formula_cellar_checks: check for cpuid instruction when needed

This implements the second audit discussed in #11608.

Library/Homebrew/extend/os/mac/keg.rb

@@ -19,4 +19,10 @@ class Keg
     GENERIC_MUST_BE_WRITABLE_DIRECTORIES +
     [HOMEBREW_PREFIX/"Frameworks"]
   ).sort.uniq.freeze
+
+  undef binary_executable_or_library_files
+
+  def binary_executable_or_library_files
+    mach_o_files
+  end
 end

Library/Homebrew/formula_cellar_checks.rb

@@ -284,6 +284,39 @@ module FormulaCellarChecks
     "Service command does not exist" unless File.exist?(formula.service.command.first)
   end
 
+  def check_cpuid_instruction(formula)
+    return unless formula.prefix.directory?
+    # TODO: add methods to `utils/ast` to allow checking for method use
+    return unless formula.path.read.include? "ENV.runtime_cpu_detection"
+    # Checking for `cpuid` only makes sense on Intel:
+    # https://en.wikipedia.org/wiki/CPUID
+    return unless Hardware::CPU.intel?
+
+    # macOS `objdump` is a bit slow, so we prioritise llvm's `llvm-objdump` (~5.7x faster)
+    # or binutils' `objdump` (~1.8x faster) if they are installed.
+    objdump   = Formula["llvm"].opt_bin/"llvm-objdump" if Formula["llvm"].any_version_installed?
+    objdump ||= Formula["binutils"].opt_bin/"objdump" if Formula["binutils"].any_version_installed?
+    objdump ||= which("objdump")
+    objdump ||= which("objdump", ENV["HOMEBREW_PATH"])
+    objdump ||= begin
+      # If the system provides no `objdump`, install binutils instead of llvm since
+      # binutils is smaller and has fewer dependencies.
+      ohai "Installing `binutils` for `cpuid` instruction check..."
+      safe_system HOMEBREW_BREW_FILE, "install", "binutils"
+      Formula["binutils"].opt_bin/"objdump"
+    end
+
+    keg = Keg.new(formula.prefix)
+    has_cpuid_instruction = false
+    keg.binary_executable_or_library_files.each do |file|
+      has_cpuid_instruction = cpuid_instruction?(file, objdump)
+      break if has_cpuid_instruction
+    end
+    return if has_cpuid_instruction
+
+    "No `cpuid` instruction detected. #{formula} should not use `ENV.runtime_cpu_detection`."
+  end
+
   def audit_installed
     @new_formula ||= false
 
@@ -303,6 +336,7 @@ module FormulaCellarChecks
     problem_if_output(check_shim_references(formula.prefix))
     problem_if_output(check_plist(formula.prefix, formula.plist))
     problem_if_output(check_python_symlinks(formula.name, formula.keg_only?))
+    problem_if_output(check_cpuid_instruction(formula))
   end
   alias generic_audit_installed audit_installed
 
@@ -311,6 +345,18 @@ module FormulaCellarChecks
   def relative_glob(dir, pattern)
     File.directory?(dir) ? Dir.chdir(dir) { Dir[pattern] } : []
   end
+
+  def cpuid_instruction?(file, objdump = "objdump")
+    has_cpuid_instruction = false
+    Utils.popen_read(objdump, "--disassemble", file) do |io|
+      until io.eof?
+        has_cpuid_instruction = io.readline.include? "cpuid"
+        break if has_cpuid_instruction
+      end
+    end
+
+    has_cpuid_instruction
+  end
 end
 
 require "extend/os/formula_cellar_checks"

Library/Homebrew/keg.rb

@@ -525,6 +525,10 @@ class Keg
     find { |pn| FileUtils.rm_rf pn if pn.basename.to_s == "__pycache__" }
   end
 
+  def binary_executable_or_library_files
+    elf_files
+  end
+
   private
 
   def resolve_any_conflicts(dst, dry_run: false, verbose: false, overwrite: false)