From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 94BFC6ECCC;
	Sun, 31 Jul 2022 14:01:32 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 94BFC6ECCC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1659265292; bh=b2m9+FpDhrvso/cNCCBaIoTaEfu8BRVqvBXDkh9GyfE=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=Fo8ITl3Tq57NfiutAkEYrAgZ1xjXSpmL+8WvuJzZ6fqOlFhAy80FJF54UCLcnAKRr
	 FR7XJm2iGSqd/71EDxwk20gFte2JAShd0R+zvL4GAwkk58K+MrFO4kpNzTtIX6dlci
	 AcBM2pG7vEMdFx6TO6m5VeZJQ5nyO1ap2WLu0BWI=
Received: from smtp42.i.mail.ru (smtp42.i.mail.ru [94.100.177.102])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 48A536ECCC
 for <tarantool-patches@dev.tarantool.org>;
 Sun, 31 Jul 2022 14:01:01 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 48A536ECCC
Received: by smtp42.i.mail.ru with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1oI6gu-0008UN-IL; Sun, 31 Jul 2022 14:01:00 +0300
To: Sergey Ostanevich <sergos@tarantool.org>, Igor Munkin <imun@tarantool.org>
Date: Sun, 31 Jul 2022 13:58:30 +0300
Message-Id: <2409b71740006f7ea89e8f360ea77f68de7be1d5.1659264154.git.skaplun@tarantool.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1659264154.git.skaplun@tarantool.org>
References: <cover.1659264154.git.skaplun@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD9626C4810127D410704E254B5F4661BBDBB661CBD648A7578182A05F538085040E1D2C96F789DB284A60245C3D696DA57C1DDBA99DB97BC92C1FDF0ED790E1AB6
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE701173C01F417A2A6EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637D84D274D72FCF47F8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D89B2B9928D8A603935C7B71F2BD2A085D117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC446481F63F96602EA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735209ECD01F8117BC8BEA471835C12D1D977C4224003CC836476EB9C4185024447017B076A6E789B0E975F5C1EE8F4F765FC03B2A7A012825AB43AA81AA40904B5D9CF19DD082D7633A078D18283394535A93AA81AA40904B5D98AA50765F79006370C64787D39A0DDBBD81D268191BDAD3D698AB9A7B718F8C4D1B931868CE1C5781A620F70A64A45A98AA50765F79006372E808ACE2090B5E1725E5C173C3A84C3C5EA940A35A165FF2DBA43225CD8A89FBFBFE0634520CEB9156CCFE7AF13BCA4B5C8C57E37DE458BEDA766A37F9254B7
X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C41E93BD56E7067354307CAA32FF218580205367B2BCC23E5B0D53CE0FDF8446B28329FE0B6AC8C886CFC4036BBF6A4EA9BF8C51168CD8EBDB4F326BE173F0FED1BCD5413C93A139628A5251AA20633D26296C473AB1E14218A1C3358294ED9A477866D6147AF826D89B2B9928D8A603935C7B71F2BD2A085DF972CCD2F8FE1EF1CFC4036BBF6A4EA9B11811A4A51E3B0915E2725BA614EAEA1EF972C1F679AE1C
X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D349EC559D073CA5B68F971EA686EDC27F5172E9B03A76C28B4BFADF0DF0E0410D0D503AEB3B3060E981D7E09C32AA3244CEADD1F76A9FC46F4FFA110CEF34BC16C24AF4FAF06DA24FD927AC6DF5659F194
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojW6ri1/dK1UbXJghJCHDyqw==
X-Mailru-Sender: 07FBBCF39629D1142254247A6196FF9B6B7EF5ED0226B26BA60245C3D696DA57825871508D9F3970DEDBA653FF35249392D99EB8CC7091A70E183A470755BFD208F19895AA18418972D6B4FCE48DF648AE208404248635DF
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit 1/2] Fix handling of errors
 during snapshot restore.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

(cherry picked from commit 12ab596997b9cb27846a5b254d11230c3f9c50c8)

When an error is raised during snapshot restore, `err_unwind()` skipped the
correct cframe to stop unwinding. It happens due this frame is C frame
without Lua frame and the special negative value of `cfram_nres()` for
this frame isn't set.

This patch sets `cframe_nres()` for cframe with snap restoration to
`-2*LUAI_MAXSTACK` to guarantee that an error will be always caught
here.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#7230
---
 src/lj_trace.c                                |  2 ++
 .../lj-603-err-snap-restore.test.lua          | 30 +++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 test/tarantool-tests/lj-603-err-snap-restore.test.lua

diff --git a/src/lj_trace.c b/src/lj_trace.c
index d7a78d4d..68a657a7 100644
--- a/src/lj_trace.c
+++ b/src/lj_trace.c
@@ -803,6 +803,8 @@ static TValue *trace_exit_cp(lua_State *L, lua_CFunction dummy, void *ud)
 {
   ExitDataCP *exd = (ExitDataCP *)ud;
   cframe_errfunc(L->cframe) = -1;  /* Inherit error function. */
+  /* Always catch error here. */
+  cframe_nres(L->cframe) = -2*LUAI_MAXSTACK*(int)sizeof(TValue);
   exd->pc = lj_snap_restore(exd->J, exd->exptr);
   UNUSED(dummy);
   return NULL;
diff --git a/test/tarantool-tests/lj-603-err-snap-restore.test.lua b/test/tarantool-tests/lj-603-err-snap-restore.test.lua
new file mode 100644
index 00000000..82ce6a8f
--- /dev/null
+++ b/test/tarantool-tests/lj-603-err-snap-restore.test.lua
@@ -0,0 +1,30 @@
+local tap = require('tap')
+
+-- Test file to demonstrate the incorrect JIT behaviour when an
+-- error is raised on restoration from the snapshot.
+-- See also https://github.com/LuaJIT/LuaJIT/issues/603.
+local test = tap.test('lj-603-err-snap-restore.test.lua')
+test:plan(1)
+
+local recursive_f
+local function errfunc()
+  xpcall(recursive_f, errfunc)
+end
+
+-- A recursive call to itself leads to trace with up-recursion.
+-- When the Lua stack can't be grown more, error is raised on
+-- restoration from the snapshot.
+recursive_f = function()
+  xpcall(recursive_f, errfunc)
+  errfunc = function() end
+  recursive_f = function() end
+end
+recursive_f()
+
+test:ok(true)
+
+-- XXX: Don't use `os.exit()` here intense. When error on snap
+-- restoration is raised, `err_unwind()` doesn't stop on correct
+-- cframe. So later, on exit from VM this corrupted cframe chain
+-- shows itself. `os.exit()` literally calls `exit()` and doesn't
+-- show the issue.
-- 
2.34.1