From d6e570ec5125ca72910108aea109c2bec79c6ea4 Mon Sep 17 00:00:00 2001 From: pitboss Date: Fri, 22 May 2026 01:15:08 -0500 Subject: [PATCH] [pitboss/grind] cleanup session-0004 (20260522T043516Z-29b8) --- docs/auth.md | 2 +- src/ssa/lower.rs | 53 ++++++++++++++++-------------------------------- 2 files changed, 18 insertions(+), 37 deletions(-) diff --git a/docs/auth.md b/docs/auth.md index 1de885fb..dead84f8 100644 --- a/docs/auth.md +++ b/docs/auth.md @@ -116,7 +116,7 @@ Matched as last-segment + case-insensitive `starts_with` (so a single entry `"Gu ### Recognised actor names -Recognised by default: `user.id`, `user.user_id`, `user.uid`, `session.user_id`, `current_user.id`, plus typed extractor parameters with `CurrentUser`, `SessionUser`, `AuthUser`, `Extension<...>` shapes. To add a custom binding pattern, file an issue or add a fixture; the heuristic is in [`src/auth_analysis/checks.rs`](https://github.com/elicpeter/nyx/blob/master/src/auth_analysis/checks.rs) under `extract_validation_target` and friends. +Recognised by default: `user.id`, `user.user_id`, `user.uid`, `session.user_id`, `current_user.id`, plus typed extractor parameters with `CurrentUser`, `SessionUser`, `AuthUser`, `Extension<...>` shapes. To add a custom binding pattern, file an issue or add a fixture; the heuristic lives in [`src/auth_analysis/extract/common.rs`](https://github.com/elicpeter/nyx/blob/master/src/auth_analysis/extract/common.rs) under the `*self_actor*` helpers (`collect_self_actor_binding`, `collect_typed_extractor_self_actor`, `is_self_actor_type_text`). ### Suppress diff --git a/src/ssa/lower.rs b/src/ssa/lower.rs index a72d1a45..108521ba 100644 --- a/src/ssa/lower.rs +++ b/src/ssa/lower.rs @@ -355,46 +355,27 @@ fn check_catch_block_reachability_gated(body: &SsaBody) { if let Err(err) = result { #[cfg(debug_assertions)] { - if !catch_invariant_do_not_panic() { - panic!( - "SSA catch-block reachability invariant violated:\n{}", - err.joined() - ); - } + panic!( + "SSA catch-block reachability invariant violated:\n{}", + err.joined() + ); + } + #[cfg(not(debug_assertions))] + { + tracing::warn!( + violations = %err.joined(), + "SSA catch-block reachability invariant violated; proceeding with \ + conservative orphan fallback" + ); + crate::taint::ssa_transfer::record_engine_note( + crate::engine_notes::EngineNote::SsaLoweringBailed { + reason: format!("catch_block_orphan: {}", err.joined()), + }, + ); } - tracing::warn!( - violations = %err.joined(), - "SSA catch-block reachability invariant violated; proceeding with \ - conservative orphan fallback" - ); - crate::taint::ssa_transfer::record_engine_note( - crate::engine_notes::EngineNote::SsaLoweringBailed { - reason: format!("catch_block_orphan: {}", err.joined()), - }, - ); } } -// Test-only escape hatch: when set, `check_catch_block_reachability_gated` -// takes the release-build path (warn + engine note, no panic) even under -// `debug_assertions`. Used by the invariant test that constructs a -// synthetic orphan catch body. -#[cfg(debug_assertions)] -thread_local! { - static CATCH_INVARIANT_DO_NOT_PANIC: std::cell::Cell = const { std::cell::Cell::new(false) }; -} - -#[cfg(debug_assertions)] -#[allow(dead_code)] -pub(crate) fn set_catch_invariant_do_not_panic(on: bool) { - CATCH_INVARIANT_DO_NOT_PANIC.with(|c| c.set(on)); -} - -#[cfg(debug_assertions)] -fn catch_invariant_do_not_panic() -> bool { - CATCH_INVARIANT_DO_NOT_PANIC.with(|c| c.get()) -} - /// Collect reachable nodes (BFS from entry), filtering by scope and stripping exception edges. /// Returns (reachable set, filtered edges, exception edges as (src_node, catch_node)). fn collect_reachable(