projects / platform / upstream / coreclr.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b285e42) | patch
JIT: fix overly aggressive type propagation from returns (#21316)
authorAndy Ayers <andya@microsoft.com>
Mon, 3 Dec 2018 18:46:52 +0000 (10:46 -0800)
committerGitHub <noreply@github.com>
Mon, 3 Dec 2018 18:46:52 +0000 (10:46 -0800)
commit562ae44982171945f85a1134a6ef9d24989e8882
tree22001aa605a805f8044eea00e677ff7c4de8f7bftree | snapshot
parentb285e42989730fc6c2a75478ede4348f18bc93b3commit | diff
JIT: fix overly aggressive type propagation from returns (#21316)

For quite a while now the jit has been propagating return types from
callees to the return spill temp. However this is only safe when the
callee has a single return site (or all return sites return the same
type).

Because return spill temps often end up getting assigned to still more
temps we haven't seen this overly aggressive type propgagation lead to
bugs, but now that we're tracking single def temps and doing more type
propagation during the late devirtualization callback, the fact that
these types are wrong has been exposed and can lead to incorrect
devirtualization.

The fix is to only consider the return spill temp as single def if the
callee has a single return site, and to check that the return spill temp
is single def before trying to propagate the type.

Fixes #21295.
src/jit/compiler.cpp diff | blob | history
src/jit/flowgraph.cpp diff | blob | history
src/jit/lclvars.cpp diff | blob | history
tests/src/JIT/Regression/JitBlue/GitHub_21295/GitHub_21295.cs [new file with mode: 0644] blob
tests/src/JIT/Regression/JitBlue/GitHub_21295/GitHub_21295.csproj [new file with mode: 0644] blob