[Tarantool-patches] [PATH luajit] GC64: fix 64-bit constant fusion

[Sergey Ostanevich via Tarantool-patches <tarantool-patches@dev.tarantool.org>]

Author: Mike Pall <mike>
Date:   Mon Aug 28 10:43:37 2017 +0200

    x64/LJ_GC64: Fix fallback case of asm_fuseloadk64().

    Contributed by Peter Cawley.

    (cherry picked from commit 6b0824852677cc12570c20a3211fbfe0e4f0ce14)

    Code generation under LJ_GC64 missed an update to the mcode area after
    a 64bit constant encoding. This lead to a corruption to the constant
    later on.
    The problem is rather rare, since there should be big enough (4GiB)
    distance from the currently allocated mcode to the dispatch pointer.
    This lead to a number of flaky tests, trackers are addressed.

    Sergey Ostanevich:
    * added the description and the test for the problem

    Closes: #4095, #4199, #4614

    Signed-off-by: Sergey Ostanevich <sergos@tarantool.org>

diff --git a/src/lj_asm_x86.h b/src/lj_asm_x86.h
index 767bf6f3..2850aea9 100644
--- a/src/lj_asm_x86.h
+++ b/src/lj_asm_x86.h
@@ -387,6 +387,7 @@ static Reg asm_fuseloadk64(ASMState *as, IRIns *ir)
       ir->i = (int32_t)(as->mctop - as->mcbot);
       as->mcbot += 8;
       as->mclim = as->mcbot + MCLIM_REDZONE;
+      lj_mcode_commitbot(as->J, as->mcbot);
     }
     as->mrm.ofs = (int32_t)mcpofs(as, as->mctop - ir->i);
     as->mrm.base = RID_RIP;
diff --git a/test/tarantool-tests/gh-4199-gc64-flaky.test.lua b/test/tarantool-tests/gh-4199-gc64-flaky.test.lua
new file mode 100644
index 00000000..3ac30427
--- /dev/null
+++ b/test/tarantool-tests/gh-4199-gc64-flaky.test.lua
@@ -0,0 +1,63 @@
+-- the test is GC64 only
+local ffi=require('ffi')
+require('utils').skipcond(not ffi.abi('gc64'), 'test is GC64 only')
+
+local tap = require("tap")
+local test = tap.test("gh-4199-gc64-flaky")
+test:plan(1)
+
+-- first - we have to make a gap from current JIT infra to next
+-- available mappable memory
+-- most efficient is to grab it per-page
+
+
+ffi.cdef('void * mmap(void *start, size_t length, int prot , int flags, int fd, long offset);')
+ffi.cdef('long getpagesize();')
+
+local pagesize = tonumber(ffi.C.getpagesize())
+local blob = {}
+for i=1, 4e9/pagesize do
+        blob[i] = ffi.C.mmap(ffi.cast('void*',0), pagesize, 0, 0x22, 0, 0)
+        assert(blob[i] ~= 0)
+end
+
+-- try to chomp all memory in currently allocated gc space
+collectgarbage('stop')
+local dummy={'a'}
+for i=2,30 do
+        dummy[i] = dummy[i - 1] .. dummy[i - 1]
+end
+
+-- generate a bunch of functions and keep them stored to trigger wrong constant placement
+
+local s={}
+local pass = true
+
+jit.opt.start('hotloop=1’)
+for n=1,100 do
+        local src='function f'.. n .. [[(x,y,z,f,g,h,j,k,r,c,d)
+                local a={}
+                for i=1,1e6 do
+                        a[i] = x + y + z + f + g + h + j + k + r + c + d
+                        if (x > 0) then a[i] = a[i] + 1.1 end
+                        if (c > 0) then a[i] = a[i] + 2.2 end
+                        if (z > 0) then a[i] = a[i] + 3.3 end
+                        if (f > 0) then a[i] = a[i] + 4.4 end
+                        x=x+r
+                        y=y-c
+                        z=z+d
+                end
+                return a[1]
+        end
+        return f]] .. n ..'(...)'
+
+        s[n] = assert(load(src))
+        local res1 = s[n](1,2,3,4,5,6,7,8,9,10,11)
+        local res2 = s[n](1,2,3,4,5,6,7,8,9,10,11)
+        if (res1 ~= res2) then
+                pass = false
+                break
+        end
+end
+
+test:ok(pass, 'wrong IR constant fuse')