[cDAC] Add GC stress verification infrastructure and stack walk fixes

docs/design/datacontracts/ExecutionManager.md

@@ -50,7 +50,10 @@ struct CodeBlockHandle
     List<ExceptionClauseInfo> GetExceptionClauses(CodeBlockHandle codeInfoHandle);
 
     // Extension Methods (implemented in terms of other APIs)
+    // Returns true if the code block is a funclet (exception handler, filter, or finally)
     bool IsFunclet(CodeBlockHandle codeInfoHandle);
+    // Returns true if the code block is specifically a filter funclet
+    bool IsFilterFunclet(CodeBlockHandle codeInfoHandle);
 ```
 
 ```csharp
@@ -450,6 +453,8 @@ There are two distinct clause data types. JIT-compiled code uses `EEExceptionCla
 
 After obtaining the clause array bounds, the common iteration logic classifies each clause by its flags. The native `COR_ILEXCEPTION_CLAUSE` flags are bit flags: `Filter` (0x1), `Finally` (0x2), `Fault` (0x4). If none are set, the clause is `Typed`. For typed clauses, if the `CachedClass` flag (0x10000000) is set (JIT-only, used for dynamic methods), the union field contains a resolved `TypeHandle` pointer; the clause is a catch-all if this pointer equals the `ObjectMethodTable` global. Otherwise, the union field is a metadata `ClassToken`. To determine whether a typed clause is a catch-all handler, the `ClassToken` (which may be a `TypeDef` or `TypeRef`) is resolved to a `MethodTable` via the `Loader` contract's module lookup maps (`TypeDefToMethodTable` or `TypeRefToMethodTable`) and compared against the `ObjectMethodTable` global. For typed clauses without a cached type handle, the module address is resolved by walking `CodeBlockHandle` → `MethodDesc` → `MethodTable` → `TypeHandle` → `Module` via the `RuntimeTypeSystem` contract.
 
+`IsFilterFunclet` first checks `IsFunclet`. If the code block is a funclet, it retrieves the EH clauses for the method and checks whether any filter clause's handler offset matches the funclet's relative offset. If a match is found, the funclet is a filter funclet.
+
 ### RangeSectionMap
 
 The range section map logically partitions the entire 32-bit or 64-bit addressable space into chunks.

docs/design/datacontracts/StackWalk.md

@@ -57,6 +57,9 @@ This contract depends on the following descriptors:
 | `StubDispatchFrame` | `MethodDescPtr` | Pointer to Frame's method desc |
 | `StubDispatchFrame` | `RepresentativeMTPtr` | Pointer to Frame's method table pointer |
 | `StubDispatchFrame` | `RepresentativeSlot` | Frame's method table slot |
+| `StubDispatchFrame` | `GCRefMap` | Cached pointer to GC reference map blob for caller stack promotion |
+| `ExternalMethodFrame` | `GCRefMap` | Cached pointer to GC reference map blob for caller stack promotion |
+| `DynamicHelperFrame` | `DynamicHelperFrameFlags` | Flags indicating which argument registers contain GC references |
 | `TransitionBlock` | `ReturnAddress` | Return address associated with the TransitionBlock |
 | `TransitionBlock` | `CalleeSavedRegisters` | Platform specific CalleeSavedRegisters struct associated with the TransitionBlock |
 | `TransitionBlock` (arm) | `ArgumentRegisters` | ARM specific `ArgumentRegisters` struct |
@@ -74,11 +77,27 @@ This contract depends on the following descriptors:
 | `CalleeSavedRegisters` | For each callee saved register `r`, `r` | Register names associated with stored register values |
 | `TailCallFrame` (x86 Windows) | `CalleeSavedRegisters` | CalleeSavedRegisters data structure |
 | `TailCallFrame` (x86 Windows) | `ReturnAddress` | Frame's stored instruction pointer |
+| `ExceptionInfo` | `ExceptionFlags` | Bit flags from `ExceptionFlags` class (`exstatecommon.h`). Used for GC reference reporting during stack walks with funclet handling. |
+| `ExceptionInfo` | `StackLowBound` | Low bound of the stack range unwound by this exception |
+| `ExceptionInfo` | `StackHighBound` | High bound of the stack range unwound by this exception |
+| `ExceptionInfo` | `CSFEHClause` | Caller stack frame of the current EH clause |
+| `ExceptionInfo` | `CSFEnclosingClause` | Caller stack frame of the enclosing clause |
+| `ExceptionInfo` | `CallerOfActualHandlerFrame` | Stack frame of the caller of the catch handler |
+| `ExceptionInfo` | `PreviousNestedInfo` | Pointer to previous nested ExInfo |
+| `ExceptionInfo` | `PassNumber` | Exception handling pass (1 or 2) |
 
 Global variables used:
 | Global Name | Type | Purpose |
 | --- | --- | --- |
 | For each FrameType `<frameType>`, `<frameType>##Identifier` | `FrameIdentifier` enum value | Identifier used to determine concrete type of Frames |
+| `TransitionBlockOffsetOfFirstGCRefMapSlot` | `uint32` | Byte offset within TransitionBlock where GCRefMap slot enumeration begins. ARM64: RetBuffArgReg offset; others: ArgumentRegisters offset. |
+| `TransitionBlockOffsetOfArgumentRegisters` | `uint32` | Byte offset of the ArgumentRegisters within the TransitionBlock |
+| `TransitionBlockOffsetOfArgs` | `uint32` | Byte offset of stack arguments (first arg after registers) = `sizeof(TransitionBlock)` |
+
+Constants used:
+| Source | Name | Value | Purpose |
+| --- | --- | --- | --- |
+| `ExceptionFlags` (`exstatecommon.h`) | `Ex_UnwindHasStarted` | `0x00000004` | Bit flag in `ExceptionInfo.ExceptionFlags` indicating exception unwinding (2nd pass) has started. Used by `IsInStackRegionUnwoundBySpecifiedException` to skip ExInfo trackers still in the 1st pass. |
 
 Contracts used:
 | Contract Name |
@@ -369,11 +388,11 @@ TargetPointer GetMethodDescPtr(TargetPointer framePtr)
     4. The InlinedCallFrame's return address method has a MDContext arg
 
   In this case, we report the actual interop MethodDesc. A pointer to the MethodDesc immediately follows the InlinedCallFrame in memory.
-This API is implemeted as follows:
+This API is implemented as follows:
 1. Try to get the current frame address `framePtr` with `GetFrameAddress`.
 2. If the address is not null, compute `reportInteropMD` as listed above. Otherwise skip to step 5.
 3. If `reportInteropMD`, dereference the pointer immediately following the InlinedCallFrame and return that value.
-4. If `!reportIteropMD`, return `GetMethodDescPtr(framePtr)`.
+4. If `!reportInteropMD`, return `GetMethodDescPtr(framePtr)`.
 5. Check if the current context IP is a managed context using the ExecutionManager contract. If it is a managed context, use the ExecutionManager context to find the related MethodDesc and return the pointer to it.
 ```csharp
 TargetPointer GetMethodDescPtr(IStackDataFrameHandle stackDataFrameHandle)

eng/Subsets.props

@@ -254,6 +254,7 @@
     <SubsetName Include="Tools.ILLinkTests" OnDemand="true" Description="Unit tests for the tools.illink subset." />
     <SubsetName Include="Tools.CdacTests" OnDemand="true" Description="Unit tests for the diagnostic data contract reader." />
     <SubsetName Include="Tools.CdacDumpTests" OnDemand="true" Description="Dump-based integration tests for the diagnostic data contract reader." />
+    <SubsetName Include="Tools.CdacGCStressTests" OnDemand="true" Description="GC stress integration tests for the diagnostic data contract reader." />
     <SubsetName Include="Tools.ILAsm" OnDemand="true" Description="Build only the managed ilasm tool." />
 
     <!-- Host -->
@@ -528,6 +529,10 @@
     <ProjectToBuild Include="$(SharedNativeRoot)managed\cdac\tests\DumpTests\Microsoft.Diagnostics.DataContractReader.DumpTests.csproj" Test="true" Category="tools"/>
   </ItemGroup>
 
+  <ItemGroup Condition="$(_subset.Contains('+tools.cdacgcstresstests+'))">
+    <ProjectToBuild Include="$(SharedNativeRoot)managed\cdac\tests\GCStressTests\Microsoft.Diagnostics.DataContractReader.GCStressTests.csproj" Test="true" Category="tools"/>
+  </ItemGroup>
+
   <ItemGroup Condition="$(_subset.Contains('+tools.illink+'))">
     <ProjectToBuild Include="$(ToolsProjectRoot)illink\src\linker\Mono.Linker.csproj" Category="tools" />
     <ProjectToBuild Include="$(ToolsProjectRoot)illink\src\ILLink.Tasks\ILLink.Tasks.csproj" Category="tools" />

src/coreclr/inc/clrconfigvalues.h

@@ -286,7 +286,7 @@ RETAIL_CONFIG_DWORD_INFO(INTERNAL_JitEnableNoWayAssert, W("JitEnableNoWayAssert"
 
 RETAIL_CONFIG_DWORD_INFO(UNSUPPORTED_JitFramed, W("JitFramed"), 0, "Forces EBP frames")
 CONFIG_DWORD_INFO(INTERNAL_JitThrowOnAssertionFailure, W("JitThrowOnAssertionFailure"), 0, "Throw managed exception on assertion failures during JIT instead of failfast")
-CONFIG_DWORD_INFO(INTERNAL_JitGCStress, W("JitGCStress"), 0, "GC stress mode for jit")
+CONFIG_DWORD_INFO(INTERNAL_JitGCStress, W("JitGCStress"), 0, "cDAC stress mode for jit")
 CONFIG_DWORD_INFO(INTERNAL_JitHeartbeat, W("JitHeartbeat"), 0, "")
 RETAIL_CONFIG_DWORD_INFO(UNSUPPORTED_JITMinOpts, W("JITMinOpts"), 0, "Forces MinOpts")
 
@@ -747,6 +747,10 @@ CONFIG_STRING_INFO(INTERNAL_PerfTypesToLog, W("PerfTypesToLog"), "Log facility L
 CONFIG_STRING_INFO(INTERNAL_PrestubGC, W("PrestubGC"), "")
 CONFIG_STRING_INFO(INTERNAL_PrestubHalt, W("PrestubHalt"), "")
 RETAIL_CONFIG_STRING_INFO(EXTERNAL_RestrictedGCStressExe, W("RestrictedGCStressExe"), "")
+RETAIL_CONFIG_DWORD_INFO(INTERNAL_CdacStressFailFast, W("CdacStressFailFast"), 0, "If nonzero, assert on cDAC/runtime GC ref mismatch during cDAC stress (GCSTRESS_CDAC mode).")
+RETAIL_CONFIG_STRING_INFO(INTERNAL_CdacStressLogFile, W("CdacStressLogFile"), "Log file path for cDAC cDAC stress verification results.")
+RETAIL_CONFIG_DWORD_INFO(INTERNAL_CdacStressStep, W("CdacStressStep"), 1, "Verify every Nth cDAC stress point (1=every point, 100=every 100th). Reduces overhead while maintaining code path diversity.")
+RETAIL_CONFIG_DWORD_INFO(INTERNAL_CdacStress, W("CdacStress"), 0, "Enable cDAC stack reference verification. Bit flags: 0x1=alloc points, 0x2=GC trigger points, 0x4=unique stacks only, 0x8=instruction points.")
 CONFIG_DWORD_INFO(INTERNAL_ReturnSourceTypeForTesting, W("ReturnSourceTypeForTesting"), 0, "Allows returning the (internal only) source type of an IL to Native mapping for debugging purposes")
 RETAIL_CONFIG_DWORD_INFO(UNSUPPORTED_RSStressLog, W("RSStressLog"), 0, "Allows turning on logging for RS startup")
 CONFIG_DWORD_INFO(INTERNAL_SBDumpOnNewIndex, W("SBDumpOnNewIndex"), 0, "Used for Syncblock debugging. It's been a while since any of those have been used.")

src/coreclr/inc/gcinfotypes.h

@@ -53,6 +53,7 @@ inline UINT32 CeilOfLog2(size_t x)
 #endif
 }
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum GcSlotFlags
 {
     GC_SLOT_BASE      = 0x0,
@@ -65,6 +66,7 @@ enum GcSlotFlags
     GC_SLOT_IS_DELETED  = 0x10,
 };
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum GcStackSlotBase
 {
     GC_CALLER_SP_REL = 0x0,
@@ -131,6 +133,7 @@ struct GcStackSlot
 //
 //--------------------------------------------------------------------------------
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum ReturnKind {
 
     // Cases for Return in one register

src/coreclr/inc/patchpointinfo.h

@@ -7,6 +7,8 @@
 
 #include <clrtypes.h>
 
+#include "../vm/cdacdata.h"
+
 #ifndef _PATCHPOINTINFO_H_
 #define _PATCHPOINTINFO_H_
 
@@ -217,6 +219,8 @@ struct PatchpointInfo
     }
 
 private:
+    friend struct ::cdac_data<PatchpointInfo>;
+
     enum
     {
         OFFSET_SHIFT = 0x1,

src/coreclr/vm/CMakeLists.txt

@@ -329,6 +329,7 @@ set(VM_SOURCES_WKS
     finalizerthread.cpp
     floatdouble.cpp
     floatsingle.cpp
+    cdacstress.cpp
     frozenobjectheap.cpp
     gccover.cpp
     gcenv.ee.cpp