[mono][interp] Fix type of args when inlining method

[BrzVlad]

The vars allocated from pushing values on the execution stack might not reflect exactly the actual type of the var. Consider this pattern:

	condbr	BB0
	newobj	Derived // push var0 of type Derived
	br	BB1
BB0:
	newobj	Base	// push var1 of type Base
	// here we will end up inserting a `mov var1 -> var0`
BB1:
	// top of stack will be seen as being var0
	call

Because we first reach BB1 with the stack contents of var0, BB1 will end up accessing top of the stack as var0. However the type of var0 at this point is not Derived, since it can also be a Base object. We currently don't update the type of var0, but just update the type information of the top of stack entry when entering BB1. When inlining, after this commit, we use the type information from the stack, rather than the type of the var present on the stack.

In the future we might want to consider updating the type of var0 or creating a new var entirely with the correct type for consistency.

Fixes #102046

[dotnet-policy-service]

Tagging subscribers to this area: @BrzVlad, @kotlarmilos
See info in area-owners.md if you want to be subscribed.

[BrzVlad]

Simple repro for this issue:

using System;

public class Base {

	public virtual void Method ()
	{
		Console.WriteLine ("Base");
	}
}

public sealed class Derived : Base {

	public override void Method ()
	{
		Console.WriteLine ("Derived");
	}
}

public class Program {
	public static bool true_var = true;

	public static void CallMethod (Base obj)
	{
		obj.Method ();
	} 

	public static void Main (string[] args)
	{
		// Bug manifests only in optimized code, so we need to tier up method
		for (int i = 0; i < 1001; i++) {
			// Should call Base, interp incorrectly devirts to Derived
			CallMethod (true_var ? new Base () : new Derived ()); 
		}
	}
}

[lewing]

Should a regression test be added somewhere?

[srxqds]

need backport .net8.0?

[srxqds]

need backport .net8.0?

?