From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 9AD9340F5C3;
	Wed, 13 Mar 2024 10:50:35 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 9AD9340F5C3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1710316235; bh=X51W/Vlc+Bs4+DjNkIUD+Qhqd1dJyT1zU04vTw2Et4k=;
	h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=NyR8acIkdtC8Mir+b6Zw00C2JnE8o2TvWUhbVNfUWER0GdO81lWTt0iZS5sottShy
	 IDryMdo1zDAm8nJJZXVpxtr3BgnRyyGEKy3IZa9wlDG9LaOkRIgHMhH+AbQOOdtomQ
	 yKSkkvbZTWh8kC3vxkcW3WqJlGrALbOWCWX/dwcY=
Received: from smtp57.i.mail.ru (smtp57.i.mail.ru [95.163.41.95])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id BB9C040F5C3
 for <tarantool-patches@dev.tarantool.org>;
 Wed, 13 Mar 2024 10:50:33 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org BB9C040F5C3
Received: by smtp57.i.mail.ru with esmtpa (envelope-from
 <skaplun@tarantool.org>)
 id 1rkJNf-00000000TGd-3lKX; Wed, 13 Mar 2024 10:50:32 +0300
Date: Wed, 13 Mar 2024 10:46:32 +0300
To: Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Message-ID: <ZfFZ2P1Na9ubWSsE@root>
References: <20240311103701.24502-1-skaplun@tarantool.org>
 <pjr6gl3xxhy4mtmwxcn3okorvtm6vd352widh63p2qe62wltct@qk2uz6z3qbr6>
 <Ze_rkIe3b4IN8lRa@root>
 <3fdmcpw5ar4shu4om6ue2xdk7b2jjopuwf2sltf635ewgywbyz@ehjelhcmcwjn>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3fdmcpw5ar4shu4om6ue2xdk7b2jjopuwf2sltf635ewgywbyz@ehjelhcmcwjn>
X-Mailru-Src: smtp
X-4EC0790: 10
X-7564579A: EEAE043A70213CC8
X-77F55803: 4F1203BC0FB41BD93B4404EFBC5FECACA9EC236B2026148BC832E235743ACE29182A05F5380850404C228DA9ACA6FE278B8ED6AA2DAED2E23DE06ABAFEAF670560EDC5FC8BC7E51EE0915A29CD0C3D7055057FA91F6F9B79
X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE731D82F3F177D3BCDEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637B3D52627AD81B52CEA1F7E6F0F101C6723150C8DA25C47586E58E00D9D99D84E1BDDB23E98D2D38B73AB1701401CD87192C3BCC62B70EC1EEB7E6C8D5FE2A0BD6881170BA418B7D4A471835C12D1D9774AD6D5ED66289B5278DA827A17800CE767883B903EA3BAEA9FA2833FD35BB23D2EF20D2F80756B5F868A13BD56FB6657A471835C12D1D977725E5C173C3A84C3ED8438A78DFE0A9E117882F4460429728AD0CFFFB425014E868A13BD56FB6657D81D268191BDAD3DC09775C1D3CA48CF2F36E1858E9CF555BA3038C0950A5D36C8A9BA7A39EFB766D91E3A1F190DE8FDBA3038C0950A5D36D5E8D9A59859A8B66E72AA9E7D514E7076E601842F6C81A1F004C906525384303E02D724532EE2C3F43C7A68FF6260569E8FC8737B5C2249D082881546D93491E827F84554CEF50127C277FBC8AE2E8BA83251EDC214901ED5E8D9A59859A8B6D0C9BB9AE6BD5D69089D37D7C0E48F6C5571747095F342E88FB05168BE4CE3AF
X-C1DE0DAB: 0D63561A33F958A5966620B151BEAAE25002B1117B3ED6963E81674FE417F142886DC9BC01168B20823CB91A9FED034534781492E4B8EEAD0D89974173551D4FBDAD6C7F3747799A
X-C8649E89: 1C3962B70DF3F0ADBF74143AD284FC7177DD89D51EBB7742424CF958EAFF5D571004E42C50DC4CA955A7F0CF078B5EC49A30900B95165D3450C5E6D685282BA16D5EA8FBB0129C3E280C792284AC0304ED1D1278A3A81301DA11B82460D9B1721D7E09C32AA3244CF7FB8EA3A22424F077DD89D51EBB7742793D483639EFEBD1EA455F16B58544A2557BDE0DD54B3590A5AE236DF995FB59829709634694AABAED6A17656DB59BCAD427812AF56FC65B
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojtv/CB9kl0S1kXQ/GGZNDBw==
X-Mailru-Sender: 11C2EC085EDE56FAC07928AF2646A769ECCAEC98A81B070E3DE06ABAFEAF670560EDC5FC8BC7E51EB7CBEF92542CD7C88B0A2698F12F5C9EC77752E0C033A69E86920BD37369036789A8C6A0E60D2BB63A5DB60FBEB33A8A0DA7A0AF5A3A8387
X-Mras: Ok
Subject: Re: [Tarantool-patches] [PATCH luajit] Handle stack reallocation in
 debug.setmetatable() and lua_setmetatable().
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Sergey Kaplun via Tarantool-patches <tarantool-patches@dev.tarantool.org>
Reply-To: Sergey Kaplun <skaplun@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Maxim,

On 12.03.24, Maxim Kokryashkin wrote:
> Hi, Sergey!
> Thanks for the clarifications!
> See my answers below.
> On Tue, Mar 12, 2024 at 08:43:44AM +0300, Sergey Kaplun wrote:
> > Hi, Maxim!
> > Thanks for the review!
> > Please consider my answers below.
> >
> > On 11.03.24, Maxim Kokryashkin wrote:
> > > Hi, Sergey!
> > > Thanks for the patch!
> > > Please consider my comments below.
> > >
> > > The test passes before the patch, as can be seen in CI for this branch:
> > > https://github.com/tarantool/luajit/tree/mkokryashkin/test
> >
> > I see quite the opposite [1][2].
> Then add a comment mentioning that test fails only for the ASAN build.
> It is quite easy to miss.

It is already mentioned at the beggining of the file [1].

> >
> > >
> > > On Mon, Mar 11, 2024 at 01:37:01PM +0300, Sergey Kaplun wrote:
> >
> > <snipped>
> >
> > > > ---

<snipped>

> >
> > > > +local jdump = require('jit.dump')
> > > > +
> > > > +test:plan(1)
> > > > +
> > > > +jdump.start('t', '/dev/null')
> > > Why do we need that call here?
> >
> > Because we need to trigger the VM event, see the comment below.
> Please drop a comment mentioning that.

Sure, see the iterative patch below. Branch is force-pushed.

===================================================================
diff --git a/test/tarantool-tests/lj-1172-debug-handling-ref.test.lua b/test/tarantool-tests/lj-1172-debug-handling-ref.test.lua
index cac1c223..cf892011 100644
--- a/test/tarantool-tests/lj-1172-debug-handling-ref.test.lua
+++ b/test/tarantool-tests/lj-1172-debug-handling-ref.test.lua
@@ -13,6 +13,8 @@ local jdump = require('jit.dump')
 
 test:plan(1)
 
+-- We need to trigger the `TRACE` vmevent handler during
+-- `debug.setmetatable()`. It will cause Lua stack reallocation.
 jdump.start('t', '/dev/null')
 
 -- Use `coroutine.wrap()` to create a new Lua stack with a minimum
===================================================================

> >
> > > > +
> > > > +-- Use `coroutine.wrap()` to create a new Lua stack with a minimum
> > > > +-- number of stack slots.
> > > > +coroutine.wrap(function()
> > > > +  -- "TRACE flush" event handler causes stack reallocation and
> > > How is flush event caused?
> >
> > By the `jit.dump()` as most VM events.
> >
> > > > +  -- leads to heap-use-after-free. This event handler is called
> > > > +  -- because all traces are specialized to base metatables, so
> > > > +  -- if we update any base metatable, we must flush all traces.
> > > > +  debug.setmetatable(1, {})
> > > > +end)()

<snipped>

> > --
> > Best regards,
> > Sergey Kaplun

[1]: https://github.com/tarantool/luajit/blob/fead6df178f5b7a8384e217720647025eaf66e75/test/tarantool-tests/lj-1172-debug-handling-ref.test.lua#L5

-- 
Best regards,
Sergey Kaplun