[cDAC] Implement stack reference walking and GC stress verification

docs/design/datacontracts/ExecutionManager.md

@@ -50,7 +50,10 @@ struct CodeBlockHandle
     List<ExceptionClauseInfo> GetExceptionClauses(CodeBlockHandle codeInfoHandle);
 
     // Extension Methods (implemented in terms of other APIs)
+    // Returns true if the code block is a funclet (exception handler, filter, or finally)
     bool IsFunclet(CodeBlockHandle codeInfoHandle);
+    // Returns true if the code block is specifically a filter funclet
+    bool IsFilterFunclet(CodeBlockHandle codeInfoHandle);
 ```
 
 ```csharp
@@ -450,6 +453,8 @@ There are two distinct clause data types. JIT-compiled code uses `EEExceptionCla
 
 After obtaining the clause array bounds, the common iteration logic classifies each clause by its flags. The native `COR_ILEXCEPTION_CLAUSE` flags are bit flags: `Filter` (0x1), `Finally` (0x2), `Fault` (0x4). If none are set, the clause is `Typed`. For typed clauses, if the `CachedClass` flag (0x10000000) is set (JIT-only, used for dynamic methods), the union field contains a resolved `TypeHandle` pointer; the clause is a catch-all if this pointer equals the `ObjectMethodTable` global. Otherwise, the union field is a metadata `ClassToken`. To determine whether a typed clause is a catch-all handler, the `ClassToken` (which may be a `TypeDef` or `TypeRef`) is resolved to a `MethodTable` via the `Loader` contract's module lookup maps (`TypeDefToMethodTable` or `TypeRefToMethodTable`) and compared against the `ObjectMethodTable` global. For typed clauses without a cached type handle, the module address is resolved by walking `CodeBlockHandle` → `MethodDesc` → `MethodTable` → `TypeHandle` → `Module` via the `RuntimeTypeSystem` contract.
 
+`IsFilterFunclet` first checks `IsFunclet`. If the code block is a funclet, it retrieves the EH clauses for the method and checks whether any filter clause's handler offset matches the funclet's relative offset. If a match is found, the funclet is a filter funclet.
+
 ### RangeSectionMap
 
 The range section map logically partitions the entire 32-bit or 64-bit addressable space into chunks.

docs/design/datacontracts/StackWalk.md

@@ -74,12 +74,25 @@ This contract depends on the following descriptors:
 | `CalleeSavedRegisters` | For each callee saved register `r`, `r` | Register names associated with stored register values |
 | `TailCallFrame` (x86 Windows) | `CalleeSavedRegisters` | CalleeSavedRegisters data structure |
 | `TailCallFrame` (x86 Windows) | `ReturnAddress` | Frame's stored instruction pointer |
+| `ExceptionInfo` | `ExceptionFlags` | Bit flags from `ExceptionFlags` class (`exstatecommon.h`). Used for GC reference reporting during stack walks with funclet handling. |
+| `ExceptionInfo` | `StackLowBound` | Low bound of the stack range unwound by this exception |
+| `ExceptionInfo` | `StackHighBound` | High bound of the stack range unwound by this exception |
+| `ExceptionInfo` | `CSFEHClause` | Caller stack frame of the current EH clause |
+| `ExceptionInfo` | `CSFEnclosingClause` | Caller stack frame of the enclosing clause |
+| `ExceptionInfo` | `CallerOfActualHandlerFrame` | Stack frame of the caller of the catch handler |
+| `ExceptionInfo` | `PreviousNestedInfo` | Pointer to previous nested ExInfo |
+| `ExceptionInfo` | `PassNumber` | Exception handling pass (1 or 2) |
 
 Global variables used:
 | Global Name | Type | Purpose |
 | --- | --- | --- |
 | For each FrameType `<frameType>`, `<frameType>##Identifier` | `FrameIdentifier` enum value | Identifier used to determine concrete type of Frames |
 
+Constants used:
+| Source | Name | Value | Purpose |
+| --- | --- | --- | --- |
+| `ExceptionFlags` (`exstatecommon.h`) | `Ex_UnwindHasStarted` | `0x00000004` | Bit flag in `ExceptionInfo.ExceptionFlags` indicating exception unwinding (2nd pass) has started. Used by `IsInStackRegionUnwoundBySpecifiedException` to skip ExInfo trackers still in the 1st pass. |
+
 Contracts used:
 | Contract Name |
 | --- |
@@ -369,11 +382,11 @@ TargetPointer GetMethodDescPtr(TargetPointer framePtr)
     4. The InlinedCallFrame's return address method has a MDContext arg
 
   In this case, we report the actual interop MethodDesc. A pointer to the MethodDesc immediately follows the InlinedCallFrame in memory.
-This API is implemeted as follows:
+This API is implemented as follows:
 1. Try to get the current frame address `framePtr` with `GetFrameAddress`.
 2. If the address is not null, compute `reportInteropMD` as listed above. Otherwise skip to step 5.
 3. If `reportInteropMD`, dereference the pointer immediately following the InlinedCallFrame and return that value.
-4. If `!reportIteropMD`, return `GetMethodDescPtr(framePtr)`.
+4. If `!reportInteropMD`, return `GetMethodDescPtr(framePtr)`.
 5. Check if the current context IP is a managed context using the ExecutionManager contract. If it is a managed context, use the ExecutionManager context to find the related MethodDesc and return the pointer to it.
 ```csharp
 TargetPointer GetMethodDescPtr(IStackDataFrameHandle stackDataFrameHandle)

src/coreclr/inc/clrconfigvalues.h

@@ -747,6 +747,8 @@ CONFIG_STRING_INFO(INTERNAL_PerfTypesToLog, W("PerfTypesToLog"), "Log facility L
 CONFIG_STRING_INFO(INTERNAL_PrestubGC, W("PrestubGC"), "")
 CONFIG_STRING_INFO(INTERNAL_PrestubHalt, W("PrestubHalt"), "")
 RETAIL_CONFIG_STRING_INFO(EXTERNAL_RestrictedGCStressExe, W("RestrictedGCStressExe"), "")
+RETAIL_CONFIG_DWORD_INFO(INTERNAL_GCStressCdacFailFast, W("GCStressCdacFailFast"), 0, "If nonzero, assert on cDAC/runtime GC ref mismatch during GC stress (GCSTRESS_CDAC mode).")
+RETAIL_CONFIG_STRING_INFO(INTERNAL_GCStressCdacLogFile, W("GCStressCdacLogFile"), "Log file path for cDAC GC stress verification results.")
 CONFIG_DWORD_INFO(INTERNAL_ReturnSourceTypeForTesting, W("ReturnSourceTypeForTesting"), 0, "Allows returning the (internal only) source type of an IL to Native mapping for debugging purposes")
 RETAIL_CONFIG_DWORD_INFO(UNSUPPORTED_RSStressLog, W("RSStressLog"), 0, "Allows turning on logging for RS startup")
 CONFIG_DWORD_INFO(INTERNAL_SBDumpOnNewIndex, W("SBDumpOnNewIndex"), 0, "Used for Syncblock debugging. It's been a while since any of those have been used.")

src/coreclr/inc/gcinfotypes.h

@@ -53,6 +53,7 @@ inline UINT32 CeilOfLog2(size_t x)
 #endif
 }
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum GcSlotFlags
 {
     GC_SLOT_BASE      = 0x0,
@@ -65,6 +66,7 @@ enum GcSlotFlags
     GC_SLOT_IS_DELETED  = 0x10,
 };
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum GcStackSlotBase
 {
     GC_CALLER_SP_REL = 0x0,
@@ -131,6 +133,7 @@ struct GcStackSlot
 //
 //--------------------------------------------------------------------------------
 
+// [cDAC] [StackWalk]: GCInfo decoder depends on these values.
 enum ReturnKind {
 
     // Cases for Return in one register

src/coreclr/inc/patchpointinfo.h

@@ -7,6 +7,8 @@
 
 #include <clrtypes.h>
 
+#include "../vm/cdacdata.h"
+
 #ifndef _PATCHPOINTINFO_H_
 #define _PATCHPOINTINFO_H_
 
@@ -217,6 +219,8 @@ struct PatchpointInfo
     }
 
 private:
+    friend struct ::cdac_data<PatchpointInfo>;
+
     enum
     {
         OFFSET_SHIFT = 0x1,

src/coreclr/vm/CMakeLists.txt

@@ -329,6 +329,7 @@ set(VM_SOURCES_WKS
     finalizerthread.cpp
     floatdouble.cpp
     floatsingle.cpp
+    cdacgcstress.cpp
     frozenobjectheap.cpp
     gccover.cpp
     gcenv.ee.cpp