JIT creates unnecessary shadow copies.

[sandreenko]

The vulnerable params are determined in

runtime/src/coreclr/src/jit/gschecks.cpp

Line 285 in 1c498fe

bool Compiler::gsFindVulnerableParams()

and it misses some simple cases, like
GT_ADD byref should clear isUnderIndir, so we don't mark LCL_VAR like:

               [000882] *---G+------                 +--*  IND       int   
               [001462] -----+------                 |  \--*  ADD       byref 
               [000881] -----+------                 |     +--*  LCL_VAR   byref  V112 tmp78       
               [001461] -----+------                 |     \--*  CNS_INT   long   8 field offset Fseq[_length]

as a pointer.

The CALL case sets isUnderIndir for gtCallThisArg, but doesn't clear it for other arguments, it might have been unintentional.

runtime/src/coreclr/src/jit/gschecks.cpp

Line 195 in 1c498fe

newState.isUnderIndir = true;

etc.

There are like ~280 methods with GS checks in SPC (out of 28000, so ~1%) and we create ~200 extra variables for them, so it is not a big issue, but easy to fix if we see them in hot methods.

category:cq
theme:stack-allocation
skill-level:intermediate
cost:small

The main difficulty of this issue is understanding of GS checks and the fact that they are "optional", meaning that if we delete too many tests won't catch it, so we need to be careful.

cc @BruceForstall