Merge branch 'main' into fix-memory-leak-in-aot-compiler

Author: vitek-karas

.claude/settings.json

@@ -0,0 +1,13 @@
+{
+  "extraKnownMarketplaces": {
+    "dotnet-arcade-skills": {
+      "source": {
+        "source": "github",
+        "repo": "dotnet/arcade-skills"
+      }
+    }
+  },
+  "enabledPlugins": {
+    "dotnet-dnceng@dotnet-arcade-skills": true
+  }
+}

.config/dotnet-tools.json

@@ -15,7 +15,7 @@
       ]
     },
     "microsoft.dotnet.xharness.cli": {
-      "version": "11.0.0-prerelease.26174.1",
+      "version": "11.0.0-prerelease.26204.1",
       "commands": [
         "xharness"
       ]

.github/agents/agentic-workflows.agent.md

@@ -1,4 +1,5 @@
 ---
+name: agentic-workflows
 description: GitHub Agentic Workflows (gh-aw) - Create, debug, and upgrade AI-powered workflows with intelligent prompt routing
 disable-model-invocation: true
 ---

.github/agents/extensions-reviewer.md

@@ -5,30 +5,20 @@
       "version": "v8",
       "sha": "ed597411d8f924073f98dfc5c65a23a2325f34cd"
     },
+    "actions/github-script@v9": {
+      "repo": "actions/github-script",
+      "version": "v9",
+      "sha": "373c709c69115d41ff229c7e5df9f8788daa9553"
+    },
     "actions/upload-artifact@v4": {
       "repo": "actions/upload-artifact",
       "version": "v4",
       "sha": "ea165f8d65b6e75b540449e92b4886f43607fa02"
     },
-    "github/gh-aw-actions/setup@v0.63.0": {
-      "repo": "github/gh-aw-actions/setup",
-      "version": "v0.63.0",
-      "sha": "9128d2542bbf1bdfec94dabeaf3e1d3c0d402577"
-    },
-    "github/gh-aw-actions/setup@v0.63.1": {
-      "repo": "github/gh-aw-actions/setup",
-      "version": "v0.63.1",
-      "sha": "53e09ec0be6271e81a69f51ef93f37212c8834b0"
-    },
-    "github/gh-aw-actions/setup@v0.64.5": {
-      "repo": "github/gh-aw-actions/setup",
-      "version": "v0.64.5",
-      "sha": "5d2ebfd87a1a45a8a8323c1a12c01b055730dac5"
-    },
-    "github/gh-aw-actions/setup@v0.65.6": {
+    "github/gh-aw-actions/setup@v0.68.1": {
       "repo": "github/gh-aw-actions/setup",
-      "version": "v0.65.6",
-      "sha": "31130b20a8fd3ef263acbe2091267c0aace07e09"
+      "version": "v0.68.1",
+      "sha": "2fe53acc038ba01c3bbdc767d4b25df31ca5bdfc"
     }
   }
 }

.github/agents/system-net-review.md

@@ -84,7 +84,7 @@ Based on file paths you will modify:
 
 ### Step 2: Run the Baseline Build (from repo root)
 
-**First, checkout the `main` branch** to establish a known-good baseline, then run the appropriate build command:
+From the repo root, on the branch you intend to modify, ensure you have a clean working tree (no uncommitted changes) at the current HEAD, then run the appropriate build command **before making any code changes**:
 
 | Component | Command |
 |-----------|---------|
@@ -108,7 +108,7 @@ export PATH="$(pwd)/.dotnet:$PATH"
 dotnet --version  # Should match sdk.version in global.json
 ```
 
-**Only proceed with changes after the baseline build succeeds.** If it fails, report the failure and stop. After the baseline build, switch back to your working branch before making changes.
+**Only proceed with changes after the baseline build succeeds.** If it fails, report the failure and stop.
 
 ---
 

.github/aw/actions-lock.json

@@ -0,0 +1,13 @@
+{
+  "extraKnownMarketplaces": {
+    "dotnet-arcade-skills": {
+      "source": {
+        "source": "github",
+        "repo": "dotnet/arcade-skills"
+      }
+    }
+  },
+  "enabledPlugins": {
+    "dotnet-dnceng@dotnet-arcade-skills": true
+  }
+}

.github/copilot-instructions.md

@@ -0,0 +1,57 @@
+---
+applyTo: "src/libraries/System.IO.Compression*/**"
+---
+
+# System.IO.Compression — Folder-Specific Guidance
+
+## Format Specification Correctness (D12)
+
+- ZIP64 extensions must be used for files over 4GB — extra field sizes, offsets, and header values must use 64-bit fields when the 32-bit range is exceeded
+- Compression levels must align with native library semantics — verify enum-to-native mapping is correct
+- New compression format support (e.g., zstd in ZIP) must include a feature switch for trimming/AOT and an explicit opt-in mechanism
+- Decompression must handle concatenated payloads and partial reads — the decompressor must not assume a single contiguous compressed stream
+- Breaking changes to format handling must be documented and include migration guidance
+
+## Security
+
+- Maximum decompressed size limits must be configurable to prevent zip-bomb attacks, following the existing deflate size limit pattern
+- Archive extraction must validate entry paths to prevent path traversal attacks (entries with `../` segments)
+
+## Performance & Allocation (D5)
+
+- Use `ArrayPool<byte>` for variable-size compression/decompression buffers — return buffers in finally blocks
+- Avoid allocating excessively large fixed buffers per operation (100KB+ per compression operation is expensive)
+- Pin buffers for the duration of native I/O operations
+- Hot paths must avoid per-operation allocations — prefer pooled buffers and cached delegates
+- Closures that capture state on hot paths must be eliminated — use static lambdas with explicit state
+
+## Async Operations
+
+- Async compression/decompression must not perform the actual compression work synchronously before the first await
+- Sync and async code paths must share non-trivial logic through common helpers to prevent divergence
+
+## Cross-Platform Metadata (D19)
+
+- Archive extraction must preserve or correctly translate platform-specific metadata — Unix execute permissions, symlinks, and hidden file attributes
+- File path operations within archives must use forward slashes as the archive-internal separator per the ZIP specification
+- Tests must verify metadata round-trip on both Windows and Unix platforms
+
+## Native Interop
+
+- Native library updates (brotli, zlib, zstd) must be tracked and the managed wrapper updated accordingly
+- Use `LibraryImport` (source-generated) for new P/Invoke declarations
+- SafeHandle-derived types must be used for native compression handles — never store raw IntPtr
+- Native error codes must be mapped to appropriate .NET exceptions with the native error code preserved
+
+## Error Handling (D9)
+
+- Exceptions must be the most specific applicable type — `InvalidDataException` for corrupt archives, `IOException` for I/O failures, with actionable context (entry name, expected vs actual values)
+- Operations on streams that may not support Length/Seek must be guarded appropriately
+
+## Interoperability Testing (D10)
+
+- Tests must use archive files created by external tools — not just round-trip tests with the same .NET implementation
+- Test with archives from multiple platforms and compression libraries to verify cross-tool compatibility
+- Cover edge cases: empty archives, many small entries, entries at size boundaries (4GB, uint.MaxValue)
+- Dispose behavior must be tested — verify resources are released and post-disposal operations throw
+

.github/copilot/settings.json

@@ -0,0 +1,42 @@
+---
+applyTo: "src/libraries/Microsoft.Extensions.Caching*/**"
+---
+
+# Microsoft.Extensions.Caching — Folder-Specific Guidance
+
+## Cache Key Correctness (D20)
+
+- Cache keys must incorporate all inputs that affect the cached result — including format versions, serialization options, and any parameters that change the output
+- Key generation must be deterministic and stable across process restarts for distributed caches
+- Verify that key composition does not create collisions for distinct inputs
+- Cache miss must be distinguishable from a cached null value
+
+## Eviction Policies (D20)
+
+- Cache eviction must consider TTL, priority, estimated object size, and memory pressure — not just LRU
+- Expose eviction callbacks so consumers can observe and react to entry removal
+- Memory pressure-based eviction should clear stale references to avoid retaining unused objects
+
+## Stampede Prevention (D20)
+
+- When a cache entry expires, only one caller should recompute the value while others wait (thundering herd mitigation)
+- HybridCache (available in .NET 9+) and similar patterns should use a single-flight mechanism for concurrent requests to the same key
+
+## Performance & Allocation (D5)
+
+- Closures for cache factory methods must not allocate on every cache access — cache the delegate or use a static lambda with explicit state
+- Distributed cache serialization must handle large objects efficiently — consider compression and streaming for values over 100KB
+- In-memory cache operations must avoid holding locks during expensive value computation
+- Hot paths must avoid per-operation allocations — prefer pooled buffers and cached delegates
+
+## Thread Safety (D6)
+
+- `MemoryCache` and `HybridCache` (available in .NET 9+) are expected to be used concurrently — all access patterns must be thread-safe
+- Entry creation and eviction callbacks may execute on different threads — do not assume single-threaded access
+
+## Distributed vs In-Memory
+
+- `IDistributedCache` implementations must handle serialization/deserialization correctly and document size limits
+- Test with both in-memory and distributed backing stores — behavior differences must be accounted for
+- Distributed cache key expiration semantics may differ from in-memory — document and test accordingly
+