https://bugs.webkit.org/show_bug.cgi?id=71329

Source/JavaScriptCore: 

Reviewed by Oliver Hunt.
        
The DFG was forgetting to store code origin mappings for inlined
call sites. Some of the fast-path optimizations for
CallFrame::trueCallerFrame() were wrong. An assertion in Arguments
was wrong.
        
I also took the opportunity to decrease code duplication between
DFG64 and DFG32_64, because I didn't feel like writing the same
code twice.

* bytecode/CodeBlock.h:
(JSC::ExecState::isInlineCallFrame):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
* dfg/DFGJITCompiler32_64.cpp:
* dfg/DFGNode.h:
* interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallerFrame):
* interpreter/CallFrame.h:
* runtime/Arguments.h:
(JSC::Arguments::getArgumentsData):

LayoutTests: 

Reviewed by Oliver Hunt.
        
Test that using bar.arguments, where bar was inlined into baz,
works correctly.

* fast/js/dfg-inline-arguments-simple-expected.txt: Added.
* fast/js/dfg-inline-arguments-simple.html: Added.
* fast/js/script-tests/dfg-inline-arguments-simple.js: Added.
(foo):
(bar):
(baz):
(argsToStr):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99009 268f45cc-cd09-0410-ab3c-d52691b4dbfc