Wrong Assertion in GlobOpt::CollectMemOpInfo

Hello, running following code in ch 1.11.19 debug version. An Assertion will be throw.

'use strict';
function func(b, c) {
    b[0] = c;
}
function main() {
    let b = new Uint32Array(100);

    for (let i = 0; i < 1000; i++) {
        i += 1;
        i += 0;
        func(b, {});
    }
}
main();

Output:

ASSERTION 19136: (...\chakracore-1.11.19\lib\backend\globopt.cpp, line 2325) !instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym()))
 Failure: (!instr->GetDst() || instr->m_opcode == Js::OpCode::IncrLoopBodyCount || !loop->memOpInfo || (instr->m_opcode == Js::OpCode::Ld_I4 && prevInstr && (prevInstr->m_opcode == Js::OpCode::Add_I4 || prevInstr->m_opcode == Js::OpCode::Sub_I4) && instr->GetSrc1()->IsRegOpnd() && instr->GetDst()->IsRegOpnd() && prevInstr->GetDst()->IsRegOpnd() && instr->GetDst()->GetStackSym() == prevInstr->GetSrc1()->GetStackSym() && instr->GetSrc1()->GetStackSym() == prevInstr->GetDst()->GetStackSym()) || !loop->memOpInfo->inductionVariableChangeInfoMap->ContainsKey(GetVarSymID(instr->GetDst()->GetStackSym())))
FATAL ERROR: ch.exe failed due to exception code c0000420

I think this is likely just a wrong assertion since the assumption strict too much, may miss some cases. https://github.com/microsoft/ChakraCore/blob/33db8efd9f02cd528a7305391d7d10765a2e85f3/lib/Backend/GlobOpt.cpp#L2360-2374

ISec Lab 2020.7.1