ARM: Ensure reload of elements pointer in StoreFastDoubleElement stub

R=mstarzinger@chromium.org TEST=test/mjsunit/regress/regress-125515.js BUG=chromium:125515 Review URL: https://chromiumcodereview.appspot.com/10298010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

ARM: Ensure reload of elements pointer in StoreFastDoubleElement stub
R=mstarzinger@chromium.org TEST=test/mjsunit/regress/regress-125515.js BUG=chromium:125515 Review URL: https://chromiumcodereview.appspot.com/10298010 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
eb059173 · danno@chromium.org · cb8df6e6 · eb059173
Commit eb059173 authored May 03, 2012 by danno@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

stub-cache-arm.cc src/arm/stub-cache-arm.cc +2 -0

No files found.
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -4475,6 +4475,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
    // Increment the length of the array.
    __ mov(length_reg, Operand(Smi::FromInt(1)));
    __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));
+    __ ldr(elements_reg,
+           FieldMemOperand(receiver_reg, JSObject::kElementsOffset));
    __ jmp(&finish_store);

    __ bind(&check_capacity);