AVE instead of IndexOutOfRangeException

[EgorBo]

The repro involves a code pattern that is very unlikely to be seen in the real world (creating arrays of negative size), but still should be fixed:

using System;
using System.Runtime.CompilerServices;

Test(-1000000, false);

[MethodImpl(MethodImplOptions.NoInlining |
            MethodImplOptions.AggressiveOptimization)]
int Test(int idx, bool neverTrueCond)
{
    if (neverTrueCond)
        // register idx's VN as CheckedBound here
        Console.WriteLine((new int[idx])[0]); // new int[-1000000]

    if (idx != 0) // MergeEdgeAssertion assumes idx > 0 here
    {
        var arr2 = new int[10];
        if (idx < 10)
        {
            return arr2[idx]; // No bounds check here
        }
    }
    return 0;
}

Expected: System.IndexOutOfRangeException: Index was outside the bounds of the array
Actual: System.AccessViolationException: Attempted to read or write protected memory

The bug was introduced several releases ago.

[dotnet-policy-service]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.