Fix bug when optimized code map is evicted.

This makes sure that both, the shared function info and it's optimized
code map get revisited when the code map is evicted from the flusher.

R=hpayer@chromium.org
TEST=mjsunit/debug-set-variable-value

Review URL: https://codereview.chromium.org/14703009

Cr-Commit-Position: refs/heads/master@{#29387}

diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index e465977d4efcf26e8a252dbb05524a07913d4836..bfc3e8f2ffe3353e19640c06a9571fcfa3849aa0 100644 (file)
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -1056,11 +1056,12 @@ void CodeFlusher::EvictCandidate(JSFunction* function) {
 
 
 void CodeFlusher::EvictOptimizedCodeMap(SharedFunctionInfo* code_map_holder) {
-  DCHECK(!FixedArray::cast(code_map_holder->optimized_code_map())
-              ->get(SharedFunctionInfo::kNextMapIndex)
-              ->IsUndefined());
+  FixedArray* code_map =
+      FixedArray::cast(code_map_holder->optimized_code_map());
+  DCHECK(!code_map->get(SharedFunctionInfo::kNextMapIndex)->IsUndefined());
 
   // Make sure previous flushing decisions are revisited.
+  isolate_->heap()->incremental_marking()->RecordWrites(code_map);
   isolate_->heap()->incremental_marking()->RecordWrites(code_map_holder);
 
   if (FLAG_trace_code_flushing) {