From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: Igor Munkin <imun@tarantool.org>, Sergey Ostanevich <sergos@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH luajit] Fix IR_BUFPUT assembly. Date: Mon, 12 Jul 2021 15:06:52 +0300 [thread overview] Message-ID: <20210712120652.23695-1-skaplun@tarantool.org> (raw) From: Mike Pall <mike> Thanks to Peter Cawley. (cherry picked from commit 58d0dde0a2df49abc991decbabff15230010829a) When recording IR_BUFPTR special variable holds -1 value to mark that argument to store is not a single character. If it is, then it can be stored in a register directly. When storing a single character we store it in the aforementioned variable first to reset the -1 value. But when the system has signed characters, and the character to store equals \255, the check that the variable still holds -1 value becomes false positive and either wrong value is stored or the LuaJIT crashes. This patch changes the flag value to -129 to avoid intersections with any `char` values. Sergey Kaplun: * added the description and the test for the problem --- The patch fixes the problem described in TNT-142. Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/lj-375-fix-ir-bufput Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-375-fix-ir-bufput Issue: https://github.com/LuaJIT/LuaJIT/issues/375 src/lj_asm.c | 6 +++--- .../lj-375-ir-bufput-signed-char.test.lua | 17 +++++++++++++++++ 2 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua diff --git a/src/lj_asm.c b/src/lj_asm.c index c2cf5a95..ab53fb47 100644 --- a/src/lj_asm.c +++ b/src/lj_asm.c @@ -1115,7 +1115,7 @@ static void asm_bufput(ASMState *as, IRIns *ir) const CCallInfo *ci = &lj_ir_callinfo[IRCALL_lj_buf_putstr]; IRRef args[3]; IRIns *irs; - int kchar = -1; + int kchar = -129; args[0] = ir->op1; /* SBuf * */ args[1] = ir->op2; /* GCstr * */ irs = IR(ir->op2); @@ -1123,7 +1123,7 @@ static void asm_bufput(ASMState *as, IRIns *ir) if (irs->o == IR_KGC) { GCstr *s = ir_kstr(irs); if (s->len == 1) { /* Optimize put of single-char string constant. */ - kchar = strdata(s)[0]; + kchar = (int8_t)strdata(s)[0]; /* Signed! */ args[1] = ASMREF_TMP1; /* int, truncated to char */ ci = &lj_ir_callinfo[IRCALL_lj_buf_putchar]; } @@ -1150,7 +1150,7 @@ static void asm_bufput(ASMState *as, IRIns *ir) asm_gencall(as, ci, args); if (args[1] == ASMREF_TMP1) { Reg tmp = ra_releasetmp(as, ASMREF_TMP1); - if (kchar == -1) + if (kchar == -129) asm_tvptr(as, tmp, irs->op1); else ra_allockreg(as, kchar, tmp); diff --git a/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua b/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua new file mode 100644 index 00000000..8ac138f7 --- /dev/null +++ b/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua @@ -0,0 +1,17 @@ +local tap = require('tap') + +local test = tap.test('lj-375-ir-bufput-signed-char') +test:plan(3) + +-- Avoid store forwarding optimization to store exactly 1 char. +jit.opt.start(3, '-fwd', 'hotloop=1') +for _ = 1, 3 do + -- Check optimization for single char storing works correct + -- for -1. Fast function `string.char()` is recorded with + -- IR_BUFHDR and IR_BUFPUT IRs in case, when there are more than + -- 1 arguments. + local s = string.char(0xff, 0) + test:ok(s:byte(1) == 0xff, 'correct -1 signed char assembling') +end + +os.exit(test:check() and 0 or 1) -- 2.31.0
next reply other threads:[~2021-07-12 12:08 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-07-12 12:06 Sergey Kaplun via Tarantool-patches [this message] 2021-07-19 22:25 ` Igor Munkin via Tarantool-patches 2021-07-20 12:17 ` Sergey Kaplun via Tarantool-patches 2021-07-21 9:30 ` Sergey Kaplun via Tarantool-patches 2021-07-20 15:22 ` Sergey Ostanevich via Tarantool-patches 2021-07-22 7:51 ` Igor Munkin via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210712120652.23695-1-skaplun@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=imun@tarantool.org \ --cc=sergos@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit] Fix IR_BUFPUT assembly.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox