From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
To: Sergey Bronnikov <sergeyb@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Subject: Re: [Tarantool-patches] [PATCH luajit] Fix predict_next() in parser (for real now).
Date: Mon, 13 Jan 2025 18:25:45 +0300 [thread overview]
Message-ID: <Z4UwecgVYELGq1DP@root> (raw)
In-Reply-To: <64c5cff1-e038-4844-8950-f255df8de717@tarantool.org>
Hi, Sergey!
Thanks for the review!
On 13.01.25, Sergey Bronnikov wrote:
> Hi, Sergey
>
> thanks for the patch, LGTM with a minor question below.
Please consider my answers below.
>
> On 09.01.2025 18:01, Sergey Kaplun wrote:
> > From: Mike Pall <mike>
> >
> > Reported by Sergey Kaplun.
> >
> > (cherry picked from commit f602f0154b644211283cfeea92a570ca38f71947)
> >
> > Before the patch `predict_next()` uses the pc allocation limit
> > (`fs->bclim`) instead of the real limit of the defined bytecodes
> > (`fs->pc`). This leads to the use of undefined value and possible
> > crash. This patch fixes the check.
> >
> > Sergey Kaplun:
> > * added the description and the test for the problem
> >
> > Part of tarantool/tarantool#10709
> > ---
> >
> > Branch:https://github.com/tarantool/luajit/tree/skaplun/lj-1226-fix-predict-next
> > Related issues:
> > *https://github.com/LuaJIT/LuaJIT/issues/1226
> > *https://github.com/tarantool/tarantool/issues/10709
<snipped>
> > +-- The resulting bytecode is the following:
> > +--
> > +-- 0001 KNIL 0 3
> > +-- 0002 JMP 4 => 0003
> > +-- 0003 => ITERC 4 2 3
> > +-- 0004 ITERL 4 => 0003
> > +--
> > +-- The parsing of the `for` iterator uses the incorrect check for
> > +-- `fs->bclim`, which allows the usage of an uninitialized value,
> > +-- so the test fails under Valgrind.
> > +local res_f = loadstring([[
> > +-- This local variable is necessary, because it emits `KPRI`
> > +-- bytecode, with which the next `KPRI` bytecode will be merged.
> > +local _
> > +for _ in nil do end
> > +]])
> > +
> > +test:ok(res_f, 'chunk loaded successfully')
> > +
> > +local res, err = pcall(res_f)
> > +
> > +-- Check consistency with PUC Rio Lua 5.1 behaviour.
> What for? It is not related to the bug and fix for it.
I considered this a simple canary test. The main check is done during
parsing by Valgrind, obviously. But still don't see anything crucial in
checking the parsing behaviour this way too (just to be sure).
> > +test:ok(not res, 'loaded function not executed')
> > +test:like(err, 'attempt to call a nil value', 'correct error message')
> > +
> > +test:done(true)
--
Best regards,
Sergey Kaplun
prev parent reply other threads:[~2025-01-13 15:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-09 15:01 Sergey Kaplun via Tarantool-patches
2025-01-10 11:06 ` Sergey Bronnikov via Tarantool-patches
2025-01-10 11:10 ` Sergey Kaplun via Tarantool-patches
2025-01-13 14:29 ` Sergey Bronnikov via Tarantool-patches
2025-01-13 15:18 ` Sergey Bronnikov via Tarantool-patches
2025-01-13 15:25 ` Sergey Kaplun via Tarantool-patches [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z4UwecgVYELGq1DP@root \
--to=tarantool-patches@dev.tarantool.org \
--cc=sergeyb@tarantool.org \
--cc=skaplun@tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH luajit] Fix predict_next() in parser (for real now).' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox