From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 20DB0F0CE0E;
	Fri,  7 Feb 2025 16:05:50 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 20DB0F0CE0E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1738933550; bh=LrwbKzHGdhMU6LPlqH2WjlRF41OhCeLbybDq9ahOyIc=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=Mkhh+rd6DljtIvqGY5N0HgO8EsZniK2NCSXorHNL8WXc4GH93LBSRlp5MqXCtNjx4
	 UAWg1c+q19KtwP94dhSPCLXaygABvWjSHhdVlaDNA4T7Nxvbi9gOdZ4NLVsgZMGm+G
	 TWJO2vuVrKB600ptocEbOeV8agS9aOjDEp33jt70=
Received: from send277.i.mail.ru (send277.i.mail.ru [95.163.59.116])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 2846E534024
 for <tarantool-patches@dev.tarantool.org>;
 Fri,  7 Feb 2025 16:05:49 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2846E534024
Received: by exim-smtp-5c664d6544-mwgcm with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1tgO3G-00000000BAP-36cY; Fri, 07 Feb 2025 16:05:48 +0300
To: Sergey Bronnikov <sergeyb@tarantool.org>
Date: Fri,  7 Feb 2025 16:05:00 +0300
Message-ID: <20250207130500.10406-1-skaplun@tarantool.org>
X-Mailer: git-send-email 2.47.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD980EDB4062763125E708A0FD3437FE3C07A4B5435978F5BBD00894C459B0CD1B931422282DE3F710733594132A326AF8B7AE9741EB81D96E18886BDAA36F8865DCE06B70447BA4CE8
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE74B51810D54EC17F0C2099A533E45F2D0395957E7521B51C2CFCAF695D4D8E9FCEA1F7E6F0F101C6778DA827A17800CE77A6D8F9467FE415BEA1F7E6F0F101C6723150C8DA25C47586E58E00D9D99D84E1BDDB23E98D2D38BC08E230531AC9C90222A6A6EA1814D1B01713374691AF20B0EC0296195CBF4FBA471835C12D1D9774AD6D5ED66289B5278DA827A17800CE7ABB305BD10C6E5099FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C3E97D2AE7161E217F117882F4460429728AD0CFFFB425014E868A13BD56FB6657E2021AF6380DFAD1A18204E546F3947CB11811A4A51E3B096D1867E19FE1407959CC434672EE6371089D37D7C0E48F6C8AA50765F7900637A7EFCB0EB5ACB161EFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A
X-C1DE0DAB: 0D63561A33F958A54C4104A88D9AFE245002B1117B3ED6960345AD676253FB05CCE9A60C8CB01D7C823CB91A9FED034534781492E4B8EEAD01FFEFEB280F0BCCC79554A2A72441328621D336A7BC284946AD531847A6065A535571D14F44ED41
X-C8649E89: 1C3962B70DF3F0ADBF74143AD284FC7177DD89D51EBB7742DC8270968E61249B1004E42C50DC4CA955A7F0CF078B5EC49A30900B95165D34A9A0A0BF1A2CAC62D549040FD2C13BD8A811D858F6C58E8F515552CBEC65502EE1CF4ABC683FCB901D7E09C32AA3244CF08A1041325F91F277DD89D51EBB77427687E3190ED24091EA455F16B58544A2557BDE0DD54B3590A5AE236DF995FB59829709634694AABAED6A17656DB59BCAD427812AF56FC65B
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXhNb6PvII8d5kBwgpu+O4AV
X-DA7885C5: 74DC7D697C51FF72F255D290C0D534F9CBCD471EFB1E54EDF2F967E74B217F28975ED3B7DAB8D02F5B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E
X-Mailru-Sender: 689FA8AB762F739381B31377CF4CA219BAC325AB5CCBEF2C9F2C181D6AFAC98194015500A2AA3047E49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Reported by Bachir Bendrissou.

(cherry picked from commit 62e362afbb1d100c892d2782c5862ad18bc464f2)

When the trace is started after the stitching, it may not have some
slots from the first one. That slot may be the first slot given to the
`select()` function (if it is determined by the call that caused the
stitch). Before the patch, there is no loading of this slot in the
`rec_varg()` for the trace, and the 0 value from slots is taken instead.
Hence, the following recording of `BC_VARG` is incorrect.

This patch fixes this by using the `getslot()` instead of taking the
value directly.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#11055
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/fix-recording-bc-varg-used-in-select
Related issues: https://github.com/tarantool/tarantool/issues/11055
THread in ML: https://www.freelists.org/post/luajit/Possible-issue-during-register-allocation-ra-alloc1

 src/lj_record.c                               |  2 +-
 ...-recording-bc-varg-used-in-select.test.lua | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua

diff --git a/src/lj_record.c b/src/lj_record.c
index 7181b72a..5345fa63 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1869,7 +1869,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
 	J->maxslot = dst + (BCReg)nresults;
       }
     } else if (select_detect(J)) {  /* y = select(x, ...) */
-      TRef tridx = J->base[dst-1];
+      TRef tridx = getslot(J, dst-1);
       TRef tr = TREF_NIL;
       ptrdiff_t idx = lj_ffrecord_select_mode(J, tridx, &J->L->base[dst-1]);
       if (idx < 0) goto nyivarg;
diff --git a/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
new file mode 100644
index 00000000..20b43e07
--- /dev/null
+++ b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
@@ -0,0 +1,36 @@
+local tap = require('tap')
+
+-- Test file to demonstrate incorrect recording of `BC_VARG` that
+-- is given to the `select()` function. See also:
+-- https://www.freelists.org/post/luajit/Possible-issue-during-register-allocation-ra-alloc1.
+
+local test = tap.test('fix-recording-bc-varg-used-in-select'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+
+-- XXX: Simplify `jit.dump` output.
+local modf = math.modf
+
+local EXPECTED = 'canary'
+local function test_func(...)
+  local first_varg_item
+  for _ = 1, 4 do
+    -- `modf()` is used to create a stitching with a meaningful
+    -- index value, that equals 1, i.e. refers to the first item
+    -- in `...`. The second trace started after stitching does not
+    -- contain the stack slot for the first argument of the
+    -- `select()`. Before the patch, there is no loading of
+    -- this slot for the trace and the 0 value is taken instead.
+    -- Hence, this leads to an incorrect recording of the
+    -- `BC_VARG` with detected `select()`.
+    first_varg_item = select(modf(1, 0), ...)
+  end
+  return first_varg_item
+end
+
+jit.opt.start('hotloop=1')
+test:is(test_func(EXPECTED), EXPECTED, 'corect BC_VARG recording')
+
+test:done(true)
-- 
2.47.1