From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 1EA9A96D1E1;
	Tue, 16 Jan 2024 12:46:41 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 1EA9A96D1E1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1705398401; bh=brt1GGNh0qX8w0CHdW9JxMp+sMMsqRtFOgpUuwelVdM=;
	h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=vhQKenjS3p8TGExZYNyhzbXfdy/zkLwlg35289o9nvtOAq9pInWwII2ojtJi627Cj
	 kfiNZAN3/Y7YL2Cw95gv3eUyoexzYjTwv2QZtUWyaluKy1wGKHu7ULtnrSm5ZaZXVd
	 cpxauAU9DDa4uiWHZJyHEKOCY64bghEeNnUEF8fU=
Received: from smtp41.i.mail.ru (smtp41.i.mail.ru [95.163.41.64])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 19C2A96D1DA
 for <tarantool-patches@dev.tarantool.org>;
 Tue, 16 Jan 2024 12:46:39 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 19C2A96D1DA
Received: by smtp41.i.mail.ru with esmtpa (envelope-from
 <sergeyb@tarantool.org>)
 id 1rPg1m-0068W9-05; Tue, 16 Jan 2024 12:46:38 +0300
Message-ID: <8cd5bacd-99e0-4227-b15a-7b7b6ebf17bc@tarantool.org>
Date: Tue, 16 Jan 2024 12:46:37 +0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Maxim Kokryashkin <max.kokryashkin@gmail.com>,
 tarantool-patches@dev.tarantool.org, skaplun@tarantool.org
References: <20240115142914.22527-1-m.kokryashkin@tarantool.org>
In-Reply-To: <20240115142914.22527-1-m.kokryashkin@tarantool.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD950579510D3C71096099F67255A28B1AE58695AF48E8B7AA500894C459B0CD1B90850FDF10A01D12BAB93E6EDD0545494965C3C3A77F08F351A3BE929C6DF5677
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7E50EC9128971FD6EEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F79006375E7A1B5661595F038638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8F1A8CE0B56949CF10F976168DC5178C4117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC3733B5EC72352B9FA471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD1828451B159A507268D2E47CDBA5A96583BA9C0B312567BB2376E601842F6C81A19E625A9149C048EECCD848CCB6FE560C1B0CC92B5A49C88ED8FC6C240DEA76429C9F4D5AE37F343AA9539A8B242431040A6AB1C7CE11FEE3D95D32202655EC452D242C3BD2E3F4C6C4224003CC836476E2F48590F00D11D6E2021AF6380DFAD1A18204E546F3947C1D471462564A2E192E808ACE2090B5E1725E5C173C3A84C3ED8438A78DFE0A9E089D37D7C0E48F6C8AA50765F790063723B0D190C46BCD7DEFF80C71ABB335746BA297DBC24807EABDAD6C7F3747799A
X-C1DE0DAB: 0D63561A33F958A5500B02CFA77A00A8D710D43003F12D6D7F3818F7AA440AD6F87CCE6106E1FC07E67D4AC08A07B9B04AB4081B6A6C2E07CB5012B2E24CD356
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF9742D3E59C788924575E799FF646188E10A22EEEE0C08674435859083705E683110A92F5D16EB67F151C858F58AF324743A8979E6BB0CEB737D1F7D70B553259E48CAC7CA610320002C26D483E81D6BE0DBAE6F56676BC7117BB6831D7356A2DEC5B5AD62611EEC62B5AFB4261A09AF0
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioji89z+8RvaBO2FvaUKpcQ4g==
X-Mailru-Sender: 11C2EC085EDE56FAC07928AF2646A7696A01B5460B9B526F683C42D2331F2C2B60497F7EF99AAC8FEBA65886582A37BD66FEC6BF5C9C28D98A98C1125256619760D574B6FC815AB872D6B4FCE48DF648AE208404248635DF
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH luajit] Fix recording of __concat
 metamethod.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Bronnikov via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Bronnikov <sergeyb@tarantool.org>
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Max, thanks for the patch!

LGTM

On 1/15/24 17:29, Maxim Kokryashkin wrote:
> From: Mike Pall <mike>
>
> Reported by Elias Oelschner. Analyzed by XmiliaH.
>
> (cherry-picked from commit 3ee3c9cfa988339f1bf3068530515e2a6fb179d2)
>
> During the recording of `__concat` methametod, the `rec_mm_arith`
> function overrides stack slots that are not restored for GC64
> mode later after the call. This leads to a segmentation fault
> later on. This patch fixes the issue by accounting for those
> additional slots in the array that is used to restore stack
> values.
>
> Maxim Kokryashkin:
> * added the description and the test for the problem
>
> Part of tarantool/tarantool#9145
> ---
> Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-839-concat-recording
> PR: https://github.com/tarantool/tarantool/pull/9597
> Issues: https://github.com/tarantool/tarantool/issues/9145
> https://github.com/luajit/luajit/issues/839
>
>   src/lj_record.c                               |  2 +-
>   .../lj-839-concat-recording.test.lua          | 27 +++++++++++++++++++
>   2 files changed, 28 insertions(+), 1 deletion(-)
>   create mode 100644 test/tarantool-tests/lj-839-concat-recording.test.lua
>
> diff --git a/src/lj_record.c b/src/lj_record.c
> index a929b8aa..59549b03 100644
> --- a/src/lj_record.c
> +++ b/src/lj_record.c
> @@ -1932,7 +1932,7 @@ static TRef rec_tnew(jit_State *J, uint32_t ah)
>   static TRef rec_cat(jit_State *J, BCReg baseslot, BCReg topslot)
>   {
>     TRef *top = &J->base[topslot];
> -  TValue savetv[5];
> +  TValue savetv[5+LJ_FR2];
>     BCReg s;
>     RecordIndex ix;
>     lj_assertJ(baseslot < topslot, "bad CAT arg");
> diff --git a/test/tarantool-tests/lj-839-concat-recording.test.lua b/test/tarantool-tests/lj-839-concat-recording.test.lua
> new file mode 100644
> index 00000000..9ec0ed96
> --- /dev/null
> +++ b/test/tarantool-tests/lj-839-concat-recording.test.lua
> @@ -0,0 +1,27 @@
> +local tap = require('tap')
> +local test = tap.test('lj-839-concat-recording'):skipcond({
> +  ['Test requires JIT enabled'] = not jit.status(),
> +})
> +test:plan(1)
> +
> +-- Test file to demonstrate LuaJIT overriding stack slots without
> +-- restoration during the recording of the concat metamethod.
> +-- See also: https://github.com/LuaJIT/LuaJIT/issues/839.
> +
> +-- Setup value with the `__concat` metamethod.
> +local v1 = setmetatable({}, {
> +    __concat = function() return "" end,
> +});
> +
> +jit.opt.start('hotloop=1')
> +local result
> +for _ = 1, 4 do
> +  result = v1 .. ""  .. v1 ..  ""
> +end
> +
> +-- There should be an empty string in case of success.
> +-- Failure results in a segmentation fault.
> +-- The issue is GC64-specific, yet it is still being tested for
> +-- other builds.
> +test:is(result, '', 'correct stack restoration')
> +test:done(true)
> --
> 2.43.0
>