Unreviewed, rolling out r246322.
https://bugs.webkit.org/show_bug.cgi?id=198796
"It's a huge page load regression on iOS" (Requested by
saamyjoon on #webkit).
Reverted changeset:
"Roll out PAC cage"
https://bugs.webkit.org/show_bug.cgi?id=198726
https://trac.webkit.org/changeset/246322
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@246368 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp b/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
index cae39e9..1a6b432 100644
--- a/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
+++ b/Source/JavaScriptCore/jit/IntrinsicEmitter.cpp
@@ -114,8 +114,14 @@
jit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::butterflyOffset()), scratchGPR);
jit.loadPtr(MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfVector()), valueGPR);
+#if CPU(ARM64E)
+ jit.removeArrayPtrTag(valueGPR);
+#endif
jit.loadPtr(MacroAssembler::Address(scratchGPR, Butterfly::offsetOfArrayBuffer()), scratchGPR);
jit.loadPtr(MacroAssembler::Address(scratchGPR, ArrayBuffer::offsetOfData()), scratchGPR);
+#if CPU(ARM64E)
+ jit.removeArrayPtrTag(scratchGPR);
+#endif
jit.subPtr(scratchGPR, valueGPR);
CCallHelpers::Jump done = jit.jump();
