[Tarantool-patches] [PATCH luajit 3/4] ARM64: Fix xpcall() error case.

Sergey Kaplun skaplun at tarantool.org
Fri Jun 4 16:45:31 MSK 2021 

Hi!

Thanks for the review!

On 02.06.21, Sergey Ostanevich wrote:
> Hi!
> 
> Thanks for the patch!
> 
> Some comments facelift, otherwise LGTM.
> 
> Sergos
> 
> 
> > On 24 May 2021, at 16:27, Sergey Kaplun <skaplun at tarantool.org> wrote:
> > 
> > From: Mike Pall <mike>	
> > 
> > Thanks to Stefan Pejic.
> > 
> > (cherry picked from commit 33082a6f4778aa152f6a4a684a7fe79436f1ecb6)
> > 
> > Premature incrementing VM's BASE register before switch to fff_fallback
> 	   increment of
> > handler during processing `xpcall()` fast function leads to incorrect
> > L->base value in case, when `xpcall()` calls without a second argument
> 					is called
> > or if it equals nil (see <301-basic.t> test in lua-Harness test suite).
> > While further error processing it leads to crash, due to stack
> > inconsistency.
> 
> Please, mention explicitly if this test is the one for the patch.
> 
> > 
> > This patch moves BASE incrementing after possible switching to
> 			increment          the switch (mentioned in first line)
> > fallback handler.
> the (aforementioned) 
> > 
> > Sergey Kaplun:
> > * added the description for the problem
> > 
> > Part of tarantool/tarantool#6093
> > Part of tarantool/tarantool#5629
> > ---

The new commit message is:
Branch is force-pushed.

===================================================================
ARM64: Fix xpcall() error case.

Thanks to Stefan Pejic.

(cherry picked from commit 33082a6f4778aa152f6a4a684a7fe79436f1ecb6)

Premature increment of VM's BASE register before switch to fff_fallback
handler during processing `xpcall()` fast function leads to incorrect
L->base value in the case, when `xpcall()` is called without a second
argument or if it equals nil (see <301-basic.t> test in lua-Harness test
suite). While further error processing it leads to crash (see the
test case in <test/lua-Harness-tests/301-basic.t:832>), due to stack
inconsistency.

This patch moves BASE increment after the switch (mentioned in the first
line) to the fallback handler (aforementioned).

Sergey Kaplun:
* added the description for the problem

Part of tarantool/tarantool#6093
Part of tarantool/tarantool#5629
===================================================================

> > src/vm_arm64.dasc | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/src/vm_arm64.dasc b/src/vm_arm64.dasc
> > index 6bf59509..e16a77ab 100644
> > --- a/src/vm_arm64.dasc
> > +++ b/src/vm_arm64.dasc
> > @@ -1186,12 +1186,12 @@ static void build_subroutines(BuildCtx *ctx)
> >   |   subs NARGS8:RC, NARGS8:RC, #16
> >   |   blo ->fff_fallback
> >   |    mov RB, BASE
> > -  |    add BASE, BASE, #24
> >   |     asr ITYPE, CARG2, #47
> >   |  ubfx TMP0w, TMP0w, #HOOK_ACTIVE_SHIFT, #1
> >   |     cmn ITYPE, #-LJ_TFUNC
> >   |  add PC, TMP0, #24+FRAME_PCALL
> >   |     bne ->fff_fallback		// Traceback must be a function.
> > +  |    add BASE, BASE, #24
> >   |     stp CARG2, CARG1, [RB]		// Swap function and traceback.
> >   |   cbz NARGS8:RC, ->vm_call_dispatch
> >   |  b <1
> > -- 
> > 2.31.0
> > 
> 

-- 
Best regards,
Sergey Kaplun

More information about the Tarantool-patches mailing list