[vm/ffi] NativeFieldWrapper FfiNative check receivers for nullptr

Changes `FfiNative` instance methods on `NativeFieldWrapperClass`es
that have `Pointer<Void>` conversion to check for `nullptr`.

If the native field has `0`/`nullptr` a `StateError` is thrown:
"Bad state: Native field is nullptr."

This only makes sense if the first native field is used to point to
the C++ object corresponding to the Dart object. As far as we know
all current use cases do so.

TEST=pkg/vm/testcases/transformations/ffi/ffinative.dart.expect
TEST=tests/ffi/vmspecific_ffi_native_test.dart

Closes: #49620
Change-Id: I92f760c33d391476010722358f9713fa4491ab61
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/254200
Reviewed-by: Martin Kustermann <kustermann@google.com>
Commit-Queue: Daco Harkes <dacoharkes@google.com>

Author: dcharkes

pkg/vm/lib/transformations/ffi/common.dart

@@ -163,6 +163,8 @@ class FfiTransformer extends Transformer {
   final Procedure listElementAt;
   final Procedure numAddition;
   final Procedure numMultiplication;
+  final Procedure objectEquals;
+  final Procedure stateErrorThrowNewFunction;
 
   final Library ffiLibrary;
   final Class allocatorClass;
@@ -304,6 +306,10 @@ class FfiTransformer extends Transformer {
         numAddition = coreTypes.index.getProcedure('dart:core', 'num', '+'),
         numMultiplication =
             coreTypes.index.getProcedure('dart:core', 'num', '*'),
+        objectEquals =
+            coreTypes.index.getProcedure('dart:core', 'Object', '=='),
+        stateErrorThrowNewFunction = coreTypes.index
+            .getProcedure('dart:core', 'StateError', '_throwNew'),
         ffiLibrary = index.getLibrary('dart:ffi'),
         allocatorClass = index.getClass('dart:ffi', 'Allocator'),
         nativeFunctionClass = index.getClass('dart:ffi', 'NativeFunction'),

pkg/vm/lib/transformations/ffi/native.dart

@@ -230,18 +230,46 @@ class FfiNativeTransformer extends FfiTransformer {
         initializer: initializer, type: wrappedType, isFinal: true);
   }
 
-  Expression _getTemporary(VariableDeclaration temporary,
-      DartType dartParameterType, DartType ffiParameterType) {
+  Expression _getTemporary(
+    VariableDeclaration temporary,
+    DartType dartParameterType,
+    DartType ffiParameterType, {
+    required bool checkForNullptr,
+  }) {
     if (_requiresPointerConversion(dartParameterType, ffiParameterType)) {
-      // Pointer.fromAddress(_getNativeField(#t0))
-      return StaticInvocation(
-          fromAddressInternal,
-          Arguments(<Expression>[
-            StaticInvocation(getNativeFieldFunction,
-                Arguments(<Expression>[VariableGet(temporary)]))
-          ], types: <DartType>[
-            voidType
-          ]));
+      Expression pointerAddress = StaticInvocation(getNativeFieldFunction,
+          Arguments(<Expression>[VariableGet(temporary)]));
+
+      if (checkForNullptr) {
+        final pointerAddressVar = VariableDeclaration("#pointerAddress",
+            initializer: pointerAddress, type: coreTypes.intNonNullableRawType);
+        pointerAddress = BlockExpression(
+          Block([
+            pointerAddressVar,
+            IfStatement(
+              InstanceInvocation(
+                InstanceAccessKind.Instance,
+                VariableGet(pointerAddressVar),
+                objectEquals.name,
+                Arguments([ConstantExpression(IntConstant(0))]),
+                interfaceTarget: objectEquals,
+                functionType: objectEquals.getterType as FunctionType,
+              ),
+              ExpressionStatement(StaticInvocation(
+                stateErrorThrowNewFunction,
+                Arguments([
+                  ConstantExpression(StringConstant('Native field is nullptr.'))
+                ]),
+              )),
+              EmptyStatement(),
+            )
+          ]),
+          VariableGet(pointerAddressVar),
+        );
+      }
+
+      return StaticInvocation(fromAddressInternal,
+          Arguments(<Expression>[pointerAddress], types: <DartType>[voidType]));
     }
     return VariableGet(temporary);
   }
@@ -262,8 +290,12 @@ class FfiNativeTransformer extends FfiTransformer {
   //     final #t1 = passAsPointer(Pointer.fromAddress(_getNativeField(#t0)));
   //     reachabilityFence(#t0);
   //   } => #t1
-  Expression _wrapArgumentsAndReturn(FunctionInvocation invocation,
-      FunctionType dartFunctionType, FunctionType ffiFunctionType) {
+  Expression _wrapArgumentsAndReturn({
+    required FunctionInvocation invocation,
+    required FunctionType dartFunctionType,
+    required FunctionType ffiFunctionType,
+    bool checkReceiverForNullptr = false,
+  }) {
     List<DartType> ffiParameters = ffiFunctionType.positionalParameters;
     List<DartType> dartParameters = dartFunctionType.positionalParameters;
     // Create lists of temporary variables for arguments potentially being
@@ -277,8 +309,12 @@ class FfiNativeTransformer extends FfiTransformer {
       // Note: We also evaluate, and assign temporaries for, non-wrapped
       // arguments as we need to preserve the original evaluation order.
       temporariesForArguments.add(temporary);
-      callArguments
-          .add(_getTemporary(temporary, dartParameters[i], ffiParameters[i]));
+      callArguments.add(_getTemporary(
+        temporary,
+        dartParameters[i],
+        ffiParameters[i],
+        checkForNullptr: checkReceiverForNullptr && i == 0,
+      ));
       if (_requiresPointerConversion(dartParameters[i], ffiParameters[i])) {
         fencedArguments.add(temporary);
         continue;
@@ -392,13 +428,15 @@ class FfiNativeTransformer extends FfiTransformer {
   }
 
   Procedure _transformProcedure(
-      Procedure node,
-      StringConstant nativeFunctionName,
-      bool isLeaf,
-      int annotationOffset,
-      FunctionType dartFunctionType,
-      FunctionType ffiFunctionType,
-      List<Expression> argumentList) {
+    Procedure node,
+    StringConstant nativeFunctionName,
+    bool isLeaf,
+    int annotationOffset,
+    FunctionType dartFunctionType,
+    FunctionType ffiFunctionType,
+    List<Expression> argumentList, {
+    required bool checkReceiverForNullptr,
+  }) {
     if (!_verifySignatures(
         node, dartFunctionType, ffiFunctionType, annotationOffset)) {
       return node;
@@ -462,7 +500,11 @@ class FfiNativeTransformer extends FfiTransformer {
     Expression result = (wrappedDartFunctionType == dartFunctionType
         ? functionPointerInvocation
         : _wrapArgumentsAndReturn(
-            functionPointerInvocation, dartFunctionType, ffiFunctionType));
+            invocation: functionPointerInvocation,
+            dartFunctionType: dartFunctionType,
+            ffiFunctionType: ffiFunctionType,
+            checkReceiverForNullptr: checkReceiverForNullptr,
+          ));
 
     //   => _myFunction$FfiNative$Ptr(
     //     Pointer<Void>.fromAddress(_getNativeField(obj)), x)
@@ -509,8 +551,16 @@ class FfiNativeTransformer extends FfiTransformer {
         VariableGet(parameter)
     ];
 
-    return _transformProcedure(node, nativeFunctionName, isLeaf,
-        annotationOffset, dartFunctionType, ffiFunctionType, argumentList);
+    return _transformProcedure(
+      node,
+      nativeFunctionName,
+      isLeaf,
+      annotationOffset,
+      dartFunctionType,
+      ffiFunctionType,
+      argumentList,
+      checkReceiverForNullptr: true,
+    );
   }
 
   // Transform FfiNative static functions.
@@ -536,8 +586,16 @@ class FfiNativeTransformer extends FfiTransformer {
         VariableGet(parameter)
     ];
 
-    return _transformProcedure(node, nativeFunctionName, isLeaf,
-        annotationOffset, dartFunctionType, ffiFunctionType, argumentList);
+    return _transformProcedure(
+      node,
+      nativeFunctionName,
+      isLeaf,
+      annotationOffset,
+      dartFunctionType,
+      ffiFunctionType,
+      argumentList,
+      checkReceiverForNullptr: false,
+    );
   }
 
   @override

pkg/vm/testcases/transformations/ffi/ffinative.dart.expect

@@ -31,7 +31,13 @@ class NativeClassy extends nat::NativeFieldWrapperClass1 {
     return block {
       final nat::NativeFieldWrapperClass1 #t1 = this;
       final core::int #t2 = v;
-      final void #t3 = self::NativeClassy::_goodHasReceiverPointer$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>(nat::_getNativeField(#t1)), #t2){(ffi::Pointer<ffi::Void>, core::int) → void};
+      final void #t3 = self::NativeClassy::_goodHasReceiverPointer$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>( block {
+        core::int #pointerAddress = nat::_getNativeField(#t1);
+        if(#pointerAddress.{core::Object::==}(#C6){(core::Object) → core::bool})
+          core::StateError::_throwNew(#C7);
+        else
+          ;
+      } =>#pointerAddress), #t2){(ffi::Pointer<ffi::Void>, core::int) → void};
       _in::reachabilityFence(#t1);
     } =>#t3;
   method goodHasReceiverHandle(core::int v) → void
@@ -49,20 +55,38 @@ class NativeClassy extends nat::NativeFieldWrapperClass1 {
     return block {
       final nat::NativeFieldWrapperClass1 #t7 = this;
       final self::NativeClassy #t8 = v;
-      final void #t9 = self::NativeClassy::_goodHasReceiverPtrAndHandle$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>(nat::_getNativeField(#t7)), #t8){(ffi::Pointer<ffi::Void>, self::NativeClassy) → void};
+      final void #t9 = self::NativeClassy::_goodHasReceiverPtrAndHandle$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>( block {
+        core::int #pointerAddress = nat::_getNativeField(#t7);
+        if(#pointerAddress.{core::Object::==}(#C6){(core::Object) → core::bool})
+          core::StateError::_throwNew(#C7);
+        else
+          ;
+      } =>#pointerAddress), #t8){(ffi::Pointer<ffi::Void>, self::NativeClassy) → void};
       _in::reachabilityFence(#t7);
     } =>#t9;
   method meh(core::bool blah) → core::String?
     return block {
       final nat::NativeFieldWrapperClass1 #t10 = this;
       final core::bool #t11 = blah;
-      final core::String? #t12 = _in::unsafeCast<core::String?>(self::NativeClassy::_meh$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>(nat::_getNativeField(#t10)), #t11){(ffi::Pointer<ffi::Void>, core::bool) → core::Object?});
+      final core::String? #t12 = _in::unsafeCast<core::String?>(self::NativeClassy::_meh$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>( block {
+        core::int #pointerAddress = nat::_getNativeField(#t10);
+        if(#pointerAddress.{core::Object::==}(#C6){(core::Object) → core::bool})
+          core::StateError::_throwNew(#C7);
+        else
+          ;
+      } =>#pointerAddress), #t11){(ffi::Pointer<ffi::Void>, core::bool) → core::Object?});
       _in::reachabilityFence(#t10);
     } =>#t12;
   method blah() → core::bool
     return block {
       final nat::NativeFieldWrapperClass1 #t13 = this;
-      final core::bool #t14 = self::NativeClassy::_blah$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>(nat::_getNativeField(#t13))){(ffi::Pointer<ffi::Void>) → core::bool};
+      final core::bool #t14 = self::NativeClassy::_blah$FfiNative$Ptr(ffi::_fromAddress<ffi::Void>( block {
+        core::int #pointerAddress = nat::_getNativeField(#t13);
+        if(#pointerAddress.{core::Object::==}(#C6){(core::Object) → core::bool})
+          core::StateError::_throwNew(#C7);
+        else
+          ;
+      } =>#pointerAddress)){(ffi::Pointer<ffi::Void>) → core::bool};
       _in::reachabilityFence(#t13);
     } =>#t14;
 }
@@ -90,4 +114,6 @@ constants  {
   #C3 = 1
   #C4 = "doesntmatter"
   #C5 = 2
+  #C6 = 0
+  #C7 = "Native field is nullptr."
 }

sdk/lib/_internal/vm/lib/errors_patch.dart

@@ -160,6 +160,15 @@ class UnsupportedError {
   }
 }
 
+@patch
+@pragma("vm:entry-point")
+class StateError {
+  @pragma("vm:entry-point")
+  static _throwNew(String msg) {
+    throw new StateError(msg);
+  }
+}
+
 @patch
 class CyclicInitializationError {
   static _throwNew(String variableName) {

tests/ffi/vmspecific_ffi_native_test.dart

@@ -163,4 +163,11 @@ void main() {
       6061,
       ClassWithNativeField(61)
           .addselfPtrAndHandleFieldMethod(ClassWithNativeField(6000)));
+  Expect.throws(() {
+    ClassWithNativeField(nullptr.address)
+        .addSelfPtrAndPtrMethod(ClassWithNativeField(7000));
+  });
+  // Does not throw.
+  ClassWithNativeField(8000)
+      .addSelfPtrAndPtrMethod(ClassWithNativeField(nullptr.address));
 }