From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: sergos <sergos@tarantool.org> Cc: tarantool-patches@dev.tarantool.org Subject: Re: [Tarantool-patches] [PATCH luajit] LJ_GC64: Fix IR_VARG offset for fixed number of results. Date: Fri, 15 Jul 2022 17:44:04 +0300 [thread overview] Message-ID: <YtF9NLDXZEKxGlCX@root> (raw) In-Reply-To: <8B86F311-0882-4D94-9FD4-EB93EB11393C@tarantool.org> Hi, Sergos! Thanks for the review! On 14.07.22, sergos wrote: > Hi! > > Thanks for the patch, some updates to the test. > > Regards, > Sergos > > > On 13 Jul 2022, at 12:53, Sergey Kaplun <skaplun@tarantool.org> wrote: > > > > From: Mike Pall <mike> > > > > Reported by George Vaintrub. Fixed by Sergey Kaplun. > > > > (cherry picked from commit 6bda30d8c745b3963ba870221b9be6acdffed9b1) > > > > This bug occurs when recording `BC_VARG` with the following conditions: > > 1) varargs undefined on trace. > Later in the test you just mention its size should be bigger than results’ one? I meant that the __content__ of these slots is undefined, because the trace is started inside current function and we don't know the caller's context. So we can't just copy these slots. > > > 2) known fixed number of results. > > > > For this case the vararg slots loads via `IR_VLOAD` by offset from > are loaded by using an > > > vararg base. In GC64 mode this offset was miscounting due to missing > the the is miscounted > > > `LJ_FR2` correction in the base TRef calculation. As the result the > > wrong (+1) vararg slot is used. > > > > This patch adds the missing the aforementioned `LJ_FR2` correction. > xxx I've updated commit message to the following: Branch is force-pushed. =================================================================== LJ_GC64: Fix IR_VARG offset for fixed number of results. Reported by George Vaintrub. Fixed by Sergey Kaplun. (cherry picked from commit 6bda30d8c745b3963ba870221b9be6acdffed9b1) This bug occurs when recording `BC_VARG` with the following conditions: 1) A trace is started inside current vararg function, so the content of varargs slots is undefined for the trace. 2) Known fixed number of results. For this case the vararg slots are loaded by `IR_VLOAD` using an offset from the vararg base. In the GC64 mode this offset is miscounted due to missing `LJ_FR2` correction in the base TRef calculation. As the result the wrong (+1) vararg slot is used. This patch adds the missing aforementioned `LJ_FR2` correction. Sergey Kaplun: * added the description and the test for the problem Resolves tarantool/tarantool#7172 Part of tarantool/tarantool#7230 =================================================================== > > > > Sergey Kaplun: > > * added the description and the test for the problem > > > > Resolves tarantool/tarantool#7172 > > Part of tarantool/tarantool#7230 > > --- > > > > Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-864-varg-rec-base-offset-full-ci > > Issues: > > * https://github.com/tarantool/tarantool/issues/7172 > > * https://github.com/LuaJIT/LuaJIT/issues/864 > > > > src/lj_record.c | 2 +- > > .../lj-864-varg-rec-base-offset.test.lua | 25 +++++++++++++++++++ > > 2 files changed, 26 insertions(+), 1 deletion(-) > > create mode 100644 test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua > > > > diff --git a/src/lj_record.c b/src/lj_record.c > > index a11f3712..9e2e1d9e 100644 > > --- a/src/lj_record.c > > +++ b/src/lj_record.c > > @@ -1794,7 +1794,7 @@ static void rec_varg(jit_State *J, BCReg dst, ptrdiff_t nresults) > > emitir(IRTGI(IR_EQ), fr, > > lj_ir_kint(J, (int32_t)frame_ftsz(J->L->base-1))); > > vbase = emitir(IRT(IR_SUB, IRT_IGC), REF_BASE, fr); > > - vbase = emitir(IRT(IR_ADD, IRT_PGC), vbase, lj_ir_kint(J, frofs-8)); > > + vbase = emitir(IRT(IR_ADD, IRT_PGC), vbase, lj_ir_kint(J, frofs-8*(1+LJ_FR2))); > Wherearemyspaces? > (nevermind, just a moan) Yes, but this style is preferred by Mike (see code below) :). > > > for (i = 0; i < nload; i++) { > > IRType t = itype2irt(&J->L->base[i-1-LJ_FR2-nvararg]); > > TRef aref = emitir(IRT(IR_AREF, IRT_PGC), > > diff --git a/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua > > new file mode 100644 > > index 00000000..ca30f92f > > --- /dev/null > > +++ b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua > > @@ -0,0 +1,25 @@ > > +local tap = require('tap') > > + > > +-- Test file to demonstrate LuaJIT misbehaviour during recording > > +-- BC_VARG with nvarargs >= nresults in GC64 mode. > In the message you say it should be unknown. What’s the dirty truth is? > > > +-- See also https://github.com/LuaJIT/LuaJIT/issues/864, > > +-- https://github.com/tarantool/tarantool/issues/7172. > > +local test = tap.test('lj-864-varg-rec-base-offset') > > +test:plan(1) > > + > > +jit.opt.start('hotloop=1') > > + > > +local MAGIC = 42 > Should be enough to test against the first argument, no MAGIC :) > > > +local function test_rec_varg(...) > > + local slot1 > > + for _ = 1, 3 do > > + slot1 = ... > > + end > ++ args = {...} > +- return slot1 == args[1] > > +end I've rewritten test wo MAGIC :). =================================================================== diff --git a/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua index ca30f92f..d74c3c2b 100644 --- a/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua +++ b/test/tarantool-tests/lj-864-varg-rec-base-offset.test.lua @@ -9,17 +9,17 @@ test:plan(1) jit.opt.start('hotloop=1') -local MAGIC = 42 local function test_rec_varg(...) - local slot1 + local trace_value, interp_value for _ = 1, 3 do - slot1 = ... + trace_value = ... end - return slot1 == MAGIC + interp_value = ... + return trace_value == interp_value end -- Test case for nvarargs >= nresults. Equality is not suitable -- due to failing assertion guard for type of loaded vararg slot. -test:ok(test_rec_varg(MAGIC, 0), 'correct BC_VARG recording') +test:ok(test_rec_varg(42, 0), 'correct BC_VARG recording') os.exit(test:check() and 0 or 1) =================================================================== > > + > > +-- Test case for nvarargs >= nresults. Equality is not suitable > > +-- due to failing assertion guard for type of loaded vararg slot. > > +test:ok(test_rec_varg(MAGIC, 0), 'correct BC_VARG recording') > > + > > +os.exit(test:check() and 0 or 1) > > -- > > 2.34.1 > > > -- Best regards, Sergey Kaplun
next prev parent reply other threads:[~2022-07-15 14:46 UTC|newest] Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-07-13 9:53 Sergey Kaplun via Tarantool-patches 2022-07-14 11:54 ` sergos via Tarantool-patches 2022-07-15 14:44 ` Sergey Kaplun via Tarantool-patches [this message] 2022-07-15 15:03 ` sergos via Tarantool-patches 2022-07-19 0:14 ` Igor Munkin via Tarantool-patches 2022-08-10 14:32 ` Igor Munkin via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=YtF9NLDXZEKxGlCX@root \ --to=tarantool-patches@dev.tarantool.org \ --cc=sergos@tarantool.org \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit] LJ_GC64: Fix IR_VARG offset for fixed number of results.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox