[Tarantool-patches] [PATCH luajit] Fix write barrier for lua_setupvalue() and debug.setupvalue().

Thu Jun 30 15:10:49 MSK 2022

Sergey,

I've checked the patch into all long-term branches in tarantool/luajit
and bumped a new version in master, 2.10 and 1.10.

On 15.12.21, Sergey Kaplun wrote:
> From: Mike Pall <mike>
> 
> (cherry picked from e613105ca92fe25e7bd63031b409faa8c908ac35)
> 
> Child function inherits parents upvalues. Assume parent function is
> marked first (all closed upvalues and function are colored to black),
> and then `debug.setupvalue()`/`lua_setupvalue()` is called for an
> unmarked child function with inherited upvalues. The barrier is tried to
> move forward (but not actually move, due to the colors of operands) for
> a non-marked function (instead marked upvalue). Now black upvalue refers
> to a white object. Black objects can't refer white objects due to GC
> invariant, so the invariant is violated.
> 
> This patch changes a function object to an upvalue for barrier movement.
> 
> Sergey Kaplun:
> * added the description and the test for the problem
> 
> Part of tarantool/tarantool#6548
> ---
> Related issue: https://github.com/tarantool/tarantool/issues/6548
> Branch: https://github.com/tarantool/luajit/tree/skaplun/gh-noticket-fix-gc-setupvalue-full-ci
> Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-gc-setupvalue-full-ci
> 
> Note: CI is red. But this job is red on master too...
> 
>  src/lj_api.c                                  |  8 ++-
>  src/lj_debug.c                                |  7 ++-
>  src/lj_debug.h                                |  3 +-
>  .../fix-gc-setupvalue.test.lua                | 60 +++++++++++++++++++
>  test/tarantool-tests/utils.lua                | 32 ++++++++++
>  5 files changed, 104 insertions(+), 6 deletions(-)
>  create mode 100644 test/tarantool-tests/fix-gc-setupvalue.test.lua
> 

<snipped>

> -- 
> 2.34.1
> 

-- 
Best regards,
IM