The DFG JIT speculation failure code is quite optimized, and quite complicated. One special case that it detects, and handles in an efficient way, is where the speculative path would have placed node A in register R1 and node B in register R2, whilst the non-speculative path reversed them: node A in R2, B in R1. Special care must be taken, however, if speculative represents node A (i.e. R1) as an unboxed integer while non-speculative represents node A (i.e. R2) as a boxed integer. This is where the DFG will currently fail. Instead of asking if R1 in speculative has a different register format than R2 in non-speculative, it compares the register formats of R1 in speculative with R1 in non-speculative, despite the fact that R1 is associated with different nodes in the two paths. This may make the speculation failure code miss cases where register formats need to be converted, and in other cases may perform a conversion on the wrong register, thereby causing two register to be corrupt: the one on which an incorrect conversion was performed, and the one on which no conversion was performed.