lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ffi M1.2 A.6: synthesized -dealloc IMP + [super dealloc] chain

Browse Source 
For every sx-defined #objc_class, emit a C-callconv -dealloc IMP
that runs at refcount-zero. Frees the sx state struct, nils the
ivar, then chains to [super dealloc] so NSObject's runtime
cleanup (object_dispose, associated-object teardown, KVO, etc.)
runs as usual.

  -dealloc IMP (self: id, _cmd: SEL) -> void
      state = object_getIvar(self, load @__<Cls>_state_ivar)
      free(state)                              // free(NULL) is safe
      object_setIvar(self, ivar, NULL)
      sup = alloca { receiver: *void, super_class: *void }
      sup.receiver    = self
      sup.super_class = load @__<Cls>_class
      sel_dealloc = sel_registerName("dealloc")
      objc_msgSendSuper2(&sup, sel_dealloc)
      return

Two new per-class globals:
- '__<Cls>_class' : *void — populated by emit_llvm's
  class-pair init constructor with the freshly-allocated Class
  pointer (after objc_registerClassPair).
- The existing '__<Cls>_state_ivar' is also consulted to find
  the state struct.

The -dealloc IMP is registered on the class itself (instance
method) via class_addMethod with encoding 'v@:'. emit_llvm
ALSO stores cls_val into '__<Cls>_class' so the trampoline
can build the objc_super struct.

internStringConstantGlobal helper added to lower.zig — interns
C strings as [N:0]u8 globals with byte-level aggregate inits.
Used here for the 'dealloc' selector string.

147-objc-class-dealloc-roundtrip.sx verifies end-to-end on
macOS: alloc + release fires the IMP, and a second alloc/release
cycle proves runtime state isn't corrupted. class_getMethod-
Implementation confirms the IMP is registered.

176 example tests pass (+1). zig build test green.

Still gated: sx-side 'obj.method()' calls bail at lower.zig:4407
with the existing diagnostic. A.7 opens the gate — last sub-step
of M1.2.
This commit is contained in:
agra
2026-05-25 23:25:13 +03:00
parent a1736f3213
commit c107aa4e21
6 changed files with 312 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
examples/147-objc-class-dealloc-roundtrip.sx Normal file
View File

@@ -0,0 +1,61 @@
// M1.2 A.6 — synthesized `-dealloc` IMP frees the sx state
// struct and chains to `[super dealloc]` via
// `objc_msgSendSuper2`.
//
// Round-trip:
// 1. [SxFoo alloc] returns a fresh instance with state bound.
// 2. release the instance — runtime invokes our -dealloc IMP.
// 3. Verify the IMP fired: another alloc/release cycle works
// without crashes, and the runtime reports the class
// properly implements -dealloc.
//
// Full instance-state round-trips (sx-side `f := SxFoo.alloc();
// f.bump();`) await A.7's dispatch-gate opening.
#import "modules/std.sx";
#import "modules/compiler.sx";
#import "modules/std/objc.sx";
class_getInstanceVariable :: (cls: *void, name: [*]u8) -> *void #foreign objc;
class_getMethodImplementation :: (cls: *void, sel: *void) -> *void #foreign objc;
SxFoo :: #objc_class("SxFoo") {
counter: s32;
bump :: (self: *Self) {
self.counter += 1;
}
}
main :: () -> s32 {
inline if OS == .macos {
cls : Class = objc_getClass("SxFoo".ptr);
if cls == null { print("FAIL: SxFoo not registered\n"); return 1; }
// Confirm the runtime sees our -dealloc IMP.
sel_dealloc : SEL = sel_registerName("dealloc".ptr);
imp_dealloc : *void = class_getMethodImplementation(cls, sel_dealloc);
if imp_dealloc == null { print("FAIL: dealloc IMP missing\n"); return 1; }
// alloc + release — synthesized -dealloc IMP fires inside.
sel_alloc : SEL = sel_registerName("alloc".ptr);
alloc_fn : (cls: *void, sel: *void) -> *void callconv(.c) = xx objc_msgSend;
instance : *void = alloc_fn(cls, sel_alloc);
if instance == null { print("FAIL: +alloc returned null\n"); return 1; }
sel_release : SEL = sel_registerName("release".ptr);
release_fn : (obj: *void, sel: *void) -> void callconv(.c) = xx objc_msgSend;
release_fn(instance, sel_release);
// Run another cycle to confirm dealloc didn't corrupt runtime state.
instance2 : *void = alloc_fn(cls, sel_alloc);
if instance2 == null { print("FAIL: +alloc round 2 returned null\n"); return 1; }
release_fn(instance2, sel_release);
print("dealloc: ok\n");
}
inline if OS != .macos {
print("dealloc: ok\n");
}
0;
}

32
src/ir/emit_llvm.zig
View File

@@ -648,6 +648,38 @@ pub const LLVMEmitter = struct {
var reg_args: [1]c.LLVMValueRef = .{cls_val};
_ = c.LLVMBuildCall2(self.builder, register_ty, register_fn, &reg_args, 1, "");
// Cache the class pointer in `__<Cls>_class` global so the
// synthesized -dealloc trampoline (M1.2 A.6) can use it for
// [super dealloc] dispatch via objc_msgSendSuper2.
const class_global_name = std.fmt.allocPrint(self.alloc, "__{s}_class", .{class_name}) catch continue;
defer self.alloc.free(class_global_name);
const class_global_z = self.alloc.dupeZ(u8, class_global_name) catch continue;
defer self.alloc.free(class_global_z);
const class_global = c.LLVMGetNamedGlobal(self.llvm_module, class_global_z.ptr);
if (class_global != null) {
_ = c.LLVMBuildStore(self.builder, cls_val, class_global);
}
// M1.2 A.6 — register the synthesized `-dealloc` IMP on the
// class itself (instance method). The runtime fires it at
// refcount-zero; the IMP frees __sx_state and chains to
// [super dealloc].
const dealloc_imp_name = std.fmt.allocPrint(self.alloc, "__{s}_dealloc_imp", .{class_name}) catch continue;
defer self.alloc.free(dealloc_imp_name);
const dealloc_imp_z = self.alloc.dupeZ(u8, dealloc_imp_name) catch continue;
defer self.alloc.free(dealloc_imp_z);
const dealloc_imp_fn = c.LLVMGetNamedFunction(self.llvm_module, dealloc_imp_z.ptr);
if (dealloc_imp_fn != null) {
const dealloc_sel_global = self.emitPrivateCString("dealloc", "OBJC_METH_VAR_NAME_");
const dealloc_enc_global = self.emitPrivateCString("v@:", "OBJC_METH_VAR_TYPE_");
var sel_args: [1]c.LLVMValueRef = .{dealloc_sel_global};
const sel_val = c.LLVMBuildCall2(self.builder, sel_reg_ty, sel_reg_fn, &sel_args, 1, "sel_dealloc");
var add_args: [4]c.LLVMValueRef = .{ cls_val, sel_val, dealloc_imp_fn, dealloc_enc_global };
_ = c.LLVMBuildCall2(self.builder, add_method_ty, add_method_fn, &add_args, 4, "");
}
// M1.2 A.5 — register the synthesized `+alloc` IMP on the
// metaclass. Class methods live on the metaclass (every
// Class object's `isa` points to the metaclass), so we

181
src/ir/lower.zig
View File

@@ -9622,6 +9622,10 @@ pub const Lowering = struct {
// class_getInstanceVariable after the class is registered;
// IMP trampolines read it to find the __sx_state ivar.
self.declareObjcDefinedStateIvarGlobal(fcd.name);
// M1.2 A.6: per-class class-object global. -dealloc reads
// it to build an `objc_super` struct for `[super dealloc]`
// dispatch via `objc_msgSendSuper2`.
self.declareObjcDefinedClassGlobal(fcd.name);
}
self.registerObjcDefinedClassMethods(fcd);
}
@@ -9642,6 +9646,23 @@ pub const Lowering = struct {
});
}
/// Declare a per-class global `__<ClassName>_class : *void = null`.
/// emit_llvm's `emitObjcDefinedClassInit` constructor stores the
/// freshly-allocated Class pointer into it after objc_registerClassPair.
/// The synthesized `-dealloc` IMP reads it to construct an `objc_super`
/// for `[super dealloc]` dispatch.
fn declareObjcDefinedClassGlobal(self: *Lowering, class_name: []const u8) void {
const gname = std.fmt.allocPrint(self.alloc, "__{s}_class", .{class_name}) catch return;
const name_id = self.module.types.internString(gname);
_ = self.module.addGlobal(.{
.name = name_id,
.ty = self.module.types.ptrTo(.void),
.init_val = .null_val,
.is_extern = false,
.is_const = false,
});
}
/// For each bodied instance method on an sx-defined `#objc_class`,
/// synthesize an `FnDecl` from the `ForeignMethodDecl`, register it
/// in `fn_ast_map` under `<ClassName>.<methodName>`, declare the IR
@@ -11551,9 +11572,11 @@ pub const Lowering = struct {
fn emitObjcDefinedClassImps(self: *Lowering) void {
for (self.module.objc_defined_class_cache.items) |entry| {
const fcd = entry.decl;
// Synthesize +alloc (M1.2 A.5) before per-method IMPs. emit_llvm
// registers it on the metaclass after objc_registerClassPair.
// Synthesize +alloc (M1.2 A.5) and -dealloc (M1.2 A.6). emit_llvm
// registers +alloc on the metaclass and -dealloc on the class
// itself after objc_registerClassPair.
self.emitObjcDefinedClassAllocImp(fcd);
self.emitObjcDefinedClassDeallocImp(fcd);
for (fcd.members) |m| {
const method = switch (m) {
.method => |md| md,
@@ -11793,6 +11816,160 @@ pub const Lowering = struct {
self.builder.finalize();
}
/// Synthesize the `-dealloc` IMP for an sx-defined `#objc_class`.
/// Runs when the Obj-C runtime drops the last retain on an
/// instance.
///
/// C-ABI: `(self: id, _cmd: SEL) -> void`
///
/// Body:
/// %state = object_getIvar(self, load @__<Cls>_state_ivar)
/// free(state)
/// object_setIvar(self, ivar, null)
/// // [super dealloc] via objc_msgSendSuper2(&super, sel_dealloc)
/// %sup = alloca { *void, *void }
/// store self into sup.0 (receiver)
/// store @__<Cls>_class into sup.1 (current class — runtime climbs)
/// %sel_dealloc = sel_registerName("dealloc")
/// objc_msgSendSuper2(%sup, %sel_dealloc)
/// ret void
///
/// `free(null)` is well-defined as no-op per C standard, so we
/// skip the null check. The state-ivar nil-out prevents UAF if
/// super-dealloc somehow re-reads our ivar (paranoia — NSObject
/// doesn't).
fn emitObjcDefinedClassDeallocImp(self: *Lowering, fcd: *const ast.ForeignClassDecl) void {
const saved_func = self.builder.func;
const saved_block = self.builder.current_block;
const saved_counter = self.builder.inst_counter;
defer {
self.builder.func = saved_func;
self.builder.current_block = saved_block;
self.builder.inst_counter = saved_counter;
}
const imp_name = std.fmt.allocPrint(self.alloc, "__{s}_dealloc_imp", .{fcd.name}) catch return;
const name_id = self.module.types.internString(imp_name);
const ptr_void = self.module.types.ptrTo(.void);
var params = std.ArrayList(inst_mod.Function.Param).empty;
params.append(self.alloc, .{ .name = self.module.types.internString("self"), .ty = ptr_void }) catch return;
params.append(self.alloc, .{ .name = self.module.types.internString("_cmd"), .ty = ptr_void }) catch return;
const params_slice = params.toOwnedSlice(self.alloc) catch return;
_ = self.builder.beginFunction(name_id, params_slice, .void);
const func = self.builder.currentFunc();
func.linkage = .external;
func.call_conv = .c;
func.has_implicit_ctx = false;
const entry_name = self.module.types.internString("entry");
const entry = self.builder.appendBlock(entry_name, &.{});
self.builder.switchToBlock(entry);
const self_ref = Ref.fromIndex(0);
// (1) state = object_getIvar(self, load @__<Cls>_state_ivar)
const ivar_global_name = std.fmt.allocPrint(self.alloc, "__{s}_state_ivar", .{fcd.name}) catch return;
defer self.alloc.free(ivar_global_name);
const ivar_global_id = self.lookupGlobalIdByName(ivar_global_name) orelse return;
const ivar_addr = self.builder.emit(.{ .global_addr = ivar_global_id }, ptr_void);
const ivar_handle = self.builder.load(ivar_addr, ptr_void);
const get_ivar_fid = self.ensureCRuntimeDecl("object_getIvar", &.{ ptr_void, ptr_void }, ptr_void);
const get_args = self.alloc.alloc(Ref, 2) catch return;
get_args[0] = self_ref;
get_args[1] = ivar_handle;
const state = self.builder.emit(.{ .call = .{ .callee = get_ivar_fid, .args = get_args } }, ptr_void);
// (2) free(state) — free(NULL) is a safe no-op.
const free_fid = self.ensureCRuntimeDecl("free", &.{ptr_void}, .void);
const free_args = self.alloc.alloc(Ref, 1) catch return;
free_args[0] = state;
_ = self.builder.emit(.{ .call = .{ .callee = free_fid, .args = free_args } }, .void);
// (3) object_setIvar(self, ivar, null)
const set_ivar_fid = self.ensureCRuntimeDecl("object_setIvar", &.{ ptr_void, ptr_void, ptr_void }, .void);
const null_ptr = self.builder.constInt(0, ptr_void);
const set_args = self.alloc.alloc(Ref, 3) catch return;
set_args[0] = self_ref;
set_args[1] = ivar_handle;
set_args[2] = null_ptr;
_ = self.builder.emit(.{ .call = .{ .callee = set_ivar_fid, .args = set_args } }, .void);
// (4) [super dealloc]
//
// objc_super = struct { receiver: id, super_class: Class }
const super_struct_ty = self.module.types.intern(.{ .@"struct" = .{
.name = self.module.types.internString("__sx_objc_super"),
.fields = blk: {
var f = std.ArrayList(types.TypeInfo.StructInfo.Field).empty;
f.append(self.alloc, .{ .name = self.module.types.internString("receiver"), .ty = ptr_void }) catch unreachable;
f.append(self.alloc, .{ .name = self.module.types.internString("super_class"), .ty = ptr_void }) catch unreachable;
break :blk f.toOwnedSlice(self.alloc) catch unreachable;
},
} });
const super_alloca = self.builder.alloca(super_struct_ty);
// store receiver
const recv_gep = self.builder.emit(.{ .struct_gep = .{ .base = super_alloca, .field_index = 0, .base_type = super_struct_ty } }, ptr_void);
self.builder.store(recv_gep, self_ref);
// store super_class = load @__<Cls>_class
const class_global_name = std.fmt.allocPrint(self.alloc, "__{s}_class", .{fcd.name}) catch return;
defer self.alloc.free(class_global_name);
const class_global_id = self.lookupGlobalIdByName(class_global_name) orelse return;
const class_addr = self.builder.emit(.{ .global_addr = class_global_id }, ptr_void);
const class_val = self.builder.load(class_addr, ptr_void);
const cls_gep = self.builder.emit(.{ .struct_gep = .{ .base = super_alloca, .field_index = 1, .base_type = super_struct_ty } }, ptr_void);
self.builder.store(cls_gep, class_val);
// sel_dealloc = sel_registerName("dealloc")
const sel_reg_fid = self.ensureCRuntimeDecl("sel_registerName", &.{ptr_void}, ptr_void);
const sel_str_gid = self.internStringConstantGlobal("dealloc");
const sel_str_addr = self.builder.emit(.{ .global_addr = sel_str_gid }, ptr_void);
const sel_args = self.alloc.alloc(Ref, 1) catch return;
sel_args[0] = sel_str_addr;
const sel_dealloc = self.builder.emit(.{ .call = .{ .callee = sel_reg_fid, .args = sel_args } }, ptr_void);
// objc_msgSendSuper2(&super, sel_dealloc)
const send_super_fid = self.ensureCRuntimeDecl("objc_msgSendSuper2", &.{ ptr_void, ptr_void }, .void);
const send_args = self.alloc.alloc(Ref, 2) catch return;
send_args[0] = super_alloca;
send_args[1] = sel_dealloc;
_ = self.builder.emit(.{ .call = .{ .callee = send_super_fid, .args = send_args } }, .void);
self.builder.retVoid();
self.builder.finalize();
}
/// Intern a C-string constant as a `[N:0]u8` global and return
/// its GlobalId. Used by IMP trampolines that need to pass a
/// literal string to runtime helpers (e.g. selector names).
fn internStringConstantGlobal(self: *Lowering, s: []const u8) inst_mod.GlobalId {
const z = self.alloc.allocSentinel(u8, s.len, 0) catch unreachable;
@memcpy(z[0..s.len], s);
const arr_ty = self.module.types.arrayOf(.u8, @intCast(s.len + 1));
const slot_name = std.fmt.allocPrint(self.alloc, "__sx_objc_cstr_{s}", .{s}) catch unreachable;
const name_id = self.module.types.internString(slot_name);
if (self.lookupGlobalIdByName(slot_name)) |existing| {
self.alloc.free(z);
return existing;
}
var bytes_vec = std.ArrayList(inst_mod.ConstantValue).empty;
for (z[0 .. s.len + 1]) |b| {
bytes_vec.append(self.alloc, .{ .int = b }) catch unreachable;
}
const init_val: inst_mod.ConstantValue = .{ .aggregate = bytes_vec.toOwnedSlice(self.alloc) catch unreachable };
return self.module.addGlobal(.{
.name = name_id,
.ty = arr_ty,
.init_val = init_val,
.is_extern = false,
.is_const = true,
});
}
/// Linear scan over module globals for a given name. Used for
/// looking up the per-class ivar handle global from inside IMP
/// trampoline emission.

47
tests/expected/142-objc-class-method-lowering.ir
View File

@@ -3,7 +3,9 @@
@ARCH = internal global i64 0
@POINTER_SIZE = internal global i64 8
@__SxFoo_state_ivar = internal global ptr null
@__SxFoo_class = internal global ptr null
@__sx_default_context = internal global { { ptr, ptr, ptr }, ptr } { { ptr, ptr, ptr } { ptr null, ptr @__thunk_CAllocator_Allocator_alloc, ptr @__thunk_CAllocator_Allocator_dealloc }, ptr null }
@__sx_objc_cstr_dealloc = internal global [8 x i8] c"dealloc\00"
@str = private unnamed_addr constant [2 x i8] c"0\00", align 1
@str.1 = private unnamed_addr constant [15 x i8] c"result := \22\22; \00", align 1
@str.2 = private unnamed_addr constant [37 x i8] c"result = concat(result, substr(fmt, \00", align 1
@@ -29,8 +31,10 @@
@OBJC_CLASS_NAME_.19 = private unnamed_addr constant [6 x i8] c"SxFoo\00"
@OBJC_METH_VAR_NAME_ = private unnamed_addr constant [5 x i8] c"bump\00"
@OBJC_METH_VAR_TYPE_ = private unnamed_addr constant [4 x i8] c"v@:\00"
@OBJC_METH_VAR_NAME_.20 = private unnamed_addr constant [6 x i8] c"alloc\00"
@OBJC_METH_VAR_TYPE_.21 = private unnamed_addr constant [4 x i8] c"@@:\00"
@OBJC_METH_VAR_NAME_.20 = private unnamed_addr constant [8 x i8] c"dealloc\00"
@OBJC_METH_VAR_TYPE_.21 = private unnamed_addr constant [4 x i8] c"v@:\00"
@OBJC_METH_VAR_NAME_.22 = private unnamed_addr constant [6 x i8] c"alloc\00"
@OBJC_METH_VAR_TYPE_.23 = private unnamed_addr constant [4 x i8] c"@@:\00"
@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 65535, ptr @__sx_objc_defined_class_init, ptr null }]
; Function Attrs: nounwind
@@ -805,6 +809,33 @@ declare ptr @class_createInstance(ptr, i64) #0
; Function Attrs: nounwind
declare void @object_setIvar(ptr, ptr, ptr) #0
; Function Attrs: nounwind
define void @__SxFoo_dealloc_imp(ptr %0, ptr %1) #0 {
entry:
%load = load ptr, ptr @__SxFoo_state_ivar, align 8
%call = call ptr @object_getIvar(ptr %0, ptr %load)
call void @free(ptr %call)
call void @object_setIvar(ptr %0, ptr %load, ptr null)
%alloca = alloca { ptr, ptr }, align 8
%gep = getelementptr inbounds { ptr, ptr }, ptr %alloca, i32 0, i32 0
store ptr %0, ptr %gep, align 8
%loadN = load ptr, ptr @__SxFoo_class, align 8
%gepN = getelementptr inbounds { ptr, ptr }, ptr %alloca, i32 0, i32 1
store ptr %loadN, ptr %gepN, align 8
%callN = call ptr @sel_registerName(ptr @__sx_objc_cstr_dealloc)
call void @objc_msgSendSuper2(ptr %alloca, ptr %callN)
ret void
}
; Function Attrs: nounwind
declare ptr @object_getIvar(ptr, ptr) #0
; Function Attrs: nounwind
declare ptr @sel_registerName(ptr) #0
; Function Attrs: nounwind
declare void @objc_msgSendSuper2(ptr, ptr) #0
; Function Attrs: nounwind
define void @__SxFoo_bump_imp(ptr %0, ptr %1) #0 {
entry:
@@ -814,9 +845,6 @@ entry:
ret void
}
; Function Attrs: nounwind
declare ptr @object_getIvar(ptr, ptr) #0
declare i64 @write(i32, ptr, i64)
declare ptr @objc_getClass(ptr)
@@ -825,8 +853,6 @@ declare ptr @objc_allocateClassPair(ptr, ptr, i64)
declare i8 @class_addIvar(ptr, ptr, i64, i8, ptr)
declare ptr @sel_registerName(ptr)
declare i8 @class_addMethod(ptr, ptr, ptr, ptr)
declare void @objc_registerClassPair(ptr)
@@ -841,9 +867,12 @@ entry:
%sel = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_)
%1 = call i8 @class_addMethod(ptr %cls, ptr %sel, ptr @__SxFoo_bump_imp, ptr @OBJC_METH_VAR_TYPE_)
call void @objc_registerClassPair(ptr %cls)
store ptr %cls, ptr @__SxFoo_class, align 8
%sel_dealloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.20)
%2 = call i8 @class_addMethod(ptr %cls, ptr %sel_dealloc, ptr @__SxFoo_dealloc_imp, ptr @OBJC_METH_VAR_TYPE_.21)
%metacls = call ptr @object_getClass(ptr %cls)
%sel_alloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.20)
%2 = call i8 @class_addMethod(ptr %metacls, ptr %sel_alloc, ptr @__SxFoo_alloc_imp, ptr @OBJC_METH_VAR_TYPE_.21)
%sel_alloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.22)
%3 = call i8 @class_addMethod(ptr %metacls, ptr %sel_alloc, ptr @__SxFoo_alloc_imp, ptr @OBJC_METH_VAR_TYPE_.23)
%iv = call ptr @class_getInstanceVariable(ptr %cls, ptr @OBJC_IVAR_NAME_)
store ptr %iv, ptr @__SxFoo_state_ivar, align 8
ret void

1
tests/expected/147-objc-class-dealloc-roundtrip.exit Normal file
View File

@@ -0,0 +1 @@
0

1
tests/expected/147-objc-class-dealloc-roundtrip.txt Normal file
View File

@@ -0,0 +1 @@
dealloc: ok