ifConversion can hoist invalid managed references.

[EgorBo]

We shouldn't speculatively hoist potentially invalid byrefs as those may lead to GC crashes.

byte Problem(ref byte x, int len)
{
    ref byte t = ref (len == 0 ? 
        ref Unsafe.NullRef<byte>() : 
        ref Unsafe.Add(ref x, 100));
    return t;
}

Codegen:

; Method Benchmarks:Problem(byref,int):byte:this (FullOpts)
G_M23671_IG01:        ; bbWeight=1, gcrefRegs=0000 {}, byrefRegs=0000 {}, byref, nogc
G_M23671_IG02:        ; bbWeight=1, gcrefRegs=0000 {}, byrefRegs=0004 {rdx}, byref
                            ; byrRegs +[rdx]
       xor      rax, rax
                            ; byrRegs +[rax]
       add      rdx, 100
       test     r8d, r8d
       cmovne   rax, rdx
       movzx    rax, byte  ptr [rax]
                            ; byrRegs -[rax]
G_M23671_IG03:        ; bbWeight=1, epilog, nogc, extend
       ret      
; Total bytes of code: 17

[dotnet-policy-service]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.