From eb059173234402ed682302e4bd664f1494b594d1 Mon Sep 17 00:00:00 2001
From: "danno@chromium.org"
 <danno@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Thu, 3 May 2012 07:09:17 +0000
Subject: [PATCH] ARM: Ensure reload of elements pointer in
 StoreFastDoubleElement stub

R=mstarzinger@chromium.org
TEST=test/mjsunit/regress/regress-125515.js
BUG=chromium:125515

Review URL: https://chromiumcodereview.appspot.com/10298010

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11483 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/arm/stub-cache-arm.cc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/arm/stub-cache-arm.cc b/src/arm/stub-cache-arm.cc
index 1cd0e655ee..40ee585d67 100644
--- a/src/arm/stub-cache-arm.cc
+++ b/src/arm/stub-cache-arm.cc
@@ -4475,6 +4475,8 @@ void KeyedStoreStubCompiler::GenerateStoreFastDoubleElement(
     // Increment the length of the array.
     __ mov(length_reg, Operand(Smi::FromInt(1)));
     __ str(length_reg, FieldMemOperand(receiver_reg, JSArray::kLengthOffset));
+    __ ldr(elements_reg,
+           FieldMemOperand(receiver_reg, JSObject::kElementsOffset));
     __ jmp(&finish_store);
 
     __ bind(&check_capacity);