NEW234964
B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED() 
https://bugs.webkit.org/show_bug.cgi?id=234964
Summary B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ...
David Kilzer (:ddkilzer)
Reported 2022-01-07 10:24:42 PST
Class B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED(). These fall-throughs should either use RELEASE_ASSERT_NOT_REACHED(), or add a `return Inst();` statement after ASSERT_NOT_REACHED(). Presumably the switch statement will never fall through unless there is memory corruption, so a RELEASE_ASSERT_NOT_REACHED() would catch such corruption much earlier. For example: [this] ( Width width, const Arg& relCond, ArgPromise& left, ArgPromise& right) -> Inst { switch (width) { case Width8: case Width16: return Inst(); case Width32: if (isValidForm(Compare32, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) { return left.inst(right.inst( Compare32, m_value, relCond, left.consume(*this), right.consume(*this), tmp(m_value))); } return Inst(); case Width64: if (isValidForm(Compare64, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) { return left.inst(right.inst( Compare64, m_value, relCond, left.consume(*this), right.consume(*this), tmp(m_value))); } return Inst(); } ASSERT_NOT_REACHED(); }, See Source/JavaScriptCore/b3/B3LowerToAir.cpp.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-01-07 10:25:13 PST
<rdar://problem/87259779>
David Kilzer (:ddkilzer)
Comment 2 2022-01-07 10:26:05 PST
There are six places where this pattern is used: ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1859: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1889: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1937: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1961: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2028: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2043: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]
Note You need to log in before you can comment on or make changes to this bug.