Downgrade MethodTables used in reflection invoke (#111610)

When we make a method reflection-callable, we have to make sure the reflection stack can get type handles of types within the method signature. The type handles are used as part of reflection activation to do castability checks (is it valid to call the method with this parameter?) and to do boxing of return values.

In the past, what we did:

* If the type has a canonical form, generate type loader template for it.
* Otherwise, generate a constructed MethodTable.

This was too much, so we restricted it in #92994 into:

* If the type is a GC pointer, don't generate anything. Update reflection stack to be able to deal with a null type handle if and only if this is a reference type and nobody actually allocated such reference type.
* Otherwise do what we did above.

This is still a bit too much, as demonstrated in #111544 (comment).

In this PR, I'm restricting this further to:

* If the type is in the canonical form (not just "has canonical form" - "_is_ canonical form"), generate type loader template.
* If the type is an out valuetype parameter, generate constructed method table (since reflection stack is going to end up boxing)
* Generate necessary (unconstructed) method table otherwise (since we're only going to do castability checks and necessary method tables are exactly for that)

I'm deleting the "GC pointer could have null methodtable" complication since it doesn't help much in practice once we downgraded to necessary method tables (that revert is in dc34018 and rt-sz measurements show it really doesn't affect much).

Cc @dotnet/ilc-contrib

Author: MichalStrehovsky

src/coreclr/nativeaot/System.Private.CoreLib/src/System/InvokeUtils.cs

@@ -409,11 +409,8 @@ private static Exception CreateChangeTypeException(MethodTable* srcEEType, Metho
         }
 
         internal static ArgumentException CreateChangeTypeArgumentException(MethodTable* srcEEType, MethodTable* dstEEType, bool destinationIsByRef = false)
-            => CreateChangeTypeArgumentException(srcEEType, Type.GetTypeFromHandle(new RuntimeTypeHandle(dstEEType)), destinationIsByRef);
-
-        internal static ArgumentException CreateChangeTypeArgumentException(MethodTable* srcEEType, Type dstType, bool destinationIsByRef = false)
         {
-            object? destinationTypeName = dstType;
+            object? destinationTypeName = Type.GetTypeFromHandle(new RuntimeTypeHandle(dstEEType));
             if (destinationIsByRef)
                 destinationTypeName += "&";
             return new ArgumentException(SR.Format(SR.Arg_ObjObjEx, Type.GetTypeFromHandle(new RuntimeTypeHandle(srcEEType)), destinationTypeName));

src/coreclr/nativeaot/System.Private.CoreLib/src/System/Reflection/DynamicInvokeInfo.cs

@@ -74,37 +74,36 @@ public unsafe DynamicInvokeInfo(MethodBase method, IntPtr invokeThunk)
                 {
                     Transform transform = default;
 
-                    var argumentType = (RuntimeType)parameters[i].ParameterType;
+                    Type argumentType = parameters[i].ParameterType;
                     if (argumentType.IsByRef)
                     {
                         _needsCopyBack = true;
                         transform |= Transform.ByRef;
-                        argumentType = (RuntimeType)argumentType.GetElementType()!;
+                        argumentType = argumentType.GetElementType()!;
                     }
                     Debug.Assert(!argumentType.IsByRef);
 
-                    // This can return a null MethodTable for reference types.
-                    // The compiler makes sure it returns a non-null MT for everything else.
-                    MethodTable* eeArgumentType = argumentType.ToMethodTableMayBeNull();
-                    if (argumentType.IsValueType)
+                    MethodTable* eeArgumentType = argumentType.TypeHandle.ToMethodTable();
+
+                    if (eeArgumentType->IsValueType)
                     {
-                        Debug.Assert(eeArgumentType->IsValueType);
+                        Debug.Assert(argumentType.IsValueType);
 
                         if (eeArgumentType->IsByRefLike)
                             _argumentCount = ArgumentCount_NotSupported_ByRefLike;
 
                         if (eeArgumentType->IsNullable)
                             transform |= Transform.Nullable;
                     }
-                    else if (argumentType.IsPointer)
+                    else if (eeArgumentType->IsPointer)
                     {
-                        Debug.Assert(eeArgumentType->IsPointer);
+                        Debug.Assert(argumentType.IsPointer);
 
                         transform |= Transform.Pointer;
                     }
-                    else if (argumentType.IsFunctionPointer)
+                    else if (eeArgumentType->IsFunctionPointer)
                     {
-                        Debug.Assert(eeArgumentType->IsFunctionPointer);
+                        Debug.Assert(argumentType.IsFunctionPointer);
 
                         transform |= Transform.FunctionPointer;
                     }
@@ -122,18 +121,19 @@ public unsafe DynamicInvokeInfo(MethodBase method, IntPtr invokeThunk)
             {
                 Transform transform = default;
 
-                var returnType = (RuntimeType)methodInfo.ReturnType;
+                Type returnType = methodInfo.ReturnType;
                 if (returnType.IsByRef)
                 {
                     transform |= Transform.ByRef;
-                    returnType = (RuntimeType)returnType.GetElementType()!;
+                    returnType = returnType.GetElementType()!;
                 }
                 Debug.Assert(!returnType.IsByRef);
 
-                MethodTable* eeReturnType = returnType.ToMethodTableMayBeNull();
-                if (returnType.IsValueType)
+                MethodTable* eeReturnType = returnType.TypeHandle.ToMethodTable();
+
+                if (eeReturnType->IsValueType)
                 {
-                    Debug.Assert(eeReturnType->IsValueType);
+                    Debug.Assert(returnType.IsValueType);
 
                     if (returnType != typeof(void))
                     {
@@ -152,17 +152,17 @@ public unsafe DynamicInvokeInfo(MethodBase method, IntPtr invokeThunk)
                             _argumentCount = ArgumentCount_NotSupported; // ByRef to void return
                     }
                 }
-                else if (returnType.IsPointer)
+                else if (eeReturnType->IsPointer)
                 {
-                    Debug.Assert(eeReturnType->IsPointer);
+                    Debug.Assert(returnType.IsPointer);
 
                     transform |= Transform.Pointer;
                     if ((transform & Transform.ByRef) == 0)
                         transform |= Transform.AllocateReturnBox;
                 }
-                else if (returnType.IsFunctionPointer)
+                else if (eeReturnType->IsFunctionPointer)
                 {
-                    Debug.Assert(eeReturnType->IsFunctionPointer);
+                    Debug.Assert(returnType.IsFunctionPointer);
 
                     transform |= Transform.FunctionPointer;
                     if ((transform & Transform.ByRef) == 0)
@@ -585,12 +585,6 @@ private unsafe ref byte InvokeDirectWithFewArguments(
             return defaultValue;
         }
 
-        private void ThrowForNeverValidNonNullArgument(MethodTable* srcEEType, int index)
-        {
-            Debug.Assert(index != 0 || _isStatic);
-            throw InvokeUtils.CreateChangeTypeArgumentException(srcEEType, Method.GetParametersAsSpan()[index - (_isStatic ? 0 : 1)].ParameterType, destinationIsByRef: false);
-        }
-
         private unsafe void CheckArguments(
             Span<object?> copyOfParameters,
             void* byrefParameters,
@@ -630,25 +624,16 @@ private unsafe void CheckArguments(
                     MethodTable* srcEEType = arg.GetMethodTable();
                     MethodTable* dstEEType = argumentInfo.Type;
 
-                    if (srcEEType != dstEEType)
-                    {
-                        // Destination type can be null if we don't have a MethodTable for this type. This means one cannot
-                        // possibly pass a valid non-null object instance here.
-                        if (dstEEType == null)
-                        {
-                            ThrowForNeverValidNonNullArgument(srcEEType, i);
-                        }
-
-                        if (!(RuntimeImports.AreTypesAssignable(srcEEType, dstEEType) ||
-                            (dstEEType->IsInterface && arg is System.Runtime.InteropServices.IDynamicInterfaceCastable castable
+                    if (!(srcEEType == dstEEType ||
+                        RuntimeImports.AreTypesAssignable(srcEEType, dstEEType) ||
+                        (dstEEType->IsInterface && arg is System.Runtime.InteropServices.IDynamicInterfaceCastable castable
                             && castable.IsInterfaceImplemented(new RuntimeTypeHandle(dstEEType), throwIfNotImplemented: false))))
-                        {
-                            // ByRefs have to be exact match
-                            if ((argumentInfo.Transform & Transform.ByRef) != 0)
-                                throw InvokeUtils.CreateChangeTypeArgumentException(srcEEType, argumentInfo.Type, destinationIsByRef: true);
+                    {
+                        // ByRefs have to be exact match
+                        if ((argumentInfo.Transform & Transform.ByRef) != 0)
+                            throw InvokeUtils.CreateChangeTypeArgumentException(srcEEType, argumentInfo.Type, destinationIsByRef: true);
 
-                            arg = InvokeUtils.CheckArgumentConversions(arg, argumentInfo.Type, InvokeUtils.CheckArgumentSemantics.DynamicInvoke, binderBundle);
-                        }
+                        arg = InvokeUtils.CheckArgumentConversions(arg, argumentInfo.Type, InvokeUtils.CheckArgumentSemantics.DynamicInvoke, binderBundle);
                     }
 
                     if ((argumentInfo.Transform & Transform.Reference) == 0)
@@ -707,25 +692,16 @@ private unsafe void CheckArguments(
                     MethodTable* srcEEType = arg.GetMethodTable();
                     MethodTable* dstEEType = argumentInfo.Type;
 
-                    if (srcEEType != dstEEType)
-                    {
-                        // Destination type can be null if we don't have a MethodTable for this type. This means one cannot
-                        // possibly pass a valid non-null object instance here.
-                        if (dstEEType == null)
-                        {
-                            ThrowForNeverValidNonNullArgument(srcEEType, i);
-                        }
-
-                        if (!(RuntimeImports.AreTypesAssignable(srcEEType, dstEEType) ||
-                            (dstEEType->IsInterface && arg is System.Runtime.InteropServices.IDynamicInterfaceCastable castable
+                    if (!(srcEEType == dstEEType ||
+                        RuntimeImports.AreTypesAssignable(srcEEType, dstEEType) ||
+                        (dstEEType->IsInterface && arg is System.Runtime.InteropServices.IDynamicInterfaceCastable castable
                             && castable.IsInterfaceImplemented(new RuntimeTypeHandle(dstEEType), throwIfNotImplemented: false))))
-                        {
-                            // ByRefs have to be exact match
-                            if ((argumentInfo.Transform & Transform.ByRef) != 0)
-                                throw InvokeUtils.CreateChangeTypeArgumentException(srcEEType, argumentInfo.Type, destinationIsByRef: true);
+                    {
+                        // ByRefs have to be exact match
+                        if ((argumentInfo.Transform & Transform.ByRef) != 0)
+                            throw InvokeUtils.CreateChangeTypeArgumentException(srcEEType, argumentInfo.Type, destinationIsByRef: true);
 
-                            arg = InvokeUtils.CheckArgumentConversions(arg, argumentInfo.Type, InvokeUtils.CheckArgumentSemantics.DynamicInvoke, binderBundle: null);
-                        }
+                        arg = InvokeUtils.CheckArgumentConversions(arg, argumentInfo.Type, InvokeUtils.CheckArgumentSemantics.DynamicInvoke, binderBundle: null);
                     }
 
                     if ((argumentInfo.Transform & Transform.Reference) == 0)

src/coreclr/tools/Common/Compiler/GenericCycleDetection/GraphBuilder.cs

@@ -9,6 +9,8 @@
 using Internal.TypeSystem;
 using Internal.TypeSystem.Ecma;
 
+using Debug = System.Diagnostics.Debug;
+
 namespace ILCompiler
 {
     internal static partial class LazyGenericsSupport
@@ -207,6 +209,30 @@ public GraphBuilder(EcmaModule assembly)
                             }
                         }
                     }
+
+                    if (isGenericType)
+                    {
+                        Instantiation typeContext = default;
+
+                        foreach (FieldDefinitionHandle fieldHandle in typeDefinition.GetFields())
+                        {
+                            try
+                            {
+                                var ecmaField = (EcmaField)assembly.GetObject(fieldHandle);
+
+                                if (typeContext.IsNull)
+                                {
+                                    typeContext = ecmaField.OwningType.Instantiation;
+                                    Debug.Assert(!typeContext.IsNull);
+                                }
+
+                                ProcessTypeReference(ecmaField.FieldType, typeContext, default);
+                            }
+                            catch (TypeSystemException)
+                            {
+                            }
+                        }
+                    }
                 }
                 return;
             }

src/coreclr/tools/Common/Compiler/GenericCycleDetection/ModuleCycleInfo.cs

@@ -223,10 +223,10 @@ public void DetectCycle(TypeSystemEntity owner, TypeSystemEntity referent)
                 if (_depthCutoff < 0)
                     return;
 
-                // Not clear if generic recursion through fields is a thing
-                if (referent is FieldDesc)
+                // Fields don't introduce more genericness than their owning type, so treat as their owning type
+                if (referent is FieldDesc referentField)
                 {
-                    return;
+                    referent = referentField.OwningType;
                 }
 
                 var ownerType = owner as TypeDesc;

src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/DependencyAnalysis/ReflectedFieldNode.cs

@@ -97,7 +97,7 @@ public override IEnumerable<DependencyListEntry> GetStaticDependencies(NodeFacto
             }
 
             TypeDesc fieldType = _field.FieldType.NormalizeInstantiation();
-            ReflectionInvokeMapNode.AddSignatureDependency(ref dependencies, factory, fieldType, "Type of the field");
+            ReflectionInvokeMapNode.AddSignatureDependency(ref dependencies, factory, _field, fieldType, "Type of the field", isOut: true);
 
             return dependencies;
         }

src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/DependencyAnalysis/ReflectionInvokeMapNode.cs

@@ -55,9 +55,9 @@ public static void AddDependenciesDueToReflectability(ref DependencyList depende
                 dependencies.Add(factory.MethodEntrypoint(invokeStub), "Reflection invoke");
 
                 var signature = method.Signature;
-                AddSignatureDependency(ref dependencies, factory, signature.ReturnType, "Reflection invoke");
+                AddSignatureDependency(ref dependencies, factory, method, signature.ReturnType, "Reflection invoke", isOut: true);
                 foreach (var parameterType in signature)
-                    AddSignatureDependency(ref dependencies, factory, parameterType, "Reflection invoke");
+                    AddSignatureDependency(ref dependencies, factory, method, parameterType, "Reflection invoke", isOut: false);
             }
 
             if (method.OwningType.IsValueType && !method.Signature.IsStatic)
@@ -96,10 +96,13 @@ public static void AddDependenciesDueToReflectability(ref DependencyList depende
             ReflectionVirtualInvokeMapNode.GetVirtualInvokeMapDependencies(ref dependencies, factory, method);
         }
 
-        internal static void AddSignatureDependency(ref DependencyList dependencies, NodeFactory factory, TypeDesc type, string reason)
+        internal static void AddSignatureDependency(ref DependencyList dependencies, NodeFactory factory, TypeSystemEntity referent, TypeDesc type, string reason, bool isOut)
         {
             if (type.IsByRef)
+            {
                 type = ((ParameterizedType)type).ParameterType;
+                isOut = true;
+            }
 
             // Pointer runtime type handles can be created at runtime if necessary
             while (type.IsPointer)
@@ -109,16 +112,26 @@ internal static void AddSignatureDependency(ref DependencyList dependencies, Nod
             if (type.IsPrimitive || type.IsVoid)
                 return;
 
-            // Reflection doesn't need the ability to generate MethodTables out of thin air for reference types.
-            // Skip generating the dependencies.
-            if (type.IsGCPointer)
-                return;
-
-            TypeDesc canonType = type.ConvertToCanonForm(CanonicalFormKind.Specific);
-            if (canonType.IsCanonicalSubtype(CanonicalFormKind.Any))
-                GenericTypesTemplateMap.GetTemplateTypeDependencies(ref dependencies, factory, canonType);
-            else
-                dependencies.Add(factory.MaximallyConstructableType(type), reason);
+            try
+            {
+                factory.TypeSystemContext.DetectGenericCycles(type, referent);
+
+                // Reflection might need to create boxed instances of valuetypes as part of reflection invocation.
+                // Non-valuetypes are only needed for the purposes of casting/type checks.
+                // If this is a non-exact type, we need the type loader template to get the type handle.
+                if (type.IsCanonicalSubtype(CanonicalFormKind.Any))
+                    GenericTypesTemplateMap.GetTemplateTypeDependencies(ref dependencies, factory, type.NormalizeInstantiation());
+                else if (isOut && !type.IsGCPointer)
+                    dependencies.Add(factory.MaximallyConstructableType(type.NormalizeInstantiation()), reason);
+                else
+                    dependencies.Add(factory.NecessaryTypeSymbol(type.NormalizeInstantiation()), reason);
+            }
+            catch (TypeSystemException)
+            {
+                // It's fine to continue compiling if there's a problem getting these. There's going to be a MissingMetadata
+                // exception when actually trying to invoke this and the exception will be different than the one we'd get with
+                // a JIT, but that's fine, we don't need to be bug-for-bug compatible.
+            }
         }
 
         public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)

src/tests/nativeaot/SmokeTests/TrimmingBehaviors/DeadCodeElimination.cs

@@ -133,8 +133,13 @@ public static void Run()
 
             {
                 MethodInfo mi = typeof(TestReflectionInvokeSignatures).GetMethod(nameof(Invoke2));
-                mi.Invoke(null, new object[1]);
+                var args = new object[1];
+                mi.Invoke(null, args);
                 ThrowIfNotPresent(typeof(TestReflectionInvokeSignatures), nameof(Allocated1));
+                if (args[0].GetType().Name != nameof(Allocated1))
+                    throw new Exception();
+                if (!args[0].ToString().Contains(nameof(Allocated1)))
+                    throw new Exception();
             }
         }
     }

src/tools/illink/test/Mono.Linker.Tests.Cases/LinkXml/TypeWithPreserveFieldsHasBackingFieldsOfPropertiesRemoved.cs

@@ -45,7 +45,7 @@ interface IDog
 			string Name { get; set; }
 		}
 
-		[Kept (By = Tool.Trimmer)]
+		[Kept]
 		interface IFoo<T>
 		{
 
@@ -62,6 +62,7 @@ interface IFoo3<T, K, J>
 			int Bar3 { get; set; }
 		}
 
+		[Kept (By = Tool.NativeAot)]
 		class Cat
 		{
 		}

src/tools/illink/test/Mono.Linker.Tests.Cases/Reflection/ObjectGetType.cs

@@ -1230,8 +1230,8 @@ class DerivedFromMethodsBase : MethodAnnotatedBase
 				void PrivateMethod () { }
 			}
 
-			[Kept(By = Tool.Trimmer /* only used in a method signature, not legitimate to keep beyond IL-level trimming */)]
-			[KeptBaseType (typeof (MethodAnnotatedBase), By = Tool.Trimmer)]
+			[Kept]
+			[KeptBaseType (typeof (MethodAnnotatedBase))]
 			class AnotherMethodsDerived : MethodAnnotatedBase
 			{
 				[Kept(By = Tool.Trimmer)]
@@ -1343,9 +1343,9 @@ interface INestedInterface
 				void InterfaceMethod ();
 			}
 
-			[Kept (By = Tool.Trimmer /* only used in a method signature, not legitimate to keep beyond IL-level trimming */)]
+			[Kept]
 			[KeptMember (".ctor()", By = Tool.Trimmer)]
-			[KeptBaseType (typeof (AnnotatedBase), By = Tool.Trimmer)]
+			[KeptBaseType (typeof (AnnotatedBase))]
 			class AnotherAnnotatedType : AnnotatedBase
 			{
 				[Kept (By = Tool.Trimmer)]