More set_map() calls replaced with MigrateToMap().

src/factory.cc

Index: src/factory.cc
diff --git a/src/factory.cc b/src/factory.cc
index 1996e736f03d207894ab13e8a14c6d72075b3760..c2489fb60b1e1357ac4d0d811d4fd1b4d4a3052c 100644
--- a/src/factory.cc
+++ b/src/factory.cc
@@ -1818,8 +1818,14 @@ void Factory::ReinitializeJSReceiver(Handle<JSReceiver> object,
   // before object re-initialization is finished and filler object is installed.
   DisallowHeapAllocation no_allocation;
 
+  // Put in filler if the new object is smaller than the old.
+  if (size_difference > 0) {
+    heap->CreateFillerObjectAt(
+        object->address() + map->instance_size(), size_difference);

[Toon Verwaest, 2014/06/24 13:15:13]

AdjustLiveBytes?

[Igor Sheludko, 2014/06/24 13:55:54]

Done.

+  }
+
   // Reset the map for the object.
-  object->set_map(*map);
+  object->synchronized_set_map(*map);
   Handle<JSObject> jsobj = Handle<JSObject>::cast(object);
 
   // Reinitialize the object from the constructor map.
@@ -1832,12 +1838,6 @@ void Factory::ReinitializeJSReceiver(Handle<JSReceiver> object,
     Handle<Context> context(isolate()->context()->native_context());
     InitializeFunction(js_function, shared.ToHandleChecked(), context);
   }
-
-  // Put in filler if the new object is smaller than the old.
-  if (size_difference > 0) {
-    heap->CreateFillerObjectAt(
-        object->address() + map->instance_size(), size_difference);
-  }
 }
 
 
@@ -1863,7 +1863,7 @@ void Factory::ReinitializeJSGlobalProxy(Handle<JSGlobalProxy> object,
   DisallowHeapAllocation no_allocation;
 
   // Reset the map for the object.
-  object->set_map(constructor->initial_map());
+  object->synchronized_set_map(*map);
 
   Heap* heap = isolate()->heap();
   // Reinitialize the object from the constructor map.