JIT: local morph ref counting does not handle GT_JMP

[jakobbotsch]

GT_JMP has implicit uses of all arguments that local morph needs to count. For example, the following program should print 5678 but prints 1234 instead because of it (repros in .NET 6 and 7):

using InlineIL;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;

class Program
{
    static void Main(string[] args)
    {
        Foo(new S16 { A = 5678 });
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Foo(S16 s)
    {
        Modify(s);
        IL.Emit.Jmp(new MethodRef(typeof(Program), nameof(Bar)));
        throw IL.Unreachable();
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Modify(S16 s)
    {
        s.A = 1234;
        Consume(s);
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Consume(S16 s)
    {
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Bar(S16 s)
    {
        Console.WriteLine(s.A);
    }

    private struct S16
    {
        public int A, B, C, D;
    }
}

We omit creating a copy for an implicit byref because we think that's the only use in the method.

[jakobbotsch]

Similarly the following program prints 1234 but should print 5678, this time due to an incorrect forward sub:

using InlineIL;
using System;
using System.Runtime.CompilerServices;

class Program
{
    static void Main(string[] args)
    {
        Foo(1234);
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Foo(int a)
    {
        a = 5678;
        Consume(a);
        IL.Emit.Jmp(new MethodRef(typeof(Program), nameof(Bar)));
        throw IL.Unreachable();
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Consume(int a)
    {
    }

    [MethodImpl(MethodImplOptions.NoInlining)]
    private static void Bar(int a)
    {
        Console.WriteLine(a);
    }
}