[Webkit-unassigned] [Bug 234964] New: B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jan 7 10:24:42 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=234964

            Bug ID: 234964
           Summary: B3::(anonymous namespace)::LowerToAir uses lambda
                    pattern that falls through ASSERT_NOT_REACHED()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ddkilzer at webkit.org
        Depends on: 234932

Class B3::(anonymous namespace)::LowerToAir uses lambda pattern that falls through ASSERT_NOT_REACHED().

These fall-throughs should either use RELEASE_ASSERT_NOT_REACHED(), or add a `return Inst();` statement after ASSERT_NOT_REACHED().

Presumably the switch statement will never fall through unless there is memory corruption, so a RELEASE_ASSERT_NOT_REACHED() would catch such corruption much earlier.

For example:

            [this] (
                Width width, const Arg& relCond,
                ArgPromise& left, ArgPromise& right) -> Inst {
                switch (width) {
                case Width8:
                case Width16:
                    return Inst();
                case Width32:
                    if (isValidForm(Compare32, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) {
                        return left.inst(right.inst(
                            Compare32, m_value, relCond,
                            left.consume(*this), right.consume(*this), tmp(m_value)));
                    }
                    return Inst();
                case Width64:
                    if (isValidForm(Compare64, Arg::RelCond, left.kind(), right.kind(), Arg::Tmp)) {
                        return left.inst(right.inst(
                            Compare64, m_value, relCond,
                            left.consume(*this), right.consume(*this), tmp(m_value)));
                    }
                    return Inst();
                }
                ASSERT_NOT_REACHED();
            },


See Source/JavaScriptCore/b3/B3LowerToAir.cpp.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=234932
[Bug 234932] check-webkit-style: add checker for unexpected fall through after ASSERT_NOT_REACHED() statements
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220107/cb444f81/attachment-0001.htm>

More information about the webkit-unassigned mailing list