From: lrn@chromium.org <lrn@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Wed, 18 May 2011 07:40:51 +0000 (+0000)
Subject: Fix push of untagged value in type-recording unary op stub.
X-Git-Tag: upstream/4.7.83~19390
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6932196aa865b6c80e5f402d31e22955223d998f;p=platform%2Fupstream%2Fv8.git

Fix push of untagged value in type-recording unary op stub.

Review URL: http://codereview.chromium.org/7037007

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7919 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---

diff --git a/src/ia32/code-stubs-ia32.cc b/src/ia32/code-stubs-ia32.cc
index 01ffb0e35..534c18753 100644
--- a/src/ia32/code-stubs-ia32.cc
+++ b/src/ia32/code-stubs-ia32.cc
@@ -746,15 +746,24 @@ void TypeRecordingUnaryOpStub::GenerateHeapNumberCodeBitNot(
   __ bind(&try_float);
   if (mode_ == UNARY_NO_OVERWRITE) {
     Label slow_allocate_heapnumber, heapnumber_allocated;
+    __ mov(ebx, eax);
     __ AllocateHeapNumber(eax, edx, edi, &slow_allocate_heapnumber);
     __ jmp(&heapnumber_allocated);
 
     __ bind(&slow_allocate_heapnumber);
     __ EnterInternalFrame();
-    __ push(ecx);
+    // Push the original HeapNumber on the stack. The integer value can't
+    // be stored since it's untagged and not in the smi range (so we can't
+    // smi-tag it). We'll recalculate the value after the GC instead.
+    __ push(ebx);
     __ CallRuntime(Runtime::kNumberAlloc, 0);
-    __ pop(ecx);
+    // New HeapNumber is in eax.
+    __ pop(edx);
     __ LeaveInternalFrame();
+    // IntegerConvert uses ebx and edi as scratch registers.
+    // This conversion won't go slow-case.
+    IntegerConvert(masm, edx, CpuFeatures::IsSupported(SSE3), slow);
+    __ not_(ecx);
 
     __ bind(&heapnumber_allocated);
   }