Arrays in .NET are curious beasts. They are the only built-in collection types in the CLR, and SZ-arrays (single dimension, zero-indexed) have their own commands and IL syntax. One of their stranger properties is they have a kind of built-in covariance long before generic variance was added in .NET 4. However, this causes a subtle but important problem with generics. First of all, we need to briefly recap on array covariance.<\/p>\n
SZ-array covariance<\/b><\/p>\n
To demonstrate, I’ll tweak the classes I introduced in my previous posts: <\/p>\n
public class IncrementableClass {\n public int Value;\n \n public virtual void Increment(int incrementBy) {\n Value += incrementBy;\n }\n}\n\npublic class IncrementableClassx2 : IncrementableClass {\n public override void Increment(int incrementBy) {\n base.Increment(incrementBy);\n base.Increment(incrementBy);\n }\n}<\/pre>\n<\/p>\nIn the CLR, SZ-arrays of reference types are implicitly convertible to arrays of the element’s supertypes, all the way up to object<\/code> (note that this does not apply to value types). That is, an instance of IncrementableClassx2[]<\/code> can be used wherever a IncrementableClass[]<\/code> or object[]<\/code> is required. When an SZ-array could be used in this fashion, a run-time type check is performed when you try to insert an object into the array to make sure you’re not trying to insert an instance of IncrementableClass<\/code> into an IncrementableClassx2[]<\/code>.<\/p>\nThis check means that the following code will compile fine but will fail at run-time: <\/p>\n
IncrementableClass[] array = new IncrementableClassx2[1];\narray[0] = new IncrementableClass(); \/\/ throws ArrayTypeMismatchException<\/pre>\n These checks are enforced by the various stelem*<\/code> and ldelem*<\/code> il instructions in such a way as to ensure you can’t insert a IncrementableClass<\/code> into a IncrementableClassx2[]<\/code>. For the rest of this post, however, I’m going to concentrate on the ldelema<\/code> instruction. <\/p>\nldelema<\/b><\/p>\n
This instruction pops the array index (int32<\/code>) and array reference (O<\/code>) off the stack, and pushes a pointer (&<\/code>) to the corresponding array element. However, unlike the ldelem<\/code> instruction, the instruction’s type argument must match the run-time array type exactly<\/em>. This is because, once you’ve got a managed pointer, you can use that pointer to both load and store values in that array element using the ldind*<\/code> and stind*<\/code> (load\/store indirect) instructions. As the same pointer can be used for both input and output to the array, the type argument to ldelema<\/code> must be in<\/em>variant. At the time, this was a perfectly reasonable restriction, and maintained array type-safety within managed code.<\/p>\nHowever, along came generics, and with it the constrained callvirt<\/code> instruction. So, what happens when we combine array covariance and constrained callvirt<\/code>?<\/p>\n.method public static void CallIncrementArrayValue() {\n\n \/\/ IncrementableClassx2[] arr = new IncrementableClassx2[1]\n ldc.i4.1\n newarr IncrementableClassx2\n \n \/\/ arr[0] = new IncrementableClassx2();\n dup\n newobj instance void IncrementableClassx2::.ctor()\n ldc.i4.0\n stelem.ref\n \n \/\/ IncrementArrayValue<IncrementableClass>(arr, 0)\n \/\/ here, we're treating an IncrementableClassx2[] as IncrementableClass[]\n dup\n ldc.i4.0\n call void IncrementArrayValue<class IncrementableClass>(!!0[],int32)\n \n \/\/ ...\n ret\n}\n\n.method public static void IncrementArrayValue<(IncrementableClass) T>(\n !!T[] arr, int32 index) {\n\n \/\/ arr[index].Increment(1)\n ldarg.0\n ldarg.1\n ldelema !!T\n ldc.i4.1\n constrained. !!T\n callvirt instance void IIncrementable::Increment(int32)\n \n ret\n}<\/pre>\n And the result: <\/p>\n
Unhandled Exception: System.ArrayTypeMismatchException:\n Attempted to access an element as a type incompatible with the array.\n at IncrementArrayValue[T](T[] arr, Int32 index)\n at CallIncrementArrayValue()<\/pre>\n<\/p>\nHmm. We’re instantiating the generic method as IncrementArrayValue<IncrementableClass><\/code>, but passing in an IncrementableClassx2[]<\/code>, hence the ldelema<\/code> instruction is failing as it’s expecting an IncrementableClass[]<\/code>.<\/p>\nOn features and feature conflicts<\/b><\/p>\n
What we’ve got here is a conflict between existing behaviour (ldelema<\/code> ensuring type safety on covariant arrays) and new behaviour (managed pointers to object references used for every constrained callvirt<\/code> on generic type instances). And, although this is an edge case, there is no general workaround. The generic method could be hidden behind several layers of assemblies, wrappers and interfaces that make it a requirement to use array covariance when calling the generic method. Furthermore, this will only fail at runtime, whereas compile-time safety is what generics were designed for!<\/p>\nThe solution is the readonly.<\/code> prefix instruction. This modifies the ldelema<\/code> instruction to ignore the exact type check for arrays of reference types, and so it lets us take the address of array elements using a covariant type to the actual run-time type of the array: <\/p>\n.method public static void IncrementArrayValue<(IncrementableClass) T>(\n !!T[] arr, int32 index) {\n\n \/\/ arr[index].Increment(1)\n ldarg.0\n ldarg.1\n readonly.\n ldelema !!T\n ldc.i4.1\n constrained. !!T\n callvirt instance void IIncrementable::Increment(int32)\n \n ret\n}<\/pre>\n But what about type safety? In return for ignoring the type check, the resulting controlled mutability<\/em> pointer can only be used in the following situations: <\/p>\n\n- As the object parameter to
ldfld<\/code>, ldflda<\/code>, stfld<\/code>, call<\/code> and constrained callvirt<\/code> instructions<\/li>\n- As the pointer parameter to
ldobj<\/code> or ldind*<\/code><\/li>\n- As the source parameter to
cpobj<\/code><\/li>\n<\/ul>\n In other words, the only operations allowed are those that read from the pointer; stind*<\/code> and similar that alter the pointer itself are banned. This ensures that the array element we’re pointing to won’t be changed to anything untoward, and so type safety within the array is maintained.<\/p>\nThis is a typical example of the maxim that whenever you add a feature to a program, you have to consider how that feature interacts with every single one of the existing features. Although an edge case, the readonly.<\/code> prefix instruction ensures that generics and array covariance work together and that compile-time type safety is maintained.<\/p>\n