Bug 1267557 part 0 - Move JS poison constants to jsutil.h. r=jonco a=ritu
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 28 Apr 2016 13:38:05 +0200
changeset 325268 507d849ea8f4ffc8cd51550d6c86b85b3faed05b
parent 325267 f996c47e3cfeb190bc4a928f1e605ddcb29a70d4
child 325269 6a5cce6346182ab8a8088983c680f86d0a20d132
push idunknown
push userunknown
push dateunknown
reviewersjonco, ritu
bugs1267557
milestone47.0
Bug 1267557 part 0 - Move JS poison constants to jsutil.h. r=jonco a=ritu
js/public/Utility.h
js/src/gc/Marking.cpp
js/src/jsutil.h
--- a/js/public/Utility.h
+++ b/js/public/Utility.h
@@ -29,32 +29,16 @@
 namespace JS {}
 
 /* The mozilla-shared reusable template/utility namespace. */
 namespace mozilla {}
 
 /* The private JS engine namespace. */
 namespace js {}
 
-/*
- * Patterns used by SpiderMonkey to overwrite unused memory. If you are
- * accessing an object with one of these pattern, you probably have a dangling
- * pointer.
- */
-#define JS_FRESH_NURSERY_PATTERN 0x2F
-#define JS_SWEPT_NURSERY_PATTERN 0x2B
-#define JS_ALLOCATED_NURSERY_PATTERN 0x2D
-#define JS_FRESH_TENURED_PATTERN 0x4F
-#define JS_MOVED_TENURED_PATTERN 0x49
-#define JS_SWEPT_TENURED_PATTERN 0x4B
-#define JS_ALLOCATED_TENURED_PATTERN 0x4D
-#define JS_EMPTY_STOREBUFFER_PATTERN 0x1B
-#define JS_SWEPT_CODE_PATTERN 0x3B
-#define JS_SWEPT_FRAME_PATTERN 0x5B
-
 #define JS_STATIC_ASSERT(cond)           static_assert(cond, "JS_STATIC_ASSERT")
 #define JS_STATIC_ASSERT_IF(cond, expr)  MOZ_STATIC_ASSERT_IF(cond, expr, "JS_STATIC_ASSERT_IF")
 
 extern MOZ_NORETURN MOZ_COLD JS_PUBLIC_API(void)
 JS_Assert(const char* s, const char* file, int ln);
 
 /*
  * Custom allocator support for SpiderMonkey
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -120,20 +120,20 @@ template<typename T>
 static inline bool
 IsThingPoisoned(T* thing)
 {
     const uint8_t poisonBytes[] = {
         JS_FRESH_NURSERY_PATTERN,
         JS_SWEPT_NURSERY_PATTERN,
         JS_ALLOCATED_NURSERY_PATTERN,
         JS_FRESH_TENURED_PATTERN,
+        JS_MOVED_TENURED_PATTERN,
         JS_SWEPT_TENURED_PATTERN,
         JS_ALLOCATED_TENURED_PATTERN,
-        JS_SWEPT_CODE_PATTERN,
-        JS_SWEPT_FRAME_PATTERN
+        JS_SWEPT_CODE_PATTERN
     };
     const int numPoisonBytes = sizeof(poisonBytes) / sizeof(poisonBytes[0]);
     uint32_t* p = reinterpret_cast<uint32_t*>(reinterpret_cast<FreeSpan*>(thing) + 1);
     // Note: all free patterns are odd to make the common, not-poisoned case a single test.
     if ((*p & 1) == 0)
         return false;
     for (int i = 0; i < numPoisonBytes; ++i) {
         const uint8_t pb = poisonBytes[i];
--- a/js/src/jsutil.h
+++ b/js/src/jsutil.h
@@ -309,16 +309,32 @@ static MOZ_ALWAYS_INLINE void
 PodSet(T* aDst, T aSrc, size_t aNElem)
 {
     for (const T* dstend = aDst + aNElem; aDst < dstend; ++aDst)
         *aDst = aSrc;
 }
 
 } /* namespace mozilla */
 
+/*
+ * Patterns used by SpiderMonkey to overwrite unused memory. If you are
+ * accessing an object with one of these pattern, you probably have a dangling
+ * pointer.
+ *
+ * Note: new patterns should also be added to the array in IsThingPoisoned!
+ */
+#define JS_FRESH_NURSERY_PATTERN 0x2F
+#define JS_SWEPT_NURSERY_PATTERN 0x2B
+#define JS_ALLOCATED_NURSERY_PATTERN 0x2D
+#define JS_FRESH_TENURED_PATTERN 0x4F
+#define JS_MOVED_TENURED_PATTERN 0x49
+#define JS_SWEPT_TENURED_PATTERN 0x4B
+#define JS_ALLOCATED_TENURED_PATTERN 0x4D
+#define JS_SWEPT_CODE_PATTERN 0x3B
+
 static inline void*
 Poison(void* ptr, uint8_t value, size_t num)
 {
     static bool disablePoison = bool(getenv("JSGC_DISABLE_POISONING"));
     if (disablePoison)
         return ptr;
 
     // Without a valid Value tag, a poisoned Value may look like a valid