From 284837daa07b29d6a63a748544a90b1f5842ac5c Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@nokia.com>
Date: Mon, 10 Sep 2012 19:10:20 +0200
Subject: Imported WebKit commit 68645295d2e3e09af2c942f092556f06aa5f8b0d
 (http://svn.webkit.org/repository/webkit/trunk@128073)

New snapshot
---
 Source/JavaScriptCore/dfg/DFGRepatch.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'Source/JavaScriptCore/dfg/DFGRepatch.cpp')

diff --git a/Source/JavaScriptCore/dfg/DFGRepatch.cpp b/Source/JavaScriptCore/dfg/DFGRepatch.cpp
index 23e8db03b..1af4999e8 100644
--- a/Source/JavaScriptCore/dfg/DFGRepatch.cpp
+++ b/Source/JavaScriptCore/dfg/DFGRepatch.cpp
@@ -252,8 +252,12 @@ static bool tryCacheGetByID(ExecState* exec, JSValue baseValue, const Identifier
         }
         
         MacroAssembler::JumpList failureCases;
-        
-        failureCases.append(stubJit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(baseGPR, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSArray::s_info)));
+       
+        stubJit.loadPtr(MacroAssembler::Address(baseGPR, JSCell::structureOffset()), scratchGPR); 
+        failureCases.append(stubJit.branchPtr(
+            MacroAssembler::NotEqual, 
+            MacroAssembler::Address(scratchGPR, Structure::classInfoOffset()), 
+            MacroAssembler::TrustedImmPtr(&JSArray::s_info)));
         
         stubJit.loadPtr(MacroAssembler::Address(baseGPR, JSArray::storageOffset()), scratchGPR);
         stubJit.load32(MacroAssembler::Address(scratchGPR, OBJECT_OFFSETOF(ArrayStorage, m_length)), scratchGPR);
-- 
cgit v1.2.1