[Apple mobile] Handle missing IL-to-native map in DebuggerJitInfo#128764
Closed
kotlarmilos wants to merge 2 commits into
Closed
[Apple mobile] Handle missing IL-to-native map in DebuggerJitInfo#128764kotlarmilos wants to merge 2 commits into
kotlarmilos wants to merge 2 commits into
Conversation
…itInfo DebuggerJitInfo::MapILOffsetToNative dereferences the entry returned by MapILOffsetToMapEntry without checking for NULL, which crashes when m_sequenceMap is NULL. This is the normal state for ReadyToRun-precompiled methods that ship without IL-to-native debug info (most framework code in iOS Debug builds). The crash reproduces on the first R2R framework method call under the CoreCLR remote debugger: ReadyToRunInfo::GetEntryPoint triggers Debugger::JITComplete -> MapAndBindFunctionPatches -> AddBindAndActivateILReplicaPatch -> MapILOffsetToNative, which derefs NULL and kills the process before the debug session attaches. Return a (SIZE_T)-1 sentinel from MapILOffsetToNative, MapILOffsetToNativeForSetIP, and GetSrcTypeFromILOffset when the map is missing, and skip sentinel funclet entries in AddBindAndActivateILReplicaPatch. The sentinel is already the convention used by ILToNativeOffsetIterator::Next. Behavior for methods with a valid sequence map is unchanged. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Tagging subscribers to this area: @steveisok, @tommcdon, @dotnet/dotnet-diag |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens CoreCLR debugger IL-to-native mapping paths for methods that lack sequence maps, such as ReadyToRun framework methods on Apple mobile, avoiding null dereferences during debugger patch binding.
Changes:
- Treat missing/empty sequence maps as unmappable in
DebuggerJitInfohelpers. - Return existing sentinel values for missing IL-to-native mappings.
- Skip sentinel native offsets when binding IL replica patches.
Show a summary per file
| File | Description |
|---|---|
src/coreclr/debug/ee/functioninfo.cpp |
Adds null handling for sequence-map lookups and sentinel returns for missing mappings. |
src/coreclr/debug/ee/controller.cpp |
Avoids binding patches for sentinel native offsets from the iterator. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 2
kotlarmilos
changed the title
Move pointer arithmetic on the sequence map base after the NULL guard in MapILOffsetToMapEntry and MapILOffsetToNativeForSetIP so the missing-map path never performs arithmetic on a NULL pointer. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
|
@kotlarmilos why don't we have the same problem without interpreter (JIT+R2R) on other platforms? |
This was referenced May 29, 2026
Open
This was referenced Jun 1, 2026
kotlarmilos
added a commit
to dotnet/macios
that referenced
this pull request
Jun 1, 2026
The .NET SDK defaults PublishReadyToRunStripDebugInfo=true for ios/tvos/ iossimulator/tvossimulator/maccatalyst RIDs, which passes --strip-debug-info to crossgen2 and drops READYTORUN_SECTION_DEBUG_INFO from the composite R2R image. macios additionally defaults PublishReadyToRun=true (composite) for CoreCLR even in Debug, so user code ends up R2R'd with no IL-to-native map. The result under the CoreCLR remote debugger is that DebuggerJitInfo::LazyInitBounds cannot populate m_sequenceMap, line-level breakpoints fail to bind to a native offset, and (without dotnet/runtime#128764) MapILOffsetToNative crashes on a NULL map entry. Default PublishReadyToRunStripDebugInfo=false for CoreCLR apple-mobile Debug builds so the re-composited R2R image keeps debug info and the debugger gets accurate IL-to-native mappings. Release builds are unaffected and still strip. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Member
Author
I investigate more today and it seems to be a stripping problem. The .NET SDK defaults PublishReadyToRunStripDebugInfo=true for Apple mobile in Microsoft.NET.CrossGen.targets, which passes --strip-debug-info to crossgen2, so the R2R image ships without a READYTORUN_SECTION_DEBUG_INFO section. When the debugger tries to bind a breakpoint to such a method, it walks an empty map and dereferences NULL. Desktop doesn't strip the debug info, so the map exists and the same code path works. The SDK side is fixed in dotnet/sdk#54529. Closing this PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
DebuggerJitInfo::MapILOffsetToNativedereferences the entry returned byMapILOffsetToMapEntrywithout checking for NULL, which crashes whenm_sequenceMapis NULL. This is the expected state for ReadyToRun-precompiled methods that ship without IL-to-native debug info. The crash reproduces on the first R2R framework method call under the CoreCLR remote debugger.The fix is to return a
(SIZE_T)-1sentinel fromMapILOffsetToNative,MapILOffsetToNativeForSetIP, andGetSrcTypeFromILOffsetwhen the map is missing, and skip sentinel funclet entries inAddBindAndActivateILReplicaPatch.