* [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG.
@ 2025-02-07 13:05 Sergey Kaplun via Tarantool-patches
2025-02-10 15:14 ` Sergey Bronnikov via Tarantool-patches
2025-02-13 10:51 ` Sergey Kaplun via Tarantool-patches
0 siblings, 2 replies; 5+ messages in thread
From: Sergey Kaplun via Tarantool-patches @ 2025-02-07 13:05 UTC (permalink / raw)
To: Sergey Bronnikov; +Cc: tarantool-patches
From: Mike Pall <mike>
Reported by Bachir Bendrissou.
(cherry picked from commit 62e362afbb1d100c892d2782c5862ad18bc464f2)
When the trace is started after the stitching, it may not have some
slots from the first one. That slot may be the first slot given to the
`select()` function (if it is determined by the call that caused the
stitch). Before the patch, there is no loading of this slot in the
`rec_varg()` for the trace, and the 0 value from slots is taken instead.
Hence, the following recording of `BC_VARG` is incorrect.
This patch fixes this by using the `getslot()` instead of taking the
value directly.
Sergey Kaplun:
* added the description and the test for the problem
Part of tarantool/tarantool#11055
---
Branch: https://github.com/tarantool/luajit/tree/skaplun/fix-recording-bc-varg-used-in-select
Related issues: https://github.com/tarantool/tarantool/issues/11055
THread in ML: https://www.freelists.org/post/luajit/Possible-issue-during-register-allocation-ra-alloc1
src/lj_record.c | 2 +-
...-recording-bc-varg-used-in-select.test.lua | 36 +++++++++++++++++++
2 files changed, 37 insertions(+), 1 deletion(-)
create mode 100644 test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
diff --git a/src/lj_record.c b/src/lj_record.c
index 7181b72a..5345fa63 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -1869,7 +1869,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults)
J->maxslot = dst + (BCReg)nresults;
}
} else if (select_detect(J)) { /* y = select(x, ...) */
- TRef tridx = J->base[dst-1];
+ TRef tridx = getslot(J, dst-1);
TRef tr = TREF_NIL;
ptrdiff_t idx = lj_ffrecord_select_mode(J, tridx, &J->L->base[dst-1]);
if (idx < 0) goto nyivarg;
diff --git a/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
new file mode 100644
index 00000000..20b43e07
--- /dev/null
+++ b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
@@ -0,0 +1,36 @@
+local tap = require('tap')
+
+-- Test file to demonstrate incorrect recording of `BC_VARG` that
+-- is given to the `select()` function. See also:
+-- https://www.freelists.org/post/luajit/Possible-issue-during-register-allocation-ra-alloc1.
+
+local test = tap.test('fix-recording-bc-varg-used-in-select'):skipcond({
+ ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+
+-- XXX: Simplify `jit.dump` output.
+local modf = math.modf
+
+local EXPECTED = 'canary'
+local function test_func(...)
+ local first_varg_item
+ for _ = 1, 4 do
+ -- `modf()` is used to create a stitching with a meaningful
+ -- index value, that equals 1, i.e. refers to the first item
+ -- in `...`. The second trace started after stitching does not
+ -- contain the stack slot for the first argument of the
+ -- `select()`. Before the patch, there is no loading of
+ -- this slot for the trace and the 0 value is taken instead.
+ -- Hence, this leads to an incorrect recording of the
+ -- `BC_VARG` with detected `select()`.
+ first_varg_item = select(modf(1, 0), ...)
+ end
+ return first_varg_item
+end
+
+jit.opt.start('hotloop=1')
+test:is(test_func(EXPECTED), EXPECTED, 'corect BC_VARG recording')
+
+test:done(true)
--
2.47.1
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG.
2025-02-07 13:05 [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG Sergey Kaplun via Tarantool-patches
@ 2025-02-10 15:14 ` Sergey Bronnikov via Tarantool-patches
2025-02-10 15:18 ` Sergey Kaplun via Tarantool-patches
2025-02-13 10:51 ` Sergey Kaplun via Tarantool-patches
1 sibling, 1 reply; 5+ messages in thread
From: Sergey Bronnikov via Tarantool-patches @ 2025-02-10 15:14 UTC (permalink / raw)
To: Sergey Kaplun; +Cc: tarantool-patches
[-- Attachment #1: Type: text/plain, Size: 263 bytes --]
Hi, Sergey,
thanks for the patch! LGTM with a minor comment.
Sergey
On 07.02.2025 16:05, Sergey Kaplun wrote:
<snipped>
> +jit.opt.start('hotloop=1')
> +test:is(test_func(EXPECTED), EXPECTED, 'corect BC_VARG recording')
Typo: "corect"
> +
> +test:done(true)
[-- Attachment #2: Type: text/html, Size: 943 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG.
2025-02-10 15:14 ` Sergey Bronnikov via Tarantool-patches
@ 2025-02-10 15:18 ` Sergey Kaplun via Tarantool-patches
2025-02-10 17:50 ` Sergey Bronnikov via Tarantool-patches
0 siblings, 1 reply; 5+ messages in thread
From: Sergey Kaplun via Tarantool-patches @ 2025-02-10 15:18 UTC (permalink / raw)
To: Sergey Bronnikov; +Cc: tarantool-patches
Hi, Sergey!
Thanks for the review!
Fixed your comments and force-pushed the branch.
On 10.02.25, Sergey Bronnikov wrote:
> Hi, Sergey,
>
> thanks for the patch! LGTM with a minor comment.
>
> Sergey
>
> On 07.02.2025 16:05, Sergey Kaplun wrote:
>
>
> <snipped>
>
> > +jit.opt.start('hotloop=1')
> > +test:is(test_func(EXPECTED), EXPECTED, 'corect BC_VARG recording')
> Typo: "corect"
Fixed and force-pushed to the branch.
Also, rebased to the current master.
See the iterative patch below:
===================================================================
diff --git a/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
index 20b43e07..b3a62b5c 100644
--- a/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
+++ b/test/tarantool-tests/fix-recording-bc-varg-used-in-select.test.lua
@@ -31,6 +31,6 @@ local function test_func(...)
end
jit.opt.start('hotloop=1')
-test:is(test_func(EXPECTED), EXPECTED, 'corect BC_VARG recording')
+test:is(test_func(EXPECTED), EXPECTED, 'correct BC_VARG recording')
test:done(true)
===================================================================
> > +
> > +test:done(true)
--
Best regards,
Sergey Kaplun
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG.
2025-02-07 13:05 [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG Sergey Kaplun via Tarantool-patches
2025-02-10 15:14 ` Sergey Bronnikov via Tarantool-patches
@ 2025-02-13 10:51 ` Sergey Kaplun via Tarantool-patches
1 sibling, 0 replies; 5+ messages in thread
From: Sergey Kaplun via Tarantool-patches @ 2025-02-13 10:51 UTC (permalink / raw)
To: Sergey Bronnikov; +Cc: tarantool-patches
I've applied the patch into all long-term branches in tarantool/luajit
and bumped a new version in master [1], release/3.3 [2], release/3.2 [3]
and release/2.11 [4].
[1]: https://github.com/tarantool/tarantool/pull/11128
[2]: https://github.com/tarantool/tarantool/pull/11029
[3]: https://github.com/tarantool/tarantool/pull/11030
[4]: https://github.com/tarantool/tarantool/pull/11031
--
Best regards,
Sergey Kaplun
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-02-13 10:52 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-07 13:05 [Tarantool-patches] [PATCH luajit] Fix recording of BC_VARG Sergey Kaplun via Tarantool-patches
2025-02-10 15:14 ` Sergey Bronnikov via Tarantool-patches
2025-02-10 15:18 ` Sergey Kaplun via Tarantool-patches
2025-02-10 17:50 ` Sergey Bronnikov via Tarantool-patches
2025-02-13 10:51 ` Sergey Kaplun via Tarantool-patches
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox