Open Bug 1741396 Opened 4 years ago Updated 4 years ago

Use dynamic_cast in debug-only MDefinition::to* when --enable-cpp-rtti is enabled

Tracking

()

Status:

NEW

People

(Reporter: jseward, Assigned: jseward)

References

(Blocks 1 open bug)

Details

Julian Seward [:jseward]

Assignee

Description

•

4 years ago

MDefinition::to* do downcasts in the MIR node hierarchy using static_cast,
the correctness of which depends on the target node's op field being set correctly.
Setting it incorrectly makes it possible to use MDefinition::to* to cast invalidly,
which is potentially dangerous, particularly given that many nodes have similar
layouts.

In debug builds, when configured with --enable-cpp-rtti, it would be nice to have
those be dynamic_cast instead, so that any such mistakes will get caught at runtime.
This has proven to be helpful for example for the development in bug 1713092.

Julian Seward [:jseward]

Assignee

Updated

•

4 years ago

Blocks: sm-opt-jits

Matthew Gaudet (he/him) [:mgaudet]

Updated

•

4 years ago

Severity: -- → S3

Priority: -- → P3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Use dynamic_cast in debug-only MDefinition::to* when --enable-cpp-rtti is enabled

Categories

(Core :: JavaScript Engine: JIT, enhancement, P3)

Tracking

()

People

(Reporter: jseward, Assigned: jseward)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated