I am recently working on some IL verification related scenario. IL verification is critical for CLR security. As CLR support for Silverlight approaching, it is a critical to make sure that our JIT can verify IL code correctly. I figured it would be interesting to share some verification rules we have and how we verify them.

Here is the IL code

.method public hidebysig static vararg void VarArg(value class [mscorlib]System.RuntimeArgumentHandle&) il managed
{
 .maxstack 8
 ldarg 0
 arglist
 stobj value class [mscorlib]System.RuntimeArgumentHandle
 ret
}

The problem here is RuntimeArgumengHandle is a value type. The arglist will put an argument list handle (an unmanaged pointer) on the stack. The stobj will store a value type from the stack into memory. When it sees the unmanaged pointer, it raises the red flag.

[IL]: Error: xxx.dll : <Module>::VarArg][mdToken=0x6000001][offset 0x00000000][found value
'System.RuntimeArgumentHandle'] ByRef of TypedReference, ArgHandle, or ArgIterat
or.(Error: 0x801318B2)
Here is what the code looks like in C#.

public static void VarArg(ref RuntimeArgumentHandle A_0, __arglist)
{
    A_0 = __arglist;
}