From de772054904054af077d6f448681810e8cc1520d Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Tue, 20 Apr 2021 17:55:48 +0200
Subject: [PATCH] Fix IR_RENAME snapshot number. Follow-up fix for a32aeadc.

Reported by Victor Bombi, analyzed by XmiliaH. Thanks!
---
 src/lj_asm.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/lj_asm.c b/src/lj_asm.c
index db180315..8dfe4dd0 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -697,7 +697,14 @@ static void ra_rename(ASMState *as, Reg down, Reg up)
   RA_DBGX((as, "rename    $f $r $r", regcost_ref(as->cost[up]), down, up));
   emit_movrr(as, ir, down, up);  /* Backwards codegen needs inverse move. */
   if (!ra_hasspill(IR(ref)->s)) {  /* Add the rename to the IR. */
-    ra_addrename(as, down, ref, as->snapno);
+    /*
+    ** The rename is effective at the subsequent (already emitted) exit
+    ** branch. This is for the current snapshot (as->snapno). Except if we
+    ** haven't yet allocated any refs for the snapshot (as->snapalloc == 1),
+    ** then it belongs to the next snapshot.
+    ** See also the discussion at asm_snap_checkrename().
+    */
+    ra_addrename(as, down, ref, as->snapno + as->snapalloc);
   }
 }