[vm] Verify STC input count matches stub expected input count in DEBUG.

If these checks fail, then a `SubtypeNTestCache` stub has been called
with a `SubtypeTestCache` that uses a different number of inputs
than the stub expects, which could lead to unexpected false negatives
or false positives, so catch it early.

TEST=vm/cc/TTS, ci

Change-Id: Ia9c48aad4c35872cad32b7b6f3eead3ee9e59680
Cq-Include-Trybots: luci.dart.try:vm-mac-debug-arm64-try,vm-linux-debug-x64c-try,vm-linux-debug-x64-try,vm-linux-debug-simriscv64-try,vm-linux-debug-ia32-try,vm-aot-linux-debug-simriscv64-try,vm-aot-linux-debug-simarm_x64-try,vm-aot-linux-debug-x64-try,vm-aot-linux-debug-x64c-try
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/311380
Commit-Queue: Tess Strickland <[email protected]>
Reviewed-by: Daco Harkes <[email protected]>

Author: sstrickl

runtime/vm/compiler/stub_code_compiler.cc

@@ -1104,15 +1104,6 @@ void StubCodeCompiler::GenerateSlowTypeTestStub() {
   __ BranchIf(EQUAL, &call_4, Assembler::kNearJump);
   __ CompareImmediate(TypeTestABI::kScratchReg, 6);
   __ BranchIf(EQUAL, &call_6, Assembler::kNearJump);
-#if defined(DEBUG)
-  // Verify we have the all inputs case.
-  Label perform_check;
-  __ CompareImmediate(TypeTestABI::kScratchReg,
-                      target::SubtypeTestCache::kMaxInputs);
-  __ BranchIf(EQUAL, &perform_check, Assembler::kNearJump);
-  __ Breakpoint();
-  __ Bind(&perform_check);
-#endif
   // Fall through to the all inputs case.
 
   {
@@ -3102,6 +3093,15 @@ void StubCodeCompiler::GenerateSubtypeTestCacheSearch(
   }
   // We use this as a scratch, so it has to be distinct from the others.
   ASSERT(!input_regs.ContainsRegister(TypeTestABI::kScratchReg));
+
+  // Verify the STC we received has exactly as many inputs as this stub expects.
+  Label search_stc;
+  __ LoadFromSlot(TypeTestABI::kScratchReg, TypeTestABI::kSubtypeTestCacheReg,
+                  Slot::SubtypeTestCache_num_inputs());
+  __ CompareImmediate(TypeTestABI::kScratchReg, n);
+  __ BranchIf(EQUAL, &search_stc, Assembler::kNearJump);
+  __ Breakpoint();
+  __ Bind(&search_stc);
 #endif
 
   __ LoadAcquireCompressed(

runtime/vm/compiler/stub_code_compiler_ia32.cc

@@ -2454,6 +2454,16 @@ void StubCodeCompiler::GenerateSubtypeNTestCacheStub(Assembler* assembler,
   // Loop initialization (moved up here to avoid having all dependent loads
   // after each other)
   __ LoadFromStack(STCInternal::kCacheArrayReg, STCInternal::kCacheDepth);
+#if defined(DEBUG)
+  // Verify the STC we received has exactly as many inputs as this stub expects.
+  Label search_stc;
+  __ LoadFromSlot(STCInternal::kScratchReg, STCInternal::kCacheArrayReg,
+                  Slot::SubtypeTestCache_num_inputs());
+  __ CompareImmediate(STCInternal::kScratchReg, n);
+  __ BranchIf(EQUAL, &search_stc, Assembler::kNearJump);
+  __ Breakpoint();
+  __ Bind(&search_stc);
+#endif
   // We avoid a load-acquire barrier here by relying on the fact that all other
   // loads from the array are data-dependent loads.
   __ movl(STCInternal::kCacheArrayReg,