<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[242472] releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/242472">242472</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2019-03-05 09:21:03 -0800 (Tue, 05 Mar 2019)</dd>
</dl>

<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/242100">r242100</a> - Unpoison MacroAssemblerCodePtr, ClassInfo pointers, and a few other things.
https://bugs.webkit.org/show_bug.cgi?id=195039

Reviewed by Saam Barati.

1. Unpoison MacroAssemblerCodePtrs, ReturnAddressPtr.
2. Replace PoisonedClassInfoPtr with ClassInfo*.
3. Replace PoisonedMasmPtr with const void*.
4. Remove all references to CodeBlockPoison, JITCodePoison, and GlobalDataPoison.

* API/JSCallbackObject.h:
* API/JSObjectRef.cpp:
(classInfoPrivate):
* assembler/MacroAssemblerCodeRef.h:
(JSC::FunctionPtr::FunctionPtr):
(JSC::FunctionPtr::executableAddress const):
(JSC::FunctionPtr::retaggedExecutableAddress const):
(JSC::ReturnAddressPtr::ReturnAddressPtr):
(JSC::ReturnAddressPtr::value const):
(JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
(JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
(JSC::MacroAssemblerCodePtr:: const):
(JSC::MacroAssemblerCodePtr::operator! const):
(JSC::MacroAssemblerCodePtr::operator== const):
(JSC::MacroAssemblerCodePtr::hash const):
(JSC::MacroAssemblerCodePtr::emptyValue):
(JSC::MacroAssemblerCodePtr::deletedValue):
(JSC::FunctionPtr<tag>::FunctionPtr):
(JSC::MacroAssemblerCodePtr::poisonedPtr const): Deleted.
* b3/B3LowerMacros.cpp:
* b3/testb3.cpp:
(JSC::B3::testInterpreter):
* dfg/DFGOSRExitCompilerCommon.h:
(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::SpeculativeJIT::compileNewStringObject):
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
(JSC::DFG::SpeculativeJIT::emitSwitchImm):
(JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
(JSC::DFG::SpeculativeJIT::emitSwitchChar):
* dfg/DFGSpeculativeJIT.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitAllocateDestructibleObject):
* jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::boundThisNoArgsFunctionCallGenerator):
* runtime/JSCPoison.h:
* runtime/JSDestructibleObject.h:
(JSC::JSDestructibleObject::classInfo const):
* runtime/JSSegmentedVariableObject.h:
(JSC::JSSegmentedVariableObject::classInfo const):
* runtime/Structure.h:
* runtime/VM.h:
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::addCall):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreAPIJSCallbackObjecth">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSCallbackObject.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreAPIJSObjectRefcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSObjectRef.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreassemblerMacroAssemblerCodeRefh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreb3B3LowerMacroscpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/B3LowerMacros.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreb3testb3cpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/testb3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGOSRExitCompilerCommonh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreftlFTLLowerDFGToB3cpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorejitAssemblyHelpersh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/AssemblyHelpers.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorejitThunkGeneratorscpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/ThunkGenerators.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSCPoisonh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSCPoison.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSDestructibleObjecth">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSDestructibleObject.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSSegmentedVariableObjecth">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeStructureh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/Structure.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMh">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorewasmWasmB3IRGeneratorcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit224SourceJavaScriptCorewasmWasmBindingcpp">releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmBinding.cpp</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreAPIJSCallbackObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSCallbackObject.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSCallbackObject.h      2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSCallbackObject.h 2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  * Copyright (C) 2007 Eric Seidel <eric@webkit.org>
</span><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -228,7 +228,7 @@
</span><span class="cx">     static EncodedJSValue callbackGetter(ExecState*, EncodedJSValue, PropertyName);
</span><span class="cx"> 
</span><span class="cx">     WTF::PoisonedUniquePtr<JSCallbackObjectPoison, JSCallbackObjectData> m_callbackObjectData;
</span><del>-    PoisonedClassInfoPtr m_classInfo;
</del><ins>+    const ClassInfo* m_classInfo { nullptr };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreAPIJSObjectRefcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSObjectRef.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSObjectRef.cpp 2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/API/JSObjectRef.cpp    2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2006-2017 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2006-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  * Copyright (C) 2008 Kelvin W Sherlock (ksherlock@gmail.com)
</span><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="lines">@@ -551,7 +551,7 @@
</span><span class="cx">     if (vm.currentlyDestructingCallbackObject != jsObject)
</span><span class="cx">         return jsObject->classInfo(vm);
</span><span class="cx"> 
</span><del>-    return vm.currentlyDestructingCallbackObjectClassInfo.unpoisoned();
</del><ins>+    return vm.currentlyDestructingCallbackObjectClassInfo;
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void* JSObjectGetPrivate(JSObjectRef object)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog   2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ChangeLog      2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,70 @@
</span><span class="cx"> 2019-02-26  Mark Lam  <mark.lam@apple.com>
</span><span class="cx"> 
</span><ins>+        Unpoison MacroAssemblerCodePtr, ClassInfo pointers, and a few other things.
+        https://bugs.webkit.org/show_bug.cgi?id=195039
+
+        Reviewed by Saam Barati.
+
+        1. Unpoison MacroAssemblerCodePtrs, ReturnAddressPtr.
+        2. Replace PoisonedClassInfoPtr with ClassInfo*.
+        3. Replace PoisonedMasmPtr with const void*.
+        4. Remove all references to CodeBlockPoison, JITCodePoison, and GlobalDataPoison.
+
+        * API/JSCallbackObject.h:
+        * API/JSObjectRef.cpp:
+        (classInfoPrivate):
+        * assembler/MacroAssemblerCodeRef.h:
+        (JSC::FunctionPtr::FunctionPtr):
+        (JSC::FunctionPtr::executableAddress const):
+        (JSC::FunctionPtr::retaggedExecutableAddress const):
+        (JSC::ReturnAddressPtr::ReturnAddressPtr):
+        (JSC::ReturnAddressPtr::value const):
+        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
+        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
+        (JSC::MacroAssemblerCodePtr:: const):
+        (JSC::MacroAssemblerCodePtr::operator! const):
+        (JSC::MacroAssemblerCodePtr::operator== const):
+        (JSC::MacroAssemblerCodePtr::hash const):
+        (JSC::MacroAssemblerCodePtr::emptyValue):
+        (JSC::MacroAssemblerCodePtr::deletedValue):
+        (JSC::FunctionPtr<tag>::FunctionPtr):
+        (JSC::MacroAssemblerCodePtr::poisonedPtr const): Deleted.
+        * b3/B3LowerMacros.cpp:
+        * b3/testb3.cpp:
+        (JSC::B3::testInterpreter):
+        * dfg/DFGOSRExitCompilerCommon.h:
+        (JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileCheckSubClass):
+        (JSC::DFG::SpeculativeJIT::compileNewStringObject):
+        (JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
+        (JSC::DFG::SpeculativeJIT::emitSwitchImm):
+        (JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
+        (JSC::DFG::SpeculativeJIT::emitSwitchChar):
+        * dfg/DFGSpeculativeJIT.h:
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
+        (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualThunkFor):
+        (JSC::boundThisNoArgsFunctionCallGenerator):
+        * runtime/JSCPoison.h:
+        * runtime/JSDestructibleObject.h:
+        (JSC::JSDestructibleObject::classInfo const):
+        * runtime/JSSegmentedVariableObject.h:
+        (JSC::JSSegmentedVariableObject::classInfo const):
+        * runtime/Structure.h:
+        * runtime/VM.h:
+        * wasm/WasmB3IRGenerator.cpp:
+        (JSC::Wasm::B3IRGenerator::addCall):
+        (JSC::Wasm::B3IRGenerator::addCallIndirect):
+        * wasm/WasmBinding.cpp:
+        (JSC::Wasm::wasmToWasm):
+
+2019-02-26  Mark Lam  <mark.lam@apple.com>
+
</ins><span class="cx">         Misc cleanup in StructureIDTable after r242096.
</span><span class="cx">         https://bugs.webkit.org/show_bug.cgi?id=195063
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreassemblerMacroAssemblerCodeRefh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h   2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h      2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2009-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2009-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -26,7 +26,6 @@
</span><span class="cx"> #pragma once
</span><span class="cx"> 
</span><span class="cx"> #include "ExecutableAllocator.h"
</span><del>-#include "JSCPoison.h"
</del><span class="cx"> #include "JSCPtrTag.h"
</span><span class="cx"> #include <wtf/DataLog.h>
</span><span class="cx"> #include <wtf/PrintStream.h>
</span><span class="lines">@@ -74,7 +73,6 @@
</span><span class="cx">         : m_value(tagCFunctionPtr<void*, tag>(value))
</span><span class="cx">     {
</span><span class="cx">         assertIsNullOrCFunctionPtr(value);
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_NULL_OR_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -87,7 +85,6 @@
</span><span class="cx">         : m_value(tagCFunctionPtr<void*, tag>(value))
</span><span class="cx">     {
</span><span class="cx">         assertIsNullOrCFunctionPtr(value);
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_NULL_OR_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -100,7 +97,6 @@
</span><span class="cx">         : m_value(tagCFunctionPtr<void*, tag>(value))
</span><span class="cx">     {
</span><span class="cx">         assertIsNullOrCFunctionPtr(value);
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_NULL_OR_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -114,7 +110,6 @@
</span><span class="cx">         : m_value(tagCFunctionPtr<void*, tag>(value))
</span><span class="cx">     {
</span><span class="cx">         assertIsNullOrCFunctionPtr(value);
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_NULL_OR_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -130,7 +125,6 @@
</span><span class="cx"> 
</span><span class="cx">     void* executableAddress() const
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         return m_value;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -137,7 +131,6 @@
</span><span class="cx">     template<PtrTag newTag>
</span><span class="cx">     void* retaggedExecutableAddress() const
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         return retagCodePtr<tag, newTag>(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -152,7 +145,6 @@
</span><span class="cx">     explicit FunctionPtr(const FunctionPtr<otherTag>& other)
</span><span class="cx">         : m_value(retagCodePtr<otherTag, tag>(other.executableAddress()))
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_NULL_OR_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -179,7 +171,6 @@
</span><span class="cx">     explicit ReturnAddressPtr(const void* value)
</span><span class="cx">         : m_value(value)
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -187,13 +178,11 @@
</span><span class="cx">     explicit ReturnAddressPtr(FunctionPtr<tag> function)
</span><span class="cx">         : m_value(untagCodePtr<tag>(function.executableAddress()))
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         ASSERT_VALID_CODE_POINTER(m_value);
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     const void* value() const
</span><span class="cx">     {
</span><del>-        PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx">         return m_value;
</span><span class="cx">     }
</span><span class="cx">     
</span><span class="lines">@@ -231,12 +220,11 @@
</span><span class="cx"> #endif
</span><span class="cx">     {
</span><span class="cx">         assertIsTaggedWith(value, tag);
</span><del>-        m_value.assertIsPoisoned();
</del><span class="cx">         ASSERT(value);
</span><span class="cx"> #if CPU(ARM_THUMB2)
</span><span class="cx">         ASSERT(!(reinterpret_cast<uintptr_t>(value) & 1));
</span><span class="cx"> #endif
</span><del>-        ASSERT_VALID_CODE_POINTER(m_value.unpoisoned());
</del><ins>+        ASSERT_VALID_CODE_POINTER(m_value);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     static MacroAssemblerCodePtr createFromExecutableAddress(const void* value)
</span><span class="lines">@@ -245,8 +233,7 @@
</span><span class="cx">         ASSERT_VALID_CODE_POINTER(value);
</span><span class="cx">         assertIsTaggedWith(value, tag);
</span><span class="cx">         MacroAssemblerCodePtr result;
</span><del>-        result.m_value = PoisonedMasmPtr(value);
-        result.m_value.assertIsPoisoned();
</del><ins>+        result.m_value = value;
</ins><span class="cx">         return result;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="lines">@@ -255,12 +242,9 @@
</span><span class="cx">     {
</span><span class="cx">         assertIsNotTagged(ra.value());
</span><span class="cx">         ASSERT(ra.value());
</span><del>-        m_value.assertIsPoisoned();
-        ASSERT_VALID_CODE_POINTER(m_value.unpoisoned());
</del><ins>+        ASSERT_VALID_CODE_POINTER(m_value);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><del>-    PoisonedMasmPtr poisonedPtr() const { return m_value; }
-
</del><span class="cx">     template<PtrTag newTag>
</span><span class="cx">     MacroAssemblerCodePtr<newTag> retagged() const
</span><span class="cx">     {
</span><span class="lines">@@ -272,22 +256,19 @@
</span><span class="cx">     template<typename T = void*>
</span><span class="cx">     T executableAddress() const
</span><span class="cx">     {
</span><del>-        m_value.assertIsPoisoned();
-        return m_value.unpoisoned<T>();
</del><ins>+        return bitwise_cast<T>(m_value);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     template<typename T = void*>
</span><span class="cx">     T untaggedExecutableAddress() const
</span><span class="cx">     {
</span><del>-        m_value.assertIsPoisoned();
-        return untagCodePtr<T, tag>(m_value.unpoisoned());
</del><ins>+        return untagCodePtr<T, tag>(m_value);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     template<PtrTag newTag, typename T = void*>
</span><span class="cx">     T retaggedExecutableAddress() const
</span><span class="cx">     {
</span><del>-        m_value.assertIsPoisoned();
-        return retagCodePtr<T, tag, newTag>(m_value.unpoisoned());
</del><ins>+        return retagCodePtr<T, tag, newTag>(m_value);
</ins><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> #if CPU(ARM_THUMB2)
</span><span class="lines">@@ -295,26 +276,20 @@
</span><span class="cx">     template<typename T = void*>
</span><span class="cx">     T dataLocation() const
</span><span class="cx">     {
</span><del>-        m_value.assertIsPoisoned();
-        ASSERT_VALID_CODE_POINTER(m_value.unpoisoned());
-        return bitwise_cast<T>(m_value ? m_value.unpoisoned<char*>() - 1 : nullptr);
</del><ins>+        ASSERT_VALID_CODE_POINTER(m_value);
+        return bitwise_cast<T>(m_value ? bitwise_cast<char*>(m_value) - 1 : nullptr);
</ins><span class="cx">     }
</span><span class="cx"> #else
</span><span class="cx">     template<typename T = void*>
</span><span class="cx">     T dataLocation() const
</span><span class="cx">     {
</span><del>-        m_value.assertIsPoisoned();
</del><span class="cx">         ASSERT_VALID_CODE_POINTER(m_value);
</span><del>-        return untagCodePtr<T, tag>(m_value.unpoisoned());
</del><ins>+        return untagCodePtr<T, tag>(m_value);
</ins><span class="cx">     }
</span><span class="cx"> #endif
</span><span class="cx"> 
</span><span class="cx">     bool operator!() const
</span><span class="cx">     {
</span><del>-#if ENABLE(POISON_ASSERTS)
-        if (!isEmptyValue() && !isDeletedValue())
-            m_value.assertIsPoisoned();
-#endif
</del><span class="cx">         return !m_value;
</span><span class="cx">     }
</span><span class="cx">     explicit operator bool() const { return !(!*this); }
</span><span class="lines">@@ -321,17 +296,11 @@
</span><span class="cx">     
</span><span class="cx">     bool operator==(const MacroAssemblerCodePtr& other) const
</span><span class="cx">     {
</span><del>-#if ENABLE(POISON_ASSERTS)
-        if (!isEmptyValue() && !isDeletedValue())
-            m_value.assertIsPoisoned();
-        if (!other.isEmptyValue() && !other.isDeletedValue())
-            other.m_value.assertIsPoisoned();
-#endif
</del><span class="cx">         return m_value == other.m_value;
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx">     // Disallow any casting operations (except for booleans). Instead, the client
</span><del>-    // should be asking for poisonedPtr() or executableAddress() explicitly.
</del><ins>+    // should be asking executableAddress() explicitly.
</ins><span class="cx">     template<typename T, typename = std::enable_if_t<!std::is_same<T, bool>::value>>
</span><span class="cx">     operator T() = delete;
</span><span class="cx"> 
</span><span class="lines">@@ -356,15 +325,15 @@
</span><span class="cx">     bool isEmptyValue() const { return m_value == emptyValue(); }
</span><span class="cx">     bool isDeletedValue() const { return m_value == deletedValue(); }
</span><span class="cx"> 
</span><del>-    unsigned hash() const { return IntHash<uintptr_t>::hash(m_value.bits()); }
</del><ins>+    unsigned hash() const { return PtrHash<const void*>::hash(m_value); }
</ins><span class="cx"> 
</span><span class="cx">     static void initialize();
</span><span class="cx"> 
</span><span class="cx"> private:
</span><del>-    static PoisonedMasmPtr emptyValue() { return PoisonedMasmPtr(AlreadyPoisoned, 1); }
-    static PoisonedMasmPtr deletedValue() { return PoisonedMasmPtr(AlreadyPoisoned, 2); }
</del><ins>+    static const void* emptyValue() { return bitwise_cast<void*>(static_cast<intptr_t>(1)); }
+    static const void* deletedValue() { return bitwise_cast<void*>(static_cast<intptr_t>(2)); }
</ins><span class="cx"> 
</span><del>-    PoisonedMasmPtr m_value;
</del><ins>+    const void* m_value { nullptr };
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> template<PtrTag tag>
</span><span class="lines">@@ -488,7 +457,6 @@
</span><span class="cx"> inline FunctionPtr<tag>::FunctionPtr(MacroAssemblerCodePtr<tag> ptr)
</span><span class="cx">     : m_value(ptr.executableAddress())
</span><span class="cx"> {
</span><del>-    PoisonedMasmPtr::assertIsNotPoisoned(m_value);
</del><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreb3B3LowerMacroscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/B3LowerMacros.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/B3LowerMacros.cpp        2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/B3LowerMacros.cpp   2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -507,12 +507,9 @@
</span><span class="cx"> 
</span><span class="cx">                         GPRReg index = params[0].gpr();
</span><span class="cx">                         GPRReg scratch = params.gpScratch(0);
</span><del>-                        GPRReg poisonScratch = params.gpScratch(1);
</del><span class="cx"> 
</span><del>-                        jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), poisonScratch);
</del><span class="cx">                         jit.move(CCallHelpers::TrustedImmPtr(jumpTable), scratch);
</span><span class="cx">                         jit.load64(CCallHelpers::BaseIndex(scratch, index, CCallHelpers::timesPtr()), scratch);
</span><del>-                        jit.xor64(poisonScratch, scratch);
</del><span class="cx">                         jit.jump(scratch, JSSwitchPtrTag);
</span><span class="cx"> 
</span><span class="cx">                         // These labels are guaranteed to be populated before either late paths or
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreb3testb3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/testb3.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/testb3.cpp       2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/b3/testb3.cpp  2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -13369,12 +13369,9 @@
</span><span class="cx">                 params.proc().addDataSection(sizeof(MacroAssemblerCodePtr<B3CompilationPtrTag>) * labels.size()));
</span><span class="cx"> 
</span><span class="cx">             GPRReg scratch = params.gpScratch(0);
</span><del>-            GPRReg poisonScratch = params.gpScratch(1);
</del><span class="cx"> 
</span><span class="cx">             jit.move(CCallHelpers::TrustedImmPtr(jumpTable), scratch);
</span><del>-            jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), poisonScratch);
</del><span class="cx">             jit.load64(CCallHelpers::BaseIndex(scratch, params[0].gpr(), CCallHelpers::timesPtr()), scratch);
</span><del>-            jit.xor64(poisonScratch, scratch);
</del><span class="cx">             jit.jump(scratch, B3CompilationPtrTag);
</span><span class="cx"> 
</span><span class="cx">             jit.addLinkTask(
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGOSRExitCompilerCommonh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h      2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h 2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -87,7 +87,6 @@
</span><span class="cx">     // We need to make sure SP is correct in case of an exception.
</span><span class="cx">     jit.loadPtr(MacroAssembler::Address(GPRInfo::callFrameRegister, CallFrameSlot::codeBlock * static_cast<int>(sizeof(Register))), GPRInfo::regT0);
</span><span class="cx">     jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, CodeBlock::jitCodeOffset()), GPRInfo::regT0);
</span><del>-    jit.xorPtr(MacroAssembler::TrustedImmPtr(CodeBlockPoison::key()), GPRInfo::regT0);
</del><span class="cx">     jit.addPtr(MacroAssembler::TrustedImm32(JITCodeType::commonDataOffset()), GPRInfo::regT0);
</span><span class="cx">     jit.load32(MacroAssembler::Address(GPRInfo::regT0, CommonData::frameRegisterCountOffset()), GPRInfo::regT0);
</span><span class="cx">     // This does virtualRegisterForLocal(frameRegisterCount - 1)*sizeof(Register) where:
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp   2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp      2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -9341,10 +9341,6 @@
</span><span class="cx"> 
</span><span class="cx">         m_jit.emitLoadStructure(*m_jit.vm(), baseGPR, otherGPR, specifiedGPR);
</span><span class="cx">         m_jit.loadPtr(CCallHelpers::Address(otherGPR, Structure::classInfoOffset()), otherGPR);
</span><del>-#if USE(JSVALUE64)
-        m_jit.move(CCallHelpers::TrustedImm64(GlobalDataPoison::key()), specifiedGPR);
-        m_jit.xor64(specifiedGPR, otherGPR);
-#endif
</del><span class="cx">         m_jit.move(CCallHelpers::TrustedImmPtr(node->classInfo()), specifiedGPR);
</span><span class="cx"> 
</span><span class="cx">         CCallHelpers::Label loop = m_jit.label();
</span><span class="lines">@@ -9638,7 +9634,7 @@
</span><span class="cx">         slowPath);
</span><span class="cx">     
</span><span class="cx">     m_jit.storePtr(
</span><del>-        TrustedImmPtr(PoisonedClassInfoPtr(StringObject::info()).bits()),
</del><ins>+        TrustedImmPtr(StringObject::info()),
</ins><span class="cx">         JITCompiler::Address(resultGPR, JSDestructibleObject::classInfoOffset()));
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx">     m_jit.store64(
</span><span class="lines">@@ -10481,7 +10477,7 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void SpeculativeJIT::emitSwitchIntJump(
</span><del>-    SwitchData* data, GPRReg value, GPRReg scratch, GPRReg poisonScratch)
</del><ins>+    SwitchData* data, GPRReg value, GPRReg scratch)
</ins><span class="cx"> {
</span><span class="cx">     SimpleJumpTable& table = m_jit.codeBlock()->switchJumpTable(data->switchTableIndex);
</span><span class="cx">     table.ensureCTITable();
</span><span class="lines">@@ -10489,16 +10485,9 @@
</span><span class="cx">     addBranch(
</span><span class="cx">         m_jit.branch32(JITCompiler::AboveOrEqual, value, Imm32(table.ctiOffsets.size())),
</span><span class="cx">         data->fallThrough.block);
</span><del>-    UNUSED_PARAM(poisonScratch); // Placate the 32-bit build.
-#if USE(JSVALUE64)
-    m_jit.move(TrustedImm64(JITCodePoison::key()), poisonScratch);
-#endif
</del><span class="cx">     m_jit.move(TrustedImmPtr(table.ctiOffsets.begin()), scratch);
</span><span class="cx">     m_jit.loadPtr(JITCompiler::BaseIndex(scratch, value, JITCompiler::timesPtr()), scratch);
</span><span class="cx">     
</span><del>-#if USE(JSVALUE64)
-    m_jit.xor64(poisonScratch, scratch);
-#endif
</del><span class="cx">     m_jit.jump(scratch, JSSwitchPtrTag);
</span><span class="cx">     data->didUseJumpTable = true;
</span><span class="cx"> }
</span><span class="lines">@@ -10509,8 +10498,7 @@
</span><span class="cx">     case Int32Use: {
</span><span class="cx">         SpeculateInt32Operand value(this, node->child1());
</span><span class="cx">         GPRTemporary temp(this);
</span><del>-        GPRTemporary temp2(this);
-        emitSwitchIntJump(data, value.gpr(), temp.gpr(), temp2.gpr());
</del><ins>+        emitSwitchIntJump(data, value.gpr(), temp.gpr());
</ins><span class="cx">         noResult(node);
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="lines">@@ -10518,15 +10506,13 @@
</span><span class="cx">     case UntypedUse: {
</span><span class="cx">         JSValueOperand value(this, node->child1());
</span><span class="cx">         GPRTemporary temp(this);
</span><del>-        GPRTemporary temp2(this);
</del><span class="cx">         JSValueRegs valueRegs = value.jsValueRegs();
</span><span class="cx">         GPRReg scratch = temp.gpr();
</span><del>-        GPRReg scratch2 = temp2.gpr();
</del><span class="cx"> 
</span><span class="cx">         value.use();
</span><span class="cx"> 
</span><span class="cx">         auto notInt32 = m_jit.branchIfNotInt32(valueRegs);
</span><del>-        emitSwitchIntJump(data, valueRegs.payloadGPR(), scratch, scratch2);
</del><ins>+        emitSwitchIntJump(data, valueRegs.payloadGPR(), scratch);
</ins><span class="cx">         notInt32.link(&m_jit);
</span><span class="cx">         addBranch(m_jit.branchIfNotNumber(valueRegs, scratch), data->fallThrough.block);
</span><span class="cx">         silentSpillAllRegisters(scratch);
</span><span class="lines">@@ -10545,7 +10531,7 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void SpeculativeJIT::emitSwitchCharStringJump(
</span><del>-    SwitchData* data, GPRReg value, GPRReg scratch, GPRReg scratch2)
</del><ins>+    SwitchData* data, GPRReg value, GPRReg scratch)
</ins><span class="cx"> {
</span><span class="cx">     addBranch(
</span><span class="cx">         m_jit.branch32(
</span><span class="lines">@@ -10576,7 +10562,7 @@
</span><span class="cx">     m_jit.load8(MacroAssembler::Address(value), scratch);
</span><span class="cx">     
</span><span class="cx">     ready.link(&m_jit);
</span><del>-    emitSwitchIntJump(data, scratch, value, scratch2);
</del><ins>+    emitSwitchIntJump(data, scratch, value);
</ins><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> void SpeculativeJIT::emitSwitchChar(Node* node, SwitchData* data)
</span><span class="lines">@@ -10585,16 +10571,14 @@
</span><span class="cx">     case StringUse: {
</span><span class="cx">         SpeculateCellOperand op1(this, node->child1());
</span><span class="cx">         GPRTemporary temp(this);
</span><del>-        GPRTemporary temp2(this);
</del><span class="cx"> 
</span><span class="cx">         GPRReg op1GPR = op1.gpr();
</span><span class="cx">         GPRReg tempGPR = temp.gpr();
</span><del>-        GPRReg temp2GPR = temp2.gpr();
</del><span class="cx"> 
</span><span class="cx">         op1.use();
</span><span class="cx"> 
</span><span class="cx">         speculateString(node->child1(), op1GPR);
</span><del>-        emitSwitchCharStringJump(data, op1GPR, tempGPR, temp2GPR);
</del><ins>+        emitSwitchCharStringJump(data, op1GPR, tempGPR);
</ins><span class="cx">         noResult(node, UseChildrenCalledExplicitly);
</span><span class="cx">         break;
</span><span class="cx">     }
</span><span class="lines">@@ -10602,11 +10586,9 @@
</span><span class="cx">     case UntypedUse: {
</span><span class="cx">         JSValueOperand op1(this, node->child1());
</span><span class="cx">         GPRTemporary temp(this);
</span><del>-        GPRTemporary temp2(this);
</del><span class="cx"> 
</span><span class="cx">         JSValueRegs op1Regs = op1.jsValueRegs();
</span><span class="cx">         GPRReg tempGPR = temp.gpr();
</span><del>-        GPRReg temp2GPR = temp2.gpr();
</del><span class="cx"> 
</span><span class="cx">         op1.use();
</span><span class="cx">         
</span><span class="lines">@@ -10614,7 +10596,7 @@
</span><span class="cx">         
</span><span class="cx">         addBranch(m_jit.branchIfNotString(op1Regs.payloadGPR()), data->fallThrough.block);
</span><span class="cx">         
</span><del>-        emitSwitchCharStringJump(data, op1Regs.payloadGPR(), tempGPR, temp2GPR);
</del><ins>+        emitSwitchCharStringJump(data, op1Regs.payloadGPR(), tempGPR);
</ins><span class="cx">         noResult(node, UseChildrenCalledExplicitly);
</span><span class="cx">         break;
</span><span class="cx">     }
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h     2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h        2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -1236,9 +1236,9 @@
</span><span class="cx">         BasicBlock* target;
</span><span class="cx">     };
</span><span class="cx">     
</span><del>-    void emitSwitchIntJump(SwitchData*, GPRReg value, GPRReg scratch, GPRReg scratch2);
</del><ins>+    void emitSwitchIntJump(SwitchData*, GPRReg value, GPRReg scratch);
</ins><span class="cx">     void emitSwitchImm(Node*, SwitchData*);
</span><del>-    void emitSwitchCharStringJump(SwitchData*, GPRReg value, GPRReg scratch, GPRReg scratch2);
</del><ins>+    void emitSwitchCharStringJump(SwitchData*, GPRReg value, GPRReg scratch);
</ins><span class="cx">     void emitSwitchChar(Node*, SwitchData*);
</span><span class="cx">     void emitBinarySwitchStringRecurse(
</span><span class="cx">         SwitchData*, const Vector<StringSwitchCase>&, unsigned numChecked,
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp     2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -5645,7 +5645,7 @@
</span><span class="cx">         LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowCase);
</span><span class="cx"> 
</span><span class="cx">         LValue fastResultValue = allocateObject<StringObject>(structure, m_out.intPtrZero, slowCase);
</span><del>-        m_out.storePtr(m_out.constIntPtr(PoisonedClassInfoPtr(StringObject::info()).bits()), fastResultValue, m_heaps.JSDestructibleObject_classInfo);
</del><ins>+        m_out.storePtr(m_out.constIntPtr(StringObject::info()), fastResultValue, m_heaps.JSDestructibleObject_classInfo);
</ins><span class="cx">         m_out.store64(string, fastResultValue, m_heaps.JSWrapperObject_internalValue);
</span><span class="cx">         mutatorFence();
</span><span class="cx">         ValueFromBlock fastResult = m_out.anchor(fastResultValue);
</span><span class="lines">@@ -12153,8 +12153,7 @@
</span><span class="cx">             LBasicBlock continuation = m_out.newBlock();
</span><span class="cx"> 
</span><span class="cx">             LValue structure = loadStructure(cell);
</span><del>-            LValue poisonedClassInfo = m_out.loadPtr(structure, m_heaps.Structure_classInfo);
-            LValue classInfo = m_out.bitXor(poisonedClassInfo, m_out.constInt64(GlobalDataPoison::key()));
</del><ins>+            LValue classInfo = m_out.loadPtr(structure, m_heaps.Structure_classInfo);
</ins><span class="cx">             ValueFromBlock otherAtStart = m_out.anchor(classInfo);
</span><span class="cx">             m_out.jump(loop);
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorejitAssemblyHelpersh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/AssemblyHelpers.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/AssemblyHelpers.h       2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/AssemblyHelpers.h  2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1798,7 +1798,7 @@
</span><span class="cx">     {
</span><span class="cx">         auto butterfly = TrustedImmPtr(nullptr);
</span><span class="cx">         emitAllocateJSObject<ClassType>(vm, resultGPR, TrustedImmPtr(structure), butterfly, scratchGPR1, scratchGPR2, slowPath);
</span><del>-        storePtr(TrustedImmPtr(PoisonedClassInfoPtr(structure->classInfo()).bits()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));
</del><ins>+        storePtr(TrustedImmPtr(structure->classInfo()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));
</ins><span class="cx">     }
</span><span class="cx">     
</span><span class="cx">     void emitInitializeInlineStorage(GPRReg baseGPR, unsigned inlineCapacity)
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorejitThunkGeneratorscpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/ThunkGenerators.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/ThunkGenerators.cpp     2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/jit/ThunkGenerators.cpp        2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -213,10 +213,6 @@
</span><span class="cx">     
</span><span class="cx">     // Now we know that we have a CodeBlock, and we're committed to making a fast
</span><span class="cx">     // call.
</span><del>-#if USE(JSVALUE64)
-    jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), GPRInfo::regT1);
-    jit.xor64(GPRInfo::regT1, GPRInfo::regT4);
-#endif
</del><span class="cx"> 
</span><span class="cx">     // Make a tail call. This will return back to JIT code.
</span><span class="cx">     JSInterfaceJIT::Label callCode(jit.label());
</span><span class="lines">@@ -1248,10 +1244,6 @@
</span><span class="cx">         GPRInfo::regT0);
</span><span class="cx">     CCallHelpers::Jump noCode = jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::regT0);
</span><span class="cx">     
</span><del>-#if USE(JSVALUE64)
-    jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), GPRInfo::regT1);
-    jit.xor64(GPRInfo::regT1, GPRInfo::regT0);
-#endif
</del><span class="cx">     emitPointerValidation(jit, GPRInfo::regT0, JSEntryPtrTag);
</span><span class="cx">     jit.call(GPRInfo::regT0, JSEntryPtrTag);
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSCPoisonh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSCPoison.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSCPoison.h 2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSCPoison.h    2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -32,9 +32,6 @@
</span><span class="cx"> // Let's keep the following list of poisons in alphabetical order just so it's easier to read.
</span><span class="cx"> #define FOR_EACH_JSC_POISON(v) \
</span><span class="cx">     v(ArrayPrototype) \
</span><del>-    v(CodeBlock) \
-    v(GlobalData) \
-    v(JITCode) \
</del><span class="cx">     v(JSAPIWrapperObject) \
</span><span class="cx">     v(JSArrayBuffer) \
</span><span class="cx">     v(JSCallbackObject) \
</span><span class="lines">@@ -65,11 +62,6 @@
</span><span class="cx"> FOR_EACH_JSC_POISON(DECLARE_POISON)
</span><span class="cx"> #undef DECLARE_POISON
</span><span class="cx"> 
</span><del>-struct ClassInfo;
-
-using PoisonedClassInfoPtr = Poisoned<GlobalDataPoison, const ClassInfo*>;
-using PoisonedMasmPtr = Poisoned<JITCodePoison, const void*>;
-
</del><span class="cx"> void initializePoison();
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSDestructibleObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSDestructibleObject.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSDestructibleObject.h      2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSDestructibleObject.h 2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx">         return &vm.destructibleObjectSpace;
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); }
</del><ins>+    const ClassInfo* classInfo() const { return m_classInfo; }
</ins><span class="cx">     
</span><span class="cx">     static ptrdiff_t classInfoOffset() { return OBJECT_OFFSETOF(JSDestructibleObject, m_classInfo); }
</span><span class="cx"> 
</span><span class="lines">@@ -56,7 +56,7 @@
</span><span class="cx">     }
</span><span class="cx"> 
</span><span class="cx"> private:
</span><del>-    PoisonedClassInfoPtr m_classInfo;
</del><ins>+    const ClassInfo* m_classInfo;
</ins><span class="cx"> };
</span><span class="cx"> 
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeJSSegmentedVariableObjecth"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h 2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h    2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -96,7 +96,7 @@
</span><span class="cx">         return &vm.segmentedVariableObjectSpace;
</span><span class="cx">     }
</span><span class="cx">     
</span><del>-    const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); }
</del><ins>+    const ClassInfo* classInfo() const { return m_classInfo; }
</ins><span class="cx">     
</span><span class="cx"> protected:
</span><span class="cx">     JSSegmentedVariableObject(VM&, Structure*, JSScope*);
</span><span class="lines">@@ -107,7 +107,7 @@
</span><span class="cx">     
</span><span class="cx"> private:
</span><span class="cx">     SegmentedVector<WriteBarrier<Unknown>, 16> m_variables;
</span><del>-    PoisonedClassInfoPtr m_classInfo;
</del><ins>+    const ClassInfo* m_classInfo;
</ins><span class="cx">     ConcurrentJSLock m_lock;
</span><span class="cx">     bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once.
</span><span class="cx"> };
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeStructureh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/Structure.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/Structure.h 2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/Structure.h    2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -490,7 +490,7 @@
</span><span class="cx"> 
</span><span class="cx">     void setObjectToStringValue(ExecState*, VM&, JSString* value, PropertySlot toStringTagSymbolSlot);
</span><span class="cx"> 
</span><del>-    const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); }
</del><ins>+    const ClassInfo* classInfo() const { return m_classInfo; }
</ins><span class="cx"> 
</span><span class="cx">     static ptrdiff_t structureIDOffset()
</span><span class="cx">     {
</span><span class="lines">@@ -768,7 +768,7 @@
</span><span class="cx"> 
</span><span class="cx">     RefPtr<UniquedStringImpl> m_nameInPrevious;
</span><span class="cx"> 
</span><del>-    PoisonedClassInfoPtr m_classInfo;
</del><ins>+    const ClassInfo* m_classInfo;
</ins><span class="cx"> 
</span><span class="cx">     StructureTransitionTable m_transitionTable;
</span><span class="cx"> 
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h        2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/runtime/VM.h   2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -546,7 +546,7 @@
</span><span class="cx">     std::unique_ptr<PromiseDeferredTimer> promiseDeferredTimer;
</span><span class="cx">     
</span><span class="cx">     JSCell* currentlyDestructingCallbackObject;
</span><del>-    PoisonedClassInfoPtr currentlyDestructingCallbackObjectClassInfo;
</del><ins>+    const ClassInfo* currentlyDestructingCallbackObjectClassInfo { nullptr };
</ins><span class="cx"> 
</span><span class="cx">     AtomicStringTable* m_atomicStringTable;
</span><span class="cx">     WTF::SymbolRegistry m_symbolRegistry;
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorewasmWasmB3IRGeneratorcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp  2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp     2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -1128,8 +1128,6 @@
</span><span class="cx">         // https://bugs.webkit.org/show_bug.cgi?id=170375
</span><span class="cx">         Value* jumpDestination = isEmbedderBlock->appendNew<MemoryValue>(m_proc,
</span><span class="cx">             Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfWasmToEmbedderStub(functionIndex)));
</span><del>-        if (Options::usePoisoning())
-            jumpDestination = isEmbedderBlock->appendNew<Value>(m_proc, BitXor, origin(), jumpDestination, isEmbedderBlock->appendNew<Const64Value>(m_proc, origin(), g_JITCodePoison));
</del><span class="cx"> 
</span><span class="cx">         Value* embedderCallResult = wasmCallingConvention().setupCall(m_proc, isEmbedderBlock, origin(), args, toB3Type(returnType),
</span><span class="cx">             [=] (PatchpointValue* patchpoint) {
</span><span class="lines">@@ -1308,8 +1306,6 @@
</span><span class="cx">     ExpressionType calleeCode = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(),
</span><span class="cx">         m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), callableFunction,
</span><span class="cx">             safeCast<int32_t>(WasmToWasmImportableFunction::offsetOfEntrypointLoadLocation())));
</span><del>-    if (Options::usePoisoning())
-        calleeCode = m_currentBlock->appendNew<Value>(m_proc, BitXor, origin(), calleeCode, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), g_JITCodePoison));
</del><span class="cx"> 
</span><span class="cx">     Type returnType = signature.returnType();
</span><span class="cx">     result = wasmCallingConvention().setupCall(m_proc, m_currentBlock, origin(), args, toB3Type(returnType),
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit224SourceJavaScriptCorewasmWasmBindingcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmBinding.cpp (242471 => 242472)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmBinding.cpp        2019-03-05 17:20:55 UTC (rev 242471)
+++ releases/WebKitGTK/webkit-2.24/Source/JavaScriptCore/wasm/WasmBinding.cpp   2019-03-05 17:21:03 UTC (rev 242472)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
</ins><span class="cx">  *
</span><span class="cx">  * Redistribution and use in source and binary forms, with or without
</span><span class="cx">  * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -78,8 +78,6 @@
</span><span class="cx"> 
</span><span class="cx">     // Tail call into the callee WebAssembly function.
</span><span class="cx">     jit.loadPtr(scratch, scratch);
</span><del>-    if (Options::usePoisoning())
-        jit.xorPtr(JIT::TrustedImmPtr(g_JITCodePoison), scratch);
</del><span class="cx">     jit.jump(scratch, WasmEntryPtrTag);
</span><span class="cx"> 
</span><span class="cx">     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, JITCompilationCanFail);
</span></span></pre>
</div>
</div>

</body>
</html>