Bad codegen for unused ref int local in Release builds

[jkotas]

Version Used: .NET Core 6.0.100-preview.2.21155.3

Steps to Reproduce:

1. Add <AllowUnsafeBlocks>true</AllowUnsafeBlocks> to .csproj and replace the Program.cs in the default console app with:

using System;

unsafe
{
    ref int x = ref *(int*)0;
    Console.WriteLine("Hello World!");
}

2. dotnet run
3. dotnet run -c Release

Expected Behavior:

Debug and Release builds have the same behavior

Actual Behavior:

Debug prints "Hello world"
Release fails with System.NullReferenceException

[jkotas]

The problem is that the release codegen has a superfluous ldind.i4 instruction:

  IL_0000:  ldc.i4.0
  IL_0001:  conv.i
  IL_0002:  ldind.i4 <- This ldind.i4 is superfluous and causing the bug
  IL_0003:  pop
  IL_0004:  ldstr      "Hello World!"
  IL_0009:  call       void [System.Console]System.Console::WriteLine(string)
  IL_000e:  ret

[NN---]

Dereferencing null pointer is a bad idea no matter what compiler generates :)

The effect of applying the unary * operator to a null pointer is implementation-defined. In particular, there is no guarantee that this operation throws a System.NullReferenceException.

https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/language-specification/unsafe-code

[jkotas]

I have used null pointer in the repro just to make it minimal. The situation where I have run into this issue was more complex interop code and the pointer was actually non-null.

Regardless, the IL produced by the compiler in Release builds is wrong.

[333fred]

@jkotas while I agree that release and debug should certainly have the same behavior, I come to the opposite conclusion as to what that behavior should be: both should be null referencing, and the debug code is missing a ldind instruction, not the other way around. As your repro demonstrates, a pointer indirection instruction is potentially side-effecting, and it is not valid for the C# compiler to eliminate that pointer dereference even if the result is unused. Debug is doing something odd because of the ref that I need to dig into, but the simpler example of int i = *(int*)0; will null-ref in both debug and release correctly (well, as correctly as "it actually dereferences the 0 and the platform defines what will happen in that case").

[jkotas]

Debug is doing something odd because of the ref

I think that Debug works correctly. When you are assigning one ref int to another ref int, there should not ever be a dereference of the value. If you disagree, what should be the spec for when assigning one ref int to another ref int dereferences the value?

int i = *(int*)0;

This one is not assigning one ref int to another ref int. It is expected that it dereferences the value.