A register allocation bugfix.

The function that prepares a virtual frame slot for writing (in order
to preserve the copy-on-write semantics of aliased frame elements) can
allocate registers, which may spill one from the frame.  If we're
unlucky, the spilled register can be the source register for the frame
element write.  In that case, ensure we do the write from memory.

Review URL: http://codereview.chromium.org/115125

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1904 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/ia32/virtual-frame-ia32.cc b/src/ia32/virtual-frame-ia32.cc
index 619010b..ff9f60c 100644 (file)
--- a/src/ia32/virtual-frame-ia32.cc
+++ b/src/ia32/virtual-frame-ia32.cc
@@ -623,6 +623,12 @@ void VirtualFrame::StoreToFrameSlotAt(int index) {
 
   InvalidateFrameSlotAt(index);
 
+  // InvalidateFrameSlotAt can potentially change any frame element, due
+  // to spilling registers to allocate temporaries in order to preserve
+  // the copy-on-write semantics of aliased elements.  Reload top from
+  // the frame.
+  top = elements_[top_index];
+
   if (top.is_copy()) {
     // There are two cases based on the relative positions of the
     // stored-to slot and the backing slot of the top element.