x87: fix x87 FPU stack depth check fail issue in TurboFan's exception handler

  Unstructured control flow caused by excpetion leads to a wrong x87 FPU stack
  state in TurboFan's exception handler.

  This patch is to reset the x87 FPU stack state when calling the TurboFan's exception
  handler from the CEntryStub.

BUG=

Review URL: https://codereview.chromium.org/1702383005

Cr-Commit-Position: refs/heads/master@{#34109}

src/compiler/x87/code-generator-x87.cc

@@ -360,41 +360,18 @@ void CodeGenerator::AssemblePrepareTailCall(int stack_param_delta) {
   frame_access_state()->SetFrameAccessToSP();
 }
 
-thread_local bool is_handler_entry_point = false;
-static void DoEnsureSpaceForLazyDeopt(CompilationInfo* info,
-                                      MacroAssembler* masm,
-                                      int last_lazy_deopt_pc) {
-  if (!info->ShouldEnsureSpaceForLazyDeopt()) {
-    return;
-  }
-
-  int space_needed = Deoptimizer::patch_size();
-  // Ensure that we have enough space after the previous lazy-bailout
-  // instruction for patching the code here.
-  int current_pc = masm->pc_offset();
-  if (current_pc < last_lazy_deopt_pc + space_needed) {
-    int padding_size = last_lazy_deopt_pc + space_needed - current_pc;
-    masm->Nop(padding_size);
-  }
-}
 
 // Assembles an instruction after register allocation, producing machine code.
 void CodeGenerator::AssembleArchInstruction(Instruction* instr) {
   X87OperandConverter i(this, instr);
-  if (is_handler_entry_point) {
-    // Lazy Bailout entry, need to re-initialize FPU state.
-    __ fninit();
-    __ fld1();
-    is_handler_entry_point = false;
-  }
 
   switch (ArchOpcodeField::decode(instr->opcode())) {
     case kArchCallCodeObject: {
-      DoEnsureSpaceForLazyDeopt(info(), masm(), last_lazy_deopt_pc_);
       if (FLAG_debug_code && FLAG_enable_slow_asserts) {
         __ VerifyX87StackDepth(1);
       }
       __ fstp(0);
+      EnsureSpaceForLazyDeopt();
       if (HasImmediateInput(instr, 0)) {
         Handle<Code> code = Handle<Code>::cast(i.InputHeapObject(0));
         __ call(code, RelocInfo::CODE_TARGET);
@@ -439,7 +416,7 @@ void CodeGenerator::AssembleArchInstruction(Instruction* instr) {
       break;
     }
     case kArchCallJSFunction: {
-      DoEnsureSpaceForLazyDeopt(info(), masm(), last_lazy_deopt_pc_);
+      EnsureSpaceForLazyDeopt();
       Register func = i.InputRegister(0);
       if (FLAG_debug_code) {
         // Check the function's context matches the context argument.
@@ -2239,8 +2216,18 @@ void CodeGenerator::AddNopForSmiCodeInlining() { __ nop(); }
 
 
 void CodeGenerator::EnsureSpaceForLazyDeopt() {
-  is_handler_entry_point = true;
-  DoEnsureSpaceForLazyDeopt(info(), masm(), last_lazy_deopt_pc_);
+  if (!info()->ShouldEnsureSpaceForLazyDeopt()) {
+    return;
+  }
+
+  int space_needed = Deoptimizer::patch_size();
+  // Ensure that we have enough space after the previous lazy-bailout
+  // instruction for patching the code here.
+  int current_pc = masm()->pc_offset();
+  if (current_pc < last_lazy_deopt_pc_ + space_needed) {
+    int padding_size = last_lazy_deopt_pc_ + space_needed - current_pc;
+    __ Nop(padding_size);
+  }
 }
 
 #undef __

src/x87/code-stubs-x87.cc

@@ -1688,6 +1688,16 @@ void CEntryStub::Generate(MacroAssembler* masm) {
   // Compute the handler entry address and jump to it.
   __ mov(edi, Operand::StaticVariable(pending_handler_code_address));
   __ mov(edx, Operand::StaticVariable(pending_handler_offset_address));
+  // Check whether it's a turbofanned exception handler code before jump to it.
+  Label not_turbo;
+  __ push(eax);
+  __ mov(eax, Operand(edi, Code::kKindSpecificFlags1Offset - kHeapObjectTag));
+  __ and_(eax, Immediate(1 << Code::kIsTurbofannedBit));
+  __ j(zero, &not_turbo);
+  __ fninit();
+  __ fld1();
+  __ bind(&not_turbo);
+  __ pop(eax);
   __ lea(edi, FieldOperand(edi, edx, times_1, Code::kHeaderSize));
   __ jmp(edi);
 }