From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: Maxim Kokryashkin <m.kokryashkin@tarantool.org>, Sergey Bronnikov <sergeyb@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: [Tarantool-patches] [PATCH luajit] Handle table unsinking in the presence of IRFL_TAB_NOMM. Date: Tue, 29 Aug 2023 15:36:41 +0300 [thread overview] Message-ID: <20230829123641.3303-1-skaplun@tarantool.org> (raw) From: Mike Pall <mike> Reported by Sergey Kaplun. (cherry-picked from commit 0ef51b495f9497aac77b41eb3d837c9c38b9424b) Table `NEWREF` storage for non-constant keys also emits `FREF` IR with `IRFL_TAB_NOMM` to invalidate the metamethod cache. When table creation and `NEWREF` are sinked, the corresponding `FSTORE` is sinked too and should be restored on trace exit. However, `snap_unsink()` doesn't expect anything except `IRFL_TAB_META` as the second operand of `FREF`, so the corresponding assertion fails. This patch adds a switch-case statement to handle the `IRFL_TAB_NOMM` case. Since `FREF` with `IRFL_TAB_NOMM` always follows some hash store, we can avoid a duplication of the cache invalidation, so this case just does nothing. Sergey Kaplun: * added the description and the test for the problem Part of tarantool/tarantool#8825 --- Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1052-unsink-with-irfl-tab-nomm Tarantool PR: https://github.com/tarantool/tarantool/pull/9055 Related issues: * https://github.com/LuaJIT/LuaJIT/issues/1052 * https://github.com/tarantool/tarantool/issues/8825 src/lj_snap.c | 18 +++++++--- ...lj-1052-unsink-with-irfl-tab-nomm.test.lua | 36 +++++++++++++++++++ 2 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 test/tarantool-tests/lj-1052-unsink-with-irfl-tab-nomm.test.lua diff --git a/src/lj_snap.c b/src/lj_snap.c index 2dc281cb..6c5e5e53 100644 --- a/src/lj_snap.c +++ b/src/lj_snap.c @@ -836,11 +836,19 @@ static void snap_unsink(jit_State *J, GCtrace *T, ExitState *ex, irs->o == IR_FSTORE, "sunk store with bad op %d", irs->o); if (irk->o == IR_FREF) { - lj_assertJ(irk->op2 == IRFL_TAB_META, - "sunk store with bad field %d", irk->op2); - snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp); - /* NOBARRIER: The table is new (marked white). */ - setgcref(t->metatable, obj2gco(tabV(&tmp))); + switch (irk->op2) { + case IRFL_TAB_META: + snap_restoreval(J, T, ex, snapno, rfilt, irs->op2, &tmp); + /* NOBARRIER: The table is new (marked white). */ + setgcref(t->metatable, obj2gco(tabV(&tmp))); + break; + case IRFL_TAB_NOMM: + /* Negative metamethod cache invalidated by lj_tab_set() below. */ + break; + default: + lj_assertJ(0, "sunk store with bad field %d", irk->op2); + break; + } } else { irk = &T->ir[irk->op2]; if (irk->o == IR_KSLOT) irk = &T->ir[irk->op1]; diff --git a/test/tarantool-tests/lj-1052-unsink-with-irfl-tab-nomm.test.lua b/test/tarantool-tests/lj-1052-unsink-with-irfl-tab-nomm.test.lua new file mode 100644 index 00000000..aaf5349f --- /dev/null +++ b/test/tarantool-tests/lj-1052-unsink-with-irfl-tab-nomm.test.lua @@ -0,0 +1,36 @@ +local tap = require('tap') + +-- Test file to demonstrate LuaJIT's incorrect restoration of a +-- table from a snapshot with the presence of `IRFL_TAB_NOMM`. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1052. + +local test = tap.test('lj-1052-unsink-with-irfl-tab-nomm'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) + +test:plan(2) + +local TEST_VALUE = 'test' + +jit.opt.start('hotloop=1') + +local counter = 0 +local slot = 'slot' +while true do + counter = counter + 1 + -- Use a non-constant slot to emit `FREF` with `IRFL_TAB_NOMM`. + -- After re-emitting the variant part of the loop, NEWREF will + -- contain a constant key (see below). + slot = {[slot] = TEST_VALUE} + -- Emit exit here to be sure that the table will be restored + -- from the snapshot. + if counter > 2 then break end + -- We need a constant reference for NEWREF. Just use the old + -- value. + slot = 'slot' +end + +test:is(slot.slot, TEST_VALUE, 'correct table content') +test:ok(debug.getmetatable(slot) == nil, 'no metatable on the restored table') + +test:done(true) -- 2.42.0
next reply other threads:[~2023-08-29 12:41 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-08-29 12:36 Sergey Kaplun via Tarantool-patches [this message] 2023-08-30 11:22 ` Maxim Kokryashkin via Tarantool-patches 2023-09-16 17:31 ` Sergey Bronnikov via Tarantool-patches 2023-09-18 7:56 ` Sergey Kaplun via Tarantool-patches 2023-09-18 8:41 ` Sergey Bronnikov via Tarantool-patches 2023-09-27 12:33 ` Igor Munkin via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230829123641.3303-1-skaplun@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=m.kokryashkin@tarantool.org \ --cc=sergeyb@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit] Handle table unsinking in the presence of IRFL_TAB_NOMM.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox