Skip to content

Reduce unsafe scope in trimmable type map code#11468

Draft
Copilot wants to merge 5 commits into
mainfrom
copilot/revise-unsafe-code-gen
Draft

Reduce unsafe scope in trimmable type map code#11468
Copilot wants to merge 5 commits into
mainfrom
copilot/revise-unsafe-code-gen

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 23, 2026
edited
Loading

The trimmable type map path used broad unsafe patterns that do not align well with the upcoming C# memory-safety model. This revisits the generated/runtime registration path to make unsafe boundaries explicit while preserving existing performance-sensitive unsafe code where needed.

  • Hashing helper

    • Preserves the existing stackalloc and pointer-based UTF-8 encoding path.
    • Keeps GetNamespaceAssemblyUtf8Bytes(...) unsafe and documents its caller requirements with /// <safety>.
    • Wraps calls to the unsafe helper in explicit unsafe blocks with SAFETY notes.

  • Runtime native registration

    • Changed TrimmableTypeMap.RegisterNativeMethods() to remain safe-callable.
    • Scoped native pointer work to an inner unsafe block with a SAFETY note.

  • Generated-code model

    • Updated the typemap emitter’s pseudo-C# to show the intended unsafe boundary pattern around JNI native registration.

Example pattern:

unsafe {
	// SAFETY: UTF-8 data is pinned for the duration of RegisterNatives.
	JniEnvironment.Types.RegisterNatives (runtimeClass.PeerReference, [method]);
}

Copilot AI linked an issue May 23, 2026 that may be closed by this pull request
[TrimmableTypeMap] Revisit use of unsafe in generated code and in libraries #11467
Open
Copilot AI and others added 2 commits May 23, 2026 15:22
@simonrozsival
Revise trimmable typemap unsafe boundaries
a121db4 
Agent-Logs-Url: https://github.com/dotnet/android/sessions/f976dfb0-61ce-4e48-b20e-ebcb73ddb9cf

Co-authored-by: simonrozsival <374616+simonrozsival@users.noreply.github.com>
@simonrozsival
Avoid temporary UTF8 arrays in typemap hashing
a80e6a3 
Agent-Logs-Url: https://github.com/dotnet/android/sessions/f976dfb0-61ce-4e48-b20e-ebcb73ddb9cf

Co-authored-by: simonrozsival <374616+simonrozsival@users.noreply.github.com>
Copilot AI changed the title [WIP] Revisit use of unsafe in generated code Reduce unsafe scope in trimmable type map code May 23, 2026
Copilot AI requested a review from simonrozsival May 23, 2026 15:27
simonrozsival
simonrozsival reviewed May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@simonrozsival simonrozsival left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot address this review

Comment thread src/Microsoft.Android.Sdk.TrimmableTypeMap/Scanner/ScannerHashingHelper.cs Outdated
ulong hashValue = BinaryPrimitives.ReadUInt64LittleEndian (hash);
BinaryPrimitives.WriteUInt64LittleEndian (hash, hashValue ^ (ulong) bytesWritten);
return ToHexString (hash);
byte[] rented = ArrayPool<byte>.Shared.Rent (byteCount);
Copy link
Copy Markdown
Member

@simonrozsival simonrozsival May 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to keep stackalloc, I don't want to compromise here. Simply use the unsafe block here instead.

Comment thread src/Microsoft.Android.Sdk.TrimmableTypeMap/Scanner/ScannerHashingHelper.cs Outdated
}

static unsafe int GetNamespaceAssemblyUtf8Bytes (string ns, string assemblyName, Span<byte> destination)
static int GetNamespaceAssemblyUtf8Bytes (string ns, string assemblyName, byte[] destination)
Copy link
Copy Markdown
Member

@simonrozsival simonrozsival May 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I want to keep this method the way it was. Keep it unsafe and just add the /// <safety> comment here + call it from unsafe { ... }

Copilot AI and others added 2 commits May 23, 2026 19:48
@simonrozsival
Address scanner unsafe review feedback
9f6abc4 
Agent-Logs-Url: https://github.com/dotnet/android/sessions/b540e64f-426f-4e62-89e3-b09e5e497c93

Co-authored-by: simonrozsival <374616+simonrozsival@users.noreply.github.com>
@simonrozsival
Clean up unsafe hashing helper assignment
6252660 
Agent-Logs-Url: https://github.com/dotnet/android/sessions/b540e64f-426f-4e62-89e3-b09e5e497c93

Co-authored-by: simonrozsival <374616+simonrozsival@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 23, 2026

@copilot address this review

Addressed the review in 9f6abc4 and follow-up cleanup 6252660. The stackalloc path is restored, GetNamespaceAssemblyUtf8Bytes remains unsafe with /// <safety>, and call sites now use explicit unsafe blocks.

Copilot AI requested a review from simonrozsival May 23, 2026 19:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simonrozsival simonrozsival Awaiting requested review from simonrozsival simonrozsival is a code owner

@jonathanpeppers jonathanpeppers Awaiting requested review from jonathanpeppers jonathanpeppers will be requested when the pull request is marked ready for review jonathanpeppers is a code owner

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

@simonrozsival simonrozsival

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[TrimmableTypeMap] Revisit use of unsafe in generated code and in libraries

2 participants

@simonrozsival