Handle complex local addresses in block morphing

SingleAccretion · SingleAccretion · commit 51fd539b6f19 · 2022-01-13T17:56:55.000+03:00
In block morphing, "addrSpill" is used when the destination or source
represent indirections of "complex" addresses. Unfortunately, some trees
in the form of "IND(ADDR(LCL))" fall into this category.

If such an "ADDR(LCL)" is used as an "addrSpill", the underlying local
*must* be marked as address-exposed. Block morphing was using a very
simplistic test for when that needs to happen, essentially only recognizing
"ADDR(LCL_VAR/FLD)". But it is possible to have a more complicated pattern
as "PrepareDst/Src" uses "IsLocalAddrExpr" to recognize indirect stores
to locals.

Currently it appears impossible to get a mismatch here as morph transforms
"IND(ADD(ADDR(LCL_VAR), OFFSET))" into "LCL_FLD" (including for TYP_STRUCT
indirections), but this is a very fragile invariant. Transforming TYP_STRUCT
GT_FIELDs into GT_OBJs instead of GT_INDs breaks it, for example.

Fix this by address-exposing the local obtained via "IsLocalAddrExpr".
diff --git a/src/coreclr/jit/morphblock.cpp b/src/coreclr/jit/morphblock.cpp
@@ -1048,9 +1048,9 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
 {
     GenTreeOp* asgFields = nullptr;
 
-    GenTree* addrSpill            = nullptr;
-    unsigned addrSpillTemp        = BAD_VAR_NUM;
-    bool     addrSpillIsStackDest = false; // true if 'addrSpill' represents the address in our local stack frame
+    GenTree* addrSpill          = nullptr;
+    unsigned addrSpillSrcLclNum = BAD_VAR_NUM;
+    unsigned addrSpillTemp      = BAD_VAR_NUM;
 
     GenTree* addrSpillAsg = nullptr;
 
@@ -1095,7 +1095,8 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
                     // We will spill m_srcAddr (i.e. assign to a temp "BlockOp address local")
                     // no need to clone a new copy as it is only used once
                     //
-                    addrSpill = m_srcAddr; // addrSpill represents the 'm_srcAddr'
+                    addrSpill          = m_srcAddr; // addrSpill represents the 'm_srcAddr'
+                    addrSpillSrcLclNum = m_srcLclNum;
                 }
             }
         }
@@ -1144,28 +1145,13 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
                     // We will spill m_dstAddr (i.e. assign to a temp "BlockOp address local")
                     // no need to clone a new copy as it is only used once
                     //
-                    addrSpill = m_dstAddr; // addrSpill represents the 'm_dstAddr'
+                    addrSpill          = m_dstAddr; // addrSpill represents the 'm_dstAddr'
+                    addrSpillSrcLclNum = m_dstLclNum;
                 }
             }
         }
     }
 
-    // TODO-CQ: this should be based on a more general
-    // "BaseAddress" method, that handles fields of structs, before or after
-    // morphing.
-    if ((addrSpill != nullptr) && addrSpill->OperIs(GT_ADDR))
-    {
-        GenTree* addrSpillOp = addrSpill->AsOp()->gtGetOp1();
-        if (addrSpillOp->IsLocal())
-        {
-            // We will *not* consider this to define the local, but rather have each individual field assign
-            // be a definition.
-            addrSpillOp->gtFlags &= ~(GTF_LIVENESS_MASK);
-            addrSpillIsStackDest = true; // addrSpill represents the address of LclVar[varNum] in our
-                                         // local stack frame
-        }
-    }
-
     if (addrSpill != nullptr)
     {
         // 'addrSpill' is already morphed
@@ -1178,8 +1164,9 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
 
         addrSpillDsc->lvType = TYP_BYREF;
 
-        if (addrSpillIsStackDest)
+        if (addrSpillSrcLclNum != BAD_VAR_NUM)
         {
+            // addrSpill represents the address of LclVar[varNum] in our local stack frame.
             addrSpillDsc->lvStackByref = true;
         }
 
@@ -1193,23 +1180,16 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
         // that we don't delete the definition for this LclVar
         // as a dead store later on.
         //
-        if (addrSpill->OperGet() == GT_ADDR)
+        if (addrSpillSrcLclNum != BAD_VAR_NUM)
         {
-            GenTree* addrOp = addrSpill->AsOp()->gtOp1;
-            if (addrOp->IsLocal())
-            {
-                unsigned lclVarNum = addrOp->AsLclVarCommon()->GetLclNum();
-                m_comp->lvaGetDesc(lclVarNum)->SetAddressExposed(true DEBUGARG(AddressExposedReason::COPY_FLD_BY_FLD));
-                m_comp->lvaSetVarDoNotEnregister(lclVarNum DEBUGARG(DoNotEnregisterReason::AddrExposed));
-            }
+            m_comp->lvaSetVarAddrExposed(addrSpillSrcLclNum DEBUGARG(AddressExposedReason::COPY_FLD_BY_FLD));
         }
     }
 
     // We may have allocated a temp above, and that may have caused the lvaTable to be expanded.
     // So, beyond this point we cannot rely on the old values of 'm_srcVarDsc' and 'm_dstVarDsc'.
     for (unsigned i = 0; i < fieldCnt; ++i)
     {
-
         GenTree* dstFld;
         if (m_dstDoFldAsg)
         {

Original file line number	Diff line number	Diff line change
`@@ -1048,9 +1048,9 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()`
`1048`	`1048`	`{`
`1049`	`1049`	`GenTreeOp* asgFields = nullptr;`
`1050`	`1050`
`1051`		`- GenTree* addrSpill = nullptr;`
`1052`		`- unsigned addrSpillTemp = BAD_VAR_NUM;`
`1053`		`- bool addrSpillIsStackDest = false; // true if 'addrSpill' represents the address in our local stack frame`
	`1051`	`+ GenTree* addrSpill = nullptr;`
	`1052`	`+ unsigned addrSpillSrcLclNum = BAD_VAR_NUM;`
	`1053`	`+ unsigned addrSpillTemp = BAD_VAR_NUM;`
`1054`	`1054`
`1055`	`1055`	`GenTree* addrSpillAsg = nullptr;`
`1056`	`1056`
`@@ -1095,7 +1095,8 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()`
`1095`	`1095`	`// We will spill m_srcAddr (i.e. assign to a temp "BlockOp address local")`
`1096`	`1096`	`// no need to clone a new copy as it is only used once`
`1097`	`1097`	`//`
`1098`		`- addrSpill = m_srcAddr; // addrSpill represents the 'm_srcAddr'`
	`1098`	`+ addrSpill = m_srcAddr; // addrSpill represents the 'm_srcAddr'`
	`1099`	`+ addrSpillSrcLclNum = m_srcLclNum;`
`1099`	`1100`	`}`
`1100`	`1101`	`}`
`1101`	`1102`	`}`
`@@ -1144,28 +1145,13 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()`
`1144`	`1145`	`// We will spill m_dstAddr (i.e. assign to a temp "BlockOp address local")`
`1145`	`1146`	`// no need to clone a new copy as it is only used once`
`1146`	`1147`	`//`
`1147`		`- addrSpill = m_dstAddr; // addrSpill represents the 'm_dstAddr'`
	`1148`	`+ addrSpill = m_dstAddr; // addrSpill represents the 'm_dstAddr'`
	`1149`	`+ addrSpillSrcLclNum = m_dstLclNum;`
`1148`	`1150`	`}`
`1149`	`1151`	`}`
`1150`	`1152`	`}`
`1151`	`1153`	`}`
`1152`	`1154`
`1153`		`- // TODO-CQ: this should be based on a more general`
`1154`		`- // "BaseAddress" method, that handles fields of structs, before or after`
`1155`		`- // morphing.`
`1156`		`- if ((addrSpill != nullptr) && addrSpill->OperIs(GT_ADDR))`
`1157`		`- {`
`1158`		`- GenTree* addrSpillOp = addrSpill->AsOp()->gtGetOp1();`
`1159`		`- if (addrSpillOp->IsLocal())`
`1160`		`- {`
`1161`		`- // We will not consider this to define the local, but rather have each individual field assign`
`1162`		`- // be a definition.`
`1163`		`- addrSpillOp->gtFlags &= ~(GTF_LIVENESS_MASK);`
`1164`		`- addrSpillIsStackDest = true; // addrSpill represents the address of LclVar[varNum] in our`
`1165`		`- // local stack frame`
`1166`		`- }`
`1167`		`- }`
`1168`		`-`
`1169`	`1155`	`if (addrSpill != nullptr)`
`1170`	`1156`	`{`
`1171`	`1157`	`// 'addrSpill' is already morphed`
`@@ -1178,8 +1164,9 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()`
`1178`	`1164`
`1179`	`1165`	`addrSpillDsc->lvType = TYP_BYREF;`
`1180`	`1166`
`1181`		`- if (addrSpillIsStackDest)`
	`1167`	`+ if (addrSpillSrcLclNum != BAD_VAR_NUM)`
`1182`	`1168`	`{`
	`1169`	`+ // addrSpill represents the address of LclVar[varNum] in our local stack frame.`
`1183`	`1170`	`addrSpillDsc->lvStackByref = true;`
`1184`	`1171`	`}`
`1185`	`1172`
`@@ -1193,23 +1180,16 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()`
`1193`	`1180`	`// that we don't delete the definition for this LclVar`
`1194`	`1181`	`// as a dead store later on.`
`1195`	`1182`	`//`
`1196`		`- if (addrSpill->OperGet() == GT_ADDR)`
	`1183`	`+ if (addrSpillSrcLclNum != BAD_VAR_NUM)`
`1197`	`1184`	`{`
`1198`		`- GenTree* addrOp = addrSpill->AsOp()->gtOp1;`
`1199`		`- if (addrOp->IsLocal())`
`1200`		`- {`
`1201`		`- unsigned lclVarNum = addrOp->AsLclVarCommon()->GetLclNum();`
`1202`		`- m_comp->lvaGetDesc(lclVarNum)->SetAddressExposed(true DEBUGARG(AddressExposedReason::COPY_FLD_BY_FLD));`
`1203`		`- m_comp->lvaSetVarDoNotEnregister(lclVarNum DEBUGARG(DoNotEnregisterReason::AddrExposed));`
`1204`		`- }`
	`1185`	`+ m_comp->lvaSetVarAddrExposed(addrSpillSrcLclNum DEBUGARG(AddressExposedReason::COPY_FLD_BY_FLD));`
`1205`	`1186`	`}`
`1206`	`1187`	`}`
`1207`	`1188`
`1208`	`1189`	`// We may have allocated a temp above, and that may have caused the lvaTable to be expanded.`
`1209`	`1190`	`// So, beyond this point we cannot rely on the old values of 'm_srcVarDsc' and 'm_dstVarDsc'.`
`1210`	`1191`	`for (unsigned i = 0; i < fieldCnt; ++i)`
`1211`	`1192`	`{`
`1212`		`-`
`1213`	`1193`	`GenTree* dstFld;`
`1214`	`1194`	`if (m_dstDoFldAsg)`
`1215`	`1195`	`{`