From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 0ADD86EC55;
	Mon, 12 Jul 2021 15:08:04 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 0ADD86EC55
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1626091684; bh=StfzLR0iPBEitV+KGOas9KqKZfKmQJ1tJan5Atov+uQ=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=JNz68izvNs1ChCmLxVjf4kHKp2pstVN7O0XdkS+2+xqbFgbuX5afRpjB0re/SHkkL
	 6qCNcSi6R/h0xq5z8TX+s5RfAV4wY+J9L9cZGSXMoTWVK7N4/N9US66s2rICQPtdcA
	 1nqHIwIkLwjvdop+IdLT9bYSP713IxXey2e9Klr0=
Received: from smtp35.i.mail.ru (smtp35.i.mail.ru [94.100.177.95])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 280356EC55
 for <tarantool-patches@dev.tarantool.org>;
 Mon, 12 Jul 2021 15:08:02 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 280356EC55
Received: by smtp35.i.mail.ru with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1m2ujB-000628-5J; Mon, 12 Jul 2021 15:08:01 +0300
To: Igor Munkin <imun@tarantool.org>, Sergey Ostanevich <sergos@tarantool.org>
Date: Mon, 12 Jul 2021 15:06:52 +0300
Message-Id: <20210712120652.23695-1-skaplun@tarantool.org>
X-Mailer: git-send-email 2.31.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-7564579A: EEAE043A70213CC8
X-77F55803: 4F1203BC0FB41BD97BB0EF39AD2B33D54F26E6113A59F95A22EFF9DCA932A94B182A05F538085040B086D2A7095A3060F5EB575755EEC4AB057C9F1B7B7007455D0F7ABBF627402C
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7C6068CE86C2B75F5EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637DD7A7F9003AF293F8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D87123FC59C421598BFD62E7FC4B2A728C117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC3A703B70628EAD7BA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD1828451B159A507268D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6F82A78844E5C6993089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975C425F95675CFBD49F58D85EA4BDAD9AC6ACFE8416AC7CDAC29C2B6934AE262D3EE7EAB7254005DCED91AE2E076B69AE4E9510FB958DCE06DB6ED91DBE5ABE359A805C47957401F4818D1F0E447259586B93EDB24507CE13387DFF0A840B692CF8
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34B5900AD87B4159A4588E190DA05AFEFB696AFF99188FFD0AB9FA27DEBAA6FB834DD20C90CC2FCC151D7E09C32AA3244C9B7300EE9605CFD1A08422C4B8643420B4DF56057A86259F927AC6DF5659F194
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj/3sbGI30Xhd0ZqX5dMmzdA==
X-Mailru-Sender: 3B9A0136629DC91206CBC582EFEF4CB4E52C4AF12ACE7EA57EFE64C417DCF24BBAEDF1B2B720B08EF2400F607609286E924004A7DEC283833C7120B22964430C52B393F8C72A41A89437F6177E88F7363CDA0F3B3F5B9367
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit] Fix IR_BUFPUT assembly.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Thanks to Peter Cawley.

(cherry picked from commit 58d0dde0a2df49abc991decbabff15230010829a)

When recording IR_BUFPTR special variable holds -1 value to mark that
argument to store is not a single character. If it is, then it can be
stored in a register directly. When storing a single character we store
it in the aforementioned variable first to reset the -1 value. But when
the system has signed characters, and the character to store equals
\255, the check that the variable still holds -1 value becomes false
positive and either wrong value is stored or the LuaJIT crashes.

This patch changes the flag value to -129 to avoid intersections with
any `char` values.

Sergey Kaplun:
* added the description and the test for the problem
---

The patch fixes the problem described in TNT-142.

Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/lj-375-fix-ir-bufput
Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-375-fix-ir-bufput
Issue: https://github.com/LuaJIT/LuaJIT/issues/375

 src/lj_asm.c                                    |  6 +++---
 .../lj-375-ir-bufput-signed-char.test.lua       | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua

diff --git a/src/lj_asm.c b/src/lj_asm.c
index c2cf5a95..ab53fb47 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -1115,7 +1115,7 @@ static void asm_bufput(ASMState *as, IRIns *ir)
   const CCallInfo *ci = &lj_ir_callinfo[IRCALL_lj_buf_putstr];
   IRRef args[3];
   IRIns *irs;
-  int kchar = -1;
+  int kchar = -129;
   args[0] = ir->op1;  /* SBuf * */
   args[1] = ir->op2;  /* GCstr * */
   irs = IR(ir->op2);
@@ -1123,7 +1123,7 @@ static void asm_bufput(ASMState *as, IRIns *ir)
   if (irs->o == IR_KGC) {
     GCstr *s = ir_kstr(irs);
     if (s->len == 1) {  /* Optimize put of single-char string constant. */
-      kchar = strdata(s)[0];
+      kchar = (int8_t)strdata(s)[0];  /* Signed! */
       args[1] = ASMREF_TMP1;  /* int, truncated to char */
       ci = &lj_ir_callinfo[IRCALL_lj_buf_putchar];
     }
@@ -1150,7 +1150,7 @@ static void asm_bufput(ASMState *as, IRIns *ir)
   asm_gencall(as, ci, args);
   if (args[1] == ASMREF_TMP1) {
     Reg tmp = ra_releasetmp(as, ASMREF_TMP1);
-    if (kchar == -1)
+    if (kchar == -129)
       asm_tvptr(as, tmp, irs->op1);
     else
       ra_allockreg(as, kchar, tmp);
diff --git a/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua b/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua
new file mode 100644
index 00000000..8ac138f7
--- /dev/null
+++ b/test/tarantool-tests/lj-375-ir-bufput-signed-char.test.lua
@@ -0,0 +1,17 @@
+local tap = require('tap')
+
+local test = tap.test('lj-375-ir-bufput-signed-char')
+test:plan(3)
+
+-- Avoid store forwarding optimization to store exactly 1 char.
+jit.opt.start(3, '-fwd', 'hotloop=1')
+for _ = 1, 3 do
+  -- Check optimization for single char storing works correct
+  -- for -1. Fast function `string.char()` is recorded with
+  -- IR_BUFHDR and IR_BUFPUT IRs in case, when there are more than
+  -- 1 arguments.
+  local s = string.char(0xff, 0)
+  test:ok(s:byte(1) == 0xff, 'correct -1 signed char assembling')
+end
+
+os.exit(test:check() and 0 or 1)
-- 
2.31.0