JIT: Kill assertions about struct local when skipping field stores in block morph (#115556)

If we skip storing a field local because we know it is dead, then assertions
about the struct local are no longer valid, so invalidate them in that case.

Without this change we could end up using the assertion about the struct local
to remove a future store to the particular field, which would leave no zeroing
of that field, and would be observable.

Author: jakobbotsch

src/coreclr/jit/morphblock.cpp

@@ -242,8 +242,6 @@ void MorphInitBlockHelper::PropagateBlockAssertions()
 //
 void MorphInitBlockHelper::PropagateExpansionAssertions()
 {
-    // Consider doing this for FieldByField as well
-    //
     if (m_comp->optLocalAssertionProp && (m_transformationDecision == BlockTransformation::OneStoreBlock))
     {
         m_comp->fgAssertionGen(m_store);
@@ -400,6 +398,7 @@ void MorphInitBlockHelper::TryInitFieldByField()
         if (m_comp->fgGlobalMorph && m_dstLclNode->IsLastUse(i))
         {
             JITDUMP("Field-by-field init skipping write to dead field V%02u\n", fieldLclNum);
+            m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));
             continue;
         }
 
@@ -1242,6 +1241,7 @@ GenTree* MorphCopyBlockHelper::CopyFieldByField()
         {
             INDEBUG(unsigned dstFieldLclNum = m_comp->lvaGetDesc(m_dstLclNum)->lvFieldLclStart + i);
             JITDUMP("Field-by-field copy skipping write to dead field V%02u\n", dstFieldLclNum);
+            m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));
             continue;
         }
 

src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.cs

@@ -0,0 +1,34 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Runtime.CompilerServices;
+using Xunit;
+
+public static class Runtime_113658
+{
+    [Fact]
+    public static int TestEntryPoint()
+    {
+        FillStackWithGarbage();
+        long? nullable = FaultyDefaultNullable<long?>();
+        return (int)(100 + nullable.GetValueOrDefault());
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    private static void FillStackWithGarbage()
+    {
+        stackalloc byte[256].Fill(0xcc);
+    }
+
+    [MethodImpl(MethodImplOptions.NoInlining)]
+    [SkipLocalsInit]
+    private static T FaultyDefaultNullable<T>()
+    {
+        // When T is a Nullable<T> (and only in that case), we support returning null
+        if (default(T) is null && typeof(T).IsValueType)
+            return default!;
+
+        throw new InvalidOperationException("Not nullable");
+    }
+}

src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.csproj

@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <Optimize>True</Optimize>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="$(MSBuildProjectName).cs" />
+  </ItemGroup>
+</Project>

src/tests/JIT/Regression/JitBlue/Runtime_114358/Runtime_114358.cs

@@ -1,5 +1,6 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
+
 // Found by Antigen
 // Reduced from 206.63 KB to 1.9 KB.
 

src/tests/JIT/Regression/JitBlue/Runtime_114978/Runtime_114978.cs

@@ -1,3 +1,6 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
 // Generated by Fuzzlyn v2.7 on 2025-04-23 21:44:41
 // Run on X64 Windows
 // Seed: 3309115426102150651-vectort,vector128,vector256,vector512,x86aes,x86avx,x86avx2,x86avx512bw,x86avx512bwvl,x86avx512cd,x86avx512cdvl,x86avx512dq,x86avx512dqvl,x86avx512f,x86avx512fvl,x86avx512fx64,x86avx512vbmi,x86avx512vbmivl,x86bmi1,x86bmi1x64,x86bmi2,x86bmi2x64,x86fma,x86lzcnt,x86lzcntx64,x86pclmulqdq,x86popcnt,x86popcntx64,x86sse,x86ssex64,x86sse2,x86sse2x64,x86sse3,x86sse41,x86sse41x64,x86sse42,x86sse42x64,x86ssse3,x86x86base