Bug 791589 - Mark the ArgumentsRectifier in visitApplyArgsGeneric(). r=mjrosenb
authorSean Stangl <sstangl@mozilla.com>
Wed, 19 Sep 2012 15:28:16 -0700
changeset 107664 99a42cef003f2c8e7dc8dd9c625b8cceadf8d596
parent 107663 6c85aa92f4abc466790c728997d435cc5c7cab8f
child 107665 326ee1d5c9b0252cbde0bb99497aaa04e0c965bb
push id82
push usershu@rfrn.org
push dateFri, 05 Oct 2012 13:20:22 +0000
reviewersmjrosenb
bugs791589
milestone18.0a1
Bug 791589 - Mark the ArgumentsRectifier in visitApplyArgsGeneric(). r=mjrosenb
js/src/ion/CodeGenerator.cpp
--- a/js/src/ion/CodeGenerator.cpp
+++ b/js/src/ion/CodeGenerator.cpp
@@ -1091,18 +1091,19 @@ CodeGenerator::visitApplyArgsGeneric(LAp
 
             // Hardcode the address of the argumentsRectifier code.
             IonCompartment *ion = gen->ionCompartment();
             IonCode *argumentsRectifier = ion->getArgumentsRectifier(GetIonContext()->cx);
             if (!argumentsRectifier)
                 return false;
 
             JS_ASSERT(ArgumentsRectifierReg != objreg);
+            masm.movePtr(ImmGCPtr(argumentsRectifier), objreg); // Necessary for GC marking.
+            masm.movePtr(Address(objreg, IonCode::OffsetOfCode()), objreg);
             masm.movePtr(argcreg, ArgumentsRectifierReg);
-            masm.movePtr(ImmWord(argumentsRectifier->raw()), objreg);
         }
 
         masm.bind(&rejoin);
 
         // Finally call the function in objreg, as assigned by one of the paths above.
         uint32 callOffset = masm.callIon(objreg);
         if (!markSafepointAt(callOffset, apply))
             return false;