From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id E82C5C6B3A2; Sun, 16 Jun 2024 13:06:30 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E82C5C6B3A2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1718532391; bh=UulSS8Fa2wwS2EE4SrFYbLGeDcVYkDIDRD8S36BdjhY=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=i5Y6+5He83HmLL1NgfU+sbQ91J22tfWP6otAApw2NcY2qvjGjsRjZqtyTFZHhw2kc pDVvtNpK0K/63ZCh8L30zGrPTTHtdR/nTFEbRquCifJQr99IDHVLdZ1KkJ+av6BOHh 0TPGNJNveL+GX/j+NKAjF3L6Rs1ulnHQkWvwM8e8= Received: from smtp39.i.mail.ru (smtp39.i.mail.ru [95.163.41.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id ABE58C6B398 for ; Sun, 16 Jun 2024 13:04:32 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org ABE58C6B398 Received: by smtp39.i.mail.ru with esmtpa (envelope-from ) id 1sImkR-0000000Fftq-2roI; Sun, 16 Jun 2024 13:04:32 +0300 To: Maxim Kokryashkin , Sergey Bronnikov Date: Sun, 16 Jun 2024 13:00:12 +0300 Message-ID: <3cbac3c89c29492888545cf58562c5431bb5e24c.1718528874.git.skaplun@tarantool.org> X-Mailer: git-send-email 2.45.1 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD9AC8CA0B4439200FA3396D26EA105C0471DE01117BA8131F700894C459B0CD1B9A2912179D4C32CD310B999B7BE3335B57BD9AD6C1D5A7944DF8292320A6A54191D371A049BD054D4 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE765EC468FF5F3030AEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063714B34C41AB3453FC8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D88BD693168AA7462BAE6BF3E8E72F99D91F234DB17067926FCC7F00164DA146DAFE8445B8C89999728AA50765F7900637BA939FD1B3BAB99B389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8744B801E316CB65FF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA7E827F84554CEF5019E625A9149C048EE9ECD01F8117BC8BEE2021AF6380DFAD18AA50765F7900637F09814068C508CC822CA9DD8327EE4930A3850AC1BE2E7356C9A9530EBF72002C4224003CC83647689D4C264860C145E X-C1DE0DAB: 0D63561A33F958A55A640A0B710893B65002B1117B3ED6967B4E2F7F50D92112A13BD6A4B0E00B96823CB91A9FED034534781492E4B8EEAD90A7226BC187CE1EF36E2E0160E5C55395B8A2A0B6518DF68C46860778A80D548E8926FB43031F38 X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CFB957DAE9CD42DFAA2144177BDA0082840E8E13B760AA69BF90A0AFAD0F98DB03124E09ADABDE4174BC11D93875BCBCAC96A641B10EFE946B992F8167577D1E7C1B6FE42AE23C5CBFC226CC413062362A913E6812662D5F2A5EAB5682573093F7837F15F2B5E4A70B33F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojsYa7y8j7e8fAgROG92uRFw== X-DA7885C5: E5B6AA3E91B4D653F255D290C0D534F974CCBD5BA4B547AE58189D7E61D937F5CC9044FFC47098C95B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E X-Mailru-Sender: 689FA8AB762F7393C6D0B12EA33CAA9B771DCB63ED38BCF1294DC2D8F921DC34C3C93891A021404CE49D44BB4BD9522A059A1ED8796F048DB274557F927329BE89D5A3BC2B10C37545BD1C3CC395C826B4A721A3011E896F X-Mras: Ok Subject: [Tarantool-patches] [PATCH v2 luajit 4/5] Handle all types of errors during trace stitching. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Thanks to Sergey Kaplun and Peter Cawley. (cherry picked from commit d06beb0480c5d1eb53b3343e78063950275aa281) This commit is a follow-up for the commit 1b8216023d5a79814389f1c1affef27c15d9de27 ("Throw any errors before stack changes in trace stitching."). The patch prepends failures for the specific error to be thrown. Nevertheless, the error may be thrown due to retrying trace recording in the case when table bump optimization is enabled or when OOM is observed during reallocation of the snapshot or IR buffers. This patch adds the corresponding protected frame and rethrows the error after a fixup of the stack. This patch also tests the correctness of copying the error message to the top of the stack to get a valid "abort" reason in the `jit.dump` utility. Also, this patch fixes a non-ASCII space character in the comment for . Sergey Kaplun: * added the description and the test for the problem Part of tarantool/tarantool#9924 --- src/lj_ffrecord.c | 21 +++++-- test/tarantool-tests/CMakeLists.txt | 1 + .../lj-1166-error-stitch-oom-ir-buff.test.lua | 56 +++++++++++++++++ ...j-1166-error-stitch-oom-snap-buff.test.lua | 60 +++++++++++++++++++ .../lj-1166-error-stitch-table-bump.test.lua | 38 ++++++++++++ .../lj-1166-error-stitch/CMakeLists.txt | 1 + .../lj-1166-error-stitch/allocinject.c | 52 ++++++++++++++++ .../lj-720-errors-before-stitch.test.lua | 39 +++++++++++- 8 files changed, 261 insertions(+), 7 deletions(-) create mode 100644 test/tarantool-tests/lj-1166-error-stitch-oom-ir-buff.test.lua create mode 100644 test/tarantool-tests/lj-1166-error-stitch-oom-snap-buff.test.lua create mode 100644 test/tarantool-tests/lj-1166-error-stitch-table-bump.test.lua create mode 100644 test/tarantool-tests/lj-1166-error-stitch/CMakeLists.txt create mode 100644 test/tarantool-tests/lj-1166-error-stitch/allocinject.c diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c index e3ed80fb..ff14e9e4 100644 --- a/src/lj_ffrecord.c +++ b/src/lj_ffrecord.c @@ -96,6 +96,14 @@ static ptrdiff_t results_wanted(jit_State *J) return -1; } +static TValue *rec_stop_stitch_cp(lua_State *L, lua_CFunction dummy, void *ud) +{ + jit_State *J = (jit_State *)ud; + lj_record_stop(J, LJ_TRLINK_STITCH, 0); + UNUSED(L); UNUSED(dummy); + return NULL; +} + /* Trace stitching: add continuation below frame to start a new trace. */ static void recff_stitch(jit_State *J) { @@ -106,10 +114,7 @@ static void recff_stitch(jit_State *J) TValue *nframe = base + 1 + LJ_FR2; const BCIns *pc = frame_pc(base-1); TValue *pframe = frame_prevl(base-1); - - /* Check for this now. Throwing in lj_record_stop messes up the stack. */ - if (J->cur.nsnap >= (MSize)J->param[JIT_P_maxsnap]) - lj_trace_err(J, LJ_TRERR_SNAPOV); + int errcode; /* Move func + args up in Lua stack and insert continuation. */ memmove(&base[1], &base[-1-LJ_FR2], sizeof(TValue)*nslot); @@ -134,13 +139,19 @@ static void recff_stitch(jit_State *J) J->baseslot += 2 + LJ_FR2; J->framedepth++; - lj_record_stop(J, LJ_TRLINK_STITCH, 0); + errcode = lj_vm_cpcall(L, NULL, J, rec_stop_stitch_cp); /* Undo Lua stack changes. */ memmove(&base[-1-LJ_FR2], &base[1], sizeof(TValue)*nslot); setframe_pc(base-1, pc); L->base -= 2 + LJ_FR2; L->top -= 2 + LJ_FR2; + + if (errcode) { + if (errcode == LUA_ERRRUN) + copyTV(L, L->top-1, L->top + (1 + LJ_FR2)); + lj_err_throw(L, errcode); /* Propagate errors. */ + } } /* Fallback handler for fast functions that are not recorded (yet). */ diff --git a/test/tarantool-tests/CMakeLists.txt b/test/tarantool-tests/CMakeLists.txt index 56660932..d7c96078 100644 --- a/test/tarantool-tests/CMakeLists.txt +++ b/test/tarantool-tests/CMakeLists.txt @@ -39,6 +39,7 @@ add_subdirectory(lj-802-panic-at-mcode-protfail) add_subdirectory(lj-flush-on-trace) add_subdirectory(lj-1004-oom-error-frame) add_subdirectory(lj-1066-fix-cur_L-after-coroutine-resume) +add_subdirectory(lj-1166-error-stitch) # The part of the memory profiler toolchain is located in tools # directory, jit, profiler, and bytecode toolchains are located diff --git a/test/tarantool-tests/lj-1166-error-stitch-oom-ir-buff.test.lua b/test/tarantool-tests/lj-1166-error-stitch-oom-ir-buff.test.lua new file mode 100644 index 00000000..85afea11 --- /dev/null +++ b/test/tarantool-tests/lj-1166-error-stitch-oom-ir-buff.test.lua @@ -0,0 +1,56 @@ +local tap = require('tap') + +-- Test file to demonstrate unbalanced Lua stack after instruction +-- recording due to throwing an error at recording of a stitched +-- function. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1166. + +local test = tap.test('lj-1166-error-stitch-oom-ir-buff'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), + ['Disabled on *BSD due to #4819'] = jit.os == 'BSD', +}) + +test:plan(1) + +local allocinject = require('allocinject') + +-- Generate the following Lua chunk: +-- local s1 +-- ... +-- local sN +-- for i = 1, 2 do +-- s1 = i + 1 +-- ... +-- sN = i + N +-- math.modf(1) +-- end +local function create_chunk(n_slots) + local chunk = '' + for i = 1, n_slots do + chunk = chunk .. ('local s%d\n'):format(i) + end + chunk = chunk .. 'for i = 1, 2 do\n' + -- Generate additional IR instructions. + for i = 1, n_slots do + chunk = chunk .. (' s%d = i + %d\n'):format(i, i) + end + -- `math.modf()` recording is NYI. + chunk = chunk .. ' math.modf(1)\n' + chunk = chunk .. 'end\n' + return chunk +end + +-- XXX: amount of slots is empirical. +local tracef = assert(loadstring(create_chunk(175))) + +jit.opt.start('hotloop=1', '-loop', '-fold') + +allocinject.enable() + +tracef() + +allocinject.disable() + +test:ok(true, 'stack is balanced') + +test:done(true) diff --git a/test/tarantool-tests/lj-1166-error-stitch-oom-snap-buff.test.lua b/test/tarantool-tests/lj-1166-error-stitch-oom-snap-buff.test.lua new file mode 100644 index 00000000..ea50ebc4 --- /dev/null +++ b/test/tarantool-tests/lj-1166-error-stitch-oom-snap-buff.test.lua @@ -0,0 +1,60 @@ +local tap = require('tap') + +-- Test file to demonstrate unbalanced Lua stack after instruction +-- recording due to throwing an error at recording of a stitched +-- function. +-- See also: https://github.com/LuaJIT/LuaJIT/issues/1166. + +local test = tap.test('lj-1166-error-stitch-oom-snap-buff'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), + ['Disabled on *BSD due to #4819'] = jit.os == 'BSD', +}) + +test:plan(1) + +local allocinject = require('allocinject') + +-- Generate the following Lua chunk: +-- for i = 1, 2 do +-- if i < 1 then end +-- ... +-- if i < N then end +-- math.modf(1) +-- end +local function create_chunk(n_conds) + local chunk = '' + chunk = chunk .. 'for i = 1, 2 do\n' + -- Each condition adds additional snapshot. + for i = 1, n_conds do + chunk = chunk .. (' if i < %d then end\n'):format(i + n_conds) + end + -- `math.modf()` recording is NYI. + chunk = chunk .. ' math.modf(1)\n' + chunk = chunk .. 'end\n' + return chunk +end + +-- XXX: Need to compile the cycle in the `create_chunk()` to +-- preallocate the snapshot buffer. +jit.opt.start('hotloop=1', '-loop', '-fold') + +-- XXX: Amount of slots is empirical. +local tracef = assert(loadstring(create_chunk(6))) + +-- XXX: Remove previous trace. +jit.off() +jit.flush() + +-- XXX: Update hotcounts to avoid hash collisions. +jit.opt.start('hotloop=1') +jit.on() + +allocinject.enable() + +tracef() + +allocinject.disable() + +test:ok(true, 'stack is balanced') + +test:done(true) diff --git a/test/tarantool-tests/lj-1166-error-stitch-table-bump.test.lua b/test/tarantool-tests/lj-1166-error-stitch-table-bump.test.lua new file mode 100644 index 00000000..f2453bbe --- /dev/null +++ b/test/tarantool-tests/lj-1166-error-stitch-table-bump.test.lua @@ -0,0 +1,38 @@ +local tap = require('tap') + +-- Test file to demonstrate unbalanced Lua stack after instruction +-- recording due to throwing an error at recording of a stitched +-- function. The test fails with LUAJIT_ENABLE_TABLE_BUMP enabled. +-- See also: +-- * https://github.com/LuaJIT/LuaJIT/issues/606, +-- * https://github.com/LuaJIT/LuaJIT/issues/1166. + +local test = tap.test('lj-1166-error-stitch-table-bump'):skipcond({ + ['Test requires JIT enabled'] = not jit.status(), +}) + +test:plan(1) + +-- `math.modf` recording is NYI. +-- Local `modf` simplifies `jit.dump()` output. +local modf = math.modf + +jit.opt.start('hotloop=1') + +-- luacheck: no unused +local t +-- There is no need to run the trace itself. Just check the +-- correctness of a recording. +for i = 1, 2 do + t = {} + -- Cause table rehashing to trigger table bump optimization. + t[i] = i + -- Forcify stitch. This will throw an error at the end of + -- recording, since trace recording should be retried after + -- bytecode updating. + modf(1) +end + +test:ok(true, 'stack is balanced') + +test:done(true) diff --git a/test/tarantool-tests/lj-1166-error-stitch/CMakeLists.txt b/test/tarantool-tests/lj-1166-error-stitch/CMakeLists.txt new file mode 100644 index 00000000..342e438e --- /dev/null +++ b/test/tarantool-tests/lj-1166-error-stitch/CMakeLists.txt @@ -0,0 +1 @@ +BuildTestCLib(allocinject allocinject.c) diff --git a/test/tarantool-tests/lj-1166-error-stitch/allocinject.c b/test/tarantool-tests/lj-1166-error-stitch/allocinject.c new file mode 100644 index 00000000..88fc9138 --- /dev/null +++ b/test/tarantool-tests/lj-1166-error-stitch/allocinject.c @@ -0,0 +1,52 @@ +#include "lua.h" +#include "lauxlib.h" + +#undef NDEBUG +#include + +static lua_Alloc old_allocf = NULL; +static void *old_alloc_state = NULL; + +/* Function to be used instead of the default allocator. */ +static void *allocf_with_injection(void *ud, void *ptr, size_t osize, + size_t nsize) +{ + assert(old_allocf != NULL); + /* + * Check the specific reallocation related to the IR + * buffer or the snapshot buffer. + */ + if (osize * 2 == nsize) + return NULL; + return old_allocf(ud, ptr, osize, nsize); +} + +static int enable(lua_State *L) +{ + assert(old_allocf == NULL); + old_allocf = lua_getallocf(L, &old_alloc_state); + lua_setallocf(L, allocf_with_injection, old_alloc_state); + return 0; +} + +static int disable(lua_State *L) +{ + assert(old_allocf != NULL); + assert(old_allocf != allocf_with_injection); + lua_setallocf(L, old_allocf, old_alloc_state); + old_allocf = NULL; + old_alloc_state = NULL; + return 0; +} + +static const struct luaL_Reg allocinject[] = { + {"enable", enable}, + {"disable", disable}, + {NULL, NULL} +}; + +LUA_API int luaopen_allocinject(lua_State *L) +{ + luaL_register(L, "allocinject", allocinject); + return 1; +} diff --git a/test/tarantool-tests/lj-720-errors-before-stitch.test.lua b/test/tarantool-tests/lj-720-errors-before-stitch.test.lua index d750b721..95b6f8a5 100644 --- a/test/tarantool-tests/lj-720-errors-before-stitch.test.lua +++ b/test/tarantool-tests/lj-720-errors-before-stitch.test.lua @@ -1,13 +1,27 @@ local tap = require('tap') local test = tap.test('lj-720-errors-before-stitch'):skipcond({ ['Test requires JIT enabled'] = not jit.status(), + ['Disabled on *BSD due to #4819'] = jit.os == 'BSD', }) -test:plan(1) --- `math.modf` recording is NYI. +local jparse = require('utils').jit.parse + +-- `math.modf` recording is NYI. -- Local `modf` simplifies `jit.dump()` output. local modf = math.modf + +-- XXX: Avoid other traces compilation due to hotcount collisions +-- for predictable results. +jit.off() +jit.flush() + +test:plan(2) + +-- We only need the abort reason in the test. +jparse.start('t') + jit.opt.start('hotloop=1', 'maxsnap=1') +jit.on() -- The loop has only two iterations: the first to detect its -- hotness and the second to record it. The snapshot limit is @@ -17,5 +31,26 @@ for _ = 1, 2 do modf(1.2) end +local _, aborted_traces = jparse.finish() + +jit.off() + test:ok(true, 'stack is balanced') + +-- Tarantool may compile traces on the startup. These traces +-- already exceed the maximum snapshot amount we set after they +-- are compiled. Hence, there is no need to reallocate the +-- snapshot buffer, so the check for the snap size is not +-- triggered. +test:skipcond({ + ['Impossible to predict the number of snapshots for Tarantool'] = _TARANTOOL, +}) + +assert(aborted_traces and aborted_traces[1], 'aborted trace is persisted') + +-- We tried to compile only one trace. +local reason = aborted_traces[1][1].abort_reason + +test:like(reason, 'too many snapshots', 'abort reason is correct') + test:done(true) -- 2.45.1