[ia32] Restore FP stack check in the deoptimizer

This restores the check that was removed in
https://chromiumcodereview.appspot.com/12300020/

Bug: chromium:736643

Change-Id: I82e218b9f2572953a7f433d713dff0528574eea1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2848469Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74168}

src/builtins/ia32/builtins-ia32.cc

@@ -3968,9 +3968,16 @@ void Generate_DeoptimizationEntry(MacroAssembler* masm,
     __ movsd(Operand(esi, dst_offset), xmm0);
   }
 
+  if (FLAG_debug_code) {
+    const int kTopMask = 0x3800;
+    __ push(eax);
+    __ fwait();
+    __ fnstsw_ax();
+    __ test(eax, Immediate(kTopMask));
+    __ Assert(zero, AbortReason::kFpuTopIsNotZeroInDeoptimizer);
+    __ pop(eax);
+  }
   // Clear FPU all exceptions.
-  // TODO(ulan): Find out why the TOP register is not zero here in some cases,
-  // and check that the generated code never deoptimizes with unbalanced stack.
   __ fnclex();
 
   // Mark the stack as not iterable for the CPU profiler which won't be able to

src/codegen/bailout-reason.h

@@ -24,6 +24,7 @@ namespace internal {
   V(kExpectedFeedbackVector, "Expected feedback vector")                       \
   V(kFunctionDataShouldBeBytecodeArrayOnInterpreterEntry,                      \
     "The function_data field should be a BytecodeArray on interpreter entry")  \
+  V(kFpuTopIsNotZeroInDeoptimizer, "FPU TOP is not zero in deoptimizer")       \
   V(kInputStringTooLong, "Input string too long")                              \
   V(kInvalidBytecode, "Invalid bytecode")                                      \
   V(kInvalidBytecodeAdvance, "Cannot advance current bytecode, ")              \