From 6a61e530190fddb16b459008c9621d6d880cd920 Mon Sep 17 00:00:00 2001
From: Ryan Macnak <rmacnak@google.com>
Date: Tue, 29 Oct 2024 19:53:11 +0000
Subject: [PATCH] [vm, compiler] Don't introduce spurious connections to check
 bounds instructions during LICM.

TEST=dartfuzz
Bug: https://github.com/dart-lang/sdk/issues/56947
Change-Id: Icf593c246f226dd9d8d8b6b055122f8b567be35e
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/391682
Reviewed-by: Alexander Markov <alexmarkov@google.com>
Commit-Queue: Ryan Macnak <rmacnak@google.com>
---
 runtime/tests/vm/dart/regress_56947_test.dart | 25 +++++++++++++++++++
 runtime/vm/compiler/backend/flow_graph.cc     |  3 ++-
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 runtime/tests/vm/dart/regress_56947_test.dart

diff --git a/runtime/tests/vm/dart/regress_56947_test.dart b/runtime/tests/vm/dart/regress_56947_test.dart
new file mode 100644
index 000000000000..75b9b5cc72d2
--- /dev/null
+++ b/runtime/tests/vm/dart/regress_56947_test.dart
@@ -0,0 +1,25 @@
+// Copyright (c) 2024, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+// The Dart Project Fuzz Tester (1.101).
+// Program generated as:
+//   dart dartfuzz.dart --seed 466727405 --no-fp --no-ffi --flat
+// @dart=2.14
+
+import 'dart:typed_data';
+
+Int16List var11 = Int16List(33);
+List<bool> var79 = <bool>[true, false];
+Map<int, bool> var109 = <int, bool>{-74: true, -72: false, 34: true};
+
+main() {
+  try {
+    if (var79[-9223372034707292160]) {
+      switch ((var109[var11[-9223372034707292160]]! ? 100 : 200) <<
+          (~9223372034707292159)) {}
+    }
+  } catch (e, st) {
+    print("foo throws");
+  }
+}
diff --git a/runtime/vm/compiler/backend/flow_graph.cc b/runtime/vm/compiler/backend/flow_graph.cc
index 5a7b15d9f307..ea4e2bcce2b2 100644
--- a/runtime/vm/compiler/backend/flow_graph.cc
+++ b/runtime/vm/compiler/backend/flow_graph.cc
@@ -2678,7 +2678,8 @@ void FlowGraph::RenameUsesDominatedByRedefinitions() {
       Definition* definition = instr_it.Current()->AsDefinition();
       // CheckArrayBound instructions have their own mechanism for ensuring
       // proper dependencies, so we don't rewrite those here.
-      if (definition != nullptr && !definition->IsCheckArrayBound()) {
+      if (definition != nullptr && !definition->IsCheckArrayBound() &&
+          !definition->IsGenericCheckBound()) {
         Value* redefined = definition->RedefinedValue();
         if (redefined != nullptr) {
           if (!definition->HasSSATemp()) {