Skip to content

[clr-interp] Access checks and callouts #120581

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
davidwrighton merged 5 commits into from
Oct 10, 2025
Merged

[clr-interp] Access checks and callouts #120581

davidwrighton merged 5 commits into from
Oct 10, 2025

Conversation

@davidwrighton
Copy link
Member

@davidwrighton davidwrighton commented Oct 9, 2025

Add support for visibility and access checks, as well as ambiguous function identification

  • Utilize the jit interface driven scheme where certain jit interface calls will inform the jit that it should inject a call to a helper function.

As a drive-by feature, add support for DOTNET_InterpBreak which works like DOTNET_JitBreak in that it will cause the interpreter compiler to assert when a function is about to go through the interpreter compiler. This is useful to make it easy to debug the interpreter compiler compiling a specific method.

Copilot AI review requested due to automatic review settings October 9, 2025 22:38
@github-actions github-actions bot added the needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners label Oct 9, 2025
@davidwrighton davidwrighton added area-CodeGen-Interpreter-coreclr and removed needs-area-label An area label is needed to ensure this gets routed to the appropriate area owners labels Oct 9, 2025
Copilot AI reviewed Oct 9, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for visibility and access checks to the CLR interpreter, along with a debugging feature. The main purpose is to implement security checks during interpretation by utilizing the JIT interface's existing access control mechanisms and injecting helper function calls when access violations are detected.

Key changes:

  • Adds two new interpreter opcodes for calling helper functions with 2 and 3 pointer arguments
  • Implements access control checks throughout the interpreter compiler for field access, method calls, and class operations
  • Adds DOTNET_InterpBreak debug configuration option similar to DOTNET_JitBreak

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/coreclr/vm/interpexec.cpp Adds execution logic for new helper call opcodes with 2 and 3 arguments
src/coreclr/interpreter/interpconfigvalues.h Adds InterpBreak configuration option for debugging
src/coreclr/interpreter/inc/intops.def Defines two new opcodes for helper function calls
src/coreclr/interpreter/compiler.h Declares new method for emitting callsite callout instructions
src/coreclr/interpreter/compiler.cpp Implements access checks and callout emission throughout compilation

@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Oct 9, 2025

Tagging subscribers to this area: @BrzVlad, @janvorli, @kg
See info in area-owners.md if you want to be subscribed.

janvorli
janvorli approved these changes Oct 9, 2025
View reviewed changes
@build-analysis build-analysis bot mentioned this pull request Oct 10, 2025
Closed
@davidwrighton davidwrighton merged commit 634641c into dotnet:main Oct 10, 2025
96 of 98 checks passed
@dotnet-maestro dotnet-maestro bot mentioned this pull request Oct 14, 2025
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Nov 9, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@janvorli janvorli janvorli approved these changes

@BrzVlad BrzVlad Awaiting requested review from BrzVlad BrzVlad is a code owner

@kg kg Awaiting requested review from kg kg is a code owner

Assignees

@davidwrighton davidwrighton

Labels

area-CodeGen-Interpreter-coreclr

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davidwrighton @janvorli