Reland "[liftoff][tail-call] Add indirect tail calls"

This is a reland of 06bdd8d6

Original change's description:
> [liftoff][tail-call] Add indirect tail calls
> 
> R=clemensb@chromium.org
> 
> Bug: v8:10693
> Change-Id: Ic71d873bf7099ba671b9db1e87392d54aeebd7cf
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2312096
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#68996}

Bug: v8:10693
Change-Id: Ia360be2fff1e98fab969dd4ffa14b5991ec743af
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2316304
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69064}

src/wasm/baseline/arm/liftoff-assembler-arm.h

@@ -3623,6 +3623,11 @@ void LiftoffAssembler::CallIndirect(const wasm::FunctionSig* sig,
   Call(target);
 }
 
+void LiftoffAssembler::TailCallIndirect(Register target) {
+  DCHECK(target != no_reg);
+  Jump(target);
+}
+
 void LiftoffAssembler::CallRuntimeStub(WasmCode::RuntimeStubId sid) {
   // A direct call to a wasm runtime stub defined in this module.
   // Just encode the stub index. This will be patched at relocation.

src/wasm/baseline/arm64/liftoff-assembler-arm64.h

@@ -2636,6 +2636,17 @@ void LiftoffAssembler::CallIndirect(const wasm::FunctionSig* sig,
   Call(target);
 }
 
+void LiftoffAssembler::TailCallIndirect(Register target) {
+  DCHECK(target.is_valid());
+  // When control flow integrity is enabled, the target is a "bti c"
+  // instruction, which enforces that the jump instruction is either a "blr", or
+  // a "br" with x16 or x17 as its destination.
+  UseScratchRegisterScope temps(this);
+  temps.Exclude(x17);
+  Mov(x17, target);
+  Jump(x17);
+}
+
 void LiftoffAssembler::CallRuntimeStub(WasmCode::RuntimeStubId sid) {
   // A direct call to a wasm runtime stub defined in this module.
   // Just encode the stub index. This will be patched at relocation.

src/wasm/baseline/ia32/liftoff-assembler-ia32.h

@@ -4354,6 +4354,17 @@ void LiftoffAssembler::CallIndirect(const wasm::FunctionSig* sig,
   }
 }
 
+void LiftoffAssembler::TailCallIndirect(Register target) {
+  // Since we have more cache registers than parameter registers, the
+  // {LiftoffCompiler} should always be able to place {target} in a register.
+  DCHECK(target.is_valid());
+  if (FLAG_untrusted_code_mitigations) {
+    RetpolineJump(target);
+  } else {
+    jmp(target);
+  }
+}
+
 void LiftoffAssembler::CallRuntimeStub(WasmCode::RuntimeStubId sid) {
   // A direct call to a wasm runtime stub defined in this module.
   // Just encode the stub index. This will be patched at relocation.

src/wasm/baseline/liftoff-assembler.h

@@ -1103,6 +1103,7 @@ class LiftoffAssembler : public TurboAssembler {
   inline void CallIndirect(const FunctionSig* sig,
                            compiler::CallDescriptor* call_descriptor,
                            Register target);
+  inline void TailCallIndirect(Register target);
   inline void CallRuntimeStub(WasmCode::RuntimeStubId sid);
 
   // Reserve space in the current frame, store address to space in {addr}.

src/wasm/baseline/x64/liftoff-assembler-x64.h

@@ -3927,6 +3927,18 @@ void LiftoffAssembler::CallIndirect(const wasm::FunctionSig* sig,
   }
 }
 
+void LiftoffAssembler::TailCallIndirect(Register target) {
+  if (target == no_reg) {
+    popq(kScratchRegister);
+    target = kScratchRegister;
+  }
+  if (FLAG_untrusted_code_mitigations) {
+    RetpolineJump(target);
+  } else {
+    jmp(target);
+  }
+}
+
 void LiftoffAssembler::CallRuntimeStub(WasmCode::RuntimeStubId sid) {
   // A direct call to a wasm runtime stub defined in this module.
   // Just encode the stub index. This will be patched at relocation.