Put the type feedback vector in the unoptimized JavaScript frame.

src/compiler/arm64/code-generator-arm64.cc

Index: src/compiler/arm64/code-generator-arm64.cc
diff --git a/src/compiler/arm64/code-generator-arm64.cc b/src/compiler/arm64/code-generator-arm64.cc
index 34ec3821f7ba1605d0865c5a52414df7848dc993..db9644a9ab6999c02161bfc2c07ac4d7e4a41fbc 100644
--- a/src/compiler/arm64/code-generator-arm64.cc
+++ b/src/compiler/arm64/code-generator-arm64.cc
@@ -1003,8 +1003,13 @@ void CodeGenerator::AssemblePrologue() {
     osr_pc_offset_ = __ pc_offset();
     // TODO(titzer): cannot address target function == local #-1
     __ ldr(x1, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
-    DCHECK(stack_slots >= frame()->GetOsrStackSlotCount());
-    stack_slots -= frame()->GetOsrStackSlotCount();
+    int osr_stack_slot_count = frame()->GetOsrStackSlotCount();
+    DCHECK(stack_slots >= osr_stack_slot_count);
+    stack_slots -= osr_stack_slot_count;
+
+    // Full-code javascript functions have a type feedback vector in the frame.
+    // Shift any locals down one slot, and adjust the stack pointer.
+    __ AdaptUnoptimizedFrameForOsrEntry(osr_stack_slot_count, x2, x0);
   }
 
   if (stack_slots > 0) {