[AOT] Fix runtime warnings

[JamesNK]

Addresses #45473

• Run AOT analysis on all assemblies with IsTrimmable. Exceptions
  • SpaProxy, it uses configuration, and isn't urgent for preview 1
  • Blazor/components which is being addressed by [AOT] Add RequiresDynamicCode annotation to Microsoft.AspNetCore.Routing #45580
• Suppresses all warnings from DI/hosting. These can be removed when Remove RequiresDynamicCode from Microsoft.Extensions.DependencyInjection runtime#79425 lands
• Almost all make generic type/method usages can either be suppressed or warn for dynamic code. There is a place in hosting where a type could be a struct, but realistically I don't think anyone would ever use a struct there. I've made it throw a runtime error if RuntimeFeatures.IsDynamicCodeSupported is false.

[halter73]

This seems like an improvement to me. I do wonder if we should have stronger runtime checks for the container and identity stuff. Maybe we should be adding new : class generic constraints to some APIs.

Should we file a tracking issue to remove the pragmas once dotnet/runtime#79425 is merged?

[eerhardt]

I don't think this is a valid approach to avoid the warning. This breaks the principle that "if you don't get any warnings, your app will work the same before and after publishing AOT".

If someone was using this functionality, and published for AOT, they wouldn't get any warnings and their app would work successfully at F5/dotnet run time. But when they went to publish the app, it would be broken.

Note this is different than the approach taken in dotnet/runtime#79425. The difference is that DI is using a "feature switch" which gets enabled when PublishAot=true is set in the .csproj. That approach means that the app will still fail at F5/dotnet run time, if the app was using the AOT-incompatible functionality.

I think the existing hosting APIs should just be marked RequiresDynamicCode instead of suppressing these warnings.

[eerhardt]

The same applies for the StartupLoader code/suppression.

[JamesNK]

Startup containers are very rarely used. And I doubt anyone has created a struct startup container. I don't want to annotate the hosting APIs as RequiresDynamicCode for this one weird edge case.

Good point about dotnet run/dotnet publish difference. Should we add a flag like dotnet/runtime#79425 does that ASP.NET Core can use to validate AOT compatibility? Or should there be one flag that is shared by libraries/applications?

I think the use case might be shared between many libraries: AOT always works except in unusual and rare situations. The pragmatic approach is to have a runtime error instead of always warning with annotations.

[eerhardt]

@vitek-karas @MichalStrehovsky @jkotas - thoughts on converting the DI feature switch in dotnet/runtime#79425 to be a general purpose “Verify AOT Compatibility” feature switch that can be used by other libraries? Like for instance, here in aspnet?

[eerhardt]

Another option is to always throw an exception for value types, AOT or not, if we think this functionality isn’t used with value types.

[JamesNK]

Yeah, that's an option. We can publish it as a breaking change.

IMO regardless of whether we use it here or not, I think a generalized runtime verify AOT compatibility flag has some use. I think it provides a pragmatic middle ground in gray situations where something is compatible 99% of the time. Right now we have to choose between suppress and pretend everything is ok, and warn for everyone.

[jkotas]

general purpose “Verify AOT Compatibility” feature switch

This sounds like dotnet/runtime#39806

[vitek-karas]

Having something like dotnet/runtime#39806 would be nice.

You're then left with a choice:

• Just disable the problematic case always (in our case here, always throw and potentially add class constrains in right places) - breaking change
• Rely on Add ability to disable reflection emit for testing runtime#39806 to basically trigger IsDynamicCodeSupported based on a feature switch for you. Downside is that such solution is not granular - and so it would not be possible to disable dynamic code everywhere, except this one case.
• Introduce a new feature switch - which is what Remove RequiresDynamicCode from Microsoft.Extensions.DependencyInjection runtime#79425 is doing. Similar to the above, but it adds granularity. Downside is the added complexity and "yet another feature switch"
• Mark the API as AOT incompatible via the attributes - and hopefully figure out a new API which can be used instead

I think which one to do is a function of the specific scenario. If it's something super rare, I would go with either outright breaking change or generic feature switch. If it's still rare, but "real", then a dedicated feature switch might be better.

[JamesNK]

I've reviewed all the PR comments and changes in this PR. I've simplified some annotations and removed some unnecessary ones.

Some items are still in discussion (startup container, attributes on problem details converters) and work todo (fix problem details errors serialization in converter). Everything else is resolved/improved.

[davidfowl]

We should undo this given our discussion @JamesNK

[JamesNK]

This is useful because it allows common type values as extension values to just work, e.g. adding a string value to problem details extensions.

Other than a small size cost when problem details aren't trimmed away, this doesn't hurt. Are you sure you want it removed?

[davidfowl]

I don't mind keeping it for now and removing it with @brunolins16's JSON changes, but I don't think this is generally useful.

[JamesNK]

Ok! I'd like to keep as is in this PR (rather than reverting to what it was, which doesn't work), and we can iterate on it during .NET 8 as we learn more.

[davidfowl]

@brunolins16 this will all be undone with your changes right?

[brunolins16]

I don't believe, the unsafe API will still need to be attributed, however, RDF + MVC should not call them anymore.

[JamesNK]

@eerhardt @davidfowl All feedback applied. Are there any other changes, or can this get approved and merged 🙏

[eerhardt]

This looks like a great step forward! Thanks for all the great work here.

I just had a few nits, a question, and a follow-up recommendation for the future.

This LGTM. Let's get this in and make more progress.

[eerhardt]

Is there some way we can verify this?

One idea is to add a "Native AOT"-test that uses filter factories and ensures they work correctly.

If it is possible to verify this, we can do it in a follow-up issue/PR. It doesn't need to be addressed in this PR.

[JamesNK]

I'll create follow-up issues for areas to test with native AOT enabled. Any code that tests IsDynamicCodeSupported is a good candidate.

[davidfowl]

The plan is to undo this anyways. This should be suppression free after we execute #45524. There will be new API changes that remove the use of RequestDelegateFactory.

[amcasey]

How does one add a "native AOT" test?

Edit: as discussed offline, we have yet to develop an approach, but we will probably model it on the one used by dotnet/runtime (i.e. create convenience wrappers for exes published as AOT).

[eerhardt]

For my learning:

In dotnet/runtime we typically don't use record because of the bloat associated with it - C# generates members you don't use/need. Do we have guidelines in dotnet/aspnetcore when to use record and when not? Or don't we care as much?

[JamesNK]

I think we don't care as much. It's internal, so if we crack down on records in aspnetcore (we have them in other places) then it's simple enough to change.

[jkotas]

For reference, this is how much IL is generated by this single record line: https://sharplab.io/#v2:EYLgxg9gTgpgtADwGwBYA0AXEBLANgH1kigBMACAUQTBgAcNsIA7KjGJgZ0aYBEBDDHwAUAAQCMABjI8YgvBzRkAkgAkYfEjCg9sYBsz5QAnmTUatCsuKkAFAQAtF1gPyUmJWhGxMMigEoQAK5sAGp8uIEwOnrchkauAcEwYREwHACUANwAsABQeXkiAExkiaHhkdH6THF5AN55AL4Fud5sUABmfDTKZprautW1uQ25jUA==

This record will translate to about 5kB of binary footprint in the native aot image. 80% of it is dynamically unreachable code, but it is impossible for the trimmer to prove that it is unreachable because a lot of it is behind potentially reachable interfaces.

[JamesNK]

Impressive! Looks like we should clean up record usage in aspnetcore.

[davidfowl]

Why not let it warn until we have the real fix?

[davidfowl]

Is this a breaking change?

[JamesNK]

RoleType and UserType are later used to generate types, all of which have a where T : class constraint.

Throwing here means the error is different, and it is thrown in a different place. But a value type as the user or role would always lead to an error.

Although the constructor is public, I imagine the vast majority of people who ever use IdentityBuilder create it via this extension method:

aspnetcore/src/Identity/Extensions.Core/src/IdentityServiceCollectionExtensions.cs

Line 22 in 09b0db0

public static IdentityBuilder AddIdentityCore<TUser>(this IServiceCollection services) where TUser : class

It enforces a class with its own constraint.

[davidfowl]

I'd like to see issues for:

• The developer exception page WRT what we're doing JSON wise there
• ProblemDetails and undoing what's there now
• Undoing the DI changes when those other changes land
• Doing API work in the Map* handlers to remove suppressions in the RouteEndpointDataSource

[JamesNK]

Follow-up issues:

• [AOT] Improve suppressions on RouteEndpointDataSource #45863
• [AOT] Unit testing features with Native AOT #45860
• [AOT] ProblemDetails and Extension values #45862 (includes note about developer exception page)
• [AOT] Improve suppressions on RouteEndpointDataSource #45863

[JamesNK]

Merged! Thanks everyone for your feedback.

[amcasey]

Which line was this comment intended to refer to?

[amcasey]

Is bool implied and/or specified elsewhere?

[amcasey]

How does one add a "native AOT" test?

Edit: as discussed offline, we have yet to develop an approach, but we will probably model it on the one used by dotnet/runtime (i.e. create convenience wrappers for exes published as AOT).