Tarantool development patches archive
 help / color / mirror / Atom feed
* [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
@ 2023-10-04 12:50 Maksim Kokryashkin via Tarantool-patches
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
                   ` (2 more replies)
  0 siblings, 3 replies; 10+ messages in thread
From: Maksim Kokryashkin via Tarantool-patches @ 2023-10-04 12:50 UTC (permalink / raw)
  To: tarantool-patches, sergeyb, skaplun, m.kokryashkin; +Cc: Maksim Kokryashkin

Changes in v3:
- Fixed comments as per review by Sergey
- The patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.

Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-624-jloop-snapshot-pc
PR: https://github.com/tarantool/tarantool/pull/9166
Issue: https://github.com/luajit/luajit/issues/624

Mike Pall (2):
  snap: check J->pc is within its proto bytecode
  Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.

 src/lj_record.c                               |  9 +-
 src/lj_snap.c                                 |  3 +
 .../lj-624-jloop-snapshot-pc.test.lua         | 84 +++++++++++++++++++
 3 files changed, 92 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua

--
2.39.3 (Apple Git-145)


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode
  2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
@ 2023-10-04 12:50 ` Maksim Kokryashkin via Tarantool-patches
  2023-10-10  8:05   ` Sergey Kaplun via Tarantool-patches
  2023-11-26 15:12   ` Sergey Bronnikov via Tarantool-patches
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
  2024-01-10  8:52 ` [Tarantool-patches] [PATCH luajit v3 0/2] " Igor Munkin via Tarantool-patches
  2 siblings, 2 replies; 10+ messages in thread
From: Maksim Kokryashkin via Tarantool-patches @ 2023-10-04 12:50 UTC (permalink / raw)
  To: tarantool-patches, sergeyb, skaplun, m.kokryashkin

From: Mike Pall <mike>

(cherry-picked from commit 5c46f47736f7609be407c88d531ecd1689d40a79)

This commit adds an assertion to ensure that the `pc` of the
snapshot being made is located within the current prototype.
Violation of this assertion's condition may lead to all kinds
of buggy behavior on restoration from that snapshot, depending
on what is located in memory at the address under `pc`.

NOTICE: This patch is only a part of the original commit,
and the other part is backported in the following commit. The
patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.

Maxim Kokryashkin:
* added the description for the problem

Part of tarantool/tarantool#9145
---
 src/lj_snap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lj_snap.c b/src/lj_snap.c
index 6c5e5e53..3f0fccec 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -115,6 +115,9 @@ static MSize snapshot_framelinks(jit_State *J, SnapEntry *map, uint8_t *topslot)
 #else
   MSize f = 0;
   map[f++] = SNAP_MKPC(J->pc);  /* The current PC is always the first entry. */
+  lj_assertJ(!J->pt ||
+	     (J->pc >= proto_bc(J->pt) &&
+	      J->pc < proto_bc(J->pt) + J->pt->sizebc), "bad snapshot PC");
 #endif
   while (frame > lim) {  /* Backwards traversal of all frames above base. */
     if (frame_islua(frame)) {
-- 
2.39.3 (Apple Git-145)


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
  2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
@ 2023-10-04 12:50 ` Maksim Kokryashkin via Tarantool-patches
  2023-10-10  8:14   ` Sergey Kaplun via Tarantool-patches
  2023-11-26 15:14   ` Sergey Bronnikov via Tarantool-patches
  2024-01-10  8:52 ` [Tarantool-patches] [PATCH luajit v3 0/2] " Igor Munkin via Tarantool-patches
  2 siblings, 2 replies; 10+ messages in thread
From: Maksim Kokryashkin via Tarantool-patches @ 2023-10-04 12:50 UTC (permalink / raw)
  To: tarantool-patches, sergeyb, skaplun, m.kokryashkin

From: Mike Pall <mike>

Reported by Arseny Vakhrushev.
Fix contributed by Peter Cawley.

(cherry-picked from commit 5c46f47736f7609be407c88d531ecd1689d40a79)

As specified in the comment in `lj_record_stop`, all loops must
set `J->pc` to the next instruction. However, the chunk of logic
in `lj_trace_exit` expects it to be set to `BC_JLOOP` itself if
it used to be a `BC_RET`. This wrong pc results in the execution
of random data that goes after `BC_JLOOP` in the case of
restoration from the snapshot.

This patch fixes that behavior by adapting the loop recording
logic to this specific case.

NOTICE: This patch is only a part of the original commit,
and the other part is backported in the previous commit. The
patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.

Maxim Kokryashkin:
* added the description and the test for the problem

Part of tarantool/tarantool#9145
---
 src/lj_record.c                               |  9 +-
 .../lj-624-jloop-snapshot-pc.test.lua         | 84 +++++++++++++++++++
 2 files changed, 89 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua

diff --git a/src/lj_record.c b/src/lj_record.c
index 48a5481b..3bdc6134 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -570,10 +570,10 @@ static LoopEvent rec_iterl(jit_State *J, const BCIns iterins)
 }
 
 /* Record LOOP/JLOOP. Now, that was easy. */
-static LoopEvent rec_loop(jit_State *J, BCReg ra)
+static LoopEvent rec_loop(jit_State *J, BCReg ra, int skip)
 {
   if (ra < J->maxslot) J->maxslot = ra;
-  J->pc++;
+  J->pc += skip;
   return LOOPEV_ENTER;
 }
 
@@ -2433,7 +2433,7 @@ void lj_record_ins(jit_State *J)
     rec_loop_interp(J, pc, rec_iterl(J, *pc));
     break;
   case BC_LOOP:
-    rec_loop_interp(J, pc, rec_loop(J, ra));
+    rec_loop_interp(J, pc, rec_loop(J, ra, 1));
     break;
 
   case BC_JFORL:
@@ -2443,7 +2443,8 @@ void lj_record_ins(jit_State *J)
     rec_loop_jit(J, rc, rec_iterl(J, traceref(J, rc)->startins));
     break;
   case BC_JLOOP:
-    rec_loop_jit(J, rc, rec_loop(J, ra));
+    rec_loop_jit(J, rc, rec_loop(J, ra,
+				 !bc_isret(bc_op(traceref(J, rc)->startins))));
     break;
 
   case BC_IFORL:
diff --git a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
new file mode 100644
index 00000000..726b2efa
--- /dev/null
+++ b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
@@ -0,0 +1,84 @@
+local tap = require('tap')
+local test = tap.test('lj-624-jloop-snapshot-pc'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+-- XXX: The test case below triggers the assertion that was
+-- added in the patch if tested without the fix itself. It
+-- is hard to create a stable reproducer without turning off
+-- ASLR and VM randomizations, which is not suitable for testing.
+
+-- Reproducer below produces the following traces:
+-- ---- TRACE 1 start test.lua:2
+-- 0001  KSHORT   1   2
+-- 0002  ISGE     0   1
+-- 0003  JMP      1 => 0006
+-- 0006  UGET     1   0      ; fib
+-- 0007  SUBVN    2   0   0  ; 1
+-- 0008  CALL     1   2   2
+-- 0000  . FUNCF    4          ; test.lua:2
+-- 0001  . KSHORT   1   2
+-- 0002  . ISGE     0   1
+-- 0003  . JMP      1 => 0006
+-- 0006  . UGET     1   0      ; fib
+-- 0007  . SUBVN    2   0   0  ; 1
+-- 0008  . CALL     1   2   2
+-- 0000  . . FUNCF    4          ; test.lua:2
+-- 0001  . . KSHORT   1   2
+-- 0002  . . ISGE     0   1
+-- 0003  . . JMP      1 => 0006
+-- 0006  . . UGET     1   0      ; fib
+-- 0007  . . SUBVN    2   0   0  ; 1
+-- 0008  . . CALL     1   2   2
+-- 0000  . . . FUNCF    4          ; test.lua:2
+-- ---- TRACE 1 stop -> up-recursion
+--
+-- ---- TRACE 1 exit 1
+-- ---- TRACE 2 start 1/1 test.lua:3
+-- 0004  ISTC     1   0
+-- 0005  JMP      1 => 0013
+-- 0013  RET1     1   2
+-- 0009  UGET     2   0      ; fib
+-- 0010  SUBVN    3   0   1  ; 2
+-- 0011  CALL     2   2   2
+-- 0000  . JFUNCF   4   1         ; test.lua:2
+-- ---- TRACE 2 stop -> 1
+--
+-- ---- TRACE 2 exit 1
+-- ---- TRACE 3 start 2/1 test.lua:3
+-- 0013  RET1     1   2
+-- 0012  ADDVV    1   1   2
+-- 0013  RET1     1   2
+-- ---- TRACE 3 abort test.lua:3 -- down-recursion, restarting
+--
+-- ---- TRACE 3 start test.lua:3
+-- 0013  RET1     1   2
+-- 0009  UGET     2   0      ; fib
+-- 0010  SUBVN    3   0   1  ; 2
+-- 0011  CALL     2   2   2
+-- 0000  . JFUNCF   4   1         ; test.lua:2
+-- ---- TRACE 3 stop -> 1
+--
+-- ---- TRACE 2 exit 1
+-- ---- TRACE 4 start 2/1 test.lua:3
+-- 0013  RET1     1   2
+-- 0012  ADDVV    1   1   2
+-- 0013  JLOOP    3   3
+--
+-- During the recording of the latter JLOOP the assertion added
+-- in the patch is triggered.
+--
+-- See also:
+-- https://github.com/luaJIT/LuaJIT/issues/624
+
+
+jit.opt.start('hotloop=1', 'hotexit=1')
+local function fib(n)
+  return n < 2 and n or fib(n - 1) + fib(n - 2)
+end
+
+fib(5)
+
+test:ok(true, 'snapshot pc is correct')
+test:done(true)
-- 
2.39.3 (Apple Git-145)


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
@ 2023-10-10  8:05   ` Sergey Kaplun via Tarantool-patches
  2023-11-26 15:12   ` Sergey Bronnikov via Tarantool-patches
  1 sibling, 0 replies; 10+ messages in thread
From: Sergey Kaplun via Tarantool-patches @ 2023-10-10  8:05 UTC (permalink / raw)
  To: Maksim Kokryashkin; +Cc: tarantool-patches

Hi, Maxim!
Thanks for the patch!
LGTM!

-- 
Best regards,
Sergey Kaplun

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
@ 2023-10-10  8:14   ` Sergey Kaplun via Tarantool-patches
  2023-10-12 12:35     ` Maxim Kokryashkin via Tarantool-patches
  2023-11-26 15:14   ` Sergey Bronnikov via Tarantool-patches
  1 sibling, 1 reply; 10+ messages in thread
From: Sergey Kaplun via Tarantool-patches @ 2023-10-10  8:14 UTC (permalink / raw)
  To: Maksim Kokryashkin; +Cc: tarantool-patches

Hi, Maksim!
Thanks for the patch!
LGTM, just a few nits regarding to the comments in the test.

On 04.10.23, Maksim Kokryashkin wrote:
> From: Mike Pall <mike>
> 

<snipped>

> diff --git a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua

<snipped>

> +--
> +-- ---- TRACE 2 exit 1
> +-- ---- TRACE 4 start 2/1 test.lua:3
> +-- 0013  RET1     1   2
> +-- 0012  ADDVV    1   1   2
> +-- 0013  JLOOP    3   3
> +--
> +-- During the recording of the latter JLOOP the assertion added
> +-- in the patch is triggered.

Minor: I suggest to rephrase this as the following:

| The assertion introduced in the previous patch is triggered during
| recording of the last 0013 JLOOP.

> +--
> +-- See also:
> +-- https://github.com/luaJIT/LuaJIT/issues/624
> +
> +

Nit: extra empty line.

> +jit.opt.start('hotloop=1', 'hotexit=1')
> +local function fib(n)
> +  return n < 2 and n or fib(n - 1) + fib(n - 2)
> +end
> +
> +fib(5)
> +
> +test:ok(true, 'snapshot pc is correct')
> +test:done(true)
> -- 
> 2.39.3 (Apple Git-145)
> 

-- 
Best regards,
Sergey Kaplun

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
  2023-10-10  8:14   ` Sergey Kaplun via Tarantool-patches
@ 2023-10-12 12:35     ` Maxim Kokryashkin via Tarantool-patches
  0 siblings, 0 replies; 10+ messages in thread
From: Maxim Kokryashkin via Tarantool-patches @ 2023-10-12 12:35 UTC (permalink / raw)
  To: Sergey Kaplun; +Cc: Maksim Kokryashkin, tarantool-patches

Hi, Sergey!
Thanks for the review!
Fixed your comments, the branch is force-pushed.

You can find the diff below.
On Tue, Oct 10, 2023 at 11:14:36AM +0300, Sergey Kaplun wrote:
> Hi, Maksim!
> Thanks for the patch!
> LGTM, just a few nits regarding to the comments in the test.
> 
> On 04.10.23, Maksim Kokryashkin wrote:
> > From: Mike Pall <mike>
> > 
> 
> <snipped>
> 
> > diff --git a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> 
> <snipped>
> 
> > +--
> > +-- ---- TRACE 2 exit 1
> > +-- ---- TRACE 4 start 2/1 test.lua:3
> > +-- 0013  RET1     1   2
> > +-- 0012  ADDVV    1   1   2
> > +-- 0013  JLOOP    3   3
> > +--
> > +-- During the recording of the latter JLOOP the assertion added
> > +-- in the patch is triggered.
> 
> Minor: I suggest to rephrase this as the following:
> 
> | The assertion introduced in the previous patch is triggered during
> | recording of the last 0013 JLOOP.
> 
> > +--
> > +-- See also:
> > +-- https://github.com/luaJIT/LuaJIT/issues/624
> > +
> > +
> 
> Nit: extra empty line.
Diff with changes:
===
diff --git a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
index 726b2efa..565e4cbf 100644
--- a/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
+++ b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
@@ -66,13 +66,12 @@ test:plan(1)
 -- 0012  ADDVV    1   1   2
 -- 0013  JLOOP    3   3
 --
--- During the recording of the latter JLOOP the assertion added
--- in the patch is triggered.
+-- The assertion introduced in the previous patch is triggered during
+-- recording of the last 0013 JLOOP.
 --
 -- See also:
 -- https://github.com/luaJIT/LuaJIT/issues/624
 
-
 jit.opt.start('hotloop=1', 'hotexit=1')
 local function fib(n)
   return n < 2 and n or fib(n - 1) + fib(n - 2)
===

> 
> > +jit.opt.start('hotloop=1', 'hotexit=1')
> > +local function fib(n)
> > +  return n < 2 and n or fib(n - 1) + fib(n - 2)
> > +end
> > +
> > +fib(5)
> > +
> > +test:ok(true, 'snapshot pc is correct')
> > +test:done(true)
> > -- 
> > 2.39.3 (Apple Git-145)
> > 
> 
> -- 
> Best regards,
> Sergey Kaplun

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
  2023-10-10  8:05   ` Sergey Kaplun via Tarantool-patches
@ 2023-11-26 15:12   ` Sergey Bronnikov via Tarantool-patches
  1 sibling, 0 replies; 10+ messages in thread
From: Sergey Bronnikov via Tarantool-patches @ 2023-11-26 15:12 UTC (permalink / raw)
  To: Maksim Kokryashkin, tarantool-patches, skaplun, m.kokryashkin

Hi, Maxim


LGTM

On 10/4/23 15:50, Maksim Kokryashkin wrote:
> From: Mike Pall <mike>
>
> (cherry-picked from commit 5c46f47736f7609be407c88d531ecd1689d40a79)
>
> This commit adds an assertion to ensure that the `pc` of the
> snapshot being made is located within the current prototype.
> Violation of this assertion's condition may lead to all kinds
> of buggy behavior on restoration from that snapshot, depending
> on what is located in memory at the address under `pc`.
>
> NOTICE: This patch is only a part of the original commit,
> and the other part is backported in the following commit. The
> patch was split into two, so the test case becomes easier to
> implement since it can now depend on this assertion instead
> of memory layout.
>
> Maxim Kokryashkin:
> * added the description for the problem
>
> Part of tarantool/tarantool#9145
> ---
>   src/lj_snap.c | 3 +++
>   1 file changed, 3 insertions(+)
>
> diff --git a/src/lj_snap.c b/src/lj_snap.c
> index 6c5e5e53..3f0fccec 100644
> --- a/src/lj_snap.c
> +++ b/src/lj_snap.c
> @@ -115,6 +115,9 @@ static MSize snapshot_framelinks(jit_State *J, SnapEntry *map, uint8_t *topslot)
>   #else
>     MSize f = 0;
>     map[f++] = SNAP_MKPC(J->pc);  /* The current PC is always the first entry. */
> +  lj_assertJ(!J->pt ||
> +	     (J->pc >= proto_bc(J->pt) &&
> +	      J->pc < proto_bc(J->pt) + J->pt->sizebc), "bad snapshot PC");
>   #endif
>     while (frame > lim) {  /* Backwards traversal of all frames above base. */
>       if (frame_islua(frame)) {

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
  2023-10-10  8:14   ` Sergey Kaplun via Tarantool-patches
@ 2023-11-26 15:14   ` Sergey Bronnikov via Tarantool-patches
  1 sibling, 0 replies; 10+ messages in thread
From: Sergey Bronnikov via Tarantool-patches @ 2023-11-26 15:14 UTC (permalink / raw)
  To: Maksim Kokryashkin, tarantool-patches, skaplun, m.kokryashkin

Hi, Maxim

LGTM with a minor comment

On 10/4/23 15:50, Maksim Kokryashkin wrote:


<snipped>

> --- /dev/null
> +++ b/test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> @@ -0,0 +1,84 @@
> +local tap = require('tap')
> +local test = tap.test('lj-624-jloop-snapshot-pc'):skipcond({
> +  ['Test requires JIT enabled'] = not jit.status(),
> +})
> +
> +test:plan(1)
> +-- XXX: The test case below triggers the assertion that was
> +-- added in the patch if tested without the fix itself. It
> +-- is hard to create a stable reproducer without turning off
> +-- ASLR and VM randomizations, which is not suitable for testing.
Probably it would be useful to say it in commit message.


<snipped>


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
  2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
  2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
@ 2024-01-10  8:52 ` Igor Munkin via Tarantool-patches
  2 siblings, 0 replies; 10+ messages in thread
From: Igor Munkin via Tarantool-patches @ 2024-01-10  8:52 UTC (permalink / raw)
  To: Maksim Kokryashkin; +Cc: tarantool-patches

Max,

I've checked the patchset into all long-term branches in
tarantool/luajit and bumped a new version in master, release/2.11 and
release/2.10.

On 04.10.23, Maksim Kokryashkin via Tarantool-patches wrote:
> Changes in v3:
> - Fixed comments as per review by Sergey
> - The patch was split into two, so the test case becomes easier to
> implement since it can now depend on this assertion instead
> of memory layout.
> 
> Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-624-jloop-snapshot-pc
> PR: https://github.com/tarantool/tarantool/pull/9166
> Issue: https://github.com/luajit/luajit/issues/624
> 
> Mike Pall (2):
>   snap: check J->pc is within its proto bytecode
>   Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
> 
>  src/lj_record.c                               |  9 +-
>  src/lj_snap.c                                 |  3 +
>  .../lj-624-jloop-snapshot-pc.test.lua         | 84 +++++++++++++++++++
>  3 files changed, 92 insertions(+), 4 deletions(-)
>  create mode 100644 test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua
> 
> --
> 2.39.3 (Apple Git-145)
> 

-- 
Best regards,
IM

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
@ 2023-10-04 12:50 Maksim Kokryashkin via Tarantool-patches
  0 siblings, 0 replies; 10+ messages in thread
From: Maksim Kokryashkin via Tarantool-patches @ 2023-10-04 12:50 UTC (permalink / raw)
  To: tarantool-patches, sergeyb, skaplun, m.kokryashkin; +Cc: Maksim Kokryashkin

Changes in v3:
- Fixed comments as per review by Sergey
- The patch was split into two, so the test case becomes easier to
implement since it can now depend on this assertion instead
of memory layout.

Branch: https://github.com/tarantool/luajit/tree/fckxorg/lj-624-jloop-snapshot-pc
PR: https://github.com/tarantool/tarantool/pull/9166
Issue: https://github.com/luajit/luajit/issues/624

Mike Pall (2):
  snap: check J->pc is within its proto bytecode
  Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.

 src/lj_record.c                               |  9 +-
 src/lj_snap.c                                 |  3 +
 .../lj-624-jloop-snapshot-pc.test.lua         | 84 +++++++++++++++++++
 3 files changed, 92 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-624-jloop-snapshot-pc.test.lua

--
2.39.3 (Apple Git-145)


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2024-01-10  8:59 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-10-04 12:50 [Tarantool-patches] [PATCH luajit v3 0/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 1/2] snap: check J->pc is within its proto bytecode Maksim Kokryashkin via Tarantool-patches
2023-10-10  8:05   ` Sergey Kaplun via Tarantool-patches
2023-11-26 15:12   ` Sergey Bronnikov via Tarantool-patches
2023-10-04 12:50 ` [Tarantool-patches] [PATCH luajit v3 2/2] Fix snapshot PC when linking to BC_JLOOP that was a BC_RET* Maksim Kokryashkin via Tarantool-patches
2023-10-10  8:14   ` Sergey Kaplun via Tarantool-patches
2023-10-12 12:35     ` Maxim Kokryashkin via Tarantool-patches
2023-11-26 15:14   ` Sergey Bronnikov via Tarantool-patches
2024-01-10  8:52 ` [Tarantool-patches] [PATCH luajit v3 0/2] " Igor Munkin via Tarantool-patches
  -- strict thread matches above, loose matches on Subject: below --
2023-10-04 12:50 Maksim Kokryashkin via Tarantool-patches

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox