[turbofan] Fix usage of ThisFunction parameter in OSR.

src/compiler/linkage-impl.h

Index: src/compiler/linkage-impl.h
diff --git a/src/compiler/linkage-impl.h b/src/compiler/linkage-impl.h
index c24ae8873c74746198f177bc40679d1d75cfeb6d..272040e5eac25bc10b24fa367ebc69540696416b 100644
--- a/src/compiler/linkage-impl.h
+++ b/src/compiler/linkage-impl.h
@@ -29,7 +29,8 @@ class LinkageHelper {
   }
 
   // TODO(turbofan): cache call descriptors for JSFunction calls.
-  static CallDescriptor* GetJSCallDescriptor(Zone* zone, int js_parameter_count,
+  static CallDescriptor* GetJSCallDescriptor(Zone* zone, bool is_osr,
+                                             int js_parameter_count,
                                              CallDescriptor::Flags flags) {
     const size_t return_count = 1;
     const size_t context_count = 1;
@@ -56,7 +57,11 @@ class LinkageHelper {
 
     // The target for JS function calls is the JSFunction object.
     MachineType target_type = kMachAnyTagged;
-    LinkageLocation target_loc = regloc(LinkageTraits::JSCallFunctionReg());
+    // Fullcode doesn't preserve the JSCallFunctionReg, so expect the
+    // JSFunction object on the stack.
+    LinkageLocation target_loc =
+        is_osr ? stackloc(-1 - js_parameter_count)

[Michael Starzinger, 2015/01/30 10:06:02]

Magic "-1" is being very magic. Is there any constant in frames.h that we can
DCHECK here to make sure this "-1" is accurate?

+               : regloc(LinkageTraits::JSCallFunctionReg());
     return new (zone) CallDescriptor(     // --
         CallDescriptor::kCallJSFunction,  // kind
         target_type,                      // target MachineType