Fix ParseGenericTypeArgumentNames for nested generic types#1414
Merged
max-charlamb merged 1 commit intomicrosoft:mainfrom Apr 3, 2026
Merged
Conversation
ParseGenericTypeArgumentNames used IndexOf('<') to find the start of
generic arguments, which returns the first '<' in the full type name.
For nested generic types like Outer<A>+Inner<B>, this incorrectly
extracts the outer type's arguments (A) instead of the inner type's (B).
This breaks __Canon type resolution for AsyncStateMachineBox<TStateMachine>
because GetConcreteGenericTypeArguments resolves AsyncTaskMethodBuilder's
TResult instead of the state machine type, leaving the StateMachine field
with a null or wrong type after metadata fallback.
Fix: find the last '+' at depth 0 (outside angle brackets) to skip past
outer type names, then search for '<' from there.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
max-charlamb
changed the title
leculver
approved these changes
Apr 3, 2026
max-charlamb
added a commit
to dotnet/runtime
that referenced
this pull request
Apr 14, 2026
## Summary Fix two reference counting bugs in the legacy DAC's `DefaultCOMImpl` template class, remove the corresponding compat workaround in the cDAC, bump clrmd, and implement `CLRDATA_REQUEST_REVISION` in the cDAC. > [!NOTE] > This PR description was generated with the help of Copilot. ## Sibling PRs: - dotnet/diagnostics#5789 (merged) — Bump clrmd in diagnostics, adapt to 4.x API changes - microsoft/clrmd#1414 (merged) — Fix `ParseGenericTypeArgumentNames` for nested generic types - microsoft/clrmd#1416 (merged) — Fall back to MethodTable when generic type resolution produces a placeholder ## Bug 1: `Release()` uses post-decrement (dacimpl.h) `DefaultCOMImpl::Release()` used post-decrement (`mRef--`) instead of pre-decrement (`--mRef`): ```cpp // Before (bug): ULONG res = mRef--; // captures value BEFORE decrement if (res == 0) // never true when mRef was 1 delete this; // object is never freed ``` Per the [IUnknown::Release contract](https://learn.microsoft.com/en-us/windows/win32/api/unknwn/nf-unknwn-iunknown-release), `Release` must return the **new** reference count and free the object when it reaches 0. The post-decrement meant objects were never freed — a memory leak affecting all `DefaultCOMImpl`-derived classes (`DacHandleWalker`, `DacStackReferenceWalker`, `DacMemoryEnumerator` subclasses, `DacMethodTableSlotEnumerator`, `DacStackReferenceErrorEnum`). ## Bug 2: `DacMethodTableSlotEnumerator` missing `QueryInterface` (request.cpp) `GetMethodTableSlotEnumerator` returned the object via raw pointer assignment without calling `QueryInterface`/`AddRef`, leaving `mRef` at 0: ```cpp // Before (bug): *enumerator = methodTableSlotEnumerator; // mRef stays 0 ``` Every other `DefaultCOMImpl` subclass correctly uses `QueryInterface` before returning, which calls `AddRef` to give the caller an owning reference. Fixed to match that pattern. ## cDAC compat removal (SOSDacImpl.cs) The cDAC's `GetHandleEnum` and `GetHandleEnumForTypes` previously called `ComInterfaceMarshaller.ConvertToUnmanaged` to intentionally leak a ref count, matching the legacy DAC's broken behavior. Now that the legacy bug is fixed, this compat workaround is removed. ## Version bump and cDAC revision - Bumps `CLRDATA_REQUEST_REVISION` from 9 to 10 in the legacy DAC so that ClrMD can detect the fixed ref counting behavior via `IXCLRDataProcess::Request`. - Implements `CLRDATA_REQUEST_REVISION` directly in the cDAC's `SOSDacImpl.IXCLRDataProcess.Request` (with DEBUG validation against the legacy DAC) so consumers get the correct revision without requiring the legacy DAC fallback. ## ClrMD bump Updates `Microsoft.Diagnostics.Runtime` from `3.1.512801` to `4.0.0-beta.26210.1`. The new version includes: - CLRDATA_REQUEST_REVISION 10 detection to avoid double-freeing (microsoft/clrmd#1398) - `ParseGenericTypeArgumentNames` fix for nested generic types (microsoft/clrmd#1414) - `GetTypeByName` cached generic instantiation fix (microsoft/clrmd#1412) - Canon fallback to MethodTable for compiler-generated types (microsoft/clrmd#1416) ## cdacstress.cpp double Release removal Removes the compensating double `pEnum->Release()` in `CollectStackRefs` that was working around the broken post-decrement in `DefaultCOMImpl::Release()`. --------- Co-authored-by: Max Charlamb <maxcharlamb@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GetConcreteGenericTypeArgumentswas resolvingVoidTaskResult(fromAsyncTaskMethodBuilder) instead of the state machine type, leaving theStateMachinefield with a null or wrong type after metadata fallback. This caused SOSDumpAsyncto crash with an assertion failure.Fix
Find the last
+at depth 0 (outside angle brackets) to skip past outer type names, then search for<from there.Verification
AsyncTaskMethodBuilder<VoidTaskResult>+AsyncStateMachineBox<MyClass+<DoAsync>d__3>VoidTaskResult❌MyClass+<DoAsync>d__3✅Dictionary<String, Int32>String, Int32✅String, Int32✅Dictionary<String, Int32>+EntryString, Int32❌Fixes the regression reported in dotnet/diagnostics#5789.