Merge branch 'main' into fix/74020-jit-shift-opt

Author: csa7mdm

.config/dotnet-tools.json

@@ -15,7 +15,7 @@
       ]
     },
     "microsoft.dotnet.xharness.cli": {
-      "version": "11.0.0-prerelease.25601.7",
+      "version": "11.0.0-prerelease.25603.1",
       "commands": [
         "xharness"
       ]

.github/code-review-instructions.md

@@ -0,0 +1,132 @@
+---
+excludeAgent: coding-agent
+---
+
+# Code Review Instructions for dotnet/runtime
+
+These instructions guide code reviews for the dotnet/runtime repository. A compiler runs on every PR (as do a wealth of static analyzers for C# changes), so focus on higher-level concerns that require expert judgment rather than stylistic or syntactic issues.
+
+## Review Priorities
+
+### 1. Security
+
+**Critical Security Concerns:**
+- **Input Validation & Sanitization**: Ensure all external inputs (user data, file I/O, network data) are properly validated and sanitized before use
+- **Injection Vulnerabilities**: Check for potential SQL injection, command injection, path traversal, or code injection risks
+- **Cryptographic Operations**: Verify proper use of cryptographic APIs, secure random number generation, and correct handling of keys/certificates
+- **Buffer Overflows**: In native code, check for proper bounds checking and safe memory operations
+- **Authentication & Authorization**: Ensure proper access control checks are in place and cannot be bypassed
+- **Information Disclosure**: Watch for accidental logging or exposure of sensitive data (credentials, keys, PII)
+- **Denial of Service**: Check for potential infinite loops, resource exhaustion, or algorithmic complexity attacks
+- **Deserialization**: Ensure safe deserialization practices, especially with untrusted data
+- **Race Conditions**: Identify potential TOCTOU (time-of-check-time-of-use) vulnerabilities in security-sensitive operations
+
+### 2. Performance
+
+**Performance Considerations:**
+- **Algorithmic Complexity**: Identify inefficient algorithms (O(n²) where O(n) is possible, unnecessary allocations)
+- **Memory Allocations**: Watch for excessive allocations in hot paths, consider stack allocation (stackalloc) or object pooling where appropriate
+- **Boxing**: Identify unnecessary boxing of value types
+- **String Operations**: Check for string concatenation in loops (use StringBuilder), excessive string allocations
+- **LINQ Performance**: Evaluate LINQ usage in performance-critical paths; consider more direct alternatives
+- **Async/Await Overhead**: Ensure async/await is used appropriately (not for trivial synchronous operations)
+- **Collection Choices**: Verify appropriate collection types for access patterns (List vs. HashSet vs. Dictionary)
+- **Lazy Initialization**: Check for opportunities to defer expensive operations
+- **Caching**: Identify repeated expensive computations that could be cached
+- **Span<T> and Memory<T>**: Encourage use of modern memory-efficient types for buffer manipulation
+- **Native Interop**: Ensure P/Invoke calls are efficient and properly marshaled
+
+### 3. Backwards Compatibility
+
+**Compatibility Requirements:**
+- **Public API Changes**: Any change to public APIs requires careful scrutiny
+  - Breaking changes are generally not acceptable
+  - New optional parameters, overloads, and interface implementations need careful consideration
+  - Verify that API additions follow existing patterns and naming conventions
+- **Serialization Compatibility**: Ensure changes don't break serialization/deserialization of persisted data
+- **Configuration Changes**: Changes to configuration format or behavior must maintain backwards compatibility
+- **Binary Compatibility**: IL-level changes must preserve binary compatibility for existing assemblies
+- **Behavioral Changes**: Even non-breaking API changes can break consumers if behavior changes unexpectedly
+  - Document behavioral changes clearly
+  - Consider feature flags or opt-in mechanisms for significant behavior changes
+- **Obsolete APIs**: Check that proper obsolescence process is followed (attributes, documentation, migration path)
+
+### 4. Cross-Component Interactions
+
+**Integration Points:**
+- **Runtime/Library Boundaries**: Changes affecting CoreCLR, Mono, or NativeAOT must work across all runtimes
+- **Platform Differences**: Ensure changes work correctly across Windows, Linux, macOS, and other supported platforms
+- **Architecture Considerations**: Verify behavior is correct on x86, x64, ARM32, and ARM64
+- **Dependencies**: Changes to core libraries may impact higher-level libraries; consider cascading effects
+- **Threading Models**: Ensure thread-safety is maintained and synchronization primitives are used correctly
+- **Lifecycle Management**: Verify proper initialization, disposal patterns, and cleanup across component boundaries
+- **Shared State**: Carefully review any shared mutable state for thread-safety and consistency
+- **Error Handling**: Ensure exceptions and error codes are properly propagated across component boundaries
+
+### 5. Correctness and Edge Cases
+
+**Code Correctness:**
+- **Null Handling**: While the compiler enforces nullable reference types, verify runtime null checks are appropriate
+- **Boundary Conditions**: Test for off-by-one errors, empty collections, null inputs, maximum values
+- **Error Paths**: Ensure error handling is correct and complete; resources are properly cleaned up
+- **Concurrency**: Identify race conditions, deadlocks, or improper synchronization
+- **Exception Safety**: Verify operations maintain invariants even when exceptions occur
+- **Resource Management**: Ensure IDisposable is implemented correctly and resources are not leaked
+- **Numeric Overflow**: Check for potential integer overflow/underflow in calculations
+- **Culture/Locale Issues**: Verify culture-invariant operations where appropriate, proper localization otherwise
+- **Time Handling**: Check for timezone, daylight saving, and leap second handling issues
+
+### 6. Design and Architecture
+
+**Design Quality:**
+- **API Design**: Ensure new APIs are intuitive, follow framework design guidelines, and are hard to misuse
+- **Abstraction Level**: Verify abstractions are at the appropriate level and don't leak implementation details
+- **Separation of Concerns**: Check that responsibilities are properly separated
+- **Extensibility**: Consider whether the design allows for future extension without breaking changes
+- **SOLID Principles**: Evaluate adherence to single responsibility, open/closed, and other design principles
+- **Code Duplication**: Identify opportunities to reduce duplication while maintaining clarity
+- **Testability**: Ensure the code is designed to be testable (proper dependency injection, separation of concerns)
+
+### 7. Testing
+
+**Test Quality:**
+- **Coverage**: Ensure new functionality has appropriate test coverage
+- **Test Scenarios**: Verify tests cover happy paths, error paths, and edge cases
+- **Test Reliability**: Watch for flaky tests (timing dependencies, environmental assumptions)
+- **Test Performance**: Ensure tests run efficiently and don't unnecessarily slow down CI
+- **Platform-Specific Tests**: Verify platform-specific tests are properly conditioned
+- **Regression Tests**: Check that bugs being fixed have corresponding regression tests
+
+### 8. Documentation and Code Clarity
+
+**Documentation:**
+- **XML Documentation**: New public APIs must have clear XML documentation explaining purpose, parameters, return values, and exceptions. Do not comment on existing APIs that lack documentation.
+- **Complex Logic**: Comments should explain the "why" behind non-obvious decisions, not restate what the code does
+- **TODOs and FIXMEs**: Ensure they are tracked with issues and are appropriate for the change
+- **Breaking Changes**: Must be clearly documented with migration guidance
+
+## What NOT to Focus On
+
+The following are handled by automated tooling and don't need review comments:
+
+- Code formatting and style (handled by `.editorconfig` and analyzers)
+- Naming convention violations (handled by analyzers)
+- Missing using directives (handled by compiler)
+- Most syntax errors (handled by compiler)
+- Simple code style preferences without technical merit
+
+## Review Approach
+
+1. **Understand the Context**: Read the PR description and linked issues to understand the goal. Consider as much relevant code from the containing project as possible. For public APIs, review any code in the repo that consumes the method.
+2. **Assess the Scope**: Verify the change is focused and not mixing unrelated concerns
+3. **Evaluate Risk**: Consider the risk level based on what components are affected and how widely used they are
+4. **Think Like an Attacker**: For security-sensitive code, consider how it might be exploited
+5. **Think Like a Consumer**: Consider how the API will be used and potentially misused
+6. **Consider Maintenance**: Think about long-term maintenance burden and technical debt
+
+## Severity Guidelines
+
+- **Critical**: Security vulnerabilities, data corruption, crashes, breaking changes
+- **High**: Performance regressions, resource leaks, incorrect behavior in common scenarios
+- **Medium**: Edge case bugs, suboptimal design, missing documentation
+- **Low**: Code clarity issues, minor inefficiencies, nice-to-have improvements

.github/copilot-instructions.md

@@ -1,3 +1,7 @@
+---
+excludeAgent: code-review-agent
+---
+
 **Any code you commit SHOULD compile, and new and existing tests related to the change SHOULD pass.**
 
 You MUST make your best effort to ensure your changes satisfy those criteria before committing. If for any reason you were unable to build or test the changes, you MUST report that. You MUST NOT claim success unless all builds and tests pass as described above.

.github/workflows/locker.yml

@@ -1,4 +1,4 @@
-name: Locker - Lock stale issues and PRs
+name: Locker - Lock stale issues and PRs, unlock reopened ones
 on:
   schedule:
     - cron: '37 8 * * *' # Once per day, early morning PT
@@ -13,14 +13,21 @@ on:
         required: true
         default: "30"
 
+  issues:
+    types: [reopened]
+
+  pull_request_target:
+    types: [reopened]
+
 permissions:
   issues: write
   pull-requests: write
 
 jobs:
-  main:
+  lock:
     runs-on: ubuntu-latest
-    if: ${{ github.repository_owner == 'dotnet' }}
+    # Only run the locking job for scheduled runs and manual dispatch, not for reopened events
+    if: ${{ github.repository_owner == 'dotnet' && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') }}
     steps:
       - name: Checkout Actions
         uses: actions/checkout@v6
@@ -35,3 +42,20 @@ jobs:
         with:
           daysSinceClose:  ${{ fromJson(inputs.daysSinceClose  || 30) }}
           daysSinceUpdate: ${{ fromJson(inputs.daysSinceUpdate || 30) }}
+
+  unlock:
+    runs-on: ubuntu-latest
+    # Only run the unlocking job when issues or PRs are reopened
+    if: ${{ github.repository_owner == 'dotnet' && (github.event_name == 'issues' || github.event_name == 'pull_request_target') && github.event.action == 'reopened' }}
+    steps:
+      - name: Unlock if issue/PR is locked
+        uses: actions/github-script@v7
+        if: ${{ github.event.issue.locked == true }}
+        with:
+          script: |
+            console.log(`Unlocking locked issue/PR #${context.issue.number}.`);
+            await github.rest.issues.unlock({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });

Directory.Build.props

@@ -36,13 +36,14 @@
         - src/mono/msbuild/common/MonoAOTCompiler.props
         - src/tasks/AppleAppBuilder/Xcode.cs
         - src/tasks/MobileBuildTasks/Apple/AppleProject.cs
+        - src/tasks/Crossgen2Tasks/Microsoft.NET.CrossGen.targets
         - https://github.com/dotnet/sdk repo > src/Installer/redist-installer/targets/GeneratePKG.targets
      -->
     <AndroidApiLevelMin>21</AndroidApiLevelMin>
-    <iOSVersionMin>12.2</iOSVersionMin>
-    <tvOSVersionMin>12.2</tvOSVersionMin>
+    <iOSVersionMin>13.0</iOSVersionMin>
+    <tvOSVersionMin>13.0</tvOSVersionMin>
     <macOSVersionMin>12.0</macOSVersionMin>
-    <MacCatalystVersionMin>15.0</MacCatalystVersionMin>
+    <MacCatalystVersionMin>15.2</MacCatalystVersionMin>
   </PropertyGroup>
 
   <PropertyGroup>
@@ -57,19 +58,19 @@
 
   <!-- The TFMs to build and test against. -->
   <PropertyGroup>
-    <NetCoreAppCurrentVersion>10.0</NetCoreAppCurrentVersion>
+    <NetCoreAppCurrentVersion>11.0</NetCoreAppCurrentVersion>
     <NetCoreAppCurrentIdentifier>.NETCoreApp</NetCoreAppCurrentIdentifier>
     <NetCoreAppCurrentTargetFrameworkMoniker>$(NetCoreAppCurrentIdentifier),Version=v$(NetCoreAppCurrentVersion)</NetCoreAppCurrentTargetFrameworkMoniker>
     <MicrosoftNetCoreAppFrameworkName>Microsoft.NETCore.App</MicrosoftNetCoreAppFrameworkName>
     <NetCoreAppCurrentBrandName>.NET $(NetCoreAppCurrentVersion)</NetCoreAppCurrentBrandName>
     <NetCoreAppCurrent>net$(NetCoreAppCurrentVersion)</NetCoreAppCurrent>
 
     <!-- The previous supported .NET version. -->
-    <NetCoreAppPrevious>net9.0</NetCoreAppPrevious>
-    <NetCoreAppPrevious Condition="'$(DotNetBuildSourceOnly)' == 'true'">$(NetCoreAppCurrent)</NetCoreAppPrevious>
+    <NetCoreAppPrevious />
+    <!-- <NetCoreAppPrevious Condition="'$(DotNetBuildSourceOnly)' == 'true'">$(NetCoreAppCurrent)</NetCoreAppPrevious> -->
 
     <!-- The minimum supported .NET version. -->
-    <NetCoreAppMinimum>net8.0</NetCoreAppMinimum>
+    <NetCoreAppMinimum>net10.0</NetCoreAppMinimum>
     <NetCoreAppMinimum Condition="'$(DotNetBuildSourceOnly)' == 'true'">$(NetCoreAppCurrent)</NetCoreAppMinimum>
 
     <!-- when this is updated, make sure to keep $(_NetCoreAppToolCurrent)
@@ -87,8 +88,8 @@
     <NetFrameworkToolCurrent Condition="'$(DotNetBuildSourceOnly)' == 'true'" />
     <NetFrameworkCurrent Condition="'$(DotNetBuildSourceOnly)' == 'true'" />
 
-    <ApiCompatNetCoreAppBaselineVersion>9.0.0</ApiCompatNetCoreAppBaselineVersion>
-    <ApiCompatNetCoreAppBaselineTFM>net9.0</ApiCompatNetCoreAppBaselineTFM>
+    <ApiCompatNetCoreAppBaselineVersion>10.0.0</ApiCompatNetCoreAppBaselineVersion>
+    <ApiCompatNetCoreAppBaselineTFM>net10.0</ApiCompatNetCoreAppBaselineTFM>
   </PropertyGroup>
 
   <PropertyGroup Label="CalculateConfiguration">
@@ -178,7 +179,7 @@
 
   <PropertyGroup>
     <DotNetHostBinDir>$([MSBuild]::NormalizeDirectory('$(ArtifactsBinDir)', '$(TargetRid).$(HostConfiguration)', 'corehost'))</DotNetHostBinDir>
-    <DotNetCdacBinDir>$([MSBuild]::NormalizeDirectory('$(ArtifactsBinDir)', 'mscordaccore_universal', '$(Configuration)', '$(NetCoreAppCurrent)', '$(PortableTargetRid)', 'publish'))</DotNetCdacBinDir>
+    <DotNetCdacBinDir>$([MSBuild]::NormalizeDirectory('$(ArtifactsBinDir)', 'mscordaccore_universal', '$(Configuration)', '$(PortableTargetRid)', 'publish'))</DotNetCdacBinDir>
   </PropertyGroup>
 
   <!--Feature switches -->

Directory.Build.targets

@@ -209,4 +209,6 @@
       <Analyzer Remove="@(_targetingPackExcludedAnalyzerReferenceWithProjectName->Metadata('OriginalIdentity'))" />
     </ItemGroup>
   </Target>
+
+  <Import Project="$(RepositoryEngineeringDir)pruning.targets" />
 </Project>

docs/coding-guidelines/adding-api-guidelines.md

@@ -24,8 +24,8 @@ the implementation without compat concerns in future releases.
 
 ### Determine target framework
 
-`net10.0` is the target framework version currently under development and the new apis
-should be added to `net10.0`. [More Information on TargetFrameworks](https://learn.microsoft.com/dotnet/standard/frameworks)
+`net11.0` is the target framework version currently under development and the new apis
+should be added to `net11.0`. [More Information on TargetFrameworks](https://learn.microsoft.com/dotnet/standard/frameworks)
 
 ## Making the changes in repo
 

docs/coding-guidelines/project-guidelines.md

@@ -25,7 +25,7 @@ Below is a list of all the various options we pivot the project builds on:
 ## Individual build properties
 The following are the properties associated with each build pivot
 
-- `$(BuildTargetFramework) -> Any .NETCoreApp or .NETFramework TFM, e.g. net10.0`
+- `$(BuildTargetFramework) -> Any .NETCoreApp or .NETFramework TFM, e.g. net11.0`
 - `$(TargetOS) -> windows | linux | osx | freebsd | ... | [defaults to running OS when empty]`
 - `$(Configuration) -> Debug | Release | [defaults to Debug when empty]`
 - `$(TargetArchitecture) - x86 | x64 | arm | arm64 | [defaults to x64 when empty]`
@@ -59,7 +59,7 @@ A cross-targeting project which targets specific platform with `$(NetCoreAppCurr
 A full or individual project build is centered around BuildTargetFramework, TargetOS, Configuration and TargetArchitecture.
 
 1. `$(BuildTargetFramework), $(TargetOS), $(Configuration), $(TargetArchitecture)` can individually be passed in to change the default values.
-2. If nothing is passed to the build then we will default value of these properties from the environment. Example: `net10.0-[TargetOS Running On]-Debug-x64`.
+2. If nothing is passed to the build then we will default value of these properties from the environment. Example: `net11.0-[TargetOS Running On]-Debug-x64`.
 3. When building an individual project (either from the CLI or an IDE), all target frameworks are built.
 
 Any of the mentioned properties can be set via `/p:<Property>=<Value>` at the command line. When building using any of the wrapper scripts around it (i.e. build.cmd) a number of these properties have aliases which make them easier to pass (run build.cmd/sh -? for the aliases).

docs/project/dogfooding.md

@@ -124,8 +124,8 @@ This is the default case for applications - running against an installed .NET ru
 ```XML
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <!-- Ensure that the target framework is correct e.g. 'net10.0' -->
-    <TargetFramework>net10.0</TargetFramework>
+    <!-- Ensure that the target framework is correct e.g. 'net11.0' -->
+    <TargetFramework>net11.0</TargetFramework>
     <!-- modify version in this line with one reported by `dotnet --info` under ".NET runtimes installed" -> Microsoft.NETCore.App -->
     <RuntimeFrameworkVersion>9.0.0-preview.5.22224.3</RuntimeFrameworkVersion>
   </PropertyGroup>
@@ -147,8 +147,8 @@ make it self-contained by adding a RuntimeIdentifier (RID).
 ```XML
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <!-- Ensure that the target framework is correct e.g. 'net10.0' -->
-    <TargetFramework>net10.0</TargetFramework>
+    <!-- Ensure that the target framework is correct e.g. 'net11.0' -->
+    <TargetFramework>net11.0</TargetFramework>
     <!-- modify build in this line with version reported by `dotnet --info` as above under ".NET runtimes installed" -> Microsoft.NETCore.App -->
     <!-- moreover, this can be any valid Microsoft.NETCore.App package version from https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json -->
     <RuntimeFrameworkVersion>9.0.0-preview.5.22224.3</RuntimeFrameworkVersion>
@@ -159,7 +159,7 @@ make it self-contained by adding a RuntimeIdentifier (RID).
 ```
 $ dotnet restore
 $ dotnet publish
-$ bin\Debug\net10.0\win-x64\publish\App.exe
+$ bin\Debug\net11.0\win-x64\publish\App.exe
 ```
 
 ### Daily builds table

docs/workflow/building/coreclr/nativeaot.md

@@ -33,7 +33,7 @@ The paths to major components can be overridden using `IlcToolsPath`, `IlcSdkPat
 Run `build[.cmd|.sh] -c Release` from the repo root to build the NativeAOT toolchain packages. The build will place the toolchain packages at `artifacts\packages\Release\Shipping`. To publish your project using these packages:
 
 * Add the package directory to your `nuget.config` file. For example, add `<add key="local" value="C:\runtime\artifacts\packages\Release\Shipping" />`
-* Run `dotnet add package Microsoft.DotNet.ILCompiler -v 10.0.0-dev` to add the local package reference to your project.
+* Run `dotnet add package Microsoft.DotNet.ILCompiler -v 11.0.0-dev` to add the local package reference to your project.
 * Run `dotnet publish --packages pkg -r [win-x64|linux-x64|osx-64] -c [Debug|Release]` to publish your project. `--packages pkg` option restores the package into a local directory that is easy to cleanup once you are done. It avoids polluting the global nuget cache with your locally built dev package.
 
 ## High Level Overview