YJIT: Fix panic from overly loose filtering in identity method inlining

Credits to @rwstauner for noticing this issue in rubyGH-15533.

Author: XrXr

bootstraptest/test_yjit.rb

@@ -5528,3 +5528,18 @@ def jit_caller = test_body("session_id")
   alias some_method binding # induce environment escape
   test_body(:symbol)
 }
+
+# regression test for missing check in identity method inlining
+assert_normal_exit %q{
+  # Use dead code (if false) to create a local
+  # without initialization instructions.
+  def foo(a)
+    if false
+      x = nil
+    end
+    x
+  end
+  def test = foo(1)
+  test
+  test
+}

yjit/src/codegen.rs

@@ -7455,6 +7455,12 @@ fn iseq_get_return_value(iseq: IseqPtr, captured_opnd: Option<Opnd>, block: Opti
             let ep_offset = unsafe { *rb_iseq_pc_at_idx(iseq, 1) }.as_u32();
             let local_idx = ep_offset_to_local_idx(iseq, ep_offset);
 
+            // Only inline getlocal on a parameter. DCE in the IESQ builder can
+            // make a two-instruction ISEQ that does not return a parameter.
+            if local_idx >= unsafe { get_iseq_body_param_size(iseq) } {
+                return None;
+            }
+
             if unsafe { rb_simple_iseq_p(iseq) } {
                 return Some(IseqReturn::LocalVariable(local_idx));
             } else if unsafe { rb_iseq_only_kwparam_p(iseq) } {