From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 1547F6E44D; Thu, 14 Oct 2021 11:58:10 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 1547F6E44D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1634201890; bh=AkrSJJQt98gdKU3uk6guSnJTIERuMG+/Wq00lGvSuIs=; h=Date:In-Reply-To:To:References:Subject:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=XgmPtQdXCVxV2OZzsuWfGzWKXv0qsFKNZpBO0gPvMKUx8LHm+pM6vIPelz2nkZQBD 7Nh3VOF3teaXoeh/SipY9oVvQmW+GSWZXJ8OZeo8dN795iQ4ZDJDUBLMqY/pccV161 fA7ywOLSS4lj6W2JHvGCp8XnjOd7IK9PkQR6oCq0= Received: from smtp57.i.mail.ru (smtp57.i.mail.ru [217.69.128.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 15EBA6E44D for ; Thu, 14 Oct 2021 11:58:08 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 15EBA6E44D Received: by smtp57.i.mail.ru with esmtpa (envelope-from ) id 1mawYw-00055k-VU; Thu, 14 Oct 2021 11:58:07 +0300 Message-Id: <982F83FE-1D35-44B5-9372-B5C42301437F@tarantool.org> Content-Type: multipart/alternative; boundary="Apple-Mail=_FB3CB1E7-8651-4C02-86AB-1F73BD32E416" Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\)) Date: Thu, 14 Oct 2021 11:58:05 +0300 In-Reply-To: To: Sergey Kaplun References: <20211005102829.30267-1-skaplun@tarantool.org> X-Mailer: Apple Mail (2.3654.120.0.1.13) X-4EC0790: 10 X-7564579A: EEAE043A70213CC8 X-77F55803: 4F1203BC0FB41BD9AE9EF867AE584ADA304409F786DFB85E288C0E4F4EB32464182A05F538085040A5EEC52916497C5D57695E9EDD33693B7F64AAE5231680CC7FC3A649F43C11E5 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7081BBE264C6D7F42EA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637A900FA3C0C04B8698638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8D32F98C90D6CB70EFA05BA94F38C3776117882F4460429724CE54428C33FAD305F5C1EE8F4F765FCAA867293B0326636D2E47CDBA5A96583BD4B6F7A4D31EC0BC014FD901B82EE079FA2833FD35BB23D27C277FBC8AE2E8BAA867293B0326636D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6AC294AFEFA671E80089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF X-C1DE0DAB: 0D63561A33F958A5814D52ECE34BB4286593BF2CD5A1731E9AAD104785FAD9EED59269BC5F550898D99A6476B3ADF6B47008B74DF8BB9EF7333BD3B22AA88B938A852937E12ACA754A161BC97E2066CA410CA545F18667F91A7EA1CDA0B5A7A0 X-C8649E89: 4E36BF7865823D7055A7F0CF078B5EC49A30900B95165D34EC58E35A639A24719CA4B175ED9E4D0B1685BDF79733C62B3E6705DE439B743B7083D1B86CF5BF2E1D7E09C32AA3244C15FABAFFF29B79817293A4512D8EF3B6408A6A02710B7304FACE5A9C96DEB163 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojZCle+NCKLXFQ+6gDcL9FIQ== X-Mailru-Sender: 3B9A0136629DC912F4AABCEFC589C81E7FE9993A2DCE58A0FA43D9E06B9C7926A043D357A91EE32EAD07DD1419AC565FA614486B47F28B67C5E079CCF3B0523AED31B7EB2E253A9E112434F685709FCF0DA7A0AF5A3A8387 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] Fix frame traversal for __gc handler frames. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: sergos via Tarantool-patches Reply-To: sergos Cc: tarantool-patches@dev.tarantool.org Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" --Apple-Mail=_FB3CB1E7-8651-4C02-86AB-1F73BD32E416 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi! You were absolutely right on my MacOS testing. With your fixes applied - LGTM. Sergos > On 8 Oct 2021, at 11:39, Sergey Kaplun wrote: >=20 > Hi, Sergos! >=20 > Thanks for the review! >=20 > On 07.10.21, sergos wrote: >> Hi! >> Thanks for the patch! See my 2 comments below. >>=20 >> Sergos >>=20 >>> On 5 Oct 2021, at 13:28, Sergey Kaplun = wrote: >>>=20 >>> From: Mike Pall >>>=20 >>> Reported by Changochen. >>>=20 >>> (cherry picked from 53f82e6e2e858a0a62fd1a2ff47e9866693382e6) >>>=20 >>> Additional stack traversal is needed to find an error function set = for >> ^^^ ^^^ >> Additional to what? =20 >> =09 >=20 > I mean additional to stack traversal during error raising to find > protected frame, but it is confusing, so I rephrase it as you = suggested. >=20 >>> handling runtime errors. cframe unwinding is missed for a C = protected >>> frame during this stack traversal. >>=20 >> I would rephrase -=20 >> A cframe unwinding is miseed for a C protected frame during a serach = for=20 >> an error function to handle a runtime error.=20 >>=20 >>> It leads to undefined behaviour or >>> crash, when raising a runtime error on stack with the CP frame = before an >>> error function handler (for example, an error in __gc handler). >>>=20 >>> This patch adds missing unwinding for CP frame. >>>=20 >>> Sergey Kaplun: >>> * added the description and the test for the problem >>> --- >=20 > The new commit message is the following: >=20 > | Fix frame traversal for __gc handler frames. > | > | Reported by Changochen. > | > | (cherry picked from 53f82e6e2e858a0a62fd1a2ff47e9866693382e6) > | > | A cframe unwinding is missed for a C protected frame during a search = for > | an error function to handle a runtime error. It leads to undefined > | behaviour or crash, when raising a runtime error on stack with the = CP > | frame before an error function handler (for example, an error in = __gc > | handler). > | > | This patch adds missing unwinding for CP frame. > | > | Sergey Kaplun: > | * added the description and the test for the problem >=20 > Branch is force-pushed. >=20 >>>=20 >>> Branch: = https://github.com/tarantool/luajit/tree/skaplun/lj-601-fix-gc-finderrfunc= >>> Tarantool branch: = https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-gc-fin= derrfunc >>> LuaJIT issue: https://github.com/LuaJIT/LuaJIT/issues/601 >>>=20 >>> src/lj_err.c | 1 + >>> .../lj-601-fix-gc-finderrfunc.test.lua | 25 = +++++++++++++++++++ >>> 2 files changed, 26 insertions(+) >>> create mode 100644 = test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua >>>=20 >>> diff --git a/src/lj_err.c b/src/lj_err.c >>> index b6be357e..b520b3d3 100644 >>> --- a/src/lj_err.c >>> +++ b/src/lj_err.c >>> @@ -585,6 +585,7 @@ static ptrdiff_t finderrfunc(lua_State *L) >>> if (cframe_canyield(cf)) return 0; >>> if (cframe_errfunc(cf) >=3D 0) >>> return cframe_errfunc(cf); >>> + cf =3D cframe_prev(cf); >>> frame =3D frame_prevd(frame); >>> break; >>> case FRAME_PCALL: >>> diff --git a/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua = b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua >>> new file mode 100644 >>> index 00000000..d8d79100 >>> --- /dev/null >>> +++ b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua >>=20 >> Unfortunately the test passes on the =E2=80=99tarantool=E2=80=99 = branch=20 >>=20 >> s-ostanevich:luajit s.ostanevich$ git checkout tarantool >> Switched to branch 'tarantool' >> s-ostanevich:luajit s.ostanevich$ git clean -xdff >> [=E2=80=A6] >> s-ostanevich:luajit s.ostanevich$ cmake . >> [=E2=80=A6] >> s-ostanevich:luajit s.ostanevich$ make >> [=E2=80=A6] >> [100%] Built target libluajit_shared >> [100%] Built target libluajit >> [100%] Built target luajit >> s-ostanevich:luajit s.ostanevich$ git checkout = skaplun/lj-601-fix-gc-finderrfunc >> s-ostanevich:luajit s.ostanevich$ cd test/tarantool-tests >> s-ostanevich:tarantool-tests s.ostanevich$ ../../src/luajit = lj-601-fix-gc-finderrfunc.test.lua=20 >> TAP version 13 >> 1..1 >> ok - successfully collectgarbage with error >=20 > Wild guess: it doesn't fail on Mac due to GC64 ;). > See CI [1] to check my hypothesis. >=20 >>=20 >>> @@ -0,0 +1,25 @@ >>> +local tap =3D require('tap') >>> + >>> +local test =3D tap.test('lj-601-fix-gc-finderrfunc') >>> +test:plan(1) >>> + >>> +-- Test file to demonstrate LuaJIT incorrect behaviour, when >>> +-- throwing error in __gc finalizer. >>> +-- See also, https://github.com/LuaJIT/LuaJIT/issues/601. >>> + >>> +collectgarbage() >>> + >>> +local a =3D newproxy(true) >>> +getmetatable(a).__gc =3D function() >>> + -- Function to raise error via `lj_err_run()` inside __gc. >>> + local _ =3D load(function() collectgarbage()() end) >>> +end >>> + >>> +-- XXX: Generate a small bunch of proxies. Need several to call >>> +-- `collectgarbage()` on another proxy inside __gc. N cycles is >>> +-- empirical number. >>> +for _ =3D 1, 4 do newproxy(a) end >>> +collectgarbage('collect') >>> + >>> +test:ok(true, 'successfully collectgarbage with error') >>> +os.exit(test:check() and 0 or 1) >>> --=20 >>> 2.31.0 >>>=20 >>=20 >=20 > [1]: = https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket-fix-gc-fin= derrfunc-no-fix = >=20 > --=20 > Best regards, > Sergey Kaplun --Apple-Mail=_FB3CB1E7-8651-4C02-86AB-1F73BD32E416 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Hi!

You = were absolutely right on my MacOS testing.
With = your fixes applied - LGTM.

Sergos


On 8 Oct = 2021, at 11:39, Sergey Kaplun <skaplun@tarantool.org> wrote:

Hi, Sergos!

Thanks for the review!

On 07.10.21, sergos wrote:
Hi!
Thanks for the = patch! See my 2 comments below.

Sergos

On 5 Oct = 2021, at 13:28, Sergey Kaplun <skaplun@tarantool.org> wrote:

From: Mike Pall <mike>

Reported by Changochen.

(cherry = picked from 53f82e6e2e858a0a62fd1a2ff47e9866693382e6)

Additional stack traversal is needed to find an error = function set for
  ^^^ =             &n= bsp;           &nbs= p;^^^
Additional to what? =            
= = = =

I mean additional to stack traversal during error raising to = find
protected = frame, but it is confusing, so I rephrase it as you suggested.

handling runtime errors. = cframe unwinding is missed for a C protected
frame during = this stack traversal.

I would = rephrase - 
A cframe unwinding is miseed for a C protected frame during a = serach for 
an error function to handle a runtime error. 

It leads to undefined = behaviour or
crash, when raising a runtime error on stack = with the CP frame before an
error function handler (for = example, an error in __gc handler).

This = patch adds missing unwinding for CP frame.

Sergey Kaplun:
* added the description and the = test for the problem
---

The new commit message is the following:

| Fix frame = traversal for __gc handler frames.
|
| Reported by = Changochen.
|
| (cherry = picked from 53f82e6e2e858a0a62fd1a2ff47e9866693382e6)
|
| A cframe = unwinding is missed for a C protected frame during a search = for
| an error = function to handle a runtime error. It leads to undefined
| behaviour = or crash, when raising a runtime error on stack with the CP
| frame = before an error function handler (for example, an error in = __gc
| = handler).
|
| This patch = adds missing unwinding for CP frame.
|
| Sergey = Kaplun:
| * added the = description and the test for the problem

Branch is force-pushed.


Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-601-fix-gc-= finderrfunc
Tarantool branch: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket= -fix-gc-finderrfunc
LuaJIT issue: https://github.com/LuaJIT/LuaJIT/issues/601

src/lj_err.c =             &n= bsp;           &nbs= p;        |  1 +
.../lj-601-fix-gc-finderrfunc.test.lua =        | 25 +++++++++++++++++++
2 files changed, 26 insertions(+)
create mode = 100644 test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua

diff --git a/src/lj_err.c b/src/lj_err.c
index b6be357e..b520b3d3 100644
--- = a/src/lj_err.c
+++ b/src/lj_err.c
@@ -585,6 = +585,7 @@ static ptrdiff_t finderrfunc(lua_State *L)
     if (cframe_canyield(cf)) return = 0;
     if (cframe_errfunc(cf) = >=3D 0)
return cframe_errfunc(cf);
+      cf =3D cframe_prev(cf);
     frame =3D = frame_prevd(frame);
     break;
   case FRAME_PCALL:
diff --git = a/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua = b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua
new file mode 100644
index = 00000000..d8d79100
--- /dev/null
+++ = b/test/tarantool-tests/lj-601-fix-gc-finderrfunc.test.lua

Unfortunately the test passes on = the =E2=80=99tarantool=E2=80=99 branch 

s-ostanevich:luajit s.ostanevich$ git checkout tarantool
Switched to branch 'tarantool'
s-ostanevich:luajit s.ostanevich$ git clean -xdff
[=E2=80=A6]
s-ostanevich:luajit s.ostanevich$ = cmake .
[=E2=80=A6]
s-ostanevich:luajit = s.ostanevich$ make
[=E2=80=A6]
[100%] Built = target libluajit_shared
[100%] Built target libluajit
[100%] Built target luajit
s-ostanevich:luajit = s.ostanevich$ git checkout =   skaplun/lj-601-fix-gc-finderrfunc
s-ostanevich:luajit s.ostanevich$ cd test/tarantool-tests
s-ostanevich:tarantool-tests s.ostanevich$ ../../src/luajit = lj-601-fix-gc-finderrfunc.test.lua 
TAP version = 13
1..1
ok - successfully collectgarbage = with error

Wild guess: it doesn't fail on Mac due to GC64 ;).
See CI [1] to = check my hypothesis.


@@ -0,0 +1,25 @@
+local tap =3D = require('tap')
+
+local test =3D = tap.test('lj-601-fix-gc-finderrfunc')
+test:plan(1)
+
+-- Test file to demonstrate LuaJIT incorrect = behaviour, when
+-- throwing error in __gc finalizer.
+-- See also, https://github.com/LuaJIT/LuaJIT/issues/601.
+
+collectgarbage()
+
+local a =3D newproxy(true)
+getmetatable(a).__gc= =3D function()
+  -- Function to raise error via = `lj_err_run()` inside __gc.
+  local _ =3D = load(function() collectgarbage()() end)
+end
+
+-- XXX: Generate a small bunch of proxies. = Need several to call
+-- `collectgarbage()` on another = proxy inside __gc. N cycles is
+-- empirical number.
+for _ =3D 1, 4 do newproxy(a) end
+collectgarbage('collect')
+
+test:ok(true, 'successfully collectgarbage with error')
+os.exit(test:check() and 0 or 1)
-- 
2.31.0



[1]: https://github.com/tarantool/tarantool/tree/skaplun/gh-noticket= -fix-gc-finderrfunc-no-fix

-- Best = regards,
Sergey = Kaplun

= --Apple-Mail=_FB3CB1E7-8651-4C02-86AB-1F73BD32E416--