From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 584506ECE3; Mon, 18 Oct 2021 21:55:31 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 584506ECE3 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1634583331; bh=A0udKn8/Ma0KH+zHXtnYdiiNDad4tnWY+Z8v8IVcL6U=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=StBdzXcrSwY+AsNQ7ffuQjkQor/MzxcboKS7ah7/38zAT1dsGVqR16iE1zibno0Z5 fvzLi9H8Zhdjtc+MgFBjfHNeijnz2SGcjTAtMAModHK8CaSxwXHGbvy/hOHIhKiCWc UFy9Ma7tpTGBWnl+6trj9TasPe4eRJPZTIDrWvyI= Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 3DC986ECE3 for ; Mon, 18 Oct 2021 21:55:29 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 3DC986ECE3 Received: by smtpng1.m.smailru.net with esmtpa (envelope-from ) id 1mcXnE-0007Da-6O; Mon, 18 Oct 2021 21:55:28 +0300 To: Sergey Ostanevich , Igor Munkin Date: Mon, 18 Oct 2021 21:53:41 +0300 Message-Id: <20211018185341.32155-1-skaplun@tarantool.org> X-Mailer: git-send-email 2.31.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD9C7814344C8C501C81DF2D982FCC3642ABC592EA95DC3FE9F182A05F538085040C394BCB376A2A0D5C76F8D55F498FDE06F58F018D3CA29A3AF8A5E9749964EEA X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7956F10FFCC7409BAEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637A60160C3319358EB8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8EF5A39E2AFDBC7DB396E34891FBA7677117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC2EE5AD8F952D28FBA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD18CB629EEF1311BF91D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B67393CE827C55B5F775ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356 X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CDA625C6CE8BBA1B946B664C004D5736049FEA44DC35A8D4F9C2B6934AE262D3EE7EAB7254005DCEDAAB53F89E328DC071E0A4E2319210D9B64D260DF9561598F01A9E91200F654B02272C4C079A4C8AD93EDB24507CE13387DFF0A840B692CF8 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D347324AA9FA07FF01E6671648F9A7812366EE6BC0BBF8BF6850D2C29889F583D4A6B749932FED398D41D7E09C32AA3244CA9B5F6EAD07C55BF28FF29F66B934AFA64EE5813BBCA3A9D927AC6DF5659F194 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXiyQ8yq3v2Qmj++kzd2nWI4 X-Mailru-Sender: 689FA8AB762F7393C37E3C1AEC41BA5DF6CE82EE1FD6CDB8CAC0F52ADC980F050FBE9A32752B8C9C2AA642CC12EC09F1FB559BB5D741EB962F61BD320559CF1EFD657A8799238ED567EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Fix FOLD rule for strength reduction of widening. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Matthew Burk. (cherry picked from commit 9f0caad0e43f97a4613850b3874b851cb1bc301d) The simplify_conv_sext optimization is used for reduction of widening. cdata indexing narrow optimization uses it for narrowing of a C array index. The optimization eliminates sign extension for corresponding integer value. However, this conversion cannot be omitted for non constant values (for example loading stack slots) as far as their sign extension may change. The emitted machine code may be incorrect without aforementioned conversion (for example mov instruction instead movsxd is used on x86 architecture). As a result the value in a destination register during trace execution is invalid. This patch allows this optimization only for constant integer values. Sergey Kaplun: * added the description and the test for the problem --- Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-fold-simplify-conv-sext Branch: https://github.com/tarantool/luajit/tree/skaplun/gh-noticket-fix-fold-simplify-conv-sext src/lj_opt_fold.c | 2 +- .../lj-fix-fold-simplify-conv-sext.test.lua | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c index 3c508062..276dc040 100644 --- a/src/lj_opt_fold.c +++ b/src/lj_opt_fold.c @@ -1227,7 +1227,7 @@ LJFOLDF(simplify_conv_sext) if (ref == J->scev.idx) { IRRef lo = J->scev.dir ? J->scev.start : J->scev.stop; lua_assert(irt_isint(J->scev.t)); - if (lo && IR(lo)->i + ofs >= 0) { + if (lo && IR(lo)->o == IR_KINT && IR(lo)->i + ofs >= 0) { ok_reduce: #if LJ_TARGET_X64 /* Eliminate widening. All 32 bit ops do an implicit zero-extension. */ diff --git a/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua b/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua new file mode 100644 index 00000000..bd3738c5 --- /dev/null +++ b/test/tarantool-tests/lj-fix-fold-simplify-conv-sext.test.lua @@ -0,0 +1,35 @@ +local tap = require('tap') +local ffi = require('ffi') + +local test = tap.test('lj-fix-fold-simplify-conv-sext') + +local NSAMPLES = 4 +local NTEST = NSAMPLES * 2 + 1 +test:plan(NTEST) + +local samples = ffi.new('int [?]', NSAMPLES) + +-- Prepare data. +for i = 0, NSAMPLES - 1 do samples[i] = i end + +local expected = {3, 2, 1, 0, 3, 2, 1} + +local START = 3 +local STOP = -START + +local results = {} +jit.opt.start('hotloop=1') +for i = START, STOP, -1 do + -- While recording cdata indexing the fold CONV SEXT + -- optimization eliminate sign extension for the corresponding + -- non constant value (i.e. stack slot). As a result the read + -- out of bounds was occurring. + results[#results + 1] = samples[i % NSAMPLES] +end + +for i = 1, NTEST do + test:ok(results[i] == expected[i], 'correct cdata indexing') +end + +os.exit(test:check() and 0 or 1) + -- 2.31.0