[Mono-dev] Issue with inlining in the JIT

[Michael Mudge]

I'm running into an access violation in Mono... I've traced the
"cause" as far back as I can (mono_method_to_ir), but that function is
so full of macros and switches that it's hard to figure out how it
came to make the decision it did.  Here is the story of how the access
violation occurs:

ins->sreg1 is being set to 0xA365734 in method-to-ir.c, line 5928
(call to EMIT_NEW_ARGLOAD call in the CEE_LDARG_3 case of
mono_method_to_ir).

The call stack at this point is:
mono_method_to_ir                  (working on Size::.ctor)
.. called by inline_method()       (working on Size::.ctor)
.. called by mono_method_to_ir()   (working on Rectangle::get_Size)
.. called by inline_method()       (working on Rectangle::get_Size)
.. called by mono_method_to_ir()   (working on
TextRenderer::MeasureTextInternal)
.. called by mini_method_compile() (working on
TextRenderer::MeasureTextInternal)
..

Later, in local-propagation.c, line 77 (at the call to
mono_inst_get_src_registers in mono_local_cprop), the ins->sreg1 value
is moved to sregs[0]:
 num_sregs = mono_inst_get_src_registers (ins, sregs);

Two lines later, the value is moved to sreg:
 int sreg = sregs [i];

Two lines later, that value (0xA365734) is used to index into an array:
 defs [sreg] = NULL;

And boom, access violation.  I can follow values around all day, but I
have no idea what this code is supposed to do or how it should work.
Anyone have any insight the cause of this?  The next steps in terms of
debugging?  I'm using Mono 2.8.2.

- Kipp