Loop representation, EH, and dominators, on x86

[BruceForstall]

Noticed in #84216, there is a weird case where the JIT loop table contains an EH handler that is marked as the loop exit, but isn't reachable or dominated by the loop entry. This should probably be prevented, for simplicity.

One case looks like the following:

***************  Natural loop table
L00, from BB02 to BB04 (Head=BB01, Entry=BB02, Exit=BB03) call

--- blocks:

BB02 [0002]  2  0    BB01,BB04            1472. 5888  0 [00F..01E)-> BB04 (always) T0      try { }     keep i try Loop hascall gcsafe idxlen bwd IBC
BB03 [0003]  1     0                       0       0  0 [01E..021)-> BB05 (always)    H0   catch { }   keep i rare hascall bwd IBC
BB04 [0004]  1       BB02                  0       0  0 [021..02F)-> BB02 (always)                     i rare hascall gcsafe bwd bwd-src IBC

So, we've got an infinite loop where the "loop exit" is a branch from the "catch". Note that on x86 the handlers haven't been moved to funclets. BB03, the handler, has no predecessors in our graph, so is a dominator "root". Walking up from this exit will obviously not reach the loop entry.

This seems very strange. Perhaps we should disallow handler branches to be considered as a loop exit? Perhaps we should verify and assert that a loop entry dominates all its exits?

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch, @kunalspathak
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Noticed in #84216, there is a weird case where the JIT loop table contains an EH handler that is marked as the loop exit, but isn't reachable or dominated by the loop entry. This should probably be prevented, for simplicity.

One case looks like the following:

***************  Natural loop table
L00, from BB02 to BB04 (Head=BB01, Entry=BB02, Exit=BB03) call

--- blocks:

BB02 [0002]  2  0    BB01,BB04            1472. 5888  0 [00F..01E)-> BB04 (always) T0      try { }     keep i try Loop hascall gcsafe idxlen bwd IBC
BB03 [0003]  1     0                       0       0  0 [01E..021)-> BB05 (always)    H0   catch { }   keep i rare hascall bwd IBC
BB04 [0004]  1       BB02                  0       0  0 [021..02F)-> BB02 (always)                     i rare hascall gcsafe bwd bwd-src IBC

So, we've got an infinite loop where the "loop exit" is a branch from the "catch". Note that on x86 the handlers haven't been moved to funclets. BB03, the handler, has no predecessors in our graph, so is a dominator "root". Walking up from this exit will obviously not reach the loop entry.

This seems very strange. Perhaps we should disallow handler branches to be considered as a loop exit? Perhaps we should verify and assert that a loop entry dominates all its exits?

Author:	BruceForstall
Assignees:	BruceForstall
Labels:	area-CodeGen-coreclr
Milestone:	Future

[BruceForstall]

This was fixed by #84458