about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorKartik Agaram <vc@akkartik.com>2020-03-22 12:11:49 -0700
committerKartik Agaram <vc@akkartik.com>2020-05-18 00:44:46 -0700
commit546a92985f7da2491077d641a2c118b4af7f6913 (patch)
tree1e6ab75543a3028e78c9454fbb6bd6b6a076e0ee
parent1f38b75e31d713fc72a9d29d360fe5ad66ba22fe (diff)
downloadmu-546a92985f7da2491077d641a2c118b4af7f6913.tar.gz
start migrating handles to fat pointers
CI will fail from this commit onward. Currently working:
  $ bootstrap translate init.linux 0[4-7]*.subx 080zero-out.subx -o a.elf  &&  ./a.elf test
  $ bootstrap run a.elf test
  $ chmod +x a.elf;  ./a.elf test

Plan: migrate functions that used to return handles to pass in a new arg
of type (addr handle). That's a bit of a weird type. There should be few
of these functions. (Open question: do we even want to expose this type
in the Mu language?)

Functions that just need to read from heap without modifying the handle
will receive `(addr T)` or `(handle T)` types as arguments.

As I sanitize each new file, I need to update signatures for any new functions
and add them to a list. I also need to update calls to any functions on
the list.
-rw-r--r--069allocate.subx84
-rw-r--r--070new-stream.subx29
-rw-r--r--072slice.subx31
-rw-r--r--mu-init.subx8
4 files changed, 116 insertions, 36 deletions
diff --git a/069allocate.subx b/069allocate.subx
index 3857ddb8..48d00a36 100644
--- a/069allocate.subx
+++ b/069allocate.subx
@@ -15,6 +15,9 @@
 # carve out chunks of memory and then allocate from them manually using this
 # very same 'allocate' helper. They just need a new allocation descriptor for
 # their book-keeping.
+#
+# Allocations are returned in a handle, which consists of an allocid and a payload.
+# The allocid helps detect use-after-free errors.
 
 == data
 
@@ -56,18 +59,24 @@ $array-equal-main:end:
 
 # Allocate and clear 'n' bytes of memory from an allocation-descriptor 'ad'.
 # Abort if there isn't enough memory in 'ad'.
-allocate:  # ad: (addr allocation-descriptor), n: int -> address-or-null/eax: (addr _)
+allocate:  # ad: (addr allocation-descriptor), n: int, out: (addr handle)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
-    # eax = allocate-raw(ad, n)
+    # . save registers
+    50/push-eax
+    # allocate-raw(ad, n, out)
     # . . push args
+    ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0x10/disp8      .                 # push *(ebp+16)
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0xc/disp8       .                 # push *(ebp+12)
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           8/disp8         .                 # push *(ebp+8)
     # . . call
     e8/call  allocate-raw/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = out->payload
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           0/r32/eax   0x10/disp8      .                 # copy *(ebp+16) to eax
+    8b/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           0/r32/eax   4/disp8         .                 # copy *(eax+4) to eax
     # zero-out(eax, n)
     # . . push args
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0xc/disp8       .                 # push *(ebp+12)
@@ -77,6 +86,8 @@ allocate:  # ad: (addr allocation-descriptor), n: int -> address-or-null/eax: (a
     # . . discard args
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
 $allocate:end:
+    # . restore registers
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
@@ -84,30 +95,39 @@ $allocate:end:
 
 # Claim the next 'n' bytes of memory starting at ad->curr and update ad->curr.
 # Abort if there isn't enough memory in 'ad'.
-allocate-raw:  # ad: (addr allocation-descriptor), n: int -> address-or-null/eax: (addr _)
+allocate-raw:  # ad: (addr allocation-descriptor), n: int, out: (addr handle)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
     # . save registers
+    50/push-eax
     51/push-ecx
     52/push-edx
+    53/push-ebx
     # ecx = ad
     8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           1/r32/ecx   8/disp8         .                 # copy *(ebp+8) to ecx
-    # save ad->curr
+    # edx = out
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           2/r32/edx   0x10/disp8      .                 # copy *(ebp+16) to edx
+    # ebx = n
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           3/r32/ebx   0xc/disp8       .                 # copy *(ebp+12) to ebx
+    # out->allocid = 0
+    c7          0/subop/copy        0/mod/direct    2/rm32/edx    .           .             .           .           .               0/imm32           # copy to *edx
+    # out->payload = ad->curr
     8b/copy                         0/mod/indirect  1/rm32/ecx    .           .             .           0/r32/eax   .               .                 # copy *ecx to eax
+    89/copy                         1/mod/*+disp8   2/rm32/edx    .           .             .           0/r32/eax   4/disp8         .                 # copy eax to *(edx+4)
     # check if there's enough space
-    # . edx = ad->curr + n
-    89/copy                         3/mod/direct    2/rm32/edx    .           .             .           0/r32/eax   .               .                 # copy eax to edx
-    03/add                          1/mod/*+disp8   5/rm32/ebp    .           .             .           2/r32/edx   0xc/disp8       .                 # add *(ebp+12) to edx
-    3b/compare                      1/mod/*+disp8   1/rm32/ecx    .           .             .           2/r32/edx   4/disp8         .                 # compare edx with *(ecx+4)
+    8d/copy-address                 1/mod/*+disp8   4/rm32/sib    0/base/eax  3/index/ebx   .           0/r32/eax   4/disp8         .                 # copy eax+ebx+4 to eax
+    3b/compare                      1/mod/*+disp8   1/rm32/ecx    .           .             .           0/r32/eax   4/disp8         .                 # compare eax with *(ecx+4)
     73/jump-if->=-signed  $allocate-raw:abort/disp8
 $allocate-raw:commit:
     # update ad->curr
-    89/copy                         0/mod/indirect  1/rm32/ecx    .           .             .           2/r32/edx   .               .                 # copy edx to *ecx
+    89/copy                         0/mod/indirect  1/rm32/ecx    .           .             .           0/r32/eax   .               .                 # copy eax to *ecx
 $allocate-raw:end:
     # . restore registers
+    5b/pop-to-ebx
     5a/pop-to-edx
     59/pop-to-ecx
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
@@ -132,18 +152,25 @@ test-allocate-raw-success:
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
-    # var ad/ecx: allocation-descriptor = {11, 15}
-    68/push  0xf/imm32/limit
+    # var ad/ecx: allocation-descriptor = {11, 32}
+    68/push  0x20/imm32/limit
     68/push  0xb/imm32/curr
     89/copy                         3/mod/direct    1/rm32/ecx    .           .             .           4/r32/esp   .               .                 # copy esp to ecx
-    # var eax: (handle byte) = allocate-raw(ad, 3)
+    # var h/edx: handle = {0, 0}
+    68/push  0/imm32
+    68/push  0/imm32
+    89/copy                         3/mod/direct    2/rm32/edx    .           .             .           4/r32/esp   .               .                 # copy esp to edx
+    # allocate-raw(ad, 3, h)
     # . . push args
+    52/push-edx
     68/push  3/imm32
     51/push-ecx
     # . . call
     e8/call  allocate-raw/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = h->payload
+    8b/copy                         1/mod/*+disp8   2/rm32/edx    .           .             .           0/r32/eax   4/disp8         .                 # copy *(edx+4) to eax
     # check-ints-equal(eax, 11, msg)
     # . . push args
     68/push  "F - test-allocate-raw-success: returns current pointer of allocation descriptor"/imm32
@@ -153,10 +180,10 @@ test-allocate-raw-success:
     e8/call  check-ints-equal/disp32
     # . . discard args
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
-    # check-ints-equal(ad->curr, 14, msg)
+    # check-ints-equal(ad->curr, 18, msg)
     # . . push args
     68/push  "F - test-allocate-raw-success: updates allocation descriptor"/imm32
-    68/push  0xe/imm32
+    68/push  0x12/imm32
     ff          6/subop/push        0/mod/indirect  1/rm32/ecx    .           .             .           .           .               .                 # push *ecx
     # . . call
     e8/call  check-ints-equal/disp32
@@ -208,20 +235,25 @@ _pending-test-allocate-raw-failure:
     c3/return
 
 # helper: create a nested allocation descriptor (useful for tests)
-allocate-region:  # ad: (addr allocation-descriptor), n: int -> new-ad: (handle allocation-descriptor)
+allocate-region:  # ad: (addr allocation-descriptor), n: int, out: (addr handle allocation-descriptor)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
     # . save registers
+    50/push-eax
     51/push-ecx
-    # eax = allocate(ad, n)
+    # allocate(ad, n, out)
     # . . push args
+    ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0x10/disp8      .                 # push *(ebp+16)
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0xc/disp8       .                 # push *(ebp+12)
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           8/disp8         .                 # push *(ebp+8)
     # . . call
     e8/call  allocate/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = out->payload
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           0/r32/eax   0x10/disp8      .                 # copy *(ebp+16) to eax
+    8b/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           0/r32/eax   4/disp8         .                 # copy *(eax+4) to eax
     # if (eax == 0) abort
     3d/compare-eax-and  0/imm32
     74/jump-if-=  $allocate-region:abort/disp8
@@ -236,6 +268,7 @@ allocate-region:  # ad: (addr allocation-descriptor), n: int -> new-ad: (handle
     89/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           1/r32/ecx   4/disp8         .                 # copy ecx to *(eax+4)
     # . restore registers
     59/pop-to-ecx
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
@@ -264,31 +297,36 @@ $allocate-region:abort:
 
 # Claim the next 'n+4' bytes of memory and initialize the first 4 to n.
 # Abort if there isn't enough memory in 'ad'.
-allocate-array:  # ad: (addr allocation-descriptor), n: int -> result/eax: (addr _)
+allocate-array:  # ad: (addr allocation-descriptor), n: int, out: (addr handle)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
     # . save registers
+    50/push-eax
     51/push-ecx
     52/push-edx
     # ecx = n
     8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           1/r32/ecx   0xc/disp8       .                 # copy *(ebp+12) to ecx
     # var size/edx: int = n+4
     8d/copy-address                 1/mod/*+disp8   1/rm32/ecx    .           .             .           2/r32/edx   4/disp8         .                 # copy ecx+4 to edx
-    # result = allocate(ad, size)
+    # allocate(ad, size, out)
     # . . push args
+    ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0x10/disp8      .                 # push *(ebp+16)
     52/push-edx
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           8/disp8         .                 # push *(ebp+8)
     # . . call
     e8/call  allocate/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
-    # *result = n
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # *out->payload = n
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           0/r32/eax   0x10/disp8      .                 # copy *(ebp+16) to eax
+    8b/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           0/r32/eax   4/disp8         .                 # copy *(eax+4) to eax
     89/copy                         0/mod/indirect  0/rm32/eax    .           .             .           1/r32/ecx   .               .                 # copy ecx to *eax
 $allocate-array:end:
     # . restore registers
     5a/pop-to-edx
     59/pop-to-ecx
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
diff --git a/070new-stream.subx b/070new-stream.subx
index 5474175b..b4326096 100644
--- a/070new-stream.subx
+++ b/070new-stream.subx
@@ -5,11 +5,12 @@
 # . op          subop               mod             rm32          base        index         scale       r32
 # . 1-3 bytes   3 bits              2 bits          3 bits        3 bits      3 bits        2 bits      2 bits      0/1/2/4 bytes   0/1/2/4 bytes
 
-new-stream:  # ad: (addr allocation-descriptor), length: int, elemsize: int -> address/eax: (handle stream _)
+new-stream:  # ad: (addr allocation-descriptor), length: int, elemsize: int, out: (handle stream _)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
     # . save registers
+    50/push-eax
     52/push-edx
     # var n/eax: int = elemsize * length + 12 (for read, write and size)
     # . eax = elemsize
@@ -24,14 +25,20 @@ new-stream:  # ad: (addr allocation-descriptor), length: int, elemsize: int -> a
     89/copy                         3/mod/direct    2/rm32/edx    .           .             .           0/r32/eax   .               .                 # copy eax to edx
     # . eax += 12
     05/add-to-eax  0xc/imm32
-    # var eax: (handle stream _) = allocate(ad, n)
+    # allocate(ad, n, out)
     # . . push args
+    ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0x14/disp8      .                 # push *(ebp+20)
     50/push-eax
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           8/disp8         .                 # push *(ebp+8)
     # . . call
     e8/call  allocate/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = out->payload
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           0/r32/eax   0x14/disp8      .                 # copy *(ebp+20) to eax
+    8b/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           0/r32/eax   4/disp8         .                 # copy *(eax+4) to eax
+    # skip payload->allocid
+    05/add-to-eax  4/imm32
     # eax->size = elemsize*length
     89/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           2/r32/edx   8/disp8         .                 # copy edx to *(eax+8)
     # clear-stream(eax)
@@ -44,6 +51,7 @@ new-stream:  # ad: (addr allocation-descriptor), length: int, elemsize: int -> a
 $new-stream:end:
     # . restore registers
     5a/pop-to-edx
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
@@ -82,15 +90,22 @@ test-new-stream:
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
     # var start/edx = ad->curr
     8b/copy                         0/mod/indirect  1/rm32/ecx    .           .             .           2/r32/edx   .               .                 # copy *ecx to edx
-    # var eax: (handle stream byte) = new-stream(heap, 3, 2)
+    # var h/ebx: (handle stream byte)
+    68/push  0/imm32
+    68/push  0/imm32
+    89/copy                         3/mod/direct    3/rm32/ebx    .           .             .           4/r32/esp   .               .                 # copy esp to ebx
+    # new-stream(heap, 3, 2, h)
     # . . push args
+    53/push-ebx
     68/push  2/imm32
     68/push  3/imm32
     51/push-ecx
     # . . call
     e8/call  new-stream/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0x10/imm32        # add to esp
+    # eax = out->payload
+    8b/copy                         1/mod/*+disp8   3/rm32/ebx    .           .             .           0/r32/eax   4/disp8         .                 # copy *(ebx+4) to eax
     # check-ints-equal(eax, edx, msg)
     # . . push args
     68/push  "F - test-new-stream: returns current pointer of allocation descriptor"/imm32
@@ -100,6 +115,8 @@ test-new-stream:
     e8/call  check-ints-equal/disp32
     # . . discard args
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # skip payload->allocid
+    05/add-to-eax  4/imm32
     # check-ints-equal(eax->size, 6, msg)
     # . . push args
     68/push  "F - test-new-stream: sets size correctly"/imm32
@@ -110,6 +127,8 @@ test-new-stream:
     # . . discard args
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
     # the rest is delegated to clear-stream() so we won't bother checking it
+    # . reclaim locals
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0x10/imm32        # add to esp
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
diff --git a/072slice.subx b/072slice.subx
index 39820594..cfe519b7 100644
--- a/072slice.subx
+++ b/072slice.subx
@@ -1041,11 +1041,12 @@ test-write-slice-buffered:
     c3/return
 
 # copy a slice into a new (dynamically allocated) string
-slice-to-string:  # ad: (addr allocation-descriptor), in: (addr slice) -> out/eax: (addr array byte)
+slice-to-string:  # ad: (addr allocation-descriptor), in: (addr slice), out: (handle array byte)
     # . prologue
     55/push-ebp
     89/copy                         3/mod/direct    5/rm32/ebp    .           .             .           4/r32/esp   .               .                 # copy esp to ebp
     # . save registers
+    50/push-eax
     51/push-ecx
     52/push-edx
     53/push-ebx
@@ -1060,14 +1061,20 @@ slice-to-string:  # ad: (addr allocation-descriptor), in: (addr slice) -> out/ea
     89/copy                         3/mod/direct    1/rm32/ecx    .           .             .           3/r32/ebx   .               .                 # copy ebx to ecx
     29/subtract                     3/mod/direct    1/rm32/ecx    .           .             .           2/r32/edx   .               .                 # subtract edx from ecx
     81          0/subop/add         3/mod/direct    1/rm32/ecx    .           .             .           .           .               4/imm32           # add to ecx
-    # var out/eax: (handle array byte) = allocate(ad, size)
+    # allocate(ad, size, out)
     # . . push args
+    ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           0x10/disp8      .                 # push *(ebp+16)
     51/push-ecx
     ff          6/subop/push        1/mod/*+disp8   5/rm32/ebp    .           .             .           .           8/disp8         .                 # push *(ebp+8)
     # . . call
     e8/call  allocate/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = out->payload
+    8b/copy                         1/mod/*+disp8   5/rm32/ebp    .           .             .           0/r32/eax   0x10/disp8      .                 # copy *(ebp+16) to eax
+    8b/copy                         1/mod/*+disp8   0/rm32/eax    .           .             .           0/r32/eax   4/disp8         .                 # copy *(eax+4) to eax
+    # skip payload->allocid
+    05/add-to-eax  4/imm32
     # if (eax == 0) abort
     3d/compare-eax-and  0/imm32
     74/jump-if-=  $slice-to-string:abort/disp8
@@ -1099,6 +1106,7 @@ $slice-to-string:end:
     5b/pop-to-ebx
     5a/pop-to-edx
     59/pop-to-ecx
+    58/pop-to-eax
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
@@ -1144,15 +1152,24 @@ test-slice-to-string:
     51/push-ecx
     50/push-eax
     89/copy                         3/mod/direct    1/rm32/ecx    .           .             .           4/r32/esp   .               .                 # copy esp to ecx
-    # eax = slice-to-string(heap, slice)
+    # var h/ebx: (handle array byte)
+    68/push  0/imm32
+    68/push  0/imm32
+    89/copy                         3/mod/direct    3/rm32/ebx    .           .             .           4/r32/esp   .               .                 # copy esp to ebx
+    # slice-to-string(heap, slice, h)
     # . . push args
+    53/push-ebx
     51/push-ecx
     52/push-edx
     # . . call
     e8/call  slice-to-string/disp32
     # . . discard args
-    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               8/imm32           # add to esp
-#?     # dump word-slice {{{
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # eax = h->payload
+    8b/copy                         1/mod/*+disp8   3/rm32/ebx    .           .             .           0/r32/eax   4/disp8         .                 # copy *(ebx+4) to eax
+    # skip payload->allocid
+    05/add-to-eax  4/imm32
+#?     # dump eax {{{
 #?     # . write(2/stderr, "AA: ")
 #?     # . . push args
 #?     68/push  "AA: "/imm32
@@ -1195,6 +1212,8 @@ test-slice-to-string:
     e8/call  check-ints-equal/disp32
     # . . discard args
     81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0xc/imm32         # add to esp
+    # . reclaim locals
+    81          0/subop/add         3/mod/direct    4/rm32/esp    .           .             .           .           .               0x18/imm32        # add to esp
     # . epilogue
     89/copy                         3/mod/direct    4/rm32/esp    .           .             .           5/r32/ebp   .               .                 # copy ebp to esp
     5d/pop-to-ebp
diff --git a/mu-init.subx b/mu-init.subx
index 2377822e..74d90b7a 100644
--- a/mu-init.subx
+++ b/mu-init.subx
@@ -27,9 +27,13 @@ $Entry:initialize-args:
     8b/-> *esi 2/r32/edx
     # argc is in words; convert it to bytes
     c1/shift 4/subop/left %edx 2/imm8
+    # var tmp/eax: handle
+    68/push 0/imm32
+    68/push 0/imm32
+    89/<- %eax 4/r32/esp
     # var args/edi: (addr array (addr array byte))
-    (allocate-array Heap %edx)  # => eax
-    89/<- %edi 0/r32/eax
+    (allocate-array Heap %edx %eax)
+    8b/-> *(eax+4) 7/r32/edi
     # var curr/ecx: (addr kernel-string) = argv
     8d/copy-address *(esi+4) 1/r32/ecx
     # var max/edx: (addr kernel-string) = argv+4+argc