From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id EBFC3CF2D96;
	Wed,  2 Oct 2024 11:10:39 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org EBFC3CF2D96
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1727856640; bh=qclysRVohGjmMRWF3bSUNai2fEnPn7VsZXtMp21Dxik=;
	h=To:Date:In-Reply-To:References:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=QYgQi0zPNiRCo7fXsgd00mBO2wHUhKOFfJdu1CL2CDiQbzdFrpmY5YMzzLvVQjIJM
	 pwuTda/asqbIO+E7gPPL2zkyxeHBI5KoRkn1F2NtdFX8gAS15kno8Uaux6N2G2qkP5
	 20WqmhzpRqqaLpug++lb0BaUDZkLBBSHJR0FqWBc=
Received: from smtp52.i.mail.ru (smtp52.i.mail.ru [95.163.41.88])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id E755FCF2D96
 for <tarantool-patches@dev.tarantool.org>;
 Wed,  2 Oct 2024 11:09:38 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org E755FCF2D96
Received: by exim-smtp-5858d4dbf5-4gl25 with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1svuQT-000000009d0-3hXo; Wed, 02 Oct 2024 11:09:38 +0300
To: Maxim Kokryashkin <m.kokryashkin@tarantool.org>,
 Sergey Bronnikov <sergeyb@tarantool.org>
Date: Wed,  2 Oct 2024 11:09:06 +0300
Message-ID: <7531b1a6a3f39f8f2d83a54befdc67af987cebaf.1727855711.git.skaplun@tarantool.org>
X-Mailer: git-send-email 2.46.2
In-Reply-To: <cover.1727855711.git.skaplun@tarantool.org>
References: <cover.1727855711.git.skaplun@tarantool.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: B8F34718100C35BD
X-77F55803: 4F1203BC0FB41BD964E86F54238FCC398BBAD82B66982E3DC4938CC247E11C67182A05F538085040B00EB874BE31CB513DE06ABAFEAF67059EA5220FA13701F362434EF88ABBD523FB1C19767FBE8657
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE77603ADE015AF816DEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637C6ABF113959433A58638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D85480809DD85DC7E774F16426BBA326CB0A3D99AFC64E3213CC7F00164DA146DAFE8445B8C89999728AA50765F7900637D0FEED2715E18529389733CBF5DBD5E9C8A9BA7A39EFB766F5D81C698A659EA7CC7F00164DA146DA9985D098DBDEAEC817119E5299B287EEF6B57BC7E6449061A352F6E88A58FB86F5D81C698A659EA73AA81AA40904B5D9A18204E546F3947C2D01283D1ACF37BAC0837EA9F3D197644AD6D5ED66289B523666184CF4C3C14F6136E347CC761E07725E5C173C3A84C36E36DCD5FF651F90BA3038C0950A5D36B5C8C57E37DE458B330BD67F2E7D9AF16D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE76515C59FC18CEA6D731C566533BA786AA5CC5B56E945C8DA
X-C1DE0DAB: 0D63561A33F958A5BBF7CE0522999DD15002B1117B3ED6963E0FACE0D522F9C09E040399BDE4761E823CB91A9FED034534781492E4B8EEAD09F854029C6BD0DAC79554A2A72441328621D336A7BC284946AD531847A6065A535571D14F44ED41
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF0A681ACE66674D08801D7616247E42086928DD3E9E311730D988CA6A32952D9C6BD4E2D2DF3D4047A06F21331F7F71AFBBCD908CBEC8284620289672AD59FC02A5731FEEE03A47E6C226CC413062362A913E6812662D5F2A5EAB5682573093F7837F15F2B5E4A70B33F2C28C22F508233FCF178C6DD14203
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojHMr0s/SL0PXQdfDEQMokwA==
X-Mailru-Sender: 520A125C2F17F0B1A9638AD358559B590B173EF589B2CB373DE06ABAFEAF67059EA5220FA13701F3B7CBEF92542CD7C88B0A2698F12F5C9EC77752E0C033A69E86920BD37369036789A8C6A0E60D2BB63A5DB60FBEB33A8A0DA7A0AF5A3A8387
X-Mras: Ok
Subject: [Tarantool-patches] [PATCH luajit 2/2] FFI: Fix 64 bit shift fold
 rules.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

From: Mike Pall <mike>

Thanks to Peter Cawley.

(cherry picked from commit 9e0437240f1fb4bfa7248f6ec8be0e3181016119)

For `IR_BSHR`, `IR_BROL`, `IR_BROR` during `kfold_int64arith()` the left
argument is truncated down to 32 bits, which leads to incorrect results
if the right argument is >= 32.

Also, `IR_BSAR` does an unsigned shift rather than a signed shift, but
since this case branch is unreachable, it is harmless for now.

This patch fixes all misbehaviours (including possible for `IR_BSAR`) to
preserve IR semantics.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199
---
 src/lj_opt_fold.c                             |  8 +-
 .../lj-1079-fix-64-bitshift-folds.test.lua    | 74 +++++++++++++++++++
 2 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-1079-fix-64-bitshift-folds.test.lua

diff --git a/src/lj_opt_fold.c b/src/lj_opt_fold.c
index e2171e1b..2702f79f 100644
--- a/src/lj_opt_fold.c
+++ b/src/lj_opt_fold.c
@@ -382,10 +382,10 @@ static uint64_t kfold_int64arith(jit_State *J, uint64_t k1, uint64_t k2,
   case IR_BOR: k1 |= k2; break;
   case IR_BXOR: k1 ^= k2; break;
   case IR_BSHL: k1 <<= (k2 & 63); break;
-  case IR_BSHR: k1 = (int32_t)((uint32_t)k1 >> (k2 & 63)); break;
-  case IR_BSAR: k1 >>= (k2 & 63); break;
-  case IR_BROL: k1 = (int32_t)lj_rol((uint32_t)k1, (k2 & 63)); break;
-  case IR_BROR: k1 = (int32_t)lj_ror((uint32_t)k1, (k2 & 63)); break;
+  case IR_BSHR: k1 >>= (k2 & 63); break;
+  case IR_BSAR: k1 = (uint64_t)((int64_t)k1 >> (k2 & 63)); break;
+  case IR_BROL: k1 = lj_rol(k1, (k2 & 63)); break;
+  case IR_BROR: k1 = lj_ror(k1, (k2 & 63)); break;
   default: lj_assertJ(0, "bad IR op %d", op); break;
   }
 #else
diff --git a/test/tarantool-tests/lj-1079-fix-64-bitshift-folds.test.lua b/test/tarantool-tests/lj-1079-fix-64-bitshift-folds.test.lua
new file mode 100644
index 00000000..6cc0b319
--- /dev/null
+++ b/test/tarantool-tests/lj-1079-fix-64-bitshift-folds.test.lua
@@ -0,0 +1,74 @@
+local tap = require('tap')
+
+-- Test file to demonstrate LuaJIT misbehaviour on folding
+-- for bitshift operations.
+-- See also, https://github.com/LuaJIT/LuaJIT/issues/1079.
+
+local test = tap.test('lj-1079-fix-64-bitshift-folds'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+local bit = require('bit')
+
+test:plan(4)
+
+-- Generic function for `bit.ror()`, `bit.rol()`.
+local function bitop_rotation(bitop)
+  local r = {}
+  for i = 1, 4 do
+    -- (i & k1) o k2 ==> (i o k2) & (k1 o k2)
+    local int64 = bit.band(i, 7LL)
+    r[i] = tonumber(bitop(int64, 32))
+  end
+  return r
+end
+
+-- Similar function for `bit.rshift()`.
+local function bitop_rshift_signed()
+  local r = {}
+  for i = 1, 4 do
+    -- (i & k1) o k2 ==> (i o k2) & (k1 o k2)
+    -- XXX: Use `-i` instead of `i` to prevent other folding due
+    -- to IR difference so the IRs don't match fold rule mask.
+    -- (-i & 7LL) < 1 << 32 => result == 0.
+    local int64 = bit.band(-i, 7LL)
+    r[i] = tonumber(bit.rshift(int64, 32))
+  end
+  return r
+end
+
+-- A little bit different example, which leads to the assertion
+-- failure due to the incorrect recording.
+local function bitop_rshift_huge()
+  local r = {}
+  for i = 1, 4 do
+    -- (i & k1) o k2 ==> (i o k2) & (k1 o k2)
+    -- XXX: Need to use cast to the int64_t via `+ 0LL`, see the
+    -- documentation [1] for the details.
+    -- [1]: https://bitop.luajit.org/semantics.html
+    local int64 = bit.band(2 ^ 33 + i, 2 ^ 33 + 0LL)
+    r[i] = tonumber(bit.rshift(int64, 32))
+  end
+  return r
+end
+
+local function test_64bitness(subtest, payload_func, bitop)
+  subtest:plan(1)
+
+  jit.off()
+  jit.flush()
+  local results_joff = payload_func(bitop)
+  jit.on()
+  -- Reset hotcounters.
+  jit.opt.start('hotloop=1')
+  local results_jon = payload_func(bitop)
+  subtest:is_deeply(results_jon, results_joff,
+                    'same results for VM and JIT for ' .. subtest.name)
+end
+
+test:test('rol', test_64bitness, bitop_rotation, bit.rol)
+test:test('ror', test_64bitness, bitop_rotation, bit.ror)
+test:test('rshift signed', test_64bitness, bitop_rshift_signed)
+test:test('rshift huge',   test_64bitness, bitop_rshift_huge)
+
+test:done(true)
-- 
2.46.2