[Liftoff] Fix initialization of f32 locals

We might run into the situation that all fp registers are already in
use for holding parameters. Thus, use the {GetUnusedRegister()} method
which might spill to free one of the registers.

R=ahaas@chromium.org

Bug: v8:6600, chromium:792037
Change-Id: I44b279922e31ac4acaa07b6a36ba2e394100fde0
Reviewed-on: https://chromium-review.googlesource.com/813834Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49940}

src/wasm/baseline/liftoff-compiler.cc

@@ -130,9 +130,10 @@ class LiftoffCompiler {
         __ PushRegister(type, reg);
         return;
       }
-      // No cache register. Push to the stack.
-      __ Spill(param_idx, reg);
-      __ cache_state()->stack_state.emplace_back(type);
+      // Move to a cache register.
+      LiftoffRegister cache_reg = __ GetUnusedRegister(rc);
+      __ Move(cache_reg, reg);
+      __ PushRegister(type, reg);
       return;
     }
     if (param_loc.IsCallerFrameSlot()) {
@@ -196,9 +197,9 @@ class LiftoffCompiler {
           break;
         case kWasmF32:
           if (zero_double_reg.is_gp()) {
-            // Use CacheState::unused_register directly. There must be an unused
-            // register, no spilling allowed here.
-            zero_double_reg = __ cache_state()->unused_register(kFpReg);
+            // Note: This might spill one of the registers used to hold
+            // parameters.
+            zero_double_reg = __ GetUnusedRegister(kFpReg);
             __ LoadConstant(zero_double_reg, WasmValue(0.f));
           }
           __ PushRegister(kWasmF32, zero_double_reg);