Dead code in ClrDataAccess::EnumMemoryRegionsWorkerCustom due to hardcoded eFlavor #124471
Description
Description
In ClrDataAccess::EnumMemoryRegionsWorkerCustom, the dump flavor selection logic is unreachable because the local variable eFlavor is explicitly hardcoded to DUMP_FLAVOR_Default.
The function contains logic for DUMP_FLAVOR_CriticalCLRState and DUMP_FLAVOR_NonHeapCLRState, but these branches can never be executed.
Reproduction Steps
Source: /src/coreclr/debug/daccess/enummem.cpp
Locate ClrDataAccess::EnumMemoryRegionsWorkerCustom.
Observe eFlavor = DUMP_FLAVOR_Default; at the beginning of the function.
Observe that eFlavor is never reassigned before the if/else if chain.
Code:
HRESULT ClrDataAccess::EnumMemoryRegionsWorkerCustom()
{
// ...
ECustomDumpFlavor eFlavor;
eFlavor = DUMP_FLAVOR_Default; // Hardcoded value
m_enumMemFlags = CLRDATA_ENUM_MEM_MINI;
Flush();
if (eFlavor == DUMP_FLAVOR_Mini)
{
// Executed if DUMP_FLAVOR_Default == DUMP_FLAVOR_Mini
}
else if (eFlavor == DUMP_FLAVOR_CriticalCLRState) // ALWAYS UNREACHABLE
{
// ...
}
else if (eFlavor == DUMP_FLAVOR_NonHeapCLRState) // ALWAYS UNREACHABLE
{
// ...
}
// ...
}Expected behavior
The eFlavor variable should be initialized from a dynamic source (such as the global g_ECustomDumpFlavor mentioned in the comments) or passed as a parameter, allowing the DAC to correctly execute different enumeration paths for different dump flavors.
Actual behavior
The variable is fixed to a constant value, making the logic for CriticalCLRState and NonHeapCLRState dead code. Static analysis tools (SVACE) flag these blocks as unreachable.
Regression?
No, this appears to be a long-standing issue or an incomplete implementation of the custom dump feature in the DAC.
Known Workarounds
None. It is currently impossible to trigger the non-default dump flavor paths through this worker.
Configuration
Target Framework: .NET / CoreCLR
Component: DAC (Data Access Component)
Architecture: All
Other information
Found by Linux Verification Center (linuxtesting.org) with SVACE.