Bug 1275001 - Fix RematerializedFrame::locals() when there's arguments underflow. (r=jandem)

js/src/jit-test/tests/debug/bug1275001.js

@@ -0,0 +1,30 @@
+
+g = newGlobal();
+g.parent = this;
+g.eval("(" + function() {
+    Debugger(parent).onExceptionUnwind = function(frame) {
+        frame.older
+    }
+} + ")()")
+function check_one(expected, f, err) {
+    try {
+        f()
+    } catch (ex) {
+        s = ex.toString()
+        assertEq(s.slice(11, -err.length), expected)
+    }
+}
+ieval = eval
+function check(expr, expected = expr) {
+    var end, err
+    for ([end, err] of[[".random_prop", " is undefined" ]]) 
+         statement = "o = {};" + expr + end;
+         cases = [
+            function() ieval("var undef;" + statement),
+            Function(statement)
+        ]
+        for (f of cases) 
+            check_one(expected, f, err)
+}
+check("undef");
+check("o.b");

js/src/jit/RematerializedFrame.h

@@ -7,6 +7,8 @@
 #ifndef jit_RematerializedFrame_h
 #define jit_RematerializedFrame_h
 
+#include <algorithm>
+
 #include "jsfun.h"
 
 #include "jit/JitFrameIterator.h"
@@ -180,12 +182,15 @@ class RematerializedFrame
     unsigned numActualArgs() const {
         return numActualArgs_;
     }
+    unsigned numArgSlots() const {
+        return std::max(numFormalArgs(), numActualArgs());
+    }
 
     Value* argv() {
         return slots_;
     }
     Value* locals() {
-        return slots_ + numActualArgs_ + isConstructing_;
+        return slots_ + numArgSlots() + isConstructing_;
     }
 
     Value& unaliasedLocal(unsigned i) {