From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 5865514C05C4; Tue, 19 Aug 2025 20:10:39 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 5865514C05C4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1755623439; bh=/7y4yqeG6Zd7oK+faWNKGRyAZcQ28DuBjiDhegTwKa0=; h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=xswYmj3Nt6osy+2VVU5XrCCVyDWF84bMrd1GNUoEUJKP8tbWthXMnf1H9nCdYra8R MUdtQiR4sstaDPXMm7wX/uraKOdBK1WxqlCSKUIvNjU1P8SwxPcH4OwsSBMN9L81Ny CeghDVuaSOzolt+zi6iJRDowoYOOMbnk+Vu122yQ= Received: from send276.i.mail.ru (send276.i.mail.ru [95.163.59.115]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 4D1FB3AC323 for ; Tue, 19 Aug 2025 20:10:37 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 4D1FB3AC323 Received: by exim-smtp-7bdf5d4766-dz72j with esmtpa (envelope-from ) id 1uoPr2-000000004U5-0hx3; Tue, 19 Aug 2025 20:10:36 +0300 To: Sergey Bronnikov Date: Tue, 19 Aug 2025 20:11:15 +0300 Message-ID: <20250819171115.22785-1-skaplun@tarantool.org> X-Mailer: git-send-email 2.50.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailru-Src: smtp X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD98963C40F031035C89B5ABD42E7E276276ADA70E2431A7174182A05F53808504057F468BBFE4CAB893DE06ABAFEAF67054624A4195974CB748B998FEC617FD9C2CE4EC1BF0D3C05BC X-7FA49CB5: 4BFC5D8501E51E47CA8F6BE7C18995EBF17A87A288458776F7331C081C4547FDA6333920E0F9D84FF01C4FAB541DE28FCE208E8FC270FF883B56EE1CD41719AD6EEED3D1F8F94EF624AD3460B7163A6507627EB66F572D0C63D3EDE7CE9F49F504D6AF0AB02B6E8A0F5A30F1B7D8EFBBA75643D1FBC67ED41C66568B45BFF5C439F6D21FD82A5A6814A8176813119CCC6BCF00562456A40908BD49AA745F4EB9DBC2BA53794197D9386B6D831821CFCFEDA412B152283F287BD448575E1279A514A8176813119CCC953E0C1C45D6C233E51A9F83D59C908A1A495265874E50822C0CE862CFDDF4E111CEB150E6113A5DB94301A5F42BD15882F519A0EFA9D3BDFD1713539A3C69E83BDB488C0B47A6F318BB8896F27FB42885BD5A8B2055D3F3F17A87A28845877640A70418A476E4FA0E36F106248C3CC5EEA1A822253BD6E0 X-C1DE0DAB: B30BEEBCB9DAB3F057402A631C36B21B478DEAD3877DCF169C20F63B891624B1C53A2A1341492380BCC2DF43DD22AB26DB841BC0FD54B8267C5BD8E8E395436B9D9310C8D2DD63BA83EE7D3C209FB3C6469A8DD513221A7AD9AF6628FCBCD811 X-C8649E89: 1C3962B70DF3F0ADBF74143AD284FC7177DD89D51EBB7742DC8270968E61249B1004E42C50DC4CA955A7F0CF078B5EC49A30900B95165D34AF61ACC197BF517AE09540C3E652C15B155402A507BBF27DA9CC07B423A6EAA29CD1FBE20C3CE4571D7E09C32AA3244C32F8CE22C40F87FB77DD89D51EBB7742E4AC04C566B4C362EA455F16B58544A2557BDE0DD54B3590A5AE236DF995FB59829709634694AABAED6A17656DB59BCAD427812AF56FC65B X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu53w8ahmwBjZKM/YPHZyZHvz5uv+WouB9+ObcCpyrx6l7KImUglyhkEat/+ysWwi0gdhEs0JGjl6ggRWTy1haxBpVdbIX1nthFXMZebaIdHP2ghjoIc/363UZI6Kf1ptIMVUcWHxAuDCnGkXVBUhl4eFM= X-DA7885C5: 83E4A5B687C05302F255D290C0D534F97F0360A8E893056A9C6BFDCF386EAD1A67D0ADA08597267F5B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E X-Mailru-Sender: 689FA8AB762F7393FE9E42A757851DB6B2DD91E18F44735CC29212D9494716E3426B6AA8CE4E2A7DE49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit] Avoid out-of-range PC for stack overflow error from snapshot restore. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Reported by Sergey Kaplun. (cherry picked from commit e3fa3c48d8a4aadcf86429e9f7f6f1171914b15a) In case when the saved PC in the snapshot is the first (0th index) PC in the prototype like JFUNC*, the subtraction to determine the previous PC in the `debug_framepc()` overflows and contains `NO_BCPOS` value. After that, the pos is greater than sizebc. Hence, the code below may interpret the bits in `pt->varinfo` like `bc_isret()` and assign an invalid value to `pos` to be returned. Further, it may lead to the assertion failure in the lj_debug_frameline(). This patch fixes it by pretending that this means the first non-header bytecode in the prototype. Also, this patch removes the skipcond introduced in the commit a74e5be07d54b4e98b85493de73317db520b3f71 ("test: conditionally disable flaky lj-1196"). The new test isn't added since the assertion failure depends on the specific memory address of the `varinfo`, so it is too hard to create a stable reproducer. Sergey Kaplun: * added the description for the problem Part of tarantool/tarantool#11691 --- Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1369-stackov-invalid-bc Related issues: * https://github.com/tarantool/tarantool/issues/11691 * https://github.com/LuaJIT/LuaJIT/issues/1369 * https://github.com/LuaJIT/LuaJIT/issues/1359 * https://github.com/LuaJIT/LuaJIT/issues/1196 src/lj_debug.c | 1 + .../lj-1196-partial-snap-restore.test.lua | 10 +--------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/lj_debug.c b/src/lj_debug.c index 76e48aca..bc057cf6 100644 --- a/src/lj_debug.c +++ b/src/lj_debug.c @@ -101,6 +101,7 @@ static BCPos debug_framepc(lua_State *L, GCfunc *fn, cTValue *nextframe) pt = funcproto(fn); pos = proto_bcpos(pt, ins) - 1; #if LJ_HASJIT + if (pos == NO_BCPOS) return 1; /* Pretend it's the first bytecode. */ if (pos > pt->sizebc) { /* Undo the effects of lj_trace_exit for JLOOP. */ if (bc_isret(bc_op(ins[-1]))) { GCtrace *T = (GCtrace *)((char *)(ins-1) - offsetof(GCtrace, startins)); diff --git a/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua b/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua index 5199ca00..a74f97bd 100644 --- a/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua +++ b/test/tarantool-tests/lj-1196-partial-snap-restore.test.lua @@ -4,15 +4,7 @@ local tap = require('tap') -- in case of the stack overflow. -- See also: https://github.com/LuaJIT/LuaJIT/issues/1196. -local test = tap.test('lj-1196-partial-snap-restore'):skipcond({ - -- Disable test for Tarantool to avoid failures, see also: - -- https://github.com/LuaJIT/LuaJIT/issues/1369. - ['Disabled for Tarantool due to lj-1369'] = _TARANTOOL, - -- Also, it may fail on some non-arm64 runners stable after - -- adding the skip condition above. - ['Disabled for x86/x64 due to lj-1369'] = jit.arch ~= 'arm64', -}) - +local test = tap.test('lj-1196-partial-snap-restore') test:plan(1) -- XXX: The reproducer below uses several stack slot offsets to -- 2.50.1