Comment 10 for bug 1471949

Here's the disassembly from a good build with vanilla gcc 4.8.4. It's basically identical, but it contains 3 extra instructions that are missing from the broken build.

   0xf57fe991 <+1729>: mov 0xa0(%ebp),%edx
   0xf57fe997 <+1735>: mov 0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe99e <+1742>: add $0x18,%edx
   0xf57fe9a1 <+1745>: cmpl $0xfe,0x28(%esp) // Compare |hops| with 254 (FREE_LEVEL - 1)
   0xf57fe9a9 <+1753>: mov %al,0x2(%esi) // Calls pn->SetOp(op)
   0xf57fe9ac <+1756>: mov 0x34(%esp),%eax // %eax now contains |slot|
   0xf57fe9b0 <+1760>: ja 0xf57fea10 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1856> // Jump if |hops| > 254
   0xf57fe9b2 <+1762>: cmp $0xffffff,%eax // Compare |slot| with 0xffffff
   0xf57fe9b7 <+1767>: ja 0xf57fe9f9 <js::frontend::BytecodeEmitter::tryConvertFreeName(js::frontend::ParseNode*)+1833> // Jump if |slot| > 0xffffff
   0xf57fe9b9 <+1769>: mov 0x84(%esp),%esi // %esi now points to |pn|
   0xf57fe9c0 <+1776>: shl $0x8,%eax // Left shift new |slot| value by 8-bits

// These next 3 instructions are missing in the broken build
   0xf57fe9c3 <+1779>: mov $0x1,%edi
   0xf57fe9c8 <+1784>: movzbl 0x28(%esp),%edx // %edx now contains |hops|
   0xf57fe9cd <+1789>: mov %dl,0x20(%esi) // Save |hops| in to |level_| in pn->pn_u.name.cookie

   0xf57fe9d0 <+1792>: mov %eax,%edx // %edx now contains |slot|
   0xf57fe9d2 <+1794>: movzbl 0x20(%esi),%eax // Load |level_| from pn->pn_u.name.cookie in to %eax
   0xf57fe9d6 <+1798>: or %edx,%eax // %eax now contains the bitwise-OR of |level_| and new |slot| value
   0xf57fe9d8 <+1800>: mov %eax,0x20(%esi) // Save the new values to |level_| and |slot_| in pn->pn_u.name.cookie