JIT: Don't allow retyping of casts containing a memory load (#114602)

* don't allow retyping of casts containing a memory load

* fix NRE in test

---------

Co-authored-by: Jan Kotas <[email protected]>

Author: saucecontrol

src/coreclr/jit/lowerxarch.cpp

@@ -4150,7 +4150,8 @@ GenTree* Lowering::LowerHWIntrinsicCreate(GenTreeHWIntrinsic* node)
                     // The most likely case is that op1 is a cast from int/long to the base type:
                     // *  CAST      int <- short <- int/long
                     // If the base type is signed, that cast will be sign-extending, but we need zero extension,
-                    // so we can simply retype the cast to the unsigned type of the same size.
+                    // so we may be able to simply retype the cast to the unsigned type of the same size.
+                    // This is valid only if the cast is not checking overflow and is not containing a load.
                     //
                     // It's also possible we have a memory load of the base type:
                     // *  IND       short
@@ -4163,7 +4164,7 @@ GenTree* Lowering::LowerHWIntrinsicCreate(GenTreeHWIntrinsic* node)
 
                     var_types unsignedType = varTypeToUnsigned(simdBaseType);
 
-                    if (op1->OperIs(GT_CAST) && !op1->gtOverflow() &&
+                    if (op1->OperIs(GT_CAST) && !op1->gtOverflow() && !op1->AsCast()->CastOp()->isContained() &&
                         (genTypeSize(op1->CastToType()) == genTypeSize(simdBaseType)))
                     {
                         op1->AsCast()->gtCastType = unsignedType;

src/tests/JIT/Regression/JitBlue/Runtime_114573/Runtime_114573.cs

@@ -0,0 +1,37 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+// Generated by Fuzzlyn v2.5 on 2025-04-11 20:04:48
+// Run on X64 Windows
+// Seed: 177501341222670481-vectort,vector128,vector256,x86aes,x86avx,x86avx2,x86avx512bw,x86avx512bwvl,x86avx512cd,x86avx512cdvl,x86avx512dq,x86avx512dqvl,x86avx512f,x86avx512fvl,x86avx512fx64,x86bmi1,x86bmi1x64,x86bmi2,x86bmi2x64,x86fma,x86lzcnt,x86lzcntx64,x86pclmulqdq,x86popcnt,x86popcntx64,x86sse,x86ssex64,x86sse2,x86sse2x64,x86sse3,x86sse41,x86sse41x64,x86sse42,x86sse42x64,x86ssse3,x86x86base
+// Reduced from 73.5 KiB to 0.6 KiB in 00:02:02
+// Hits JIT assert in Release:
+// Assertion failed 'varTypeIsUnsigned(srcLoadType) || (genTypeSize(srcLoadType) >= genTypeSize(castType))' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Generate code' (IL size 35; hash 0xade6b36b; FullOpts)
+using System;
+using System.Runtime.Intrinsics;
+using System.Runtime.Intrinsics.X86;
+using Xunit;
+
+public class Runtime_114573
+{
+    public static IRuntime s_rt = new Runtime();
+    public static sbyte s_1;
+
+    [Fact]
+    public static void Problem()
+    {
+        var vr1 = (short)(65535 & s_1);
+        Vector128<short> vr2 = Vector128.CreateScalar(vr1);
+        s_rt.WriteLine(vr2);
+    }
+}
+
+public interface IRuntime
+{
+    void WriteLine<T>(T value);
+}
+
+public class Runtime : IRuntime
+{
+    public void WriteLine<T>(T value) => System.Console.WriteLine(value);
+}

src/tests/JIT/Regression/JitBlue/Runtime_114573/Runtime_114573.csproj

@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <Optimize>True</Optimize>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="$(MSBuildProjectName).cs" />
+  </ItemGroup>
+</Project>