32-bit call code clobbers the function cell tag
https://bugs.webkit.org/show_bug.cgi?id=68606
Patch by Filip Pizlo <fpizlo@apple.com> on 2011-09-22
Reviewed by Csaba Osztrogonác.
This is a minimalistic fix: it simply emits code to restore the
cell tag on the slow path, if we know that we failed due to
emitCallIfNotType.
* jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCallVarargsSlowCase):
(JSC::JIT::compileOpCallSlowCase):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95707
268f45cc-cd09-0410-ab3c-
d52691b4dbfc