Assertion failure in Lowerer::MapStFldHelper

[zhunki]

the following poc trigger a assertion failure in "debug" build on ubuntu.

function opt(opt_param){
class V2 {
    print() {
        if (opt_param) {
        } 
    }
};

if (opt_param) {
}
const v12 = [];
const v19 = {constructor:parseFloat};
v12.constructor = RangeError;
v19.valueOf = parseFloat;
}
for(let i=0;i<0x200;i++){opt(false);}

#0 0x00005555568c8420 in Lowerer::MapStFldHelper (this=0x7ff7efffd7b0, propertySymOpnd=0x7ff7f4304eb8, helperMethod=@0x7ff7efffc094: IR::HelperOp_InitClassMember, polymorphicHelperMethod=@0x7ff7efffc090: IR::HelperOp_InitClassMember) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Lower.cpp:7221 #1 0x0000555556889c4b in Lowerer::LowerStFld (this=0x7ff7efffd7b0, stFldInstr=0x7ff7f43093f0, helperMethod=IR::HelperOp_InitClassMember, polymorphicHelperMethod=IR::HelperOp_InitClassMember, withInlineCache=false, labelBailOut=0x0, isHelper=false, withPutFlags=false, flags=Js::PropertyOperation_None) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Lower.cpp:7101 #2 0x0000555556887c77 in Lowerer::LowerRange (this=0x7ff7efffd7b0, instrStart=0x7ff7f4302170, instrEnd=0x7ff7f43021d0, defaultDoFastPath=true, defaultDoLoopFastPath=true) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Lower.cpp:2562 #3 0x000055555687d5a1 in Lowerer::Lower (this=0x7ff7efffd7b0) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Lower.cpp:104 #4 0x0000555556b28bbb in Func::TryCodegen (this=0x7ff7efffdfa0) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Func.cpp:475 #5 0x0000555556b28330 in Func::Codegen (alloc=0x7ff7efffe560, workItem=0x7ff7f42f1030, threadContextInfo=0x555557ebeea8, scriptContextInfo=0x555557ef0d08, outputData=0x7ff7efffe9a0, epInfo=0x7ff7f43c8090, runtimeInfo=0x0, polymorphicInlineCacheInfo=0x7ff7f432a540, codeGenAllocators=0x555557ef52d8, codeGenProfiler=0x0, isBackgroundJIT=true) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/Func.cpp:325 #6 0x000055555694bdc0 in NativeCodeGenerator::CodeGen (this=0x555557ef24d8, pageAllocator= 0x5555575a9da8, workItemData=0x555557f01d30, jitWriteData=..., foreground=false, epInfo=0x7ff7f43c8090) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/NativeCodeGenerator.cpp:890 #7 0x000055555694da58 in NativeCodeGenerator::CodeGen (this=0x555557ef24d8, pageAllocator=0x5555575a9da8, workItem=0x555557f01d08, foreground=false) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/NativeCodeGenerator.cpp:1007 #8 0x0000555556950854 in NativeCodeGenerator::Process (this=0x555557ef24d8, job=0x555557f01d10, threadData=0x5555575a9d88) at /home/zhunki/workspace/ChakraCore-master/lib/Backend/NativeCodeGenerator.cpp:1907 #9 0x00005555569bc7a1 in JsUtil::BackgroundJobProcessor::Process (this=0x555557ef2658, job=0x555557f01d10, threadData=0x5555575a9d88) at /home/zhunki/workspace/ChakraCore-master/lib/Common/Common/Jobs.cpp:1037 #10 0x00005555569bcda4 in JsUtil::BackgroundJobProcessor::Run (this=0x555557ef2658, threadData=0x5555575a9d88) at /home/zhunki/workspace/ChakraCore-master/lib/Common/Common/Jobs.cpp:1135 #11 0x00005555569ba351 in JsUtil::BackgroundJobProcessor::StaticThreadProc (lpParam=0x5555575a9d88) at /home/zhunki/workspace/ChakraCore-master/lib/Common/Common/Jobs.cpp:1319 #12 0x00005555558308d0 in CorUnix::CPalThread::ThreadEntry (pvParam=0x555557ef2dd0) at /home/zhunki/workspace/ChakraCore-master/pal/src/thread/pal_thread.cpp:1605 #13 0x00007ffff7aa2609 in start_thread (arg=) at pthread_create.c:477 #14 0x00007ffff7857293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

[ppenzin]

MapStFldHelper doesn't accept HelperOp_InitClassMember.