Fix TypePreinit preinitialization correctness (#128973)

I asked GPT-5.5 to find bugs and it found bugs. One is more severe.

Intern foreign preinit instances so nested static reference identity is
preserved, conservatively mark serialized object instances mutable, and
fix vtable-like slot clearing.

Add NativeAOT smoke coverage for nested preinit identity and vtable slot
clearing.

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: MichalStrehovsky

src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/TypePreinit.cs

@@ -42,6 +42,7 @@ public class TypePreinit
         private readonly Dictionary<FieldDesc, Value> _fieldValues = new Dictionary<FieldDesc, Value>();
         private readonly Dictionary<string, StringInstance> _internedStrings = new Dictionary<string, StringInstance>();
         private readonly Dictionary<TypeDesc, RuntimeTypeValue> _internedTypes = new Dictionary<TypeDesc, RuntimeTypeValue>();
+        private readonly Dictionary<AllocationSite, ForeignTypeInstance> _foreignInstances = new Dictionary<AllocationSite, ForeignTypeInstance>();
         private readonly Dictionary<MetadataType, NestedPreinitResult> _nestedPreinitResults = new Dictionary<MetadataType, NestedPreinitResult>();
         private readonly Dictionary<EcmaField, byte[]> _rvaFieldDatas = new Dictionary<EcmaField, byte[]>();
 
@@ -153,6 +154,16 @@ private byte[] GetFieldRvaData(EcmaField field)
             return result;
         }
 
+        private ForeignTypeInstance GetOrCreateForeignInstance(TypeDesc type, AllocationSite allocationSite, ReferenceTypeValue data)
+        {
+            if (!_foreignInstances.TryGetValue(allocationSite, out ForeignTypeInstance result))
+            {
+                _foreignInstances.Add(allocationSite, result = new ForeignTypeInstance(type, allocationSite, data));
+            }
+
+            return result;
+        }
+
         private Status TryScanMethod(MethodDesc method, Value[] parameters, Stack<MethodDesc> recursionProtect, ref int instructionCounter, out Value returnValue)
         {
             MethodIL methodIL = _ilProvider.GetMethodIL(method);
@@ -2791,7 +2802,7 @@ public override bool TryInitialize(int size)
                     if (_index + numSlots > _parent._methods.Length)
                         return false;
 
-                    for (int i = _index; i < numSlots; i++)
+                    for (int i = _index; i < _index + numSlots; i++)
                         _parent._methods[i] = null;
 
                     return true;
@@ -3176,7 +3187,7 @@ public override bool TryCompareEquality(Value value, out bool result)
             public abstract ReferenceTypeValue ToForeignInstance(int baseInstructionCounter, TypePreinit preinitContext);
         }
 
-        private struct AllocationSite
+        private readonly struct AllocationSite : IEquatable<AllocationSite>
         {
             public MetadataType OwningType { get; }
             public int InstructionCounter { get; }
@@ -3186,6 +3197,14 @@ public AllocationSite(MetadataType type, int instructionCounter)
                 OwningType = type;
                 InstructionCounter = instructionCounter;
             }
+
+            public bool Equals(AllocationSite other) =>
+                OwningType == other.OwningType
+                && InstructionCounter == other.InstructionCounter;
+
+            public override bool Equals(object obj) => obj is AllocationSite other && Equals(other);
+
+            public override int GetHashCode() => HashCode.Combine(OwningType, InstructionCounter);
         }
 
         /// <summary>
@@ -3201,11 +3220,13 @@ public AllocatedReferenceTypeValue(TypeDesc type, AllocationSite allocationSite)
                 AllocationSite = allocationSite;
             }
 
-            public override ReferenceTypeValue ToForeignInstance(int baseInstructionCounter, TypePreinit preinitContext) =>
-                new ForeignTypeInstance(
-                    Type,
-                    new AllocationSite(AllocationSite.OwningType, AllocationSite.InstructionCounter - baseInstructionCounter),
-                    this);
+            public override ReferenceTypeValue ToForeignInstance(int baseInstructionCounter, TypePreinit preinitContext)
+            {
+                AllocationSite foreignAllocationSite = new AllocationSite(
+                    AllocationSite.OwningType,
+                    AllocationSite.InstructionCounter - baseInstructionCounter);
+                return preinitContext.GetOrCreateForeignInstance(Type, foreignAllocationSite, this);
+            }
 
             public override bool GetRawData(NodeFactory factory, out object data)
             {
@@ -3432,7 +3453,10 @@ public override void WriteFieldData(ref ObjectDataBuilder builder, NodeFactory f
                 }
             }
 
-            public override ReferenceTypeValue ToForeignInstance(int baseInstructionCounter, TypePreinit preinitContext) => this;
+            public override ReferenceTypeValue ToForeignInstance(int baseInstructionCounter, TypePreinit preinitContext)
+            {
+                return preinitContext.GetOrCreateForeignInstance(Type, AllocationSite, Data);
+            }
         }
 
         private sealed class StringInstance : ReferenceTypeValue, IHasInstanceFields
@@ -3572,7 +3596,26 @@ public void WriteContent(ref ObjectDataBuilder builder, ISymbolNode thisNode, No
                 builder.EmitBytes(_data, pointerSize, _data.Length - pointerSize);
             }
 
-            public bool IsKnownImmutable => !Type.GetFields().GetEnumerator().MoveNext();
+            public bool IsKnownImmutable
+            {
+                get
+                {
+                    // Are there any instance fields?
+                    if (Type.IsValueType)
+                    {
+                        // For value types, look at the actual fields.
+                        foreach (FieldDesc f in Type.GetFields())
+                            if (!f.IsStatic)
+                                return false;
+
+                        return true;
+                    }
+
+                    // For reference types, check if the unaligned size == MethodTable pointer
+                    // since we always have at least that field in the hierarchy.
+                    return ((DefType)Type).InstanceByteCountUnaligned == Type.Context.Target.LayoutPointerSize;
+                }
+            }
 
             public int ArrayLength => throw new NotSupportedException();
         }

src/tests/nativeaot/SmokeTests/Preinitialization/Preinitialization.cs

@@ -40,6 +40,7 @@ private static int Main()
         TestDelegateReflectionVisible.Run();
         TestInitFromOtherClass.Run();
         TestInitFromOtherClassDouble.Run();
+        TestNestedPreinitIdentity.Run();
         TestDelegateToOtherClass.Run();
         TestLotsOfBackwardsBranches.Run();
         TestSwitch.Run();
@@ -727,6 +728,38 @@ public static void Run()
     }
 }
 
+class TestNestedPreinitIdentity
+{
+    class OtherClass
+    {
+        public static readonly object ObjectValue = new object();
+    }
+
+    class YetAnotherClass
+    {
+        public static readonly object ObjectValue = OtherClass.ObjectValue;
+    }
+
+    static bool s_areSame;
+    static bool s_areSameIndirect;
+
+    static TestNestedPreinitIdentity()
+    {
+        object first = OtherClass.ObjectValue;
+        object second = OtherClass.ObjectValue;
+        object third = YetAnotherClass.ObjectValue;
+
+        s_areSame = first == second;
+        s_areSameIndirect = first == third;
+    }
+
+    public static void Run()
+    {
+        Assert.IsPreinitialized(typeof(TestNestedPreinitIdentity));
+        Assert.True(s_areSame);
+        Assert.True(s_areSameIndirect);
+    }
+}
 
 class TestDelegateToOtherClass
 {
@@ -1904,6 +1937,20 @@ static TinyVtableCImpl()
         }
     }
 
+    public unsafe class TinyVtableClearSlotImpl
+    {
+        [FixedAddressValueType]
+        public static readonly ITinyVtableB Vtbl;
+
+        static TinyVtableClearSlotImpl()
+        {
+            Vtbl.First = &First;
+            Vtbl.Second = &Second;
+            Vtbl.Third = &Third;
+            Vtbl.Second = default;
+        }
+    }
+
     public unsafe struct ITinyVtableA
     {
         public delegate*<void> First;
@@ -1946,6 +1993,11 @@ public static unsafe void Run()
         Assert.AreEqual((nuint)(delegate*<void>)&Second, (nuint)TinyVtableCImpl.Vtbl.Second);
         Assert.AreEqual((nuint)(delegate*<void>)&Third, (nuint)TinyVtableCImpl.Vtbl.Third);
         Assert.AreEqual((nuint)(delegate*<void>)&Fourth, (nuint)TinyVtableCImpl.Vtbl.Fourth);
+
+        Assert.IsPreinitialized(typeof(TinyVtableClearSlotImpl));
+        Assert.AreEqual((void*)(delegate*<void>)&First, TinyVtableClearSlotImpl.Vtbl.First);
+        Assert.AreEqual((void*)null, TinyVtableClearSlotImpl.Vtbl.Second);
+        Assert.AreEqual((void*)(delegate*<void>)&Third, TinyVtableClearSlotImpl.Vtbl.Third);
     }
 }