[ia32,root] Preserve kRootRegister (ebx) in InterpreterPush variants

This CL ensures that the following builtins preserve
the kRootRegister (ebx):

InterpreterPushUndefinedAndArgsThenCall
InterpreterPushArgsThenCallWithFinalSpread
InterpreterPushArgsThenConstruct
InterpreterPushArgsThenConstructArrayFunction
InterpreterPushZeroAndArgsAndReturnAddress
InterpreterPushArgsThenConstructWithFinalSpread

Bug: v8:6666
Change-Id: I026654b981276c7d435c18c9eedef3f5d33b6533
Reviewed-on: https://chromium-review.googlesource.com/1233754Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56082}

src/builtins/builtins-interpreter-gen.cc

@@ -10,12 +10,18 @@ namespace v8 {
 namespace internal {
 
 void Builtins::Generate_InterpreterPushArgsThenCall(MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenCallImpl(
       masm, ConvertReceiverMode::kAny, InterpreterPushArgsMode::kOther);
 }
 
 void Builtins::Generate_InterpreterPushUndefinedAndArgsThenCall(
     MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenCallImpl(
       masm, ConvertReceiverMode::kNullOrUndefined,
       InterpreterPushArgsMode::kOther);
@@ -23,24 +29,36 @@ void Builtins::Generate_InterpreterPushUndefinedAndArgsThenCall(
 
 void Builtins::Generate_InterpreterPushArgsThenCallWithFinalSpread(
     MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenCallImpl(
       masm, ConvertReceiverMode::kAny,
       InterpreterPushArgsMode::kWithFinalSpread);
 }
 
 void Builtins::Generate_InterpreterPushArgsThenConstruct(MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenConstructImpl(
       masm, InterpreterPushArgsMode::kOther);
 }
 
 void Builtins::Generate_InterpreterPushArgsThenConstructWithFinalSpread(
     MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenConstructImpl(
       masm, InterpreterPushArgsMode::kWithFinalSpread);
 }
 
 void Builtins::Generate_InterpreterPushArgsThenConstructArrayFunction(
     MacroAssembler* masm) {
+#ifdef V8_TARGET_ARCH_IA32
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
   return Generate_InterpreterPushArgsThenConstructImpl(
       masm, InterpreterPushArgsMode::kArrayFunction);
 }

src/builtins/ia32/builtins-ia32.cc

@@ -1042,6 +1042,7 @@ void Generate_InterpreterPushZeroAndArgsAndReturnAddress(
     MacroAssembler* masm, Register num_args, Register start_addr,
     Register scratch1, Register scratch2, int num_slots_to_move,
     Label* stack_overflow) {
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
   // We have to move return address and the temporary registers above it
   // before we can copy arguments onto the stack. To achieve this:
   // Step 1: Increment the stack pointer by num_args + 1 (for receiver).
@@ -1101,6 +1102,7 @@ void Generate_InterpreterPushZeroAndArgsAndReturnAddress(
 // static
 void Builtins::Generate_InterpreterPushArgsThenConstructImpl(
     MacroAssembler* masm, InterpreterPushArgsMode mode) {
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
   // ----------- S t a t e -------------
   //  -- eax     : the number of arguments (not including the receiver)
   //  -- ecx     : the address of the first argument to be pushed. Subsequent
@@ -1129,24 +1131,28 @@ void Builtins::Generate_InterpreterPushArgsThenConstructImpl(
     // Tail call to the array construct stub (still in the caller context at
     // this point).
 
-    __ PopReturnAddressTo(ebx);
+    __ movd(xmm0, eax);  // Spill number of arguments.
+    __ PopReturnAddressTo(eax);
     __ Pop(kJavaScriptCallExtraArg1Register);
     __ Pop(kJavaScriptCallNewTargetRegister);
     __ Pop(kJavaScriptCallTargetRegister);
-    __ PushReturnAddressFrom(ebx);
+    __ PushReturnAddressFrom(eax);
+    __ movd(eax, xmm0);  // Reload number of arguments.
 
     __ AssertFunction(kJavaScriptCallTargetRegister);
     __ AssertUndefinedOrAllocationSite(kJavaScriptCallExtraArg1Register);
     __ Jump(BUILTIN_CODE(masm->isolate(), ArrayConstructorImpl),
             RelocInfo::CODE_TARGET);
   } else if (mode == InterpreterPushArgsMode::kWithFinalSpread) {
-    __ PopReturnAddressTo(ebx);
+    __ movd(xmm0, eax);  // Spill number of arguments.
+    __ PopReturnAddressTo(eax);
     __ Drop(1);  // The allocation site is unused.
     __ Pop(kJavaScriptCallNewTargetRegister);
     __ Pop(kJavaScriptCallTargetRegister);
     __ Pop(ecx);  // Pop the spread (i.e. the first argument), overwriting ecx.
+    __ PushReturnAddressFrom(eax);
+    __ movd(eax, xmm0);         // Reload number of arguments.
     __ sub(eax, Immediate(1));  // The actual argc thus decrements by one.
-    __ PushReturnAddressFrom(ebx);
 
     __ Jump(BUILTIN_CODE(masm->isolate(), ConstructWithSpread),
             RelocInfo::CODE_TARGET);