[Apple mobile] Handle missing IL-to-native map in DebuggerJitInfo#128764
Open
kotlarmilos wants to merge 2 commits into
Open
[Apple mobile] Handle missing IL-to-native map in DebuggerJitInfo#128764kotlarmilos wants to merge 2 commits into
kotlarmilos wants to merge 2 commits into
Conversation
…itInfo DebuggerJitInfo::MapILOffsetToNative dereferences the entry returned by MapILOffsetToMapEntry without checking for NULL, which crashes when m_sequenceMap is NULL. This is the normal state for ReadyToRun-precompiled methods that ship without IL-to-native debug info (most framework code in iOS Debug builds). The crash reproduces on the first R2R framework method call under the CoreCLR remote debugger: ReadyToRunInfo::GetEntryPoint triggers Debugger::JITComplete -> MapAndBindFunctionPatches -> AddBindAndActivateILReplicaPatch -> MapILOffsetToNative, which derefs NULL and kills the process before the debug session attaches. Return a (SIZE_T)-1 sentinel from MapILOffsetToNative, MapILOffsetToNativeForSetIP, and GetSrcTypeFromILOffset when the map is missing, and skip sentinel funclet entries in AddBindAndActivateILReplicaPatch. The sentinel is already the convention used by ILToNativeOffsetIterator::Next. Behavior for methods with a valid sequence map is unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Tagging subscribers to this area: @steveisok, @tommcdon, @dotnet/dotnet-diag |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens CoreCLR debugger IL-to-native mapping paths for methods that lack sequence maps, such as ReadyToRun framework methods on Apple mobile, avoiding null dereferences during debugger patch binding.
Changes:
- Treat missing/empty sequence maps as unmappable in
DebuggerJitInfohelpers. - Return existing sentinel values for missing IL-to-native mappings.
- Skip sentinel native offsets when binding IL replica patches.
Show a summary per file
| File | Description |
|---|---|
src/coreclr/debug/ee/functioninfo.cpp |
Adds null handling for sequence-map lookups and sentinel returns for missing mappings. |
src/coreclr/debug/ee/controller.cpp |
Avoids binding patches for sentinel native offsets from the iterator. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 2
kotlarmilos
changed the title
Move pointer arithmetic on the sequence map base after the NULL guard in MapILOffsetToMapEntry and MapILOffsetToNativeForSetIP so the missing-map path never performs arithmetic on a NULL pointer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
|
@kotlarmilos why don't we have the same problem without interpreter (JIT+R2R) on other platforms? |
This was referenced May 29, 2026
Open
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
DebuggerJitInfo::MapILOffsetToNativedereferences the entry returned byMapILOffsetToMapEntrywithout checking for NULL, which crashes whenm_sequenceMapis NULL. This is the expected state for ReadyToRun-precompiled methods that ship without IL-to-native debug info. The crash reproduces on the first R2R framework method call under the CoreCLR remote debugger.The fix is to return a
(SIZE_T)-1sentinel fromMapILOffsetToNative,MapILOffsetToNativeForSetIP, andGetSrcTypeFromILOffsetwhen the map is missing, and skip sentinel funclet entries inAddBindAndActivateILReplicaPatch.