From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id C3BA776B500; Fri, 2 Feb 2024 18:08:11 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org C3BA776B500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1706886491; bh=Ur0d12tfzGzP3grO+dHsdR+DefYStlenL6yhv3dlMd8=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=QaOkH8JcLgZ4MVUIiAHebP+S2wHAQDVx1v9zcb8Ejw7CRKwsUA0OQOFLK0VkbKKz8 aWFuHknKwfPOMkb5De84hSUlcqEwFPwJ8YbN3XskGB4/I44tUBMi4tFEZyBxXT3Hjt 6dOyAm92RdbJwXSv2T1fAkd0CZNumIVMCrN/mQh8= Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 8814A76B500 for ; Fri, 2 Feb 2024 18:08:10 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8814A76B500 Received: by mail-lj1-f179.google.com with SMTP id 38308e7fff4ca-2d07b400bb8so19961461fa.2 for ; Fri, 02 Feb 2024 07:08:10 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706886488; x=1707491288; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2K7tRACQdFJAsmz/jzgzZYVdSy8VnoSAfoOaiq5vnmg=; b=ewgg2Z9l6CDgvGKQ8r8H9RsJBVpKOOPfe0abRXSzbMdA9n/OBQmkAUgnMzXSnyPz6q 7xAsFr5G2resvNk0RzV2PNjs4rXM2l0IRO7rY8YMk/7VasMJ9MduZ/7ubEb6CWq0VYQR KykCKARpYsYBetTTzvXv8TpZbX+JW4wjBUL8flqoFyFv1ks7Z1uG9eG8v4Lj8w5GXR+H SZ7JiGbaUx68e0re8cCtYY0Df0bRWGlhp/QRcpaKMrTjr5FNPcB2HRtPRIq0/7mwOdFo /2ezOx59EAUMq53acRPgNNu8nzuUX+oqXlJCz5Hsq3Vfj+2bpoS9LH5bJ8Iytk34amZj pGqg== X-Gm-Message-State: AOJu0YzO4LygRltjtF49y+WevqnTdAHRclYCq5A8irtTb1zQevecfyYr 9mnWcKP9j4wXMt9gSfL5ldjzDj/Y8sIn+7dQQXZ1F0/TF/XxyRdET65kQO5S X-Google-Smtp-Source: AGHT+IG/qaKtetgR3aPGtEr136t8EpCHP59A9IQOrwwVeciuadfcEdvRd+sEq0AVba19PtjfNBev2g== X-Received: by 2002:a05:651c:221a:b0:2d0:7ed0:3a59 with SMTP id y26-20020a05651c221a00b002d07ed03a59mr2777594ljq.40.1706886488093; Fri, 02 Feb 2024 07:08:08 -0800 (PST) X-Forwarded-Encrypted: i=0; AJvYcCVak9t2dS7OW+rrFVCrnNkUMaZT8EmFuTqk80MbfaPT9q6gpQb+QEsfi6E600f4mrj/vI8ygCYprOOdPSWVVSrvKpRvVcHbalx2nq7rTHKR79alhL4tp/tqVInTS+w9kXHk5b2SVWcnZ1RhVSzq15uS438vEBZE+Hju Received: from localhost.localdomain ([185.205.79.42]) by smtp.gmail.com with ESMTPSA id l16-20020a2e99d0000000b002d0907a5600sm39967ljj.95.2024.02.02.07.08.06 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Fri, 02 Feb 2024 07:08:07 -0800 (PST) To: tarantool-patches@dev.tarantool.org, sergeyb@tarantool.org, skaplun@tarantool.org, m.kokryashkin@tarantool.org Date: Fri, 2 Feb 2024 18:07:59 +0300 Message-Id: <20240202150801.80361-1-max.kokryashkin@gmail.com> X-Mailer: git-send-email 2.39.3 (Apple Git-145) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [Tarantool-patches] [PATCH luajit v2] Fix recording of __concat metamethod. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Maksim Kokryashkin via Tarantool-patches Reply-To: Maksim Kokryashkin Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Elias Oelschner. Analyzed by XmiliaH. (cherry-picked from commit 3ee3c9cfa988339f1bf3068530515e2a6fb179d2) During the recording of `__concat` methametod, the `rec_mm_arith` function overrides stack slots that are not restored for GC64 mode later after the call. This leads to a segmentation fault later on. This patch fixes the issue by accounting for those additional slots in the array used for restoring stack values. Maxim Kokryashkin: * added the description and the test for the problem Part of tarantool/tarantool#9145 --- Changes in v2: - Fixed comments as per review by Sergey Kaplun Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-839-concat-recording PR: https://github.com/tarantool/tarantool/pull/9597 Issues: https://github.com/tarantool/tarantool/issues/9145 https://github.com/luajit/luajit/issues/839 src/lj_record.c | 2 +- .../lj-839-concat-recording.test.lua | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-839-concat-recording.test.lua diff --git a/src/lj_record.c b/src/lj_record.c index a929b8aa..59549b03 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -1932,7 +1932,7 @@ static TRef rec_tnew(jit_State *J, uint32_t ah) static TRef rec_cat(jit_State *J, BCReg baseslot, BCReg topslot) { TRef *top = &J->base[topslot]; - TValue savetv[5]; + TValue savetv[5+LJ_FR2]; BCReg s; RecordIndex ix; lj_assertJ(baseslot < topslot, "bad CAT arg"); diff --git a/test/tarantool-tests/lj-839-concat-recording.test.lua b/test/tarantool-tests/lj-839-concat-recording.test.lua new file mode 100644 index 00000000..db82ffc0 --- /dev/null +++ b/test/tarantool-tests/lj-839-concat-recording.test.lua @@ -0,0 +1,27 @@ +local tap = require('tap') +local test = tap.test('lj-839-concat-recording'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) +test:plan(1) + +-- Test file to demonstrate LuaJIT overriding stack slots without +-- restoration during the recording of the concat metamethod. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/839. + +-- Setup value with the `__concat` metamethod. +local v1 = setmetatable({}, { + __concat = function(_, op2) return op2 end, +}); + +jit.opt.start('hotloop=1') +local result +for _ = 1, 4 do + -- `savetv` in `rec_cat` handles only up to 5 slots. + result = v1 .. '' .. '' .. '' .. '' .. 'canary' +end + +-- Failure results in a LuaJIT assertion failure. +-- The issue is GC64-specific, yet it is still being tested for +-- other builds. +test:is(result, 'canary', 'correct stack restoration') +test:done(true) -- 2.39.3 (Apple Git-145)