Fix bug in x64 >>> operator.

Whenever >>> produces a non-smi result, the binary op stub would return a wrong result in case of a failed new-space allocation. This also fixes the (flaky) sparse-array-reverse test which was failing sometimes because of this. BUG=v8:1359 TEST=mjsunit/sparse-array-reverse.js Review URL: http://codereview.chromium.org/6927013 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-05 08:17:31 +00:00 · 2011-05-05 08:17:31 +00:00 · b4022f7b73
commit b4022f7b73
parent 4e85fab9f9
1 changed files with 2 additions and 2 deletions
--- a/src/x64/code-stubs-x64.cc
+++ b/src/x64/code-stubs-x64.cc
@ -976,7 +976,7 @@ void TypeRecordingBinaryOpStub::GenerateFloatingPointCode(
        // already loaded heap_number_map.
        __ AllocateInNewSpace(HeapNumber::kSize,
                              rax,
-                              rcx,
+                              rdx,
                              no_reg,
                              &allocation_failed,
                              TAG_OBJECT);
@ -996,7 +996,7 @@ void TypeRecordingBinaryOpStub::GenerateFloatingPointCode(
        // We need tagged values in rdx and rax for the following code,
        // not int32 in rax and rcx.
        __ Integer32ToSmi(rax, rcx);
-        __ Integer32ToSmi(rdx, rax);
+        __ Integer32ToSmi(rdx, rbx);
        __ jmp(allocation_failure);
      }
      break;