[interp] inlining a wrapper with a MINT_LDSTR_TOKEN instruction aborts

[lambdageek]

If the runtime creates a wrapper whose entire body is just mono_mb_emit_exception_full(mb, "System", "NotImplementedException", "some case in this wrapper is unimplemented") then the interpreter will emit an MINT_LDSTR_TOKEN instruction for the const char* msg argument.

If this wrapper is then inlined into its caller, we end up here:

runtime/src/mono/mono/mini/interp/interp.c

Lines 5580 to 5587 in eabea90

	MonoMethod *method = frame->imethod->method;
	if (method->wrapper_type == MONO_WRAPPER_DYNAMIC_METHOD) {
	s = (MonoString*)mono_method_get_wrapper_data (method, strtoken);
	} else if (method->wrapper_type != MONO_WRAPPER_NONE) {
	// FIXME push/pop LMF
	s = mono_string_new_wrapper_internal ((const char*)mono_method_get_wrapper_data (method, strtoken));
	} else {
	g_assert_not_reached ();

Normally, if the wrapper is not inlined MonoMethod *method = frame->imethod->method will be the wrapper, and we end up in the method->wrapper_type != MONO_WRAPPER_NONE case.

But if the wrapper is inlined we end up in the else g_assert_not_reached() case and crash.

Found in an early iteration of #88626

Tagging subscribers to this area: @BrzVlad, @kotlarmilos
See info in area-owners.md if you want to be subscribed.

Issue Details

---

If the runtime creates a wrapper whose entire body is just mono_mb_emit_exception_full(mb, "System", "NotImplementedException", "some case in this wrapper is unimplemented") then the interpreter will emit an MINT_LDSTR_TOKEN instruction for the const char* msg argument.

If this wrapper is then inlined into its caller, we end up here:

runtime/src/mono/mono/mini/interp/interp.c

Lines 5580 to 5587 in eabea90

	MonoMethod *method = frame->imethod->method;
	if (method->wrapper_type == MONO_WRAPPER_DYNAMIC_METHOD) {
	s = (MonoString*)mono_method_get_wrapper_data (method, strtoken);
	} else if (method->wrapper_type != MONO_WRAPPER_NONE) {
	// FIXME push/pop LMF
	s = mono_string_new_wrapper_internal ((const char*)mono_method_get_wrapper_data (method, strtoken));
	} else {
	g_assert_not_reached ();

Normally, if the wrapper is not inlined MonoMethod *method = frame->imethod->method will be the wrapper, and we end up in the method->wrapper_type != MONO_WRAPPER_NONE case.

But if the wrapper is inlined we end up in the else g_assert_not_reached() case and crash.

Found in an early iteration of #88626

Author:	lambdageek
Assignees:	-
Labels:	area-Codegen-Interpreter-mono
Milestone:	-

[lambdageek]

/cc @BrzVlad

[lambdageek]

Actually it might not have anythign to do with inlining.

It has to do with the fact that imethod->method is always the wrapped method, not the wrapper

runtime/src/mono/mono/mini/interp/transform.c

Lines 11404 to 11419 in 14e8b82

	method = nm;
	header = interp_method_get_header (nm, error);
	return_if_nok (error);
	}
	if (!header) {
	header = mono_method_get_header_checked (method, error);
	return_if_nok (error);
	}
	/* Make modifications to a copy of imethod, copy them back inside the lock */
	real_imethod = imethod;
	memcpy (&tmp_imethod, imethod, sizeof (InterpMethod));
	imethod = &tmp_imethod;
	MONO_TIME_TRACK (mono_interp_stats.transform_time, generate (method, header, imethod, generic_context, error));

Here even if we do method = nm we haven't modified imethod->method. so even if we replaced some method by a wrapper, at execution time in interp.c we're not going to see that.

so if any of those wrappers used MINT_LDSTR_TOKEN they would have the same problem.

[BrzVlad]

I'm pretty sure, in general, for wrapper methods imethod->method points to a wrapper MonoMethod. What exactly is the repro for this issue ?