[ia32,root] Port all CEntry variants

Not much to do here. This CL bakes in incompatibility between
poisoning and embedded builtins, since we cannot unconditionally reset
the poison register (which we reused as kRootRegister) as we used to.

It also exposes a bug introduced in [0] where we set
Isolate::c_function to a garbage value.

[0] https://chromium-review.googlesource.com/1185011

Bug: v8:6666
Change-Id: Ia606f5d0e86c7ff68aa2af22acb89c2844519bf5
Reviewed-on: https://chromium-review.googlesource.com/1233255
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#56038}

src/builtins/ia32/builtins-ia32.cc

@@ -2490,6 +2490,11 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
   // If argv_mode == kArgvInRegister:
   // ecx: pointer to the first argument
 
+#ifdef V8_EMBEDDED_BUILTINS
+  // TODO(v8:6666): Remove the ifdef once branch load poisoning is removed.
+  Assembler::SupportsRootRegisterScope supports_root_register(masm);
+#endif
+
   STATIC_ASSERT(eax == kRuntimeCallArgCountRegister);
   STATIC_ASSERT(ecx == kRuntimeCallArgvRegister);
   STATIC_ASSERT(edx == kRuntimeCallFunctionRegister);
@@ -2609,11 +2614,17 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
   __ mov(Operand(ebp, StandardFrameConstants::kContextOffset), esi);
   __ bind(&skip);
 
+#ifdef V8_EMBEDDED_BUILTINS
+  STATIC_ASSERT(kRootRegister == kSpeculationPoisonRegister);
+  CHECK(!FLAG_untrusted_code_mitigations);
+  CHECK(!FLAG_branch_load_poisoning);
+#else
   // Reset the masking register. This is done independent of the underlying
   // feature flag {FLAG_branch_load_poisoning} to make the snapshot work with
   // both configurations. It is safe to always do this, because the underlying
   // register is caller-saved and can be arbitrarily clobbered.
   __ ResetSpeculationPoisonRegister();
+#endif
 
   // Compute the handler entry address and jump to it.
   __ mov(edi, __ StaticVariable(pending_handler_entrypoint_address));

src/ia32/macro-assembler-ia32.cc

@@ -732,6 +732,9 @@ void MacroAssembler::EnterExitFramePrologue(StackFrame::Type frame_type) {
   DCHECK_EQ(-3 * kPointerSize, ExitFrameConstants::kCodeOffset);
   push(Immediate(CodeObject()));  // Accessed from ExitFrame::code_slot.
 
+  STATIC_ASSERT(edx == kRuntimeCallFunctionRegister);
+  STATIC_ASSERT(esi == kContextRegister);
+
   // Save the frame pointer and the context in top.
   ExternalReference c_entry_fp_address =
       ExternalReference::Create(IsolateAddressId::kCEntryFPAddress, isolate());
@@ -741,7 +744,7 @@ void MacroAssembler::EnterExitFramePrologue(StackFrame::Type frame_type) {
       ExternalReference::Create(IsolateAddressId::kCFunctionAddress, isolate());
   mov(StaticVariable(c_entry_fp_address), ebp);
   mov(StaticVariable(context_address), esi);
-  mov(StaticVariable(c_function_address), ebx);
+  mov(StaticVariable(c_function_address), edx);
 }