From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 75268C7DA92; Mon, 23 Sep 2024 14:29:10 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 75268C7DA92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1727090950; bh=lrxFL2R4sBy+ERGM5qIP2aFuNC0oFJfFqyzjInvGk9k=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=ydh8CA1hexdUgYJ4wQdfu2FJC6mj4g+KW+q6DgDjqDW2SRIIAg7fY3gr9D71IchPO sfX3bW776k2QFuZylq0CZCu8Zfn+ygOF5/vJXrMA7BsnVXm43LCRA7/0vPLBPIDhrT WwsAd4sRteI77FgB0eec3/tVdyVqHzrbGzR7uC+M= Received: from smtp51.i.mail.ru (smtp51.i.mail.ru [95.163.41.87]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 4967CCE2EBB for ; Mon, 23 Sep 2024 14:29:09 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 4967CCE2EBB Received: by smtp51.i.mail.ru with esmtpa (envelope-from ) id 1sshFb-00000005PzK-37Lj; Mon, 23 Sep 2024 14:29:08 +0300 To: Maxim Kokryashkin , Sergey Bronnikov Date: Mon, 23 Sep 2024 14:28:52 +0300 Message-ID: <20240923112852.26851-1-skaplun@tarantool.org> X-Mailer: git-send-email 2.46.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailru-Src: smtp X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9C17AEC4FF8861742AE995C6C072381B06D457FE45B9D606E182A05F5380850402467B46CA01192E0D27678DDAA8063141B86FDFFCEA9D32637D2ADB20679213C39C31E52C72DD4EE X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE721B3E54BB37EA0B4EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063740948CD406B2B5408638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8EDA0174220D9CC4791F03BDF9C42AD28754AD4B609F4E004CC7F00164DA146DAFE8445B8C89999728AA50765F7900637CAEE156C82D3D7D9389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8B861051D4BA689FCF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C08214CF94FAA95E0040F9FF01DFDA4A84AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C395EF7BE2468B8BFFBA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE79E9721B410A3B6ED731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A530481BFA59B5E3D75002B1117B3ED696C36E5398A40061F5108A05421C070DB8823CB91A9FED034534781492E4B8EEADA757276DBF662F3EC79554A2A72441328621D336A7BC284946AD531847A6065A17B107DEF921CE79BDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF77DD89D51EBB7742D3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF8ACBED63A89E3CC8F327D7F994943F0E0C781341AEDF4FAC171392D82DCA27B3500AA17B1AA25A4FFD4E6A0B424C2B481788F3583986A20CB73DC357B286BCF4952D58F018D428C7C226CC413062362A913E6812662D5F2A5EAB5682573093F7837F15F2B5E4A70B33F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojcsBYxvRMKezQP85ByYGQSA== X-Mailru-Sender: 520A125C2F17F0B1A9638AD358559B59AADB4568F12650F0D27678DDAA8063141B86FDFFCEA9D326B7CBEF92542CD7C88B0A2698F12F5C9EC77752E0C033A69E86920BD37369036789A8C6A0E60D2BB63A5DB60FBEB33A8A0DA7A0AF5A3A8387 X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Add missing coercion when recording select(string, ...) X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Thanks to Peter Cawley. (cherry picked from commit 92b89d005ab721a61bce6d471b052bcb236b81d7) Before the patch, the recording of `select()` with a string argument leads to the following IR: | rcx > int CONV "1" int.num index Where the operand has string type instead of number type. This leads to the corresponding mcode: | cvttsd2si ecx, xmm1 Where xmm1 has an undefined value. Thus leads to the undefined behaviour for the recording trace. This patch adds the missing coercion. Sergey Kaplun: * added the description and the test for the problem Part of tarantool/tarantool#10199 --- Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1083-missing-tostring-coercion-in-select Related issues: * https://github.com/tarantool/tarantool/issues/10199 * https://github.com/LuaJIT/LuaJIT/issues/1083 src/lj_record.c | 5 ++- ...ssing-tostring-coercion-in-select.test.lua | 39 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 test/tarantool-tests/lj-1083-missing-tostring-coercion-in-select.test.lua diff --git a/src/lj_record.c b/src/lj_record.c index 96fe26d8..311d9fe7 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -1871,8 +1871,11 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults) TRef tr = TREF_NIL; ptrdiff_t idx = lj_ffrecord_select_mode(J, tridx, &J->L->base[dst-1]); if (idx < 0) goto nyivarg; - if (idx != 0 && !tref_isinteger(tridx)) + if (idx != 0 && !tref_isinteger(tridx)) { + if (tref_isstr(tridx)) + tridx = emitir(IRTG(IR_STRTO, IRT_NUM), tridx, 0); tridx = emitir(IRTGI(IR_CONV), tridx, IRCONV_INT_NUM|IRCONV_INDEX); + } if (idx != 0 && tref_isk(tridx)) { emitir(IRTGI(idx <= nvararg ? IR_GE : IR_LT), fr, lj_ir_kint(J, frofs+8*(int32_t)idx)); diff --git a/test/tarantool-tests/lj-1083-missing-tostring-coercion-in-select.test.lua b/test/tarantool-tests/lj-1083-missing-tostring-coercion-in-select.test.lua new file mode 100644 index 00000000..8089247f --- /dev/null +++ b/test/tarantool-tests/lj-1083-missing-tostring-coercion-in-select.test.lua @@ -0,0 +1,39 @@ +local tap = require('tap') + +-- Test file to demonstrate LuaJIT incorrect recording of +-- `select()` fast function. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1083. + +local test = tap.test('lj-1083-missing-tostring-coercion-in-select'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) + +test:plan(1) + +-- Simplify the `jit.dump()` output. +local select = select + +local function test_select(...) + local result + for _ = 1, 4 do + -- Before the patch, with the missed coercion to string, the + -- recording of `select()` below leads to the following IR: + -- | rcx > int CONV "1" int.num index + -- Where the operand has string type instead of number type. + -- This leads to the corresponding mcode: + -- | cvttsd2si ecx, xmm1 + -- Where xmm1 has an undefined value. Thus leads to the + -- incorrect result for the call below. + result = select('1', ...) + end + return result +end + +jit.opt.start('hotloop=1') + +-- XXX: amount of arguments is empirical, see the comment above. +local result = test_select(1, 2, 3, 4) + +test:is(result, 1, 'corect select result after recording') + +test:done(true) -- 2.46.0