Fix random crashes in leaf functions

A "leaf" function that doesn't call any other JS functions but calls built-in
functions may easily have function->maxNumberOfArguments "calculated" to zero
due to the lack of call expressions. That means we may not have allocated
enough stack space for the variable arguments needed for builtin runtime calls
and then end up overwriting some of the callee saved registers.

This can also happen in non-leaf functions, but is less likely of course.

So in addition to the explicit call expressions this patch also takes the
built-in expression parameter list of the IR CALL into account. It may end up
calculating a maxNumberOfArguments value that is slightly too high, but we pay
a relatively small price for that compared to doing a second pass over the IR
or trying to patch offsets after code generation.

Change-Id: Ic7cddd38952fdccbb1d636bc4d5578c2276fc1c9
Reviewed-by: Lars Knoll <lars.knoll@digia.com>

1 files changed, 4 insertions, 0 deletions

diff --git a/src/v4/qv4jsir.cpp b/src/v4/qv4jsir.cpp
index 3c55131a5d..120a5d4fe5 100644
--- a/src/v4/qv4jsir.cpp
+++ b/src/v4/qv4jsir.cpp
@@ -665,6 +665,10 @@ Expr *BasicBlock::CALL(Expr *base, ExprList *args)
 { 
     Call *e = function->New<Call>();
     e->init(base, args);
+    int argc = 0;
+    for (ExprList *it = args; it; it = it->next)
+        ++argc;
+    function->maxNumberOfArguments = qMax(function->maxNumberOfArguments, argc);
     return e;
 }