Pass argc of JSEntry as intptr_t

|argc| parameter of JSEntry is passed as int from C++ code, and loaded
into a register on the asm code. As int is 32 bit, and registers are
64 bit on 64 bit platforms, upper 32 bits of the loaded value may be
contaminated by a random value if it's passed as a stack parameter.

For now, |argc| is passed as a register parameter on all platforms, and
the upper 32 bits of |argc| is filled by zero, fortunately. However, if
we shuffle the order of parameters, |argc| can be passed as a stack
parameter and its value may be broken.

Specifically on x64 Windows, the first 4 parameters are passed as
register parameters and the rest are stack parameters. As |argc| is the
4th parameter, if we prepend another parameter and shift |argc| to
the 5th parameter, |argc| will become a stack parameter and its load
to 64 bit register breaks the value.

This CL converts the type of the |argc| parameter to intptr_t, so that
it's safe to load from stack to full width registers.

Bug: v8:8124
Change-Id: Ie7407cf5e6252ed7323a9c42389db387b0064673
Reviewed-on: https://chromium-review.googlesource.com/c/1400326Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Taiju Tsuiki <tzik@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58614}

src/builtins/arm/builtins-arm.cc

@@ -531,7 +531,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/arm64/builtins-arm64.cc

@@ -597,7 +597,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 //
 // Input:

src/builtins/ia32/builtins-ia32.cc

@@ -374,7 +374,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/mips/builtins-mips.cc

@@ -397,7 +397,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/mips64/builtins-mips64.cc

@@ -542,7 +542,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/ppc/builtins-ppc.cc

@@ -536,7 +536,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/s390/builtins-s390.cc

@@ -536,7 +536,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {

src/builtins/x64/builtins-x64.cc

@@ -368,7 +368,7 @@ namespace {
 // signature is:
 //
 //  using JSEntryFunction = GeneratedCode<Address(
-//      Address new_target, Address target, Address receiver, int argc,
+//      Address new_target, Address target, Address receiver, intptr_t argc,
 //      Address** args, Address root_register_value)>;
 void Generate_JSEntryVariant(MacroAssembler* masm, StackFrame::Type type,
                              Builtins::Name entry_trampoline) {
@@ -558,7 +558,7 @@ static void Generate_JSEntryTrampolineHelper(MacroAssembler* masm,
   // - Address new_target (tagged Object pointer)
   // - Address function (tagged JSFunction pointer)
   // - Address receiver (tagged Object pointer)
-  // - int argc
+  // - intptr_t argc
   // - Address** argv (pointer to array of tagged Object pointers)
   // (see Handle::Invoke in execution.cc).
 

src/execution.cc

@@ -273,7 +273,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<Object> Invoke(Isolate* isolate,
     // {new_target}, {target}, {receiver}, return value: tagged pointers
     // {argv}: pointer to array of tagged pointers
     using JSEntryFunction = GeneratedCode<Address(
-        Address new_target, Address target, Address receiver, int argc,
+        Address new_target, Address target, Address receiver, intptr_t argc,
         Address** argv, Address root_register_value)>;
     // clang-format on
     JSEntryFunction stub_entry =