ARM: Ensure reload of elements pointer in StoreFastDoubleElement stub

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-125515.js
BUG=chromium:125515

Review URL: https://chromiumcodereview.appspot.com/10298010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index 1cd0e65..40ee585 100644 (file)
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -4475,6 +4475,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     // Increment the length of the array.
     __ mov(length_reg, Operand(Smi::FromInt(1)));
     __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));
+    __ ldr(elements_reg,
+           FieldMemOperand(receiver_reg, JSObject::kElementsOffset));
     __ jmp(&finish_store);
 
     __ bind(&check_capacity);