Unreviewed, fix numParameter() - 1 OSRExit materialization
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Mar 2017 13:24:46 +0000 (13:24 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Mar 2017 13:24:46 +0000 (13:24 +0000)
commit13516eb695d114ae83d00b12159bf2b5d63b6002
treeee7fc8638992bcf260c5062c914260bf2dbe7f4f
parent3fb57153a8c42e58ef1b751e5fcd0b649243f0c2
Unreviewed, fix numParameter() - 1 OSRExit materialization
https://bugs.webkit.org/show_bug.cgi?id=164582

When materializing rest parameters, we rely on that numParameter() - 1 equals to
the numberOfArgumentsToSkip. But this assumption is broken in r214029.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfArgumentsToSkip):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@214040 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/ftl/FTLOperations.cpp