ZJIT: More recognizable JIT return poison, assert only when RUBY_DEBUG

A good poison value gives a recognizable fault address if someone
erroneously dereferences. Asserting the pointer is not poison shouldn't
be necessary, so move it to RUBY_DEBUG builds.

Author: XrXr

zjit.h

@@ -66,10 +66,8 @@ static inline void rb_zjit_jit_frame_update_references(zjit_jit_frame_t *jit_fra
 
 #define rb_zjit_enabled_p (rb_zjit_entry != 0)
 
-enum zjit_poison_values {
-    // Poison value used on frame push when runtime checks are enabled
-    ZJIT_JIT_RETURN_POISON = 2,
-};
+// BADFrame. The high bit is set, so likely SEGV on linux and darwin if dereferenced.
+#define ZJIT_JIT_RETURN_POISON 0xbadfbadfbadfbadfULL
 
 // Return the JITFrame pointer from cfp->jit_return, or NULL if not present.
 // YJIT also uses jit_return (as a return address), so this must only return
@@ -79,7 +77,7 @@ CFP_ZJIT_FRAME(const rb_control_frame_t *cfp)
 {
     if (!rb_zjit_enabled_p) return NULL;
 #if USE_ZJIT
-    RUBY_ASSERT_ALWAYS(cfp->jit_return != (void *)ZJIT_JIT_RETURN_POISON);
+    RUBY_ASSERT((unsigned long long)cfp->jit_return != ZJIT_JIT_RETURN_POISON);
 #endif
     return cfp->jit_return;
 }

zjit/bindgen/src/main.rs

@@ -313,7 +313,7 @@ fn main() {
         .allowlist_function("rb_zjit_insn_leaf")
         .allowlist_type("jit_bindgen_constants")
         .allowlist_type("zjit_struct_offsets")
-        .allowlist_type("zjit_poison_values")
+        .allowlist_var("ZJIT_JIT_RETURN_POISON")
         .allowlist_function("rb_assert_holding_vm_lock")
         .allowlist_function("rb_jit_shape_too_complex_p")
         .allowlist_function("rb_jit_multi_ractor_p")