[mono] invoke delegate method thunk hit asset.

[srxqds]

Description

we embed mono, use jit mix with interp, use mono_jit_set_aot_mode(MONO_AOT_MODE_INTERP_ONLY);

we get MonoDelegate invoke method thunk and invoke it, it hit asset at line:

runtime/src/mono/mono/metadata/marshal-lightweight.c

Line 2015 in 07f5fca

g_assert (sig->hasthis);

Reproduction Steps

// pass delegate from c# to c.
MonoDelegate* InDelegate;
MonoClass* DelegateClass = mono_object_get_class(InDelegate);

MonoMethod* InvokeMethod = mono_get_delegate_invoke(DelegateClass);

void * ThunkMethod = mono_method_get_unmanaged_thunk(InvokeMethod );
typedef bool(STDCALL ThunkWithMonoObjectDeclaration) (MonoObject, float, MonoObject**);
bool result = (ThunkWithMonoObjectDeclaration)ThunkMethod(InDelegate, 1, nullptr); // hit crash

it works well in aot_interp or jit mode.

Expected behavior

work correctly

Actual behavior

crash

Regression?

no

Known Workarounds

No response

Configuration

dotnet7.0.3 mono

Other information

No response

[srxqds]

this line should set csig->hasthis if this is delegate invoke method.

runtime/src/mono/mono/metadata/marshal.c

Line 6192 in 316d286

if (sig->hasthis) {

and the stacktrace:

coreclr.dll!emit_delegate_invoke_internal_ilgen(_MonoMethodBuilder * mb, _MonoMethodSignature * sig, _MonoMethodSignature * invoke_sig, int static_method_with_first_arg_bound, int callvirt, int closed_over_null, _MonoMethod * method, _MonoMethod * target_method, _MonoClass * target_class, _MonoGenericContext * ctx, _MonoGenericContainer * container) Line 1981
	at F:\netease-gitlab\dotnet\runtime\src\mono\mono\metadata\marshal-lightweight.c(1981)
coreclr.dll!mono_marshal_get_delegate_invoke_internal(_MonoMethod * method, int callvirt, int static_method_with_first_arg_bound, _MonoMethod * target_method) Line 2175
	at F:\netease-gitlab\dotnet\runtime\src\mono\mono\metadata\marshal.c(2175)
coreclr.dll!mono_marshal_get_delegate_invoke(_MonoMethod * method, _MonoDelegate * del) Line 2254
	at F:\netease-gitlab\dotnet\runtime\src\mono\mono\metadata\marshal.c(2254)
coreclr.dll!interp_entry(InterpEntryData * data) Line 2184
	at F:\netease-gitlab\dotnet\runtime\src\mono\mono\mini\interp\interp.c(2184)
coreclr.dll!interp_entry_static_ret_3(void * res, void * arg1, void * arg2, void * arg3, InterpMethod * rmethod) Line 2895
	at F:\netease-gitlab\dotnet\runtime\src\mono\mono\mini\interp\interp.c(2895)

[srxqds]

@lambdageek @vargaz @BrzVlad can you take the time to check this?

[ghost]

Tagging subscribers to this area: @BrzVlad, @kotlarmilos
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

we embed mono, use jit mix with interp, use mono_jit_set_aot_mode(MONO_AOT_MODE_INTERP_ONLY);

we get MonoDelegate invoke method thunk and invoke it, it hit asset at line:

runtime/src/mono/mono/metadata/marshal-lightweight.c

Line 2015 in 07f5fca

g_assert (sig->hasthis);

Reproduction Steps

// pass delegate from c# to c.
MonoDelegate* InDelegate;
MonoClass* DelegateClass = mono_object_get_class(InDelegate);

MonoMethod* InvokeMethod = mono_get_delegate_invoke(DelegateClass);

void * ThunkMethod = mono_method_get_unmanaged_thunk(InvokeMethod );
typedef bool(STDCALL ThunkWithMonoObjectDeclaration) (MonoObject, float, MonoObject**);
bool result = (ThunkWithMonoObjectDeclaration)ThunkMethod(InDelegate, 1, nullptr); // hit crash

it works well in aot_interp or jit mode.

Expected behavior

work correctly

Actual behavior

crash

Regression?

no

Known Workarounds

No response

Configuration

dotnet7.0.3 mono

Other information

No response

Author:	srxqds
Assignees:	-
Labels:	untriaged, area-Codegen-Interpreter-mono
Milestone:	-

[srxqds]

any idea about it?

[vargaz]

It would be better to use normal apis like passing delegates directly to native code, Marshal.GetFunctionPointerForDelegate, [UnmanagedCallersOnly] etc.

[srxqds]

got it, but hope you can take the time to fix this problem, make monovm more and more robust.

[srxqds]

internal class DelegateInvokeTests
{
	[MethodImpl(MethodImplOptions.InternalCall)]
	private static extern void InvokeDelegate(IntPtr d6);

	[Test("DelegateInvoke")]
	private static void Entry()
	{
		DelegateInvokeTests instance = new DelegateInvokeTests();
		var a = new Func<int>(instance.DelegateIntVoid);
		InvokeDelegate(Marshal.GetFunctionPointerForDelegate(a));
	}
	
	private int DelegateIntVoid() { return 0; }
}

// add internal call

mono_add_internal_call("DelegateInvokeTests::InvokeDelegate",  &InvokeDelegate);

void InvokeDelegate(void* InDelegate)
{
int (*Delegate)() = (int(*)())InDelegate;
int Result = Delegate();  // when execute this line will cause crash: 0xC0000005
}

I have try the above code in jit mode on win-x64 .net8.0.0 version, it will hit crash.

@vargaz can you help me?

[srxqds]

I found the delegate function pointer signature is:

int (Delegate)(MonoObject) = (int()(MonoObject))InDelegate;

but we don't keep referenece the target in native side, so this solution is useless.

and the Marshal.GetFunctionPointerForDelegate not support multicastdelegate.