[wasm] Fix lazy compile builtin for arm64

When returning from the runtime function, move jssp back to csp. The
csp might have been changed by the runtime function, but jssp should
have been restored to its original value.

R=ahaas@chromium.org
BUG=v8:5822

Change-Id: I300263a586ca546a4d7f925730f1f38b680379ca
Reviewed-on: https://chromium-review.googlesource.com/457372Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43967}

src/builtins/arm64/builtins-arm64.cc

@@ -3070,6 +3070,8 @@ void Builtins::Generate_ArgumentsAdaptorTrampoline(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_WasmCompileLazy(MacroAssembler* masm) {
+  // Wasm code uses the csp. This builtin excepts to use the jssp.
+  // Thus, move csp to jssp when entering this builtin (called from wasm).
   DCHECK(masm->StackPointer().is(jssp));
   __ Move(jssp, csp);
   {
@@ -3096,6 +3098,9 @@ void Builtins::Generate_WasmCompileLazy(MacroAssembler* masm) {
     __ PopDRegList(fp_regs);
     __ PopXRegList(gp_regs);
   }
+  // Move back to csp land. jssp now has the same value as when entering this
+  // function, but csp might have changed in the runtime call.
+  __ Move(csp, jssp);
   // Now jump to the instructions of the returned code object.
   __ Jump(x8);
 }