Fix false scalarization on variadic call

lorettayao · lorettayao · commit 0376c58ca08c · 2025-11-19T09:22:43.000+08:00
Make scalarize_array_literal read using the literal’s element size while still allowing callers to pick a result type.

Stop collapsing variadic call arguments or pointer arithmetic operands just because the other side is an integer, so array literals decay to pointers when required.

Treat literal+literal arithmetic as a scalar sum of first elements to keep the historical behavior while still honoring pointer math when a real pointer participates
diff --git a/src/parser.c b/src/parser.c
@@ -1333,6 +1333,12 @@ bool is_array_literal_placeholder(var_t *var)
            var->var_name[0] == '.';
 }
 
+bool is_pointer_like_value(var_t *var)
+{
+    return var && (var->ptr_level || var->array_size ||
+                   (var->type && var->type->ptr_level > 0));
+}
+
 var_t *scalarize_array_literal(block_t *parent,
                                basic_block_t **bb,
                                var_t *array_var,
@@ -1341,20 +1347,21 @@ var_t *scalarize_array_literal(block_t *parent,
     if (!is_array_literal_placeholder(array_var))
         return array_var;
 
-    type_t *elem_type = hint_type ? hint_type : array_var->type;
-    if (!elem_type)
-        elem_type = TY_int;
+    type_t *literal_type = array_var->type ? array_var->type : TY_int;
+    int literal_size = literal_type->size;
+    if (literal_size <= 0)
+        literal_size = TY_int->size;
 
-    int elem_size = elem_type->size;
-    if (elem_size <= 0)
-        elem_size = TY_int->size;
+    type_t *result_type = hint_type ? hint_type : literal_type;
+    if (!result_type)
+        result_type = TY_int;
 
-    var_t *scalar = require_typed_var(parent, elem_type);
+    var_t *scalar = require_typed_var(parent, result_type);
     scalar->ptr_level = 0;
     gen_name_to(scalar->var_name);
     scalar->init_val = array_var->init_val;
 
-    add_insn(parent, *bb, OP_read, scalar, array_var, NULL, elem_size, NULL);
+    add_insn(parent, *bb, OP_read, scalar, array_var, NULL, literal_size, NULL);
 
     return scalar;
 }
@@ -1656,8 +1663,6 @@ void read_func_parameters(func_t *func, block_t *parent, basic_block_t **bb)
                 if (!target->ptr_level && !target->array_size)
                     param = scalarize_array_literal(parent, bb, param,
                                                     target->type);
-            } else if (func->va_args) {
-                param = scalarize_array_literal(parent, bb, param, TY_int);
             }
         }
         /* Handle parameter type conversion for direct calls.
@@ -2565,20 +2570,14 @@ void handle_pointer_arithmetic(block_t *parent,
         }
 
         /* Check if both have ptr_level or typedef pointer type */
-        bool rs1_is_ptr = (orig_rs1->ptr_level > 0) ||
-                          (orig_rs1->type && orig_rs1->type->ptr_level > 0);
-        bool rs2_is_ptr = (orig_rs2->ptr_level > 0) ||
-                          (orig_rs2->type && orig_rs2->type->ptr_level > 0);
+        bool rs1_is_ptr = is_pointer_like_value(orig_rs1);
+        bool rs2_is_ptr = is_pointer_like_value(orig_rs2);
 
         /* If variable lookup failed, check the passed variables directly */
-        if (!rs1_is_ptr) {
-            rs1_is_ptr =
-                (rs1->ptr_level > 0) || (rs1->type && rs1->type->ptr_level > 0);
-        }
-        if (!rs2_is_ptr) {
-            rs2_is_ptr =
-                (rs2->ptr_level > 0) || (rs2->type && rs2->type->ptr_level > 0);
-        }
+        if (!rs1_is_ptr)
+            rs1_is_ptr = is_pointer_like_value(rs1);
+        if (!rs2_is_ptr)
+            rs2_is_ptr = is_pointer_like_value(rs2);
 
         if (rs1_is_ptr && rs2_is_ptr) {
             /* Both are pointers - this is pointer difference */
@@ -2657,11 +2656,11 @@ void handle_pointer_arithmetic(block_t *parent,
         }
     }
     /* Determine which operand is the pointer for regular pointer arithmetic */
-    if (rs1->ptr_level || (rs1->type && rs1->type->ptr_level > 0)) {
+    if (is_pointer_like_value(rs1)) {
         ptr_var = rs1;
         int_var = rs2;
         element_size = get_pointer_element_size(rs1);
-    } else if (rs2->ptr_level || (rs2->type && rs2->type->ptr_level > 0)) {
+    } else if (is_pointer_like_value(rs2)) {
         /* Only for addition (p + n == n + p) */
         if (op == OP_add) {
             ptr_var = rs2;
@@ -2708,8 +2707,7 @@ bool is_pointer_operation(opcode_t op, var_t *rs1, var_t *rs2)
     if (op != OP_add && op != OP_sub)
         return false;
 
-    return (rs1->ptr_level || (rs1->type && rs1->type->ptr_level > 0) ||
-            rs2->ptr_level || (rs2->type && rs2->type->ptr_level > 0));
+    return is_pointer_like_value(rs1) || is_pointer_like_value(rs2);
 }
 
 /* Helper function to check if a variable is a pointer based on its declaration
@@ -2902,22 +2900,31 @@ void read_expr(block_t *parent, basic_block_t **bb)
         rs2 = opstack_pop();
         rs1 = opstack_pop();
 
+        bool rs1_is_placeholder = is_array_literal_placeholder(rs1);
+        bool rs2_is_placeholder = is_array_literal_placeholder(rs2);
+        bool rs1_is_ptr_like = is_pointer_like_value(rs1);
+        bool rs2_is_ptr_like = is_pointer_like_value(rs2);
+        bool pointer_context = (rs1_is_ptr_like && !rs1_is_placeholder) ||
+                               (rs2_is_ptr_like && !rs2_is_placeholder);
+
         /* Pointer arithmetic handling */
-        if (is_pointer_operation(top_op, rs1, rs2)) {
+        if (pointer_context && is_pointer_operation(top_op, rs1, rs2)) {
             handle_pointer_arithmetic(parent, bb, top_op, rs1, rs2);
             continue; /* skip normal processing */
         }
 
-        bool rs1_is_ptr_like = rs1 && (rs1->ptr_level || rs1->array_size);
-        bool rs2_is_ptr_like = rs2 && (rs2->ptr_level || rs2->array_size);
-
-        if (is_array_literal_placeholder(rs1) && !rs2_is_ptr_like)
-            rs1 = scalarize_array_literal(parent, bb, rs1,
-                                          rs2 && rs2->type ? rs2->type : NULL);
+        if (rs1_is_placeholder && rs2_is_placeholder) {
+            rs1 = scalarize_array_literal(parent, bb, rs1, NULL);
+            rs2 = scalarize_array_literal(parent, bb, rs2, NULL);
+        } else {
+            if (rs1_is_placeholder && !rs2_is_ptr_like)
+                rs1 = scalarize_array_literal(
+                    parent, bb, rs1, rs2 && rs2->type ? rs2->type : NULL);
 
-        if (is_array_literal_placeholder(rs2) && !rs1_is_ptr_like)
-            rs2 = scalarize_array_literal(parent, bb, rs2,
-                                          rs1 && rs1->type ? rs1->type : NULL);
+            if (rs2_is_placeholder && !rs1_is_ptr_like)
+                rs2 = scalarize_array_literal(
+                    parent, bb, rs2, rs1 && rs1->type ? rs1->type : NULL);
+        }
         /* Constant folding for binary operations */
         if (rs1 && rs2 && rs1->init_val && !rs1->ptr_level && !rs1->is_global &&
             rs2->init_val && !rs2->ptr_level && !rs2->is_global) {
