Field seq for a LclFld always should be correct.

Author: Sergey

src/coreclr/jit/compiler.h

@@ -10266,7 +10266,7 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
         {
             // Create a CompAllocator that labels sub-structure with CMK_FieldSeqStore, and use that for allocation.
             CompAllocator ialloc(getAllocator(CMK_FieldSeqStore));
-            compRoot->m_fieldSeqStore = new (ialloc) FieldSeqStore(ialloc);
+            compRoot->m_fieldSeqStore = new (ialloc) FieldSeqStore(compRoot, ialloc);
         }
         return compRoot->m_fieldSeqStore;
     }

src/coreclr/jit/gentree.cpp

@@ -18758,7 +18758,8 @@ void GenTree::LabelIndex(Compiler* comp, bool isConst)
 FieldSeqNode FieldSeqStore::s_notAField(nullptr, nullptr);
 
 // FieldSeqStore methods.
-FieldSeqStore::FieldSeqStore(CompAllocator alloc) : m_alloc(alloc), m_canonMap(new (alloc) FieldSeqNodeCanonMap(alloc))
+FieldSeqStore::FieldSeqStore(Compiler* comp, CompAllocator alloc)
+    : m_compiler(comp), m_alloc(alloc), m_canonMap(new (alloc) FieldSeqNodeCanonMap(alloc))
 {
 }
 
@@ -18809,6 +18810,8 @@ FieldSeqNode* FieldSeqStore::Append(FieldSeqNode* a, FieldSeqNode* b)
         // We should never add a duplicate FieldSeqNode
         assert(a != b);
 
+        bool lastA = (a->m_next == nullptr);
+
         FieldSeqNode* tmp = Append(a->m_next, b);
         FieldSeqNode  fsn(a->m_fieldHnd, tmp);
         FieldSeqNode* res = nullptr;
@@ -18818,6 +18821,12 @@ FieldSeqNode* FieldSeqStore::Append(FieldSeqNode* a, FieldSeqNode* b)
         }
         else
         {
+            if (lastA && !a->IsPseudoField())
+            {
+                CORINFO_CLASS_HANDLE nextStructHnd;
+                m_compiler->info.compCompHnd->getFieldType(a->m_fieldHnd, &nextStructHnd);
+                tmp->CheckFldBelongsToCls(m_compiler, nextStructHnd);
+            }
             res  = m_alloc.allocate<FieldSeqNode>(1);
             *res = fsn;
             m_canonMap->Set(fsn, res);
@@ -18850,6 +18859,36 @@ bool FieldSeqNode::IsPseudoField() const
     return m_fieldHnd == FieldSeqStore::FirstElemPseudoField || m_fieldHnd == FieldSeqStore::ConstantIndexPseudoField;
 }
 
+//------------------------------------------------------------------------
+// CheckFldBelongsToCls: Check that the field sequences belongs to the class.
+//
+// Arguments:
+//    comp - a compiler instance;
+//    clsHnd - the class handle.
+//
+// Return Value:
+//    True if the field sequence describe a correct field accesses of the class.
+//
+bool FieldSeqNode::CheckFldBelongsToCls(Compiler* comp, CORINFO_CLASS_HANDLE clsHnd) const
+{
+    if (this == FieldSeqStore::NotAField())
+    {
+        return false;
+    }
+    if (clsHnd == NO_CLASS_HANDLE)
+    {
+        return false;
+    }
+    CORINFO_CLASS_HANDLE realClsHnd = comp->info.compCompHnd->getFieldClass(m_fieldHnd);
+    if (realClsHnd != clsHnd)
+    {
+        return false;
+    }
+
+    // The rest of FieldSeq should be already checked when it was created.
+    return true;
+}
+
 #ifdef FEATURE_SIMD
 GenTreeSIMD* Compiler::gtNewSIMDNode(
     var_types type, GenTree* op1, SIMDIntrinsicID simdIntrinsicID, var_types baseType, unsigned size)
@@ -19654,6 +19693,19 @@ uint16_t GenTreeLclVarCommon::GetLclOffs() const
     }
 }
 
+void GenTreeLclFld::SetFieldSeq(FieldSeqNode* fieldSeq)
+{
+#if defined(DEBUG)
+    if (fieldSeq != FieldSeqStore::NotAField())
+    {
+        Compiler*        comp   = JitTls::GetCompiler();
+        const LclVarDsc* varDsc = comp->lvaGetDesc(GetLclNum());
+        assert(fieldSeq->CheckFldBelongsToCls(comp, varDsc->GetStructHnd()));
+    }
+#endif // DEBUG
+    m_fieldSeq = fieldSeq;
+}
+
 #ifdef TARGET_ARM
 //------------------------------------------------------------------------
 // IsOffsetMisaligned: check if the field needs a special handling on arm.

src/coreclr/jit/gentree.h

@@ -266,6 +266,8 @@ struct FieldSeqNode
         return tail;
     }
 
+    bool CheckFldBelongsToCls(Compiler* comp, CORINFO_CLASS_HANDLE clsHnd) const;
+
     // Make sure this provides methods that allow it to be used as a KeyFuncs type in SimplerHash.
     static int GetHashCode(FieldSeqNode fsn)
     {
@@ -284,6 +286,7 @@ class FieldSeqStore
 {
     typedef JitHashTable<FieldSeqNode, /*KeyFuncs*/ FieldSeqNode, FieldSeqNode*> FieldSeqNodeCanonMap;
 
+    Compiler*             m_compiler;
     CompAllocator         m_alloc;
     FieldSeqNodeCanonMap* m_canonMap;
 
@@ -294,7 +297,7 @@ class FieldSeqStore
     static int ConstantIndexPseudoFieldStruct;
 
 public:
-    FieldSeqStore(CompAllocator alloc);
+    FieldSeqStore(Compiler* comp, CompAllocator alloc);
 
     // Returns the (canonical in the store) singleton field sequence for the given handle.
     FieldSeqNode* CreateSingleton(CORINFO_FIELD_HANDLE fieldHnd);
@@ -3433,10 +3436,7 @@ struct GenTreeLclFld : public GenTreeLclVarCommon
         return m_fieldSeq;
     }
 
-    void SetFieldSeq(FieldSeqNode* fieldSeq)
-    {
-        m_fieldSeq = fieldSeq;
-    }
+    void SetFieldSeq(FieldSeqNode* fieldSeq);
 
 #ifdef TARGET_ARM
     bool IsOffsetMisaligned() const;

src/coreclr/jit/lclmorph.cpp

@@ -863,7 +863,14 @@ class LocalAddressVisitor final : public GenTreeVisitor<LocalAddressVisitor>
             addr->ChangeOper(GT_LCL_FLD_ADDR);
             addr->AsLclFld()->SetLclNum(val.LclNum());
             addr->AsLclFld()->SetLclOffs(val.Offset());
-            addr->AsLclFld()->SetFieldSeq(val.FieldSeq());
+            if (varTypeIsStruct(varDsc) && val.FieldSeq()->CheckFldBelongsToCls(m_compiler, varDsc->GetStructHnd()))
+            {
+                addr->AsLclFld()->SetFieldSeq(val.FieldSeq());
+            }
+            else
+            {
+                addr->AsLclFld()->SetFieldSeq(FieldSeqStore::NotAField());
+            }
         }
         else
         {
@@ -1032,6 +1039,10 @@ class LocalAddressVisitor final : public GenTreeVisitor<LocalAddressVisitor>
             indir->ChangeOper(GT_LCL_FLD);
             indir->AsLclFld()->SetLclNum(val.LclNum());
             indir->AsLclFld()->SetLclOffs(val.Offset());
+            if (fieldSeq != nullptr && !fieldSeq->CheckFldBelongsToCls(m_compiler, varDsc->GetStructHnd()))
+            {
+                fieldSeq = nullptr;
+            }
             indir->AsLclFld()->SetFieldSeq(fieldSeq == nullptr ? FieldSeqStore::NotAField() : fieldSeq);
 
             // Promoted struct vars aren't currently handled here so the created LCL_FLD can't be

src/coreclr/jit/morph.cpp

@@ -11591,38 +11591,39 @@ GenTree* Compiler::fgMorphCopyBlock(GenTree* tree)
                 }
                 else
                 {
+                    GenTree* dstFldAddr;
                     if (addrSpill)
                     {
                         assert(addrSpillTemp != BAD_VAR_NUM);
-                        dstFld = gtNewLclvNode(addrSpillTemp, TYP_BYREF);
+                        dstFldAddr = gtNewLclvNode(addrSpillTemp, TYP_BYREF);
                     }
                     else
                     {
                         if (i == 0)
                         {
                             // Use the orginal destAddr tree when i == 0
-                            dstFld = destAddr;
+                            dstFldAddr = destAddr;
                         }
                         else
                         {
                             // We can't clone multiple copies of a tree with persistent side effects
                             noway_assert((destAddr->gtFlags & GTF_PERSISTENT_SIDE_EFFECTS) == 0);
 
-                            dstFld = gtCloneExpr(destAddr);
-                            noway_assert(dstFld != nullptr);
+                            dstFldAddr = gtCloneExpr(destAddr);
+                            noway_assert(dstFldAddr != nullptr);
 
-                            JITDUMP("dstFld - Multiple Fields Clone created:\n");
-                            DISPTREE(dstFld);
+                            JITDUMP("dstFldAddr - Multiple Fields Clone created:\n");
+                            DISPTREE(dstFldAddr);
 
                             // Morph the newly created tree
-                            dstFld = fgMorphTree(dstFld);
+                            dstFldAddr = fgMorphTree(dstFldAddr);
                         }
 
                         // Is the address of a local?
                         GenTreeLclVarCommon* lclVarTree = nullptr;
                         bool                 isEntire   = false;
                         bool*                pIsEntire  = (blockWidthIsConst ? &isEntire : nullptr);
-                        if (dstFld->DefinesLocalAddr(this, blockWidth, &lclVarTree, pIsEntire))
+                        if (dstFldAddr->DefinesLocalAddr(this, blockWidth, &lclVarTree, pIsEntire))
                         {
                             lclVarTree->gtFlags |= GTF_VAR_DEF;
                             if (!isEntire)
@@ -11636,33 +11637,44 @@ GenTree* Compiler::fgMorphCopyBlock(GenTree* tree)
                     unsigned   srcFieldLclNum = srcVarDsc->lvFieldLclStart + i;
                     LclVarDsc* srcFieldVarDsc = lvaGetDesc(srcFieldLclNum);
 
-                    // Have to set the field sequence -- which means we need the field handle.
-                    CORINFO_CLASS_HANDLE classHnd = srcVarDsc->GetStructHnd();
-                    CORINFO_FIELD_HANDLE fieldHnd =
-                        info.compCompHnd->getFieldInClass(classHnd, srcFieldVarDsc->lvFldOrdinal);
-                    FieldSeqNode* curFieldSeq = GetFieldSeqStore()->CreateSingleton(fieldHnd);
+                    CORINFO_CLASS_HANDLE srcClassHnd = srcVarDsc->GetStructHnd();
+                    CORINFO_CLASS_HANDLE dstClassHnd = gtGetStructHandleIfPresent(dest);
+
+                    FieldSeqNode* curFieldSeq;
+
+                    if (srcClassHnd == dstClassHnd)
+                    {
+                        CORINFO_FIELD_HANDLE fieldHnd =
+                            info.compCompHnd->getFieldInClass(dstClassHnd, srcFieldVarDsc->lvFldOrdinal);
+                        curFieldSeq = GetFieldSeqStore()->CreateSingleton(fieldHnd);
+                    }
+                    else
+                    {
+                        // source field handle won't match an actual field in the dst.
+                        curFieldSeq = FieldSeqStore::NotAField();
+                    }
 
                     unsigned srcFieldOffset = lvaGetDesc(srcFieldLclNum)->lvFldOffset;
 
                     if (srcFieldOffset == 0)
                     {
-                        fgAddFieldSeqForZeroOffset(dstFld, curFieldSeq);
+                        fgAddFieldSeqForZeroOffset(dstFldAddr, curFieldSeq);
                     }
                     else
                     {
                         GenTree* fieldOffsetNode = gtNewIconNode(srcFieldVarDsc->lvFldOffset, curFieldSeq);
-                        dstFld                   = gtNewOperNode(GT_ADD, TYP_BYREF, dstFld, fieldOffsetNode);
+                        dstFldAddr               = gtNewOperNode(GT_ADD, TYP_BYREF, dstFldAddr, fieldOffsetNode);
                     }
 
-                    dstFld = gtNewIndir(srcFieldVarDsc->TypeGet(), dstFld);
+                    dstFld = gtNewIndir(srcFieldVarDsc->TypeGet(), dstFldAddr);
 
                     // !!! The destination could be on stack. !!!
                     // This flag will let us choose the correct write barrier.
                     dstFld->gtFlags |= GTF_IND_TGTANYWHERE;
                 }
             }
 
-            GenTree* srcFld;
+            GenTree* srcFld = DUMMY_INIT(NULL);
             if (srcDoFldAsg)
             {
                 noway_assert(srcLclNum != BAD_VAR_NUM);
@@ -11688,39 +11700,53 @@ GenTree* Compiler::fgMorphCopyBlock(GenTree* tree)
                 }
                 else
                 {
+                    GenTree* srcFldAddr = nullptr;
                     if (addrSpill)
                     {
                         assert(addrSpillTemp != BAD_VAR_NUM);
-                        srcFld = gtNewLclvNode(addrSpillTemp, TYP_BYREF);
+                        srcFldAddr = gtNewLclvNode(addrSpillTemp, TYP_BYREF);
                     }
                     else
                     {
                         if (i == 0)
                         {
                             // Use the orginal srcAddr tree when i == 0
-                            srcFld = srcAddr;
+                            srcFldAddr = srcAddr;
                         }
                         else
                         {
                             // We can't clone multiple copies of a tree with persistent side effects
                             noway_assert((srcAddr->gtFlags & GTF_PERSISTENT_SIDE_EFFECTS) == 0);
 
-                            srcFld = gtCloneExpr(srcAddr);
-                            noway_assert(srcFld != nullptr);
+                            srcFldAddr = gtCloneExpr(srcAddr);
+                            noway_assert(srcFldAddr != nullptr);
 
                             JITDUMP("srcFld - Multiple Fields Clone created:\n");
-                            DISPTREE(srcFld);
+                            DISPTREE(srcFldAddr);
 
                             // Morph the newly created tree
-                            srcFld = fgMorphTree(srcFld);
+                            srcFldAddr = fgMorphTree(srcFldAddr);
                         }
                     }
 
-                    CORINFO_CLASS_HANDLE classHnd = lvaTable[destLclNum].GetStructHnd();
-                    CORINFO_FIELD_HANDLE fieldHnd =
-                        info.compCompHnd->getFieldInClass(classHnd, lvaTable[dstFieldLclNum].lvFldOrdinal);
-                    FieldSeqNode* curFieldSeq = GetFieldSeqStore()->CreateSingleton(fieldHnd);
-                    var_types     destType    = lvaGetDesc(dstFieldLclNum)->lvType;
+                    CORINFO_CLASS_HANDLE dstClassHnd = lvaTable[destLclNum].GetStructHnd();
+                    CORINFO_CLASS_HANDLE srcClassHnd = gtGetStructHandleIfPresent(src);
+
+                    FieldSeqNode* curFieldSeq;
+
+                    if (srcClassHnd == dstClassHnd)
+                    {
+                        CORINFO_FIELD_HANDLE fieldHnd =
+                            info.compCompHnd->getFieldInClass(dstClassHnd, lvaTable[dstFieldLclNum].lvFldOrdinal);
+                        curFieldSeq = GetFieldSeqStore()->CreateSingleton(fieldHnd);
+                    }
+                    else
+                    {
+                        // source field handle won't match an actual field in the dst.
+                        curFieldSeq = FieldSeqStore::NotAField();
+                    }
+
+                    var_types destType = lvaGetDesc(dstFieldLclNum)->lvType;
 
                     bool done = false;
                     if (lvaGetDesc(dstFieldLclNum)->lvFldOffset == 0)
@@ -11740,7 +11766,7 @@ GenTree* Compiler::fgMorphCopyBlock(GenTree* tree)
                                 srcLclVarTree->gtFlags |= GTF_VAR_CAST;
                                 srcLclVarTree->ChangeOper(GT_LCL_FLD);
                                 srcLclVarTree->gtType = destType;
-                                srcLclVarTree->AsLclFld()->SetFieldSeq(curFieldSeq);
+                                srcLclVarTree->AsLclFld()->SetFieldSeq(FieldSeqStore::NotAField());
                                 srcFld = srcLclVarTree;
                                 done   = true;
                             }
@@ -11751,14 +11777,14 @@ GenTree* Compiler::fgMorphCopyBlock(GenTree* tree)
                         unsigned fldOffset = lvaGetDesc(dstFieldLclNum)->lvFldOffset;
                         if (fldOffset == 0)
                         {
-                            fgAddFieldSeqForZeroOffset(srcFld, curFieldSeq);
+                            fgAddFieldSeqForZeroOffset(srcFldAddr, curFieldSeq);
                         }
                         else
                         {
                             GenTreeIntCon* fldOffsetNode = gtNewIconNode(fldOffset, curFieldSeq);
-                            srcFld                       = gtNewOperNode(GT_ADD, TYP_BYREF, srcFld, fldOffsetNode);
+                            srcFldAddr                   = gtNewOperNode(GT_ADD, TYP_BYREF, srcFldAddr, fldOffsetNode);
                         }
-                        srcFld = gtNewIndir(destType, srcFld);
+                        srcFld = gtNewIndir(destType, srcFldAddr);
                     }
                 }
             }
@@ -14604,19 +14630,29 @@ GenTree* Compiler::fgMorphSmpOp(GenTree* tree, MorphAddrContext* mac)
                         lclFld = temp->AsLclFld();
                         lclFld->SetLclOffs(static_cast<unsigned>(ival1));
 
+                        FieldSeqNode* newFldSeq;
+
                         if (lclFld->GetFieldSeq() == FieldSeqStore::NotAField())
                         {
                             if (fieldSeq != nullptr)
                             {
-                                // If it does represent a field, note that.
-                                lclFld->SetFieldSeq(fieldSeq);
+                                newFldSeq = fieldSeq;
+                            }
+                            else
+                            {
+                                newFldSeq = FieldSeqStore::NotAField();
                             }
                         }
                         else
                         {
-                            // Append 'fieldSeq' to the existing one
-                            lclFld->SetFieldSeq(GetFieldSeqStore()->Append(lclFld->GetFieldSeq(), fieldSeq));
+                            newFldSeq = GetFieldSeqStore()->Append(lclFld->GetFieldSeq(), fieldSeq);
+                        }
+                        const LclVarDsc* varDsc = lvaGetDesc(lclFld);
+                        if (!varTypeIsStruct(varDsc) || !newFldSeq->CheckFldBelongsToCls(this, varDsc->GetStructHnd()))
+                        {
+                            newFldSeq = FieldSeqStore::NotAField();
                         }
+                        lclFld->SetFieldSeq(newFldSeq);
                     }
                     temp->gtType      = tree->gtType;
                     foldAndReturnTemp = true;