CallFunctionStub was missing a write-barrier for write into the global cell.

R=fschneider@chromium.org
BUG=v8:1733

Review URL: http://codereview.chromium.org/8054012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index 50349bd2c921b5665d3651cfbfebd402dd54a11b..0707234fccead5740e976665b36bfedb9c33a172 100644 (file)
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -4325,6 +4325,7 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
     // megamorphic.
     __ cmp(Operand(ecx), Immediate(UninitializedSentinel(isolate)));
     __ j(equal, &initialize, Label::kNear);
+    // MegamorphicSentinel is a root so no write-barrier is needed.
     __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset),
            Immediate(MegamorphicSentinel(isolate)));
     __ jmp(&call, Label::kNear);
@@ -4332,6 +4333,14 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
     // An uninitialized cache is patched with the function.
     __ bind(&initialize);
     __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi);
+    __ mov(ecx, edi);
+    __ RecordWriteField(ebx,
+                        JSGlobalPropertyCell::kValueOffset,
+                        ecx,
+                        edx,
+                        kDontSaveFPRegs,
+                        OMIT_REMEMBERED_SET,  // Cells are rescanned.
+                        OMIT_SMI_CHECK);
 
     __ bind(&call);
   }