fix(profiler): lock-free class/endpoint/context maps via TripleBufferedDictionary

[jbachorik]

What does this PR do?:

Replaces the SpinLock-guarded Dictionary instances for _class_map, _string_label_map, and _context_value_map with a new TripleBufferedDictionary that eliminates all locking from the read/write fast paths.

TripleBufferedDictionary holds three Dictionary buffers cycling through three roles via a generic TripleBufferRotator<T> template:

• active — receives new writes (signal handlers + JNI threads), lock-free via CAS
• dump — snapshot being read by the dump thread; promoted from old active on rotate()
• scratch — two rotations behind active; ready to be cleared lock-free

The "scratch" role exists for safe lock-free reclamation: when a buffer enters that role, at least one full dump cycle has elapsed since it was last in the active or dump role. That grace period is much longer than any signal-handler (per-thread-locked, drained by lockAll() around the dump) or JNI-thread (microsecond lookup) can plausibly outlive a stale active pointer, so the buffer can be freed without any explicit drain.

bounded_lookup(size_limit=0) is signal-safe (no malloc) and checks the active buffer only — there is no fallback to older snapshots.

As part of this change the following dead code is removed:

• _class_map_lock (SpinLock)
• classMapSharedGuard() / classMapTrySharedGuard() on Profiler
• tryLockSharedBounded() and BoundedOptionalSharedLockGuard on SpinLock

Motivation:

Three production crashes (fingerprint v10.DAECC680F0728EAB44F26DB0B91B703F, 2026-05-06 to 2026-05-08) showed SIGSEGV in std::_Rb_tree_increment via Recording::writeCpool → Recording::writeClasses → Dictionary::collect, caused by a race between writeClasses and concurrent Dictionary::clear().

PR #516 patched this with a shared-lock, but that introduced tryLockSharedBounded(5) in the signal-handler path (walkVM). Under heavy 100 µs wall-clock load on aarch64 the bounded CAS retries were consistently exhausted, causing class lookups to return -1 and corrupting JFR recordings.

This PR also fixes a related counter-tracking gap: dictionary_classes_keys was always 0 during wall-clock profiling because fill-path inserts went to a buffer with counter id=0. All three buffers now carry the real id.

Note: walkVM's vtable-stub class resolution remains best-effort (it can only find classes that some other path has already inserted into the active buffer); a proper fix would require pre-populating the dictionary via JVMTI ClassPrepare, which is left to a follow-up.

Supersedes PR #522 (fix(profiler): fix SIGSEGV in Dictionary::clear under concurrent lookup).

Additional Notes:

• The grace period for safe lock-free clearing is the time between two consecutive clearStandby() calls (one full dump interval, typically ≥60s). This is many orders of magnitude longer than any signal-handler or JNI lookup, so explicit drains (RefCountGuard, lockAll) are unnecessary for the dictionary clear path.
• At most two non-empty buffers exist at any time (active + dump).

How to test the change?:

• ddprof-lib:gtestDebug_dictionary_ut — covers TripleBufferedDictionary rotation, counter semantics, and concurrent writer safety.
• DictionaryRotationTest (Java) — counter reset after clearStandby; correct counts after fill-path inserts.

For Datadog employees:

• If this PR touches code that signs or publishes builds or packages, or handles
  credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.

• This PR doesn't touch any of that.

• JIRA: [JIRA-XXXX]

[dd-octo-sts]

CI Test Results

Run: #25874376313 | Commit: 026e087 | Duration: 30m 25s (longest job)

✅ All 32 test jobs passed

Status Overview

JDK	glibc-aarch64/debug	glibc-amd64/debug	musl-aarch64/debug	musl-amd64/debug
8	-	✅	-	-
8-ibm	-	✅	-	-
8-j9	✅	✅	-	-
8-librca	-	-	✅	✅
8-orcl	-	✅	-	-
11	-	✅	-	-
11-j9	✅	✅	-	-
11-librca	-	-	✅	✅
17	✅	✅	-	-
17-graal	✅	✅	-	-
17-j9	✅	✅	-	-
17-librca	-	-	✅	✅
21	✅	✅	-	-
21-graal	✅	✅	-	-
21-librca	-	-	✅	✅
25	✅	✅	-	-
25-graal	✅	✅	-	-
25-librca	-	-	✅	✅

Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled

Summary: Total: 32 | Passed: 32 | Failed: 0

---

Updated: 2026-05-14 17:50:54 UTC

[jbachorik]

Reorganization plan

This PR is the foundation of the lock-free dictionary refactor (PR A in the reorganized sequence). It depends on #510 (PR B) merging first to avoid intermittent musl/aarch64 CI failures.

After #510 merges, this PR should be rebased onto main with two specific cleanups:

1. Drop libraryPatcher_linux.cpp changes from this PR. This PR currently uses a try/catch (abi::__forced_unwind&) approach which is buggy. fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510 ships the correct fix (no_stack_protector + pthread_exit() + TLS-based cleanup); keep fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510's version.
2. Reconcile the duplicate PROF-14545 fix in flightRecorder.cpp/h and the Java memleak tests. The changes are identical between this PR and fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510, so the rebase should merge cleanly. If conflicts arise, prefer fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510's version (already reviewed/CI-tested as part of PR B).

After this PR merges, #527 will need to be rebased on top to switch from _class_map_lock + _class_map.lookup() to the TripleBufferedDictionary API.

[jbachorik]

Rebased on top of #510 (muse/sigsegv-in-recording). Two changes vs. the previous version:

• Dropped the libraryPatcher_linux.cpp modifications (which used the buggy try/catch (abi::__forced_unwind&) approach). fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510 carries the correct fix (no_stack_protector + pthread_exit() + TLS-based cleanup), and this PR now inherits that automatically.
• The PROF-14545 line-number-table fix (flightRecorder.cpp/h, livenessTracker.cpp, Java memleak tests) is now provided by fix(profiler): line-number-table UAF, musl/aarch64 wrapper canary, and SIGVTALRM teardown race #510 and inherited.

The unique content of this PR is the TripleBufferedDictionary refactor itself plus its tests. spinlock_bounded_ut.cpp and dictionary_concurrent_ut.cpp are deleted (subsumed by dictionary_ut.cpp).