Class B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED(). These fall-throughs should either use RELEASE_ASSERT_NOT_REACHED(), or add a `return Inst();` statement after ASSERT_NOT_REACHED(). Presumably the switch statement will never fall through unless there is memory corruption, so a RELEASE_ASSERT_NOT_REACHED() would catch such corruption much earlier. For example: [this] ( Width width, const Arg& relCond, ArgPromise& left, ArgPromise& right) -> Inst { switch (width) { case Width8: case Width16: return Inst(); case Width32: if (isValidForm(Compare32, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) { return left.inst(right.inst( Compare32, m_value, relCond, left.consume(*this), right.consume(*this), tmp(m_value))); } return Inst(); case Width64: if (isValidForm(Compare64, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) { return left.inst(right.inst( Compare64, m_value, relCond, left.consume(*this), right.consume(*this), tmp(m_value))); } return Inst(); } ASSERT_NOT_REACHED(); }, See Source/JavaScriptCore/b3/B3LowerToAir.cpp.
<rdar://problem/87259779>
There are six places where this pattern is used: ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1859: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1889: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1937: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:1961: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2028: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4] ERROR: Source/JavaScriptCore/b3/B3LowerToAir.cpp:2043: ASSERT_NOT_REACHED() statement fallthrough may result in unexpected code execution. [security/assertion_fallthrough] [4]