From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 3FFC33FD593;
	Tue, 11 Apr 2023 23:40:45 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 3FFC33FD593
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1681245645; bh=hI+FyZNCx0Wv6z5kTI5MvOd6DK6xZ+Jyv4uIQ9gFKmU=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=pL4H+MwtaWNcwTEmHxYQS9VRptMNjYtoCH74cx8arOxKMAJIWyK2CbuHqwqN+Jfp1
	 7M95H4AoTSYL/zmi4t0FXUPQOAiO1iDYqQ1hPNNobIb7E2dj7XR2Jdiktz6LghkiOW
	 fJIxIM++WvA624eF9yGOEnz/PQKzFZwS/a/U/LbQ=
Received: from smtpng3.i.mail.ru (smtpng3.i.mail.ru [94.100.177.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id DB5AB352E91
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 11 Apr 2023 23:40:43 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org DB5AB352E91
Received: by smtpng3.m.smailru.net with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1pmKnC-0006Ql-Ty; Tue, 11 Apr 2023 23:40:43 +0300
To: Sergey Ostanevich <sergos@tarantool.org>,
 Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Date: Tue, 11 Apr 2023 23:36:50 +0300
Message-Id: <20230411203650.10125-1-skaplun@tarantool.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD94AFA8A252E0E88EB6232943EFDA4EE6B4CF94D8E42C92037182A05F538085040D30D0CD079955364911CEBF95A6481FE43FF501476BADFFF79A8BCE097F18376
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7257031E595304076EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637600371203F35D8CB8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8EDE4B98BB3F7D9F55268CB1BC0FDA027117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCE96A3A8AAADC8934A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F4460429728776938767073520140C956E756FBB7A618001F51B5FD3F9D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6AC294AFEFA671E80089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-C1DE0DAB: 0D63561A33F958A5363BAAF4520F4B49FF7523A375A649195BBBF0E7E4B1D4C3F87CCE6106E1FC07E67D4AC08A07B9B01F9513A7CA91E5559C5DF10A05D560A950611B66E3DA6D700B0A020F03D25A0997E3FB2386030E77
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF77DD89D51EBB7742D3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF7CC690D2ED4D65053466C15F45E62BD0FE0C3B0623071DE06DA8FA88A4CC73AEA4BD9291AB2A8456CA37B4AB775F99CC3FEA44E29F6195CD2C9A371A11220DCDF4E8A8FB6BF8EBF5
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXi9WZaGdtT9jvRv2lv180Pj
X-DA7885C5: 562A008B8437A4C2CC40EF328F6F49F65A6DEFA76DC6F1F60D3E76DDBBB41A70262E2D401490A4A0DB037EFA58388B346E8BC1A9835FDE71
X-Mailru-Sender: 689FA8AB762F73933AF1F914F131DBF54EFF7D30E5CDF8F60B52A7DF6FEE69210FBE9A32752B8C9C2AA642CC12EC09F1FB559BB5D741EB962F61BD320559CF1EFD657A8799238ED55FEEDEB644C299C0ED14614B50AE0675
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit] LJ_GC64: Make ASMREF_L
 references 64 bit.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Reported by Yichun Zhang.

(cherry picked from commit 850f8c59d3d04a9847f21f32a6c36d8269b5b6b1)

The `ASMREF_L` reference is defined as `REF_NIL`, so it isn't considered
as 64 bit address. On GC64 mode it may lead to the following assembly:
| mov eax, edi
so, high 32 bits of the reference are lost.

This patch adds `IRT_NIL` to `IRT_IS64` mask, to consider `ASMREF_L`
64 bit long. Now the resulting assembly is the following:
| mov rax, rdi

False-positive `if` condition in <src/lj_asm.c> is OK, since `op12`
already initialized as 0.

False-positive `if` condition in <src/lj_opt_sink.c>, <src/lj_opt_split.c>,
<src/lj_record.c> is OK, since `REF_NIL` is the last reference before
`REF_BASE` and this iteration of a cycle is still the last one.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#8516
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/or-144-gc64-asmref-l
Related issues:
* https://github.com/openresty/lua-resty-core/issues/144
* https://github.com/tarantool/tarantool/issues/8516
PR: https://github.com/tarantool/tarantool/pull/8553
ML: https://www.freelists.org/post/luajit/Consistent-SEGV-on-x64-with-the-latest-LuaJIT-v21-GC64-mode

Don't restrict test case by GC64 mode, because want to test `IR_LREF`
for any mode. Keep GC64 in the test name, to be clear where expect the
SegFault.

 src/lj_asm.c                                  |  1 +
 src/lj_ir.h                                   |  4 ++-
 src/lj_opt_sink.c                             |  1 +
 .../or-144-gc64-asmref-l.test.lua             | 28 +++++++++++++++++++
 4 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 test/tarantool-tests/or-144-gc64-asmref-l.test.lua

diff --git a/src/lj_asm.c b/src/lj_asm.c
index a154547b..fd31cd04 100644
--- a/src/lj_asm.c
+++ b/src/lj_asm.c
@@ -2013,6 +2013,7 @@ static void asm_setup_regsp(ASMState *as)
     ir->prev = REGSP_INIT;
     if (irt_is64(ir->t) && ir->o != IR_KNULL) {
 #if LJ_GC64
+      /* The false-positive of irt_is64() for ASMREF_L (REF_NIL) is OK here. */
       ir->i = 0;  /* Will become non-zero only for RIP-relative addresses. */
 #else
       /* Make life easier for backends by putting address of constant in i. */
diff --git a/src/lj_ir.h b/src/lj_ir.h
index 4bad47ed..e8bca275 100644
--- a/src/lj_ir.h
+++ b/src/lj_ir.h
@@ -375,10 +375,12 @@ typedef struct IRType1 { uint8_t irt; } IRType1;
 #define irt_isint64(t)		(irt_typerange((t), IRT_I64, IRT_U64))
 
 #if LJ_GC64
+/* Include IRT_NIL, so IR(ASMREF_L) (aka REF_NIL) is considered 64 bit. */
 #define IRT_IS64 \
   ((1u<<IRT_NUM)|(1u<<IRT_I64)|(1u<<IRT_U64)|(1u<<IRT_P64)|\
    (1u<<IRT_LIGHTUD)|(1u<<IRT_STR)|(1u<<IRT_THREAD)|(1u<<IRT_PROTO)|\
-   (1u<<IRT_FUNC)|(1u<<IRT_CDATA)|(1u<<IRT_TAB)|(1u<<IRT_UDATA))
+   (1u<<IRT_FUNC)|(1u<<IRT_CDATA)|(1u<<IRT_TAB)|(1u<<IRT_UDATA)|\
+   (1u<<IRT_NIL))
 #elif LJ_64
 #define IRT_IS64 \
   ((1u<<IRT_NUM)|(1u<<IRT_I64)|(1u<<IRT_U64)|(1u<<IRT_P64)|(1u<<IRT_LIGHTUD))
diff --git a/src/lj_opt_sink.c b/src/lj_opt_sink.c
index 929ccb61..a16d112f 100644
--- a/src/lj_opt_sink.c
+++ b/src/lj_opt_sink.c
@@ -219,6 +219,7 @@ static void sink_sweep_ins(jit_State *J)
   for (ir = IR(J->cur.nk); ir < irbase; ir++) {
     irt_clearmark(ir->t);
     ir->prev = REGSP_INIT;
+    /* The false-positive of irt_is64() for ASMREF_L (REF_NIL) is OK here. */
     if (irt_is64(ir->t) && ir->o != IR_KNULL)
       ir++;
   }
diff --git a/test/tarantool-tests/or-144-gc64-asmref-l.test.lua b/test/tarantool-tests/or-144-gc64-asmref-l.test.lua
new file mode 100644
index 00000000..0c352c29
--- /dev/null
+++ b/test/tarantool-tests/or-144-gc64-asmref-l.test.lua
@@ -0,0 +1,28 @@
+local tap = require('tap')
+local test = tap.test('or-144-gc64-asmref-l'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+
+-- Test file to demonstrate LuaJIT `IR_LREF` assembling incorrect
+-- behaviour.
+-- See also:
+-- * https://github.com/openresty/lua-resty-core/issues/144.
+-- * https://www.freelists.org/post/luajit/Consistent-SEGV-on-x64-with-the-latest-LuaJIT-v21-GC64-mode.
+
+jit.opt.start('hotloop=1')
+
+local global_env
+local _
+for i = 1, 4 do
+  -- Test `IR_LREF` assembling: using `ASMREF_L` (`REF_NIL`).
+  global_env = getfenv(0)
+  -- Need to reuse the register, to cause emitting of `mov`
+  -- instruction (see `ra_left()` in <src/lj_asm.c>).
+  _ = tostring(i)
+end
+
+test:ok(global_env == getfenv(0), 'IR_LREF assembling correctness')
+
+os.exit(test:check() and 0 or 1)
-- 
2.34.1