From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 6520C6F3C9; Sat, 20 Mar 2021 03:50:58 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 6520C6F3C9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1616201458; bh=3c/ayF2aIuQ39I5ulhUllNmQA8c4iV+Qdmh23bYvujg=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=mvLAic7V2m2K48siJlFJcjPixN4OlF7JTuWbte5ZCYsfjxB+QjCo0wAheUfJt137D 6BWeGDIHLot8V4SEJIvpH3ZIoEPHN5GuTubFg673eAAXlLiJ/HzFVy2vWzSKcJTG75 3wSOhLmFzSDG1ZZWoOey0Ai4cOyw3RED58EkZ3ak= Received: from smtpng3.m.smailru.net (smtpng3.m.smailru.net [94.100.177.149]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id BA6B07182A for ; Sat, 20 Mar 2021 03:43:15 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org BA6B07182A Received: by smtpng3.m.smailru.net with esmtpa (envelope-from ) id 1lNPhy-00076U-VD; Sat, 20 Mar 2021 03:43:15 +0300 To: tarantool-patches@dev.tarantool.org, gorcunov@gmail.com, sergepetrenko@tarantool.org Date: Sat, 20 Mar 2021 01:42:46 +0100 Message-Id: <41cbe040f3523f0aa3b7f484c0e3b4eca474b935.1616200860.git.v.shpilevoy@tarantool.org> X-Mailer: git-send-email 2.24.3 (Apple Git-128) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD95D6E7CC48CB1F5F10D3016C09B407F8B88411E9FEB481E8E182A05F5380850409D62047E2F90F3C6A48A473478DE59DEF9C31A2D513DD5FB12D00DA1CE171386 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7B05688F02FB57514EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637822A0A225AD602F38638F802B75D45FF914D58D5BE9E6BC131B5C99E7648C95C81A23F326053F8278850F5381267C776160791B2202620B2A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE70F3DDF2BBF19B93A9FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C34C82C86BFC697D19117882F4460429728AD0CFFFB425014E868A13BD56FB6657A7F4EDE966BC389F9E8FC8737B5C2249753C3A5E0A5AB5B7089D37D7C0E48F6CCF19DD082D7633A0E7DDDDC251EA7DABAAAE862A0553A39223F8577A6DFFEA7C831C17AB68599A1243847C11F186F3C5E7DDDDC251EA7DABCC89B49CDF41148F90DBEB212AEC08F22623479134186CDE6BA297DBC24807EABDAD6C7F3747799A X-B7AD71C0: AC4F5C86D027EB782CDD5689AFBDA7A2BBE337FB72E923155C0AF1600DCBC20BD3311767B7455A337AC4DEADB1F4810D X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975C81A23F326053F8278850F5381267C776160791B2202620B29C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EFF532FBFD8162E58C699F904B3F4130E343918A1A30D5E7FCCB5012B2E24CD356 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D340A58BF0C7EAC340F03890C2227F050A08FCFB570F3159C25A4B10668B05EE18B2286CD31392F042C1D7E09C32AA3244CCFBCF2CE96C6E00A103858B9998D9073725D5B54B2FE4575FACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj8xHC0Ak4ylY14CIhVweYrQ== X-Mailru-Sender: 689FA8AB762F73936BC43F508A0638227252FF05E9CD662A2BC9F7D9B63B1F243841015FED1DE5223CC9A89AB576DD93FB559BB5D741EB963CF37A108A312F5C27E8A8C3839CE0E267EA787935ED9F1B X-Mras: Ok Subject: [Tarantool-patches] [PATCH 09/16] uuid: drop tt_uuid_str() from Lua X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Vladislav Shpilevoy via Tarantool-patches Reply-To: Vladislav Shpilevoy Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" The function converts struct tt_uuid * to a string. The string is allocated on the static buffer, which can't be used in Lua due to unpredictable GC behaviour. It can start working any moment even if tt_uuid_str() has returned, but its result wasn't passed to ffi.string() yet. Then the buffer might be overwritten. Lua uuid now uses tt_uuid_to_string() which does the same but takes the buffer pointer. The buffer is stored in an ffi stash, because it is x4 times faster than ffi.new('char[37]') (where 37 is length of a UUID string + terminating 0) (2.4 ns vs 0.8 ns). After this patch UUID is supposed to be fully compatible with Lua GC handlers. Part of #5632 --- src/exports.h | 2 +- src/lua/uuid.lua | 13 ++++-- test/app-tap/gh-5632-gc-buf-reuse.test.lua | 49 ++++++++++++++++++++++ 3 files changed, 60 insertions(+), 4 deletions(-) create mode 100755 test/app-tap/gh-5632-gc-buf-reuse.test.lua diff --git a/src/exports.h b/src/exports.h index ddbe57230..a90b9406a 100644 --- a/src/exports.h +++ b/src/exports.h @@ -517,7 +517,7 @@ EXPORT(tt_uuid_create) EXPORT(tt_uuid_from_string) EXPORT(tt_uuid_is_equal) EXPORT(tt_uuid_is_nil) -EXPORT(tt_uuid_str) +EXPORT(tt_uuid_to_string) EXPORT(uri_format) EXPORT(uri_parse) EXPORT(uuid_nil) diff --git a/src/lua/uuid.lua b/src/lua/uuid.lua index 74f8c924c..3047b665c 100644 --- a/src/lua/uuid.lua +++ b/src/lua/uuid.lua @@ -17,8 +17,6 @@ bool tt_uuid_is_nil(const struct tt_uuid *uu); bool tt_uuid_is_equal(const struct tt_uuid *lhs, const struct tt_uuid *rhs); -char * -tt_uuid_str(const struct tt_uuid *uu); int tt_uuid_compare(const struct tt_uuid *a, const struct tt_uuid *b); extern const struct tt_uuid uuid_nil; @@ -31,6 +29,11 @@ local uuid_stash = buffer.ffi_stash_new(uuid_t) local uuid_stash_take = uuid_stash.take local uuid_stash_put = uuid_stash.put +local uuid_str_stash = + buffer.ffi_stash_new(string.format('char[%s]', UUID_STR_LEN + 1)) +local uuid_str_stash_take = uuid_str_stash.take +local uuid_str_stash_put = uuid_str_stash.put + local is_uuid = function(value) return ffi.istype(uuid_t, value) end @@ -39,7 +42,11 @@ local uuid_tostring = function(uu) if not is_uuid(uu) then return error('Usage: uuid:str()') end - return ffi.string(builtin.tt_uuid_str(uu), UUID_STR_LEN) + local strbuf = uuid_str_stash_take() + builtin.tt_uuid_to_string(uu, strbuf) + uu = ffi.string(strbuf, UUID_STR_LEN) + uuid_str_stash_put(strbuf) + return uu end local uuid_fromstr = function(str) diff --git a/test/app-tap/gh-5632-gc-buf-reuse.test.lua b/test/app-tap/gh-5632-gc-buf-reuse.test.lua new file mode 100755 index 000000000..8fe662d3f --- /dev/null +++ b/test/app-tap/gh-5632-gc-buf-reuse.test.lua @@ -0,0 +1,49 @@ +#!/usr/bin/env tarantool + +-- +-- gh-5632: Lua code should not use any global buffers or objects without +-- proper ownership protection. Otherwise these items might be suddenly reused +-- during Lua GC which happens almost at any moment. That might lead to data +-- corruption. +-- + +local tap = require('tap') +local ffi = require('ffi') +local uuid = require('uuid') + +local function test_uuid(test) + test:plan(1) + + local gc_count = 100 + local iter_count = 1000 + local is_success = true + + local function uuid_to_str() + local uu = uuid.new() + local str1 = uu:str() + local str2 = uu:str() + if str1 ~= str2 then + is_success = false + assert(false) + end + end + + local function create_gc() + for i = 1, gc_count do + ffi.gc(ffi.new('char[1]'), function() uuid_to_str() end) + end + end + + for i = 1, iter_count do + create_gc() + uuid_to_str() + end + + test:ok(is_success, 'uuid in gc') +end + +local test = tap.test('gh-5632-gc-buf-reuse') +test:plan(1) +test:test('uuid in __gc', test_uuid) + +os.exit(test:check() and 0 or 1) -- 2.24.3 (Apple Git-128)