Skip to content

Avoid unnecessary type loads during JIT-time access checks #127617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
davidwrighton wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Avoid unnecessary type loads during JIT-time access checks #127617

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
99ba4ec
Initial pass at the work
davidwrighton Apr 30, 2026
3551b51
Handle the GetTypePaarm case more correctly
davidwrighton Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
236 changes: 107 additions & 129 deletions src/coreclr/vm/clsload.cpp
View file
Open in desktop

Large diffs are not rendered by default.

67 changes: 35 additions & 32 deletions src/coreclr/vm/clsload.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,9 @@ class AccessCheckContext
Assembly* m_pCallerAssembly;
};

class TargetTypeForAccessCheck;
class TargetMethodForAccessCheck;

//******************************************************************************
// This type specifies the kind of accessibility checks to perform.
// On failure, it can be configured to either return FALSE or to throw an exception.
Expand All @@ -339,17 +342,6 @@ class AccessCheckOptions
// CoreCLR: Just do normal accessibility checks.
kNormalAccessibilityChecks,

// Used only for resource loading and reflection inovcation when the target is remoted.
// Desktop: If normal accessiblity checks fail, return TRUE if a demand for MemberAccess succeeds
// CoreCLR: If normal accessiblity checks fail, return TRUE if a the caller is Security(Safe)Critical
kMemberAccess,

// Used by Reflection invocation and DynamicMethod with RestrictedSkipVisibility.
// Desktop: If normal accessiblity checks fail, return TRUE if a demand for RestrictedMemberAccess
// and grant set of the target assembly succeeds.
// CoreCLR: If normal accessiblity checks fail, return TRUE if the callee is App transparent code (in a user assembly)
kRestrictedMemberAccess,

// Used by normal DynamicMethods in full trust CoreCLR
// CoreCLR: Do normal visibility checks but bypass transparency checks.
kNormalAccessNoTransparency,
Expand All @@ -364,13 +356,13 @@ class AccessCheckOptions
AccessCheckType accessCheckType,
DynamicResolver * pAccessContext,
BOOL throwIfTargetIsInaccessible,
MethodTable * pTargetMT);
TargetTypeForAccessCheck * pTargetType);

AccessCheckOptions(
AccessCheckType accessCheckType,
DynamicResolver * pAccessContext,
BOOL throwIfTargetIsInaccessible,
MethodDesc * pTargetMD);
AccessCheckType accessCheckType,
DynamicResolver * pAccessContext,
BOOL throwIfTargetIsInaccessible,
TargetMethodForAccessCheck* pTargetMethod);

AccessCheckOptions(
AccessCheckType accessCheckType,
Expand All @@ -395,7 +387,7 @@ class AccessCheckOptions
return m_fThrowIfTargetIsInaccessible;
}

BOOL DemandMemberAccessOrFail(AccessCheckContext *pContext, MethodTable * pTargetMT, BOOL visibilityCheck) const;
BOOL DemandMemberAccessOrFail(AccessCheckContext *pContext, const TargetTypeForAccessCheck& pTargetType, BOOL visibilityCheck) const;
BOOL FailOrThrow(AccessCheckContext *pContext) const;

static AccessCheckOptions* s_pNormalAccessChecks;
Expand All @@ -406,19 +398,19 @@ class AccessCheckOptions
void Initialize(
AccessCheckType accessCheckType,
BOOL throwIfTargetIsInaccessible,
MethodTable * pTargetMT,
MethodDesc * pTargetMD,
TargetTypeForAccessCheck* pTargetType,
TargetMethodForAccessCheck* pTargetMethod,
FieldDesc * pTargetFD);

BOOL DemandMemberAccess(AccessCheckContext *pContext, MethodTable * pTargetMT, BOOL visibilityCheck) const;
BOOL DemandMemberAccess(AccessCheckContext *pContext, const TargetTypeForAccessCheck& pTargetType, BOOL visibilityCheck) const;

void ThrowAccessException(
AccessCheckContext* pContext,
MethodTable* pFailureMT = NULL,
const TargetTypeForAccessCheck * pFailureType = NULL,
Exception* pInnerException = NULL) const;

MethodTable * m_pTargetMT;
MethodDesc * m_pTargetMethod;
TargetTypeForAccessCheck* m_pTargetType;
TargetMethodForAccessCheck* m_pTargetMethod;
FieldDesc * m_pTargetField;

AccessCheckType m_accessCheckType;
Expand Down Expand Up @@ -817,35 +809,46 @@ class ClassLoader

static BOOL CanAccessClass(
AccessCheckContext* pContext,
MethodTable* pTargetClass,
const TargetTypeForAccessCheck& pTargetClass,
Assembly* pTargetAssembly,
const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks);

static BOOL CanAccess(
AccessCheckContext* pContext,
MethodTable* pTargetClass,
const TargetTypeForAccessCheck& pTargetClass,
Assembly* pTargetAssembly,
DWORD dwMemberAttrs,
MethodDesc* pOptionalTargetMethod,
const TargetMethodForAccessCheck* pOptionalTargetMethod,
const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks);

private:
static BOOL CanAccessInstantiation(
AccessCheckContext* pContext,
Instantiation inst,
const AccessCheckOptions & accessCheckOptions);

static BOOL CanAccessInstantiationBySignature(
AccessCheckContext* pContext,
SigPointer sig,
Module* module,
const AccessCheckOptions & accessCheckOptions);

private:
// Access check helpers
static BOOL CanAccessMethodInstantiation(
AccessCheckContext* pContext,
MethodDesc* pOptionalTargetMethod,
const TargetMethodForAccessCheck* pOptionalTargetMethod,
const AccessCheckOptions & accessCheckOptions);

static BOOL CanAccessFamily(
MethodTable* pCurrentClass,
MethodTable* pTargetClass);
MethodTable* pCurrentClass,
const TargetTypeForAccessCheck& pTargetClass);

static BOOL CheckAccessMember(
AccessCheckContext* pContext,
MethodTable* pTargetClass,
const TargetTypeForAccessCheck& pTargetClass,
Assembly* pTargetAssembly,
DWORD dwMemberAttrs,
MethodDesc* pOptionalTargetMethod,
const TargetMethodForAccessCheck* pOptionalTargetMethod,
const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks);


Expand Down
12 changes: 6 additions & 6 deletions src/coreclr/vm/clsload.inl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,8 +61,8 @@ inline PTR_Module ClassLoader::ComputeLoaderModuleForParamType(TypeHandle paramT
inline void AccessCheckOptions::Initialize(
AccessCheckType accessCheckType,
BOOL throwIfTargetIsInaccessible,
MethodTable * pTargetMT,
MethodDesc * pTargetMethod,
TargetTypeForAccessCheck* pTargetType,
TargetMethodForAccessCheck* pTargetMethod,
FieldDesc * pTargetField)
{
CONTRACTL
Expand All @@ -84,7 +84,7 @@ inline void AccessCheckOptions::Initialize(

m_accessCheckType = accessCheckType;
m_fThrowIfTargetIsInaccessible = throwIfTargetIsInaccessible;
m_pTargetMT = pTargetMT;
m_pTargetType = pTargetType;
m_pTargetMethod = pTargetMethod;
m_pTargetField = pTargetField;
}
Expand All @@ -95,15 +95,15 @@ inline AccessCheckOptions::AccessCheckOptions(
AccessCheckType accessCheckType,
DynamicResolver * pAccessContext,
BOOL throwIfTargetIsInaccessible,
MethodTable * pTargetMT) :
TargetTypeForAccessCheck * pTargetType) :
m_pAccessContext(pAccessContext)
{
WRAPPER_NO_CONTRACT;

Initialize(
accessCheckType,
throwIfTargetIsInaccessible,
pTargetMT,
pTargetType,
NULL,
NULL);
}
Expand All @@ -112,7 +112,7 @@ inline AccessCheckOptions::AccessCheckOptions(
AccessCheckType accessCheckType,
DynamicResolver * pAccessContext,
BOOL throwIfTargetIsInaccessible,
MethodDesc * pTargetMethod) :
TargetMethodForAccessCheck* pTargetMethod) :
m_pAccessContext(pAccessContext)
{
WRAPPER_NO_CONTRACT;
Expand Down
Loading
Loading