Only fill in holes if storing the number to the double array has succeeded.

Review URL: https://chromiumcodereview.appspot.com/11299200

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@13067 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

src/arm/stub-cache-arm.cc

@@ -4795,14 +4795,6 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     __ str(scratch1,
            FieldMemOperand(elements_reg, FixedDoubleArray::kLengthOffset));
 
-    __ mov(scratch1, Operand(kHoleNanLower32));
-    __ mov(scratch2, Operand(kHoleNanUpper32));
-    for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
-      int offset = FixedDoubleArray::OffsetOfElementAt(i);
-      __ str(scratch1, FieldMemOperand(elements_reg, offset));
-      __ str(scratch2, FieldMemOperand(elements_reg, offset + kPointerSize));
-    }
-
     __ mov(scratch1, elements_reg);
     __ StoreNumberToDoubleElements(value_reg,
                                    key_reg,
@@ -4814,6 +4806,14 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
                                    scratch5,
                                    &transition_elements_kind);
 
+    __ mov(scratch1, Operand(kHoleNanLower32));
+    __ mov(scratch2, Operand(kHoleNanUpper32));
+    for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
+      int offset = FixedDoubleArray::OffsetOfElementAt(i);
+      __ str(scratch1, FieldMemOperand(elements_reg, offset));
+      __ str(scratch2, FieldMemOperand(elements_reg, offset + kPointerSize));
+    }
+
     // Install the new backing store in the JSArray.
     __ str(elements_reg,
            FieldMemOperand(receiver_reg, JSObject::kElementsOffset));

src/ia32/stub-cache-ia32.cc

@@ -4359,6 +4359,9 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     __ mov(FieldOperand(edi, FixedDoubleArray::kLengthOffset),
            Immediate(Smi::FromInt(JSArray::kPreallocatedArrayElements)));
 
+    __ StoreNumberToDoubleElements(eax, edi, ecx, ebx, xmm0,
+                                   &transition_elements_kind, true);
+
     for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
       int offset = FixedDoubleArray::OffsetOfElementAt(i);
       __ mov(FieldOperand(edi, offset), Immediate(kHoleNanLower32));
@@ -4366,9 +4369,6 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
              Immediate(kHoleNanUpper32));
     }
 
-    __ StoreNumberToDoubleElements(eax, edi, ecx, ebx, xmm0,
-                                   &transition_elements_kind, true);
-
     // Install the new backing store in the JSArray.
     __ mov(FieldOperand(edx, JSObject::kElementsOffset), edi);
     __ RecordWriteField(edx, JSObject::kElementsOffset, edi, ebx,

src/x64/stub-cache-x64.cc

@@ -4108,16 +4108,16 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     __ Move(FieldOperand(rdi, FixedDoubleArray::kLengthOffset),
             Smi::FromInt(JSArray::kPreallocatedArrayElements));
 
-    __ movq(r8, BitCast<int64_t, uint64_t>(kHoleNanInt64), RelocInfo::NONE);
-    for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
-      __ movq(FieldOperand(rdi, FixedDoubleArray::OffsetOfElementAt(i)), r8);
-    }
-
     // Increment the length of the array.
     __ SmiToInteger32(rcx, rcx);
     __ StoreNumberToDoubleElements(rax, rdi, rcx, xmm0,
                                    &restore_key_transition_elements_kind);
 
+    __ movq(r8, BitCast<int64_t, uint64_t>(kHoleNanInt64), RelocInfo::NONE);
+    for (int i = 1; i < JSArray::kPreallocatedArrayElements; i++) {
+      __ movq(FieldOperand(rdi, FixedDoubleArray::OffsetOfElementAt(i)), r8);
+    }
+
     // Install the new backing store in the JSArray.
     __ movq(FieldOperand(rdx, JSObject::kElementsOffset), rdi);
     __ RecordWriteField(rdx, JSObject::kElementsOffset, rdi, rbx,