From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 26D006ECE3;
	Wed, 13 Jul 2022 12:56:13 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 26D006ECE3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1657706173; bh=GwDXpVicnfEIUIdB+z4FLKkQ4WVPcdNXXz0ULUgHUBw=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=YmtlQmwjD4c8JbylaQXH5ER4p1Z92mBsdcdTyIn4S3Jr/3v9sFGrtyzSvWyCFR3or
	 dNHDSudgf/nji+x0bThh/3uD5+y8Ftpp0PGl3cNGLs1zvIElaC88FYGgVHs/TDMgXN
	 QUsREqCbwOi1fPyD6oCdAk6IEsgORvOGA5jb2fEo=
Received: from smtpng1.i.mail.ru (smtpng1.i.mail.ru [94.100.181.251])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 8FE8F6ECE3
 for <tarantool-patches@dev.tarantool.org>;
 Wed, 13 Jul 2022 12:56:11 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8FE8F6ECE3
Received: by smtpng1.m.smailru.net with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1oBZ6I-0000sC-IZ; Wed, 13 Jul 2022 12:56:11 +0300
To: Sergey Ostanevich <sergos@tarantool.org>, Igor Munkin <imun@tarantool.org>
Date: Wed, 13 Jul 2022 12:53:49 +0300
Message-Id: <20220713095349.31718-1-skaplun@tarantool.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-7564579A: B8F34718100C35BD
X-77F55803: 4F1203BC0FB41BD9BCA415BD413502569E541C1996C98B1DBA6EA8F7F66FC3C4182A05F538085040FA4ED42AFCF5723B001345A3AA673387F1DA15899182D74B6EAACE98C731190F
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7A3295C83650092F9EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006371750936FC250F8708638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D86E22B2876FE284997D7086A051F58B3A117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC00E8CE3DD197987DA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F4460429728776938767073520140C956E756FBB7A2CC0D3CB04F14752D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B60A62CEF541B197C8089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-8FC586DF: 6EFBBC1D9D64D975
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C41E93BD56E7067354307CAA32FF218580205367B2BCC23E5B4F40B0AC56F24A7BE7E65F06B2D3BF1CAD91A466A1DEF99B6ED91DBE5ABE359A3485EE9140A7D39D7BB222D9AD51FB285E45C8677FA1DBA1C584AE995B33BAECAEC27F6D9E97B8E9B1881A6453793CE9C32612AADDFBE061D915B5B670273ACBA71A35648BE338CE9510FB958DCE06DB58C12E6D310A6D53F1175FABE1C0F9B6DC48ACC2A39D04F89CDFB48F4795C241BDAD6C7F3747799A
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D3447DF5779098ECEE910A819066D0C3E62D8AABA4AB2C0BD14A9EAE149042C88A4D579162C1FC0480D1D7E09C32AA3244CCF21974C378093CA4A1A4A7CD49AF49763871F383B54D9B3927AC6DF5659F194
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojpV6+aF9js39XKgMcHv5MBg==
X-Mailru-Sender: 689FA8AB762F7393CC2E0F076E87284E9CF8FB7FCD7C05579F8EC75C52D69AEB0FBE9A32752B8C9C2AA642CC12EC09F1FB559BB5D741EB962F61BD320559CF1EFD657A8799238ED55FEEDEB644C299C0ED14614B50AE0675
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit] LJ_GC64: Fix IR_VARG offset for
 fixed number of results.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Reported by George Vaintrub. Fixed by Sergey Kaplun.

(cherry picked from commit 6bda30d8c745b3963ba870221b9be6acdffed9b1)

This bug occurs when recording `BC_VARG` with the following conditions:
1) varargs undefined on trace.
2) known fixed number of results.

For this case the vararg slots loads via `IR_VLOAD` by offset from
vararg base. In GC64 mode this offset was miscounting due to missing
`LJ_FR2` correction in the base TRef calculation. As the result the
wrong (+1) vararg slot is used.

This patch adds the missing the aforementioned `LJ_FR2` correction.

Sergey Kaplun:
* added the description and the test for the problem

Resolves tarantool/tarantool#7172
Part of tarantool/tarantool#7230
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-864-varg-rec-base-offset-full-ci
Issues:
* https://github.com/tarantool/tarantool/issues/7172
* https://github.com/LuaJIT/LuaJIT/issues/864

 src/lj_record.c                               |  2 +-
 .../lj-864-varg-rec-base-offset.test.lua      | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua

diff --git a/src/lj_record.c b/src/lj_record.c
index a11f3712..9e2e1d9e 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1794,7 +1794,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
 	  emitir(IRTGI(IR_EQ), fr,
 		 lj_ir_kint(J, (int32_t)frame_ftsz(J->L->base-1)));
 	vbase = emitir(IRT(IR_SUB, IRT_IGC), REF_BASE, fr);
-	vbase = emitir(IRT(IR_ADD, IRT_PGC), vbase, lj_ir_kint(J, frofs-8));
+	vbase = emitir(IRT(IR_ADD, IRT_PGC), vbase, lj_ir_kint(J, frofs-8*(1+LJ_FR2)));
 	for (i = 0; i < nload; i++) {
 	  IRType t = itype2irt(&J->L->base[i-1-LJ_FR2-nvararg]);
 	  TRef aref = emitir(IRT(IR_AREF, IRT_PGC),
diff --git a/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua
new file mode 100644
index 00000000..ca30f92f
--- /dev/null
+++ b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua
@@ -0,0 +1,25 @@
+local tap = require('tap')
+
+-- Test file to demonstrate LuaJIT misbehaviour during recording
+-- BC_VARG with nvarargs >= nresults in GC64 mode.
+-- See also https://github.com/LuaJIT/LuaJIT/issues/864,
+-- https://github.com/tarantool/tarantool/issues/7172.
+local test = tap.test('lj-864-varg-rec-base-offset')
+test:plan(1)
+
+jit.opt.start('hotloop=1')
+
+local MAGIC = 42
+local function test_rec_varg(...)
+  local slot1
+  for _ = 1, 3 do
+    slot1 = ...
+  end
+  return slot1 == MAGIC
+end
+
+-- Test case for nvarargs >= nresults. Equality is not suitable
+-- due to failing assertion guard for type of loaded vararg slot.
+test:ok(test_rec_varg(MAGIC, 0), 'correct BC_VARG recording')
+
+os.exit(test:check() and 0 or 1)
-- 
2.34.1