Fix bug in x64 >>> operator.

Whenever >>> produces a non-smi result, the binary op stub would
return a wrong result in case of a failed new-space allocation.

This also fixes the (flaky) sparse-array-reverse test which was failing
sometimes because of this.

BUG=v8:1359
TEST=mjsunit/sparse-array-reverse.js
Review URL: http://codereview.chromium.org/6927013

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7790 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/x64/code-stubs-x64.cc b/src/x64/code-stubs-x64.cc
index cbdc022..77b0642 100644 (file)
--- a/src/x64/code-stubs-x64.cc
+++ b/src/x64/code-stubs-x64.cc
@@ -976,7 +976,7 @@ void TypeRecordingBinaryOpStub::GenerateFloatingPointCode(
         // already loaded heap_number_map.
         __ AllocateInNewSpace(HeapNumber::kSize,
                               rax,
-                              rcx,
+                              rdx,
                               no_reg,
                               &allocation_failed,
                               TAG_OBJECT);
@@ -996,7 +996,7 @@ void TypeRecordingBinaryOpStub::GenerateFloatingPointCode(
         // We need tagged values in rdx and rax for the following code,
         // not int32 in rax and rcx.
         __ Integer32ToSmi(rax, rcx);
-        __ Integer32ToSmi(rdx, rax);
+        __ Integer32ToSmi(rdx, rbx);
         __ jmp(allocation_failure);
       }
       break;