From ee50cb81a13da92182f89235dad87527e94febc6 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Thu, 14 May 2026 15:57:14 -0700
Subject: [PATCH 1/6] Proof of concept for including thumb bit in R2R symbols

---
 src/coreclr/jit/emit.cpp                      | 34 ++-----------------
 src/coreclr/jit/emitarm.cpp                   |  7 ++--
 .../Compiler/ObjectWriter/ObjectWriter.cs     |  6 +---
 .../ReadyToRun/DelayLoadHelperImport.cs       | 12 +++----
 .../ExceptionInfoLookupTableNode.cs           |  2 +-
 .../ReadyToRun/MethodGCInfoNode.cs            |  8 ++---
 .../ResumptionStubEntryPointSignature.cs      |  2 +-
 .../ReadyToRun/RuntimeFunctionsTableNode.cs   |  2 +-
 8 files changed, 20 insertions(+), 53 deletions(-)

diff --git a/src/coreclr/jit/emit.cpp b/src/coreclr/jit/emit.cpp
index d3e723b5df1d18..5ea0dc49de9f26 100644
--- a/src/coreclr/jit/emit.cpp
+++ b/src/coreclr/jit/emit.cpp
@@ -8525,40 +8525,10 @@ void emitter::emitOutputDataSec(dataSecDsc* sec, AllocMemChunk* chunks)
 
                 if (m_compiler->opts.compReloc)
                 {
-#ifdef TARGET_ARM
-                    // The runtime and ILC will handle setting the thumb bit on the async resumption stub entrypoint,
-                    // either directly in the emitAsyncResumeStubEntryPoint value (runtime) or will add the thumb bit
-                    // to the symbol definition (ilc). ReadyToRun is different here: it emits method symbols without the
-                    // thumb bit, then during fixups, the runtime adds the thumb bit. This works for all cases where
-                    // the method entrypoint is fixed up at runtime, but doesn't hold for the resumption stub, which is
-                    // emitted as a direct call without the typical indirection cell + fixup. This is okay in this case
-                    // (while regular method calls could not do this) because the async method and its resumption stub
-                    // are tightly coupled and effectively funclets of the same method. However, this means that
-                    // crossgen needs the reloc for the resumption stubs entrypoint to include the thumb bit. Until we
-                    // unify the behavior of crossgen with the runtime and ilc, we will work around this by emitting the
-                    // reloc with the addend for the thumb bit.
-                    if (m_compiler->IsReadyToRun())
-                    {
-                        emitRecordRelocationWithAddlDelta(&aDstRW[i].Resume, emitAsyncResumeStubEntryPoint,
-                                                          CorInfoReloc::DIRECT, 1);
-                    }
-                    else
-#endif
-                    {
-                        emitRecordRelocation(&aDstRW[i].Resume, emitAsyncResumeStubEntryPoint, CorInfoReloc::DIRECT);
-                    }
+                    emitRecordRelocation(&aDstRW[i].Resume, emitAsyncResumeStubEntryPoint, CorInfoReloc::DIRECT);
                     if (target != nullptr)
                     {
-#ifdef TARGET_ARM
-                        if (m_compiler->IsReadyToRun())
-                        {
-                            emitRecordRelocationWithAddlDelta(&aDstRW[i].DiagnosticIP, target, CorInfoReloc::DIRECT, 1);
-                        }
-                        else
-#endif
-                        {
-                            emitRecordRelocation(&aDstRW[i].DiagnosticIP, target, CorInfoReloc::DIRECT);
-                        }
+                        emitRecordRelocation(&aDstRW[i].DiagnosticIP, target, CorInfoReloc::DIRECT);
                     }
                 }
 
diff --git a/src/coreclr/jit/emitarm.cpp b/src/coreclr/jit/emitarm.cpp
index cfb5de23666cac..f38e906ec01740 100644
--- a/src/coreclr/jit/emitarm.cpp
+++ b/src/coreclr/jit/emitarm.cpp
@@ -5336,9 +5336,10 @@ BYTE* emitter::emitOutputLJ(insGroup* ig, BYTE* dst, instrDesc* i)
         assert(ins == INS_movw || ins == INS_movt);
         distVal = (ssize_t)emitOffsetToPtr(dstOffs);
 
-        // ILC defines method symbols with the thumb bit already set, so don't add it here.
-        // For ReadyToRun and non-relocatable code (runtime JIT), we set it ourselves.
-        if (!m_compiler->IsNativeAot())
+        // ILC and crossgen2 defines method symbols with the thumb bit already set, so don't add it here.
+        // Assume compilations with relocs will put the thumb bit in the symbol.
+        // For non-relocatable code (runtime JIT), we set it ourselves.
+        if (!(m_compiler->compReloc))
         {
             distVal += 1;
         }
diff --git a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
index 5eb2018c7cf947..8d7a8826dc4f75 100644
--- a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
+++ b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
@@ -409,12 +409,8 @@ public virtual void EmitObject(Stream outputFileStream, IReadOnlyCollection<Depe
                 }
 
                 bool isMethod = node is IMethodBodyNode or AssemblyStubNode;
-#if !READYTORUN
                 long thumbBit = _nodeFactory.Target.Architecture == TargetArchitecture.ARM && isMethod ? 1 : 0;
-#else
-                // R2R records the thumb bit in the addend when needed, so we don't have to do it here.
-                long thumbBit = 0;
-#endif
+
                 if (node is WasmTypeNode signature)
                 {
                     RecordMethodSignature(signature);
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
index 78b6b3aa0f7f79..668af18398026c 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
@@ -27,11 +27,11 @@ public class DelayLoadHelperImport : Import
         public ReadyToRunHelper HelperId => _helper;
 
         public DelayLoadHelperImport(
-            NodeFactory factory, 
-            ImportSectionNode importSectionNode, 
-            ReadyToRunHelper helper, 
-            Signature instanceSignature, 
-            bool useVirtualCall = false, 
+            NodeFactory factory,
+            ImportSectionNode importSectionNode,
+            ReadyToRunHelper helper,
+            Signature instanceSignature,
+            bool useVirtualCall = false,
             bool useJumpableStub = false,
             MethodDesc callingMethod = null)
             : base(importSectionNode, instanceSignature, callingMethod)
@@ -87,7 +87,7 @@ public override void EncodeData(ref ObjectDataBuilder dataBuilder, NodeFactory f
                 // This needs to be an empty target pointer since it will be filled in with Module*
                 // when loaded by CoreCLR
                 dataBuilder.EmitReloc(_delayLoadHelper,
-                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64, factory.Target.CodeDelta);
+                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64);
             }
             else
             {
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ExceptionInfoLookupTableNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ExceptionInfoLookupTableNode.cs
index f9fe3657851a16..b5ec213d93d428 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ExceptionInfoLookupTableNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ExceptionInfoLookupTableNode.cs
@@ -121,7 +121,7 @@ public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)
             // First, emit the actual EH records in sequence and store map from methods to the EH record symbols
             for (int index = 0; index < _methodNodes.Count; index++)
             {
-                exceptionInfoLookupBuilder.EmitReloc(_methodNodes[index], RelocType.IMAGE_REL_BASED_ADDR32NB);
+                exceptionInfoLookupBuilder.EmitReloc(_methodNodes[index], RelocType.IMAGE_REL_BASED_ADDR32NB, -factory.Target.CodeDelta);
                 exceptionInfoLookupBuilder.EmitReloc(_ehInfoNode, RelocType.IMAGE_REL_BASED_ADDR32NB, _ehInfoOffsets[index]);
             }
 
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodGCInfoNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodGCInfoNode.cs
index 6d85b90d6131f5..05a2cfb9a23b2c 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodGCInfoNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodGCInfoNode.cs
@@ -145,7 +145,7 @@ public bool Equals(GCInfoComponent other)
                 {
                     if (other.Bytes == null)
                         return false;
-                    
+
                     return Bytes.SequenceEqual(other.Bytes);
                 }
                 else
@@ -170,7 +170,7 @@ private IEnumerable<GCInfoComponent> EncodeDataCore(NodeFactory factory)
             const byte UNW_FLAG_UHANDLER = 2;
             const byte UNW_FLAG_CHAININFO = 4;
             const byte FlagsShift = 3;
-            
+
             for (int frameInfoIndex = 0; frameInfoIndex < numFrameInfos; frameInfoIndex++)
             {
                 FrameInfo frameInfo = (frameInfoIndex >= numHotFrameInfos) ?
@@ -189,7 +189,7 @@ private IEnumerable<GCInfoComponent> EncodeDataCore(NodeFactory factory)
                     yield return new GCInfoComponent(header);
                     yield return new GCInfoComponent(_methodNode, 0);
                     yield return new GCInfoComponent(_methodNode, _methodNode.Size);
-                    // TODO: Is this correct? 
+                    // TODO: Is this correct?
                     yield return new GCInfoComponent(factory.RuntimeFunctionsGCInfo, this.OffsetFromBeginningOfArray);
                 }
                 else
@@ -212,7 +212,7 @@ private IEnumerable<GCInfoComponent> EncodeDataCore(NodeFactory factory)
                     {
                         bool isFilterFunclet = (frameInfo.Flags & FrameInfoFlags.Filter) != 0;
                         ISymbolNode personalityRoutine = (isFilterFunclet ? factory.FilterFuncletPersonalityRoutine : factory.PersonalityRoutine);
-                        yield return new GCInfoComponent(personalityRoutine, factory.Target.CodeDelta);
+                        yield return new GCInfoComponent(personalityRoutine, 0);
                     }
 
                     if (frameInfoIndex == 0 && _methodNode.GCInfo != null)
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ResumptionStubEntryPointSignature.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ResumptionStubEntryPointSignature.cs
index a071ed723afc8f..9d9b4655370832 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ResumptionStubEntryPointSignature.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ResumptionStubEntryPointSignature.cs
@@ -20,7 +20,7 @@ public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)
             builder.AddSymbol(this);
             builder.EmitByte((byte)ReadyToRunFixupKind.ResumptionStubEntryPoint);
             // Emit a relocation to the resumption stub code; at link time this becomes the RVA.
-            builder.EmitReloc(_resumptionStub, RelocType.IMAGE_REL_BASED_ADDR32NB, delta: factory.Target.CodeDelta);
+            builder.EmitReloc(_resumptionStub, RelocType.IMAGE_REL_BASED_ADDR32NB);
 
             return builder.ToObjectData();
         }
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
index 063caae405075c..9edf662963015e 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
@@ -130,7 +130,7 @@ public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)
                         }
                         else
                         {
-                            runtimeFunctionsBuilder.EmitReloc(symbol, RelocType.IMAGE_REL_BASED_ADDR32NB, delta: frameInfo.StartOffset + _nodeFactory.Target.CodeDelta);
+                            runtimeFunctionsBuilder.EmitReloc(symbol, RelocType.IMAGE_REL_BASED_ADDR32NB, delta: frameInfo.StartOffset);
                             if (!relocsOnly && _nodeFactory.Target.Architecture == TargetArchitecture.X64)
                             {
                                 // On Amd64, the 2nd word contains the EndOffset of the runtime function

From a78cfed1340b689e10fc91f2d4fa92930111f065 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Thu, 14 May 2026 17:23:54 -0700
Subject: [PATCH 2/6] Fix compReloc syntax, add subtraction to
 DelayLoadHelperImport

---
 src/coreclr/jit/emitarm.cpp                                     | 2 +-
 .../DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coreclr/jit/emitarm.cpp b/src/coreclr/jit/emitarm.cpp
index f38e906ec01740..319b89dc08dc7f 100644
--- a/src/coreclr/jit/emitarm.cpp
+++ b/src/coreclr/jit/emitarm.cpp
@@ -5339,7 +5339,7 @@ BYTE* emitter::emitOutputLJ(insGroup* ig, BYTE* dst, instrDesc* i)
         // ILC and crossgen2 defines method symbols with the thumb bit already set, so don't add it here.
         // Assume compilations with relocs will put the thumb bit in the symbol.
         // For non-relocatable code (runtime JIT), we set it ourselves.
-        if (!(m_compiler->compReloc))
+        if (!(m_compiler->opts.compReloc))
         {
             distVal += 1;
         }
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
index 668af18398026c..d522572b1b3170 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
@@ -87,7 +87,7 @@ public override void EncodeData(ref ObjectDataBuilder dataBuilder, NodeFactory f
                 // This needs to be an empty target pointer since it will be filled in with Module*
                 // when loaded by CoreCLR
                 dataBuilder.EmitReloc(_delayLoadHelper,
-                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64);
+                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64, -factory.Target.CodeDelta);
             }
             else
             {

From a731125d0b5ee38b3657bc56009cec7a11dbb6e0 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Mon, 18 May 2026 14:26:11 -0700
Subject: [PATCH 3/6] Add ARM Thumb bit ReadyToRun validation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .../ILCompiler.ReadyToRun.Tests.csproj        |   1 +
 .../CrossModuleInlining/ExceptionHandling.cs  |  21 +++
 .../TestCases/R2RTestSuites.cs                |  36 ++++
 .../TestCasesRunner/R2RDriver.cs              |   6 +-
 .../TestCasesRunner/R2RResultChecker.cs       | 171 ++++++++++++++++++
 .../ReadyToRun/DelayLoadHelperImport.cs       |   2 +-
 .../ReadyToRun/ReadyToRunHeaderNode.cs        |   5 +-
 7 files changed, 236 insertions(+), 6 deletions(-)
 create mode 100644 src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs

diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/ILCompiler.ReadyToRun.Tests.csproj b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/ILCompiler.ReadyToRun.Tests.csproj
index 1ec092009d6f88..c034a01e270db6 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/ILCompiler.ReadyToRun.Tests.csproj
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/ILCompiler.ReadyToRun.Tests.csproj
@@ -21,6 +21,7 @@
 
   <ItemGroup>
     <ProjectReference Include="../ILCompiler.Reflection.ReadyToRun/ILCompiler.Reflection.ReadyToRun.csproj" />
+    <ProjectReference Include="../crossgen2/crossgen2_inbuild.csproj" ReferenceOutputAssembly="false" />
   </ItemGroup>
 
   <!-- Test case source files are embedded as resources so we can compile them with Roslyn at test time.
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs
new file mode 100644
index 00000000000000..beb56d4d221bf3
--- /dev/null
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs
@@ -0,0 +1,21 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+
+public static class ExceptionHandling
+{
+    public static int CallDependency() => InlineableLib.GetValue();
+
+    public static int MethodWithExceptionInfo(int value)
+    {
+        try
+        {
+            return 100 / value;
+        }
+        catch (DivideByZeroException)
+        {
+            return -1;
+        }
+    }
+}
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/R2RTestSuites.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/R2RTestSuites.cs
index 874d921a98ab07..dec218c697fdbc 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/R2RTestSuites.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/R2RTestSuites.cs
@@ -57,6 +57,42 @@ static void Validate(ReadyToRunReader reader)
         }
     }
 
+    [Fact]
+    public void ArmThumbBitRelocationTargets()
+    {
+        var inlineableLib = new CompiledAssembly
+        {
+            AssemblyName = "InlineableLib",
+            SourceResourceNames = ["CrossModuleInlining/Dependencies/InlineableLib.cs"],
+        };
+        var exceptionHandling = new CompiledAssembly
+        {
+            AssemblyName = nameof(ArmThumbBitRelocationTargets),
+            SourceResourceNames = ["CrossModuleInlining/ExceptionHandling.cs"],
+            References = [inlineableLib],
+        };
+
+        new R2RTestRunner(_output).Run(new R2RTestCase(
+            nameof(ArmThumbBitRelocationTargets),
+            [
+                new(nameof(ArmThumbBitRelocationTargets),
+                [
+                    new CrossgenAssembly(exceptionHandling),
+                    new CrossgenAssembly(inlineableLib) { Kind = Crossgen2InputKind.Reference },
+                ])
+                {
+                    Options = [Crossgen2Option.TargetArchArm],
+                    Validate = Validate,
+                },
+            ]));
+
+        static void Validate(ReadyToRunReader reader)
+        {
+            string diag;
+            Assert.True(R2RAssert.HasExpectedArmThumbBitTargets(reader, out diag), diag);
+        }
+    }
+
     [Fact]
     public void TransitiveReferences()
     {
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RDriver.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RDriver.cs
index 6a28f9118c7478..fe60e3b47cf2c9 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RDriver.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RDriver.cs
@@ -33,8 +33,7 @@ internal enum Crossgen2Option
     ObjectFormat,
     HotColdSplitting,
     Optimize,
-    TargetArch,
-    TargetOS,
+    TargetArchArm,
 }
 
 internal static class Crossgen2OptionsExtensions
@@ -61,8 +60,7 @@ internal static class Crossgen2OptionsExtensions
         Crossgen2Option.ObjectFormat => $"--object-format",
         Crossgen2Option.HotColdSplitting => $"--hot-cold-splitting",
         Crossgen2Option.Optimize => $"--optimize",
-        Crossgen2Option.TargetArch => $"--target-arch",
-        Crossgen2Option.TargetOS => $"--target-os",
+        Crossgen2Option.TargetArchArm => $"--targetarch:arm",
         _ => throw new ArgumentOutOfRangeException(nameof(kind)),
     };
 }
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
index 797a2cda9eba4e..93bf43794712e3 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Buffers.Binary;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
@@ -63,6 +64,176 @@ public static bool HasManifestRef(ReadyToRunReader reader, string assemblyName,
         return found;
     }
 
+    /// <summary>
+    /// Returns true if ARM R2R relocations preserve the Thumb bit only for raw runtime function
+    /// start RVAs, while non-code pointers keep even RVAs.
+    /// </summary>
+    public static bool HasExpectedArmThumbBitTargets(ReadyToRunReader reader, out string diagnostic)
+    {
+        if (reader.Machine != Machine.ArmThumb2)
+        {
+            diagnostic = $"Expected ARM Thumb2 image, but found {reader.Machine}.";
+            return false;
+        }
+
+        var failures = new List<string>();
+
+        bool result = true;
+        result &= SectionRVAIsEven(reader, ReadyToRunSectionType.ExceptionInfo, failures);
+        result &= SectionRVAIsEven(reader, ReadyToRunSectionType.DelayLoadMethodCallThunks, failures);
+        result &= DelayLoadHelperImportTargetsAreOdd(reader, failures);
+        result &= ExceptionInfoMethodRVAsAreEven(reader, failures);
+        result &= RuntimeFunctionStartRVAsAreOdd(reader, failures);
+
+        diagnostic = result
+            ? "ARM Thumb-bit relocation targets are encoded as expected."
+            : string.Join(Environment.NewLine, failures);
+        return result;
+    }
+
+    private static bool SectionRVAIsEven(ReadyToRunReader reader, ReadyToRunSectionType sectionType, List<string> failures)
+    {
+        if (!reader.ReadyToRunHeader.Sections.TryGetValue(sectionType, out ReadyToRunSection section))
+        {
+            failures.Add($"Expected {sectionType} section not found.");
+            return false;
+        }
+
+        bool result = true;
+        if (section.Size <= 0)
+        {
+            failures.Add($"Expected {sectionType} section to be non-empty.");
+            result = false;
+        }
+
+        if ((section.RelativeVirtualAddress & 1) != 0)
+        {
+            failures.Add($"{sectionType} section RVA 0x{section.RelativeVirtualAddress:X8} should be even.");
+            result = false;
+        }
+
+        return result;
+    }
+
+    private static bool ExceptionInfoMethodRVAsAreEven(ReadyToRunReader reader, List<string> failures)
+    {
+        if (!reader.ReadyToRunHeader.Sections.TryGetValue(ReadyToRunSectionType.ExceptionInfo, out ReadyToRunSection section))
+        {
+            return true;
+        }
+
+        bool result = true;
+        int offset = reader.CompositeReader.GetOffset(section.RelativeVirtualAddress);
+        int endOffset = offset + section.Size;
+        int entries = 0;
+        for (; offset + 2 * sizeof(int) <= endOffset; offset += 2 * sizeof(int))
+        {
+            int methodRva = BitConverter.ToInt32(reader.Image, offset);
+            if (methodRva == -1)
+            {
+                break;
+            }
+
+            entries++;
+            if ((methodRva & 1) != 0)
+            {
+                failures.Add($"ExceptionInfo method RVA 0x{methodRva:X8} should be even.");
+                result = false;
+            }
+        }
+
+        if (entries == 0)
+        {
+            failures.Add("Expected ExceptionInfo to contain at least one method entry.");
+            result = false;
+        }
+
+        return result;
+    }
+
+    private static bool DelayLoadHelperImportTargetsAreOdd(ReadyToRunReader reader, List<string> failures)
+    {
+        bool result = true;
+        int entries = 0;
+        foreach (ReadyToRunImportSection section in reader.ImportSections)
+        {
+            if ((section.Flags & ReadyToRunImportSectionFlags.PCode) == 0)
+            {
+                continue;
+            }
+
+            int offset = reader.CompositeReader.GetOffset(section.SectionRVA);
+            int endOffset = offset + section.SectionSize;
+            for (; offset + section.EntrySize <= endOffset; offset += section.EntrySize)
+            {
+                int targetAddress = BinaryPrimitives.ReadInt32LittleEndian(reader.Image.AsSpan(offset));
+                if (targetAddress == 0)
+                {
+                    continue;
+                }
+
+                entries++;
+                if ((targetAddress & 1) == 0)
+                {
+                    failures.Add($"PCode import target 0x{targetAddress:X8} should have the Thumb bit set.");
+                    result = false;
+                }
+            }
+        }
+
+        if (entries == 0)
+        {
+            failures.Add("Expected at least one non-empty PCode import target.");
+            result = false;
+        }
+
+        return result;
+    }
+
+    private static bool RuntimeFunctionStartRVAsAreOdd(ReadyToRunReader reader, List<string> failures)
+    {
+        if (!reader.ReadyToRunHeader.Sections.TryGetValue(ReadyToRunSectionType.RuntimeFunctions, out ReadyToRunSection section))
+        {
+            failures.Add("Expected RuntimeFunctions section not found.");
+            return false;
+        }
+
+        int runtimeFunctionSize = 2 * sizeof(int);
+        if (section.Size < runtimeFunctionSize)
+        {
+            failures.Add($"Expected RuntimeFunctions section to contain at least one entry, but size is {section.Size}.");
+            return false;
+        }
+
+        bool result = true;
+        int offset = reader.CompositeReader.GetOffset(section.RelativeVirtualAddress);
+        int count = section.Size / runtimeFunctionSize;
+        int entries = 0;
+        for (int index = 0; index < count; index++, offset += runtimeFunctionSize)
+        {
+            int startRva = BitConverter.ToInt32(reader.Image, offset);
+            if (startRva == -1)
+            {
+                break;
+            }
+
+            entries++;
+            if ((startRva & 1) == 0)
+            {
+                failures.Add($"RuntimeFunctions[{index}] start RVA 0x{startRva:X8} should have the Thumb bit set.");
+                result = false;
+            }
+        }
+
+        if (entries == 0)
+        {
+            failures.Add("Expected RuntimeFunctions to contain at least one entry.");
+            result = false;
+        }
+
+        return result;
+    }
+
     /// <summary>
     /// Returns true if the CrossModuleInlineInfo section records that <paramref name="inlinerMethodName"/>
     /// inlined <paramref name="inlineeMethodName"/> and the inlinee is encoded as a cross-module
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
index d522572b1b3170..668af18398026c 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/DelayLoadHelperImport.cs
@@ -87,7 +87,7 @@ public override void EncodeData(ref ObjectDataBuilder dataBuilder, NodeFactory f
                 // This needs to be an empty target pointer since it will be filled in with Module*
                 // when loaded by CoreCLR
                 dataBuilder.EmitReloc(_delayLoadHelper,
-                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64, -factory.Target.CodeDelta);
+                    factory.Target.PointerSize == 4 ? RelocType.IMAGE_REL_BASED_HIGHLOW : RelocType.IMAGE_REL_BASED_DIR64);
             }
             else
             {
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ReadyToRunHeaderNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ReadyToRunHeaderNode.cs
index 3f556dda8aedc9..61d179e6d6698d 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ReadyToRunHeaderNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/ReadyToRunHeaderNode.cs
@@ -186,7 +186,10 @@ public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)
 
                 builder.EmitInt((int)item.Id);
 
-                builder.EmitReloc(item.StartSymbol, RelocType.IMAGE_REL_BASED_ADDR32NB);
+                // DelayLoadMethodCallThunks symbols are PCode, but the header entry encodes a data RVA.
+                // Remove the target code delta so the RVA does not include the ARM Thumb bit.
+                int rvaDelta = item.Id == ReadyToRunSectionType.DelayLoadMethodCallThunks ? -factory.Target.CodeDelta : 0;
+                builder.EmitReloc(item.StartSymbol, RelocType.IMAGE_REL_BASED_ADDR32NB, rvaDelta);
 
                 // The header entry for the runtime functions table should not include the 4 byte 0xffffffff sentinel
                 // value in the covered range.

From a9486f7d51832327e06385911e1f8b6ff2f2a9b0 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Mon, 18 May 2026 15:02:05 -0700
Subject: [PATCH 4/6] Use little-endian reads in R2R test validation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .../TestCasesRunner/R2RResultChecker.cs                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
index 93bf43794712e3..a401f4bfad7b75 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
@@ -128,7 +128,7 @@ private static bool ExceptionInfoMethodRVAsAreEven(ReadyToRunReader reader, List
         int entries = 0;
         for (; offset + 2 * sizeof(int) <= endOffset; offset += 2 * sizeof(int))
         {
-            int methodRva = BitConverter.ToInt32(reader.Image, offset);
+            int methodRva = BinaryPrimitives.ReadInt32LittleEndian(reader.Image.AsSpan(offset));
             if (methodRva == -1)
             {
                 break;
@@ -211,7 +211,7 @@ private static bool RuntimeFunctionStartRVAsAreOdd(ReadyToRunReader reader, List
         int entries = 0;
         for (int index = 0; index < count; index++, offset += runtimeFunctionSize)
         {
-            int startRva = BitConverter.ToInt32(reader.Image, offset);
+            int startRva = BinaryPrimitives.ReadInt32LittleEndian(reader.Image.AsSpan(offset));
             if (startRva == -1)
             {
                 break;

From b30a97204acb501c18627f02037f3f759e77cec3 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Wed, 20 May 2026 14:07:42 -0700
Subject: [PATCH 5/6] Fix ARM Thumb R2R code pointer relocations

Normalize ARM code-pointer relocation addends now that method symbols carry the Thumb bit, preserve cold-code runtime function RVAs, and extend the Thumb-bit validation test coverage for base-relocated code pointers.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .../Compiler/ObjectWriter/ObjectWriter.cs     |  1 -
 .../tools/Common/JitInterface/CorInfoImpl.cs  | 11 ++-
 .../CrossModuleInlining/ExceptionHandling.cs  | 42 ++++++++-
 .../TestCasesRunner/R2RResultChecker.cs       | 90 +++++++++++++++++++
 .../ReadyToRun/RuntimeFunctionsTableNode.cs   | 10 ++-
 5 files changed, 150 insertions(+), 4 deletions(-)

diff --git a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
index 8d7a8826dc4f75..ca055358afa637 100644
--- a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
+++ b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
@@ -177,7 +177,6 @@ or IMAGE_REL_BASED_THUMB_BRANCH24 or IMAGE_REL_BASED_THUMB_MOV32_PCREL &&
                     // Method symbols should be defined with the thumb bit (+1) set per the AAELF ABI
                     // convention. For BRANCH24, the encoding cannot represent the thumb bit
                     // (per AAELF formula ((S + A) | T) – P), so strip it from the symbol value.
-                    // NOTE: R2R doesn't currently add the thumb bit to the symbol value, so this is a NOP.
                     long symbolValue = relocType is IMAGE_REL_BASED_THUMB_BRANCH24
                         ? definedSymbol.Value & ~1L
                         : definedSymbol.Value;
diff --git a/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs b/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
index 4f655df94b156c..028d5eeccbe6d0 100644
--- a/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
+++ b/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
@@ -4329,9 +4329,18 @@ private void recordRelocation(void* location, void* locationRW, void* target, Co
                     break;
             }
 
+            RelocType relocType = GetRelocType(fRelocType);
             relocDelta += addlDelta;
 
-            RelocType relocType = GetRelocType(fRelocType);
+            if (_compilation.TypeSystemContext.Target.Architecture == TargetArchitecture.ARM &&
+                relocType == RelocType.IMAGE_REL_BASED_HIGHLOW &&
+                targetBlock == BlockType.Code)
+            {
+                // The ARM JIT reports PCode targets with the Thumb bit set. Method symbols also
+                // carry the Thumb bit, so keep the relocation addend as an offset from the code byte.
+                relocDelta -= _compilation.TypeSystemContext.Target.CodeDelta;
+            }
+
             // relocDelta is stored as the value
             Relocation.WriteValue(relocType, location, relocDelta);
 
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs
index beb56d4d221bf3..404891d0b681ff 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCases/CrossModuleInlining/ExceptionHandling.cs
@@ -2,10 +2,11 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Runtime.CompilerServices;
 
 public static class ExceptionHandling
 {
-    public static int CallDependency() => InlineableLib.GetValue();
+    public static int CallDependency() => InlineableLib.GetValue() + MethodWithSwitchTable(5);
 
     public static int MethodWithExceptionInfo(int value)
     {
@@ -18,4 +19,43 @@ public static int MethodWithExceptionInfo(int value)
             return -1;
         }
     }
+
+    public static int MethodWithSwitchTable(int value)
+    {
+        return value switch
+        {
+            0 => Case0(),
+            1 => Case1(),
+            2 => Case2(),
+            3 => Case3(),
+            4 => Case4(),
+            5 => Case5(),
+            6 => Case6(),
+            _ => CaseDefault(),
+        };
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case0() => 10;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case1() => 11;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case2() => 12;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case3() => 13;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case4() => 14;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case5() => 15;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int Case6() => 16;
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static int CaseDefault() => 17;
 }
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
index 6023ef498fde45..43b2a102ceb061 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun.Tests/TestCasesRunner/R2RResultChecker.cs
@@ -84,6 +84,7 @@ public static bool HasExpectedArmThumbBitTargets(ReadyToRunReader reader, out st
         result &= DelayLoadHelperImportTargetsAreOdd(reader, failures);
         result &= ExceptionInfoMethodRVAsAreEven(reader, failures);
         result &= RuntimeFunctionStartRVAsAreOdd(reader, failures);
+        result &= BaseRelocatedCodePointersAreOdd(reader, failures);
 
         diagnostic = result
             ? "ARM Thumb-bit relocation targets are encoded as expected."
@@ -190,6 +191,95 @@ private static bool DelayLoadHelperImportTargetsAreOdd(ReadyToRunReader reader,
         return result;
     }
 
+    private static bool BaseRelocatedCodePointersAreOdd(ReadyToRunReader reader, List<string> failures)
+    {
+        byte[] image = reader.Image.ToArray();
+        using var peReader = new PEReader(new MemoryStream(image));
+
+        if (peReader.PEHeaders.PEHeader is null)
+        {
+            failures.Add("Expected PE header to be present.");
+            return false;
+        }
+
+        DirectoryEntry relocDirectory = peReader.PEHeaders.PEHeader.BaseRelocationTableDirectory;
+        if (relocDirectory.Size == 0)
+        {
+            failures.Add("Expected base relocation table to contain entries.");
+            return false;
+        }
+
+        List<(int Start, int End)> runtimeFunctionRanges = GetAllMethods(reader)
+            .SelectMany(method => method.RuntimeFunctions)
+            .Select(function =>
+            {
+                int start = function.StartAddress & ~1;
+                int size = function.Size >= 0 ? function.Size : (function.EndAddress & ~1) - start;
+                return (Start: start, End: start + size);
+            })
+            .Where(range => range.End > range.Start)
+            .OrderBy(range => range.Start)
+            .ToList();
+
+        bool result = true;
+        int entries = 0;
+        int offset = peReader.GetOffset(relocDirectory.RelativeVirtualAddress);
+        int endOffset = offset + relocDirectory.Size;
+        while (offset + 2 * sizeof(int) <= endOffset)
+        {
+            int pageRva = BinaryPrimitives.ReadInt32LittleEndian(image.AsSpan(offset));
+            int blockSize = BinaryPrimitives.ReadInt32LittleEndian(image.AsSpan(offset + sizeof(int)));
+            offset += 2 * sizeof(int);
+
+            if (pageRva == 0 || blockSize < 2 * sizeof(int))
+                break;
+
+            int entryCount = (blockSize - 2 * sizeof(int)) / sizeof(ushort);
+            for (int i = 0; i < entryCount && offset + sizeof(ushort) <= endOffset; i++, offset += sizeof(ushort))
+            {
+                ushort entry = BinaryPrimitives.ReadUInt16LittleEndian(image.AsSpan(offset));
+                const int ImageRelBasedHighLow = 3;
+                if (entry >> 12 != ImageRelBasedHighLow)
+                    continue;
+
+                int relocatedRva = pageRva + (entry & 0x0FFF);
+                int relocatedOffset = peReader.GetOffset(relocatedRva);
+                int targetAddress = BinaryPrimitives.ReadInt32LittleEndian(image.AsSpan(relocatedOffset));
+                int targetRva = targetAddress - (int)reader.ImageBase;
+                if (!IsRuntimeFunctionAddress(runtimeFunctionRanges, targetRva & ~1))
+                    continue;
+
+                entries++;
+                if ((targetAddress & 1) == 0)
+                {
+                    failures.Add($"Base relocation at RVA 0x{relocatedRva:X8} points to code address 0x{targetAddress:X8} without the Thumb bit set.");
+                    result = false;
+                }
+            }
+        }
+
+        if (entries == 0)
+        {
+            failures.Add("Expected at least one base-relocated code pointer.");
+            result = false;
+        }
+
+        return result;
+    }
+
+    private static bool IsRuntimeFunctionAddress(List<(int Start, int End)> ranges, int rva)
+    {
+        foreach ((int start, int end) in ranges)
+        {
+            if (rva < start)
+                return false;
+            if (rva < end)
+                return true;
+        }
+
+        return false;
+    }
+
     private static bool RuntimeFunctionStartRVAsAreOdd(ReadyToRunReader reader, List<string> failures)
     {
         if (!reader.ReadyToRunHeader.Sections.TryGetValue(ReadyToRunSectionType.RuntimeFunctions, out ReadyToRunSection section))
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
index 9edf662963015e..515d2d34be330a 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/RuntimeFunctionsTableNode.cs
@@ -130,7 +130,15 @@ public override ObjectData GetData(NodeFactory factory, bool relocsOnly = false)
                         }
                         else
                         {
-                            runtimeFunctionsBuilder.EmitReloc(symbol, RelocType.IMAGE_REL_BASED_ADDR32NB, delta: frameInfo.StartOffset);
+                            int delta = frameInfo.StartOffset;
+                            if (symbol == method.ColdCodeNode)
+                            {
+                                // Cold code nodes are separate from the main method body and don't carry
+                                // the Thumb bit in their symbol value.
+                                delta += _nodeFactory.Target.CodeDelta;
+                            }
+
+                            runtimeFunctionsBuilder.EmitReloc(symbol, RelocType.IMAGE_REL_BASED_ADDR32NB, delta);
                             if (!relocsOnly && _nodeFactory.Target.Architecture == TargetArchitecture.X64)
                             {
                                 // On Amd64, the 2nd word contains the EndOffset of the runtime function

From 00a0e8b5c77e2fbaafda08ee68e02822b68c1444 Mon Sep 17 00:00:00 2001
From: Jackson Schuster <36744439+jtschuster@users.noreply.github.com>
Date: Thu, 21 May 2026 14:00:04 -0700
Subject: [PATCH 6/6] Use IPCodeSymbolNode to denote that a symbold may have
 the thumb bit set

---
 src/coreclr/jit/emit.cpp                          |  5 ++++-
 .../DependencyAnalysis/AssemblyStubNode.cs        |  2 +-
 .../DependencyAnalysis/IMethodBodyNode.cs         |  2 +-
 .../DependencyAnalysis/IPCodeSymbolNode.cs        | 15 +++++++++++++++
 .../Common/Compiler/ObjectWriter/ObjectWriter.cs  |  3 ++-
 .../tools/Common/JitInterface/CorInfoImpl.cs      |  9 ---------
 .../ILCompiler.Compiler.csproj                    |  1 +
 .../ReadyToRun/MethodColdCodeNode.cs              |  4 ++--
 .../ILCompiler.ReadyToRun.csproj                  |  1 +
 9 files changed, 27 insertions(+), 15 deletions(-)
 create mode 100644 src/coreclr/tools/Common/Compiler/DependencyAnalysis/IPCodeSymbolNode.cs

diff --git a/src/coreclr/jit/emit.cpp b/src/coreclr/jit/emit.cpp
index 029d5f44e4ba76..c94fece9a6aa00 100644
--- a/src/coreclr/jit/emit.cpp
+++ b/src/coreclr/jit/emit.cpp
@@ -8464,7 +8464,10 @@ void emitter::emitOutputDataSec(dataSecDsc* sec, AllocMemChunk* chunks)
                 BYTE* target = emitOffsetToPtr(lab->igOffs);
 
 #ifdef TARGET_ARM
-                target = (BYTE*)((size_t)target | 1); // Or in thumb bit
+                if (!m_compiler->opts.compReloc)
+                {
+                    target = (BYTE*)((size_t)target | 1); // Or in thumb bit
+                }
 #endif
                 bDstRW[i] = (target_size_t)(size_t)target;
                 if (m_compiler->opts.compReloc)
diff --git a/src/coreclr/tools/Common/Compiler/DependencyAnalysis/AssemblyStubNode.cs b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/AssemblyStubNode.cs
index cf108390f33195..1dd8fe73fdecd4 100644
--- a/src/coreclr/tools/Common/Compiler/DependencyAnalysis/AssemblyStubNode.cs
+++ b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/AssemblyStubNode.cs
@@ -10,7 +10,7 @@ namespace ILCompiler.DependencyAnalysis
     // TODO-Wasm: Some instances of AssemblyStubNode will need to implement INodeWithTypeSignature
     // if they need to be callable from Wasm, though it may not make sense for the base
     // class to implement INodeWithTypeSignature.
-    public abstract class AssemblyStubNode : ObjectNode, ISymbolDefinitionNode
+    public abstract class AssemblyStubNode : ObjectNode, ISymbolDefinitionNode, IPCodeSymbolNode
     {
         public AssemblyStubNode()
         {
diff --git a/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IMethodBodyNode.cs b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IMethodBodyNode.cs
index a240bbaccf216d..6a17de9af54eed 100644
--- a/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IMethodBodyNode.cs
+++ b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IMethodBodyNode.cs
@@ -6,7 +6,7 @@ namespace ILCompiler.DependencyAnalysis
     /// <summary>
     /// Marker interface that identifies the node representing a compiled method body.
     /// </summary>
-    public interface IMethodBodyNode : IMethodNode
+    public interface IMethodBodyNode : IMethodNode, IPCodeSymbolNode
     {
     }
 }
diff --git a/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IPCodeSymbolNode.cs b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IPCodeSymbolNode.cs
new file mode 100644
index 00000000000000..b34ab0105912f6
--- /dev/null
+++ b/src/coreclr/tools/Common/Compiler/DependencyAnalysis/IPCodeSymbolNode.cs
@@ -0,0 +1,15 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace ILCompiler.DependencyAnalysis
+{
+    /// <summary>
+    /// Denotes that this node's symbol definition is PCode, rather than PInstr.
+    /// That is, the symbol can be used as a pointer to code, and may include a Thumb bit on ARM.
+    /// This means that consumers wanting to reference this symbol as an RVA should adjust accordingly,
+    /// usually with a -1 addend on ARM.
+    /// </summary>
+    public interface IPCodeSymbolNode
+    {
+    }
+}
diff --git a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
index ca055358afa637..d313d9164dbc90 100644
--- a/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
+++ b/src/coreclr/tools/Common/Compiler/ObjectWriter/ObjectWriter.cs
@@ -407,7 +407,7 @@ public virtual void EmitObject(Stream outputFileStream, IReadOnlyCollection<Depe
                     sectionWriter.EmitAlignment(nodeContents.Alignment);
                 }
 
-                bool isMethod = node is IMethodBodyNode or AssemblyStubNode;
+                bool isMethod = node is IPCodeSymbolNode;
                 long thumbBit = _nodeFactory.Target.Architecture == TargetArchitecture.ARM && isMethod ? 1 : 0;
 
                 if (node is WasmTypeNode signature)
@@ -428,6 +428,7 @@ public virtual void EmitObject(Stream outputFileStream, IReadOnlyCollection<Depe
                 foreach (ISymbolDefinitionNode n in nodeContents.DefinedSymbols)
                 {
                     Utf8String mangledName = n == node ? currentSymbolName : GetMangledName(n);
+                    Debug.Assert(((ulong)thumbBit & (ulong)(uint)n.Offset) == 0);
                     sectionWriter.EmitSymbolDefinition(
                         mangledName,
                         n.Offset + thumbBit,
diff --git a/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs b/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
index 028d5eeccbe6d0..3fba674840427e 100644
--- a/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
+++ b/src/coreclr/tools/Common/JitInterface/CorInfoImpl.cs
@@ -4332,15 +4332,6 @@ private void recordRelocation(void* location, void* locationRW, void* target, Co
             RelocType relocType = GetRelocType(fRelocType);
             relocDelta += addlDelta;
 
-            if (_compilation.TypeSystemContext.Target.Architecture == TargetArchitecture.ARM &&
-                relocType == RelocType.IMAGE_REL_BASED_HIGHLOW &&
-                targetBlock == BlockType.Code)
-            {
-                // The ARM JIT reports PCode targets with the Thumb bit set. Method symbols also
-                // carry the Thumb bit, so keep the relocation addend as an offset from the code byte.
-                relocDelta -= _compilation.TypeSystemContext.Target.CodeDelta;
-            }
-
             // relocDelta is stored as the value
             Relocation.WriteValue(relocType, location, relocDelta);
 
diff --git a/src/coreclr/tools/aot/ILCompiler.Compiler/ILCompiler.Compiler.csproj b/src/coreclr/tools/aot/ILCompiler.Compiler/ILCompiler.Compiler.csproj
index e1aa968f4b9c93..ab05b986a32c13 100644
--- a/src/coreclr/tools/aot/ILCompiler.Compiler/ILCompiler.Compiler.csproj
+++ b/src/coreclr/tools/aot/ILCompiler.Compiler/ILCompiler.Compiler.csproj
@@ -307,6 +307,7 @@
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\INodeWithCodeInfo.cs" Link="Compiler\DependencyAnalysis\INodeWithCodeInfo.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\INodeWithRuntimeDeterminedDependencies.cs" Link="Compiler\DependencyAnalysis\INodeWithRuntimeDeterminedDependencies.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\IObjectDumper.cs" Link="Compiler\DependencyAnalysis\IObjectDumper.cs" />
+    <Compile Include="..\..\Common\Compiler\DependencyAnalysis\IPCodeSymbolNode.cs" Link="Compiler\DependencyAnalysis\IPCodeSymbolNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ISortableNode.cs" Link="Compiler\DependencyAnalysis\ISortableNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ISymbolNode.cs" Link="Compiler\DependencyAnalysis\ISymbolNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ObjectDataBuilder.cs" Link="Compiler\DependencyAnalysis\ObjectDataBuilder.cs" />
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodColdCodeNode.cs b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodColdCodeNode.cs
index 4b75d00300cd0f..2af0d945e3c520 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodColdCodeNode.cs
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/MethodColdCodeNode.cs
@@ -8,7 +8,7 @@
 
 namespace ILCompiler.DependencyAnalysis.ReadyToRun
 {
-    public class MethodColdCodeNode : ObjectNode, ISymbolDefinitionNode
+    public class MethodColdCodeNode : ObjectNode, ISymbolDefinitionNode, IPCodeSymbolNode
     {
         private ObjectData _methodColdCode;
         private MethodDesc _owningMethod;
@@ -28,7 +28,7 @@ public override ObjectNodeSection GetSection(NodeFactory factory)
             {
                 ReadyToRunContainerFormat.PE => ObjectNodeSection.ManagedCodeWindowsContentSection,
                 _ => ObjectNodeSection.ManagedCodeUnixContentSection
-            };            
+            };
         }
 
         public override bool IsShareable => false;
diff --git a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/ILCompiler.ReadyToRun.csproj b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/ILCompiler.ReadyToRun.csproj
index 0edb1fb02b5b74..39ac135ee33621 100644
--- a/src/coreclr/tools/aot/ILCompiler.ReadyToRun/ILCompiler.ReadyToRun.csproj
+++ b/src/coreclr/tools/aot/ILCompiler.ReadyToRun/ILCompiler.ReadyToRun.csproj
@@ -89,6 +89,7 @@
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\INodeWithTypeSignature.cs" Link="Compiler\DependencyAnalysis\INodeWithTypeSignature.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\INodeWithRuntimeDeterminedDependencies.cs" Link="Compiler\DependencyAnalysis\INodeWithRuntimeDeterminedDependencies.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\IObjectDumper.cs" Link="Compiler\DependencyAnalysis\IObjectDumper.cs" />
+    <Compile Include="..\..\Common\Compiler\DependencyAnalysis\IPCodeSymbolNode.cs" Link="Compiler\DependencyAnalysis\IPCodeSymbolNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ISortableNode.cs" Link="Compiler\DependencyAnalysis\ISortableNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ISymbolNode.cs" Link="Compiler\DependencyAnalysis\ISymbolNode.cs" />
     <Compile Include="..\..\Common\Compiler\DependencyAnalysis\ObjectDataBuilder.cs" Link="Compiler\DependencyAnalysis\ObjectDataBuilder.cs" />