From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from [87.239.111.99] (localhost [127.0.0.1]) by dev.tarantool.org (Postfix) with ESMTP id 8D84A1BC9DD9; Fri, 13 Mar 2026 14:05:30 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 8D84A1BC9DD9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev; t=1773399930; bh=yD0xgm20jPcJN4rO1+1Kqqx74BCCihWl3vj9nmuFi+Q=; h=Date:To:Cc:References:In-Reply-To:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=B9OzjIfn5rt7Q8WJkPouJWqpXFv+wIiOCxEWWMkLbg1w04Of1tfjOfRPHGaNGr8O6 Qwypekiv9Gcvo49YMdbCKitUZ8bw2Zxg82jd+uwFj9I6cO5B/VLDJSETH6d7pNqIkw U850Qk9kjJxMWyINYCet80qi+mAM19w1JXr6CX7U= Received: from send59.i.mail.ru (send59.i.mail.ru [89.221.237.154]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id DC3A91BC9DD8 for ; Fri, 13 Mar 2026 14:05:29 +0300 (MSK) DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org DC3A91BC9DD8 Received: by exim-smtp-64cdfc6c8d-dljnj with esmtpa (envelope-from ) id 1w10Kf-00000000ExI-08Zi; Fri, 13 Mar 2026 14:05:29 +0300 Content-Type: multipart/alternative; boundary="------------FlN70kubiToSgTuR9BlupN3S" Message-ID: Date: Fri, 13 Mar 2026 14:05:28 +0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: Sergey Kaplun Cc: tarantool-patches@dev.tarantool.org References: <20260312085017.17591-1-skaplun@tarantool.org> In-Reply-To: <20260312085017.17591-1-skaplun@tarantool.org> X-Mailru-Src: smtp X-4EC0790: 10 X-7564579A: 78E4E2B564C1792B X-77F55803: 4F1203BC0FB41BD91ABAE9865AC7DC88BD54C5F887CB8E9D602A16ED4787C41D182A05F538085040D839229FA4D7AE543DE06ABAFEAF67051F527771C1235FD6F500F4C2AD932B6576BFA05F37B44EAE X-7FA49CB5: FF5795518A3D127A4AD6D5ED66289B5278DA827A17800CE79961E86438F5BDAEEA1F7E6F0F101C67BD4B6F7A4D31EC0BCC500DACC3FED6E28638F802B75D45FF8AA50765F7900637AC83A81C8FD4AD23D82A6BABE6F325AC2E85FA5F3EDFCBAA7353EFBB553375661EAFBE79684C2D41F221A2F009228C6E4E1A522FEC8C201C71FFA6EBA5529048389733CBF5DBD5E913377AFFFEAFD269176DF2183F8FC7C0ECC8AC47CD0EDEFF8941B15DA834481FCF19DD082D7633A0EF3E4896CB9E6436389733CBF5DBD5E9D5E8D9A59859A8B6F459A8243F1D1D44CC7F00164DA146DA6F5DAA56C3B73B237318B6A418E8EAB86D1867E19FE14079C09775C1D3CA48CF3D321E7403792E342EB15956EA79C166A417C69337E82CC275ECD9A6C639B01B78DA827A17800CE778B471BB9634AD8A731C566533BA786AA5CC5B56E945C8DA X-C1DE0DAB: 0D63561A33F958A58270A7F482F2068C5002B1117B3ED696E60D57956A39EE9AB2920F75BA9A967F823CB91A9FED034534781492E4B8EEAD09F854029C6BD0DABDAD6C7F3747799A X-C8649E89: 1C3962B70DF3F0AD73CAD6646DEDE191716CD42B3DD1D34CAB70F9BE574AE9C625B6776AC983F447FC0B9F89525902EE6F57B2FD27647F25E66C117BDB76D659A5E92C552FBA4DAA3D26C9D6F8FCFA2534DBF02F417DA3A3F9CD2F8B7BA93988F48A1EEB2DF17F3BB8341EE9D5BE9A0A629F1231218CBE429B33118118A933461B24520EF923F6C58CD93680B12512CF4C41F94D744909CE2512F26BEC029E55448553D2254B8D95CD72808BE417F3B9E0E7457915DAA85F X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu53w8ahmwBjZKM/YPHZyZHvz5uv+WouB9+ObcCpyrx6l7KImUglyhkEat/+ysWwi0gdhEs0JGjl6ggRWTy1haxBpVdbIX1nthFXMZebaIdHP2ghjoIc/363UZI6Kf1ptIMVdbVVJCphTR/SipWPs8vwLY= X-DA7885C5: 230618796595D6B8F255D290C0D534F9D90E0E3D92E61927C9E66C994FAB55C2FA83E8544671D12F5B1A4C17EAA7BC4BEF2421ABFA55128DAF83EF9164C44C7E X-Mailru-Sender: 689FA8AB762F7393520AF17B8A65FDE270EF7A846BEA4E96FF85BCA3C7F39F2EC897B846089B269AEF86D5F70DA33880E41E8EF7A07863ECB274557F927329BE2DDF8182D28ACDB545BD1C3CC395C826B4A721A3011E896F X-Mras: Ok Subject: Re: [Tarantool-patches] [PATCH luajit] MIPS64: Avoid unaligned load in lj_vm_exit_interp. X-BeenThere: tarantool-patches@dev.tarantool.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Sergey Bronnikov via Tarantool-patches Reply-To: Sergey Bronnikov Errors-To: tarantool-patches-bounces@dev.tarantool.org Sender: "Tarantool-patches" This is a multi-part message in MIME format. --------------FlN70kubiToSgTuR9BlupN3S Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi, Sergey, thanks for the patch! LGTM Sergey On 3/12/26 11:50, Sergey Kaplun wrote: > From: Mike Pall > > Thanks to Sergey Kaplun. > > (cherry picked from commit 2aec641e01ab80e86ea75d944c0919fa6c03c37c) > > MIPS processors originally required all memory accesses to be naturally > aligned. If we use ld instruction to load a double-word from the address > which is word-aligned, MIPS raises the exception SIGBUS. When exiting > the interpreter, if the current function is a fast function, the code in > the `lj_vm_exit_interp()` throws SIGBUS. The pc field for the fast > function points to the word-aligned bytecodes for ASM fast functions, > and PC2PROTO offset is double-word-aligned. The resulting address is > somewhere in the dispatch table. Hence, some (odd-indexed) fast function > access leads to the BUS error. For other architectures the load from > unaligned access is not a problem so there are no exceptions. > > This patch prevents unaligned memory access by address loading only > after fast-function checks. > > Sergey Kaplun: > * added the description and the test for the problem > > Part of tarantool/tarantool#12134 > --- > > Branch:https://github.com/tarantool/luajit/tree/skaplun/lj-1428-mips64-bus-error-stitch > Related issues: > *https://github.com/LuaJIT/LuaJIT/issues/1428 > *https://github.com/tarantool/tarantool/issues/12134 > > How to reproduce locally: > > | make -j HOST_CC="gcc " CROSS=mips64el-unknown-linux-gnu- -f Makefile.original CCDEBUG=" -g -ggdb3" CFLAGS=" -O0" XCFLAGS=" -DLUA_USE_APICHECK -DLUA_USE_ASSERT " > | LUA_PATH="src/?.lua;test/tarantool-tests/?.lua;;" LD_LIBRARY_PATH="/usr/lib/gcc/mips64el-unknown-linux-gnu/15/" qemu-mips64el -L /usr/mips64el-unknown-linux-gnu/ src/luajit test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua > > src/vm_mips64.dasc | 8 ++--- > .../lj-1428-mips64-bus-error-stitch.test.lua | 33 +++++++++++++++++++ > 2 files changed, 37 insertions(+), 4 deletions(-) > create mode 100644 test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua > > diff --git a/src/vm_mips64.dasc b/src/vm_mips64.dasc > index 34da6473..36250ab3 100644 > --- a/src/vm_mips64.dasc > +++ b/src/vm_mips64.dasc > @@ -2575,9 +2575,8 @@ static void build_subroutines(BuildCtx *ctx) > | li TISNIL, LJ_TNIL > | li TISNUM, LJ_TISNUM // Setup type comparison constants. > | .FPU mtc1 TMP3, TOBIT > - | ld TMP1,LFUNC:RB->pc > + | ld TMP3,LFUNC:RB->pc > | sd r0, DISPATCH_GL(jit_base)(DISPATCH) > - | ld KBASE, PC2PROTO(k)(TMP1) > | .FPU cvt.d.s TOBIT, TOBIT > | // Modified copy of ins_next which handles function header dispatch, too. > | lw INS, 0(PC) > @@ -2593,6 +2592,7 @@ static void build_subroutines(BuildCtx *ctx) > | decode_RA8a RA, INS > | beqz TMP2, >2 > |. decode_RA8b RA > + | ld KBASE, PC2PROTO(k)(TMP3) > | jr AT > |. decode_RD8b RD > |2: > @@ -2610,8 +2610,8 @@ static void build_subroutines(BuildCtx *ctx) > | dsubu TMP1, BASE, TMP0 > | ldLFUNC:TMP2, -32(TMP1) > | cleartpLFUNC:TMP2 > - | ld TMP1,LFUNC:TMP2->pc > - | ld KBASE, PC2PROTO(k)(TMP1) > + | ld TMP3,LFUNC:TMP2->pc > + | ld KBASE, PC2PROTO(k)(TMP3) > |3: > | daddiu RC, MULTRES, -8 > | jr AT > diff --git a/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua b/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua > new file mode 100644 > index 00000000..a81051c6 > --- /dev/null > +++ b/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua > @@ -0,0 +1,33 @@ > +local tap = require('tap') > + > +-- The test file to demonstrate the incorrect exit to the > +-- interpreter into fast functions on mips64. > +-- See alsohttps://github.com/LuaJIT/LuaJIT/issues/1428. > + > +local test = tap.test('lj-1428-mips64-bus-error-stitch'):skipcond({ > + ['Test requires JIT enabled'] = not jit.status(), > +}) > + > +test:plan(1) > + > +local function always_number(val) > + return tonumber(val) or 1 > +end > + > +jit.opt.start('hotloop=1') > + > +-- `tonumber()` with a string argument produces stitching and > +-- exits to the interpreter after that. > +-- On mips64 the `PC2PROTO` offset leads to an unaligned address > +-- for this fast function. > + > +always_number('') > +always_number('') > + > +-- Start the stitched trace and exit to the interpreter. > +-- Leads to the Bus error on mips64 before the patch. > +always_number('') > + > +test:ok(true, 'no bus error') > + > +test:done(true) --------------FlN70kubiToSgTuR9BlupN3S Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit

Hi, Sergey,

thanks for the patch! LGTM

Sergey

On 3/12/26 11:50, Sergey Kaplun wrote:
From: Mike Pall <mike>

Thanks to Sergey Kaplun.

(cherry picked from commit 2aec641e01ab80e86ea75d944c0919fa6c03c37c)

MIPS processors originally required all memory accesses to be naturally
aligned. If we use ld instruction to load a double-word from the address
which is word-aligned, MIPS raises the exception SIGBUS. When exiting
the interpreter, if the current function is a fast function, the code in
the `lj_vm_exit_interp()` throws SIGBUS. The pc field for the fast
function points to the word-aligned bytecodes for ASM fast functions,
and PC2PROTO offset is double-word-aligned. The resulting address is
somewhere in the dispatch table. Hence, some (odd-indexed) fast function
access leads to the BUS error. For other architectures the load from
unaligned access is not a problem so there are no exceptions.

This patch prevents unaligned memory access by address loading only
after fast-function checks.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#12134
---

Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1428-mips64-bus-error-stitch
Related issues:
* https://github.com/LuaJIT/LuaJIT/issues/1428
* https://github.com/tarantool/tarantool/issues/12134

How to reproduce locally:

| make -j HOST_CC="gcc " CROSS=mips64el-unknown-linux-gnu- -f Makefile.original CCDEBUG=" -g -ggdb3" CFLAGS=" -O0" XCFLAGS=" -DLUA_USE_APICHECK -DLUA_USE_ASSERT "
| LUA_PATH="src/?.lua;test/tarantool-tests/?.lua;;" LD_LIBRARY_PATH="/usr/lib/gcc/mips64el-unknown-linux-gnu/15/" qemu-mips64el -L /usr/mips64el-unknown-linux-gnu/ src/luajit test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua

 src/vm_mips64.dasc                            |  8 ++---
 .../lj-1428-mips64-bus-error-stitch.test.lua  | 33 +++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)
 create mode 100644 test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua

diff --git a/src/vm_mips64.dasc b/src/vm_mips64.dasc
index 34da6473..36250ab3 100644
--- a/src/vm_mips64.dasc
+++ b/src/vm_mips64.dasc
@@ -2575,9 +2575,8 @@ static void build_subroutines(BuildCtx *ctx)
   |    li TISNIL, LJ_TNIL
   |     li TISNUM, LJ_TISNUM		// Setup type comparison constants.
   |    .FPU mtc1 TMP3, TOBIT
-  |  ld TMP1, LFUNC:RB->pc
+  |  ld TMP3, LFUNC:RB->pc
   |   sd r0, DISPATCH_GL(jit_base)(DISPATCH)
-  |  ld KBASE, PC2PROTO(k)(TMP1)
   |    .FPU cvt.d.s TOBIT, TOBIT
   |  // Modified copy of ins_next which handles function header dispatch, too.
   |  lw INS, 0(PC)
@@ -2593,6 +2592,7 @@ static void build_subroutines(BuildCtx *ctx)
   |   decode_RA8a RA, INS
   |    beqz TMP2, >2
   |.  decode_RA8b RA
+  |  ld KBASE, PC2PROTO(k)(TMP3)
   |  jr AT
   |.  decode_RD8b RD
   |2:
@@ -2610,8 +2610,8 @@ static void build_subroutines(BuildCtx *ctx)
   |  dsubu TMP1, BASE, TMP0
   |  ld LFUNC:TMP2, -32(TMP1)
   |  cleartp LFUNC:TMP2
-  |  ld TMP1, LFUNC:TMP2->pc
-  |  ld KBASE, PC2PROTO(k)(TMP1)
+  |  ld TMP3, LFUNC:TMP2->pc
+  |  ld KBASE, PC2PROTO(k)(TMP3)
   |3:
   |  daddiu RC, MULTRES, -8
   |  jr AT
diff --git a/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua b/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua
new file mode 100644
index 00000000..a81051c6
--- /dev/null
+++ b/test/tarantool-tests/lj-1428-mips64-bus-error-stitch.test.lua
@@ -0,0 +1,33 @@
+local tap = require('tap')
+
+-- The test file to demonstrate the incorrect exit to the
+-- interpreter into fast functions on mips64.
+-- See also https://github.com/LuaJIT/LuaJIT/issues/1428.
+
+local test = tap.test('lj-1428-mips64-bus-error-stitch'):skipcond({
+  ['Test requires JIT enabled'] = not jit.status(),
+})
+
+test:plan(1)
+
+local function always_number(val)
+  return tonumber(val) or 1
+end
+
+jit.opt.start('hotloop=1')
+
+-- `tonumber()` with a string argument produces stitching and
+-- exits to the interpreter after that.
+-- On mips64 the `PC2PROTO` offset leads to an unaligned address
+-- for this fast function.
+
+always_number('')
+always_number('')
+
+-- Start the stitched trace and exit to the interpreter.
+-- Leads to the Bus error on mips64 before the patch.
+always_number('')
+
+test:ok(true, 'no bus error')
+
+test:done(true)
--------------FlN70kubiToSgTuR9BlupN3S--