From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 1AF1170301; Fri, 27 Jan 2023 00:22:59 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 1AF1170301 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1674768179; bh=S1I3brlKv1qB/o2wrWlrrxa1Ep7EsCSRZ1Jpzpp3brw=; h=Date:In-Reply-To:To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=NvBUMZTPYLy3ZrV5rrCkR8P8BjOvGa9UBqvZpjtKcclUG12z3sbYQTLZ+Uy70QP7D n6s4eSttBxCzJuCjKFEspdns3xgh7+LsZbA4KWeeBVDK5UTn4wwcq8U/QDdB9TGdCn GI2zpEdHwJCYGu9x/pJr532Z1oENr2Mh/HMjNVko= Received: from smtp40.i.mail.ru (smtp40.i.mail.ru [95.163.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 5BFC770301 for ; Fri, 27 Jan 2023 00:22:58 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 5BFC770301 Received: by smtp40.i.mail.ru with esmtpa (envelope-from ) id 1pL9hx-00Awv6-J6; Fri, 27 Jan 2023 00:22:58 +0300 Message-Id: <584E1E67-1ADF-4126-A1C8-BCE28422C4EF@tarantool.org> Content-Type: multipart/alternative; boundary="Apple-Mail=_35F30C7F-B80A-4474-8D55-4FE8CBAE70F6" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.300.101.1.3\)) Date: Fri, 27 Jan 2023 00:22:47 +0300 In-Reply-To: To: Sergey Kaplun References: <673614b0d270047c096b156f5a886211770c4ac1.1674068996.git.skaplun@tarantool.org> <1674573205.475122003@f164.i.mail.ru> X-Mailer: Apple Mail (2.3731.300.101.1.3) X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD939F4CB9F411D0C049A665BBDE0BC1BBF71D8564BE9063A6C182A05F538085040BD50A036DF53676AB53BB8FE36D882F7B0F06560DD8E28C59C5D95AC2BDFC29C X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE70312E9A300D47E3BEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006372764AB4096FC590A8638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D88EDEAA33723173FEFB80F7ECCF215769117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC8C7ADC89C2F0B2A5A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F44604297287769387670735200AC5B80A05675ACDC26CFBAC0749D213D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EE7B96B19DC40933216E0066C2D8992A164AD6D5ED66289B52698AB9A7B718F8C46E0066C2D8992A16725E5C173C3A84C3A017C3C86E18A903BA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE754A400A07F115C59731C566533BA786AA5CC5B56E945C8DA X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34AEC7C2AC3C44791D11DC15FD5F563C33F00F5CFDFE8C854A6409AB45AC6BF39BF938BFFFC741A0721D7E09C32AA3244C5172D68107EC2C478E3079B456F39858CE0B41342B755BCDFACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojSgrCHE6ee1h6GdUY8eH02Q== X-Mailru-Sender: 5AA3D5B9D8C48646B0E16308DBDEF600556A6F9C9DC3F203B53BB8FE36D882F781AE5054A97140B960D8632BEC246C7D55B4A2144138A8805FC805B5969CB4993EE16157CC7DAB4272D6B4FCE48DF648AE208404248635DF X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 3/3] x86/x64: Fix loop realignment. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: sergos via Tarantool-patches Reply-To: sergos Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" --Apple-Mail=_35F30C7F-B80A-4474-8D55-4FE8CBAE70F6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi! Thanks for the patch, it is LGTM. Sergos >=20 > The new commit message is the following: >=20 > | x86/x64: Fix loop realignment. > | > | (cherry picked from commit 522d2073da4be2af79db4728cbb375db0fbdfc48) > | > | `asm_intarith()` function may try to drop `test r, r` (where `r` is = an > | allocated register) instruction before the Jcc instruction. However, = in > | cases when Jcc instruction is "Jump short if ..." instruction (i.e. = has > | no 0F opcode prefix like "Jump near if ..."), the `test` instruction = is > | dropped when it shouldn't be, due to usage for the comparison the = next > | byte after instruction itself. As the result, the loop can't be > | realigned later in `asm_loop_fixup` due to target to jump being > | misaligned and the assertion fails. > | > | This patch adds the additional check for the 0F opcode in > | `asm_intarith()`. > | > | Sergey Kaplun: > | * added the description and the test for the problem > | > | Part of tarantool/tarantool#8069 >=20 > Branch is force pushed. >=20 >>>> --- >>>> src/lj_asm_x86.h | 5 +++-- >>>> .../lj-556-fix-loop-realignment.test.lua | 18 ++++++++++++++++++ >>>> 2 files changed, 21 insertions(+), 2 deletions(-) >>>> create mode 100644 = test/tarantool-tests/lj-556-fix-loop-realignment.test.lua >>>>=20 >>>> diff --git a/src/lj_asm_x86.h b/src/lj_asm_x86.h >>>> index 8efda8e5..e6c42c6d 100644 >>>> --- a/src/lj_asm_x86.h >>>> +++ b/src/lj_asm_x86.h >>>> @@ -2068,8 +2068,9 @@ static void asm_intarith(ASMState *as, IRIns = *ir, x86Arith xa) >>>> int32_t k =3D 0; >>>> if (as->flagmcp =3D=3D as->mcp) { /* Drop test r,r instruction. = */ >>>> MCode *p =3D as->mcp + ((LJ_64 && *as->mcp < XI_TESTb) ? 3 : = 2); >>>> - if ((p[1] & 15) < 14) { >>>> - if ((p[1] & 15) >=3D 12) p[1] -=3D 4; /* L <->S, NL <-> NS */ >>>> + MCode *q =3D p[0] =3D=3D 0x0f ? p+1 : p; >>>> + if ((*q & 15) < 14) { >>>> + if ((*q & 15) >=3D 12) *q -=3D 4; /* L <->S, NL <-> NS */ >>>> as->flagmcp =3D NULL; >>>> as->mcp =3D p; >>>> } /* else: cannot transform LE/NLE to cc without use of OF. */ >>>> diff --git = a/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua = b/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua >>>> new file mode 100644 >>>> index 00000000..9a8e6098 >>>> --- /dev/null >>>> +++ b/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua >>>> @@ -0,0 +1,18 @@ >>>> +local tap =3D require('tap') >>>> + >>>> +local test =3D tap.test('lj-505-fold-icorrect-behavior') >>>> +test:plan(1) >>>> + >>>> +-- Test file to demonstrate JIT misbehaviour for loop realignment >>>> +-- in LUAJIT_NUMMODE=3D2. See also >>>> +-- https://github.com/LuaJIT/LuaJIT/issues/556 . >>>> + >>>> +jit.opt.start('hotloop=3D1') >>>> + >>>> +local s =3D 4 >>>> +while s > 0 do >>>> + s =3D s - 1 >>>> +end >>>> + >>>> +test:ok(true, 'loop is compiled and ran successfully') >>>> +os.exit(test:check() and 0 or 1) >>>> -- >>> The test works just fine with HEAD on=20 >>> f7d61d96 ci: introduce workflow for exotic builds. >>> =20 >>> Tested configurations:=20 >>> LJ_64: True, LJ_GC64: True, LJ_DUALNUM: True >>> LJ_64: True, LJ_GC64: False, LJ_DUALNUM: True >=20 > It's strange... > I use the following build command: > | $ cmake . -DCMAKE_BUILD_TYPE=3DDebug -DLUA_USE_APICHECK=3DON = -DLUA_USE_ASSERT=3DON -DLUAJIT_ENABLE_GC64=3DOFF -DLUAJIT_NUMMODE=3D2 && = make -j > and get the following assertion: > | asm_loop_fixup: Assertion `((intptr_t)target & 15) =3D=3D 0' failed. > What command do you use to build LuaJIT? >=20 >>> -- >>> Best regards, >>> Maxim Kokryashkin >>> =20 >=20 > --=20 > Best regards, > Sergey Kaplun --Apple-Mail=_35F30C7F-B80A-4474-8D55-4FE8CBAE70F6 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
Hi!

Thanks for the = patch, it is = LGTM.

Sergos



The new = commit message is the following:

| = x86/x64: Fix loop realignment.
|
| = (cherry picked from commit = 522d2073da4be2af79db4728cbb375db0fbdfc48)
|
| = `asm_intarith()` function may try to drop `test r, r` (where `r` is = an
| allocated register) = instruction before the Jcc instruction. However, in
| cases when Jcc = instruction is "Jump short if ..." instruction (i.e. has
| no 0F opcode prefix = like "Jump near if ..."), the `test` instruction is
| dropped when it = shouldn't be, due to usage for the comparison the next
| byte after instruction = itself. As the result, the loop can't be
| = realigned later in `asm_loop_fixup` due to target to jump = being
| misaligned and the = assertion fails.
|
| This = patch adds the additional check for the 0F opcode in
| = `asm_intarith()`.
|
| = Sergey Kaplun:
| * = added the description and the test for the problem
|
| Part of = tarantool/tarantool#8069

Branch = is force pushed.

---
 src/lj_asm_x86.h | = 5 +++--
 .../lj-556-fix-loop-realignment.test.lua | 18 = ++++++++++++++++++
 2 files changed, 21 insertions(+), 2 = deletions(-)
 create mode 100644 = test/tarantool-tests/lj-556-fix-loop-realignment.test.lua

diff = --git a/src/lj_asm_x86.h b/src/lj_asm_x86.h
index 8efda8e5..e6c42c6d = 100644
--- a/src/lj_asm_x86.h
+++ b/src/lj_asm_x86.h
@@ -2068,8 = +2068,9 @@ static void asm_intarith(ASMState *as, IRIns *ir, x86Arith = xa)
   int32_t k =3D 0;
   if = (as->flagmcp =3D=3D as->mcp) { /* Drop test r,r instruction. = */
     MCode *p =3D as->mcp + ((LJ_64 = && *as->mcp < XI_TESTb) ? 3 : 2);
- if ((p[1] & 15) = < 14) {
- if ((p[1] & 15) >=3D 12) p[1] -=3D 4; /* L = <->S, NL <-> NS */
+ MCode *q =3D p[0] =3D=3D 0x0f ? p+1 = : p;
+ if ((*q & 15) < 14) {
+ if ((*q & 15) >=3D = 12) *q -=3D 4; /* L <->S, NL <-> NS = */
       as->flagmcp =3D = NULL;
       as->mcp =3D = p;
     } /* else: cannot transform LE/NLE = to cc without use of OF. */
diff --git = a/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua = b/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua
new file = mode 100644
index 00000000..9a8e6098
--- /dev/null
+++ = b/test/tarantool-tests/lj-556-fix-loop-realignment.test.lua
@@ -0,0 = +1,18 @@
+local tap =3D require('tap')
+
+local test =3D = tap.test('lj-505-fold-icorrect-behavior')
+test:plan(1)
+
+-- = Test file to demonstrate JIT misbehaviour for loop realignment
+-- in = LUAJIT_NUMMODE=3D2. See also
+-- =  https://github.com/LuaJIT/LuaJIT/issues/556 = .
+
+jit.opt.start('hotloop=3D1')
+
+local s =3D 4
+while = s > 0 do
+ s =3D s - 1
+end
+
+test:ok(true, 'loop is = compiled and ran successfully')
+os.exit(test:check() and 0 or = 1)
--
The test works just fine with HEAD = on 
f7d61d96  ci: introduce workflow for exotic = builds.
 
Tested configurations: 
LJ_64: True, = LJ_GC64: True, LJ_DUALNUM: True
LJ_64: True, LJ_GC64: False, = LJ_DUALNUM: True

It's = strange...
I use the following = build command:
| $ = cmake . -DCMAKE_BUILD_TYPE=3DDebug -DLUA_USE_APICHECK=3DON = -DLUA_USE_ASSERT=3DON -DLUAJIT_ENABLE_GC64=3DOFF -DLUAJIT_NUMMODE=3D2 = && make -j
and get = the following assertion:
| = asm_loop_fixup: Assertion `((intptr_t)target & 15) =3D=3D 0' = failed.
What command do you use = to build LuaJIT?

--
Best regards,
Maxim = Kokryashkin
 

-- 
Best regards,
Sergey = Kaplun

= --Apple-Mail=_35F30C7F-B80A-4474-8D55-4FE8CBAE70F6--