Suspicious call to destructor

[Try]

https://github.com/lmichaelis/phoenix/blob/87235e137823460bebf2769a51fd6665ce3856ed/source/vm.cc#L266-L270

Found this while debugging "Chronicles of Myrthana" mod.
Relevant piece of code: https://github.com/lmichaelis/tcom-decompilation/blob/c993234e0fd8520401491674c8ababe461859d09/Source/Raw/526.d

func int SPELL_TELEKINESIS_FOCUS_REMOVER() {
    NPC = HLP_GETNPC(0x71b); // returns null. This is query for PC_HERE, but PC_HERE is not yet initialized
    NPC.FOCUS_VOB = 0; // invalid access, causing explicit destructor call 
    STAGE = 0;
    return FALSE;
}

Shortly after executing opcode::movi VM crashes with memory error.

[lmichaelis]

Hi, thanks for the report. Looks like I missed that additional -- which is probably the incorrect part about this. I'll double-check tomorrow.

If you want to try to fix it right now, you can try swapping the -- to postfix instead of prefix. Not 100% sure that's the fix but it's worth a shot.

[Try]

Hm, I've just commented the code - work fine. Again I'm not completely sure of the intent there, yet to me it look:

case opcode::movvf: {
	auto [ref, idx, context] = pop_reference(); // daedalus_stack_frame is deallocated here already

	if (!ref->is_member() || context != nullptr ||
		!(_m_flags & execution_flag::vm_allow_null_instance_access)) {
		// set and nothing else - fine
		ref->set_int(pop_int(), idx, context);
	} else if (ref->is_member()) {
		// should be nop?
	}

	break;
}

[lmichaelis]

There are two frames at play here, since it's a movvf ("move function reference into variable"). First, there is the variable being moved into, and then there is the value being assigned (notice the pop_int()). This is why, if the check fails (so if the variable is a member, not instance is set and the VM does allow null-instance access), we need to destroy the next stack frame which should be at _m_stack[_m_stack_ptr].

[lmichaelis]

Added fixes on main.

[Try]

Verified - fix works. Thanks!