From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: Sergey Ostanevich <sergos@tarantool.org>, Igor Munkin <imun@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH luajit] Fix FOLD rule for strength reduction of widening. Date: Mon, 18 Oct 2021 21:53:41 +0300 [thread overview] Message-ID: <20211018185341.32155-1-skaplun@tarantool.org> (raw) From: Mike Pall <mike> Reported by Matthew Burk. (cherry picked from commit 9f0caad0e43f97a4613850b3874b851cb1bc301d) The simplify_conv_sext optimization is used for reduction of widening. cdata indexing narrow optimization uses it for narrowing of a C array index. The optimization eliminates sign extension for corresponding integer value. However, this conversion cannot be omitted for non constant values (for example loading stack slots) as far as their sign extension may change. The emitted machine code may be incorrect without aforementioned conversion (for example mov instruction instead movsxd is used on x86 architecture). As a result the value in a destination register during trace execution is invalid. This patch allows this optimization only for constant integer values. Sergey Kaplun: * added the description and the test for the problem --- Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-fold-simplify-conv-sext Branch: https://github.com/tarantool/luajit/tree/skaplun/gh-noticket-fix-fold-simplify-conv-sext src/lj_opt_fold.c | 2 +- .../lj-fix-fold-simplify-conv-sext.test.lua | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c index 3c508062..276dc040 100644 --- a/src/lj_opt_fold.c +++ b/src/lj_opt_fold.c @@ -1227,7 +1227,7 @@ LJFOLDF(simplify_conv_sext) if (ref == J->scev.idx) { IRRef lo = J->scev.dir ? J->scev.start : J->scev.stop; lua_assert(irt_isint(J->scev.t)); - if (lo && IR(lo)->i + ofs >= 0) { + if (lo && IR(lo)->o == IR_KINT && IR(lo)->i + ofs >= 0) { ok_reduce: #if LJ_TARGET_X64 /* Eliminate widening. All 32 bit ops do an implicit zero-extension. */ diff --git a/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua b/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua new file mode 100644 index 00000000..bd3738c5 --- /dev/null +++ b/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua @@ -0,0 +1,35 @@ +local tap = require('tap') +local ffi = require('ffi') + +local test = tap.test('lj-fix-fold-simplify-conv-sext') + +local NSAMPLES = 4 +local NTEST = NSAMPLES * 2 + 1 +test:plan(NTEST) + +local samples = ffi.new('int [?]', NSAMPLES) + +-- Prepare data. +for i = 0, NSAMPLES - 1 do samples[i] = i end + +local expected = {3, 2, 1, 0, 3, 2, 1} + +local START = 3 +local STOP = -START + +local results = {} +jit.opt.start('hotloop=1') +for i = START, STOP, -1 do + -- While recording cdata indexing the fold CONV SEXT + -- optimization eliminate sign extension for the corresponding + -- non constant value (i.e. stack slot). As a result the read + -- out of bounds was occurring. + results[#results + 1] = samples[i % NSAMPLES] +end + +for i = 1, NTEST do + test:ok(results[i] == expected[i], 'correct cdata indexing') +end + +os.exit(test:check() and 0 or 1) + -- 2.31.0
next reply other threads:[~2021-10-18 18:55 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-18 18:53 Sergey Kaplun via Tarantool-patches [this message] 2021-10-27 16:08 ` sergos via Tarantool-patches 2021-10-28 11:36 ` Sergey Kaplun via Tarantool-patches 2021-10-28 12:37 ` sergos via Tarantool-patches 2021-10-29 7:49 ` Sergey Kaplun via Tarantool-patches 2022-06-28 13:21 ` Igor Munkin via Tarantool-patches 2022-06-30 12:09 ` Igor Munkin via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211018185341.32155-1-skaplun@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=imun@tarantool.org \ --cc=sergos@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit] Fix FOLD rule for strength reduction of widening.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox