From 8d3a08457292d027070920e4fb3244445a142a3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=8D=9C=E9=83=A8=E6=98=8C=E5=B9=B3?=
 <shyouhei@ruby-lang.org>
Date: Tue, 14 Jul 2020 13:15:06 +0900
Subject: [PATCH] _mjit_compile_invokebuiltin: sp_inc can be negative

Was my bad to assume sp_inc was positive.  Real criteria is the
calculated sp is non-negative.  We have to assert that.
---
 tool/ruby_vm/views/_mjit_compile_invokebuiltin.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tool/ruby_vm/views/_mjit_compile_invokebuiltin.erb b/tool/ruby_vm/views/_mjit_compile_invokebuiltin.erb
index 29a21b17de..9a9e53af40 100644
--- a/tool/ruby_vm/views/_mjit_compile_invokebuiltin.erb
+++ b/tool/ruby_vm/views/_mjit_compile_invokebuiltin.erb
@@ -11,7 +11,7 @@
 % end
         rb_snum_t sp_inc = <%= insn.call_attribute('sp_inc') %>;
         unsigned sp = b->stack_size + (unsigned)sp_inc;
-        VM_ASSERT(sp_inc >= 0);
+        VM_ASSERT(b->stack_size > -sp_inc);
         VM_ASSERT(sp_inc < UINT_MAX - b->stack_size);
 
         if (bf->compiler) {