Sema: convert result location packed struct inits into aggregate inits

Vexu · Vexu · commit 6b1ad6ff4a7a · 2022-11-25T23:29:05.000+02:00
Initializing packed structs with result location is problematic since storing to a packed struct field pointer involves loading the field first which can cause loading uninitialized memory unless specifically zeroed first. Since packed structs are integer backed now using aggregate init makes more sense and avoids this issue. Closes ziglang#13480
diff --git a/src/Sema.zig b/src/Sema.zig
@@ -4258,6 +4258,72 @@ fn validateStructInit(
     }
     try sema.resolveStructLayout(struct_ty);
 
+    if (struct_ty.containerLayout() == .Packed) {
+        // Convert stores to ptr into an aggregate init.
+        const element_refs = try sema.arena.alloc(Air.Inst.Ref, struct_ty.structFieldCount());
+
+        var block_index = block.instructions.items.len - 1;
+        var field_ptr_count = instrs.len;
+        while (block_index > 0 and field_ptr_count > 0) : (block_index -= 1) {
+            const store_inst = block.instructions.items[block_index];
+            if (air_tags[store_inst] != .store) continue;
+            const store_index = block_index;
+            const bin_op = air_datas[store_inst].bin_op;
+            var lhs_index = Air.refToIndex(bin_op.lhs) orelse continue;
+            var bitcast_index: ?usize = null;
+            {
+                if (air_tags[lhs_index] == .bitcast) {
+                    const lhs = air_datas[lhs_index].ty_op.operand;
+                    lhs_index = Air.refToIndex(lhs).?;
+                    while (block_index > 0) : (block_index -= 1) {
+                        if (block.instructions.items[block_index] == lhs_index) {
+                            bitcast_index = block_index;
+                            break;
+                        }
+                    } else continue;
+                }
+            }
+            const index = switch (air_tags[lhs_index]) {
+                .struct_field_ptr_index_0 => 0,
+                .struct_field_ptr_index_1 => 1,
+                .struct_field_ptr_index_2 => 2,
+                .struct_field_ptr_index_3 => 3,
+                .struct_field_ptr => blk: {
+                    const ty_pl = air_datas[lhs_index].ty_pl;
+                    const struct_field = sema.getTmpAir().extraData(Air.StructField, ty_pl.payload).data;
+                    break :blk struct_field.field_index;
+                },
+                else => continue,
+            };
+            _ = block.instructions.orderedRemove(store_index);
+            block_index -= 1;
+            if (bitcast_index) |some| {
+                _ = block.instructions.orderedRemove(some);
+                block_index -= 1;
+            }
+            while (block_index > 0) : (block_index -= 1) {
+                if (block.instructions.items[block_index] == lhs_index) {
+                    _ = block.instructions.orderedRemove(block_index);
+                    block_index -= 1;
+                    break;
+                }
+            }
+            field_ptr_count -= 1;
+            element_refs[index] = bin_op.rhs;
+            continue;
+        }
+
+        for (found_fields) |field_ptr, i| {
+            if (field_ptr != 0) continue;
+
+            element_refs[i] = try sema.addConstant(struct_ty.structFieldType(i), field_values[i]);
+        }
+
+        const init = try block.addAggregateInit(struct_ty, element_refs);
+        try sema.storePtr2(block, init_src, struct_ptr, init_src, init, init_src, .store);
+        return;
+    }
+
     // Our task is to insert `store` instructions for all the default field values.
     for (found_fields) |field_ptr, i| {
         if (field_ptr != 0) continue;
diff --git a/test/behavior.zig b/test/behavior.zig
@@ -116,6 +116,7 @@ test {
     _ = @import("behavior/bugs/13171.zig");
     _ = @import("behavior/bugs/13285.zig");
     _ = @import("behavior/bugs/13435.zig");
+    _ = @import("behavior/bugs/13480.zig");
     _ = @import("behavior/byteswap.zig");
     _ = @import("behavior/byval_arg_var.zig");
     _ = @import("behavior/call.zig");
diff --git a/test/behavior/bugs/13480.zig b/test/behavior/bugs/13480.zig
@@ -0,0 +1,32 @@
+const builtin = @import("builtin");
+const std = @import("std");
+const expect = std.testing.expect;
+
+const BitSet = packed struct {
+    mask: u7,
+};
+fn smash() void {
+    var stack: [0x500]u8 = undefined;
+    @memset(&stack, 0xFF, stack.len);
+}
+fn stackUp() void {
+    var space: [0x100]u8 = undefined;
+    part2();
+    _ = space;
+}
+fn part2() void {
+    var a: u7 = 0b0001000;
+    var mask_a = BitSet{
+        .mask = a,
+    };
+    if (mask_a.mask != 0b0001000) unreachable;
+}
+test {
+    if (builtin.zig_backend == .stage2_wasm) return error.SkipZigTest; // TODO
+    if (builtin.zig_backend == .stage2_x86_64) return error.SkipZigTest; // TODO
+    if (builtin.zig_backend == .stage2_aarch64) return error.SkipZigTest; // TODO
+    if (builtin.zig_backend == .stage2_arm) return error.SkipZigTest; // TODO
+
+    smash();
+    stackUp();
+}
