API proposal: MemoryMarshal.GetRawArrayData

[GrabYourPitchforks]

(Related to https://github.com/dotnet/corefx/issues/33706, but more narrowly scoped.)

Proposal

namespace System.Runtime.InteropServices
{
    public static class MemoryMarshal
    {
        // new method on existing MemoryMarshal type
        public static ref T GetRawArrayRef<T>(T[] array);
    }
}

Motivation

Per the feedback at https://github.com/dotnet/corefx/issues/33706#issuecomment-442145588, third-party libraries may want to perform certain optimizations that today can only be performed within coreclr itself because we know the internal layout of SzArray instances.

Behavior

If array is null, this results in a standard NullReferenceException (see https://github.com/dotnet/corefx/issues/36133#issuecomment-474389127). Otherwise it returns a reference to the element at index 0 in the array, even if the array is empty.

Per ECMA-335 (PDF), § II.14.4.2, it is legal for a managed pointer (type T&) to point just past the end of an array to where the next value would have been stored. Such T& cannot be safely dereferenced, but it is guaranteed to be tracked properly by the GC, and it can be used as an input argument in binary operators like add or clt.

Because it is possible to get a real GC-tracked managed pointer (T&), but because we cannot guarantee that it's safe to dereference, the GetRawArrayData method belongs on MemoryMarshal or some other "unsafe" type. The Unsafe static class is also a candidate for where this API can live, but it does not have any existing API surface for dealing with T[] inputs.

Developers who want a T& that's always safe to dereference can continue to use the standard syntax for getting a reference to the first array element:

ref T myRef = ref theArray[0]; // runtime will bounds check for you

[jeffschwMSFT]

cc @AaronRobinsonMSFT @jkoritzinsky

[jkotas]

Why not RuntimeHelpers ? This does not have much to do with interop marshaling. Also, it is pretty specialized API.

[GrabYourPitchforks]

@jkotas - RuntimeHelpers isn't something we've historically considered "unsafe" in the sense that its static methods allow you to break type safety / memory safety. The existing RuntimeHelpers method that comes closest is GetUninitializedObject, but that method doesn't feel quite as dangerous as this one.

If we wanted to put this on RuntimeHelpers then I'd advocate prefixing it with Dangerous to make explicit that it provides no safety guarantees.

[GrabYourPitchforks]

(On the other hand, if we had a sister method GetRawStringData(string s) : ref readonly char, I don't really have a strong preference where it goes or what it's named since it's always 100% safely dereferenceable, since even for empty strings it'll just point to the null terminator.)

[AaronRobinsonMSFT]

Otherwise it returns a reference to the element at index 0 in the array, even if the array is empty.

What are the next steps to access subsequent elements once I have this ref to the element? In C++ I would use pointers and do something like:

int *p = ...;
int v = *p;
p++;

I don't fully understand the use case here for arrays, especially if users can do ref T myRef = ref theArray[i].

[jkotas]

Marshal is very main stream type. If you add a new API there, everybody will see it. I do not think we want this API in a place where everybody will it.

What about MemoryMarshal ? It has AsRef that is about as dangerous as this one.

[GrabYourPitchforks]

@AaronRobinsonMSFT The point is mainly to elide bounds checks in hot code paths. See below:

ref T theRef = ref ThisFunction(theArray); // theRef now points to element 0 (NOT bounds checked)
theRef = ref Unsafe.Add(ref theRef, 1); // theRef now points to element 1
// ...

@jkotas MemoryMarshal is fine by me. I didn't propose it there originally since MemoryMarshal seems geared more toward Span / Memory rather than SzArray, but I wouldn't push back against it living there.

[AaronRobinsonMSFT]

@GrabYourPitchforks But wouldn't the caller still want to know how many elements exist in order to properly call Add()? Or perhaps you mean the implicit bounds check from the runtime can be avoided? If it is the latter I get this API and agree it probably should be on MemoryMarshal.

[DaZombieKiller]

So essentially this would be a JIT intrinsic form of something like this?:

/// <remarks>If <paramref name="array"/> is null, <see cref="ArgumentNullException"/> is thrown.</remarks>
/// <returns>A reference to the element at index 0 in the array, even if the array is empty.</returns>
[MethodImpl(MethodImplOptions.AggressiveInlining)]
public static ref T GetRawArrayData<T>(T[] array)
{
    if (array == null)
        throw new ArgumentNullException(nameof(array));

    return ref MemoryMarshal.GetReference(new Span<T>(array));
}

I think having the function on Marshal would feel strange. As I understand it, Marshal is primarily intended for, well, marshalling data to and from native code. I agree that MemoryMarshal would make much more sense.

EDIT: Come to think of it, couldn't this function technically be implemented as an overload for MemoryMarshal.GetReference? Passing a T[] to it currently is ambiguous due to the presence of both Span<T> and ReadOnlySpan<T> overloads, so it shouldn't break any existing code.

[jkotas]

  if (array == null)
        throw new ArgumentNullException(nameof(array));

This is very low level method and throwing ArgumentNullException from it would make it much more expensive than it should be. This should throw the implicit NullReferenceException. (This would not be the first case in the framework to do this.)

[omariom]

Why not?

public static class MemoryMarshal
{
    public static ref T GetReference<T>(T[] array);
}

There is already such method for span.

[GrabYourPitchforks]

This should throw the implicit NullReferenceException.

I'll update the proposal.

[GrabYourPitchforks]

I updated the description to put the API on MemoryMarshal instead of Marshal since that's where it looked like consensus was heading.