From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 522AF7030C; Mon, 24 May 2021 16:29:19 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 522AF7030C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1621862959; bh=cygNcJ5Pv9Is0eFdomrp29+jI+JY7t4t57ycnCkN0oc=; h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=Yd8xDl4ea39PUHWRbz+1C3xYQoxpiKKgQTbWBm2cMNl8KVbAHG3DAWUh/MMiGldiX TrH7NdLjxNTov7X6cBSzWGE2wz/tol7rQFZKZZWNPcCZP/AvfbVzCB4mo8i9ymK+iu S5rUx8/7JDRJwMqzKN/fw8Bz91/09GF6lnb3Ctro= Received: from smtp29.i.mail.ru (smtp29.i.mail.ru [94.100.177.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id D3B577030C for ; Mon, 24 May 2021 16:28:47 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org D3B577030C Received: by smtp29.i.mail.ru with esmtpa (envelope-from ) id 1llAdS-0002uA-Qd; Mon, 24 May 2021 16:28:47 +0300 To: Igor Munkin , Sergey Ostanevich Date: Mon, 24 May 2021 16:27:30 +0300 Message-Id: <51e2abaf644791331a077cab0852aa54d04941ff.1621859367.git.skaplun@tarantool.org> X-Mailer: git-send-email 2.31.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD91B019B01C53E51AF9055931F25A1C7413A6B5BA1B6C38DA100894C459B0CD1B9A5611AB6D2933664DDC66C639AF233A715943EE8DFA7CAB9377EF39409332766 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE71BDE6A359BD5B800EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F790063763305FB9D3ECC1898638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8D8F0E94435DCC4FEC560C73DFEE5BD36117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC974A882099E279BDA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735201E561CDFBCA1751FF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA7E827F84554CEF5019E625A9149C048EE9ECD01F8117BC8BEE2021AF6380DFAD18AA50765F790063735872C767BF85DA227C277FBC8AE2E8BAEB924C2B054B06E75ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356 X-C1DE0DAB: C20DE7B7AB408E4181F030C43753B8186998911F362727C414F749A5E30D975CDFB9373DB28FDDFB99FDB71330EEA64165BFC4FF6D4AE06E9C2B6934AE262D3EE7EAB7254005DCED7532B743992DF240BDC6A1CF3F042BAD6DF99611D93F60EF92B0BE0DA6BB795D699F904B3F4130E343918A1A30D5E7FCCB5012B2E24CD356 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34ADE558D2B396DA7C91579950644619394A2A7D65BFA3B1FAD48FAE65D9851BEE3719AA9C234D22C01D7E09C32AA3244C0FC315A9D1610EC6E34A375B0555F665D9ADFF0C0BDB8D1F927AC6DF5659F194 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojbL9S8ysBdXhAIdl7nGLKX42ZamNplMlc X-Mailru-Sender: 3B9A0136629DC91206CBC582EFEF4CB4E4AE16D2258087AB1177EFA429EB51CF4B7B9B07E2CAC9C3F2400F607609286E924004A7DEC283833C7120B22964430C52B393F8C72A41A89437F6177E88F7363CDA0F3B3F5B9367 X-Mras: Ok Subject: [Tarantool-patches] [PATCH luajit 1/4] ARM, ARM64, PPC: Fix TSETR fallback. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Kaplun via Tarantool-patches Reply-To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" From: Mike Pall Thanks to Javier Guerra Giraldez. (cherry picked from commit ae20998ff5aaacc8e3afd46c64e28a8e039b58a1) This patch fixes the issue introduced by commits f307d0adafc7e35d2dc1c461d50f6572c5e6bca8 ('ARM64: Add build infrastructure and initial port of interpreter.') for arm64 and 73ef845fcaf65937ad63e9cf6b681cb3e61f4504 ('Add special bytecodes for builtins.') for arm and ppc. Within the mentioned commits the new bytecode TSETR is introduced for the corresponding architectures. When the new index of the table processed during this bytecode is the integer, that is greater than asize of the table, the VM fallbacks to vmeta_tsetr, for calling lj_tab_setinth(lua_State *L, GCtab *t, int32_t key). The first argument CARG1 is not set by the VM and contains an invalid value, so the mentioned call leads to crash. This patch adds the missed set of CARG1 to the right value. Sergey Kaplun: * added the description and the test for the problem Resolves tarantool/tarantool#6084 Part of tarantool/tarantool#5629 --- src/vm_arm.dasc | 1 + src/vm_arm64.dasc | 1 + src/vm_ppc.dasc | 1 + test/tarantool-tests/CMakeLists.txt | 9 ++++--- ...-missed-carg1-in-bctsetr-fallback.test.lua | 25 +++++++++++++++++++ test/tarantool-tests/utils.lua | 22 ++++++++++++++++ 6 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 test/tarantool-tests/gh-6084-missed-carg1-in-bctsetr-fallback.test.lua diff --git a/src/vm_arm.dasc b/src/vm_arm.dasc index ae2efdfd..21f7fecb 100644 --- a/src/vm_arm.dasc +++ b/src/vm_arm.dasc @@ -701,6 +701,7 @@ static void build_subroutines(BuildCtx *ctx) |->vmeta_tsetr: | str BASE, L->base | .IOS mov RC, BASE + | mov CARG1, L | str PC, SAVE_PC | bl extern lj_tab_setinth // (lua_State *L, GCtab *t, int32_t key) | // Returns TValue *. diff --git a/src/vm_arm64.dasc b/src/vm_arm64.dasc index f783428f..6bf59509 100644 --- a/src/vm_arm64.dasc +++ b/src/vm_arm64.dasc @@ -711,6 +711,7 @@ static void build_subroutines(BuildCtx *ctx) |->vmeta_tsetr: | sxtw CARG3, TMP1w | str BASE, L->base + | mov CARG1, L | str PC, SAVE_PC | bl extern lj_tab_setinth // (lua_State *L, GCtab *t, int32_t key) | // Returns TValue *. diff --git a/src/vm_ppc.dasc b/src/vm_ppc.dasc index 62e9b681..3f48b7ff 100644 --- a/src/vm_ppc.dasc +++ b/src/vm_ppc.dasc @@ -995,6 +995,7 @@ static void build_subroutines(BuildCtx *ctx) | |->vmeta_tsetr: | stp BASE, L->base + | mr CARG1, L | stw PC, SAVE_PC | bl extern lj_tab_setinth // (lua_State *L, GCtab *t, int32_t key) | // Returns TValue *. diff --git a/test/tarantool-tests/CMakeLists.txt b/test/tarantool-tests/CMakeLists.txt index 475e2e5d..2fdb4d1f 100644 --- a/test/tarantool-tests/CMakeLists.txt +++ b/test/tarantool-tests/CMakeLists.txt @@ -61,11 +61,12 @@ add_subdirectory(lj-flush-on-trace) add_subdirectory(misclib-getmetrics-capi) # The part of the memory profiler toolchain is located in tools -# directory and auxiliary tests-related modules are located in the -# current directory (but tests are run in the binary directory), -# so LUA_PATH need to be updated. +# directory, jit, profiler, and bytecode toolchains are located +# in src/ directory and auxiliary tests-related modules are +# located in the current directory (but tests are run in the +# binary directory), so LUA_PATH need to be updated. set(LUA_PATH - "${CMAKE_CURRENT_SOURCE_DIR}/?.lua\;${PROJECT_SOURCE_DIR}/tools/?.lua" + "${CMAKE_CURRENT_SOURCE_DIR}/?.lua\;${PROJECT_SOURCE_DIR}/tools/?.lua\;${PROJECT_SOURCE_DIR}/src/?.lua" ) set(LUA_TEST_SUFFIX .test.lua) set(LUA_TEST_FLAGS --failures --shuffle) diff --git a/test/tarantool-tests/gh-6084-missed-carg1-in-bctsetr-fallback.test.lua b/test/tarantool-tests/gh-6084-missed-carg1-in-bctsetr-fallback.test.lua new file mode 100644 index 00000000..26344274 --- /dev/null +++ b/test/tarantool-tests/gh-6084-missed-carg1-in-bctsetr-fallback.test.lua @@ -0,0 +1,25 @@ +local tap = require("tap") +local utils = require("utils") + +local test = tap.test("gh-6084-missed-carg1-in-bctsetr-fallback") +test:plan(1) + +-- Bytecode TSETR appears only in built-ins libraries, when doing +-- fixups for fast function written in Lua (i.e. `table.move()`), +-- by replacing all TSETV bytecodes with the TSETR. +-- See for more details. + +-- This test checks that fallback path, when the index of the new +-- set element is greater than the table's asize, doesn't lead +-- to a crash. + +-- We need to make sure the bytecode is present in the chosen +-- built-in to make sure our test is still valid. +assert(utils.hasbc(table.move, "TSETR")) + +-- Empty table has asize equals 0. Just copy its element (equals +-- nil) to the field by index 1 > 0, to fallback inside TSETR. +table.move({}, 1, 1, 1) + +test:ok(true) +os.exit(test:check() and 0 or 1) diff --git a/test/tarantool-tests/utils.lua b/test/tarantool-tests/utils.lua index c0403cf1..61d4de7a 100644 --- a/test/tarantool-tests/utils.lua +++ b/test/tarantool-tests/utils.lua @@ -2,11 +2,14 @@ local M = {} local ffi = require('ffi') local tap = require('tap') +local bc = require('jit.bc') ffi.cdef([[ int setenv(const char *name, const char *value, int overwrite); ]]) +local function noop() end + local function luacmd(args) -- arg[-1] is guaranteed to be not nil. local idx = -2 @@ -89,4 +92,23 @@ function M.tweakenv(condition, variable) ffi.C.setenv(variable, testvar, 0) end +function M.hasbc(f, bytecode) + assert(type(f) == 'function', 'argument #1 should be a function') + assert(type(bytecode) == 'string', 'argument #2 should be a string') + local hasbc = false + -- Check the bytecode entry line by line. + local out = { + write = function(out, line) + if line:match(bytecode) then + hasbc = true + out.write = noop + end + end, + flush = noop, + close = noop, + } + bc.dump(f, out) + return hasbc +end + return M -- 2.31.0