Version 3.16.7
Removed <(library) usage from v8.gyp. (Chromium issue 111541)
Fixed out of bounds memory access in TestJSArrayForAllocationSiteInfo. (Chromium issue 169928)
Performance and stability improvements on all platforms.
git-svn-id: http://v8.googlecode.com/svn/trunk@13451 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/src/x64/macro-assembler-x64.cc b/src/x64/macro-assembler-x64.cc
index 52699e7..b0f3f8d 100644
--- a/src/x64/macro-assembler-x64.cc
+++ b/src/x64/macro-assembler-x64.cc
@@ -4615,13 +4615,13 @@
ExternalReference::new_space_allocation_top_address(isolate());
lea(scratch_reg, Operand(receiver_reg,
- JSArray::kSize + AllocationSiteInfo::kSize));
+ JSArray::kSize + AllocationSiteInfo::kSize - kHeapObjectTag));
movq(kScratchRegister, new_space_start);
cmpq(scratch_reg, kScratchRegister);
j(less, &no_info_available);
cmpq(scratch_reg, ExternalOperand(new_space_allocation_top));
- j(greater_equal, &no_info_available);
- CompareRoot(MemOperand(scratch_reg, 0),
+ j(greater, &no_info_available);
+ CompareRoot(MemOperand(scratch_reg, -AllocationSiteInfo::kSize),
Heap::kAllocationSiteInfoMapRootIndex);
j(equal, allocation_info_present);
bind(&no_info_available);