From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 39D2F9663EF; Mon, 15 Jan 2024 17:29:20 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 39D2F9663EF DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1705328960; bh=9CeffP/FDF+uUBj6zoBTslLxfPpzIxYePDm9kIo5jxI=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=XVgNGNOgRXgAHa+06xsW7Vv+VGzEsxh41y8ziGNRTBMrKjLnmynbjfjhvE1tNwF7j /O9tc5nr5/KzIF+VKhXdqWh4d223MZIS+2YIPJH+4KtvcizdBpgLCLX/EgzRj5t2Wj zu0TXxuypI0tqdsJRapN8NWaqT3ZwAgUN6nBMswc= Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id BA8DA9663CC for ; Mon, 15 Jan 2024 17:29:18 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org BA8DA9663CC Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-50e7c6f0487so9974518e87.3 for ; Mon, 15 Jan 2024 06:29:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705328958; x=1705933758; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=fs9tQP0XZFRrppwtsQhPr66fsEPieoZX8fKmuMg+DIA=; b=BEqv7AMLV/8JTLRoTVKpJji58ABJonEN7dhXo+WzmzLPY5AkulWIN7UwzNPjO7jqSu 1SOhxS3GivW0t0xEmdsE8WELUxukY6ZMkDyWtkj+OeGEJw1UW9EU3/ogxPlTAeFNsWtn JBbcldE/hZkYyuotOrx0Tw2Dk1r1ICFDDrnsxtKjpdr6EAs5hKYUmiY4xKr69k1w/8rG mqcR1V/GBU7W6c/wYJmTEOiUsbBnhYOB581meINO5nfXTGwz3t1ujud/Ti4LtIWvykRI E3wzcUULPyzROm/mZFU+o6ITcWXz/hZaBmFkQU1zhqXUYTpL5jCA6ktx+sdJKy0ydKEn jlyQ== X-Gm-Message-State: AOJu0YzEpgqYadeM+ukR+TB5XIYupZtoWbk8UC+vyAshwtyi0jO/AwPq CeWgLChd3F2c/BIDCx2b18F7jG9eIuSuIg== X-Google-Smtp-Source: AGHT+IENoIaJSarTimB6YGgN5VYML078GcyQpmnrjXVW16bBVdCMGZUQD1uY2yswNFcP8zBKX6PVUA== X-Received: by 2002:a19:f708:0:b0:50e:bb1a:ebaf with SMTP id z8-20020a19f708000000b0050ebb1aebafmr1463822lfe.165.1705328957472; Mon, 15 Jan 2024 06:29:17 -0800 (PST) Received: from fckxorg.mail.msk ([2a00:1148:b0ba:16:a3e8:bdc1:dbed:dbc8]) by smtp.gmail.com with ESMTPSA id fb3-20020a056512124300b0050e80d1e142sm1479704lfb.170.2024.01.15.06.29.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 Jan 2024 06:29:17 -0800 (PST) X-Google-Original-From: Maxim Kokryashkin To: tarantool-patches@dev.tarantool.org, skaplun@tarantool.org, sergeyb@tarantool.org Date: Mon, 15 Jan 2024 17:29:11 +0300 Message-ID: <20240115142914.22527-1-m.kokryashkin@tarantool.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH luajit] Fix recording of __concat metamethod. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Maxim Kokryashkin via Tarantool-patches Reply-To: Maxim Kokryashkin Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Elias Oelschner. Analyzed by XmiliaH. (cherry-picked from commit 3ee3c9cfa988339f1bf3068530515e2a6fb179d2) During the recording of `__concat` methametod, the `rec_mm_arith` function overrides stack slots that are not restored for GC64 mode later after the call. This leads to a segmentation fault later on. This patch fixes the issue by accounting for those additional slots in the array that is used to restore stack values. Maxim Kokryashkin: * added the description and the test for the problem Part of tarantool/tarantool#9145 --- Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-839-concat-recording PR: https://github.com/tarantool/tarantool/pull/9597 Issues: https://github.com/tarantool/tarantool/issues/9145 https://github.com/luajit/luajit/issues/839 src/lj_record.c | 2 +- .../lj-839-concat-recording.test.lua | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-839-concat-recording.test.lua diff --git a/src/lj_record.c b/src/lj_record.c index a929b8aa..59549b03 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -1932,7 +1932,7 @@ static TRef rec_tnew(jit_State *J, uint32_t ah) static TRef rec_cat(jit_State *J, BCReg baseslot, BCReg topslot) { TRef *top = &J->base[topslot]; - TValue savetv[5]; + TValue savetv[5+LJ_FR2]; BCReg s; RecordIndex ix; lj_assertJ(baseslot < topslot, "bad CAT arg"); diff --git a/test/tarantool-tests/lj-839-concat-recording.test.lua b/test/tarantool-tests/lj-839-concat-recording.test.lua new file mode 100644 index 00000000..9ec0ed96 --- /dev/null +++ b/test/tarantool-tests/lj-839-concat-recording.test.lua @@ -0,0 +1,27 @@ +local tap = require('tap') +local test = tap.test('lj-839-concat-recording'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) +test:plan(1) + +-- Test file to demonstrate LuaJIT overriding stack slots without +-- restoration during the recording of the concat metamethod. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/839. + +-- Setup value with the `__concat` metamethod. +local v1 = setmetatable({}, { + __concat = function() return "" end, +}); + +jit.opt.start('hotloop=1') +local result +for _ = 1, 4 do + result = v1 .. "" .. v1 .. "" +end + +-- There should be an empty string in case of success. +-- Failure results in a segmentation fault. +-- The issue is GC64-specific, yet it is still being tested for +-- other builds. +test:is(result, '', 'correct stack restoration') +test:done(true) -- 2.43.0