From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 6673E6FF9F; Tue, 5 Oct 2021 13:30:00 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 6673E6FF9F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1633429800; bh=ltV0TcK0dkhQpplmUbJvO137ls6eexM9E+aepxlb1xI=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=VdRWyQXQof+maljWkC4NlaSeCBoiMGS1sYTImFQsY0HRg472YC2jUIcoYEg31CchJ e2/pRB/i9+0PUTn2Cjzf63sAjABUYSpRJaLwza6610pqyi+crnLn+/WRb4J58fymhG JN4de5acJPwC3qWZFFOYuMLOfmedRmHIsr2th3Nc= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id E62336FF9F for ; Tue, 5 Oct 2021 13:29:59 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E62336FF9F Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mXhhv-0000Lx-0O; Tue, 05 Oct 2021 13:29:59 +0300 To: Igor Munkin , Sergey Ostanevich Date: Tue, 5 Oct 2021 13:28:29 +0300 Message-Id: <20211005102829.30267-1-skaplun@tarantool.org> X-Mailer: git-send-email 2.31.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD9064ADF4728AA0EE9B46A983E38D3F2FC9543D0F0079D7838182A05F538085040DAFEE71CDB36CADFA6EA6FEA6D21ECCAFA47214067D2B29C0B71A31F8CC4626F X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7F2393C4755A27B53EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637B8A896DD3ADA3FA48638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8794B8591EBE935742D03E36E91BE981C117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCAA867293B0326636D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8B2EE5AD8F952D28FBA471835C12D1D977C4224003CC8364762BB6847A3DEAEFB0F43C7A68FF6260569E8FC8737B5C2249EC8D19AE6D49635B68655334FD4449CB9ECD01F8117BC8BEAAAE862A0553A39223F8577A6DFFEA7CAA44A86D94E7BBB043847C11F186F3C59DAA53EE0834AAEE X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975C80CE368667DD8FDE532042D6EF38C7CE97F405A9CE3C210D9C2B6934AE262D3EE7EAB7254005DCEDA71F12A9904680321E0A4E2319210D9B64D260DF9561598F01A9E91200F654B095EFA5DC98A2BCA98E8E86DC7131B365E7726E8460B7C23C X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34087368DEEB028F1756D529AB405847504EF6779B689198F5794138306C88DB59FB53A46269F7FA571D7E09C32AA3244C008B98EEDF5E6DB099AC75975E5214DB64EE5813BBCA3A9D927AC6DF5659F194 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXh6+K+aOc6vUuvmltYEUtgj X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DBF83FC0D4DCB36C55DCB9FB33E1B52360FBE9A32752B8C9C2AA642CC12EC09F1FB559BB5D741EB962F61BD320559CF1EFD657A8799238ED567EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Fix frame traversal for __gc handler frames. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Changochen. (cherry picked from 53f82e6e2e858a0a62fd1a2ff47e9866693382e6) Additional stack traversal is needed to find an error function set for handling runtime errors. cframe unwinding is missed for a C protected frame during this stack traversal. It leads to undefined behaviour or crash, when raising a runtime error on stack with the CP frame before an error function handler (for example, an error in __gc handler). This patch adds missing unwinding for CP frame. Sergey Kaplun: * added the description and the test for the problem --- Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-601-fix-gc-finderrfunc Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-gc-finderrfunc LuaJIT issue: https://github.com/LuaJIT/LuaJIT/issues/601 src/lj_err.c | 1 + .../lj-601-fix-gc-finderrfunc.test.lua | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua diff --git a/src/lj_err.c b/src/lj_err.c index b6be357e..b520b3d3 100644 --- a/src/lj_err.c +++ b/src/lj_err.c @@ -585,6 +585,7 @@ static ptrdiff_t finderrfunc(lua_State *L) if (cframe_canyield(cf)) return 0; if (cframe_errfunc(cf) >= 0) return cframe_errfunc(cf); + cf = cframe_prev(cf); frame = frame_prevd(frame); break; case FRAME_PCALL: diff --git a/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua new file mode 100644 index 00000000..d8d79100 --- /dev/null +++ b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua @@ -0,0 +1,25 @@ +local tap = require('tap') + +local test = tap.test('lj-601-fix-gc-finderrfunc') +test:plan(1) + +-- Test file to demonstrate LuaJIT incorrect behaviour, when +-- throwing error in __gc finalizer. +-- See also, https://github.com/LuaJIT/LuaJIT/issues/601. + +collectgarbage() + +local a = newproxy(true) +getmetatable(a).__gc = function() + -- Function to raise error via `lj_err_run()` inside __gc. + local _ = load(function() collectgarbage()() end) +end + +-- XXX: Generate a small bunch of proxies. Need several to call +-- `collectgarbage()` on another proxy inside __gc. N cycles is +-- empirical number. +for _ = 1, 4 do newproxy(a) end +collectgarbage('collect') + +test:ok(true, 'successfully collectgarbage with error') +os.exit(test:check() and 0 or 1) -- 2.31.0