Skip to content

Fix interpreter NULL_CHECK for pointers #122245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
janvorli wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix interpreter NULL_CHECK for pointers #122245

janvorli wants to merge 1 commit into from
+18 −17

Conversation

@janvorli
Copy link
Member

@janvorli janvorli commented Dec 5, 2025

The NULL_CHECK was checking strictly for NULL, but in some cases, we should be checking for values that are close to null. For example, some interop tests fail because various LDIND variants get pointer that is e.g. 2 or other low value.

@janvorli
Fix interpreter NULL_CHECK for pointers
aebb513 
The NULL_CHECK was checking strictly for NULL, but in some cases, we should be
checking for values that are close to null. For example, some interop tests
fail because various LDIND variants get pointer that is e.g. 2 or other low
value.
@janvorli janvorli added this to the 11.0.0 milestone Dec 5, 2025
@janvorli janvorli self-assigned this Dec 5, 2025
@janvorli janvorli requested review from BrzVlad and kg as code owners December 5, 2025 22:14
Copilot AI review requested due to automatic review settings December 5, 2025 22:14
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Dec 5, 2025

Tagging subscribers to this area: @BrzVlad, @janvorli, @kg
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes the interpreter's null pointer checking to handle low pointer values (near-null pointers) correctly. The interpreter was checking strictly for NULL (0), but interop tests were failing when operations like LDIND received pointers with small values like 2, which should also be treated as null references.

Key Changes:

  • Introduces NULL_CHECK_PTR macro that treats addresses below NULL_AREA_SIZE (64KB on Windows, page size on Unix) as null references
  • Replaces NULL_CHECK with NULL_CHECK_PTR for all pointer dereferencing operations in the interpreter
  • Aligns interpreter null checking behavior with the rest of the runtime

am11
am11 reviewed Dec 5, 2025
View reviewed changes
src/coreclr/vm/interpexec.cpp
#define LOCAL_VAR_ADDR(offset,type) ((type*)(stack + (offset)))
#define LOCAL_VAR(offset,type) (*LOCAL_VAR_ADDR(offset, type))
#define NULL_CHECK(o) do { if ((o) == NULL) { COMPlusThrow(kNullReferenceException); } } while (0)
#define NULL_CHECK_PTR(o) do { if ((TADDR)(o) < NULL_AREA_SIZE) { COMPlusThrow(kNullReferenceException); } } while (0)
Copy link
Member

@am11 am11 Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jkotas, can we align naot NULL_AREA_SIZE with coreclr for Unix:

runtime/src/coreclr/nativeaot/Runtime/Pal.h

Line 110 in 91509b1

#define NULL_AREA_SIZE (4*1024)

runtime/src/coreclr/vm/excep.h

Line 53 in 91509b1

#define NULL_AREA_SIZE GetOsPageSize()
it was added in dotnet/corert@99841b9.

Copy link
Member

@jkotas jkotas Dec 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maxUncheckedOffsetForNullObject used during the code generation must be in sync with NULL_AREA_SIZE used at runtime (there is 2x factor between these two constants).

For correctness, it is ok for maxUncheckedOffsetForNullObject to be less than NULL_AREA_SIZE, but it cannot be more than NULL_AREA_SIZE.

For security, it is best for NULL_AREA_SIZE to be as tight as possible to avoid mischaracterizing dirty segfauls as NullReferenceExceptions unnecessarily.

If we were to unify NULL_AREA_SIZE between NAOT and JIT, it would not be as tight as possible in all situations, and we would be leaving a bit of security on the table.

@jkotas
Copy link
Member

jkotas commented Dec 6, 2025
edited
Loading

For example, some interop tests fail because various LDIND variants get pointer that is e.g. 2 or other low value.

Are these tests valid, or are they just testing an unspecified behavior that the JIT happens to have? We do not need to have bug-for-bug compatibility for unspecified behavior.

The check introduced in this PR is a bit more expensive than a simple null check. We do not want to be regressing interpreter executor perf unnecessarily.

This was referenced Dec 6, 2025
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkotas jkotas jkotas left review comments

Copilot code review Copilot Copilot left review comments

@kg kg kg approved these changes

@davidwrighton davidwrighton davidwrighton approved these changes

@BrzVlad BrzVlad Awaiting requested review from BrzVlad BrzVlad is a code owner

+1 more reviewer

@am11 am11 am11 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@janvorli janvorli

Labels

area-CodeGen-Interpreter-coreclr

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

5 participants

@janvorli @jkotas @kg @am11 @davidwrighton