Bug 265262

The following wasm program currently crashes in debug mode (using the `module` helper from function reference tests): ``` /* (module (func (result i32) (i32.const 42)) (func (param) (result i32) (return_call 0) (i32.const 5)) (func (export "main") (result i32) (call 1)) ) */ { let m = new WebAssembly.Instance(module("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x00\x01\x7f\x03\x84\x80\x80\x80\x00\x03\x00\x00\x00\x07\x88\x80\x80\x80\x00\x01\x04\x6d\x61\x69\ x6e\x00\x02\x0a\x9e\x80\x80\x80\x00\x03\x84\x80\x80\x80\x00\x00\x41\x2a\x0b\x86\x80\x80\x80\x00\x00\x12\x00\x41\x05\x0b\x84\x80\x80\x80\x00\x00\x10\x01\x0b")); assert.eq(m.exports.main(), 42); } ``` with a crash message like the following: wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ASSERTION FAILED: !irGenerator.m_makesTailCalls wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: /home/asumu/WebKit/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp(4659) : JSC::Wasm::B3IRGenerator::PartialResult JSC::Wasm::B3IRGenerator::emitIn lineDirectCall(uint32_t, const JSC::Wasm::TypeDefinition&, WTF::Vector<JSC::B3::Variable*, 0, WTF::CrashOnOverflow, 16, WTF::FastMalloc>&, ResultList&) wasm.yaml/wasm/function-references/tail_call.js.wasm-omg: ERROR: Unexpected exit code: 134 10/10 (failed 1) It looks like there's possibly an attempt to inline the `(call 1)` in the main function and that's failing because the function being inlined has a tail call.