Fix overflow check in ujit

ujit_codegen.c

@@ -1128,11 +1128,10 @@ gen_opt_swb_iseq(jitstate_t* jit, ctx_t* ctx, struct rb_call_data * cd, const rb
 
     // Stack overflow check
     // #define CHECK_VM_STACK_OVERFLOW0(cfp, sp, margin)
-    // REG_CFP <= REG_SP + 4 * sizeof(VALUE) + sizeof(rb_control_frame_t)
-    lea(cb, REG0, ctx_sp_opnd(ctx, sizeof(VALUE) * 4 + sizeof(rb_control_frame_t)));
+    lea(cb, REG0, ctx_sp_opnd(ctx, sizeof(VALUE) * (num_locals + iseq->body->stack_max) + sizeof(rb_control_frame_t)));
     cmp(cb, REG_CFP, REG0);
     jle_ptr(cb, side_exit);
-    
+
     // Adjust the callee's stack pointer
     lea(cb, REG0, ctx_sp_opnd(ctx, sizeof(VALUE) * (3 + num_locals)));
 

ujit_core.c

@@ -32,7 +32,7 @@ Get an operand for the adjusted stack pointer address
 x86opnd_t
 ctx_sp_opnd(ctx_t* ctx, int32_t offset_bytes)
 {
-    int32_t offset = (ctx->stack_size) * 8 + offset_bytes;
+    int32_t offset = (ctx->stack_size) * sizeof(VALUE) + offset_bytes;
     return mem_opnd(64, REG_SP, offset);
 }
 
@@ -51,7 +51,7 @@ ctx_stack_push(ctx_t* ctx, int type)
     ctx->stack_size += 1;
 
     // SP points just above the topmost value
-    int32_t offset = (ctx->stack_size - 1) * 8;
+    int32_t offset = (ctx->stack_size - 1) * sizeof(VALUE);
     return mem_opnd(64, REG_SP, offset);
 }
 
@@ -65,7 +65,7 @@ ctx_stack_pop(ctx_t* ctx, size_t n)
     RUBY_ASSERT(n <= ctx->stack_size);
 
     // SP points just above the topmost value
-    int32_t offset = (ctx->stack_size - 1) * 8;
+    int32_t offset = (ctx->stack_size - 1) * sizeof(VALUE);
     x86opnd_t top = mem_opnd(64, REG_SP, offset);
 
     // Clear the types of the popped values
@@ -88,7 +88,7 @@ x86opnd_t
 ctx_stack_opnd(ctx_t* ctx, int32_t idx)
 {
     // SP points just above the topmost value
-    int32_t offset = (ctx->stack_size - 1 - idx) * 8;
+    int32_t offset = (ctx->stack_size - 1 - idx) * sizeof(VALUE);
     x86opnd_t opnd = mem_opnd(64, REG_SP, offset);
 
     return opnd;