From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 9F62A518636;
	Mon, 10 Jul 2023 13:51:43 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 9F62A518636
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1688986303; bh=VBLwUYlzqyiBKV0yLjjECrxdGPYr7sktGrdcwwScENI=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=vwPKDP/Pe4PsyFtXAgqyOYKn7CcbgoDBwp+YX2feItyk/2vUxCyg50p+cPQvoSl8G
	 Wm84y5mYTJqguXUYQZEd36yw84hFQeV+xzOq6qsJsslA1+DXQc6UzOdNAtuO6oFPQX
	 cZAXLJQpGtF7I4+MO1yft8iWfzNIbscEeW9KYqb8=
Received: from smtp36.i.mail.ru (smtp36.i.mail.ru [95.163.41.77])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 735F3518636
 for <tarantool-patches@dev.tarantool.org>;
 Mon, 10 Jul 2023 13:51:13 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 735F3518636
Received: by smtp36.i.mail.ru with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1qIoU4-00ASPE-KB; Mon, 10 Jul 2023 13:51:13 +0300
To: Igor Munkin <imun@tarantool.org>,
 Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Date: Mon, 10 Jul 2023 13:46:48 +0300
Message-Id: <323f1c0c6a33a31f0ad7691bd68886bfd195eae4.1688985402.git.skaplun@tarantool.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1688985402.git.skaplun@tarantool.org>
References: <cover.1688985402.git.skaplun@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: B8F34718100C35BD
X-77F55803: 4F1203BC0FB41BD9F6142ABD4516DDC5D33B31904FBC6732F4D25206406C97BE182A05F5380850403AD5935A8ECC09AE0B07C7F00EABD8A4528E507B13E7252D16F6EA8D4FF4B1D7
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE71BDE6A359BD5B800EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637BB2557E27C12D3EF8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D842B8E4C63A0DBD4D7FE04F7C151ABBB4117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCAE9A1BBD95851C5BA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F4460429728776938767073520437C869540D2AB0FCB629EEF1311BF91D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE26055571C92BF10F098B145E00970258D8FC6C240DEA76429C9F4D5AE37F343AA9539A8B242431040A6AB1C7CE11FEE32D01283D1ACF37BAC0837EA9F3D19764C4224003CC836476E2F48590F00D11D6E2021AF6380DFAD1A18204E546F3947C2FFDA4F57982C5F42E808ACE2090B5E1725E5C173C3A84C3C5EA940A35A165FF2DBA43225CD8A89F83C798A30B85E16B262FEC7FBD7D1F5BB5C8C57E37DE458BEDA766A37F9254B7
X-C1DE0DAB: 0D63561A33F958A5FA51DCEF979DB71D914FAC97BC534F39227CE1070A70C240F87CCE6106E1FC07E67D4AC08A07B9B065B78C30F681404D9C5DF10A05D560A950611B66E3DA6D700B0A020F03D25A0997E3FB2386030E77
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF3F148A1518F6EA3CDF0D1A9B5015F7780D4F130FA949D4AFCC5278A1C56FD3EBFA89AC6828CC404884815E46D7AAED53D9224AC9CF94402B98699985E0AE391DA74DFFEFA5DC0E7F02C26D483E81D6BE5EF9655DD6DEA7D65774BB76CC95456EEC5B5AD62611EEC62B5AFB4261A09AF0
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojREMDzwhiTMbV2J4n32f6kw==
X-Mailru-Sender: 11C2EC085EDE56FAC07928AF2646A76927F0ECD144CD66B60B07C7F00EABD8A484876E3DC5E244DFDEDBA653FF35249392D99EB8CC7091A70E183A470755BFD208F19895AA18418972D6B4FCE48DF648AE208404248635DF
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit 1/2] Fix maxslots when recording
 BC_VARG.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Analyzed by Sergey Kaplun.

(cherry-picked from commit 94ada59628dd6ce5d6d2dad1d35a68ad30127f53)

While recording BC_VARG `J->maxslot` isn't shrunk to the effective stack
top. This leads to dead value stored in the JIT slots and the following
assertion failure for these slots check in `rec_check_slots()`. Note,
that `rec_varg()` modifies `maxslot` only under the condition that
`maxslot` should be increased, but the dead values are left for the
opposite case.

This patch removes the condition inside `rec_varg()` only for the case
when varargs are not defined on trace (`framedepth` is 0), but the
similar issue still occurs for the case when vararg are defined on the
trace.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#8825
---
 src/lj_record.c                               |  3 +--
 .../lj-1024-varg-maxslot.test.lua             | 23 +++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 test/tarantool-tests/lj-1024-varg-maxslot.test.lua

diff --git a/src/lj_record.c b/src/lj_record.c
index a90cba77..112524d3 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1812,8 +1812,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
       }
       for (i = nvararg; i < nresults; i++)
 	J->base[dst+i] = TREF_NIL;
-      if (dst + (BCReg)nresults > J->maxslot)
-	J->maxslot = dst + (BCReg)nresults;
+      J->maxslot = dst + (BCReg)nresults;
     } else if (select_detect(J)) {  /* y = select(x, ...) */
       TRef tridx = J->base[dst-1];
       TRef tr = TREF_NIL;
diff --git a/test/tarantool-tests/lj-1024-varg-maxslot.test.lua b/test/tarantool-tests/lj-1024-varg-maxslot.test.lua
new file mode 100644
index 00000000..14270595
--- /dev/null
+++ b/test/tarantool-tests/lj-1024-varg-maxslot.test.lua
@@ -0,0 +1,23 @@
+local tap = require('tap')
+local test = tap.test('lj-noticket-varg-usedef'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+
+jit.opt.start('hotloop=1')
+
+local counter = 0
+-- luacheck: ignore
+local anchor
+while counter < 3 do
+  counter = counter + 1
+  -- BC_VARG 5 1 0. `...` is nil (argument for the script).
+  -- luacheck: ignore
+  -- XXX: some condition to use several slots on the Lua stack.
+  anchor = 1 >= 1, ...
+end
+
+test:ok(true, 'BC_VARG recording 0th frame depth')
+
+os.exit(test:check() and 0 or 1)
-- 
2.34.1