From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 445C1C3A941; Tue, 23 Jul 2024 21:30:03 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 445C1C3A941 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1721759403; bh=nJ9jxGBRN4clpb3SSqxM4G5bdYuVtf2MmfhHlowcGD8=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=J+GHhFsVzOuN8LxRWDuhaRR8lIw5oWBSQ7nrF+0b5fEcHNVnNIi7ogyT+vvQ5U5sN NzYLg/J+AIx1AIWBbR6sTP9Lgj52aZQANJqlNeeXmu1h4WyURgzAnkhnDAUdXkVL04 jiYNbfyA7I0ZGrtv0EVpXZXYADpFdtDo52PFxRNk= Received: from smtp48.i.mail.ru (smtp48.i.mail.ru [95.163.41.86]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 08022C0627F for ; Tue, 23 Jul 2024 21:30:02 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 08022C0627F Received: by smtp48.i.mail.ru with esmtpa (envelope-from ) id 1sWKGu-0000000G2Nk-34Zk; Tue, 23 Jul 2024 21:30:01 +0300 Content-Type: multipart/alternative; boundary="------------V7KaImpHOub20mvQ7V9sxI0T" Message-ID: <43db36be-eb47-48ce-bec8-7326f3f9f24e@tarantool.org> Date: Tue, 23 Jul 2024 21:29:59 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun Cc: Sergey Bronnikov , tarantool-patches@dev.tarantool.org References: In-Reply-To: X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: B8F34718100C35BD X-77F55803: 4F1203BC0FB41BD9A65E120EBDABE9BC822F87A90CEC419A915CE6AB9E45527B182A05F5380850408D1C20F8BC68BCF1479CDAE959BF6424583084E33FBE6C361FE422CA1AEA05782E7580F92AFCEA56 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7F1942E6D70B4A2F0EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637329F9579A0E72DCC8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D807992A422C93EE50EED966F1EDF8C65008B3EE39AAC16966CC7F00164DA146DAFE8445B8C89999728AA50765F7900637F924B32C592EA89F389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC8062BEEFFB5F8EA3EF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C64E7220B7C5505929735652A29929C6C4AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C3BB339968D8EBD1C6BA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CFE478A468B35FE7671DD303D21008E298D5E8D9A59859A8B64854413538E1713F75ECD9A6C639B01B78DA827A17800CE7AA592860F4B06D71731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A5ED4EAFD2176DF0555002B1117B3ED6968A2CBC48F7E770C092B673A2F5DDD7E7823CB91A9FED034534781492E4B8EEAD14747542773C033FBDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF5B59D9307EF2ABE1BAB65C2F2E7FEE0B101FD62F1A58F6FDA589B2EED97753FAEEB2523CC0526E3F468522D637D1E0EEDCE0B54017DB5A60870655C2CC6C48017BA83DFC519A0F7B5F4332CA8FE04980913E6812662D5F2AB9AF64DB4688768036DF5FE9C0001AF333F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj49epkdzIowACWw1hHaY/SQ== X-Mailru-Sender: C4F68CFF4024C8867DFDF7C7F2588458EF620D9DCF8A6B6AA7CF1FCFAF80C0E9D9450FE02E235AABD1EB3A06F6ACBA26645D15D82EE4B272BD6E4642A116CA93524AA66B5ACBE6721EF430B9A63E2A504198E0F3ECE9B5443453F38A29522196 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 2/2][v2] FFI: Turn FFI finalizer table into a proper GC root. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------V7KaImpHOub20mvQ7V9sxI0T Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi, Sergey, fixes applied and force-pushed. Sergey On 10.07.2024 17:08, Sergey Kaplun wrote: > Hi, Sergey! > Thanks for the fixes! > LGTM, after fixing minor comments below. > > On 10.07.24, Sergey Bronnikov wrote: >> Hi, Sergey >> >> thanks for review. Fixes applied and force-pushed. >> >> Sergey >> >> >> On 09.07.2024 15:14, Sergey Kaplun via Tarantool-patches wrote: >>> Hi, Sergey! >>> Thanks for the patch! >>> Please consider my comments below. >>> >>> On 09.07.24, Sergey Bronnikov wrote: >>>> From: Mike Pall >>>> > > >>> Minor: "will be collected at the end of the cycle if it is created after >>> the start phase." >> Updated. > | Previous patch fixes the problem partially because the introduced > | GC root may not exist at the start phase of the GC cycle. In that > | case, the cdata finalizer table will be collected at the end of > | the cycle. > > Minor: "cycle (since it isn't marked because it is not accessible from > any GC root)." Updated. > > | Access to the cdata finalizer table exhibits heap use > | after free. The patch turns the finalizer table into a proper > > >>>> diff --git a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c >>>> index c388c6a7..259528cb 100644 >>>> --- a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c >>>> +++ b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c > > >>>> + >>>> + /* Not trigger GC during `lua_openffi()`. */ >>>> + lua_gc(L, LUA_GCSTOP, 0); >>> Maybe it is worth adding this GC stop for the first test case too to >>> make it more robust. >> Ok, I'll add. > Thanks! > >>>> + >>>> + int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t"); > I suggest renaming "chunk" to the "test_chunk" here too. Fixed, but after this the line becomes longer max length and I need to split it for two lines: --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c @@ -83,7 +83,8 @@ unmarked_finalizer_tab_gcmark(void *test_state)         /* Not trigger GC during `lua_openffi()`. */         lua_gc(L, LUA_GCSTOP, 0); -       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t"); +       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, +                                  "test_chunk", "t");         if (res != LUA_OK) {                 test_comment("error loading Lua chunk: %s", lua_tostring(L, -1));                 bail_out("error loading Lua chunk"); I would leave "chunk" due to this. And you? > > Also, please add here comment about `sizeof(buff) - 1` too. > > >>>> + assert_true(res == LUA_OK); > > >> --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c >> +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c >> @@ -78,7 +78,10 @@ unmarked_finalizer_tab_gcsweep(void *test_state) >>         lua_gc(L, LUA_GCSTOP, 0); >> >>         int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", >> "t"); >> -       assert_true(res == LUA_OK); >> +       if (res != LUA_OK) { >> +               test_comment("error loading Lua chunk: %s", >> lua_tostring(L, -1)); > Code line length is more than 80 symbols. > (Same for the previous commit.) Fixed for both commits. > > >> +               bail_out("error loading Lua chunk"); >> +       } >> >>         /* Finish GC cycle. */ >>         while (!lua_gc(L, LUA_GCSTEP, -1)); >> >>>> + >>>> + /* Finish GC cycle. */ > Let's add "to collect the finalizer table." to be consistent with > another test. Fixed: --- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c +++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c @@ -93,7 +93,7 @@ unmarked_finalizer_tab_gcmark(void *test_state)                 bail_out("error loading Lua chunk");         } -       /* Finish GC cycle. */ +       /* Finish GC cycle to collect the finalizer table. */         while (!lua_gc(L, LUA_GCSTEP, -1));         /* Teardown. */ > >>>> + while (!lua_gc(L, LUA_GCSTEP, -1)); >>>> + > > --------------V7KaImpHOub20mvQ7V9sxI0T Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi, Sergey,

fixes applied and force-pushed.

Sergey

On 10.07.2024 17:08, Sergey Kaplun wrote:
Hi, Sergey!
Thanks for the fixes!
LGTM, after fixing minor comments below.

On 10.07.24, Sergey Bronnikov wrote:
Hi, Sergey

thanks for review. Fixes applied and force-pushed.

Sergey


On 09.07.2024 15:14, Sergey Kaplun via Tarantool-patches wrote:
Hi, Sergey!
Thanks for the patch!
Please consider my comments below.

On 09.07.24, Sergey Bronnikov wrote:
From: Mike Pall <mike>

<snipped>

Minor: "will be collected at the end of the cycle if it is created after
the start phase."
Updated.
| Previous patch fixes the problem partially because the introduced
| GC root may not exist at the start phase of the GC cycle. In that
| case, the cdata finalizer table will be collected at the end of
| the cycle.

Minor: "cycle (since it isn't marked because it is not accessible from
any GC root)."
Updated.

|            Access to the cdata finalizer table exhibits heap use
| after free. The patch turns the finalizer table into a proper

      
<snipped>

diff --git a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
index c388c6a7..259528cb 100644
--- a/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
+++ b/test/tarantool-c-tests/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer.test.c
<snipped>

+
+	/* Not trigger GC during `lua_openffi()`. */
+	lua_gc(L, LUA_GCSTOP, 0);
Maybe it is worth adding this GC stop for the first test case too to
make it more robust.
Ok, I'll add.
Thanks!


          
+
+	int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t");
I suggest renaming "chunk" to the "test_chunk" here too.

Fixed, but after this the line becomes longer max length and I need to split it for two lines:

--- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
+++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
@@ -83,7 +83,8 @@ unmarked_finalizer_tab_gcmark(void *test_state)
        /* Not trigger GC during `lua_openffi()`. */
        lua_gc(L, LUA_GCSTOP, 0);
 
-       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", "t");
+       int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1,
+                                  "test_chunk", "t");
        if (res != LUA_OK) {
                test_comment("error loading Lua chunk: %s", lua_tostring(L, -1));
                bail_out("error loading Lua chunk");

I would leave "chunk" due to this. And you?



Also, please add here comment about `sizeof(buff) - 1` too.


+	assert_true(res == LUA_OK);
<snipped>

--- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
+++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
@@ -78,7 +78,10 @@ unmarked_finalizer_tab_gcsweep(void *test_state)
         lua_gc(L, LUA_GCSTOP, 0);

         int res = luaL_loadbufferx(L, buff, sizeof(buff) - 1, "chunk", 
"t");
-       assert_true(res == LUA_OK);
+       if (res != LUA_OK) {
+               test_comment("error loading Lua chunk: %s", 
lua_tostring(L, -1));
Code line length is more than 80 symbols.
(Same for the previous commit.)
Fixed for both commits.


+               bail_out("error loading Lua chunk");
+       }

         /* Finish GC cycle. */
         while (!lua_gc(L, LUA_GCSTEP, -1));


          
+
+	/* Finish GC cycle. */
Let's add "to collect the finalizer table." to be consistent with
another test.

Fixed:


--- a/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
+++ b/test/tarantool-c-tests/lj-1168-unmarked-finalizer-tab.test.c
@@ -93,7 +93,7 @@ unmarked_finalizer_tab_gcmark(void *test_state)
                bail_out("error loading Lua chunk");
        }
 
-       /* Finish GC cycle. */
+       /* Finish GC cycle to collect the finalizer table. */
        while (!lua_gc(L, LUA_GCSTEP, -1));
 
        /* Teardown. */


+	while (!lua_gc(L, LUA_GCSTEP, -1));
+
<snipped>

--------------V7KaImpHOub20mvQ7V9sxI0T--