From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 6318F6E03F0; Tue, 14 Nov 2023 18:09:32 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 6318F6E03F0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1699974572; bh=ep6w1mWz5UQsMRUeyb1TPjyzOgyp+iOi4n6Bl8Dl6/g=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=rqpsPr9/lZ45gfWg5BPN6qifjEvQX7Wwme/kMkuiqJnCoQJS4DcbF/RFlM6D80L6T AzeuT6odS52NzqRbnjlmxgvRcQriBAztBKJPddU2MPwI31+3u6q+/PYXceHswxOGIR 8+xS5F41IGt6Jcqh7mlhEV0SZn63MjriPlGz/TWY= Received: from smtp39.i.mail.ru (smtp39.i.mail.ru [95.163.41.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id B3A77651F79 for ; Tue, 14 Nov 2023 18:09:30 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org B3A77651F79 Received: by smtp39.i.mail.ru with esmtpa (envelope-from ) id 1r2v2f-007Re9-20; Tue, 14 Nov 2023 18:09:30 +0300 To: Maxim Kokryashkin , Sergey Bronnikov Date: Tue, 14 Nov 2023 18:04:55 +0300 Message-ID: <20231114150455.2850-1-skaplun@tarantool.org> X-Mailer: git-send-email 2.42.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailru-Src: smtp X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9C2A6B03AB739174CD64B8720E117E6614F9A9877D30E00F700894C459B0CD1B95792A2B112A4A443ABA2B49613876C317FFE8C5D5059123FCF2D425F2FC6F947 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE743AE26858062A689EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637325F50A45595CD878638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8DD3940160833FF43C469AFF6AF7557FD117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC6FC43C45D3E35E8FA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352026055571C92BF10F2CC0D3CB04F14752D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE26055571C92BF10FC43C4D2AE8146675D8FC6C240DEA76429C9F4D5AE37F343AA9539A8B242431040A6AB1C7CE11FEE32D01283D1ACF37BA040F9FF01DFDA4A8C4224003CC836476E2F48590F00D11D6E2021AF6380DFAD1A18204E546F3947CA9FF340AA05FB58C2E808ACE2090B5E1725E5C173C3A84C3C5EA940A35A165FF2DBA43225CD8A89F890A246B268E114E5E1C53F199C2BB95B5C8C57E37DE458BEDA766A37F9254B7 X-C1DE0DAB: 0D63561A33F958A5D06639583703768CB0EA5DEB4D83A0950CC2C651AF63A0A5F87CCE6106E1FC07E67D4AC08A07B9B0457EE4B4996FC5469C5DF10A05D560A950611B66E3DA6D700B0A020F03D25A092FFDA4F57982C5F4CB5012B2E24CD356 X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF77DD89D51EBB7742D3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CFB730F44E05DD4C42073C6D20340E1C234BCCB3F551D5787F69A7BCF306A9C3456E47D229C2E76ED472E3BA2733712135E359B887F2361FB6F69085EDB01A06D7A74DFFEFA5DC0E7F02C26D483E81D6BE5EF9655DD6DEA7D65774BB76CC95456EEC5B5AD62611EEC62B5AFB4261A09AF0 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojNAMxVcV6vdVZw1jaBfFt0g== X-Mailru-Sender: 11C2EC085EDE56FAC07928AF2646A76962AA13F16F949D63213633A59F96B4999FD6E2B231121C05DEDBA653FF35249392D99EB8CC7091A70E183A470755BFD208F19895AA18418972D6B4FCE48DF648AE208404248635DF X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Fix FOLD rule for BUFHDR append. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by XmiliaH. (cherry-picked from commit bc1bdbf620f58f0978385828bc51272903601e17) `bufput_append()` may fold `BUFHDR RESET` + `BUFPUT` IRs to `BUFHDR APPEND` even if the right operand (`BUFSTR`) is the PHI. If it's not the last IR in the `BUFSTR` chain, this may lead to an incorrect resulting value in the buffer, which contains a longer string since `APPEND` is used instead of `RESET`. This patch adds the corresponding check inside the fold rule. Sergey Kaplun: * added the description and the test for the problem Part of tarantool/tarantool#9145 --- Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-791-fold-bufhdr-append Tarantool PR: https://github.com/tarantool/tarantool/pull/9369 Relate issues: * https://github.com/LuaJIT/LuaJIT/issues/791 * https://github.com/tarantool/tarantool/issues/9145 src/lj_opt_fold.c | 3 +- .../lj-791-fold-bufhdr-append.test.lua | 54 +++++++++++++++++++ 2 files changed, 56 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-791-fold-bufhdr-append.test.lua diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c index 944a9ecc..910cbc14 100644 --- a/src/lj_opt_fold.c +++ b/src/lj_opt_fold.c @@ -584,7 +584,8 @@ LJFOLDF(bufput_append) if ((J->flags & JIT_F_OPT_FWD) && !(fleft->op2 & IRBUFHDR_APPEND) && fleft->prev == fright->op2 && - fleft->op1 == IR(fright->op2)->op1) { + fleft->op1 == IR(fright->op2)->op1 && + !(irt_isphi(fright->t) && IR(fright->op2)->prev)) { IRRef ref = fins->op1; IR(ref)->op2 = (fleft->op2 | IRBUFHDR_APPEND); /* Modify BUFHDR. */ IR(ref)->op1 = fright->op1; diff --git a/test/tarantool-tests/lj-791-fold-bufhdr-append.test.lua b/test/tarantool-tests/lj-791-fold-bufhdr-append.test.lua new file mode 100644 index 00000000..b2422159 --- /dev/null +++ b/test/tarantool-tests/lj-791-fold-bufhdr-append.test.lua @@ -0,0 +1,54 @@ +local tap = require('tap') + +-- Test file to demonstrate the incorrect LuaJIT's optimization +-- `bufput_append()` for BUFPUT IR. +-- See also https://github.com/LuaJIT/LuaJIT/issues/791. + +local test = tap.test('lj-791-fold-bufhdr-append'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) + +test:plan(1) + +local EMPTY_STR = '' +local prefix = 'Lu' +local result + +jit.opt.start('hotloop=1') + +-- The interesting part of IRs is the following (non-GC64 mode): +-- 0006 str BUFSTR 0005 0003 +-- 0007 > str SLOAD #2 T +-- 0008 p32 BUFHDR [0x400004a0] RESET +-- 0009 p32 BUFPUT 0008 "Lu" +-- 0010 p32 BUFPUT 0009 0007 +-- 0011 + str BUFSTR 0010 0008 +-- 0012 + int ADD 0001 +1 +-- 0013 > int LE 0012 +5 +-- 0014 > --- LOOP ------------ +-- 0015 p32 BUFHDR [0x400004a0] RESET + +-- The instruction to be folded is the following: +-- 0016 p32 BUFPUT 0015 0011 +-- +-- The 0011 operand is PHI, which is not the last IR in the BUFSTR +-- chain (`ir->prev = REF_BIAS + 0006`). Folding this IR leads to +-- this resulting IR: +-- p32 BUFHDR 0010 APPEND +-- Which appends to buffer instead of reseting, so the resulting +-- string contains one more symbol. + +-- XXX: Use 5 iterations to run variant part of the loop. +for _ = 1, 5 do + result = prefix .. 'a' + -- We need a non-constant string to be appended to prevent more + -- aggressive optimizations. Use an empty string for + -- convenience. Also, use a constant string in the first operand + -- in the concatenation operator for more readable `jit.dump` + -- output. + prefix = 'Lu' .. EMPTY_STR +end + +test:is(result, 'Lua', 'skipped BUFPUT APPEND optimization for PHIs') + +test:done(true) -- 2.42.0