[vm/compiler] avoid literal null is non-nullable
Rationale:
Having a literal null checked by CheckNull with
a subsequent Redefinition resulted in some strange
unboxing that crashed AOT (fix courtesy Slava!).
Note that we still have some ambiguity around
adding/removing environments from instructions
that may deoptimize, but this change fixes all
prior related DartFuzz failures.
https://github.com/dart-lang/sdk/issues/35335
Change-Id: Ifb50d8cddf93e57758b2bbb83ad397ea281e9307
Reviewed-on: https://dart-review.googlesource.com/c/87280
Reviewed-by: Vyacheslav Egorov <vegorov@google.com>
Commit-Queue: Aart Bik <ajcbik@google.com>
diff --git a/runtime/vm/compiler/backend/type_propagator.cc b/runtime/vm/compiler/backend/type_propagator.cc
index c587626..791cba0 100644
--- a/runtime/vm/compiler/backend/type_propagator.cc
+++ b/runtime/vm/compiler/backend/type_propagator.cc
@@ -283,7 +283,7 @@
void FlowGraphTypePropagator::VisitCheckNull(CheckNullInstr* check) {
Definition* receiver = check->value()->definition();
CompileType* type = TypeOf(receiver);
- if (type->is_nullable()) {
+ if (type->is_nullable() && !type->IsNull()) {
// Insert redefinition for the receiver to guard against invalid
// code motion.
EnsureMoreAccurateRedefinition(check, receiver, type->CopyNonNullable());
@@ -305,7 +305,7 @@
if (target.IsNull()) {
// If the selector is not defined on Null, we can propagate non-nullness.
CompileType* type = TypeOf(receiver);
- if (type->is_nullable()) {
+ if (type->is_nullable() && !type->IsNull()) {
// Insert redefinition for the receiver to guard against invalid
// code motion.
EnsureMoreAccurateRedefinition(call, receiver, type->CopyNonNullable());