From code review, it appears that an overflow check is needed when creating a more specific Relationship. Consider the current code: ... if (sumOverflows<int>(otherRight, other.m_offset)) return *this; int otherEffectiveRight = otherRight + other.m_offset; switch (other.m_kind) { case Equal: // Return a version of *this that is Equal to other's constant. return Relationship(m_left, m_right, Equal, otherEffectiveRight - thisRight); ... We check if other's value + offset overflows, but what about the case where otherEffectiveRight - thisRight might overflow?
<rdar://84375007>
Created attachment 441964 [details] Patch
Comment on attachment 441964 [details] Patch r=me
Committed r284623 (243344@main): <https://commits.webkit.org/243344@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441964 [details].