Fix register allocation in tail-call to TFJ builtin.

R=jgruber@chromium.org

Bug: v8:178
Change-Id: Id00ae14cb5a50e560f93249eed4e4b20aa0a6ce7
Reviewed-on: https://chromium-review.googlesource.com/970467
Commit-Queue: Yang Guo <yangguo@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52058}

src/builtins/builtins-internal-gen.cc

@@ -207,6 +207,7 @@ TF_BUILTIN(DebugBreakTrampoline, CodeStubAssembler) {
       CAST(LoadObjectField(shared, SharedFunctionInfo::kCodeOffset));
   // Use the ConstructTrampolineDescriptor because it passes new.target too in
   // case this is called during construct.
+  CSA_ASSERT(this, IsCode(code));
   ConstructTrampolineDescriptor descriptor(isolate());
   TailCallStub(descriptor, code, context, function, new_target, arg_count);
 }

src/compiler/instruction-selector.cc

@@ -891,12 +891,8 @@ void InstructionSelector::InitializeCallBuffer(Node* call, CallBuffer* buffer,
               ? g.UseImmediate(callee)
               : call_use_fixed_target_reg
                     ? g.UseFixed(callee, kJavaScriptCallCodeStartRegister)
-#ifdef V8_EMBEDDED_BUILTINS
                     : is_tail_call ? g.UseUniqueRegister(callee)
                                    : g.UseRegister(callee));
-#else
-                    : g.UseRegister(callee));
-#endif
       break;
     case CallDescriptor::kCallAddress:
       buffer->instruction_args.push_back(

test/cctest/cctest.status

@@ -133,9 +133,6 @@
   'test-serialize/StartupSerializerTwice': [SKIP],
   'test-serialize/StartupSerializerOnceRunScript': [SKIP],
   'test-serialize/StartupSerializerTwiceRunScript': [SKIP],
-
-  # https://crbug.com/v8/7543
-  'test-debug/BreakPointJSBuiltin': [SKIP],
 }],  # ALWAYS
 
 ##############################################################################