mstarzinger @ could you please look into this.please feel free to re-assigned back if needed. thanks in advance !

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/08a441b309d00572e650c020e8a3c45390aa459d

commit 08a441b309d00572e650c020e8a3c45390aa459d
Author: Michael Starzinger <mstarzinger@chromium.org>
Date: Fri Sep 23 11:48:17 2016

[turbofan] Handle StringCharCodeAt in escape analysis.

This adds handling of {IrOpcode::kStringCharCodeAt} nodes to the escape
status analysis. Such uses are treated as escaping for now until we add
dedicated handling to the escape analysis reducer.

R=bmeurer@chromium.org
BUG= chromium:649492 

Review URL: https://codereview.chromium.org/2363063002 .

Cr-Commit-Position: refs/heads/master@{#39660}

[modify] https://crrev.com/08a441b309d00572e650c020e8a3c45390aa459d/src/compiler/escape-analysis.cc

ClusterFuzz has detected this issue as fixed in range 39659:39660.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=4712982385000448

Fuzzer: mbarbella_js_mutation
Job Type: linux_asan_d8_v8_arm_dbg
Platform Id: linux

Crash Type: Unreachable code
Crash Address: 
Crash State:
  escape-analysis.cc
  
Regressed: V8: r39593:39594
Fixed: V8: r39659:39660

Minimized Testcase (0.43 Kb): https://cluster-fuzz.appspot.com/download/AMIfv948qjXCCEGbeBTeY09YkOmFrbqKHm1oGqw_-xa35a6ZF80qd7fOtvybeU_U4expxC6-WK-udRJUo7J6Pn-zZYRw7a9BjC1RzbJ3-s5FpYcuZ-IuTSIzm6rwrHi_cEfAakYSQBjsY5uGJ1mqXUI0PFiv7isDDQ?testcase_id=4712982385000448

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot