X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/4be4e30906bcb8ee30b4d189205cb70bad6707ce..81345200c95645a1b0d2635520f96ad55dfde63f:/dfg/DFGArrayifySlowPathGenerator.h

diff --git a/dfg/DFGArrayifySlowPathGenerator.h b/dfg/DFGArrayifySlowPathGenerator.h
index 7647ed4..6d54b01 100644
--- a/dfg/DFGArrayifySlowPathGenerator.h
+++ b/dfg/DFGArrayifySlowPathGenerator.h
@@ -26,8 +26,6 @@
 #ifndef DFGArrayifySlowPathGenerator_h
 #define DFGArrayifySlowPathGenerator_h
 
-#include <wtf/Platform.h>
-
 #if ENABLE(DFG_JIT)
 
 #include "DFGArrayMode.h"
@@ -63,17 +61,17 @@ public:
             case Array::Int32:
             case Array::Double:
             case Array::Contiguous:
-                m_badPropertyJump = jit->backwardSpeculationCheck(Uncountable, JSValueRegs(), 0);
+                m_badPropertyJump = jit->speculationCheck(Uncountable, JSValueRegs(), 0);
                 break;
             default:
                 break;
             }
         }
-        m_badIndexingTypeJump = jit->backwardSpeculationCheck(BadIndexingType, JSValueSource::unboxedCell(m_baseGPR), 0);
+        m_badIndexingTypeJump = jit->speculationCheck(BadIndexingType, JSValueSource::unboxedCell(m_baseGPR), 0);
     }
     
 protected:
-    void generateInternal(SpeculativeJIT* jit)
+    virtual void generateInternal(SpeculativeJIT* jit) override
     {
         linkFrom(jit);
         
@@ -122,23 +120,14 @@ protected:
         if (m_op == ArrayifyToStructure) {
             ASSERT(m_structure);
             m_badIndexingTypeJump.fill(
-                jit, jit->m_jit.branchWeakPtr(
-                    MacroAssembler::NotEqual,
-                    MacroAssembler::Address(m_baseGPR, JSCell::structureOffset()),
-                    m_structure));
+                jit, jit->m_jit.branchWeakStructure(MacroAssembler::NotEqual, MacroAssembler::Address(m_baseGPR, JSCell::structureIDOffset()), m_structure));
         } else {
-            // Alas, we need to reload the structure because silent spilling does not save
-            // temporaries. Nor would it be useful for it to do so. Either way we're talking
-            // about a load.
-            jit->m_jit.loadPtr(
-                MacroAssembler::Address(m_baseGPR, JSCell::structureOffset()), m_structureGPR);
-            
             // Finally, check that we have the kind of array storage that we wanted to get.
             // Note that this is a backwards speculation check, which will result in the 
             // bytecode operation corresponding to this arrayification being reexecuted.
             // That's fine, since arrayification is not user-visible.
             jit->m_jit.load8(
-                MacroAssembler::Address(m_structureGPR, Structure::indexingTypeOffset()), m_structureGPR);
+                MacroAssembler::Address(m_baseGPR, JSCell::indexingTypeOffset()), m_structureGPR);
             m_badIndexingTypeJump.fill(
                 jit, jit->jumpSlowForUnwantedArrayMode(m_structureGPR, m_arrayMode));
         }