6b7a66ba4d
Follow-up to issue-0045's fix (commit 9e78790). The fix routes
inline-comptime-body `return X;` into a result slot but sets
`block_terminated = true` after the inline return — and that
flag leaks past the enclosing `if`'s merge block.
Body shape:
maybe :: (..$args) -> s64 {
if args.len > 0 { return 42; }
return -1;
}
For `maybe()` (zero call-args), the false-condition path skips
the then-branch's `return 42;` and should fall through to
`return -1;`. Today's flow:
- Then-branch's `return 42;` stores 42 to slot and sets
block_terminated = true.
- if lowering switches to merge_bb. block_terminated stays
true (never reset across the if/merge boundary).
- lowerBlockValue's loop sees block_terminated and returns
null without processing the trailing `return -1;`.
- lowerComptimeCall loads slot — slot was never written on
the false-condition path → garbage (8354116000 on this
machine; stable across runs).
`maybe(99)` works because the cond is true; the then-branch's
store wins.
Next commit reshapes the inline-return mechanism to use a
dedicated "return-done" basic block: each inline `return X;`
stores to slot and branches to ret_done; after the body
lowers, lowerComptimeCall switches to ret_done and loads. The
basic block CFG carries the control-flow termination — no
need for the leaking `block_terminated` flag.
196/196 example tests + `zig build test` green (the new test
captures the wrong value as the snapshot to flip).
40 lines
1.4 KiB
Plaintext
40 lines
1.4 KiB
Plaintext
// Variadic heterogeneous type packs — control-flow follow-up to
|
|
// issue-0045 fix (commit 9e78790).
|
|
//
|
|
// issue-0045's fix routes inline-comptime-body `return X;` into a
|
|
// result slot so the caller's basic block isn't terminated
|
|
// mid-flight. But the fix sets `block_terminated = true` after
|
|
// the inline return — which leaks PAST the enclosing `if`'s
|
|
// merge block. When the body shape is
|
|
// if cond { return X; }
|
|
// return Y;
|
|
// only the then-branch's `return X;` runs; `block_terminated`
|
|
// stays true in the merge block, so `lowerBlockValue`'s loop
|
|
// exits before the trailing `return Y;` lowers. The trailing
|
|
// return never stores into the slot — for the false-condition
|
|
// path the load reads uninitialised stack memory.
|
|
//
|
|
// Pack-fn `..$args` is the shortest repro because `args.len`
|
|
// gives a comptime-feeling test for the condition. The bug is
|
|
// actually shape-agnostic — any comptime body with `if cond
|
|
// { return X; }; return Y;` regresses the same way.
|
|
//
|
|
// `maybe()` with zero call-args takes the false branch and
|
|
// should fall through to `return -1;`. Today it loads garbage
|
|
// from the uninitialised slot.
|
|
|
|
#import "modules/std.sx";
|
|
|
|
maybe :: (..$args) -> s64 {
|
|
if args.len > 0 {
|
|
return 42;
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
main :: () -> s32 {
|
|
print("{}\n", maybe()); // expect -1
|
|
print("{}\n", maybe(99)); // expect 42
|
|
return 0;
|
|
}
|