Fix R2R GC ref map mismatch for unboxing stubs#129829
Draft
jtschuster wants to merge 1 commit into
Draft
Conversation
crossgen2 optimizes MethodEntry fixups into a compact MethodEntry_DefToken/ _RefToken form that emits only a token. This compact form cannot carry the READYTORUN_METHOD_SIG_UnboxingStub signature flag, so for an unboxing stub the emitted import cell lost its unboxing-ness. The GC ref map node, however, reads the same signature's IsUnboxingStub (== _method.Unboxing) and correctly emits a full GC ref (R) for the boxed object reference. At load time the runtime decoded the flagless token as a non-unboxing entry and computed an interior pointer (I), producing the checked-build assert: GC ref map mismatch detected for method: System.Int32::ToString This reproduces with a box + tail. callvirt Object::ToString() (test JIT/Regression/JitBlue/DevDiv_754566) when compiled in a Large Version Bubble, where System.Private.CoreLib is in the version bubble and the compact-token optimization applies to the cross-assembly call. Exclude unboxing stubs from the compact-token optimization (mirroring the existing !IsInstantiatingStub exclusion) so they use the full method signature, which preserves the UnboxingStub flag. The common, non-unboxing case is unaffected and still uses the compact form. Fixes dotnet#129778 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
jtschuster
added
area-ReadyToRun
and removed
area-crossgen2-coreclr
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adjusts crossgen2 ReadyToRun fixup signature emission so MethodEntry fixups for unboxing stubs don’t take the “compact token-only” encoding path, ensuring method signature flags (notably the unboxing-stub flag) are preserved and the runtime/import interpretation stays consistent.
Changes:
- Extend the compact
MethodEntrytoken-only optimization guard to exclude unboxing stubs (&& !_method.Unboxing). - Clarify the nearby comment to document why instantiating/unboxing stubs must use the full method signature encoding.
Member
Author
|
/azp run runtime-coreclr crossgen2-composite |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #129778
Problem
A checked/debug build hits the assert
when a boxed value type is dispatched through an unboxing stub in a ReadyToRun image compiled in a Large Version Bubble. The repro is
box int; tail. callvirt System.Object::ToString()(testJIT/Regression/JitBlue/DevDiv_754566), which only asserts whenSystem.Private.CoreLibis in the version bubble.Root cause
In
MethodFixupSignature.GetData, crossgen2 optimizesMethodEntryfixups on primary, non-instantiating, non-constrained methods into a compactMethodEntry_DefToken/MethodEntry_RefTokenform that emits only a token. That compact form has no flag bits, so it cannot carryREADYTORUN_METHOD_SIG_UnboxingStub.For an unboxing stub this produces an inconsistency:
IsUnboxingStub(== _method.Unboxing == true) and emits a full GC ref (R) for the boxed object reference.R != I→ the GC ref map check asserts. The interior result is also the unsafe one — calling the non-unboxing entry with a full object reference would be incorrect — so crossgen2'sRis the correct value and the dropped flag is the bug.The existing guard already excluded instantiating stubs (
!IsInstantiatingStub) for exactly this reason but did not exclude unboxing stubs.Fix
Add
&& !_method.Unboxingto the compact-token optimization guard so unboxing stubs fall through to the fullEmitMethodSignaturepath, which writes theUnboxingStubflag. The common, non-unboxing case is unchanged and still uses the compact token form (no size/perf regression).Validation
crossgen2 --inputbubble(exit 134); without LVB the bug is latent and the test passes.=== PASSED ===.R2RDumpconfirms theInt32.ToString()import cell now carries[UNBOX] ... (METHOD_ENTRY), while ordinary calls (Program.Test,String.Concat,Console.WriteLine) still use the compactMETHOD_ENTRY_DEF_TOKEN/METHOD_ENTRY_REF_TOKENform.Note
This PR description was drafted with GitHub Copilot.