Skip to content

Add III.1.7 "Managed pointers exposing parameters outside of the method scope" to Ecma-335-Augments.md #122821

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
EgorBo wants to merge 5 commits into
base: main
Choose a base branch
from
+11 −1
Open

Add III.1.7 "Managed pointers exposing parameters outside of the method scope" to Ecma-335-Augments.md #122821

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b40b9b2
Add III.1.7 "Managed pointers exposing parameters outside of the meth…
EgorBo Jan 2, 2026
a998b23
Update docs/design/specs/Ecma-335-Augments.md
EgorBo Jan 2, 2026
cdc82d1
Update docs/design/specs/Ecma-335-Augments.md
EgorBo Jan 2, 2026
bf655e2
Update Ecma-335-Augments.md
EgorBo Jan 2, 2026
b048e5a
Clarify managed pointer escape wording
Mar 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion docs/design/specs/Ecma-335-Augments.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1030,6 +1030,16 @@ Changes to signatures:
- Managed pointers which point at the address just past the end of an object, or the address where an element just past the end of an array would be stored, are permitted but not dereferenceable.
- Null managed pointers are permitted to be dereferenced resulting in a `NullReferenceException`.

### III.1.7.7
Add a new paragraph "III.1.7.7 Managed pointers exposing parameters outside of the method scope" under section "III.1.7 Restrictions on CIL code sequences"
Managed pointers obtained from method parameters, and byref-like values that contain them, can be made observable outside of a function only through escape paths present in the function signature:
- By explicit return of a byref or byref-like type
- By writing to storage exposed by a byref parameter, including byref-like types containing multiple levels of byref fields

The same rule applies to unsafe code. Copying such a managed pointer or byref-like value through unmanaged or other raw storage is permitted, but it is undefined behavior to copy it into storage that makes it observable outside of the function through an escape path not present in the signature. Temporary copies in storage that is not observable outside of the function are permitted.

For example: `void M(Span<T> p)` cannot expose `p` outside of `M`, while `void M(Span<T> p, ref Span<T> q)` can copy `p` into `q`.

## <a name="byreflike-generics"></a> ByRefLike types in generics

ByRefLike types, defined in C# with the `ref struct` syntax, represent types that cannot escape to the managed heap and must remain on the stack. It is possible for these types to be used as generic parameters, but in order to improve utility certain affordances are required.
Expand Down Expand Up @@ -1194,4 +1204,4 @@ In section II.23.1.15, the following row is added to the table:

## Implict argument coercion rules

Implicit argument coercion as defined in section III.1.6 does not match with existing practice in CLR runtimes. Notably, implicit argument coercion of an `int32` on the IL evaluation stack to a `native unsigned int` is a sign extending operation, not a zero-extending operation.
Implicit argument coercion as defined in section III.1.6 does not match with existing practice in CLR runtimes. Notably, implicit argument coercion of an `int32` on the IL evaluation stack to a `native unsigned int` is a sign extending operation, not a zero-extending operation.
Loading