From f2ff85ad718fad5a57a3495a971ed24dc32d473d Mon Sep 17 00:00:00 2001
From: "vegorov@chromium.org"
 <vegorov@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Tue, 27 Sep 2011 13:45:13 +0000
Subject: [PATCH] CallFunctionStub was missing a write-barrier for write into
 the global cell.

R=fschneider@chromium.org
BUG=v8:1733

Review URL: http://codereview.chromium.org/8054012

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@9455 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/ia32/code-stubs-ia32.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index 50349bd..0707234 100644
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -4325,6 +4325,7 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
     // megamorphic.
     __ cmp(Operand(ecx), Immediate(UninitializedSentinel(isolate)));
     __ j(equal, &initialize, Label::kNear);
+    // MegamorphicSentinel is a root so no write-barrier is needed.
     __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset),
            Immediate(MegamorphicSentinel(isolate)));
     __ jmp(&call, Label::kNear);
@@ -4332,6 +4333,14 @@ void CallFunctionStub::Generate(MacroAssembler* masm) {
     // An uninitialized cache is patched with the function.
     __ bind(&initialize);
     __ mov(FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset), edi);
+    __ mov(ecx, edi);
+    __ RecordWriteField(ebx,
+                        JSGlobalPropertyCell::kValueOffset,
+                        ecx,
+                        edx,
+                        kDontSaveFPRegs,
+                        OMIT_REMEMBERED_SET,  // Cells are rescanned.
+                        OMIT_SMI_CHECK);
 
     __ bind(&call);
   }
-- 
2.7.4