Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement support for UnsafeAccessor in the trimmer #88268

Merged
merged 53 commits into from
Jul 18, 2023
Merged

Implement support for UnsafeAccessor in the trimmer #88268

merged 53 commits into from
Jul 18, 2023

Conversation

vitek-karas
Copy link
Member

The core of the change is that UnsafeAccessor creates a code dependency from the accessor method to the target specified by the attribute. The trimmer needs to follow this dependency and preserve the target. Additionally, because the trimmer operates at the IL level, it needs to make sure that the target will keep its name and some other properties intact (so that the runtime implementation of the UnsafeAccessor can still work).

Implementation choices:

  • The trimmer will mark the target as "accessed via reflection", this is a simple way to make sure that name and other properties about the target are preserved. This could be optimized in the future, but the savings are probably not that interesting.
  • The implementation ran into a problem when trying to precisely match the signature overload resolution. Due to Cecil issues and the fact that Cecil's resolution algorithm is not extensible, it was not possible to match the runtime's behavior without adding lot more complexity (currently it seems we would have to reimplement method resolution in the trimmer). So, to simplify the implementation, trimmer will mark all methods of a given name. This means it will mark more than necessary. This is fixable by adding more complexity to the code base if we think there's a good reason for it.
  • Due to the above choices, there are some behavioral differences:
    • Trimmer will warn if the target has data flow annotations, always. There's no way to "fix" this in the code without a suppression.
    • Trimmer will produce different warning codes even if there is a true data flow mismatch - this is because it treats the access as "reflection access" which produces different warning codes from direct access.
    • These differences are fixable, but it was not deemed necessary right now.
  • We decided that analyzer will not react to the attribute at all, and thus will not produce any diagnostics around it.

The guiding reason to keep the implementation simple is that we don't expect the unsafe accessor to be used by developers directly, instead we assume that vast majority of its usages will be from source generators. So, developer UX is not as important.

Test changes:

  • Adds directed tests for the marking behavior
  • Adds tests to verify that Requires* attributes behave correctly
  • Adds tests to verify that data flow annotations behave as expected (described above)
  • The tests are effectively a second validation of the NativeAOT implementation as they cover NativeAOT as well.

Fixes in CoreCLR/NativeAOT:
This change fixes one bug in the CoreCLR/NativeAOT implementation, unsafe accessor on a instance method of a value type must use "by-ref" parameter for the this parameter. Without the "by-ref" the accessor is considered invalid and will throw.
This change also adds some tests to the CoreCLR/NativeAOT test suite.

Part of #86161.
Related to #86438.
Feature design in #81741.

@vitek-karas vitek-karas added the area-Tools-ILLink .NET linker development as well as trimming analyzers label Jun 30, 2023
@vitek-karas vitek-karas added this to the 8.0.0 milestone Jun 30, 2023
@vitek-karas vitek-karas self-assigned this Jun 30, 2023
@ghost
Copy link

ghost commented Jun 30, 2023

Tagging subscribers to this area: @agocke, @sbomer, @vitek-karas
See info in area-owners.md if you want to be subscribed.

Issue Details

The core of the change is that UnsafeAccessor creates a code dependency from the accessor method to the target specified by the attribute. The trimmer needs to follow this dependency and preserve the target. Additionally, because the trimmer operates at the IL level, it needs to make sure that the target will keep its name and some other properties intact (so that the runtime implementation of the UnsafeAccessor can still work).

Implementation choices:

  • The trimmer will mark the target as "accessed via reflection", this is a simple way to make sure that name and other properties about the target are preserved. This could be optimized in the future, but the savings are probably not that interesting.
  • The implementation ran into a problem when trying to precisely match the signature overload resolution. Due to Cecil issues and the fact that Cecil's resolution algorithm is not extensible, it was not possible to match the runtime's behavior without adding lot more complexity (currently it seems we would have to reimplement method resolution in the trimmer). So, to simplify the implementation, trimmer will mark all methods of a given name. This means it will mark more than necessary. This is fixable by adding more complexity to the code base if we think there's a good reason for it.
  • Due to the above choices, there are some behavioral differences:
    • Trimmer will warn if the target has data flow annotations, always. There's no way to "fix" this in the code without a suppression.
    • Trimmer will produce different warning codes even if there is a true data flow mismatch - this is because it treats the access as "reflection access" which produces different warning codes from direct access.
    • These differences are fixable, but it was not deemed necessary right now.
  • We decided that analyzer will not react to the attribute at all, and thus will not produce any diagnostics around it.

The guiding reason to keep the implementation simple is that we don't expect the unsafe accessor to be used by developers directly, instead we assume that vast majority of its usages will be from source generators. So, developer UX is not as important.

Test changes:

  • Adds directed tests for the marking behavior
  • Adds tests to verify that Requires* attributes behave correctly
  • Adds tests to verify that data flow annotations behave as expected (described above)
  • The tests are effectively a second validation of the NativeAOT implementation as they cover NativeAOT as well.

Fixes in CoreCLR/NativeAOT:
This change fixes one bug in the CoreCLR/NativeAOT implementation, unsafe accessor on a instance method of a value type must use "by-ref" parameter for the this parameter. Without the "by-ref" the accessor is considered invalid and will throw.
This change also adds some tests to the CoreCLR/NativeAOT test suite.

Part of #86161.
Related to #86438.
Feature design in #81741.

Author: vitek-karas
Assignees: vitek-karas
Labels:

area-Tools-ILLink
Milestone: 8.0.0

AaronRobinsonMSFT
AaronRobinsonMSFT approved these changes Jun 30, 2023
View reviewed changes
Copy link
Member

@AaronRobinsonMSFT AaronRobinsonMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NativeAOT/VM changes and new runtime tests LGTM.

Thank you!

@runfoapp runfoapp bot mentioned this pull request Jun 30, 2023
Closed
@build-analysis build-analysis bot mentioned this pull request Jul 1, 2023
Closed
vitek-karas and others added 17 commits July 17, 2023 03:10
@vitek-karas
Fixups after a recent fix in CoreCLR implementation
43726d7
@vitek-karas
Revert to method group marking
74a5ee5 
Parameter overload resolution is very problematic in Cecil - would have to reimplement it effectively.
@vitek-karas
Resolve inhertiance behavior inconsistencies
47d82d0
@vitek-karas
Simplify the code
74d57c0
@vitek-karas
Add support for fields
4f945d4
@vitek-karas
Methods on value types
13972ca 
Fixes a bug in CoreCLR and NativeAOT which would allow non-ref this for value instance method accessors. This leads to asserts from JIT.
@vitek-karas
Fields on value types
4ffa95d
@vitek-karas
Requires tests
e9fcb68
@vitek-karas
DAM and UnsafeAccessor tests
ce9376b
@vitek-karas
Formatting
f2c595a
@vitek-karas
Formatting
50a219a
@vitek-karas @jkotas
Update src/coreclr/tools/Common/TypeSystem/IL/UnsafeAccessors.cs
623a2f0 
Co-authored-by: Jan Kotas <jkotas@microsoft.com>
@agocke @vitek-karas
Linker tests use both XUnit and VSTest format
906ccb9
@agocke @vitek-karas
Add enablePublishTestResults
7dbca19
@vitek-karas
Fix API compat - hide the redefined BCL type
45cd27a
@vitek-karas
Exclude the new tests on mono
58741fb
@lambdageek
Merge branch 'main' into TrimmerUnsafeAccessor
344037f
@lambdageek
Copy link
Member

@vitek-karas I resolved the merge conflict

sbomer
sbomer approved these changes Jul 17, 2023
View reviewed changes
Copy link
Member

@sbomer sbomer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ILLink changes LGTM!

src/tools/illink/src/linker/Linker.Steps/UnsafeAccessorMarker.cs Outdated Show resolved Hide resolved
src/tools/illink/src/linker/Linker/UnsafeAccessorKind.cs Outdated
// Copyright (c) .NET Foundation and contributors. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.

// Copy of the enum from CoreLib - once that is merged this should be deleted.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the build failures I think this can be removed now

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes - I'm testing this locally - there are also some merge conflicts in the runtime test. I need to test it on all 3 runtimes now :-)

@build-analysis build-analysis bot mentioned this pull request Jul 17, 2023
Closed
This was referenced Jul 17, 2023
Closed
Open
@vitek-karas
Copy link
Member Author

Test failures are unrelated.

@vitek-karas vitek-karas merged commit ac3979a into dotnet:main Jul 18, 2023
178 of 181 checks passed
@vitek-karas vitek-karas deleted the TrimmerUnsafeAccessor branch July 18, 2023 07:33
@ghost ghost locked as resolved and limited conversation to collaborators Aug 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lambdageek lambdageek lambdageek left review comments

@jkotas jkotas jkotas left review comments

@sbomer sbomer sbomer approved these changes

@AaronRobinsonMSFT AaronRobinsonMSFT AaronRobinsonMSFT approved these changes

@marek-safar marek-safar Awaiting requested review from marek-safar marek-safar is a code owner

@MichalStrehovsky MichalStrehovsky Awaiting requested review from MichalStrehovsky MichalStrehovsky is a code owner

Assignees

@vitek-karas vitek-karas

Labels
area-Tools-ILLink .NET linker development as well as trimming analyzers
Projects
None yet
Milestone
8.0.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@vitek-karas @lambdageek @sbomer @jkotas @AaronRobinsonMSFT @agocke