diff --git a/examples/147-objc-class-dealloc-roundtrip.sx b/examples/147-objc-class-dealloc-roundtrip.sx new file mode 100644 index 0000000..f78ba91 --- /dev/null +++ b/examples/147-objc-class-dealloc-roundtrip.sx @@ -0,0 +1,61 @@ +// M1.2 A.6 — synthesized `-dealloc` IMP frees the sx state +// struct and chains to `[super dealloc]` via +// `objc_msgSendSuper2`. +// +// Round-trip: +// 1. [SxFoo alloc] returns a fresh instance with state bound. +// 2. release the instance — runtime invokes our -dealloc IMP. +// 3. Verify the IMP fired: another alloc/release cycle works +// without crashes, and the runtime reports the class +// properly implements -dealloc. +// +// Full instance-state round-trips (sx-side `f := SxFoo.alloc(); +// f.bump();`) await A.7's dispatch-gate opening. + +#import "modules/std.sx"; +#import "modules/compiler.sx"; +#import "modules/std/objc.sx"; + +class_getInstanceVariable :: (cls: *void, name: [*]u8) -> *void #foreign objc; +class_getMethodImplementation :: (cls: *void, sel: *void) -> *void #foreign objc; + +SxFoo :: #objc_class("SxFoo") { + counter: s32; + + bump :: (self: *Self) { + self.counter += 1; + } +} + +main :: () -> s32 { + inline if OS == .macos { + cls : Class = objc_getClass("SxFoo".ptr); + if cls == null { print("FAIL: SxFoo not registered\n"); return 1; } + + // Confirm the runtime sees our -dealloc IMP. + sel_dealloc : SEL = sel_registerName("dealloc".ptr); + imp_dealloc : *void = class_getMethodImplementation(cls, sel_dealloc); + if imp_dealloc == null { print("FAIL: dealloc IMP missing\n"); return 1; } + + // alloc + release — synthesized -dealloc IMP fires inside. + sel_alloc : SEL = sel_registerName("alloc".ptr); + alloc_fn : (cls: *void, sel: *void) -> *void callconv(.c) = xx objc_msgSend; + instance : *void = alloc_fn(cls, sel_alloc); + if instance == null { print("FAIL: +alloc returned null\n"); return 1; } + + sel_release : SEL = sel_registerName("release".ptr); + release_fn : (obj: *void, sel: *void) -> void callconv(.c) = xx objc_msgSend; + release_fn(instance, sel_release); + + // Run another cycle to confirm dealloc didn't corrupt runtime state. + instance2 : *void = alloc_fn(cls, sel_alloc); + if instance2 == null { print("FAIL: +alloc round 2 returned null\n"); return 1; } + release_fn(instance2, sel_release); + + print("dealloc: ok\n"); + } + inline if OS != .macos { + print("dealloc: ok\n"); + } + 0; +} diff --git a/src/ir/emit_llvm.zig b/src/ir/emit_llvm.zig index 5b227a7..a957e24 100644 --- a/src/ir/emit_llvm.zig +++ b/src/ir/emit_llvm.zig @@ -648,6 +648,38 @@ pub const LLVMEmitter = struct { var reg_args: [1]c.LLVMValueRef = .{cls_val}; _ = c.LLVMBuildCall2(self.builder, register_ty, register_fn, ®_args, 1, ""); + // Cache the class pointer in `___class` global so the + // synthesized -dealloc trampoline (M1.2 A.6) can use it for + // [super dealloc] dispatch via objc_msgSendSuper2. + const class_global_name = std.fmt.allocPrint(self.alloc, "__{s}_class", .{class_name}) catch continue; + defer self.alloc.free(class_global_name); + const class_global_z = self.alloc.dupeZ(u8, class_global_name) catch continue; + defer self.alloc.free(class_global_z); + const class_global = c.LLVMGetNamedGlobal(self.llvm_module, class_global_z.ptr); + if (class_global != null) { + _ = c.LLVMBuildStore(self.builder, cls_val, class_global); + } + + // M1.2 A.6 — register the synthesized `-dealloc` IMP on the + // class itself (instance method). The runtime fires it at + // refcount-zero; the IMP frees __sx_state and chains to + // [super dealloc]. + const dealloc_imp_name = std.fmt.allocPrint(self.alloc, "__{s}_dealloc_imp", .{class_name}) catch continue; + defer self.alloc.free(dealloc_imp_name); + const dealloc_imp_z = self.alloc.dupeZ(u8, dealloc_imp_name) catch continue; + defer self.alloc.free(dealloc_imp_z); + const dealloc_imp_fn = c.LLVMGetNamedFunction(self.llvm_module, dealloc_imp_z.ptr); + if (dealloc_imp_fn != null) { + const dealloc_sel_global = self.emitPrivateCString("dealloc", "OBJC_METH_VAR_NAME_"); + const dealloc_enc_global = self.emitPrivateCString("v@:", "OBJC_METH_VAR_TYPE_"); + + var sel_args: [1]c.LLVMValueRef = .{dealloc_sel_global}; + const sel_val = c.LLVMBuildCall2(self.builder, sel_reg_ty, sel_reg_fn, &sel_args, 1, "sel_dealloc"); + + var add_args: [4]c.LLVMValueRef = .{ cls_val, sel_val, dealloc_imp_fn, dealloc_enc_global }; + _ = c.LLVMBuildCall2(self.builder, add_method_ty, add_method_fn, &add_args, 4, ""); + } + // M1.2 A.5 — register the synthesized `+alloc` IMP on the // metaclass. Class methods live on the metaclass (every // Class object's `isa` points to the metaclass), so we diff --git a/src/ir/lower.zig b/src/ir/lower.zig index 68dc1b8..c367035 100644 --- a/src/ir/lower.zig +++ b/src/ir/lower.zig @@ -9622,6 +9622,10 @@ pub const Lowering = struct { // class_getInstanceVariable after the class is registered; // IMP trampolines read it to find the __sx_state ivar. self.declareObjcDefinedStateIvarGlobal(fcd.name); + // M1.2 A.6: per-class class-object global. -dealloc reads + // it to build an `objc_super` struct for `[super dealloc]` + // dispatch via `objc_msgSendSuper2`. + self.declareObjcDefinedClassGlobal(fcd.name); } self.registerObjcDefinedClassMethods(fcd); } @@ -9642,6 +9646,23 @@ pub const Lowering = struct { }); } + /// Declare a per-class global `___class : *void = null`. + /// emit_llvm's `emitObjcDefinedClassInit` constructor stores the + /// freshly-allocated Class pointer into it after objc_registerClassPair. + /// The synthesized `-dealloc` IMP reads it to construct an `objc_super` + /// for `[super dealloc]` dispatch. + fn declareObjcDefinedClassGlobal(self: *Lowering, class_name: []const u8) void { + const gname = std.fmt.allocPrint(self.alloc, "__{s}_class", .{class_name}) catch return; + const name_id = self.module.types.internString(gname); + _ = self.module.addGlobal(.{ + .name = name_id, + .ty = self.module.types.ptrTo(.void), + .init_val = .null_val, + .is_extern = false, + .is_const = false, + }); + } + /// For each bodied instance method on an sx-defined `#objc_class`, /// synthesize an `FnDecl` from the `ForeignMethodDecl`, register it /// in `fn_ast_map` under `.`, declare the IR @@ -11551,9 +11572,11 @@ pub const Lowering = struct { fn emitObjcDefinedClassImps(self: *Lowering) void { for (self.module.objc_defined_class_cache.items) |entry| { const fcd = entry.decl; - // Synthesize +alloc (M1.2 A.5) before per-method IMPs. emit_llvm - // registers it on the metaclass after objc_registerClassPair. + // Synthesize +alloc (M1.2 A.5) and -dealloc (M1.2 A.6). emit_llvm + // registers +alloc on the metaclass and -dealloc on the class + // itself after objc_registerClassPair. self.emitObjcDefinedClassAllocImp(fcd); + self.emitObjcDefinedClassDeallocImp(fcd); for (fcd.members) |m| { const method = switch (m) { .method => |md| md, @@ -11793,6 +11816,160 @@ pub const Lowering = struct { self.builder.finalize(); } + /// Synthesize the `-dealloc` IMP for an sx-defined `#objc_class`. + /// Runs when the Obj-C runtime drops the last retain on an + /// instance. + /// + /// C-ABI: `(self: id, _cmd: SEL) -> void` + /// + /// Body: + /// %state = object_getIvar(self, load @___state_ivar) + /// free(state) + /// object_setIvar(self, ivar, null) + /// // [super dealloc] via objc_msgSendSuper2(&super, sel_dealloc) + /// %sup = alloca { *void, *void } + /// store self into sup.0 (receiver) + /// store @___class into sup.1 (current class — runtime climbs) + /// %sel_dealloc = sel_registerName("dealloc") + /// objc_msgSendSuper2(%sup, %sel_dealloc) + /// ret void + /// + /// `free(null)` is well-defined as no-op per C standard, so we + /// skip the null check. The state-ivar nil-out prevents UAF if + /// super-dealloc somehow re-reads our ivar (paranoia — NSObject + /// doesn't). + fn emitObjcDefinedClassDeallocImp(self: *Lowering, fcd: *const ast.ForeignClassDecl) void { + const saved_func = self.builder.func; + const saved_block = self.builder.current_block; + const saved_counter = self.builder.inst_counter; + defer { + self.builder.func = saved_func; + self.builder.current_block = saved_block; + self.builder.inst_counter = saved_counter; + } + + const imp_name = std.fmt.allocPrint(self.alloc, "__{s}_dealloc_imp", .{fcd.name}) catch return; + const name_id = self.module.types.internString(imp_name); + const ptr_void = self.module.types.ptrTo(.void); + + var params = std.ArrayList(inst_mod.Function.Param).empty; + params.append(self.alloc, .{ .name = self.module.types.internString("self"), .ty = ptr_void }) catch return; + params.append(self.alloc, .{ .name = self.module.types.internString("_cmd"), .ty = ptr_void }) catch return; + const params_slice = params.toOwnedSlice(self.alloc) catch return; + + _ = self.builder.beginFunction(name_id, params_slice, .void); + const func = self.builder.currentFunc(); + func.linkage = .external; + func.call_conv = .c; + func.has_implicit_ctx = false; + + const entry_name = self.module.types.internString("entry"); + const entry = self.builder.appendBlock(entry_name, &.{}); + self.builder.switchToBlock(entry); + + const self_ref = Ref.fromIndex(0); + + // (1) state = object_getIvar(self, load @___state_ivar) + const ivar_global_name = std.fmt.allocPrint(self.alloc, "__{s}_state_ivar", .{fcd.name}) catch return; + defer self.alloc.free(ivar_global_name); + const ivar_global_id = self.lookupGlobalIdByName(ivar_global_name) orelse return; + const ivar_addr = self.builder.emit(.{ .global_addr = ivar_global_id }, ptr_void); + const ivar_handle = self.builder.load(ivar_addr, ptr_void); + + const get_ivar_fid = self.ensureCRuntimeDecl("object_getIvar", &.{ ptr_void, ptr_void }, ptr_void); + const get_args = self.alloc.alloc(Ref, 2) catch return; + get_args[0] = self_ref; + get_args[1] = ivar_handle; + const state = self.builder.emit(.{ .call = .{ .callee = get_ivar_fid, .args = get_args } }, ptr_void); + + // (2) free(state) — free(NULL) is a safe no-op. + const free_fid = self.ensureCRuntimeDecl("free", &.{ptr_void}, .void); + const free_args = self.alloc.alloc(Ref, 1) catch return; + free_args[0] = state; + _ = self.builder.emit(.{ .call = .{ .callee = free_fid, .args = free_args } }, .void); + + // (3) object_setIvar(self, ivar, null) + const set_ivar_fid = self.ensureCRuntimeDecl("object_setIvar", &.{ ptr_void, ptr_void, ptr_void }, .void); + const null_ptr = self.builder.constInt(0, ptr_void); + const set_args = self.alloc.alloc(Ref, 3) catch return; + set_args[0] = self_ref; + set_args[1] = ivar_handle; + set_args[2] = null_ptr; + _ = self.builder.emit(.{ .call = .{ .callee = set_ivar_fid, .args = set_args } }, .void); + + // (4) [super dealloc] + // + // objc_super = struct { receiver: id, super_class: Class } + const super_struct_ty = self.module.types.intern(.{ .@"struct" = .{ + .name = self.module.types.internString("__sx_objc_super"), + .fields = blk: { + var f = std.ArrayList(types.TypeInfo.StructInfo.Field).empty; + f.append(self.alloc, .{ .name = self.module.types.internString("receiver"), .ty = ptr_void }) catch unreachable; + f.append(self.alloc, .{ .name = self.module.types.internString("super_class"), .ty = ptr_void }) catch unreachable; + break :blk f.toOwnedSlice(self.alloc) catch unreachable; + }, + } }); + const super_alloca = self.builder.alloca(super_struct_ty); + + // store receiver + const recv_gep = self.builder.emit(.{ .struct_gep = .{ .base = super_alloca, .field_index = 0, .base_type = super_struct_ty } }, ptr_void); + self.builder.store(recv_gep, self_ref); + + // store super_class = load @___class + const class_global_name = std.fmt.allocPrint(self.alloc, "__{s}_class", .{fcd.name}) catch return; + defer self.alloc.free(class_global_name); + const class_global_id = self.lookupGlobalIdByName(class_global_name) orelse return; + const class_addr = self.builder.emit(.{ .global_addr = class_global_id }, ptr_void); + const class_val = self.builder.load(class_addr, ptr_void); + const cls_gep = self.builder.emit(.{ .struct_gep = .{ .base = super_alloca, .field_index = 1, .base_type = super_struct_ty } }, ptr_void); + self.builder.store(cls_gep, class_val); + + // sel_dealloc = sel_registerName("dealloc") + const sel_reg_fid = self.ensureCRuntimeDecl("sel_registerName", &.{ptr_void}, ptr_void); + const sel_str_gid = self.internStringConstantGlobal("dealloc"); + const sel_str_addr = self.builder.emit(.{ .global_addr = sel_str_gid }, ptr_void); + const sel_args = self.alloc.alloc(Ref, 1) catch return; + sel_args[0] = sel_str_addr; + const sel_dealloc = self.builder.emit(.{ .call = .{ .callee = sel_reg_fid, .args = sel_args } }, ptr_void); + + // objc_msgSendSuper2(&super, sel_dealloc) + const send_super_fid = self.ensureCRuntimeDecl("objc_msgSendSuper2", &.{ ptr_void, ptr_void }, .void); + const send_args = self.alloc.alloc(Ref, 2) catch return; + send_args[0] = super_alloca; + send_args[1] = sel_dealloc; + _ = self.builder.emit(.{ .call = .{ .callee = send_super_fid, .args = send_args } }, .void); + + self.builder.retVoid(); + self.builder.finalize(); + } + + /// Intern a C-string constant as a `[N:0]u8` global and return + /// its GlobalId. Used by IMP trampolines that need to pass a + /// literal string to runtime helpers (e.g. selector names). + fn internStringConstantGlobal(self: *Lowering, s: []const u8) inst_mod.GlobalId { + const z = self.alloc.allocSentinel(u8, s.len, 0) catch unreachable; + @memcpy(z[0..s.len], s); + const arr_ty = self.module.types.arrayOf(.u8, @intCast(s.len + 1)); + const slot_name = std.fmt.allocPrint(self.alloc, "__sx_objc_cstr_{s}", .{s}) catch unreachable; + const name_id = self.module.types.internString(slot_name); + if (self.lookupGlobalIdByName(slot_name)) |existing| { + self.alloc.free(z); + return existing; + } + var bytes_vec = std.ArrayList(inst_mod.ConstantValue).empty; + for (z[0 .. s.len + 1]) |b| { + bytes_vec.append(self.alloc, .{ .int = b }) catch unreachable; + } + const init_val: inst_mod.ConstantValue = .{ .aggregate = bytes_vec.toOwnedSlice(self.alloc) catch unreachable }; + return self.module.addGlobal(.{ + .name = name_id, + .ty = arr_ty, + .init_val = init_val, + .is_extern = false, + .is_const = true, + }); + } + /// Linear scan over module globals for a given name. Used for /// looking up the per-class ivar handle global from inside IMP /// trampoline emission. diff --git a/tests/expected/142-objc-class-method-lowering.ir b/tests/expected/142-objc-class-method-lowering.ir index 949936a..019e53b 100644 --- a/tests/expected/142-objc-class-method-lowering.ir +++ b/tests/expected/142-objc-class-method-lowering.ir @@ -3,7 +3,9 @@ @ARCH = internal global i64 0 @POINTER_SIZE = internal global i64 8 @__SxFoo_state_ivar = internal global ptr null +@__SxFoo_class = internal global ptr null @__sx_default_context = internal global { { ptr, ptr, ptr }, ptr } { { ptr, ptr, ptr } { ptr null, ptr @__thunk_CAllocator_Allocator_alloc, ptr @__thunk_CAllocator_Allocator_dealloc }, ptr null } +@__sx_objc_cstr_dealloc = internal global [8 x i8] c"dealloc\00" @str = private unnamed_addr constant [2 x i8] c"0\00", align 1 @str.1 = private unnamed_addr constant [15 x i8] c"result := \22\22; \00", align 1 @str.2 = private unnamed_addr constant [37 x i8] c"result = concat(result, substr(fmt, \00", align 1 @@ -29,8 +31,10 @@ @OBJC_CLASS_NAME_.19 = private unnamed_addr constant [6 x i8] c"SxFoo\00" @OBJC_METH_VAR_NAME_ = private unnamed_addr constant [5 x i8] c"bump\00" @OBJC_METH_VAR_TYPE_ = private unnamed_addr constant [4 x i8] c"v@:\00" -@OBJC_METH_VAR_NAME_.20 = private unnamed_addr constant [6 x i8] c"alloc\00" -@OBJC_METH_VAR_TYPE_.21 = private unnamed_addr constant [4 x i8] c"@@:\00" +@OBJC_METH_VAR_NAME_.20 = private unnamed_addr constant [8 x i8] c"dealloc\00" +@OBJC_METH_VAR_TYPE_.21 = private unnamed_addr constant [4 x i8] c"v@:\00" +@OBJC_METH_VAR_NAME_.22 = private unnamed_addr constant [6 x i8] c"alloc\00" +@OBJC_METH_VAR_TYPE_.23 = private unnamed_addr constant [4 x i8] c"@@:\00" @llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 65535, ptr @__sx_objc_defined_class_init, ptr null }] ; Function Attrs: nounwind @@ -805,6 +809,33 @@ declare ptr @class_createInstance(ptr, i64) #0 ; Function Attrs: nounwind declare void @object_setIvar(ptr, ptr, ptr) #0 +; Function Attrs: nounwind +define void @__SxFoo_dealloc_imp(ptr %0, ptr %1) #0 { +entry: + %load = load ptr, ptr @__SxFoo_state_ivar, align 8 + %call = call ptr @object_getIvar(ptr %0, ptr %load) + call void @free(ptr %call) + call void @object_setIvar(ptr %0, ptr %load, ptr null) + %alloca = alloca { ptr, ptr }, align 8 + %gep = getelementptr inbounds { ptr, ptr }, ptr %alloca, i32 0, i32 0 + store ptr %0, ptr %gep, align 8 + %loadN = load ptr, ptr @__SxFoo_class, align 8 + %gepN = getelementptr inbounds { ptr, ptr }, ptr %alloca, i32 0, i32 1 + store ptr %loadN, ptr %gepN, align 8 + %callN = call ptr @sel_registerName(ptr @__sx_objc_cstr_dealloc) + call void @objc_msgSendSuper2(ptr %alloca, ptr %callN) + ret void +} + +; Function Attrs: nounwind +declare ptr @object_getIvar(ptr, ptr) #0 + +; Function Attrs: nounwind +declare ptr @sel_registerName(ptr) #0 + +; Function Attrs: nounwind +declare void @objc_msgSendSuper2(ptr, ptr) #0 + ; Function Attrs: nounwind define void @__SxFoo_bump_imp(ptr %0, ptr %1) #0 { entry: @@ -814,9 +845,6 @@ entry: ret void } -; Function Attrs: nounwind -declare ptr @object_getIvar(ptr, ptr) #0 - declare i64 @write(i32, ptr, i64) declare ptr @objc_getClass(ptr) @@ -825,8 +853,6 @@ declare ptr @objc_allocateClassPair(ptr, ptr, i64) declare i8 @class_addIvar(ptr, ptr, i64, i8, ptr) -declare ptr @sel_registerName(ptr) - declare i8 @class_addMethod(ptr, ptr, ptr, ptr) declare void @objc_registerClassPair(ptr) @@ -841,9 +867,12 @@ entry: %sel = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_) %1 = call i8 @class_addMethod(ptr %cls, ptr %sel, ptr @__SxFoo_bump_imp, ptr @OBJC_METH_VAR_TYPE_) call void @objc_registerClassPair(ptr %cls) + store ptr %cls, ptr @__SxFoo_class, align 8 + %sel_dealloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.20) + %2 = call i8 @class_addMethod(ptr %cls, ptr %sel_dealloc, ptr @__SxFoo_dealloc_imp, ptr @OBJC_METH_VAR_TYPE_.21) %metacls = call ptr @object_getClass(ptr %cls) - %sel_alloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.20) - %2 = call i8 @class_addMethod(ptr %metacls, ptr %sel_alloc, ptr @__SxFoo_alloc_imp, ptr @OBJC_METH_VAR_TYPE_.21) + %sel_alloc = call ptr @sel_registerName(ptr @OBJC_METH_VAR_NAME_.22) + %3 = call i8 @class_addMethod(ptr %metacls, ptr %sel_alloc, ptr @__SxFoo_alloc_imp, ptr @OBJC_METH_VAR_TYPE_.23) %iv = call ptr @class_getInstanceVariable(ptr %cls, ptr @OBJC_IVAR_NAME_) store ptr %iv, ptr @__SxFoo_state_ivar, align 8 ret void diff --git a/tests/expected/147-objc-class-dealloc-roundtrip.exit b/tests/expected/147-objc-class-dealloc-roundtrip.exit new file mode 100644 index 0000000..573541a --- /dev/null +++ b/tests/expected/147-objc-class-dealloc-roundtrip.exit @@ -0,0 +1 @@ +0 diff --git a/tests/expected/147-objc-class-dealloc-roundtrip.txt b/tests/expected/147-objc-class-dealloc-roundtrip.txt new file mode 100644 index 0000000..4fe50aa --- /dev/null +++ b/tests/expected/147-objc-class-dealloc-roundtrip.txt @@ -0,0 +1 @@ +dealloc: ok