[tarantool-patches] [PATCH 1/1] luajit: fix string.find recording

[tarantool-patches] [PATCH 1/1] luajit: fix string.find recording

[Igor Munkin]

Fix provided within 587532e leads to invalid end index of the string
being matched while recording

Test related to this bug is also provided within this changeset

Relates to: LuaJIT gh-505
Fix: tarantool gh-4476
---
 src/lj_ffrecord.c                       |  4 +-
 test/fix_string_find_recording.test.lua | 79 +++++++++++++++++++++++++
 2 files changed, 81 insertions(+), 2 deletions(-)
 create mode 100755 test/fix_string_find_recording.test.lua

diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c
index 632b8f2..8dfa80e 100644
--- a/src/lj_ffrecord.c
+++ b/src/lj_ffrecord.c
@@ -950,8 +950,8 @@ static void LJ_FASTCALL recff_string_find(jit_State *J, RecordFFData *rd)
       TRef pos;
       emitir(IRTG(IR_NE, IRT_PGC), tr, trp0);
       /* Caveat: can't use STRREF trstr 0 here because that might be pointing into a wrong string due to folding. */
-      pos = emitir(IRTI(IR_SUB), tr, trsptr);
-      J->base[0] = emitir(IRTI(IR_ADD), pos, emitir(IRTI(IR_ADD), trstart, lj_ir_kint(J, 1)));
+      pos = emitir(IRTI(IR_ADD), trstart, emitir(IRTI(IR_SUB), tr, trsptr));
+      J->base[0] = emitir(IRTI(IR_ADD), pos, lj_ir_kint(J, 1));
       J->base[1] = emitir(IRTI(IR_ADD), pos, trplen);
       rd->nres = 2;
     } else {
diff --git a/test/fix_string_find_recording.test.lua b/test/fix_string_find_recording.test.lua
new file mode 100755
index 0000000..d3fc9e1
--- /dev/null
+++ b/test/fix_string_find_recording.test.lua
@@ -0,0 +1,79 @@
+#!/usr/bin/env tarantool
+
+tap = require('tap')
+
+test = tap.test("fix-string-find-recording")
+test:plan(1)
+
+local err = [[module 'kit.1.10.3-136' not found:
+	no field package.preload['kit.1.10.3-136']
+	no file './kit/1/10/3-136.lua'
+	no file './kit/1/10/3-136/init.lua'
+	no file './kit/1/10/3-136.so'
+	no file '/bug/.rocks/share/tarantool/kit/1/10/3-136.lua'
+	no file '/bug/.rocks/share/tarantool/kit/1/10/3-136/init.lua'
+	no file '/.rocks/share/tarantool/kit/1/10/3-136.lua'
+	no file '/.rocks/share/tarantool/kit/1/10/3-136/init.lua'
+	no file '/bug/.rocks/lib/tarantool/kit/1/10/3-136.so'
+	no file '/.rocks/lib/tarantool/kit/1/10/3-136.so'
+	no file '/bug/app/kit/1/10/3-136.lua'
+	no file '/bug/app/kit/1/10/3-136/init.lua'
+	no file '/bug/libs/share/lua/5.1/kit/1/10/3-136.lua'
+	no file '/bug/libs/share/lua/5.1/kit/1/10/3-136/init.lua'
+	no file '/root/.luarocks/share/lua/5.1/kit/1/10/3-136.lua'
+	no file '/root/.luarocks/share/lua/5.1/kit/1/10/3-136/init.lua'
+	no file '/root/.luarocks/share/lua/kit/1/10/3-136.lua'
+	no file '/root/.luarocks/share/lua/kit/1/10/3-136/init.lua'
+	no file '/usr/local/share/tarantool/kit/1/10/3-136.lua'
+	no file '/usr/local/share/tarantool/kit/1/10/3-136/init.lua'
+	no file '/usr/share/tarantool/kit/1/10/3-136.lua'
+	no file '/usr/share/tarantool/kit/1/10/3-136/init.lua'
+	no file '/usr/local/share/lua/5.1/kit/1/10/3-136.lua'
+	no file '/usr/local/share/lua/5.1/kit/1/10/3-136/init.lua'
+	no file '/usr/share/lua/5.1/kit/1/10/3-136.lua'
+	no file '/usr/share/lua/5.1/kit/1/10/3-136/init.lua'
+	no file '/bug/libs/lib/lua/5.1/kit/1/10/3-136.so'
+	no file '/bug/libs/lib/lua/kit/1/10/3-136.so'
+	no file '/bug/libs/lib64/lua/5.1/kit/1/10/3-136.so'
+	no file '/root/.luarocks/lib/lua/5.1/kit/1/10/3-136.so'
+	no file '/root/.luarocks/lib/lua/kit/1/10/3-136.so'
+	no file '/usr/local/lib64/tarantool/kit/1/10/3-136.so'
+	no file '/usr/lib64/tarantool/kit/1/10/3-136.so'
+	no file '/usr/local/lib64/lua/5.1/kit/1/10/3-136.so'
+	no file '/usr/lib64/lua/5.1/kit/1/10/3-136.so'
+	no file '/bug/libs/lib/lua/5.1/kit.so'
+	no file '/bug/libs/lib/lua/kit.so'
+	no file '/bug/libs/lib64/lua/5.1/kit.so'
+	no file '/root/.luarocks/lib/lua/5.1/kit.so'
+	no file '/root/.luarocks/lib/lua/kit.so'
+	no file '/usr/local/lib64/tarantool/kit.so'
+	no file '/usr/lib64/tarantool/kit.so'
+	no file '/usr/local/lib64/lua/5.1/kit.so'
+	no file '/usr/lib64/lua/5.1/kit.so']]
+
+local at, s, e
+local count_vm = 0
+
+jit.off()
+
+repeat
+  s, e = err:find("\n\t", at, true)
+  at = e
+  count_vm = count_vm + 1
+until not e
+
+local count_jit = 0
+
+jit.on()
+jit.opt.start(0, 'hotloop=1')
+
+repeat
+  s, e = err:find("\n\t", at, true)
+  at = e
+  count_jit = count_jit + 1
+  assert(count_jit <= count_vm, "Trace goes in cycles")
+until not e
+
+test:is(count_vm, count_jit)
+
+test:check()
-- 
2.22.1

[tarantool-patches] Re: [tarantool-patches] [PATCH 1/1] luajit: fix string.find recording

[Sergey Ostanevich]

[-- Attachment #1: Type: text/plain, Size: 4682 bytes --]

Looks good to me and @mraleph:  https://github.com/LuaJIT/LuaJIT/issues/505#issuecomment-528482812  



>Четверг,  5 сентября 2019, 20:55 +03:00 от Igor Munkin <imun@tarantool.org>:
>
>Fix provided within 587532e leads to invalid end index of the string
>being matched while recording
>
>Test related to this bug is also provided within this changeset
>
>Relates to: LuaJIT gh-505
>Fix: tarantool gh-4476
>---
> src/lj_ffrecord.c                       |  4 +-
> test/fix_string_find_recording.test.lua | 79 +++++++++++++++++++++++++
> 2 files changed, 81 insertions(+), 2 deletions(-)
> create mode 100755 test/fix_string_find_recording.test.lua
>
>diff --git a/src/lj_ffrecord.c b/src/lj_ffrecord.c
>index 632b8f2..8dfa80e 100644
>--- a/src/lj_ffrecord.c
>+++ b/src/lj_ffrecord.c
>@@ -950,8 +950,8 @@ static void LJ_FASTCALL recff_string_find(jit_State *J, RecordFFData *rd)
>       TRef pos;
>       emitir(IRTG(IR_NE, IRT_PGC), tr, trp0);
>       /* Caveat: can't use STRREF trstr 0 here because that might be pointing into a wrong string due to folding. */
>-      pos = emitir(IRTI(IR_SUB), tr, trsptr);
>-      J->base[0] = emitir(IRTI(IR_ADD), pos, emitir(IRTI(IR_ADD), trstart, lj_ir_kint(J, 1)));
>+      pos = emitir(IRTI(IR_ADD), trstart, emitir(IRTI(IR_SUB), tr, trsptr));
>+      J->base[0] = emitir(IRTI(IR_ADD), pos, lj_ir_kint(J, 1));
>       J->base[1] = emitir(IRTI(IR_ADD), pos, trplen);
>       rd->nres = 2;
>     } else {
>diff --git a/test/fix_string_find_recording.test.lua b/test/fix_string_find_recording.test.lua
>new file mode 100755
>index 0000000..d3fc9e1
>--- /dev/null
>+++ b/test/fix_string_find_recording.test.lua
>@@ -0,0 +1,79 @@
>+#!/usr/bin/env tarantool
>+
>+tap = require('tap')
>+
>+test = tap.test("fix-string-find-recording")
>+test:plan(1)
>+
>+local err = [[module 'kit.1.10.3-136' not found:
>+	no field package.preload['kit.1.10.3-136']
>+	no file './kit/1/10/3-136.lua'
>+	no file './kit/1/10/3-136/init.lua'
>+	no file './kit/1/10/3-136.so'
>+	no file '/bug/.rocks/share/tarantool/kit/1/10/3-136.lua'
>+	no file '/bug/.rocks/share/tarantool/kit/1/10/3-136/init.lua'
>+	no file '/.rocks/share/tarantool/kit/1/10/3-136.lua'
>+	no file '/.rocks/share/tarantool/kit/1/10/3-136/init.lua'
>+	no file '/bug/.rocks/lib/tarantool/kit/1/10/3-136.so'
>+	no file '/.rocks/lib/tarantool/kit/1/10/3-136.so'
>+	no file '/bug/app/kit/1/10/3-136.lua'
>+	no file '/bug/app/kit/1/10/3-136/init.lua'
>+	no file '/bug/libs/share/lua/5.1/kit/1/10/3-136.lua'
>+	no file '/bug/libs/share/lua/5.1/kit/1/10/3-136/init.lua'
>+	no file '/root/.luarocks/share/lua/5.1/kit/1/10/3-136.lua'
>+	no file '/root/.luarocks/share/lua/5.1/kit/1/10/3-136/init.lua'
>+	no file '/root/.luarocks/share/lua/kit/1/10/3-136.lua'
>+	no file '/root/.luarocks/share/lua/kit/1/10/3-136/init.lua'
>+	no file '/usr/local/share/tarantool/kit/1/10/3-136.lua'
>+	no file '/usr/local/share/tarantool/kit/1/10/3-136/init.lua'
>+	no file '/usr/share/tarantool/kit/1/10/3-136.lua'
>+	no file '/usr/share/tarantool/kit/1/10/3-136/init.lua'
>+	no file '/usr/local/share/lua/5.1/kit/1/10/3-136.lua'
>+	no file '/usr/local/share/lua/5.1/kit/1/10/3-136/init.lua'
>+	no file '/usr/share/lua/5.1/kit/1/10/3-136.lua'
>+	no file '/usr/share/lua/5.1/kit/1/10/3-136/init.lua'
>+	no file '/bug/libs/lib/lua/5.1/kit/1/10/3-136.so'
>+	no file '/bug/libs/lib/lua/kit/1/10/3-136.so'
>+	no file '/bug/libs/lib64/lua/5.1/kit/1/10/3-136.so'
>+	no file '/root/.luarocks/lib/lua/5.1/kit/1/10/3-136.so'
>+	no file '/root/.luarocks/lib/lua/kit/1/10/3-136.so'
>+	no file '/usr/local/lib64/tarantool/kit/1/10/3-136.so'
>+	no file '/usr/lib64/tarantool/kit/1/10/3-136.so'
>+	no file '/usr/local/lib64/lua/5.1/kit/1/10/3-136.so'
>+	no file '/usr/lib64/lua/5.1/kit/1/10/3-136.so'
>+	no file '/bug/libs/lib/lua/5.1/kit.so'
>+	no file '/bug/libs/lib/lua/kit.so'
>+	no file '/bug/libs/lib64/lua/5.1/kit.so'
>+	no file '/root/.luarocks/lib/lua/5.1/kit.so'
>+	no file '/root/.luarocks/lib/lua/kit.so'
>+	no file '/usr/local/lib64/tarantool/kit.so'
>+	no file '/usr/lib64/tarantool/kit.so'
>+	no file '/usr/local/lib64/lua/5.1/kit.so'
>+	no file '/usr/lib64/lua/5.1/kit.so']]
>+
>+local at, s, e
>+local count_vm = 0
>+
>+jit.off()
>+
>+repeat
>+  s, e = err:find("\n\t", at, true)
>+  at = e
>+  count_vm = count_vm + 1
>+until not e
>+
>+local count_jit = 0
>+
>+jit.on()
>+jit.opt.start(0, 'hotloop=1')
>+
>+repeat
>+  s, e = err:find("\n\t", at, true)
>+  at = e
>+  count_jit = count_jit + 1
>+  assert(count_jit <= count_vm, "Trace goes in cycles")
>+until not e
>+
>+test:is(count_vm, count_jit)
>+
>+test:check()
>-- 
>2.22.1
>
>


-- 
Sergey Ostanevich

[-- Attachment #2: Type: text/html, Size: 5695 bytes --]

[tarantool-patches] Re: [PATCH 1/1] luajit: fix string.find recording

[Kirill Yukhin]

Hello,

On 05 Sep 20:57, Igor Munkin wrote:
> Fix provided within 587532e leads to invalid end index of the string
> being matched while recording
> 
> Test related to this bug is also provided within this changeset
> 
> Relates to: LuaJIT gh-505
> Fix: tarantool gh-4476

I've checked your patch into 1.10, 2.1, 2.2 and master.

--
Regards, Kirill Yukhin