fix: AOT interop with managed .NET runtimes (#6193)

* feat: preload signal handlers and ignore signal API for managed runtimes

Add SENTRY_CRASH_MANAGED_RUNTIME compile-time flag that:
- Preloads signal handlers via __attribute__((constructor)) before
  the managed runtime starts, ensuring correct handler chain order
- Excludes EXC_MASK_BAD_ACCESS and EXC_MASK_ARITHMETIC from Mach
  exception monitoring (handled by the managed runtime via signals)

Add ignoreNextSignal: API on PrivateSentrySDKOnly to let hybrid SDKs
tell SentryCrash to skip the next occurrence of a signal on the
calling thread (thread-local, one-shot).

NULL-guard g_onExceptionEvent callback in handleException to prevent
crash if a signal fires between preload and full sentrycrash_install.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* ref: remove unused g_preloaded flag

The flag was originally needed to prevent sentrycrash_setMonitoring()
from re-enabling Mach exceptions after preload. Now that the Mach
exception mask is controlled at compile time via
SENTRY_CRASH_MANAGED_RUNTIME in SentryCrashMonitor_MachException.c,
there is no runtime state to guard.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix: managed runtime signal handler lifecycle

Preserve the managed runtime's signal handler chain across
SDK lifecycle transitions (close/start) by skipping uninstall
when not handling a crash. On the crash path, uninstall proceeds
normally since the process is terminating.

* style: rename tl_ignore_signum to tl_ignoreSignum

* fix: restore previous signal handler before re-raising

When the signal monitor is disabled under managed runtime, restore
the previous handler for the signal before re-raising to prevent
an infinite loop. Without SA_NODEFER, the raised signal would be
re-delivered to the same handler after it returns.

* ref: remove g_isHandlingCrash flag

The flag is redundant now that handleSignal() restores individual
handlers before re-raising. uninstallSignalHandler() can be a
blanket no-op under SENTRY_CRASH_MANAGED_RUNTIME.

* fix lint

* Document managed runtime interop in develop-docs/SENTRYCRASH.md

* Consume ignore-next-signal flag on next delivery

Reset the flag on any signal delivery, not just the matching
one. Prevents a stale flag from silently suppressing a later
unrelated signal.

* Re-raise ignored signals instead of returning from handler

Instead of returning early from the signal handler when a signal
is ignored, skip crash processing and fall through to the existing
restore + raise path. This avoids undefined behavior when the
ignored signal originates from abort().

* Make restorePreviousSignalHandler unconditional

Remove the SENTRY_CRASH_MANAGED_RUNTIME guard so ignored signals
are properly re-raised regardless of the compile flag. Harmless
for the non-managed case where uninstall already restored them.

* chore: run make generate-public-api

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Itay Brenner <itay.brenner@sentry.io>

Author: 3 people

CHANGELOG.md

@@ -12,6 +12,7 @@
 ### Fixes
 
 - Scope clipOut masking to active clip bounds (#7780)
+- Fix AOT interop with managed .NET runtimes (#6193)
 
 ## 9.9.0
 

Sources/Sentry/PrivateSentrySDKOnly.m

@@ -2,6 +2,7 @@
 #import "SentryAppStartMeasurement.h"
 #import "SentryBreadcrumb+Private.h"
 #import "SentryClient.h"
+#import "SentryCrashC.h"
 #import "SentryHub+Private.h"
 #import "SentryInternalDefines.h"
 #import "SentryMeta.h"
@@ -386,4 +387,9 @@ + (void)setReplayTags:(NSDictionary<NSString *, id> *)tags
 
 #endif
 
++ (void)ignoreNextSignal:(int)signum
+{
+    sentrycrash_ignore_next_signal(signum);
+}
+
 @end

Sources/Sentry/Public/PrivateSentrySDKOnly.h

@@ -200,6 +200,16 @@ typedef void (^SentryOnAppStartMeasurementAvailable)(
  */
 + (void)setLogOutput:(void (^)(NSString *))output;
 
+/**
+ * Tell the crash reporter to ignore the next occurrence of the given signal on
+ * the calling thread. Used by hybrid SDKs to prevent duplicate crash reports
+ * when the host runtime is about to raise a signal that has already been
+ * captured as a managed exception. The ignore is consumed by the next signal
+ * delivery on that thread, regardless of whether it matches.
+ * @param signum The signal number to ignore (e.g. SIGABRT).
+ */
++ (void)ignoreNextSignal:(int)signum;
+
 @end
 
 NS_ASSUME_NONNULL_END

Sources/Sentry/SentrySDKInternal.m

@@ -608,7 +608,9 @@ + (void)close
 // Code not to be analyzed
 + (void)crash
 {
-    int *p = 0;
+    // volatile forces an actual null dereference (SIGSEGV) instead of letting
+    // the compiler optimize the undefined behavior into a trap (SIGTRAP).
+    volatile int *p = 0;
     *p = 0;
 }
 #endif

Sources/Sentry/include/SentryCrashC.h

@@ -51,6 +51,15 @@ SentryCrashMonitorType sentrycrash_install(const char *appName, const char *cons
 
 void sentrycrash_uninstall(void);
 
+/** Tell SentryCrash to ignore the next occurrence of the given signal on the
+ * calling thread. Used to prevent duplicate crash reports when the host runtime
+ * is about to raise a signal (e.g. SIGABRT) that has already been captured as
+ * a managed exception.
+ *
+ * @param signum The signal number to ignore (e.g. SIGABRT).
+ */
+void sentrycrash_ignore_next_signal(int signum);
+
 /** Set the crash types that will be handled.
  * Some crash types may not be enabled depending on circumstances (e.g. running
  * in a debugger).

Sources/Sentry/include/SentryCrashMonitor_Signal.h

@@ -41,6 +41,12 @@ extern "C" {
  */
 void sentrycrashcm_setEnableSigtermReporting(bool enabled);
 
+/** Tell the signal monitor to ignore the next occurrence of the given signal
+ * on the calling thread. Consumed by the next signal delivery, even if it
+ * doesn't match.
+ */
+void sentrycrashcm_signal_ignore_next(int signum);
+
 /** Access the Monitor API.
  */
 SentryCrashMonitorAPI *sentrycrashcm_signal_getAPI(void);

Sources/SentryCrash/Recording/Monitors/SentryCrashMonitor.c

@@ -283,7 +283,9 @@ sentrycrashcm_handleException(struct SentryCrash_MonitorContext *context)
         }
     }
 
-    g_onExceptionEvent(context);
+    if (g_onExceptionEvent != NULL) {
+        g_onExceptionEvent(context);
+    }
 
     if (g_isHandlingFatalException && !g_crashedDuringExceptionHandling) {
         SENTRY_ASYNC_SAFE_LOG_DEBUG("Exception is fatal. Restoring original handlers.");

Sources/SentryCrash/Recording/Monitors/SentryCrashMonitor_MachException.c

@@ -463,6 +463,13 @@ installExceptionHandler(void)
     exception_mask_t mask = EXC_MASK_BAD_ACCESS | EXC_MASK_BAD_INSTRUCTION | EXC_MASK_ARITHMETIC
         | EXC_MASK_SOFTWARE | EXC_MASK_BREAKPOINT;
 
+#    ifdef SENTRY_CRASH_MANAGED_RUNTIME
+    // Exclude Mach exceptions that the managed (.NET/Mono) runtime handles via
+    // signal handlers (EXC_BAD_ACCESS for NullReferenceException, EXC_ARITHMETIC
+    // for DivideByZeroException).
+    mask &= ~(EXC_MASK_BAD_ACCESS | EXC_MASK_ARITHMETIC);
+#    endif
+
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Backing up original exception ports.");
     kr = task_get_exception_ports(thisTask, mask, g_previousExceptionPorts.masks,
         &g_previousExceptionPorts.count, g_previousExceptionPorts.ports,

Sources/SentryCrash/Recording/Monitors/SentryCrashMonitor_Signal.c

@@ -49,6 +49,7 @@
 
 static volatile bool g_isEnabled = false;
 static bool g_isSigtermReportingEnabled = false;
+static _Thread_local int tl_ignoreSignum = 0;
 
 static SentryCrash_MonitorContext g_monitorContext;
 static SentryCrashStackCursor g_stackCursor;
@@ -63,6 +64,23 @@ static struct sigaction *g_previousSignalHandlers = NULL;
 
 static char g_eventID[37];
 
+// ============================================================================
+#    pragma mark - Utility -
+// ============================================================================
+
+static void
+restorePreviousSignalHandler(int sigNum)
+{
+    const int *fatalSignals = sentrycrashsignal_fatalSignals();
+    int count = sentrycrashsignal_numFatalSignals();
+    for (int i = 0; i < count; i++) {
+        if (fatalSignals[i] == sigNum) {
+            sigaction(sigNum, &g_previousSignalHandlers[i], NULL);
+            return;
+        }
+    }
+}
+
 // ============================================================================
 #    pragma mark - Callbacks -
 // ============================================================================
@@ -82,8 +100,11 @@ static char g_eventID[37];
 static void
 handleSignal(int sigNum, siginfo_t *signalInfo, void *userContext)
 {
+    int ignoreSignum = tl_ignoreSignum;
+    tl_ignoreSignum = 0;
+
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Trapped signal %d", sigNum);
-    if (g_isEnabled) {
+    if (g_isEnabled && sigNum != ignoreSignum) {
         thread_act_array_t threads = NULL;
         mach_msg_type_number_t numThreads = 0;
         // Signal handlers preempt the crashing thread, so reentrancy can
@@ -112,6 +133,10 @@ handleSignal(int sigNum, siginfo_t *signalInfo, void *userContext)
     }
 
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Re-raising signal for regular handlers to catch.");
+    if (!g_isEnabled || sigNum == ignoreSignum) {
+        // Avoid re-entering this handler on raise().
+        restorePreviousSignalHandler(sigNum);
+    }
     // This is technically not allowed, but it works in OSX and iOS.
     raise(sigNum);
 }
@@ -123,6 +148,15 @@ handleSignal(int sigNum, siginfo_t *signalInfo, void *userContext)
 static bool
 installSignalHandler(void)
 {
+#    ifdef SENTRY_CRASH_MANAGED_RUNTIME
+    // Already installed by onPreload(). Reinstalling would overwrite
+    // g_previousSignalHandlers with the managed runtime's handler instead
+    // of the original system handler.
+    if (g_previousSignalHandlers != NULL) {
+        return true;
+    }
+#    endif
+
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Installing signal handler.");
 
 #    if SENTRY_HAS_SIGNAL_STACK
@@ -222,6 +256,10 @@ installSignalHandler(void)
 static void
 uninstallSignalHandler(void)
 {
+#    ifdef SENTRY_CRASH_MANAGED_RUNTIME
+    // Keep the handlers installed to preserve the managed runtime's signal
+    // chain. handleSignal() restores individual handlers before re-raising.
+#    else
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Uninstalling signal handlers.");
 
     const int *fatalSignals = sentrycrashsignal_fatalSignals();
@@ -237,10 +275,11 @@ uninstallSignalHandler(void)
         sigaction(fatalSignals[i], &g_previousSignalHandlers[i], NULL);
     }
 
-#    if SENTRY_HAS_SIGNAL_STACK
+#        if SENTRY_HAS_SIGNAL_STACK
     g_signalStack = (stack_t) { 0 };
-#    endif
+#        endif
     SENTRY_ASYNC_SAFE_LOG_DEBUG("Signal handlers uninstalled.");
+#    endif
 }
 
 static void
@@ -284,6 +323,14 @@ sentrycrashcm_setEnableSigtermReporting(bool enabled)
 #endif
 }
 
+void
+sentrycrashcm_signal_ignore_next(int signum)
+{
+#if SENTRY_HAS_SIGNAL
+    tl_ignoreSignum = signum;
+#endif
+}
+
 SentryCrashMonitorAPI *
 sentrycrashcm_signal_getAPI(void)
 {

Sources/SentryCrash/Recording/SentryCrashC.c

@@ -31,6 +31,7 @@
 #include "SentryCrashFileUtils.h"
 #include "SentryCrashMonitorContext.h"
 #include "SentryCrashMonitor_AppState.h"
+#include "SentryCrashMonitor_Signal.h"
 #include "SentryCrashMonitor_System.h"
 #include "SentryCrashObjC.h"
 #include "SentryCrashReport.h"
@@ -63,6 +64,21 @@ static void (*g_saveTransaction)(void) = 0;
 #pragma mark - Utility -
 // ============================================================================
 
+#ifdef SENTRY_CRASH_MANAGED_RUNTIME
+/** Preload signal handlers before the managed (.NET/Mono) runtime installs its
+ * own, to ensure the correct handler chain order:
+ * managed runtime -> SentryCrash -> system.
+ */
+__attribute__((constructor)) static void
+onPreload(void)
+{
+    if (g_installed) {
+        return;
+    }
+    sentrycrashcm_setActiveMonitors(SentryCrashMonitorTypeSignal);
+}
+#endif
+
 // ============================================================================
 #pragma mark - Callbacks -
 // ============================================================================
@@ -171,6 +187,12 @@ sentrycrash_setMonitoring(SentryCrashMonitorType monitors)
     return g_monitoring;
 }
 
+void
+sentrycrash_ignore_next_signal(int signum)
+{
+    sentrycrashcm_signal_ignore_next(signum);
+}
+
 void
 sentrycrash_setUserInfoJSON(const char *const userInfoJSON)
 {