[maglev] Fix empty arguments in PopReceiver

In case of empty arguments, we set the receiver_mode to
kNullOrUndefined, which forces the new receiver to be null.

But now `args` has a null receiver and 1 non-receiver argument.
We *must* clear the argument vector to avoid using the old receiver as
the first argument to FunctionPrototypeCall.

Bug: v8:7700
Change-Id: Ie23bfb28a50f484fbdd6caba55b44ffbaa806b34
Fixed: v8:13456
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4066479
Commit-Queue: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84571}

src/maglev/maglev-graph-builder.cc

@@ -163,19 +163,17 @@ class CallArguments {
   void PopReceiver(ConvertReceiverMode new_receiver_mode) {
     DCHECK_NE(receiver_mode_, ConvertReceiverMode::kNullOrUndefined);
     DCHECK_NE(new_receiver_mode, ConvertReceiverMode::kNullOrUndefined);
-
-    if (count() == 0) {
-      // If there is no non-receiver argument to become the new receiver,
-      // consider the new receiver to be known undefined.
-      receiver_mode_ = ConvertReceiverMode::kNullOrUndefined;
-    } else {
-      // TODO(victorgomes): Do this better!
-      for (size_t i = 0; i < args_.size() - 1; i++) {
-        args_[i] = args_[i + 1];
-      }
-      args_.pop_back();
-      receiver_mode_ = new_receiver_mode;
+    DCHECK_GT(args_.size(), 0);  // We have at least a receiver to pop!
+    // TODO(victorgomes): Do this better!
+    for (size_t i = 0; i < args_.size() - 1; i++) {
+      args_[i] = args_[i + 1];
     }
+    args_.pop_back();
+
+    // If there is no non-receiver argument to become the new receiver,
+    // consider the new receiver to be known undefined.
+    receiver_mode_ = args_.size() == 0 ? ConvertReceiverMode::kNullOrUndefined
+                                       : new_receiver_mode;
   }
 
  private: