[Tarantool-patches] [PATCH luajit v2] core: fix cur_L restoration on error throw

Sergey Kaplun skaplun at tarantool.org
Wed Aug 18 11:49:55 MSK 2021 

Implement cur_L restoration only for arm64 architecture, due to FreeBSD
issue.

Branch: https://github.com/tarantool/luajit/tree/skaplun/gh-6189-curL-v2
Issues:
* https://github.com/tarantool/tarantool/issues/6189
* https://github.com/tarantool/tarantool/issues/6323
* https://github.com/tarantool/tarantool/issues/1516

Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-6189-curL-v2

Enable test-run tests on arm64, Odroid with bump to show their
coverage.

P.S. this problem is JIT-related, however, when I turn on `jit.dump()`
in CI [1], it is disappeared :(. Also, can't reproduce it inside
sh4/sh8 VM, test fails only in the CI. Red test-run.py suite due to
fiber.top issue, see also [2].

I suppose it would be nice to have a FreeBSD test machine like we have
for M1 and Odroid. It may be helpful to research the console issue [3]
too.

===================================================================
commit 0f555bf79fefa1016849577500aec52719378ca5
Author: Sergey Kaplun <skaplun at tarantool.org>
Date:   Sun Aug 15 15:47:13 2021 +0300

arm64: fix cur_L restoration on error throw

This change is a kind of follow-up of commits
ed412cd9f55fe87fd32a69c86e1732690fc5c1b0 ('Update cur_L on exceptional
path') and 97699d9ee2467389b6aea21a098e38aff3469b5f ('Fix cur_L tracking
on exceptional path').

When an error is thrown on the coroutine that is not the one being
currently executed, `cur_L` is not set up. Hence, when the running trace
exits at assertion guard right after the error is caught, Lua state is
restored from the incorrect `cur_L`. As a result the resulting stack is
inconsistent and the crash occurs.

Aforementioned patches fix the behaviour only for x86/x64 architectures.
This patch updates the `cur_L` for arm64 architecture too.

Nevertheless, throwing an error at non-currently executed coroutine is a
violation of Lua/C API. So, in the nearest possible future this patch
should be replaced within the corresponding assert in `lj_err_throw()`.

Resolves tarantool/tarantool#6189
Relates to tarantool/tarantool#6323
Follows up tarantool/tarantool#1516

diff --git a/src/vm_arm64.dasc b/src/vm_arm64.dasc
index 6e298255..2abf17fc 100644
--- a/src/vm_arm64.dasc
+++ b/src/vm_arm64.dasc
@@ -394,6 +394,7 @@ static void build_subroutines(BuildCtx *ctx)
   |   mv_vmstate TMP0w, CFUNC
   |  ldr GL, L->glref
   |   st_vmstate TMP0w
+  |  str L, GL->cur_L
   |  b ->vm_leave_unw
   |
   |->vm_unwind_ff:			// Unwind C stack, return from ff pcall.
@@ -409,6 +410,7 @@ static void build_subroutines(BuildCtx *ctx)
   |   ldr GL, L->glref			// Setup pointer to global state.
   |    mov_false TMP0
   |  sub RA, BASE, #8			// Results start at BASE-8.
+  |   str L, GL->cur_L
   |  ldr PC, [BASE, FRAME_PC]		// Fetch PC of previous frame.
   |    str TMP0, [BASE, #-8]		// Prepend false to error message.
   |   st_vmstate ST_INTERP
diff --git a/test/tarantool-tests/CMakeLists.txt b/test/tarantool-tests/CMakeLists.txt
index 2fdb4d1f..df74a277 100644
--- a/test/tarantool-tests/CMakeLists.txt
+++ b/test/tarantool-tests/CMakeLists.txt
@@ -57,6 +57,7 @@ macro(BuildTestCLib lib sources)
 endmacro()
 
 add_subdirectory(gh-4427-ffi-sandwich)
+add_subdirectory(gh-6189-cur_L)
 add_subdirectory(lj-flush-on-trace)
 add_subdirectory(misclib-getmetrics-capi)
 
diff --git a/test/tarantool-tests/gh-6189-cur_L.test.lua b/test/tarantool-tests/gh-6189-cur_L.test.lua
new file mode 100644
index 00000000..8521af9a
--- /dev/null
+++ b/test/tarantool-tests/gh-6189-cur_L.test.lua
@@ -0,0 +1,25 @@
+local libcur_L = require('libcur_L')
+local tap = require('tap')
+
+local test = tap.test('gh-6189-cur_L')
+test:plan(1)
+
+local function cbool(cond)
+  if cond then
+    return 1
+  else
+    return 0
+  end
+end
+
+-- Compile function to trace with snapshot.
+jit.opt.start('hotloop=1')
+cbool(true)
+cbool(true)
+
+pcall(libcur_L.error_from_other_thread)
+-- Call with restoration from a snapshot with wrong cur_L.
+cbool(false)
+
+test:ok(true)
+os.exit(test:check() and 0 or 1)
diff --git a/test/tarantool-tests/gh-6189-cur_L/CMakeLists.txt b/test/tarantool-tests/gh-6189-cur_L/CMakeLists.txt
new file mode 100644
index 00000000..1e58e560
--- /dev/null
+++ b/test/tarantool-tests/gh-6189-cur_L/CMakeLists.txt
@@ -0,0 +1 @@
+BuildTestCLib(libcur_L libcur_L.c)
diff --git a/test/tarantool-tests/gh-6189-cur_L/libcur_L.c b/test/tarantool-tests/gh-6189-cur_L/libcur_L.c
new file mode 100644
index 00000000..2d58d2e7
--- /dev/null
+++ b/test/tarantool-tests/gh-6189-cur_L/libcur_L.c
@@ -0,0 +1,36 @@
+#include <lua.h>
+#include <lauxlib.h>
+
+static lua_State *old_L = NULL;
+
+int throw_error_at_old_thread(lua_State *cur_L)
+{
+	lua_error(old_L);
+	/* Unreachable. */
+	return 0;
+}
+
+static int error_from_other_thread(lua_State *L)
+{
+	lua_State *next_cur_L = lua_newthread(L);
+	old_L = L;
+	/* Remove thread. */
+	lua_pop(L, 1);
+	/* Do not show frame slot as return result after error. */
+	lua_pushnil(L);
+	lua_pushcfunction(next_cur_L, throw_error_at_old_thread);
+	lua_call(next_cur_L, 0, 0);
+	/* Unreachable. */
+	return 0;
+}
+
+static const struct luaL_Reg libcur_L[] = {
+	{"error_from_other_thread", error_from_other_thread},
+	{NULL, NULL}
+};
+
+LUA_API int luaopen_libcur_L(lua_State *L)
+{
+	luaL_register(L, "libcur_L", libcur_L);
+	return 1;
+}
===================================================================

[1]: https://github.com/tarantool/tarantool/runs/3349429293#step:5:4569
[2]: https://github.com/tarantool/tarantool/pull/6303
[3]: https://github.com/tarantool/tarantool/issues/6231

-- 
Best regards,
Sergey Kaplun

More information about the Tarantool-patches mailing list