destroy clones of a coroutinized
operator newinherit the caller'sallocsize(N)attribute, but the clone's signature no longer matches it → verifier error. - SSA dominance violations in the coroutinized output.
We had to work around BOTH to link the self-hosted clang:
-disable-verifyon the llvm-split output partitions + astripInvalidAllocSizepass;- an env-gated skip of clang's IR-input verifier (the release compiler tolerates the IR that the input-verify rejects). These are workarounds, not fixes — the pass should emit verifier-valid IR.
Reproduce (no artifact needed)
Coroutinize any C++ module that uses operator new (allocsize-attributed), then run
verifyModule / opt -verify on the output — the .resume/.destroy clones carry the stale allocsize.
(The self-hosted clang link hit both; a small C++ program should show the allocsize one.)
Suggested fix
When cloning a coroutinized function, drop or rewrite attributes that no longer apply to the clone's
signature — in particular strip allocsize from the .resume/.destroy clones (our workaround
stripInvalidAllocSize does exactly this). And resolve the dominance violations so the pass emits
verifier-valid IR without needing -disable-verify downstream.
Proposed fix targets brintos/hwjs-cc only — no distro submodule pins moved. All distros share one
lineage, so pin bumps are coordinated on merge, not per-engineer.