From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 445C1C3A941; Tue, 23 Jul 2024 21:30:03 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 445C1C3A941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1721759403; bh=nJ9jxGBRN4clpb3SSqxM4G5bdYuVtf2MmfhHlowcGD8=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=J+GHhFsVzOuN8LxRWDuhaRR8lIw5oWBSQ7nrF+0b5fEcHNVnNIi7ogyT+vvQ5U5sN NzYLg/J+AIx1AIWBbR6sTP9Lgj52aZQANJqlNeeXmu1h4WyURgzAnkhnDAUdXkVL04 jiYNbfyA7I0ZGrtv0EVpXZXYADpFdtDo52PFxRNk= Received: from smtp48.i.mail.ru (smtp48.i.mail.ru [95.163.41.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 08022C0627F for ; Tue, 23 Jul 2024 21:30:02 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 08022C0627F Received: by smtp48.i.mail.ru with esmtpa (envelope-from ) id 1sWKGu-0000000G2Nk-34Zk; Tue, 23 Jul 2024 21:30:01 +0300 Content-Type: multipart/alternative; boundary="------------V7KaImpHOub20mvQ7V9sxI0T" Message-ID: <43db36be-eb47-48ce-bec8-7326f3f9f24e@tarantool.org> Date: Tue, 23 Jul 2024 21:29:59 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun Cc: Sergey Bronnikov , tarantool-patches@dev.tarantool.org References: In-Reply-To: X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: B8F34718100C35BD X-77F55803: 4F1203BC0FB41BD9A65E120EBDABE9BC822F87A90CEC419A915CE6AB9E45527B182A05F5380850408D1C20F8BC68BCF1479CDAE959BF6424583084E33FBE6C361FE422CA1AEA05782E7580F92AFCEA56 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7F1942E6D70B4A2F0EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637329F9579A0E72DCC8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D807992A422C93EE50EED966F1EDF8C65008B3EE39AAC16966CC7F00164DA146DAFE8445B8C89999728AA50765F7900637F924B32C592EA89F389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8062BEEFFB5F8EA3EF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C64E7220B7C5505929735652A29929C6C4AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C3BB339968D8EBD1C6BA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CFE478A468B35FE7671DD303D21008E298D5E8D9A59859A8B64854413538E1713F75ECD9A6C639B01B78DA827A17800CE7AA592860F4B06D71731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A5ED4EAFD2176DF0555002B1117B3ED6968A2CBC48F7E770C092B673A2F5DDD7E7823CB91A9FED034534781492E4B8EEAD14747542773C033FBDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF5B59D9307EF2ABE1BAB65C2F2E7FEE0B101FD62F1A58F6FDA589B2EED97753FAEEB2523CC0526E3F468522D637D1E0EEDCE0B54017DB5A60870655C2CC6C48017BA83DFC519A0F7B5F4332CA8FE04980913E6812662D5F2AB9AF64DB4688768036DF5FE9C0001AF333F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj49epkdzIowACWw1hHaY/SQ== X-Mailru-Sender: C4F68CFF4024C8867DFDF7C7F2588458EF620D9DCF8A6B6AA7CF1FCFAF80C0E9D9450FE02E235AABD1EB3A06F6ACBA26645D15D82EE4B272BD6E4642A116CA93524AA66B5ACBE6721EF430B9A63E2A504198E0F3ECE9B5443453F38A29522196 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 2/2][v2] FFI: Turn FFI finalizer table into a proper GC root. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------V7KaImpHOub20mvQ7V9sxI0T Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi, Sergey, fixes applied and force-pushed. Sergey On 10.07.2024 17:08, Sergey Kaplun wrote: > Hi, Sergey! > Thanks for the fixes! > LGTM, after fixing minor comments below. > > On 10.07.24, Sergey Bronnikov wrote: >> Hi, Sergey >> >> thanks for review. Fixes applied and force-pushed. >> >> Sergey >> >> >> On 09.07.2024 15:14, Sergey Kaplun via Tarantool-patches wrote: >>> Hi, Sergey! >>> Thanks for the patch! >>> Please consider my comments below. >>> >>> On 09.07.24, Sergey Bronnikov wrote: >>>> From: Mike Pall >>>> > > >>> Minor: "will be collected at the end of the cycle if it is created after >>> the start phase." >> Updated. > | Previous patch fixes the problem partially because the introduced > | GC root may not exist at the start phase of the GC cycle. In that > | case, the cdata finalizer table will be collected at the end of > | the cycle. > > Minor: "cycle (since it isn't marked because it is not accessible from > any GC root)." Updated. > > | Access to the cdata finalizer table exhibits heap use > | after free. The patch turns the finalizer table into a proper > > >>>> diff --git a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c >>>> index c388c6a7..259528cb 100644 >>>> --- a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c >>>> +++ b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c > > >>>> + >>>> + /* Not trigger GC during `lua_openffi()`. */ >>>> + lua_gc(L, LUA_GCSTOP, 0); >>> Maybe it is worth adding this GC stop for the first test case too to >>> make it more robust. >> Ok, I'll add. > Thanks! > >>>> + >>>> + int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t"); > I suggest renaming "chunk" to the "test_chunk" here too. Fixed, but after this the line becomes longer max length and I need to split it for two lines: --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c @@ -83,7 +83,8 @@ unmarked_finalizer_tab_gcmark(void *test_state)         /* Not trigger GC during `lua_openffi()`. */         lua_gc(L, LUA_GCSTOP, 0); -       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t"); +       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, +                                  "test_chunk", "t");         if (res != LUA_OK) {                 test_comment("error loading Lua chunk: %s", lua_tostring(L, -1));                 bail_out("error loading Lua chunk"); I would leave "chunk" due to this. And you? > > Also, please add here comment about `sizeof(buff) - 1` too. > > >>>> + assert_true(res == LUA_OK); > > >> --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c >> +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c >> @@ -78,7 +78,10 @@ unmarked_finalizer_tab_gcsweep(void *test_state) >>         lua_gc(L, LUA_GCSTOP, 0); >> >>         int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", >> "t"); >> -       assert_true(res == LUA_OK); >> +       if (res != LUA_OK) { >> +               test_comment("error loading Lua chunk: %s", >> lua_tostring(L, -1)); > Code line length is more than 80 symbols. > (Same for the previous commit.) Fixed for both commits. > > >> +               bail_out("error loading Lua chunk"); >> +       } >> >>         /* Finish GC cycle. */ >>         while (!lua_gc(L, LUA_GCSTEP, -1)); >> >>>> + >>>> + /* Finish GC cycle. */ > Let's add "to collect the finalizer table." to be consistent with > another test. Fixed: --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c @@ -93,7 +93,7 @@ unmarked_finalizer_tab_gcmark(void *test_state)                 bail_out("error loading Lua chunk");         } -       /* Finish GC cycle. */ +       /* Finish GC cycle to collect the finalizer table. */         while (!lua_gc(L, LUA_GCSTEP, -1));         /* Teardown. */ > >>>> + while (!lua_gc(L, LUA_GCSTEP, -1)); >>>> + > > --------------V7KaImpHOub20mvQ7V9sxI0T Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi, Sergey,

fixes applied and force-pushed.

Sergey

On 10.07.2024 17:08, Sergey Kaplun wrote:
Hi, Sergey!
Thanks for the fixes!
LGTM, after fixing minor comments below.

On 10.07.24, Sergey Bronnikov wrote:

Hi, Sergey

thanks for review. Fixes applied and force-pushed.

Sergey


On 09.07.2024 15:14, Sergey Kaplun via Tarantool-patches wrote:

Hi, Sergey!
Thanks for the patch!
Please consider my comments below.

On 09.07.24, Sergey Bronnikov wrote:

From: Mike Pall <mike>


<snipped>


Minor: "will be collected at the end of the cycle if it is created after
the start phase."

Updated.

| Previous patch fixes the problem partially because the introduced
| GC root may not exist at the start phase of the GC cycle. In that
| case, the cdata finalizer table will be collected at the end of
| the cycle.

Minor: "cycle (since it isn't marked because it is not accessible from
any GC root)."
Updated.

|            Access to the cdata finalizer table exhibits heap use
| after free. The patch turns the finalizer table into a proper


      

      
<snipped>



      

        

          

            
diff --git a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
index c388c6a7..259528cb 100644
--- a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
+++ b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c


          

        

      

      
<snipped>



      

        

          

            
+
+	/* Not trigger GC during `lua_openffi()`. */
+	lua_gc(L, LUA_GCSTOP, 0);


          

          
Maybe it is worth adding this GC stop for the first test case too to
make it more robust.


        

        
Ok, I'll add.


      

      
Thanks!



      

        

          

          

            
+
+	int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t");


          

        

      

      
I suggest renaming "chunk" to the "test_chunk" here too.

    

    
Fixed, but after this the line becomes longer max length and I
      need to split it for two lines:

    

    
---
      a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c

      +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c

      @@ -83,7 +83,8 @@ unmarked_finalizer_tab_gcmark(void *test_state)

              /* Not trigger GC during `lua_openffi()`. */

              lua_gc(L, LUA_GCSTOP, 0);

       

      -       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1,
      "chunk", "t");

      +       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1,

      +                                  "test_chunk", "t");

              if (res != LUA_OK) {

                      test_comment("error loading Lua chunk: %s",
      lua_tostring(L, -1));

                      bail_out("error loading Lua chunk");

    
I would leave "chunk" due to this. And you?

    


    

    

      

Also, please add here comment about `sizeof(buff) - 1` too.




      

        

          

            
+	assert_true(res == LUA_OK);


          

        

      

      
<snipped>



      

        
--- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
+++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
@@ -78,7 +78,10 @@ unmarked_finalizer_tab_gcsweep(void *test_state)
         lua_gc(L, LUA_GCSTOP, 0);

         int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", 
"t");
-       assert_true(res == LUA_OK);
+       if (res != LUA_OK) {
+               test_comment("error loading Lua chunk: %s", 
lua_tostring(L, -1));


      

      
Code line length is more than 80 symbols.
(Same for the previous commit.)

    

    Fixed for both commits.

    

      




      

        
+               bail_out("error loading Lua chunk");
+       }

         /* Finish GC cycle. */
         while (!lua_gc(L, LUA_GCSTEP, -1));



        

          

          

            
+
+	/* Finish GC cycle. */


          

        

      

      
Let's add "to collect the finalizer table." to be consistent with
another test.

    

    
Fixed:

    


    

    
---
      a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c

      +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c

      @@ -93,7 +93,7 @@ unmarked_finalizer_tab_gcmark(void *test_state)

                      bail_out("error loading Lua chunk");

              }

       

      -       /* Finish GC cycle. */

      +       /* Finish GC cycle to collect the finalizer table. */

              while (!lua_gc(L, LUA_GCSTEP, -1));

       

              /* Teardown. */

    

    

      



      

        

          

            
+	while (!lua_gc(L, LUA_GCSTEP, -1));
+


          

        

      

      
<snipped>



    

  
  


--------------V7KaImpHOub20mvQ7V9sxI0T--