Eliot Miranda uploaded a new version of VMMaker to project VM Maker:
http://source.squeak.org/VMMaker/VMMaker.oscog-eem.1696.mcz

==================== Summary ====================

Name: VMMaker.oscog-eem.1696
Author: eem
Time: 23 February 2016, 4:35:02.71435 pm
UUID: 4db47df6-c329-44ca-a255-7483a9cac28f
Ancestors: VMMaker.oscog-tfel.1695

Fix serious bug in jitted perform: primitive.  Thanks to Stéphane Ducasse for finding and to Levente Uzoni for diagnosing

the bug.  If the argument count is one greater than the max number of register aerguments (2 in Spur, hence perform:with:with:) then the code to remove the receiver and arguments from the stack forgot to remove the receiver and selector.

=============== Diff against VMMaker.oscog-tfel.1695 ===============

Item was changed:
  ----- Method: StackToRegisterMappingCogit>>adjustArgumentsForPerform: (in category 'primitive generators') -----
  adjustArgumentsForPerform: numArgs
        "Generate code to adjust the possibly stacked arguments immediately
         before jumping to a method looked up by a perform primitive."
        self assert: self numRegArgs <= 2.
        self assert: numArgs >= 1.
        numArgs <= self numRegArgs ifTrue:
                [numArgs = 2 ifTrue:
                        [self MoveR: Arg1Reg R: Arg0Reg].
                 ^self].

+       "If the arity is one more than the max numRegArgs, the receiver and all arguments have to be removed from the stack."
        self numRegArgs + 1 = numArgs ifTrue:
                [backEnd hasLinkRegister
                        ifTrue:
+                               [self numRegArgs = 2
+                                       ifTrue:
+                                               [self MoveMw: 0 r: SPReg R: Arg1Reg.
+                                                self MoveMw: objectMemory wordSize r: SPReg R: Arg0Reg]
+                                       ifFalse:
+                                               [self MoveMw: 0 r: SPReg R: Arg0Reg].
+                                self AddCq: numArgs + 1 * objectMemory wordSize R: SPReg]
-                               [self numRegArgs = 2 ifTrue:
-                                       [self PopR: Arg1Reg].
-                                self PopR: Arg0Reg]
                        ifFalse:
+                               [self MoveMw: 0 r: SPReg R: TempReg. "save retpc"
+                                self numRegArgs = 2
+                                       ifTrue:
+                                               [self MoveMw: objectMemory wordSize r: SPReg R: Arg1Reg.
+                                                self MoveMw: objectMemory wordSize * 2 r: SPReg R: Arg0Reg]
+                                       ifFalse:
+                                               [self MoveMw: objectMemory wordSize r: SPReg R: Arg0Reg].
+                                self AddCq: numArgs + 1 * objectMemory wordSize R: SPReg.
+                                self MoveR: TempReg Mw: 0 r: SPReg "Overwrite pushed receiver; ReceiverResultReg already contains receiver."].
-                               [self PopR: TempReg. "save retpc"
-                                self numRegArgs = 2 ifTrue:
-                                       [self PopR: Arg1Reg].
-                                self MoveMw: 0 r: SPReg R: Arg0Reg.
-                                self MoveR: TempReg Mw: 0 r: SPReg].
                 ^self].

        "e.g.   Receiver                                Receiver
                        Selector/Arg0   =>              Arg1
                        Arg1                                    Arg2
                        Arg2                    sp->    Arg3
         sp->   Arg3"
        super adjustArgumentsForPerform: numArgs!