Using Br_S OpCode to point to next instruction using Reflection.Emit.Label

Asked 20/7, 2011 at 18:42 Answered 21/4, 2016 at 2:22

Solved c#reflection reflection.emit il opcode

I am experimenting with parsing IL in order to emit a method. I have gotten the IL code of a method in a string[] where each string is an IL instruction. I am looping over this array and adding OpCodes using an ILGenerator:

        foreach (string ins in instructions) //string representations of IL          
        {
            string opCode = ins.Split(':').ElementAt(1);

            // other conditions omitted

            if (opCode.Contains("br.s"))
            {
                Label targetInstruction = ilGenerator.DefineLabel();

                ilGenerator.MarkLabel(targetInstruction);

                ilGenerator.Emit(OpCodes.Br_S, targetInstruction); 
            }

Here is the IL that I need to reproduce:

Source IL:
IL_0000: nop
IL_0001: ldstr "Hello, World!"
IL_0006: stloc.0
IL_0007: br.s IL_0009
IL_0009: ldloc.0
IL_000a: ret

And here is what I am getting as output:

Target IL:
IL_0000: nop
IL_0001: ldstr "Hello, World!"
IL_0006: stloc.0
IL_0007: br.s IL_0007   // this is wrong -- needs to point to IL_0009
IL_0009: ldloc.0
IL_000a: ret

As you can see the br.s call is pointing to itself which of course causes an infinite loop. How do I get it to point to the following instruction as in the source? This has to do with using Reflection.Emit.Label but I'm not sure how it works.

EDIT By the way the IL seen above is for this simple method,

    public string HelloWorld()
    {
            return "Hello, World!";
    }

Nahama answered 20/7, 2011 at 18:42 Comment(7)

There must be something I'm not seeing here... Why do you want to branch to the next instruction? Isn't that just a slightly more costly no-op? Also, why are you marking the branch instruction as the label target if you don't want it to be the target? – Appenzell 20/7, 2011 at 18:45

Move the MarkLabel() call after the Emit() call. Or just omit the branch completely, it doesn't do anything. – Overexpose 20/7, 2011 at 18:48

@Sean I think you're going to soon realize that you're in over your head. If you are planning on implementing a full IL assembler, you're going to have to do a lot better than "string.Contains" for branch instructions. You basically need to create a label, and find the right spot for it. Not all branches are "for the next line". – Appenzell 20/7, 2011 at 18:52

@Lasse, I know, I am just getting my feet wet.. – Nahama 20/7, 2011 at 18:53

@Sean Then IL is a good way to get them wet, and to learn what happens under the hood of a .NET program :) – Appenzell 20/7, 2011 at 18:54

@Lasse, Also I used a third party IL dissassembler library to get this IL code -- does this mean the 3rd party library introduced these unnecessary no-op codes? – Nahama 20/7, 2011 at 18:57

Doubtful, but I bet this is code from a Debug-build. – Appenzell 20/7, 2011 at 19:14

This code:

ilGenerator.MarkLabel(targetInstruction);
ilGenerator.Emit(OpCodes.Br_S, targetInstruction);

clearly says "mark the label here" and then you add the instruction at the point where you marked the label.

If this is not what you want, why are you doing it?

MarkLabel marks the current position, which means the position of the next instruction you output, as the target of the label.

In this case, to get "what you want", simply reverse those two lines, output the branch instruction before marking the label.

I placed "what you want" in quotes since I don't understand the point of that branch instruction. The machine will happily "move" to the next instruction all by itself, there is no need to add "branch to the next instruction" instructions for this to happen.

Appenzell answered 20/7, 2011 at 18:49 Comment(0)

You need to place the ilGenerator.MarkLabel() call immediately before emitting the opcode you want to jump to. You are placing it before the branch, which means it will branch to itself, effectively creating an infinite loop. But as Lasse says, if you emit the IL correctly it will be a no-op.

Interestingly, the entire method could easily be:

ldstr "Hello, World!"
ret

Whatever compiler emitted the original code needs to have its author LARTed.

Title answered 20/7, 2011 at 18:47 Comment(5)

I see. I'm not clear on what a no-op is? Why does the IL contain that line for the simple HelloWorld() method anyway? Seems like it should just go straight from IL_0006 to IL_0009. – Nahama 20/7, 2011 at 18:48

No-op = no operation. It's a bit of code that will accomplish nothing. Why the IL contains a local or a branch at all is beyond me; neither are required. – Title 20/7, 2011 at 18:49

"nop", or no-op, means "no operation", it's basically a dummy-instruction, a filler instruction, that does nothing. The machine will just skip over it. It is usually added because of alignment, some optimizations might have rearranged some code and made "holes", or similar. – Appenzell 20/7, 2011 at 18:50

Ok - thanks. Do you think that the 3rd party library I used to dissassemble the method into IL introduced those unecessary no-op codes? – Nahama 20/7, 2011 at 19:0

@Sean: No, they were written by the compiler. – Title 20/7, 2011 at 19:1

Calling the MarkLabel() method on your ILGenerator can be used to mark a branch point, followed by Emit(OpCodes.Br_S, [label]) to branch to the point.

I assume whatever API you used to spy the IL instructions of the the Hello World method was done in Debug mode, as the added nop and branch instructions are added to help ensure the debugger covers every step.

In a DynamicMethod, there is no need to attach a debugger, and depending on platform, running it with the extra instructions in Release Mode could result in an InvalidProgramException.

The "Hello World" method requires only 2 instructions (And it's quite intuitive)

Ldstr "Hello, World!"
Ret

Barny answered 21/4, 2016 at 2:22 Comment(0)

Recommended topics

Hot tags