Commit f2ff85ad authored by vegorov@chromium.org's avatar vegorov@chromium.org

CallFunctionStub was missing a write-barrier for write into the global cell.

R=fschneider@chromium.org
BUG=v8:1733

Review URL: http://codereview.chromium.org/8054012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
parent a79d4395
...@@ -4325,6 +4325,7 @@ void CallFunctionStub::Generate(MacroAssembler* masm) { ...@@ -4325,6 +4325,7 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
// megamorphic. // megamorphic.
__ cmp(Operand(ecx), Immediate(UninitializedSentinel(isolate))); __ cmp(Operand(ecx), Immediate(UninitializedSentinel(isolate)));
__ j(equal, &initialize, Label::kNear); __ j(equal, &initialize, Label::kNear);
// MegamorphicSentinel is a root so no write-barrier is needed.
__ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset),
Immediate(MegamorphicSentinel(isolate))); Immediate(MegamorphicSentinel(isolate)));
__ jmp(&call, Label::kNear); __ jmp(&call, Label::kNear);
...@@ -4332,6 +4333,14 @@ void CallFunctionStub::Generate(MacroAssembler* masm) { ...@@ -4332,6 +4333,14 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
// An uninitialized cache is patched with the function. // An uninitialized cache is patched with the function.
__ bind(&initialize); __ bind(&initialize);
__ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi); __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi);
__ mov(ecx, edi);
__ RecordWriteField(ebx,
JSGlobalPropertyCell::kValueOffset,
ecx,
edx,
kDontSaveFPRegs,
OMIT_REMEMBERED_SET, // Cells are rescanned.
OMIT_SMI_CHECK);
__ bind(&call); __ bind(&call);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment