Version 3.19.18
Fixed read-only attribute of Function.length in strict mode. (issue 2705)
Fixed Runtime_SetProperty to properly handle OOM failures (Chromium issue 249873)
Emit deprecated check for constant function transitions. (Chromium issue 250609)
Made MathFloorOfDiv optimization trigger more often (Issue 2205)
Make more GCs in idle notification handler. (Chromium issue 241815)
Increased default type info threshold. (Issue 2730)
git-svn-id: http://v8.googlecode.com/svn/trunk@15191 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index aa4b8a2..f3483eb 100644
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -4688,7 +4688,7 @@
Label initialize, done;
// Load the cache state into ecx.
- __ mov(ecx, FieldOperand(ebx, JSGlobalPropertyCell::kValueOffset));
+ __ mov(ecx, FieldOperand(ebx, PropertyCell::kValueOffset));
// A monomorphic cache hit or an already megamorphic state: invoke the
// function without changing the state.
@@ -7661,11 +7661,11 @@
void StoreArrayLiteralElementStub::Generate(MacroAssembler* masm) {
// ----------- S t a t e -------------
// -- eax : element value to store
- // -- ebx : array literal
- // -- edi : map of array literal
// -- ecx : element index as smi
- // -- edx : array literal index in function
// -- esp[0] : return address
+ // -- esp[4] : array literal index in function
+ // -- esp[8] : array literal
+ // clobbers ebx, edx, edi
// -----------------------------------
Label element_done;
@@ -7675,6 +7675,11 @@
Label slow_elements_from_double;
Label fast_elements;
+ // Get array literal index, array literal and its map.
+ __ mov(edx, Operand(esp, 1 * kPointerSize));
+ __ mov(ebx, Operand(esp, 2 * kPointerSize));
+ __ mov(edi, FieldOperand(ebx, JSObject::kMapOffset));
+
__ CheckFastElements(edi, &double_elements);
// Check for FAST_*_SMI_ELEMENTS or FAST_*_ELEMENTS elements