[wasm] Fix interpreter crash with MethodImpl .override on PortableEntryPoints

[radekdoulik]

Fix an interpreter crash (and a related RuntimeHelpers.PrepareMethod issue) when a .override (MethodImpl) directive remaps a virtual method's vtable slot on PortableEntryPoints (e.g. WASM).

Problem

When MethodB declares .override MethodA, the overriding method's PortableEntryPoint is placed into the overridden method's (MethodA's) vtable slot, so that slot no longer belongs to MethodA:

• The interpreter's SetNativeCodeInterlocked CAS fails for MethodA, so SetInterpreterCode is never reached and GetInterpreterCode returns NULL → crash when the method is invoked (delegates, reflection, virtual dispatch).
• RuntimeHelpers.PrepareMethod / PrepareDelegate on MethodA operate on the decl, which no longer has the live code. On portable entrypoints this even compiles the decl's dead body and then fails to publish it; on other targets it silently prepares nothing. Either way the impl body that actually runs on invoke is never prepared.

Fix

Resolve the .override decl→impl redirect (MethodTable::MapMethodDeclToMethodImpl) at the points that need the method actually owning the slot's code:

• interpexec.cpp (PrepareInterpreterCode) — under FEATURE_PORTABLE_ENTRYPOINTS, when the target is a remapped vtable slot, compile the overriding method and cache the result on the original MethodDesc (or poison it on failure). This fixes the runtime execution paths (delegates, reflection) where the target isn't known at compile time.
• reflectioninvocation.cpp (PrepareMethodHelper) — resolve decl→impl up front so PrepareMethod / PrepareDelegate prepare the impl. This mirrors getFunctionEntryPoint, which resolves direct calls the same way, and corrects the PrepareMethod behavior on all platforms.

An earlier iteration special-cased ShouldCallPrestub in method.cpp; that approach was reverted in favor of the caller-side resolution above, so method.cpp is unchanged vs. main.

Tests

• self_override5.il — added delegate coverage via Delegate.CreateDelegate over a .override'd method, and re-enabled the test on browser-wasm by removing the ActiveIssue gating ([wasm][coreclr] fix and run more runtime tests, run them on CI #120708) now that the crash is fixed.
• self_override_generic.il (new) — generic .override regression test.

Validated on desktop (macOS/arm64) and browser-wasm/CoreCLR: both the interpreter execution path and the PrepareMethod path no longer crash and correctly dispatch to the overriding method.

Note

Parts of this PR description were drafted with the help of GitHub Copilot.

[Copilot]

Pull request overview

Fixes a CoreCLR interpreter crash on WASM when a MethodImpl .override causes a virtual method’s vtable slot to be remapped to a different method’s PortableEntryPoint, which can prevent interpreter code from being established during prestub execution.

Changes:

• Adjusts MethodDesc::ShouldCallPrestub() (PortableEntryPoints builds) to consult the method’s own PortableEntryPoint when the vtable slot has been remapped to a different method’s PE.
• Enhances PrepareInterpreterCode() to detect vtable-slot PE redirection to a different MethodDesc (MethodImpl scenario), prepare interpreter code for the redirected method, and cache it on the original target method.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/coreclr/vm/method.cpp	Updates prestub decision logic to handle MethodImpl-induced vtable PE remapping correctly under PortableEntryPoints.
src/coreclr/vm/interpexec.cpp	Adds MethodImpl redirect detection when interpreter code isn’t established, preparing interpreter code via the redirected slot method instead.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

[radekdoulik]

/azp run runtime-coreclr outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[radekdoulik]

/azp run runtime-coreclr outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[radekdoulik]

/azp run runtime-coreclr outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[radekdoulik]

/azp run runtime-coreclr outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

[github-actions]

Copilot Code Review

Holistic Assessment

Motivation: The PR addresses a real interpreter crash on WASM (FEATURE_PORTABLE_ENTRYPOINTS) caused by .override (MethodImpl) remapping a virtual method's vtable slot to the overriding method's PortableEntryPoint. The fix also corrects a cross-platform PrepareMethod bug where the decl's dead body is prepared instead of the impl's live code. Both problems are well-understood and clearly demonstrated by the test additions.

Approach: Resolving decl→impl via MapMethodDeclToMethodImpl at the caller sites (PrepareInterpreterCode, PrepareMethodHelper) is consistent with established patterns in the codebase (fptrstubs.cpp:108, jitinterface.cpp:9180). The IsVtableSlot() guard is an efficient filter that avoids unnecessary method table walks. The FEATURE_PORTABLE_ENTRYPOINTS scoping in interpexec.cpp is correct — non-WASM platforms use precodes with per-MethodDesc native code slots (so the CAS doesn't fail), while the reflectioninvocation.cpp fix is correctly unguarded since PrepareMethod has the same semantic bug on all platforms.

Summary: ⚠️ Needs Human Review. The code is correct by my analysis: thread safety is sound (concurrent threads resolve to the same targetMethod and produce the same interpreter code pointer, making SetInterpreterCode/PoisonInterpreterCode idempotent), the override resolution follows existing patterns, and the tests cover the key crash scenarios (delegate, generic, virtual/non-virtual). However, this touches critical VM infrastructure (interpreter execution, reflection invocation) and two review threads from @jkotas remain formally unresolved — a human reviewer should verify the current state satisfies that feedback and confirm the fix scope is sufficient.

---

Detailed Findings

Detailed Findings

✅ Correctness — interpexec.cpp override resolution

The PrepareInterpreterCode fix is correct:

1. MapMethodDeclToMethodImpl is called before DoPrestub, so the correct method body is compiled (not the dead decl body).
2. The result is cached on pOriginalMethod via SetInterpreterCode, so subsequent calls to IsInterpreterCodeInitialized on the decl return the cached impl code without re-resolution.
3. Both the poison path (targetIp == NULL) and the success path correctly propagate to pOriginalMethod.
4. MapMethodDeclToMethodImpl handles the identity case (no .override) by returning the input unchanged, so pOriginalMethod == targetMethod and the caching code is correctly skipped.

Verified: MapMethodDeclToMethodImpl contracts (STATIC_CONTRACT_THROWS, STATIC_CONTRACT_GC_TRIGGERS) are compatible with the COOP mode context at this call site.

✅ Correctness — reflectioninvocation.cpp PrepareMethod fix

The PrepareMethodHelper fix resolves decl→impl before any preparation logic (EnsureActive, ShouldCallPrestub, DoPrestub). This mirrors the getFunctionEntryPoint pattern (jitinterface.cpp:9180) and fixes the cross-platform bug jkotas identified: without this, PrepareMethod on a decl compiles the decl's body (which is dead code after .override) instead of the impl's live body.

The fix is correctly unguarded by FEATURE_PORTABLE_ENTRYPOINTS since the semantic issue exists on all platforms — confirmed by jkotas's repro example in review thread PRRT_kwDODI9FZc58a8uz.

✅ Thread safety — SetInterpreterCode / PoisonInterpreterCode on pOriginalMethod

Both SetInterpreterCode (uses VolatileStore) and PoisonInterpreterCode (uses VolatileStore) are thread-safe stores. Concurrent threads entering PrepareInterpreterCode for the same pOriginalMethod will:

• Resolve to the same targetMethod (deterministic)
• Produce the same targetIp (compilation result is cached)
• Write the same value to pOriginalMethod->m_interpreterCode (idempotent)

The assert _ASSERTE(m_interpreterCode != INTERPRETER_CODE_POISON) in SetInterpreterCode cannot fire in this context because poison and set derive from the same compilation outcome — a method cannot both fail and succeed compilation.

✅ Test coverage — delegate and generic scenarios

• self_override5.il: Adding TestDelegateDoBar via Delegate.CreateDelegate is a well-targeted test — this exercises the runtime path where the interpreter must resolve the override at invocation time (not known at compile time). Testing both MyBar and MyFoo instances covers the MethodImpl body substitution and virtual dispatch through subclass overrides respectively.
• self_override_generic.il: Tests generic .override with both reference (string) and value (int32) type instantiations, and both virtual and non-virtual calls. The .override method instance int32 Program::A<[1]>() syntax is valid ECMA-335 ILAsm for referencing the first generic method parameter of the containing method in the .override context.
• The ActiveIssue removal for browser-wasm (issue [wasm][coreclr] fix and run more runtime tests, run them on CI #120708) is appropriate since the crash is now fixed.

💡 Suggestion — generic test could add delegate coverage

The new self_override_generic.il tests virtual and non-virtual call dispatch but does not test the delegate path for generic .override methods. A Delegate.CreateDelegate test for A<string>() and A<int32>() would validate that the interpreter correctly resolves the override through delegate invocation for generic methods. This could be a follow-up.

✅ Test project — self_override_generic.ilproj

The .ilproj structure matches sibling test projects (CLRTestPriority 1, Compile Include pointing to Desktop\ subfolder). The absence of <ProjectReference Include="$(TestLibraryProjectPath)" /> is correct — this test doesn't use TestLibrary utilities.

Note

This review was generated by GitHub Copilot.

Generated by Code Review for issue #126124 · ● 30.9M · ◷

[radekdoulik]

/ba-g the failing outerloop jobs fail on main too