Fix incorrect deref behavior

ChAoSUnItY · ChAoSUnItY · commit c4aa86f9e7da · 2025-03-20T18:48:04.000+08:00
Previously, using subscription operator (literally "[]") with arrow
operator (literally "-&gt;") would cause incorrect dereference result due
to inappropriate delayed dereference strategy. In this patch, by adding
dereference instructin when encountered subscription operator and under
correct circumstances fixes the issue.
diff --git a/src/globals.c b/src/globals.c
@@ -250,9 +250,7 @@ void hashmap_free(hashmap_t *map)
             next = cur->next;
             free(cur->key);
             free(cur->val);
-            /* FIXME: Remove this if-clause will cause double free error */
-            if (cur != map->buckets[0])
-                free(cur);
+            free(cur);
             cur = next;
         }
     }
diff --git a/src/parser.c b/src/parser.c
@@ -805,7 +805,7 @@ void read_expr_operand(block_t *parent, basic_block_t **bb)
 
         lex_peek(T_identifier, token);
         var_t *var = find_var(token, parent);
-        read_lvalue(&lvalue, var, parent, bb, 0, OP_generic);
+        read_lvalue(&lvalue, var, parent, bb, false, OP_generic);
 
         if (!lvalue.is_reference) {
             ph1_ir = add_ph1_ir(OP_address_of);
@@ -825,7 +825,7 @@ void read_expr_operand(block_t *parent, basic_block_t **bb)
         int open_bracket = lex_accept(T_open_bracket);
         lex_peek(T_identifier, token);
         var_t *var = find_var(token, parent);
-        read_lvalue(&lvalue, var, parent, bb, 1, OP_generic);
+        read_lvalue(&lvalue, var, parent, bb, true, OP_generic);
         if (open_bracket)
             lex_expect(T_close_bracket);
 
@@ -962,7 +962,7 @@ void read_expr_operand(block_t *parent, basic_block_t **bb)
         } else if (var) {
             /* evalue lvalue expression */
             lvalue_t lvalue;
-            read_lvalue(&lvalue, var, parent, bb, 1, prefix_op);
+            read_lvalue(&lvalue, var, parent, bb, true, prefix_op);
 
             /* is it an indirect call with function pointer? */
             if (lex_peek(T_open_bracket, NULL)) {
@@ -1260,6 +1260,18 @@ void read_lvalue(lvalue_t *lvalue,
     while (lex_peek(T_open_square, NULL) || lex_peek(T_arrow, NULL) ||
            lex_peek(T_dot, NULL)) {
         if (lex_accept(T_open_square)) {
+            if (lvalue->is_reference && lvalue->is_ptr && is_member) {
+                ph1_ir = add_ph1_ir(OP_read);
+                ph1_ir->src0 = opstack_pop();
+                vd = require_var(parent);
+                strcpy(vd->var_name, gen_name());
+                ph1_ir->dest = vd;
+                opstack_push(vd);
+                ph1_ir->size = 4;
+                add_insn(parent, *bb, OP_read, ph1_ir->dest, ph1_ir->src0, NULL,
+                         ph1_ir->size, NULL);
+            }
+
             /* var must be either a pointer or an array of some type */
             if (var->is_ptr == 0 && var->array_size == 0)
                 error("Cannot apply square operator to non-pointer");
@@ -1860,7 +1872,7 @@ bool read_body_assignment(char *token,
         int size = 0;
 
         /* has memory address that we want to set */
-        read_lvalue(&lvalue, var, parent, bb, 0, OP_generic);
+        read_lvalue(&lvalue, var, parent, bb, false, OP_generic);
         size = lvalue.size;
 
         if (lex_accept(T_increment)) {
diff --git a/src/reg-alloc.c b/src/reg-alloc.c
@@ -320,10 +320,13 @@ void reg_alloc()
         if (fn->func->va_args) {
             for (int i = 0; i < MAX_PARAMS; i++) {
                 ph2_ir_t *ir = bb_add_ph2_ir(fn->bbs, OP_store);
+                // FIXME: Currently derefence issue caused by mixed subscription
+                // and arrow operators is fixed, but the original code is now
+                // causing problem, fixing it later.
+                var_t *param_def = &fn->func->param_defs[i];
 
                 if (i < fn->func->num_params)
-                    fn->func->param_defs[i].subscripts[0]->offset =
-                        fn->func->stack_size;
+                    param_def->subscripts[0]->offset = fn->func->stack_size;
 
                 ir->src0 = i;
                 ir->src1 = fn->func->stack_size;
diff --git a/tests/driver.sh b/tests/driver.sh
@@ -433,6 +433,38 @@ int main() {
 }
 EOF
 
+# Mixed subscription and arrow operator,
+# excerpt from issue #165
+try_output 0 "DDD" << EOF
+#include <stdlib.h>
+#include <string.h>
+
+char a[100];
+
+typedef struct {
+    char *raw;
+} data_t;
+
+void init_data(data_t *data, char *raw) {
+    data->raw = raw;
+}
+
+int main() {
+    strcpy(a, "DATA");
+    data_t *data = malloc(sizeof(data_t));
+    init_data(data, a);
+    
+    char *raw = data->raw;
+    printf("%c", a[0]);
+    printf("%c", raw[0]);
+    printf("%c", data->raw[0]);
+    
+    
+    free(data);
+    return 0;
+}
+EOF
+
 # global initialization
 try_ 20 << EOF
 int a = 5 * 2;

Original file line number	Diff line number	Diff line change
`@@ -250,9 +250,7 @@ void hashmap_free(hashmap_t *map)`
`250`	`250`	`next = cur->next;`
`251`	`251`	`free(cur->key);`
`252`	`252`	`free(cur->val);`
`253`		`- /* FIXME: Remove this if-clause will cause double free error */`
`254`		`- if (cur != map->buckets[0])`
`255`		`- free(cur);`
	`253`	`+ free(cur);`
`256`	`254`	`cur = next;`
`257`	`255`	`}`
`258`	`256`	`}`