[turbofan] Fix kArchTailCallCodeObject on ia32/x64.

Previously these instructions tried to jump to the value at the code entry's
location, rather than jumping to this location. Also adds a test.

BUG=v8:4280
LOG=N

Review URL: https://codereview.chromium.org/1265723003

Cr-Commit-Position: refs/heads/master@{#29949}

diff --git a/src/compiler/ia32/code-generator-ia32.cc b/src/compiler/ia32/code-generator-ia32.cc
index 4690a8cc05d869893778ed9f12c229b2b10f88c5..12eb42448609fad66a009c6d8116812921283bb0 100644 (file)
--- a/src/compiler/ia32/code-generator-ia32.cc
+++ b/src/compiler/ia32/code-generator-ia32.cc
@@ -318,7 +318,8 @@ void CodeGenerator::AssembleArchInstruction(Instruction* instr) {
         __ jmp(code, RelocInfo::CODE_TARGET);
       } else {
         Register reg = i.InputRegister(0);
-        __ jmp(Operand(reg, Code::kHeaderSize - kHeapObjectTag));
+        __ add(reg, Immediate(Code::kHeaderSize - kHeapObjectTag));
+        __ jmp(reg);
       }
       break;
     }

diff --git a/src/compiler/x64/code-generator-x64.cc b/src/compiler/x64/code-generator-x64.cc
index bdce0832011e4ce8a1c21a301c1672535e7f7171..56477d66b66c9baa0d527da7ed3554d1d69f4e0a 100644 (file)
--- a/src/compiler/x64/code-generator-x64.cc
+++ b/src/compiler/x64/code-generator-x64.cc
@@ -567,8 +567,8 @@ void CodeGenerator::AssembleArchInstruction(Instruction* instr) {
         __ jmp(code, RelocInfo::CODE_TARGET);
       } else {
         Register reg = i.InputRegister(0);
-        int entry = Code::kHeaderSize - kHeapObjectTag;
-        __ jmp(Operand(reg, entry));
+        __ addp(reg, Immediate(Code::kHeaderSize - kHeapObjectTag));
+        __ jmp(reg);
       }
       break;
     }