Fix crashes on x64 with smi-only arrays active.

Review URL: https://chromiumcodereview.appspot.com/9384002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix crashes on x64 with smi-only arrays active.
Review URL: https://chromiumcodereview.appspot.com/9384002 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@10672 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e74b5731 · yangguo@chromium.org · 581b7e6e · e74b5731
Commit e74b5731 authored Feb 10, 2012 by yangguo@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

stub-cache-x64.cc src/x64/stub-cache-x64.cc +3 -3

No files found.
--- a/src/x64/stub-cache-x64.cc
+++ b/src/x64/stub-cache-x64.cc
@@ -1384,19 +1384,19 @@ Handle<Code> CallStubCompiler::CompileArrayPushCall(
        __ CheckFastSmiOnlyElements(rbx, &call_builtin);
        // rdx: receiver
        // rbx: map
+        __ movq(r9, rdi);  // Backup rdi as it is going to be trashed.
        __ LoadTransitionedArrayMapConditional(FAST_SMI_ONLY_ELEMENTS,
                                               FAST_ELEMENTS,
                                               rbx,
-                                               r10,
+                                               rdi,
                                               &call_builtin);
        ElementsTransitionGenerator::GenerateSmiOnlyToObject(masm());
+        __ movq(rdi, r9);
        __ bind(&fast_object);
      } else {
        __ CheckFastObjectElements(rbx, &call_builtin);
      }

-      __ CheckFastObjectElements(rbx, &call_builtin);
-
      // Save new length.
      __ Integer32ToSmiField(FieldOperand(rdx, JSArray::kLengthOffset), rax);