GetByVal has Double ArrayModes. So it expects to get Double arrays, and it will genetate a double value.
To ensure that, we have CheckStructure / CheckArray before this GetByVal.
But in AI phase, CheckStructure and CheckArray would not perform anything on a proven abstract value.
In that case, our GetByVal in AI gets unexpected array. If we do not perform any checks before using that to fold GetByVal into a constant, we have a bad time.


1: JSConstant(Array with CopyOnWrite | Contiguous) => like, ["bad"]
2: CheckStructure(@1, Array CopyOnWrite | Double) => It finally becomes OSR exit, but now, AI is not sure about it.
3: GetButterfly(@1)
4: GetByVal(@1, 0, @3, Array CopyOnWrite | Double) => If @4 can retrieve "bad" from @1, we attempt to convert @4 into "bad", but it is not acceptable since GetByVal(Double shape) should return a Double result.

We should perform array check on @1 constant before performing constant folding in AI.