Implement better semantics for unverifiable code.

* verify.c (mono_method_verify_with_current_settings): Add extra param telling if the method should be treated as fulltrust regardless of verifier settings. The only implication of this is that fulltrust verification can't stop on the first unverifiable error like verifiable code can. This only impact unverifiable methods running on non standard verification setups. * mini.c (mini_method_verify): If the verifier is enabled and the method belongs to an assembly with a valid skip verification token (the UnverifiableCodeAttribute cattr) the code will be checked now for errors instead of simply been ignored. This patch gives --verify-all much more saner behavior for assemblies with unsafe code. Fixes #676054
mono · Mar 1, 2011 · bb57dab · bb57dab
1 parent a9ad5a5
commit bb57dab
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/mono/metadata/verify-internals.h b/mono/metadata/verify-internals.h
@@ -26,7 +26,7 @@ gboolean mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method
 
 gboolean mono_verifier_verify_class (MonoClass *klass) MONO_INTERNAL;
 
-GSList* mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility) MONO_INTERNAL;
+GSList* mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility, gboolean is_fulltrust) MONO_INTERNAL;
 
 gboolean mono_verifier_verify_pe_data (MonoImage *image, GSList **error_list) MONO_INTERNAL;
 gboolean mono_verifier_verify_cli_data (MonoImage *image, GSList **error_list) MONO_INTERNAL;

diff --git a/mono/metadata/verify.c b/mono/metadata/verify.c
@@ -5883,11 +5883,11 @@ mono_verifier_is_class_full_trust (MonoClass *klass)
 }
 
 GSList*
-mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility)
+mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility, gboolean is_fulltrust)
 {
 	return mono_method_verify (method, 
 			(verifier_mode != MONO_VERIFIER_MODE_STRICT ? MONO_VERIFY_NON_STRICT: 0)
-			| (!mono_verifier_is_method_full_trust (method) ? MONO_VERIFY_FAIL_FAST : 0)
+			| (!is_fulltrust && !mono_verifier_is_method_full_trust (method) ? MONO_VERIFY_FAIL_FAST : 0)
 			| (skip_visibility ? MONO_VERIFY_SKIP_VISIBILITY : 0));
 }
 
@@ -6172,7 +6172,7 @@ mono_verifier_verify_class (MonoClass *class)
 }
 
 GSList*
-mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility)
+mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility, gboolean is_fulltrust)
 {
 	/* The verifier was disabled at compile time */
 	return NULL;

diff --git a/mono/mini/mini.c b/mono/mini/mini.c
@@ -1489,12 +1489,13 @@ mini_method_verify (MonoCompile *cfg, MonoMethod *method, gboolean fail_compile)
 	if (method->verification_success)
 		return FALSE;
 
-	is_fulltrust = mono_verifier_is_method_full_trust (method);
-
 	if (!mono_verifier_is_enabled_for_method (method))
 		return FALSE;
 
-	res = mono_method_verify_with_current_settings (method, cfg->skip_visibility);
+	/*skip verification implies the assembly must be */
+	is_fulltrust = mono_verifier_is_method_full_trust (method) ||  mini_assembly_can_skip_verification (cfg->domain, method);
+
+	res = mono_method_verify_with_current_settings (method, cfg->skip_visibility, is_fulltrust);
 
 	if ((error = mono_loader_get_last_error ())) {
 		if (fail_compile)
@@ -1541,8 +1542,7 @@ gboolean
 mono_compile_is_broken (MonoCompile *cfg, MonoMethod *method, gboolean fail_compile)
 {
 	MonoMethod *method_definition = method;
-	gboolean dont_verify = mini_assembly_can_skip_verification (cfg->domain, method);
-	dont_verify |= method->klass->image->assembly->corlib_internal;
+	gboolean dont_verify = method->klass->image->assembly->corlib_internal;
 
 	while (method_definition->is_inflated) {
 		MonoMethodInflated *imethod = (MonoMethodInflated *) method_definition;