Fix bad jumptable block ref when DCE removes a block.

When a block is unreachable, the `unreachable_code` pass will remove it, which is perfectly sensible. Jump tables factor into unreachability in an expected way: even if a block is listed in a jump table, the block might be unreachable if the jump table itself is unused (or used in an unreachable block). Unfortunately, the verifier still expects all block refs in all jump tables to be valid, even after DCE, which will not always be the case. This makes a simple change to the pass: after removing blocks, it scans jump tables. Any jump table that refers to an unreachable block must itself be unused, and so we just clear its entries. We do not bother removing it (and renumbering all later jumptables), and we do not bother computing full unused-ness of all jumptables, as that would be more expensive; it's sufficient to clear out the ones that refer to unreachable blocks, which are a subset of all unused jumptables. Fixes #2670.
2021-02-23 15:01:01 -08:00
parent 98d3e6823f
commit 48d542d67c
3 changed files with 39 additions and 0 deletions
--- a/cranelift/codegen/src/unreachable_code.rs
+++ b/cranelift/codegen/src/unreachable_code.rs
@@ -43,4 +43,17 @@ pub fn eliminate_unreachable_code(
        // Finally, remove the block from the layout.
        pos.func.layout.remove_block(block);
    }
+
+    // Remove all jumptable block-list contents that refer to unreachable
+    // blocks; the jumptable itself must have been unused (or used only in an
+    // unreachable block) if so. Note that we are not necessarily removing *all*
+    // unused jumptables, because that would require computing their
+    // reachability as well; we are just removing enough to clean up references
+    // to deleted blocks.
+    for jt_data in func.jump_tables.values_mut() {
+        let invalid_ref = jt_data.iter().any(|block| !domtree.is_reachable(*block));
+        if invalid_ref {
+            jt_data.clear();
+        }
+    }
 }