From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id A272C6052BF;
	Fri, 22 Sep 2023 10:55:45 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org A272C6052BF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1695369345; bh=Mq+3eukR8q4b+5gnbaivusco3hlklyy3F1tdQwwUf+M=;
	h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=jX57GM/TPSOMBgq52zgsMFHbWa98zZGQMMDLvMgj1ZuQGH4MZduiYLdrXBPR1hWeh
	 ZRpJ8Bn0h7/EuUJjUrWJCSkN9HbKZQEhd+Wge1onzMb7VXfDm6Bp30cIeWpQzoEj3m
	 4UOARlYk798zVud5RBOMcFkDmRsvST3IavsIEryM=
Received: from smtpng3.i.mail.ru (smtpng3.i.mail.ru [94.100.177.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id 293D25B00C1
 for <tarantool-patches@dev.tarantool.org>;
 Fri, 22 Sep 2023 10:55:44 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 293D25B00C1
Received: by smtpng3.m.smailru.net with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1qjb0p-00019B-9P; Fri, 22 Sep 2023 10:55:43 +0300
Date: Fri, 22 Sep 2023 10:51:04 +0300
To: Maxim Kokryashkin <max.kokryashkin@gmail.com>
Message-ID: <ZQ1HaHAB43IIQLlF@root>
References: <20230921131539.255389-1-m.kokryashkin@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230921131539.255389-1-m.kokryashkin@tarantool.org>
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: 646B95376F6C166E
X-77F55803: 4F1203BC0FB41BD9B5EC2F0BC61DBDE70C83F2E7D17266CC21AD28128AE7C717182A05F5380850409248A37A0959CCB754B2F885642771842D49DFC4462DD3BE7F4CE3CA91CAD6C6
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE7370F4F695FFFC24BEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637E724D704EAF55A818638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D8D1DD89C82791CA691BB1206662AF4042117882F4460429724CE54428C33FAD305F5C1EE8F4F765FC8C7ADC89C2F0B2A5A471835C12D1D9774AD6D5ED66289B52BA9C0B312567BB23117882F446042972877693876707352033AC447995A7AD1828451B159A507268D2E47CDBA5A96583BA9C0B312567BB231DD303D21008E29813377AFFFEAFD269A417C69337E82CC2E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6A8DADCFA31BDB70175ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356
X-C1DE0DAB: 0D63561A33F958A52A3FE32CA1FA27AF93E67C99373C8139FD9377AB120E3000F87CCE6106E1FC07E67D4AC08A07B9B01F9513A7CA91E555CB5012B2E24CD356
X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CF0DE3567CD68DE17B58251830F201E436FD3ED0FBDD0A3F717188CCA7E02E49623066587AC4ADAE82ADCD6B1B15162EE4A8DD5CD2B395C484DB76C9E231B4506AE48CAC7CA610320002C26D483E81D6BE5EF9655DD6DEA7D65774BB76CC95456EEC5B5AD62611EEC62B5AFB4261A09AF0
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2bioj4QXCo1VISWKE3OsNr59mwA==
X-DA7885C5: AA9AEC107E170A393AD1B728B01AE3C50F6E998230CD7CCD266C61FEA4AAED9E262E2D401490A4A0DB037EFA58388B346E8BC1A9835FDE71
X-Mailru-Sender: 689FA8AB762F73930F533AC2B33E986B5DE32E983F826504F8609099BBDDAC930FBE9A32752B8C9C2AA642CC12EC09F1FB559BB5D741EB962F61BD320559CF1EFD657A8799238ED55FEEDEB644C299C0ED14614B50AE0675
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH luajit] Fix snapshot PC when linking
 to BC_JLOOP that was a BC_RET*.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Hi, Maxim!
Thanks for the patch!
LGTM, after adding a comment in test with verbose description (see
below).

On 21.09.23, Maxim Kokryashkin wrote:
> From: Mike Pall <mike>
> 
> Reported by Arseny Vakhrushev.
> Fix contributed by Peter Cawley.
> 
> As specified in lj_record.c:304, all loops must set `J->pc` to

Minor: it's better to mention function names than numbers of lines
since they can easily change.

> the next instruction. However, the chunk of logic at
> lj_trace.c:923 expects it to be set to `BC_JLOOP` itself if it

Ditto.

> used to be a `BC_RET`. This wrong pc results in the execution
> of random data that goes after BC_JLOOP in the case of

Typo: s/BC_JLOOP/`BC_JLOOP`/

> restoration from the snapshot.
> 
> This patch fixes that behavior by adapting the loop recording
> logic to this specific case.
> 
> Maxim Kokryashkin:
> * added the description and the test for the problem
> 
> Part of tarantool/tarantool#8825
> ---
> Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-624-jloop-snapshot-pc
> PR: https://github.com/tarantool/tarantool/pull/9166
> 
> NB: The test for this patch triggers the assertion added in this patch,
> however I had no luck making a __stable__ reproducer for the issue,
> since it depends on what's in memory after the BC_JLOOP. It is easier to
> achieve a consitent failures if ASLR is disabled, but it's not suitable
> for the testing purposes.

I'm OK with testing it as is.
We may add the comment about the newly added assertion to the test too.

> 
>  src/lj_record.c                                  |  9 +++++----
>  src/lj_snap.c                                    |  3 +++
>  .../lj-624-jloop-snapshot-pc.test.lua            | 16 ++++++++++++++++
>  3 files changed, 24 insertions(+), 4 deletions(-)
>  create mode 100644 test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> 

<snipped>

> diff --git a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> new file mode 100644
> index 00000000..ada290ff
> --- /dev/null
> +++ b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> @@ -0,0 +1,16 @@
> +local tap = require('tap')
> +local test = tap.test('lj-624-jloop-snapshot-pc'):skipcond({
> +  ['Test requires JIT enabled'] = not jit.status(),
> +})
> +
> +test:plan(1)
> +
> +jit.opt.start('hotloop=1', 'hotexit=1')
> +local function fib(n)
> +  return n < 2 and n or fib(n - 1) + fib(n - 2)
> +end
> +
> +fib(5)

AFAICS, the assertion is failed at the moment of the `JLOOP` BC
recording. May you please add descriptions of traces layout and taken
snapshot exits? This helps to understand the test case.

| ---- TRACE 4 start 2/1 lj-624-jloop-snapshot-pc.test.lua:10
| 0013  RET1     1   2
| 0012  ADDVV    1   1   2
| 0013  JLOOP    3   3

> +
> +test:ok(true, 'snapshot pc is correct')
> +test:done(true)
> -- 
> 2.42.0
> 

-- 
Best regards,
Sergey Kaplun