Hi, Sergey,
LGTM
Yep, with -DLUA_USE_ASSERT=ON it is reproduced.Hi, Sergey! Thanks for the review. See my answer below. On 04.03.26, Sergey Bronnikov wrote:Hi, Sergey, thanks for the patch! The bug cannot be reproduced with reverted fix. CMake: cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug -DLUAJIT_NUMMODE=2You need to enable assertions as well.
Sergey On 3/2/26 11:14, Sergey Kaplun wrote:From: Mike Pall <mike> Reported by Sergey Kaplun. (cherry picked from commit 406cf69b3ae0a3ecd5ede2bb97b937b7a5d92074) `rec_for_loop()` narrows the FORL index values by getting them from the runtime. In case when the `start`, `stop`, `step` control variables are already loaded to the slots, their TRef isn't converted to the corresponding type. This leads to the following inconsistent IR dump and to the assertion failure later: | 0002 > int SLOAD 10 TCI | 0003 int ADD 0002 +1. | 0004 > int LE 0003 +1. | 0005 int ADD 0003 +1. | 0006 > int GT 0005 +1. This patch adds the missing type conversion. Sergey Kaplun: * added the description and the test for the problem Part of tarantool/tarantool#12134 --- Branch:https://github.com/tarantool/luajit/tree/skaplun/lj-1413-missing-conv-fori Related issues: *https://github.com/LuaJIT/LuaJIT/issues/1413 *https://github.com/tarantool/tarantool/issues/12134<snipped>