From f4c42cabcf01f7bd41fd2172e25bafab3897c6c3 Mon Sep 17 00:00:00 2001
From: Victor Gomes <victorgomes@chromium.org>
Date: Thu, 15 Oct 2020 14:05:31 +0200
Subject: [PATCH] [asmjs] Fix InstantiateAsmJs when no arguments adaptor

Change-Id: Idd0443968cc097a4e7339d7f26ca049909a8eddc
Bug: chromium:1138776, v8:10201
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2474791
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Auto-Submit: Victor Gomes <victorgomes@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70531}
---
 src/builtins/builtins-internal-gen.cc | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/builtins/builtins-internal-gen.cc b/src/builtins/builtins-internal-gen.cc
index 664bfc085a..4108d897f6 100644
--- a/src/builtins/builtins-internal-gen.cc
+++ b/src/builtins/builtins-internal-gen.cc
@@ -1072,6 +1072,22 @@ TF_BUILTIN(InstantiateAsmJs, CodeStubAssembler) {
   TNode<Object> maybe_result_or_smi_zero = CallRuntime(
       Runtime::kInstantiateAsmJs, context, function, stdlib, foreign, heap);
   GotoIf(TaggedIsSmi(maybe_result_or_smi_zero), &tailcall_to_function);
+
+#ifdef V8_NO_ARGUMENTS_ADAPTOR
+  TNode<SharedFunctionInfo> shared = LoadJSFunctionSharedFunctionInfo(function);
+  TNode<Int32T> parameter_count =
+      UncheckedCast<Int32T>(LoadSharedFunctionInfoFormalParameterCount(shared));
+  // This builtin intercepts a call to {function}, where the number of arguments
+  // pushed is the maximum of actual arguments count and formal parameters
+  // count.
+  Label argc_lt_param_count(this), argc_ge_param_count(this);
+  Branch(Int32LessThan(arg_count, parameter_count), &argc_lt_param_count,
+         &argc_ge_param_count);
+  BIND(&argc_lt_param_count);
+  PopAndReturn(Int32Add(parameter_count, Int32Constant(1)),
+               maybe_result_or_smi_zero);
+  BIND(&argc_ge_param_count);
+#endif
   args.PopAndReturn(maybe_result_or_smi_zero);
 
   BIND(&tailcall_to_function);