Update script to replace the BDN version being used in the PerfBDN app to the same version we use for all BDN tests and in BDN extensions. (#89057)

Microsoft.CodeAnalysis , Microsoft.CodeAnalysis.CSharp , Microsoft.Net.Compilers.Toolset
 From Version 4.7.0-3.23361.9 -> To Version 4.7.0-3.23366.1
Co-authored-by: Ndotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>

Bumps [semver](https://github.com/npm/node-semver) from 7.3.7 to 7.5.4.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.3.7...v7.5.4)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...
Signed-off-by: Ndependabot[bot] <support@github.com>
Co-authored-by: Ndependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Passing arguments to bdn as `"--wasmArgs=--expose_wasm --module"` broke
with the latest update. Now this gets incorrectly parsed. Instead, what
works is: `--wasmArgs "--expose_wasm --module"`.

* Build the shim assemblies as part of libs.sfx

The shims build was intentionally kept out of the libs.sfx subset as
some shims reference out-of-band assemblies that also need to be built.

Since that change was made, the shim assemblies now don't reference all out-of-band
assemblies by default anymore and instead use fine grained dependencies.
Because of that, the number of out-of-band projects referenced and built
as part of the shims build is much smaller (~10 projects).

This fixes issues with ouf-of-band source generators not being able to
target the live targeting pack. These source generators need the shims
(more precisely the netstandard.dll shims) as some of the referenced
Microsoft.CodeAnalysis packages don't provide a .NETCoreApp assembly.

* Add fake assemblies for out-of-band type forward destinations

* Fix issues with nested classes and wrong type destinations

* Disable binplacing

* Make stubs private

* Disable symbols for stubs

* Add build protection to validate API compatibility of shims

Since https://github.com/dotnet/emsdk/pull/343, we are now able to support native linux-arm64 on wasm. This change adds linux-arm64 to wasm-tools and wasi-experimental workloads.

* Change NegotiateAuthentication implementation to use indirection through NegotiateAuthenticationPal to the actual implementation.

The PAL implementation are merged from different sources to follow the same structure:
- NTAuthentication.Managed.cs -> NegotiateAuthenticationPal.Managed.cs
- NTAuthentication.Common.cs + NegotiateStreamPal.Windows.cs -> NegotiateAuthenticationPal.Windows.cs
- NTAuthentication.Common.cs + NegotiateStreamPal.Unix.cs -> NegotiateAuthenticationPal.Unix.cs

This split allows to delete ContextFlagsPal, SafeDeleteNegoContext, and SafeFreeNegoCredentials abstractions that were used in NegotiateStreamPal.

* Unify impersonation level validation between Windows and Unix pllatforms

* Split managed NTLM and managed SPNEGO implementations; add UseManagedNtlm switch on Unix platforms

* Remove debug cruft

* Fix couple of errors in managed SPNEGO

* Remove debug print

* Fix message sequence in managed NTLM; remove unused method

* Fix fallbacks on macOS GSSAPI

* Cleanup and fallbacks for missing NTLM, GSSAPI

* Adjust tests to assume that NTLM is always available on Unix

* Don't claim NTLM support on Browser

* Revert "Don't claim NTLM support on Browser"

This reverts commit 87d0c56f67a5269d9b334ab17887338ac4cfe49b.

* Attempt to fix the browser tests

* Revert "Attempt to fix the browser tests"

This reverts commit 91d7ce289a7274b682803b1d5dfdf418a5c2120c.

* Browser test suppression

* Respect UseManagedNtlm=false on platforms without NTLM GSSAPI provider

* Update src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs

* Revert all the fallback code paths, System.Net.Security.UseManagedNtlm has to be enabled explicitly; NativeAOT on Linux Bionic does that by default because it doesn't have GSSAPI and native shim

As with Debug.Assert/Fail, by default failures result in fail fasts.  It's possible for other trace listeners to be plugged in instead, but there's no way to model that with nullable reference types.  There's no reason Trace should be on a different plan from Debug, so this moves it to having the same annotations Debug has had for years.

Fixes #76644, fixes #82168.

This PR allows an `osx-arm64` or `osx-x64` machine to produce a `mono-aot-cross` compiler that will run on the following host and create AOT images for the following targets:

| Host | Target | Test App runs |
|--------|--------|--------|
| osx-arm64 | iossimulator-x64 | ✅  |
| osx-arm64 | android-x64 | ✅   |
| osx-arm64 | android-x86 | ✅  - depends on a hack for https://github.com/dotnet/runtime/issues/89039 | 

Additionally a `linux-x64` or `linux-arm64` machine can build a `mono-aot-cross` compiler for these host/target pairs:

| Host | Target | Test App runs |
|--------|--------|--------|
| linux-arm64 | android-x64 | ❓ |
| linux-arm64 | linux_musl-x64 | ❓ |
| linux-arm64 | android-x86 | ❓ |

Related to https://github.com/dotnet/runtime/issues/82495

* [aot][ios] Build cross-compilers targeting x64 hosted on arm64

* Use MONO_CROSS_COMPILE instead of host checks

* [android][x86] Build mono-aot-cross hosted on osx-arm64 targeting android-x86

* fix build of mono-aot-cross hosted on linux-arm64 targeting android-x64

* runtime pipeline changes to build arm64 artifacts on x64 hardware

* Fix linux_musl-arm64 builds

---------
Co-authored-by: NJo Shields <directhex@apebox.org>

Fixes #63159, fixes #85729.

* [RISC-V][JIT] Fix DevDiv_718151 test

* Remove HFA check on RISC-V

* [RISC-V][JIT] Update

- Update PUTARG_SPLIT
- Remove converting in PUTARG_STK

This reverts commit 9fedcc55.

* Improve text for OpenSsl primitives when OpenSSL is not available

* Update src/libraries/System.Security.Cryptography/src/Resources/Strings.resx
Co-authored-by: NStephen Toub <stoub@microsoft.com>

---------
Co-authored-by: NStephen Toub <stoub@microsoft.com>

* Add switch: Do not resolve URLs by defaults for XML

* feedback, test

* rename switch per API review

* Apply missed feedback, fix test failure

* Fix typo in IgnoreEmptyKeySequences
Co-authored-by: NDavid Cantú <dacantu@microsoft.com>

* Update src/libraries/System.Private.Xml/tests/TrimmingTests/XmlUrlResolverDefaults.IsNetworkingEnabledByDefault.cs
Co-authored-by: NDavid Cantú <dacantu@microsoft.com>

---------
Co-authored-by: NDavid Cantú <dacantu@microsoft.com>

The core of the change is that `UnsafeAccessor` creates a code dependency from the accessor method to the target specified by the attribute. The trimmer needs to follow this dependency and preserve the target. Additionally, because the trimmer operates at the IL level, it needs to make sure that the target will keep its name and some other properties intact (so that the runtime implementation of the `UnsafeAccessor` can still work).

Implementation choices:
* The trimmer will mark the target as "accessed via reflection", this is a simple way to make sure that name and other properties about the target are preserved. This could be optimized in the future, but the savings are probably not that interesting.
* The implementation ran into a problem when trying to precisely match the signature overload resolution. Due to Cecil issues and the fact that Cecil's resolution algorithm is not extensible, it was not possible to match the runtime's behavior without adding lot more complexity (currently it seems we would have to reimplement method resolution in the trimmer). So, to simplify the implementation, trimmer will mark all methods of a given name. This means it will mark more than necessary. This is fixable by adding more complexity to the code base if we think there's a good reason for it.
* Due to the above choices, there are some behavioral differences:
  * Trimmer will warn if the target has data flow annotations, always. There's no way to "fix" this in the code without a suppression.
  * Trimmer will produce different warning codes even if there is a true data flow mismatch - this is because it treats the access as "reflection access" which produces different warning codes from direct access.
  * These differences are fixable, but it was not deemed necessary right now.
* We decided that analyzer will not react to the attribute at all, and thus will not produce any diagnostics around it.

The guiding reason to keep the implementation simple is that we don't expect the unsafe accessor to be used by developers directly, instead we assume that vast majority of its usages will be from source generators. So, developer UX is not as important.

Test changes:
* Adds directed tests for the marking behavior
* Adds tests to verify that `Requires*` attributes behave correctly
* Adds tests to verify that data flow annotations behave as expected (described above)
* The tests are effectively a second validation of the NativeAOT implementation as they cover NativeAOT as well.

Fixes in CoreCLR/NativeAOT:
This change fixes one bug in the CoreCLR/NativeAOT implementation, unsafe accessor on a instance method of a value type must use "by-ref" parameter for the `this` parameter. Without the "by-ref" the accessor is considered invalid and will throw.
This change also adds some tests to the CoreCLR/NativeAOT test suite.

Part of https://github.com/dotnet/runtime/issues/86161.
Related to https://github.com/dotnet/runtime/issues/86438.
Feature design in https://github.com/dotnet/runtime/issues/81741.

* Localized file check-in by OneLocBuild Task: Build definition ID 679: Build ID 2223937

* Localized file check-in by OneLocBuild Task: Build definition ID 679: Build ID 2223937

* Enable AddressSanitizer in CoreCLR, Libs, and Host and update runtime-sanitized to run tests with ASAN on Linux and Mac

* Unify on HAS_ADDRESS_SANITIZER define name

Centralize setting up sanitizer flags.

Remove last usage of CLR_CMAKE_ENABLE_ASAN outside of eng/native

Remove unnecessary diffs

Use the cpuid intrinsic and enable ASAN on InitJitHelpers1.

Add comments for the places where we have ASAN disabled

Undo changes to src/coreclr/jit/CMakeLists.txt

Add docs and fix the docs in the build script.

Add docs for the SkipVCEnvInit hook

* Remove CRT runtime changes. We won't need this when we finally onboard to Windows with some changes they have coming down the pipeline, so remove them for now to reduce the diff of this PR.

* Remove suppression now that we've fixed the underlying issue.

* Remove some Windows-only sanitizer CMake that we won't need when ASAN is ready for us to consume on Windows.

* Set schedule for runtime-sanitized pipeline

* Remove workaround in JIT memory set/copy helpers now that the JIT bug has been fixed.

* Add missing helix queues setup template.

* Fix missing command to build nativeaot runtime tests as nativeaot.

* Add a scenario name to trigger the extended timeout in the libraries test helix configuration.

* Remove extraneous whitespace.

* Fix using the cross-targetting ILC when sanitizers are enabled. Also pass through our TargetOS and TargetArchitecture variables to the publish command for our native sanitizers targets to correctly do their extra logic.

* Disable LSAN on the CustomMain test.

* Disable some tests on sanitized runtimes.

* Copy the sanitizer runtime for OSX NativeAOT runtime tests.

* A little cleanup to try to get the build right now that we are always doing cross-builds on Linux.

* Fix crossgen-corelib.proj syntax.

* Fix cross-os dac builds to not include the host architecture in the output path.

* Split the debugger components into a separate component and make the "unsanitized cross components" build into an "unsanitized debugger components" build as it can't be part of the regular cross-components build

* Always write out the host-arch path on Windows and update the cross-dac build script to expect that.

* Change to use the dynamic runtime on Windows, as ASAN in VS is moving to a dynamic-only model.

* Update docker images to include the sanitizer runtimes in the crossrootfs images.

* Fix explicit image tags

* The unsanitized build should be of the target architecture, not the host architecture. As a result, we still need a cross-arch build for the cross-arch use cases when sanitized, as well as an unsanitized target arch build for the debugger tools.

* Turn off using the sigaltstack for NativeAOT tests that don't use the asansupport.cpp default options

* Make sure the shared ASAN runtime is present for the nativeaot/SmokeTests/SharedLibrary test.

* Disable crossgen2 tests with sanitizers as they don't get us interesting coverage.

* Fix custom default options and disable some more crossgen2-based tests.

* Simplify lookup of asan runtime on mac and fix copying the shared runtime for the SharedLibrary NativeAOT test.

* Disable test that's failing for weird reasons.

* Fix one more alloc-dealloc mismatch that only started to show up after test merging increased allocations in the runtime

* Disable the System.Text.Json test suite on sanitized builds as it causes SO failures on Mac

* Fix test exclusion

* PR feedback.

* Fix mac build

* Do review changes

* Add libbootstrapper object files to the platform manifest now that NativeAOT has

* Disable tests that check size on sanitized builds

* Use the built-in `include_guard` option

* Disable use-after-return checking in ASAN. CoreCLR doesn't do well with parallel stacks.

* Only pass the no UAR flag on C and CXX with Clang (not AppleClang).

When the runtime needs to turn some kinds of signals into managed
exceptions (for example: SIGINT turns into
`new ExecutionEngineException ("Interrupted (SIGINT)")`, and some
SIGFPE turn into `DivideByZeroException`, and some SIGSEGV turn into a
`NullReferenceException`) instead of unwinding the stack from inside a
signal handler it instead adjusts the normal stack so that when the
signal handler returns, execution will resume in
`handle_signal_exception`.

That means that if the runtime was in GC Safe mode when the signal
was raised, even if the signal handler code transitions to GC Unsafe
mode, by the time the `handle_signal_exception` runs, we will have
undone the GC Unsafe transition and will be back in GC Safe.

That means if the code in `handle_signal_exception` (notably
`mono_handle_exception`) calls anything that tries to do a transition
to GC Safe, we may get an assertion.

Fixes https://github.com/dotnet/runtime/issues/88405

Remove `#if NETCOREAPP`   There is nothing net core specific about the assertions in this test.  No other tests in the `PreserveDependencies` folder have kept attributes inside of `#if NETCOREAPP` (#89041)

`DynamicDependencyOnUnusedMethodInNonReferencedAssemblyWithCopyUsedAction` is the same scenario and doesn't need the #ifs either

Tracking: https://github.com/dotnet/runtime/issues/84911

* ntlm

* test base

* qpack

* FileSys

* JSON

* interp tests

* fix NTAuthentication leak

* More in JSON

* more tests

* ntlmserver disposable

* more tests

* more tests

* tar tests

* feedback

* Remove createdump's DAC dependency for the PAL for NativeAOT

* Code review feedback - use utf16 mini pal functions

* Fix OSX build break

* Code review feedback

* Lib upgrade for ToUtf16

* Upgrade NarrowUtf16ToAscii with Vector512

* Complete the upgrade in NarrowUtf16ToAscii method
with Vector512 and Vector256 APIs.

* Adding VectorXX paths to `GetIndexOfFirstNonAscii` functions.

* Adding optimization to Vecto256 VectorContainsNonAsciiChar method.

* Code path refactoring and cleanup.

* Code changes based on the review:
1. turn some variables into explicitly specified const.
2. removed some helper functions and inlined them.

* Resolve comments

* revert the changes at GetIndexOfFirstNonAsciiByte

---------
Co-authored-by: NRuihan-Yin <ruihan.yin@intel.com>

* Fix regression introduced by https://github.com/dotnet/runtime/pull/84279 preventing PAX entries with really long data streams to get its size correctly stored in the extended attributes when the data stream is unseekable.

* Move tests for large files to a new manual tests project.

* wrap exceptions from callbacks in QuicError.CallbackError

* feedback

Register a callback that tries to load other versions Open LDAP library if the default is failed (#88851)

* Register a callback to AssemblyLoadContext.Default.ResolvingUnmanagedDll event that tries to load other libraries

* Do not throw when library not found

* Check version 2.6 first

I ran it over runtime, and the only things flagged were for exceptional cases where it's not worth using.  Rather than a bunch of suppressions, I'm just enabling it as info-level.

* Prevent Arm64 CrossDac builds running on Arm64.

Currently, when building the CLR on win-arm64, CrossDac builds for
Linux with an (incorrect) host arch of x64 are attempted, failing
the build. This patch prevents those builds running on systems with
an identical host architecture to the cross target.

* Revert to simpler strategy of simply ignoring when arch != x86|x64.

* Add collection literal support for immutable collections

Add the CollectionBuilderAttribute and use it on the supported immutable collections

* Address feedback

* Checking that BrowserDebugProxy is waiting for this new format to avoid incompatibility

* Fix compilation error

* fix message format

* Fix indentation

Delete `VerifyExpectModifiedAttributesWork`.  This test has bit rotted since being made netfx only and now fails due to etw feature removal logic no longer existing. (#89017)

This test dates back to earlier days when the linker had few mechanisms that modified bodies and UnityLinker had many.  I added this test to make sure that test framework support for this attribute didn't break since we depended on it.  Now days, the linker has many mechanisms that modify bodies and `[ExpectBodyModified]` is heavily used in tests.  I don't think there is any value in updating this test to use a different code pattern that results in needing `[ExpectBodyModified]`.