From ad26e71ad1d9b02e25753c72b344aeb16aaa508f Mon Sep 17 00:00:00 2001
From: John Alanbrook <john@pockle.world>
Date: Tue, 17 Feb 2026 13:27:08 -0600
Subject: [PATCH] fix push array on itself

---
 qbe_emit.cm          | 12 +++++++++---
 source/qbe_helpers.c |  3 ++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/qbe_emit.cm b/qbe_emit.cm
index 31ad9b04..c0f24deb 100644
--- a/qbe_emit.cm
+++ b/qbe_emit.cm
@@ -517,13 +517,19 @@ ${alloc_tail("%r")}
 ${alloc_tail("%r")}
 }`
 
-  // push(ctx, fp, arr_slot, val_slot) — no dest write
+  // push(ctx, fp, arr_slot, val_slot) — write back arr in case GC moved it
   h[] = `export function l $__push_ss(l %ctx, l %fp, l %arr_slot, l %val_slot) {
 @entry
 ${sr("a", "%arr_slot")}
 ${sr("b", "%val_slot")}
-  call $cell_rt_push(l %ctx, l %a, l %b)
-${alloc_tail_nw()}
+  %r =l call $cell_rt_push(l %ctx, l %a, l %b)
+  %fp2 =l call $cell_rt_refresh_fp_checked(l %ctx)
+  jnz %fp2, @ok, @exc
+@ok
+${sw("w", "%fp2", "%arr_slot", "%r")}
+  ret %fp2
+@exc
+  ret 0
 }`
 
   // pop(ctx, fp, dest, arr_slot)
diff --git a/source/qbe_helpers.c b/source/qbe_helpers.c
index 08e30425..b9ab5bb0 100644
--- a/source/qbe_helpers.c
+++ b/source/qbe_helpers.c
@@ -573,8 +573,9 @@ JSValue cell_rt_goinvoke(JSContext *ctx, JSValue frame_val) {
 
 /* --- Array push/pop --- */
 
-void cell_rt_push(JSContext *ctx, JSValue arr, JSValue val) {
+JSValue cell_rt_push(JSContext *ctx, JSValue arr, JSValue val) {
   JS_ArrayPush(ctx, &arr, val);
+  return arr;
 }
 
 JSValue cell_rt_pop(JSContext *ctx, JSValue arr) {