From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id A00651BB058B; Thu, 12 Mar 2026 09:52:16 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A00651BB058B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1773298336; bh=Q0nX3V+6qhghRgShmo+bt2i233km14zeaU6iYHxgAdw=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=iVzTRkoHbyNKbP1/aoY7vBLiPlfMJ26BEc4qx9w/WApYK9DFHLwdEzxRFzyIoqG3G 8DAK96g5yw8CVsqd1UhXfrvfAZozyzspVU8MYQir1ylI4B78dvL8NJZmVHWeZ+tIjR lsyxdkRMmnwGZ34QQvfHaSxlsRfG8Q1+pZfLZmqw= Received: from send126.i.mail.ru (send126.i.mail.ru [89.221.237.221]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 772221BB0589 for ; Thu, 12 Mar 2026 09:52:14 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 772221BB0589 Received: by exim-smtp-695fc89d9f-fjgqs with esmtpa (envelope-from ) id 1w0Zu1-00000000NDx-17zp; Thu, 12 Mar 2026 09:52:13 +0300 Content-Type: multipart/alternative; boundary="------------lWznunELmQc2LbZ0fZL0s9HU" Message-ID: <86ecb5ef-9041-40b5-a53d-1921c9a07076@tarantool.org> Date: Thu, 12 Mar 2026 09:52:11 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun Cc: Sergey Bronnikov , tarantool-patches@dev.tarantool.org References: <51e75e7052824de65036abd2f5807a1224f438aa.1765350224.git.sergeyb@tarantool.org> <2c57321f-06c6-4a31-bb69-118a7dd09cce@tarantool.org> In-Reply-To: X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 646B95376F6C166E X-77F55803: 4F1203BC0FB41BD91ABAE9865AC7DC8857B77F625E8FF4B706F175266ECB635F182A05F538085040865B82D330D346883DE06ABAFEAF67059900D21AC5DF1267C1A9894151BF59B7905ACC07F38A81FE X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7196003627DEC9496EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637AC83A81C8FD4AD23D82A6BABE6F325AC2E85FA5F3EDFCBAA7353EFBB5533756627194F95AE6E7C2D62260F6A58F6B7D77AB11AA3C7644131267F6B7414B91D9A389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0DCF4F0DC832992758941B15DA834481FCF19DD082D7633A0EF3E4896CB9E6436389733CBF5DBD5E9D5E8D9A59859A8B6042F1592492B88C6CC7F00164DA146DA6F5DAA56C3B73B237318B6A418E8EAB8D32BA5DBAC0009BE9E8FC8737B5C22496040CC107394EA4476E601842F6C81A12EF20D2F80756B5FB606B96278B59C4276E601842F6C81A127C277FBC8AE2E8B485CA73C03513DAC3AA81AA40904B5D99C9F4D5AE37F343AD1F44FA8B9022EA23BBE47FD9DD3FB595F5C1EE8F4F765FC72CEEB2601E22B093A03B725D353964B0B7D0EA88DDEDAC722CA9DD8327EE4930A3850AC1BE2E735BA6625F88748EAEFC4224003CC83647689D4C264860C145E X-C1DE0DAB: 0D63561A33F958A5AB35CE28CC546F085002B1117B3ED696A6388BD8E544E0308D59E407A97E9958823CB91A9FED034534781492E4B8EEAD69BF13FED57427F1BDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0AD73CAD6646DEDE191716CD42B3DD1D34CAB70F9BE574AE9C625B6776AC983F447FC0B9F89525902EE6F57B2FD27647F25E66C117BDB76D659C0946B2819513C879003E55AC00DD750E5D128E9A97C3ECB3A1ECE148696852237CF3A16F68825A4B8341EE9D5BE9A0A4AD4DA22B4606E0107AD520EA5EA776B38931D3DC1BE2A056536EB022892E5344C41F94D744909CE2512F26BEC029E55448553D2254B8D95CD72808BE417F3B9E0E7457915DAA85F X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu53w8ahmwBjZKM/YPHZyZHvz5uv+WouB9+ObcCpyrx6l7KImUglyhkEat/+ysWwi0gdhEs0JGjl6ggRWTy1haxBpVdbIX1nthFXMZebaIdHP2ghjoIc/363UZI6Kf1ptIMVdbVVJCphTR/BfPkj016jJk= X-Mailru-Sender: C4F68CFF4024C8867DFDF7C7F25884582F40FD8454C3EB23AA70CB78A12CDBB550D5B3DC9FB0BF4C19405ECA2167BCCD645D15D82EE4B272BD6E4642A116CA93524AA66B5ACBE6721EF430B9A63E2A504198E0F3ECE9B5443453F38A29522196 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit 2/3][v2] LJ_FR2: Fix stack checks in vararg calls. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------lWznunELmQc2LbZ0fZL0s9HU Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Sergey, see the answer below Sergey On 3/4/26 12:49, Sergey Kaplun wrote: > Sergey, > > On 16.02.26, Sergey Bronnikov wrote: >> Hi, Sergey, >> >> thanks for review! >> >> On 2/11/26 11:30, Sergey Kaplun via Tarantool-patches wrote: >>> On 10.12.25, Sergey Bronnikov wrote: > > >>>> diff --git a/src/lj_dispatch.c b/src/lj_dispatch.c >>>> index a44a5adf..431cb3c2 100644 >>>> --- a/src/lj_dispatch.c >>>> +++ b/src/lj_dispatch.c >>>> @@ -453,7 +453,7 @@ static int call_init(lua_State *L, GCfunc *fn) >>>> int numparams = pt->numparams; >>>> int gotparams = (int)(L->top - L->base); >>>> int need = pt->framesize; >>>> - if ((pt->flags & PROTO_VARARG)) need += 1+gotparams; >>>> + if ((pt->flags & PROTO_VARARG)) need += 1+LJ_FR2+gotparams; >>>> lj_state_checkstack(L, (MSize)need); >>>> numparams -= gotparams; >>>> return numparams >= 0 ? numparams : 0; >>> Let's add an additional test for this part of code (since we don't have >>> any). It may be taken from [1]. It doesn't fail now, but we may cover >>> this branch more precise. >> Don't get what do you mean. >> >> true branch in gc32 is covered by the following tests: >> >> test/LuaJIT-tests >> test/PUC-Rio-Lua-5.1-tests >> test/tarantool-c-tests/lj-1087-vm-handler-call.c_test >> test/tarantool-tests/fix-ff-select-recording.test.lua >> test/tarantool-tests/fix-mips64-spare-side-exit-patching.test.lua >> test/tarantool-tests/fix-slot-check-for-mm-record.test.lua >> test/tarantool-tests/fix-slots-overflow-for-varg-record.test.lua >> test/tarantool-tests/gh-6098-fix-side-exit-patching-on-arm64.test.lua >> test/tarantool-tests/lj-1024-varg-maxslot.test.lua >> test/tarantool-tests/lj-1025-tsetm-maxslot.test.lua >> test/tarantool-tests/lj-1026-arm64-invalid-hrefk-offset-check.test.lua >> test/tarantool-tests/lj-1046-fix-bc-varg-recording.test.lua >> test/tarantool-tests/lj-1164-record-meta-concat-varg-pcall.test.lua >> test/tarantool-tests/lj-1295-bad-renames-for-sunk-values.test.lua >> test/tarantool-tests/lj-584-bad-renames-for-sunk-values.test.lua >> test/tarantool-tests/lj-704-bc-varg-use-def.test.lua > Just the true branch isn't enough. We need the true branch when the > stack needs to be reallocated, like in the [1]. When I check this issue > (with 1 removed) none of our tests catches the incorrect behaviour. You > may refer to the test like lj-1402-vararg-realloc-check.test.lua. The > comment in the test should clarify that this is to avoid regressions in > the future. A new file with test was added (see test/tarantool-tests/gh-1402-call_init-regression.test.lua). The branch was force-pushed. > > >>> [1]:https://github.com/LuaJIT/LuaJIT/issues/1402#issue-3569942423 >>> --------------lWznunELmQc2LbZ0fZL0s9HU Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Hi, Sergey,

see the answer below

Sergey

On 3/4/26 12:49, Sergey Kaplun wrote:
Sergey,

On 16.02.26, Sergey Bronnikov wrote:

Hi, Sergey,

thanks for review!

On 2/11/26 11:30, Sergey Kaplun via Tarantool-patches wrote:

On 10.12.25, Sergey Bronnikov wrote:

<snipped>


diff --git a/src/lj_dispatch.c b/src/lj_dispatch.c
index a44a5adf..431cb3c2 100644
--- a/src/lj_dispatch.c
+++ b/src/lj_dispatch.c
@@ -453,7 +453,7 @@ static int call_init(lua_State *L, GCfunc *fn)
      int numparams = pt->numparams;
      int gotparams = (int)(L->top - L->base);
      int need = pt->framesize;
-    if ((pt->flags & PROTO_VARARG)) need += 1+gotparams;
+    if ((pt->flags & PROTO_VARARG)) need += 1+LJ_FR2+gotparams;
      lj_state_checkstack(L, (MSize)need);
      numparams -= gotparams;
      return numparams >= 0 ? numparams : 0;

Let's add an additional test for this part of code (since we don't have
any). It may be taken from [1]. It doesn't fail now, but we may cover
this branch more precise.

Don't get what do you mean.

true branch in gc32 is covered by the following tests:

test/LuaJIT-tests
test/PUC-Rio-Lua-5.1-tests
test/tarantool-c-tests/lj-1087-vm-handler-call.c_test
test/tarantool-tests/fix-ff-select-recording.test.lua
test/tarantool-tests/fix-mips64-spare-side-exit-patching.test.lua
test/tarantool-tests/fix-slot-check-for-mm-record.test.lua
test/tarantool-tests/fix-slots-overflow-for-varg-record.test.lua
test/tarantool-tests/gh-6098-fix-side-exit-patching-on-arm64.test.lua
test/tarantool-tests/lj-1024-varg-maxslot.test.lua
test/tarantool-tests/lj-1025-tsetm-maxslot.test.lua
test/tarantool-tests/lj-1026-arm64-invalid-hrefk-offset-check.test.lua
test/tarantool-tests/lj-1046-fix-bc-varg-recording.test.lua
test/tarantool-tests/lj-1164-record-meta-concat-varg-pcall.test.lua
test/tarantool-tests/lj-1295-bad-renames-for-sunk-values.test.lua
test/tarantool-tests/lj-584-bad-renames-for-sunk-values.test.lua
test/tarantool-tests/lj-704-bc-varg-use-def.test.lua

Just the true branch isn't enough. We need the true branch when the
stack needs to be reallocated, like in the [1]. When I check this issue
(with 1 removed) none of our tests catches the incorrect behaviour. You
may refer to the test like lj-1402-vararg-realloc-check.test.lua. The
comment in the test should clarify that this is to avoid regressions in
the future.

A new file with test was added (see test/tarantool-tests/gh-1402-call_init-regression.test.lua).

The branch was force-pushed.

<snipped>


[1]:https://github.com/LuaJIT/LuaJIT/issues/1402#issue-3569942423



    

  
  


--------------lWznunELmQc2LbZ0fZL0s9HU--