8815439561

Committed 24 Apr 2024 10:50AM UTC coverage: 92.536% (-0.04%) from 92.58%

Build # 8815439561

Build Type

push

github

Committed by

Buristan

Commit Message

Correct fix for stack check when recording BC_VARG.

Reported by Yichun Zhang.

(cherry picked from commit b2791179e)

This patch is a follow-up to the commit
5f0a43ace ("bugfix: fixed assertion
failure "lj_record.c:92: rec_check_slots: Assertion `nslots <= 250'
failed" found by stressing our edgelang compiler."), which is identical
to the commit e0388e6c0 ("Fix stack check
when recording BC_VARG.)" from the upstream. The error is raised too
late, when buffer overflow of `J->slot` has already occurred and data in
the `jit_State` structure is corrupted.

This patch moves the corresponding check before using the `J->slot`
buffer. The `J->maxslot` may overflow the buffer only in cases where the
amount of the vararg results is unknown. The check is used only in this
case since the trace recording for the undefined-on-trace varargs is not
yet implemented for an unknown amount of varargs.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#9924

Reviewed-by: Maxim Kokryashkin <m.kokryashkin@tarantool.org>
Reviewed-by: Sergey Bronnikov <sergeyb@tarantool.org>
Signed-off-by: Sergey Kaplun <skaplun@tarantool.org>

Run Details

5657 of 6018 branches covered (94.0%)

Branch coverage included in aggregate %.

2 of 2 new or added lines in 1 file covered. (100.0%)

16 existing lines in 6 files now uncovered.

21581 of 23417 relevant lines covered (92.16%)

2947151.49 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.11

/src/lj_vmmath.c

/*
** Math helper functions for assembler VM.
** Copyright (C) 2005-2017 Mike Pall. See Copyright Notice in luajit.h
*/

#define lj_vmmath_c
#define LUA_CORE

#include <errno.h>
#include <math.h>

#include "lj_obj.h"
#include "lj_ir.h"
#include "lj_vm.h"

/* -- Wrapper functions --------------------------------------------------- */

#if LJ_TARGET_X86 && __ELF__ && __PIC__
/* Wrapper functions to deal with the ELF/x86 PIC disaster. */
LJ_FUNCA double lj_wrap_log(double x) { return log(x); }
LJ_FUNCA double lj_wrap_log10(double x) { return log10(x); }
LJ_FUNCA double lj_wrap_exp(double x) { return exp(x); }
LJ_FUNCA double lj_wrap_sin(double x) { return sin(x); }
LJ_FUNCA double lj_wrap_cos(double x) { return cos(x); }
LJ_FUNCA double lj_wrap_tan(double x) { return tan(x); }
LJ_FUNCA double lj_wrap_asin(double x) { return asin(x); }
LJ_FUNCA double lj_wrap_acos(double x) { return acos(x); }
LJ_FUNCA double lj_wrap_atan(double x) { return atan(x); }
LJ_FUNCA double lj_wrap_sinh(double x) { return sinh(x); }
LJ_FUNCA double lj_wrap_cosh(double x) { return cosh(x); }
LJ_FUNCA double lj_wrap_tanh(double x) { return tanh(x); }
LJ_FUNCA double lj_wrap_atan2(double x, double y) { return atan2(x, y); }
LJ_FUNCA double lj_wrap_pow(double x, double y) { return pow(x, y); }
LJ_FUNCA double lj_wrap_fmod(double x, double y) { return fmod(x, y); }
#endif

/* -- Helper functions ---------------------------------------------------- */

double lj_vm_foldarith(double x, double y, int op)
{
  switch (op) {
  case IR_ADD - IR_ADD: return x+y; break;
  case IR_SUB - IR_ADD: return x-y; break;
  case IR_MUL - IR_ADD: return x*y; break;
  case IR_DIV - IR_ADD: return x/y; break;
  case IR_MOD - IR_ADD: return x-lj_vm_floor(x/y)*y; break;
  case IR_POW - IR_ADD: return pow(x, y); break;
  case IR_NEG - IR_ADD: return -x; break;
  case IR_ABS - IR_ADD: return fabs(x); break;
#if LJ_HASJIT
  case IR_LDEXP - IR_ADD: return ldexp(x, (int)y); break;
  case IR_MIN - IR_ADD: return x < y ? x : y; break;
  case IR_MAX - IR_ADD: return x > y ? x : y; break;
#endif
  default: return x;
  }
}

/* -- Helper functions for generated machine code ------------------------- */

#if (LJ_HASJIT && !(LJ_TARGET_ARM || LJ_TARGET_ARM64 || LJ_TARGET_PPC)) || LJ_TARGET_MIPS
int32_t LJ_FASTCALL lj_vm_modi(int32_t a, int32_t b)
{
  uint32_t y, ua, ub;
  /* This must be checked before using this function. */
  lj_assertX(b != 0, "modulo with zero divisor");
  ua = a < 0 ? (uint32_t)-a : (uint32_t)a;
  ub = b < 0 ? (uint32_t)-b : (uint32_t)b;
  y = ua % ub;
  if (y != 0 && (a^b) < 0) y = y - ub;
  if (((int32_t)y^b) < 0) y = (uint32_t)-(int32_t)y;
  return (int32_t)y;
}
#endif

#if LJ_HASJIT

#ifdef LUAJIT_NO_LOG2
double lj_vm_log2(double a)
{
  return log(a) * 1.4426950408889634074;
}
#endif

/* Computes fpm(x) for extended math functions. */
double lj_vm_foldfpm(double x, int fpm)
{
  switch (fpm) {
  case IRFPM_FLOOR: return lj_vm_floor(x);
  case IRFPM_CEIL: return lj_vm_ceil(x);
  case IRFPM_TRUNC: return lj_vm_trunc(x);
  case IRFPM_SQRT: return sqrt(x);
  case IRFPM_LOG: return log(x);
  case IRFPM_LOG2: return lj_vm_log2(x);
  default: lj_assertX(0, "bad fpm %d", fpm);
  }
  return 0;
}

#if LJ_HASFFI
int lj_vm_errno(void)
{
  return errno;
}
#endif

#endif

1	/*
2	** Math helper functions for assembler VM.
3	** Copyright (C) 2005-2017 Mike Pall. See Copyright Notice in luajit.h
4	*/
5
6	#define lj_vmmath_c
7	#define LUA_CORE
8
9	#include <errno.h>
10	#include <math.h>
11
12	#include "lj_obj.h"
13	#include "lj_ir.h"
14	#include "lj_vm.h"
15
16	/* -- Wrapper functions --------------------------------------------------- */
17
18	#if LJ_TARGET_X86 && __ELF__ && __PIC__
19	/* Wrapper functions to deal with the ELF/x86 PIC disaster. */
20	LJ_FUNCA double lj_wrap_log(double x) { return log(x); }
21	LJ_FUNCA double lj_wrap_log10(double x) { return log10(x); }
22	LJ_FUNCA double lj_wrap_exp(double x) { return exp(x); }
23	LJ_FUNCA double lj_wrap_sin(double x) { return sin(x); }
24	LJ_FUNCA double lj_wrap_cos(double x) { return cos(x); }
25	LJ_FUNCA double lj_wrap_tan(double x) { return tan(x); }
26	LJ_FUNCA double lj_wrap_asin(double x) { return asin(x); }
27	LJ_FUNCA double lj_wrap_acos(double x) { return acos(x); }
28	LJ_FUNCA double lj_wrap_atan(double x) { return atan(x); }
29	LJ_FUNCA double lj_wrap_sinh(double x) { return sinh(x); }
30	LJ_FUNCA double lj_wrap_cosh(double x) { return cosh(x); }
31	LJ_FUNCA double lj_wrap_tanh(double x) { return tanh(x); }
32	LJ_FUNCA double lj_wrap_atan2(double x, double y) { return atan2(x, y); }
33	LJ_FUNCA double lj_wrap_pow(double x, double y) { return pow(x, y); }
34	LJ_FUNCA double lj_wrap_fmod(double x, double y) { return fmod(x, y); }
35	#endif
36
37	/* -- Helper functions ---------------------------------------------------- */
38
39	double lj_vm_foldarith(double x, double y, int op)	40,981✔
40	{
41	switch (op) {	40,981✔
42	case IR_ADD - IR_ADD: return x+y; break;	27,167✔
43	case IR_SUB - IR_ADD: return x-y; break;	1,534✔
44	case IR_MUL - IR_ADD: return x*y; break;	320✔
45	case IR_DIV - IR_ADD: return x/y; break;	105✔
46	case IR_MOD - IR_ADD: return x-lj_vm_floor(x/y)*y; break;	19✔
47	case IR_POW - IR_ADD: return pow(x, y); break;	10,790✔
48	case IR_NEG - IR_ADD: return -x; break;	13✔
49	case IR_ABS - IR_ADD: return fabs(x); break;	5✔
50	#if LJ_HASJIT
51	case IR_LDEXP - IR_ADD: return ldexp(x, (int)y); break;	41✔
52	case IR_MIN - IR_ADD: return x < y ? x : y; break;	4✔
53	case IR_MAX - IR_ADD: return x > y ? x : y; break;	983✔
54	#endif
55	default: return x;
56	}
57	}
58
59	/* -- Helper functions for generated machine code ------------------------- */
60
61	#if (LJ_HASJIT && !(LJ_TARGET_ARM \|\| LJ_TARGET_ARM64 \|\| LJ_TARGET_PPC)) \|\| LJ_TARGET_MIPS
62	int32_t LJ_FASTCALL lj_vm_modi(int32_t a, int32_t b)	6,899✔
63	{
64	uint32_t y, ua, ub;	6,899✔
65	/* This must be checked before using this function. */
66	lj_assertX(b != 0, "modulo with zero divisor");	6,899✔
67	ua = a < 0 ? (uint32_t)-a : (uint32_t)a;	6,899✔
68	ub = b < 0 ? (uint32_t)-b : (uint32_t)b;	6,899✔
69	y = ua % ub;	6,899✔
70	if (y != 0 && (a^b) < 0) y = y - ub;	6,899✔
71	if (((int32_t)y^b) < 0) y = (uint32_t)-(int32_t)y;	6,899✔
72	return (int32_t)y;	6,899✔
73	}
74	#endif
75
76	#if LJ_HASJIT
77
78	#ifdef LUAJIT_NO_LOG2
79	double lj_vm_log2(double a)
80	{
81	return log(a) * 1.4426950408889634074;
82	}
83	#endif
84
85	/* Computes fpm(x) for extended math functions. */
86	double lj_vm_foldfpm(double x, int fpm)	54✔
87	{
88	switch (fpm) {	54✔
89	case IRFPM_FLOOR: return lj_vm_floor(x);	50✔
90	case IRFPM_CEIL: return lj_vm_ceil(x);	3✔
91	case IRFPM_TRUNC: return lj_vm_trunc(x);	×
92	case IRFPM_SQRT: return sqrt(x);	1✔
UNCOV 93	case IRFPM_LOG: return log(x);	×
94	case IRFPM_LOG2: return lj_vm_log2(x);	×
95	default: lj_assertX(0, "bad fpm %d", fpm);
96	}
97	return 0;
98	}
99
100	#if LJ_HASFFI
101	int lj_vm_errno(void)	73✔
102	{
103	return errno;	73✔
104	}
105	#endif
106
107	#endif

tarantool / luajit / 8815439561

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous