Fixes bug where we would occasionally materialize a corrupted object.

runtime/vm/flow_graph_compiler.cc

Index: runtime/vm/flow_graph_compiler.cc
diff --git a/runtime/vm/flow_graph_compiler.cc b/runtime/vm/flow_graph_compiler.cc
index a31718e40554a386c088c45dd502faade07aa222..37f55af3aae97a4e0930f8b16dcbe1459d362afc 100644
--- a/runtime/vm/flow_graph_compiler.cc
+++ b/runtime/vm/flow_graph_compiler.cc
@@ -549,11 +549,18 @@ void FlowGraphCompiler::RecordSafepoint(LocationSummary* locs) {
 }
 
 
-// This function must be in sync with FlowGraphCompiler::RecordSafepoint and
-// FlowGraphCompiler::SaveLiveRegisters.
+// This function must be kept in sync with:
+//
+//     FlowGraphCompiler::RecordSafepoint
+//     FlowGraphCompiler::SaveLiveRegisters
+//     MaterializeObjectInstr::RemapRegisters
+//
 Environment* FlowGraphCompiler::SlowPathEnvironmentFor(
     Instruction* instruction) {
-  if (instruction->env() == NULL) return NULL;
+  if (instruction->env() == NULL) {
+    ASSERT(!is_optimizing());
+    return NULL;
+  }
 
   Environment* env = instruction->env()->DeepCopy();
   // 1. Iterate the registers in the order they will be spilled to compute
@@ -611,9 +618,16 @@ Environment* FlowGraphCompiler::SlowPathEnvironmentFor(
         default:
           UNREACHABLE();
       }
+    } else if (loc.IsInvalid()) {
+      Definition* def =
+          it.CurrentValue()->definition();
+      ASSERT(def != NULL);
+      if (def->IsMaterializeObject()) {
+        def->AsMaterializeObject()->RemapRegisters(fpu_reg_slots,
+                                                   cpu_reg_slots);
+      }
     }
   }
-
   return env;
 }