From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 2FE0FE55AA0; Tue, 10 Sep 2024 13:04:09 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 2FE0FE55AA0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1725962649; bh=ZS9TkVxFhFDtez4ScgQaXhZ/tP5d7m0OekXGGrDf/ac=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=dcVVh0mxdpCAU0lQaCIUPQsuqtHoAg/slMBh4PZa+gPqeBi0VWVmfRVGXqpOoB8Ec XLK5LBX3scp9uk1MaBZeSekK6GSBev9S+70quAuHaiYfrhRcWYjjW/OEILUjLTdpIW rmtkLWjSFdAqnzdWjj6eK5S0yKDPV91ptFXUOGs0= Received: from smtp16.i.mail.ru (smtp16.i.mail.ru [95.163.41.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 90C7C40F5C1 for ; Tue, 10 Sep 2024 13:04:07 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 90C7C40F5C1 Received: by smtp16.i.mail.ru with esmtpa (envelope-from ) id 1snxjC-0000000ENVY-2qOX; Tue, 10 Sep 2024 13:04:07 +0300 Content-Type: multipart/alternative; boundary="------------5W2Ami0S0Qcy3RWhUxj8Uop4" Message-ID: Date: Tue, 10 Sep 2024 13:04:06 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun , Maxim Kokryashkin Cc: tarantool-patches@dev.tarantool.org References: <20240821165250.11087-1-skaplun@tarantool.org> <5f51a9ad-3302-4e0c-8d91-c5a26c147fe2@tarantool.org> In-Reply-To: <5f51a9ad-3302-4e0c-8d91-c5a26c147fe2@tarantool.org> X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD9FD43264444B6060CB4EA74682B446E259610235B7FED9E5E182A05F5380850400D5FE135B2A5904403ED270C30F246C5D1D2CE84C6BF858AC27B9CA53CE4BFF03E51E86926A75756 X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE704BA85F3D5A9F85BEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637DA223B75F41C64628638F802B75D45FF36EB9D2243A4F8B5A6FCA7DBDB1FC311F39EFFDF887939037866D6147AF826D811727C8FFD52A962DA5E672D580D0F592682A0C114232263CC7F00164DA146DAFE8445B8C89999728AA50765F7900637F6B57BC7E64490618DEB871D839B7333395957E7521B51C2DFABB839C843B9C08941B15DA834481F8AA50765F79006374F09588CB15B21E6389733CBF5DBD5E9B5C8C57E37DE458BD9DD9810294C998ED8FC6C240DEA76428AA50765F79006374F6569AC0C4BE657D32BA5DBAC0009BE395957E7521B51C2330BD67F2E7D9AF1090A508E0FED6299176DF2183F8FC7C081C726BC2B329815B3661434B16C20ACC84D3B47A649675FE827F84554CEF5019E625A9149C048EE33AC447995A7AD182BEBFE083D3B9BA73A03B725D353964B2FFDA4F57982C5F435872C767BF85DA227C277FBC8AE2E8BF62623862A568E3375ECD9A6C639B01B4E70A05D1297E1BBCB5012B2E24CD356 X-C1DE0DAB: 0D63561A33F958A57BC30372EA5677DF5002B1117B3ED696AD08C88544928C06886DC9BC01168B20823CB91A9FED034534781492E4B8EEAD09F854029C6BD0DABDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0ADE00A9FD3E00BEEDF3FED46C3ACD6F73ED3581295AF09D3DF87807E0823442EA2ED31085941D9CD0AF7F820E7B07EA4CFDB7202E0EDBCFE9092F4702A24BAA1526C5AFE63768A1BDB3F5B9D81F8C271A230FDAC359DA24632E1F7D290F044BA1AF9AA259E2E571ABF59C983D1E1814A0FA98ED9772E42AFC85F4332CA8FE04980913E6812662D5F2AB9AF64DB4688768036DF5FE9C0001AF333F2C28C22F508233FCF178C6DD14203 X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojNj77dOQFim09sMvJIjgw2A== X-Mailru-Sender: 520A125C2F17F0B1E52FEF5D219D6140668F1A67431EFCED83EB0E73A311AC26A7F18632309CD0480152A3D17938EB451EB5A0BCEC6A560B3DDE9B364B0DF289BE2DA36745F2EEB5CEBA01FB949A1F1EEAB4BC95F72C04283CDA0F3B3F5B9367 X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] FFI: Fix various issues in recff_cdata_arith. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------5W2Ami0S0Qcy3RWhUxj8Uop4 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi, Sergey, On 09.09.2024 18:37, Sergey Bronnikov via Tarantool-patches wrote: > > Hi, Sergey, > > thanks for the patch! see my comments below. > > On 21.08.2024 19:52, Sergey Kaplun wrote: >> From: Mike Pall >> >> Thanks to Sergey Kaplun. >> >> (cherry picked from commit 7a608e4425ce0777f5c980dad9f4fdc1bcce0b8c) >> >> The aforementioned function doesn't handle gentle recording of the cdata >> addition to `nil` or some string, presuming that the interpreter will throw >> an error. This may lead to an assertion due to an uninitialized ctype >> state or an attempt to use in the fold engine the non-cdata summand (casted >> to `IR_KPTR`) as the (invalid) GC pointer. >> >> This patch handles such cases by: >> * Initializing the ctype state where it is needed. >> * Raising an error when the argument has a suspicious type. Since the >> interpreter will throw the error anyway, these traces will abort >> anyway. >> >> Sergey Kaplun: >> * added the description and the test for the problem >> >> Part of tarantool/tarantool#10199 >> --- >> >> Branch:https://github.com/tarantool/luajit/tree/skaplun/lj-1224-fix-jit-cdata-arith >> Related issues: >> *https://github.com/tarantool/tarantool/issues/10199 >> *https://github.com/LuaJIT/LuaJIT/issues/1224 >> >> src/lj_crecord.c | 10 ++-- >> .../lj-1224-fix-cdata-arith-ptr.test.lua | 48 +++++++++++++++++++ > > This test does not fail without fix (but repro from the issue does): > > [0] ~/sources/MRG/tarantool/third_party/luajit $ > ./build/gc64/src/luajit -Ohotloop=1 -e " > repeat >   r = 1LL + nil > until true > " > LuaJIT ASSERT > /home/sergeyb/sources/MRG/tarantool/third_party/luajit/src/lj_ctype.c:185: > lj_ctype_intern: uninitialized cts->L > Aborted > [0] ~/sources/MRG/tarantool/third_party/luajit $ > ./build/gc64/src/luajit > test/tarantool-tests/lj-1224-fix-cdata-arith-ptr.test.lua > TAP version 13 > 1..2 >     # cdata arithmetic with nil > 1..2 >     ok - correct recording error with bad cdata arithmetic >     ok - correct error message >     # cdata arithmetic with nil: end > ok - cdata arithmetic with nil >     # cdata arithmetic with string >     1..2 >     ok - correct recording error with bad cdata arithmetic >     ok - correct error message >     # cdata arithmetic with string: end > ok - cdata arithmetic with string > [0] ~/sources/MRG/tarantool/third_party/luajit $ > With GC64 only (LUAJIT_ENABLE_GC64). --------------5W2Ami0S0Qcy3RWhUxj8Uop4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi, Sergey,

On 09.09.2024 18:37, Sergey Bronnikov via Tarantool-patches wrote:

Hi, Sergey,

thanks for the patch! see my comments below.

On 21.08.2024 19:52, Sergey Kaplun wrote:
From: Mike Pall <mike>

Thanks to Sergey Kaplun.

(cherry picked from commit 7a608e4425ce0777f5c980dad9f4fdc1bcce0b8c)

The aforementioned function doesn't handle gentle recording of the cdata
addition to `nil` or some string, presuming that the interpreter will throw
an error. This may lead to an assertion due to an uninitialized ctype
state or an attempt to use in the fold engine the non-cdata summand (casted
to `IR_KPTR`) as the (invalid) GC pointer.

This patch handles such cases by:
* Initializing the ctype state where it is needed.
* Raising an error when the argument has a suspicious type. Since the
  interpreter will throw the error anyway, these traces will abort
  anyway.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#10199
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1224-fix-jit-cdata-arith
Related issues:
* https://github.com/tarantool/tarantool/issues/10199
* https://github.com/LuaJIT/LuaJIT/issues/1224

 src/lj_crecord.c                              | 10 ++--
 .../lj-1224-fix-cdata-arith-ptr.test.lua      | 48 +++++++++++++++++++

This test does not fail without fix (but repro from the issue does):

[0] ~/sources/MRG/tarantool/third_party/luajit $ ./build/gc64/src/luajit -Ohotloop=1 -e "
repeat                                                              
  r = 1LL + nil                                                      
until true                                                          
"                                                                   
LuaJIT ASSERT /home/sergeyb/sources/MRG/tarantool/third_party/luajit/src/lj_ctype.c:185: lj_ctype_intern: uninitialized cts->L         
Aborted                    
[0] ~/sources/MRG/tarantool/third_party/luajit $ ./build/gc64/src/luajit test/tarantool-tests/lj-1224-fix-cdata-arith-ptr.test.lua
TAP version 13                                                      
1..2                                                                                                                                    
    # cdata arithmetic with nil                                     
    1..2                                                            
    ok - correct recording error with bad cdata arithmetic
    ok - correct error message
    # cdata arithmetic with nil: end                                                                                                    
ok - cdata arithmetic with nil                                      
    # cdata arithmetic with string
    1..2
    ok - correct recording error with bad cdata arithmetic
    ok - correct error message
    # cdata arithmetic with string: end
ok - cdata arithmetic with string
[0] ~/sources/MRG/tarantool/third_party/luajit $


With GC64 only (LUAJIT_ENABLE_GC64).


<snipped>

--------------5W2Ami0S0Qcy3RWhUxj8Uop4--