[csa][cleanup] Make sure argc is not used directly

Instead of using argc directly, all CSA builtins should use
CodeStubArguments::GetLength().

Bug: v8:11112
Change-Id: Ib62d9d9240e8d42b6b7daed5bdf63f7ab0943fd9
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2563879
Commit-Queue: Patrick Thier <pthier@chromium.org>
Reviewed-by: Victor Gomes <victorgomes@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/master@{#71504}

src/builtins/builtins-array-gen.cc

@@ -99,9 +99,8 @@ void ArrayBuiltinsAssembler::ReturnFromBuiltin(TNode<Object> value) {
   if (argc_ == nullptr) {
     Return(value);
   } else {
-    // argc_ doesn't include the receiver, so it has to be added back in
-    // manually.
-    PopAndReturn(IntPtrAdd(argc_, IntPtrConstant(1)), value);
+    CodeStubArguments args(this, argc());
+    PopAndReturn(args.GetLengthWithReceiver(), value);
   }
 }
 
@@ -621,7 +620,9 @@ void ArrayIncludesIndexofAssembler::Generate(SearchVariant variant,
     Label is_smi(this), is_nonsmi(this), done(this);
 
     // If no fromIndex was passed, default to 0.
-    GotoIf(IntPtrLessThanOrEqual(argc, IntPtrConstant(kFromIndexArg)), &done);
+    GotoIf(
+        IntPtrLessThanOrEqual(args.GetLength(), IntPtrConstant(kFromIndexArg)),
+        &done);
 
     TNode<Object> start_from = args.AtIndex(kFromIndexArg);
     // Handle Smis and undefined here and everything else in runtime.
@@ -1769,12 +1770,13 @@ void ArrayBuiltinsAssembler::GenerateDispatchToArrayStub(
     TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
     AllocationSiteOverrideMode mode,
     base::Optional<TNode<AllocationSite>> allocation_site) {
+  CodeStubArguments args(this, argc);
   Label check_one_case(this), fallthrough(this);
-  GotoIfNot(Word32Equal(argc, Int32Constant(0)), &check_one_case);
+  GotoIfNot(IntPtrEqual(args.GetLength(), IntPtrConstant(0)), &check_one_case);
   CreateArrayDispatchNoArgument(context, target, argc, mode, allocation_site);
 
   BIND(&check_one_case);
-  GotoIfNot(Word32Equal(argc, Int32Constant(1)), &fallthrough);
+  GotoIfNot(IntPtrEqual(args.GetLength(), IntPtrConstant(1)), &fallthrough);
   CreateArrayDispatchSingleArgument(context, target, argc, mode,
                                     allocation_site);
 
@@ -1920,9 +1922,10 @@ void ArrayBuiltinsAssembler::GenerateArrayNArgumentsConstructor(
   CodeStubArguments args(this, argc);
   args.SetReceiver(target);
 
-  // Adjust arguments count for the runtime call: +1 for implicit receiver
-  // and +2 for new_target and maybe_allocation_site.
-  argc = Int32Add(argc, Int32Constant(3));
+  // Adjust arguments count for the runtime call:
+  // +2 for new_target and maybe_allocation_site.
+  argc = Int32Add(TruncateIntPtrToInt32(args.GetLengthWithReceiver()),
+                  Int32Constant(2));
   TailCallRuntime(Runtime::kNewArray, argc, context, new_target,
                   maybe_allocation_site);
 }

src/builtins/builtins-internal-gen.cc

@@ -1097,8 +1097,8 @@ TF_BUILTIN(InstantiateAsmJs, CodeStubAssembler) {
   // pushed is the maximum of actual arguments count and formal parameters
   // count.
   Label argc_lt_param_count(this), argc_ge_param_count(this);
-  Branch(Int32LessThan(arg_count, parameter_count), &argc_lt_param_count,
-         &argc_ge_param_count);
+  Branch(IntPtrLessThan(args.GetLength(), ChangeInt32ToIntPtr(parameter_count)),
+         &argc_lt_param_count, &argc_ge_param_count);
   BIND(&argc_lt_param_count);
   PopAndReturn(Int32Add(parameter_count, Int32Constant(1)),
                maybe_result_or_smi_zero);

src/builtins/builtins-object-gen.cc

@@ -436,7 +436,7 @@ TF_BUILTIN(ObjectAssign, ObjectBuiltinsAssembler) {
 
   Label done(this);
   // 2. If only one argument was passed, return to.
-  GotoIf(UintPtrLessThanOrEqual(argc, IntPtrConstant(1)), &done);
+  GotoIf(UintPtrLessThanOrEqual(args.GetLength(), IntPtrConstant(1)), &done);
 
   // 3. Let sources be the List of argument values starting with the
   //    second argument.

src/builtins/builtins-string-gen.cc

@@ -796,10 +796,12 @@ TF_BUILTIN(StringFromCharCode, StringBuiltinsAssembler) {
   auto context = Parameter<Context>(Descriptor::kContext);
 
   CodeStubArguments arguments(this, argc);
+  TNode<Uint32T> unsigned_argc =
+      Unsigned(TruncateIntPtrToInt32(arguments.GetLength()));
   // Check if we have exactly one argument (plus the implicit receiver), i.e.
   // if the parent frame is not an arguments adaptor frame.
   Label if_oneargument(this), if_notoneargument(this);
-  Branch(Word32Equal(argc, Int32Constant(1)), &if_oneargument,
+  Branch(IntPtrEqual(arguments.GetLength(), IntPtrConstant(1)), &if_oneargument,
          &if_notoneargument);
 
   BIND(&if_oneargument);
@@ -820,7 +822,7 @@ TF_BUILTIN(StringFromCharCode, StringBuiltinsAssembler) {
   {
     Label two_byte(this);
     // Assume that the resulting string contains only one-byte characters.
-    TNode<String> one_byte_result = AllocateSeqOneByteString(Unsigned(argc));
+    TNode<String> one_byte_result = AllocateSeqOneByteString(unsigned_argc);
 
     TVARIABLE(IntPtrT, var_max_index, IntPtrConstant(0));
 
@@ -851,7 +853,7 @@ TF_BUILTIN(StringFromCharCode, StringBuiltinsAssembler) {
     // At least one of the characters in the string requires a 16-bit
     // representation.  Allocate a SeqTwoByteString to hold the resulting
     // string.
-    TNode<String> two_byte_result = AllocateSeqTwoByteString(Unsigned(argc));
+    TNode<String> two_byte_result = AllocateSeqTwoByteString(unsigned_argc);
 
     // Copy the characters that have already been put in the 8-bit string into
     // their corresponding positions in the new 16-bit string.
@@ -1100,11 +1102,11 @@ void StringIncludesIndexOfAssembler::Generate(SearchVariant variant,
   Label argc_1(this), argc_2(this), call_runtime(this, Label::kDeferred),
       fast_path(this);
 
-  GotoIf(IntPtrEqual(argc, IntPtrConstant(1)), &argc_1);
-  GotoIf(IntPtrGreaterThan(argc, IntPtrConstant(1)), &argc_2);
+  GotoIf(IntPtrEqual(arguments.GetLength(), IntPtrConstant(1)), &argc_1);
+  GotoIf(IntPtrGreaterThan(arguments.GetLength(), IntPtrConstant(1)), &argc_2);
   {
     Comment("0 Argument case");
-    CSA_ASSERT(this, IntPtrEqual(argc, IntPtrConstant(0)));
+    CSA_ASSERT(this, IntPtrEqual(arguments.GetLength(), IntPtrConstant(0)));
     TNode<Oddball> undefined = UndefinedConstant();
     var_search_string = undefined;
     var_position = undefined;

src/codegen/code-stub-assembler.cc

@@ -12966,6 +12966,7 @@ CodeStubArguments::CodeStubArguments(CodeStubAssembler* assembler,
   TNode<IntPtrT> offset = assembler_->IntPtrConstant(
       (StandardFrameConstants::kFixedSlotCountAboveFp + 1) *
       kSystemPointerSize);
+  DCHECK_NOT_NULL(argc_);
   // base_ points to the first argument, not the receiver
   // whether present or not.
   base_ = assembler_->RawPtrAdd(fp_, offset);
@@ -12998,6 +12999,12 @@ TNode<Object> CodeStubArguments::AtIndex(int index) const {
   return AtIndex(assembler_->IntPtrConstant(index));
 }
 
+TNode<IntPtrT> CodeStubArguments::GetLengthWithReceiver() const {
+  TNode<IntPtrT> argc = GetLength();
+  argc = assembler_->IntPtrAdd(argc, assembler_->IntPtrConstant(1));
+  return argc;
+}
+
 TNode<Object> CodeStubArguments::GetOptionalArgumentValue(
     TNode<IntPtrT> index, TNode<Object> default_value) {
   CodeStubAssembler::TVariable<Object> result(assembler_);

src/codegen/code-stub-assembler.h

@@ -3796,7 +3796,10 @@ class V8_EXPORT_PRIVATE CodeStubArguments {
   TNode<Object> AtIndex(TNode<IntPtrT> index) const;
   TNode<Object> AtIndex(int index) const;
 
+  // Return the number of arguments (excluding the receiver).
   TNode<IntPtrT> GetLength() const { return argc_; }
+  // Return the number of arguments (including the receiver).
+  TNode<IntPtrT> GetLengthWithReceiver() const;
 
   TorqueStructArguments GetTorqueArguments() const {
     return TorqueStructArguments{fp_, base_, argc_};