From 88d16d7efa8d2c050a501a3546b50523887049ac Mon Sep 17 00:00:00 2001
From: Jan de Mooij <jdemooij@mozilla.com>
Date: Thu, 28 Apr 2016 13:38:05 +0200
Subject: [PATCH] Bug 1267557 part 0 - Move JS poison constants to jsutil.h.
 r=jonco

---
 js/public/Utility.h   | 16 ----------------
 js/src/gc/Marking.cpp |  4 ++--
 js/src/jsutil.h       | 16 ++++++++++++++++
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/js/public/Utility.h b/js/public/Utility.h
index 3575ed43fbd6..488728552dfe 100644
--- a/js/public/Utility.h
+++ b/js/public/Utility.h
@@ -35,22 +35,6 @@ namespace mozilla {}
 /* The private JS engine namespace. */
 namespace js {}
 
-/*
- * Patterns used by SpiderMonkey to overwrite unused memory. If you are
- * accessing an object with one of these pattern, you probably have a dangling
- * pointer.
- */
-#define JS_FRESH_NURSERY_PATTERN 0x2F
-#define JS_SWEPT_NURSERY_PATTERN 0x2B
-#define JS_ALLOCATED_NURSERY_PATTERN 0x2D
-#define JS_FRESH_TENURED_PATTERN 0x4F
-#define JS_MOVED_TENURED_PATTERN 0x49
-#define JS_SWEPT_TENURED_PATTERN 0x4B
-#define JS_ALLOCATED_TENURED_PATTERN 0x4D
-#define JS_EMPTY_STOREBUFFER_PATTERN 0x1B
-#define JS_SWEPT_CODE_PATTERN 0x3B
-#define JS_SWEPT_FRAME_PATTERN 0x5B
-
 #define JS_STATIC_ASSERT(cond)           static_assert(cond, "JS_STATIC_ASSERT")
 #define JS_STATIC_ASSERT_IF(cond, expr)  MOZ_STATIC_ASSERT_IF(cond, expr, "JS_STATIC_ASSERT_IF")
 
diff --git a/js/src/gc/Marking.cpp b/js/src/gc/Marking.cpp
index c97412ec992c..b0642cdbd139 100644
--- a/js/src/gc/Marking.cpp
+++ b/js/src/gc/Marking.cpp
@@ -126,10 +126,10 @@ IsThingPoisoned(T* thing)
         JS_SWEPT_NURSERY_PATTERN,
         JS_ALLOCATED_NURSERY_PATTERN,
         JS_FRESH_TENURED_PATTERN,
+        JS_MOVED_TENURED_PATTERN,
         JS_SWEPT_TENURED_PATTERN,
         JS_ALLOCATED_TENURED_PATTERN,
-        JS_SWEPT_CODE_PATTERN,
-        JS_SWEPT_FRAME_PATTERN
+        JS_SWEPT_CODE_PATTERN
     };
     const int numPoisonBytes = sizeof(poisonBytes) / sizeof(poisonBytes[0]);
     uint32_t* p = reinterpret_cast<uint32_t*>(reinterpret_cast<FreeSpan*>(thing) + 1);
diff --git a/js/src/jsutil.h b/js/src/jsutil.h
index 87ab63b88c18..fa24d851ee89 100644
--- a/js/src/jsutil.h
+++ b/js/src/jsutil.h
@@ -314,6 +314,22 @@ PodSet(T* aDst, T aSrc, size_t aNElem)
 
 } /* namespace mozilla */
 
+/*
+ * Patterns used by SpiderMonkey to overwrite unused memory. If you are
+ * accessing an object with one of these pattern, you probably have a dangling
+ * pointer.
+ *
+ * Note: new patterns should also be added to the array in IsThingPoisoned!
+ */
+#define JS_FRESH_NURSERY_PATTERN 0x2F
+#define JS_SWEPT_NURSERY_PATTERN 0x2B
+#define JS_ALLOCATED_NURSERY_PATTERN 0x2D
+#define JS_FRESH_TENURED_PATTERN 0x4F
+#define JS_MOVED_TENURED_PATTERN 0x49
+#define JS_SWEPT_TENURED_PATTERN 0x4B
+#define JS_ALLOCATED_TENURED_PATTERN 0x4D
+#define JS_SWEPT_CODE_PATTERN 0x3B
+
 static inline void*
 Poison(void* ptr, uint8_t value, size_t num)
 {