Remove TEB field from Thread, DAC, and cDAC (#126902)

> [!NOTE]
> This PR was generated with the assistance of GitHub Copilot.

## Summary

Remove the TEB (Thread Environment Block) pointer from the DAC/cDAC
Thread data contract. Consumers should look up the TEB from the OS
thread ID via the debugger's native API instead.

## Background

The `Thread::m_pTEB` field was exposed through `DacpThreadData.teb` and
through the cDAC `ThreadData.TEB` contract field. Analysis of all
consumers shows:

- **SOS** reads `DacpThreadData.teb` in one place (`strike.cpp:4460`) to
display COM apartment state in `!Threads`. A companion PR in
dotnet/diagnostics switches this to use
`IDebuggerServices::GetThreadTeb(osThreadId)` instead.
- **ClrMD** reads `DacpThreadData.Teb` to derive
`StackBase`/`StackLimit`. A companion PR in microsoft/clrmd switches
this to use `IThreadReader.GetThreadTeb(osThreadId)` instead.
- **NativeAOT** already returns `TargetPointer.Null` for TEB.
- **Non-Windows** platforms already return NULL for TEB.

## Changes

- `request.cpp`: Always set `threadData->teb = NULL` (field retained for
binary layout compatibility)
- `datadescriptor.inc`: Remove TEB field from Thread type descriptor
- `threads.h`: Remove TEB from `cdac_data<Thread>`
- `Data/Thread.cs`: Remove TEB property and reading logic
- `Thread_1.cs`: Remove TEB from ThreadData construction
- `IThread.cs`: Remove TEB from ThreadData record
- `SOSDacImpl.cs`: Set `data->teb = 0`, remove debug assertion
- `Thread.md`: Remove TEB from data contract documentation
- Test mocks: Remove TEB from mock thread descriptors

## Companion PRs

- dotnet/diagnostics#5804 — SOS switches to `GetThreadTeb(osThreadId)`
for apartment state display + new ThreadApartment regression test
- microsoft/clrmd#1419 — `DacRuntime` switches to
`IThreadReader.GetThreadTeb(osThreadId)` for stack bounds

## Validation

- cDAC build: 0 warnings, 0 errors
- cDAC tests: 1586/1586 passed
- cdb verification: `!Threads` output identical between legacy DAC and
cDAC (Release)
- Manual cdb verification: STA/MTA apartment state displays correctly
with both old and new SOS

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: max-charlamb

docs/design/datacontracts/Thread.md

@@ -36,7 +36,6 @@ record struct ThreadData (
     TargetPointer AllocContextLimit;
     TargetPointer Frame;
     TargetPointer FirstNestedException;
-    TargetPointer TEB;
     TargetPointer LastThrownObjectHandle;
     TargetPointer NextThread;
 );
@@ -97,7 +96,6 @@ The contract additionally depends on these data descriptors
 | `Thread` | `Frame` | Pointer to current frame |
 | `Thread` | `CachedStackBase` | Pointer to the base of the stack |
 | `Thread` | `CachedStackLimit` | Pointer to the limit of the stack |
-| `Thread` | `TEB` | Thread Environment Block pointer |
 | `Thread` | `LastThrownObject` | Handle to last thrown exception object |
 | `Thread` | `LinkNext` | Pointer to get next thread |
 | `Thread` | `ExceptionTracker` | Pointer to exception tracking information |
@@ -184,7 +182,6 @@ ThreadData GetThreadData(TargetPointer address)
         AllocContextPointer: allocContextPointer,
         AllocContextLimit: allocContextLimit,
         Frame: target.ReadPointer(address + /* Thread::Frame offset */),
-        TEB : /* Has Thread::TEB offset */ ? target.ReadPointer(address + /* Thread::TEB offset */) : TargetPointer.Null,
         LastThrownObjectHandle : target.ReadPointer(address + /* Thread::LastThrownObject offset */),
         FirstNestedException : firstNestedException,
         NextThread: target.ReadPointer(address + /* Thread::LinkNext offset */) - threadLinkOffset;

src/coreclr/debug/daccess/enummem.cpp

@@ -1227,10 +1227,6 @@ HRESULT ClrDataAccess::EnumMemDumpAllThreadsStack(CLRDataEnumMemoryFlags flags)
                 // Write out the Thread instance
                 DacEnumHostDPtrMem(pThread);
 
-                // @TODO
-                // write TEB pointed by the thread
-                // DacEnumHostDPtrMem(pThread->GetTEB());
-
                 // @TODO
                 // If CLR is hosted, we want to write out fiber data
 

src/coreclr/debug/daccess/request.cpp

@@ -890,11 +890,9 @@ HRESULT ClrDataAccess::GetThreadData(CLRDATA_ADDRESS threadAddr, struct DacpThre
     threadData->context = PTR_CDADDR(AppDomain::GetCurrentDomain());
     threadData->domain = PTR_CDADDR(AppDomain::GetCurrentDomain());
     threadData->lockCount = (DWORD)-1;
-#ifndef TARGET_UNIX
-    threadData->teb = TO_CDADDR(thread->m_pTEB);
-#else
+    // TEB is no longer provided by the runtime. Consumers should look up the TEB
+    // from the OS thread ID via the debugger's native API (e.g., IDebuggerServices::GetThreadTeb).
     threadData->teb = (CLRDATA_ADDRESS)NULL;
-#endif
     threadData->lastThrownObjectHandle =
         TO_CDADDR(thread->m_LastThrownObjectHandle);
     threadData->nextThread =

src/coreclr/vm/datadescriptor/datadescriptor.inc

@@ -53,7 +53,6 @@ CDAC_TYPE_FIELD(Thread, TYPE(GCHandle), LastThrownObject, cdac_data<Thread>::Las
 CDAC_TYPE_FIELD(Thread, T_POINTER, LinkNext, cdac_data<Thread>::Link)
 CDAC_TYPE_FIELD(Thread, T_POINTER, ThreadLocalDataPtr, cdac_data<Thread>::ThreadLocalDataPtr)
 #ifndef TARGET_UNIX
-CDAC_TYPE_FIELD(Thread, T_POINTER, TEB, cdac_data<Thread>::TEB)
 CDAC_TYPE_FIELD(Thread, T_POINTER, UEWatsonBucketTrackerBuckets, cdac_data<Thread>::UEWatsonBucketTrackerBuckets)
 #endif
 CDAC_TYPE_END(Thread)

src/coreclr/vm/threads.cpp

@@ -1513,8 +1513,6 @@ void Thread::InitThread()
 #ifndef TARGET_UNIX
     (void) _controlfp_s( NULL, _RC_NEAR, _RC_CHOP|_RC_UP|_RC_DOWN|_RC_NEAR );
 
-    m_pTEB = (struct _NT_TIB*)NtCurrentTeb();
-
 #endif // !TARGET_UNIX
 
     if (m_CacheStackBase == 0)

src/coreclr/vm/threads.h

@@ -912,20 +912,6 @@ class Thread
     InterpThreadContext* GetOrCreateInterpThreadContext();
 #endif // FEATURE_INTERPRETER
 
-#ifndef TARGET_UNIX
-private:
-    _NT_TIB *m_pTEB;
-public:
-    _NT_TIB *GetTEB() {
-        LIMITED_METHOD_CONTRACT;
-        return m_pTEB;
-    }
-    PEXCEPTION_REGISTRATION_RECORD *GetExceptionListPtr() {
-        WRAPPER_NO_CONTRACT;
-        return &GetTEB()->ExceptionList;
-    }
-#endif // !TARGET_UNIX
-
     inline void SetTHAllocContextObj(TypeHandle th) {LIMITED_METHOD_CONTRACT; m_thAllocContextObj = th; }
 
     inline TypeHandle GetTHAllocContextObj() {LIMITED_METHOD_CONTRACT; return m_thAllocContextObj; }
@@ -3786,7 +3772,6 @@ struct cdac_data<Thread>
     static constexpr size_t ProfilerFilterContext = offsetof(Thread, m_pProfilerFilterContext);
 #endif // PROFILING_SUPPORTED
 #ifndef TARGET_UNIX
-    static constexpr size_t TEB = offsetof(Thread, m_pTEB);
     static constexpr size_t UEWatsonBucketTrackerBuckets = offsetof(Thread, m_ExceptionState) + offsetof(ThreadExceptionState, m_UEWatsonBucketTracker)
     + offsetof(EHWatsonBucketTracker, m_WatsonUnhandledInfo.m_pUnhandledBuckets);
 #endif

src/coreclr/vm/threadsuspend.cpp

@@ -2893,12 +2893,8 @@ BOOL Thread::RedirectThreadAtHandledJITCase(PFN_REDIRECTTARGET pTgt)
 #ifdef _DEBUG
         // In some rare cases the stack pointer may be outside the stack limits.
         // SetThreadContext would fail assuming that we are trying to bypass CFG.
-        //
-        // NB: the check here is slightly more strict than what OS requires,
-        //     but it is simple and uses only documented parts of TEB
-        auto pTeb = this->GetTEB();
         void* stackPointer = (void*)GetSP(pCtx);
-        if ((stackPointer < pTeb->StackLimit) || (stackPointer > pTeb->StackBase))
+        if ((stackPointer < this->GetCachedStackLimit()) || (stackPointer > this->GetCachedStackBase()))
         {
             return (FALSE);
         }

src/native/managed/cdac/Microsoft.Diagnostics.DataContractReader.Abstractions/Contracts/IThread.cs

@@ -38,7 +38,6 @@ public record struct ThreadData(
     TargetPointer AllocContextLimit,
     TargetPointer Frame,
     TargetPointer FirstNestedException,
-    TargetPointer TEB,
     TargetPointer LastThrownObjectHandle,
     TargetPointer NextThread);
 

src/native/managed/cdac/Microsoft.Diagnostics.DataContractReader.Contracts/Contracts/Thread_1.cs

@@ -98,7 +98,6 @@ ThreadData IThread.GetThreadData(TargetPointer threadPointer)
             thread.RuntimeThreadLocals?.AllocContext.GCAllocationContext.Limit ?? TargetPointer.Null,
             thread.Frame,
             firstNestedException,
-            thread.TEB,
             thread.LastThrownObject.Handle,
             GetThreadFromLink(thread.LinkNext));
     }

src/native/managed/cdac/Microsoft.Diagnostics.DataContractReader.Contracts/Data/Thread.cs

@@ -23,8 +23,6 @@ public Thread(Target target, TargetPointer address)
         CachedStackBase = target.ReadPointerField(address, type, nameof(CachedStackBase));
         CachedStackLimit = target.ReadPointerField(address, type, nameof(CachedStackLimit));
 
-        // TEB does not exist on certain platforms
-        TEB = target.ReadPointerFieldOrNull(address, type, nameof(TEB));
         LastThrownObject = target.ProcessedData.GetOrAdd<ObjectHandle>(
             target.ReadPointerField(address, type, nameof(LastThrownObject)));
         LinkNext = target.ReadPointerField(address, type, nameof(LinkNext));
@@ -46,7 +44,6 @@ public Thread(Target target, TargetPointer address)
     public TargetPointer Frame { get; init; }
     public TargetPointer CachedStackBase { get; init; }
     public TargetPointer CachedStackLimit { get; init; }
-    public TargetPointer TEB { get; init; }
     public ObjectHandle LastThrownObject { get; init; }
     public TargetPointer LinkNext { get; init; }
     public TargetPointer ExceptionTracker { get; init; }