Hi, Sergey,

On 09.09.2024 18:37, Sergey Bronnikov via Tarantool-patches wrote:

Hi, Sergey,

thanks for the patch! see my comments below.

On 21.08.2024 19:52, Sergey Kaplun wrote:
From: Mike Pall <mike>

Thanks to Sergey Kaplun.

(cherry picked from commit 7a608e4425ce0777f5c980dad9f4fdc1bcce0b8c)

The aforementioned function doesn't handle gentle recording of the cdata
addition to `nil` or some string, presuming that the interpreter will throw
an error. This may lead to an assertion due to an uninitialized ctype
state or an attempt to use in the fold engine the non-cdata summand (casted
to `IR_KPTR`) as the (invalid) GC pointer.

This patch handles such cases by:
* Initializing the ctype state where it is needed.
* Raising an error when the argument has a suspicious type. Since the
  interpreter will throw the error anyway, these traces will abort
  anyway.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1224-fix-jit-cdata-arith
Related issues:
* https://github.com/tarantool/tarantool/issues/10199
* https://github.com/LuaJIT/LuaJIT/issues/1224

 src/lj_crecord.c                              | 10 ++--
 .../lj-1224-fix-cdata-arith-ptr.test.lua      | 48 +++++++++++++++++++

This test does not fail without fix (but repro from the issue does):

[0] ~/sources/MRG/tarantool/third_party/luajit $ ./build/gc64/src/luajit -Ohotloop=1 -e "
repeat                                                              
  r = 1LL + nil                                                      
until true                                                          
"                                                                   
LuaJIT ASSERT /home/sergeyb/sources/MRG/tarantool/third_party/luajit/src/lj_ctype.c:185: lj_ctype_intern: uninitialized cts->L         
Aborted                    
[0] ~/sources/MRG/tarantool/third_party/luajit $ ./build/gc64/src/luajit test/tarantool-tests/lj-1224-fix-cdata-arith-ptr.test.lua
TAP version 13                                                      
1..2                                                                                                                                    
    # cdata arithmetic with nil                                     
    1..2                                                            
    ok - correct recording error with bad cdata arithmetic
    ok - correct error message
    # cdata arithmetic with nil: end                                                                                                    
ok - cdata arithmetic with nil                                      
    # cdata arithmetic with string
    1..2
    ok - correct recording error with bad cdata arithmetic
    ok - correct error message
    # cdata arithmetic with string: end
ok - cdata arithmetic with string
[0] ~/sources/MRG/tarantool/third_party/luajit $


With GC64 only (LUAJIT_ENABLE_GC64).


<snipped>