Avoid dropping call edge due to identical invoke edge

The intermediate data structure here (used for edge de-duplication) was accidentally recording `invoke` edges as if they were `call` edges. This bug is _very_ frequently benign, but if there are identical call and invoke edges in the edge list and the invoke edge is scanned first, the call edge will be unsoundly dropped, leading to invalidation (JuliaLang#265) bugs.
topolarity · Jan 17, 2025 · 0bc1330 · 0bc1330
1 parent 0aa7b95
commit 0bc1330
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/staticdata_utils.c b/src/staticdata_utils.c
@@ -507,7 +507,8 @@ static void jl_collect_edges(jl_array_t *edges, jl_array_t *ext_targets, jl_arra
             // (invokeTypes, c) => invoke
             // (nullptr, invokeTypes) => missing call
             // (invokeTypes, nullptr) => missing invoke (unused--inferred as Any)
-            void *target = ptrhash_get(&edges_map2, invokeTypes ? (void*)invokeTypes : (void*)callee);
+            void *key = invokeTypes ? (void*)invokeTypes : (void*)callee;
+            void *target = ptrhash_get(&edges_map2, key);
             if (target == HT_NOTFOUND) {
                 size_t min_valid = 0;
                 size_t max_valid = ~(size_t)0;
@@ -551,7 +552,7 @@ static void jl_collect_edges(jl_array_t *edges, jl_array_t *ext_targets, jl_arra
                 jl_array_ptr_1d_push(ext_targets, callee);
                 jl_array_ptr_1d_push(ext_targets, matches);
                 target = (void*)((char*)HT_NOTFOUND + jl_array_nrows(ext_targets) / 3);
-                ptrhash_put(&edges_map2, (void*)callee, target);
+                ptrhash_put(&edges_map2, key, target);
             }
             idxs[++nt] = (char*)target - (char*)HT_NOTFOUND - 1;
         }