From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tarantool-patches-bounces@dev.tarantool.org>
Received: from [87.239.111.99] (localhost [127.0.0.1])
	by dev.tarantool.org (Postfix) with ESMTP id 58B765B161D;
	Wed, 16 Aug 2023 15:25:36 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org 58B765B161D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=tarantool.org; s=dev;
	t=1692188736; bh=qyQBVTrWkHcEidi/QhCJUinAsSpJb5jKa0vnHgJQJ18=;
	h=Date:To:References:In-Reply-To:Subject:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc:
	 From;
	b=wJpbJ1fKt01tHWTLy/zPCCY1n5F7n2yYB1Qf1FfCsKFERf59YZtnFiCPnunCGT/tV
	 RWRgxSGiz28yuzb+cXiE0ID1kQy46dAQpFjl41oVadlzb0rMOhfI+r3UcdW8WPvs1K
	 BigU2So+HJ5lKapeM+jBmAEP/vSUD+OYe2UjXmvI=
Received: from smtp57.i.mail.ru (smtp57.i.mail.ru [95.163.41.95])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by dev.tarantool.org (Postfix) with ESMTPS id AE78054EB90
 for <tarantool-patches@dev.tarantool.org>;
 Wed, 16 Aug 2023 15:25:35 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.11.0 dev.tarantool.org AE78054EB90
Received: by smtp57.i.mail.ru with esmtpa (envelope-from
 <m.kokryashkin@tarantool.org>)
 id 1qWFaf-00AAeK-1N; Wed, 16 Aug 2023 15:25:33 +0300
Date: Wed, 16 Aug 2023 15:25:33 +0300
To: Sergey Kaplun <skaplun@tarantool.org>
Message-ID: <oahff3blnfyf43ke72ol7pn6gtfvj54hw6jiimgjqza4ef2ymn@jrd3ga647jct>
References: <20230815142541.29855-1-skaplun@tarantool.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20230815142541.29855-1-skaplun@tarantool.org>
X-Mailru-Src: smtp
X-7564579A: EEAE043A70213CC8
X-77F55803: 4F1203BC0FB41BD93AA62145E837FE28E96D0DBF739299FC3DB55B78047F7EFC182A05F5380850404C228DA9ACA6FE2771CF9564F69657BE78D9867FD47AAEA74717B861284B0B827FF9623D647F4B22
X-C1DE0DAB: 0D63561A33F958A5BF93C89C6A42550C1478B3D248AE44171FD73F860CF6432CF87CCE6106E1FC07E67D4AC08A07B9B0735DFC8FA7AC1207CB5012B2E24CD356
X-C8649E89: 1C3962B70DF3F0AD5177F0B940C8B66ECE892A7B2722663E91682638B966EB3F662256BEEFA9527FBF635DABE25A047BB8B400818E24F5B8B13E69C1E85AEFBF7844D83E3909C83C9E65F8CE91EE227737FD76D11AF80A0DF468F36FA21D625A0C9528480C8AA0D9EA455F16B58544A2557BDE0DD54B3590965026E5D17F6739C77C69D99B9914278E50E1F0597A6FD5CD72808BE417F3B9E0E7457915DAA85F
X-D57D3AED: 3ZO7eAau8CL7WIMRKs4sN3D3tLDjz0dLbV79QFUyzQ2Ujvy7cMT6pYYqY16iZVKkSc3dCLJ7zSJH7+u4VD18S7Vl4ZUrpaVfd2+vE6kuoey4m4VkSEu530nj6fImhcD4MUrOEAnl0W826KZ9Q+tr5ycPtXkTV4k65bRjmOUUP8cvGozZ33TWg5HZplvhhXbhDGzqmQDTd6OAevLeAnq3Ra9uf7zvY2zzsIhlcp/Y7m53TZgf2aB4JOg4gkr2biojHVl7ekwB6hjx6wygtblPgg==
X-Mailru-Sender: 11C2EC085EDE56FA38FD4C59F7EFE407541106A3EDF1A80E3629D41721A4F7188EE157D5E0A256CDD51284F0FE6F529ABC7555A253F5B200DF104D74F62EE79D27EC13EC74F6107F4198E0F3ECE9B5443453F38A29522196
X-Mras: OK
Subject: Re: [Tarantool-patches] [PATCH luajit] Fix predict_next() in parser.
X-BeenThere: tarantool-patches@dev.tarantool.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Tarantool development patches <tarantool-patches.dev.tarantool.org>
List-Unsubscribe: <https://lists.tarantool.org/mailman/options/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=unsubscribe>
List-Archive: <https://lists.tarantool.org/pipermail/tarantool-patches/>
List-Post: <mailto:tarantool-patches@dev.tarantool.org>
List-Help: <mailto:tarantool-patches-request@dev.tarantool.org?subject=help>
List-Subscribe: <https://lists.tarantool.org/mailman/listinfo/tarantool-patches>, 
 <mailto:tarantool-patches-request@dev.tarantool.org?subject=subscribe>
From: Maxim Kokryashkin via Tarantool-patches
 <tarantool-patches@dev.tarantool.org>
Reply-To: Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Errors-To: tarantool-patches-bounces@dev.tarantool.org
Sender: "Tarantool-patches" <tarantool-patches-bounces@dev.tarantool.org>

Hi, Sergey!
Thanks for the patch!
LGTM, except for a few nits below.
On Tue, Aug 15, 2023 at 05:25:41PM +0300, Sergey Kaplun wrote:
> From: Mike Pall <mike>
> 
> Reported by Sergey Kaplun.
> 
> (cherry-picked from commit caf7cbc57c945f7b68871ad72abafb2b6e6fb7f5)
> 
> Assume, we have the following Lua code:
> | local _
> | for _ in (nil):foo() do end
> 
> The first part of the bytecode emitted for it is the following:
> | 0001    KNIL     0   1
> | 0002    MOV      2   1
> | 0003    TGETS    1   1   0  ; "foo"
> | 0004    CALL     1   4   2
> 
> The `0001 KNIL` is a result of merging two `KPRI` instructions: one for
> the local variable, one for the slot with `nil` object. During parsing in
> `predict_next()` the second `MOV` bytecode is examined to set `pairs` or
> `next` local variable. But, as far as it moves `nil` value, that isn't
> an actual variable, so it has no the name this leads to the crash.
Typo: s/variable, so it/variable and/
Typo: s/the name this/name, that move/
> 
> This patch adds the check to be sure that `RD` in the `MOV` bytecode is
Typo: s/the check/a check/
> an actual variable.
Please mention the lj_bc.h here, so it is obvious what `RD` is.
> 
> Sergey Kaplun:
> * added the description and the test for the problem
> 
> Part of tarantool/tarantool#8825
> ---
> 
> Branch: https://github.com/tarantool/luajit/tree/skaplun/lj-1033-fix-parsing-predict-next
> PR: https://github.com/tarantool/tarantool/pull/8987
> Related issues:
> * https://github.com/LuaJIT/LuaJIT/issues/1033
> * https://github.com/tarantool/tarantool/issues/8825
> 
>  src/lj_parse.c                                |  1 +
>  .../lj-1033-fix-parsing-predict-next.test.lua | 30 +++++++++++++++++++
>  2 files changed, 31 insertions(+)
>  create mode 100644 test/tarantool-tests/lj-1033-fix-parsing-predict-next.test.lua
> 
> diff --git a/src/lj_parse.c b/src/lj_parse.c
> index 3f6caaec..420b95cb 100644
> --- a/src/lj_parse.c
> +++ b/src/lj_parse.c
> @@ -2532,6 +2532,7 @@ static int predict_next(LexState *ls, FuncState *fs, BCPos pc)
>    cTValue *o;
>    switch (bc_op(ins)) {
>    case BC_MOV:
> +    if (bc_d(ins) >= fs->nactvar) return 0;
>      name = gco2str(gcref(var_get(ls, fs, bc_d(ins)).name));
>      break;
>    case BC_UGET:
> diff --git a/test/tarantool-tests/lj-1033-fix-parsing-predict-next.test.lua b/test/tarantool-tests/lj-1033-fix-parsing-predict-next.test.lua
> new file mode 100644
> index 00000000..624344eb
> --- /dev/null
> +++ b/test/tarantool-tests/lj-1033-fix-parsing-predict-next.test.lua
> @@ -0,0 +1,30 @@
> +local tap = require('tap')
> +local test = tap.test('lj-1033-fix-parsing-predict-next')
> +
> +test:plan(3)
> +
> +local res_f = loadstring([[
> +-- This local variable is necessary, because it emits `KPRI`
> +-- bytecode, with which the next `KPRI` bytecode will be merged.
> +--
> +-- The resulting bytecode is the following:
> +--
> +-- 0001    KNIL     0   1
> +-- 0002    MOV      2   1
> +-- 0003    TGETS    1   1   0  ; "foo"
> +-- 0004    CALL     1   4   2
> +--
> +-- This MOV don't use any variable value from the stack, so the
Typo: s/don't/doesn't/
> +-- attempt to get the name in `predict_next() leads to the crash.
> +local _
> +for _ in (nil):foo() do end
> +]])
> +
> +test:ok(res_f, 'chunk loaded sucsessfully')
> +
> +local res, err = pcall(res_f)
> +
> +test:ok(not res, 'loaded function not executed')
> +test:like(err, 'attempt to index a nil value', 'correct error message')
> +
> +test:done(true)
> -- 
> 2.41.0
>