From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 8252D6EC40; Tue, 10 Aug 2021 20:03:34 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8252D6EC40 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1628615014; bh=wTaV98BrUpFYoGdE2yGJmkzcOTYS74f9QTagktAbj0c=; h=In-Reply-To:Date:References:To:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Xy4/SX3culpA6la2cmypmyrzKelTCF8Q/3N4x2BNqdlp0MSze+5ZsWtxAiB3JIu1F PsN3PDY/wRXkRq2CNqtsHZkagpdWQ8m711RJIgbudLMjbI/KozINykJ2yWfQ7PZ9jp K3yOCq+pgm4TPXkDGP0vCTmDBcgem/1tVlKp8WGc= Received: from smtp38.i.mail.ru (smtp38.i.mail.ru [94.100.177.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 6F28F6EC40 for ; Tue, 10 Aug 2021 20:03:32 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 6F28F6EC40 Received: by smtp38.i.mail.ru with esmtpa (envelope-from ) id 1mDVA3-0006GX-JH; Tue, 10 Aug 2021 20:03:32 +0300 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\)) In-Reply-To: <20210719073632.12008-1-skaplun@tarantool.org> Date: Tue, 10 Aug 2021 20:03:30 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <0950C847-EF9A-4C62-920D-1F04AA7137CC@tarantool.org> References: <20210719073632.12008-1-skaplun@tarantool.org> To: Sergey Kaplun X-Mailer: Apple Mail (2.3654.100.0.2.22) X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD92087353F0EC44DD91BCCB18F2C129F87F36E61E9E4584E9D182A05F5380850402262998F3A967BB2538A0B402B955A38709F489077B86CAC74F0AE88BC22BA9D X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE701173C01F417A2A6EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063700B087299B9BE63E8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8A4E8E9BF06770001BFAE2E7981F14B58117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC3733B5EC72352B9FA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735201E561CDFBCA1751FBDFBBEFFF4125B51D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B67393CE827C55B5F775ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356 X-C1DE0DAB: 0D63561A33F958A5997F3F7E66FC89D08C59B5BE5BF1E1A33537C57808EAE36AD59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA753177526CD55AFC11410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D346F44602F3B494634F3512DCCAE9503559491AEEF0F3BDC5C3B7945BD5B9D55A4C526BF75A92983901D7E09C32AA3244C1C595AD741EC94FA66D5FB744002D7283A92A9747B6CC886FACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj6qlzQV0oSZNK7Z0c3kYRZw== X-Mailru-Sender: 3B9A0136629DC912F4AABCEFC589C81EEAE9B8807032E4BB8909A99B257C0FE24725A2E8059E754EAD07DD1419AC565FA614486B47F28B67C5E079CCF3B0523AED31B7EB2E253A9E112434F685709FCF0DA7A0AF5A3A8387 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] Fix bytecode register allocation for comparisons. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Ostanevich via Tarantool-patches Reply-To: Sergey Ostanevich Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" Hi! Thanks for the patch! Just minor grammar, LGTM. Sergos > On 19 Jul 2021, at 10:36, Sergey Kaplun wrote: >=20 > From: Mike Pall >=20 > (cherry picked from commit 2f3f07882fb4ad9c64967d7088461b1ca0a25d3a) >=20 > When LuaJIT is build with LJ_FR2 (GC64), information about frame takes built (v3 in passive voice) [skipped, new version] > The first option is rewrite this slot by return values from the to > function. >=20 > The second option is clearing slot (i.e. set to zero) manually, when to clear the > there is no values to return. It is done by the next bytecode having = RA > dst mode. This obliges that the destination of RA takes the next slot > after TREF_FRAME. For this an earlier instruction must use the = smallest > possible destination register (see `lj_record_ins()` for the details). >=20 > Bytecode allocator swaps operands for ISGT and ISGE comparisons. can swap (since it is followed by =E2=80=98When=E2=80=99= ) > When it happens, the aforementioned rule for registers allocations allocation > may be violated. When it happens, and this chunk is recording, the = slot > with TREF_FRAME is not rewritten (but the next empty slot after > TREF_FRAME is) during bytecode recording. This leads to JIT slots > inconsistency and assertion failure in `rec_check_slots()` during > recording the next bytecode instruction. of=20 >=20 > This patch fixes bytecode register allocation by changing the register > allocation order in case of ISGT and ISGE bytecodes. >=20 > Sergey Kaplun: > * added the description and the test for the problem >=20 > Resolves tarantool/tarantool#6227 > --- >=20 > Branch: = https://github.com/tarantool/luajit/tree/skaplun/gh-6227-fix-bytecode-allo= cator-for-comp > Tarantool branch: = https://github.com/tarantool/tarantool/tree/skaplun/gh-6227-fix-bytecode-a= llocator-for-comp > Issue: https://github.com/tarantool/tarantool/issues/6227 >=20 > src/lj_parse.c | 7 +++- > ...ytecode-allocator-for-comparisons.test.lua | 41 +++++++++++++++++++ > 2 files changed, 46 insertions(+), 2 deletions(-) > create mode 100644 = test/tarantool-tests/gh-6227-bytecode-allocator-for-comparisons.test.lua >=20 > diff --git a/src/lj_parse.c b/src/lj_parse.c > index 08f7cfa6..a6325a76 100644 > --- a/src/lj_parse.c > +++ b/src/lj_parse.c > @@ -853,9 +853,12 @@ static void bcemit_comp(FuncState *fs, BinOpr = opr, ExpDesc *e1, ExpDesc *e2) > e1 =3D e2; e2 =3D eret; /* Swap operands. */ > op =3D ((op-BC_ISLT)^3)+BC_ISLT; > expr_toval(fs, e1); > + ra =3D expr_toanyreg(fs, e1); > + rd =3D expr_toanyreg(fs, e2); > + } else { > + rd =3D expr_toanyreg(fs, e2); > + ra =3D expr_toanyreg(fs, e1); > } > - rd =3D expr_toanyreg(fs, e2); > - ra =3D expr_toanyreg(fs, e1); > ins =3D BCINS_AD(op, ra, rd); > } > /* Using expr_free might cause asserts if the order is wrong. */ > diff --git = a/test/tarantool-tests/gh-6227-bytecode-allocator-for-comparisons.test.lua= = b/test/tarantool-tests/gh-6227-bytecode-allocator-for-comparisons.test.lua= > new file mode 100644 > index 00000000..66f6885e > --- /dev/null > +++ = b/test/tarantool-tests/gh-6227-bytecode-allocator-for-comparisons.test.lua= > @@ -0,0 +1,41 @@ > +local tap =3D require('tap') > +local test =3D tap.test('gh-6227-bytecode-allocator-for-comparisons') > +test:plan(1) > + > +-- Test file to demonstrate assertion failure during recording > +-- wrong allocated bytecode for comparisons. > +-- See also https://github.com/tarantool/tarantool/issues/6227. > + > +-- Need function with RET0 bytecode to avoid reset of > +-- the first JIT slot with frame info. Also need no assignments > +-- by the caller. > +local function empty() end > + > +local uv =3D 0 > + > +-- This function needs to reset register enumerating. > +-- Also set `J->maxslot` to zero. > +-- The upvalue function to call is loaded to 0 slot. > +local function bump_frame() > + -- First call function with RET0 to set TREF_FRAME in the > + -- last slot. > + empty() > + -- Test ISGE or ISGT bytecode. These bytecodes swap their > + -- operands. Also, a constant is always loaded into the slot > + -- smaller than upvalue. So, if upvalue loads before KSHORT, > + -- then the difference between registers is more than 2 (2 is > + -- needed for LJ_FR2) and TREF_FRAME slot is not rewriting by > + -- the bytecode after call and return as expected. That leads > + -- to recording slots inconsistency and assertion failure at > + -- `rec_check_slots()`. > + empty(1>uv) > +end > + > +jit.opt.start('hotloop=3D1') > + > +for _ =3D 1,3 do > + bump_frame() > +end > + > +test:ok(true) > +os.exit(test:check() and 0 or 1) > --=20 > 2.31.0 >=20