tarantool / luajit

93%

tarantool/master: 93%

LAST BUILD ON BRANCH skaplun/lj-1194-abc-hoisting

branch: skaplun/lj-1194-abc-hoisting

CHANGE BRANCH

x

Reset

• skaplun/lj-1194-abc-hoisting
• elhimov/gh-4808-display-fast-function-name
• experimental/mremap-always-nomove
• experimental/no-shrink-cdata-fin-table
• experimental/riscv-64
• fckxorg/auto-pr
• fckxorg/fix-argv-handling
• fckxorg/fixup-error-in-finalizer-tests
• fckxorg/generalized-debugger
• fckxorg/gh-5688-cli-for-memprof-parse
• fckxorg/gh-5688-cli-for-memprof-parse-tnt
• fckxorg/gh-6323-fix-curL
• fckxorg/gh-8140-crash-in-allocator
• fckxorg/gh-8594-sysprof-ffunc-crash
• fckxorg/gh-8700-sysprof-parser-refactoring
• fckxorg/integration-testing
• fckxorg/integration-testing-3.0
• fckxorg/lj-1004-fix-flaky
• fckxorg/lj-1004-oom-error-frame
• fckxorg/lj-1117-fuse-loads
• fckxorg/lj-595-fix-clang-build
• fckxorg/lj-624-jloop-snapshot-pc
• fckxorg/lj-690-concat-tail-call
• fckxorg/lj-720-errors-before-stitch
• fckxorg/lj-839-concat-recording
• fckxorg/lj-840-fix-hrefk-optimization
• fckxorg/lj-866-allow-building-with-unwinding-disabled
• fckxorg/lj-913-avoid-assertion-stkov-from-stitched-trace
• fckxorg/lj-946-print-errors-from-gc-fin
• fckxorg/lj-962-error-reporting-on-stack-overflow
• fckxorg/lj-pr-720-errors-before-stitch
• fckxorg/mark-conv-non-weak
• fckxorg/memprof-parser-refactoring
• fckxorg/profile-parsers-refactoring
• fckxorg/profile-parsers-refactoring-WIP
• fckxorg/profile-parsers-refactoring-p1
• fckxorg/sysprof-libunwind
• gdb-fix
• imun/disable-sysprof-tests-for-tarantool
• imun/enable-tarantool-cli-tests-in-lua-Harness
• imun/fix-test-for-tarantool-searchers
• imun/lj-549-make-gcc-7-happy
• imun/lj-802-panic-at-mcode-protfail
• imun/sysprof-ptrace-ffunc-test
• imun/tarantool-master
• imun/tarantool-release-2.10
• imun/tarantool-release-2.11
• ligurio/code-coverage
• ligurio/code-generation-jit.bcsave
• ligurio/enable_test_target
• ligurio/fix-_TARANTOOL
• ligurio/fix-cmake-warnings
• ligurio/fix-gh-actions-warnings
• ligurio/gh-11229-misc.sysprof.report
• ligurio/gh-1181-64bit-non-FAT-Mach-O-object-files
• ligurio/gh-1279-recording-getmetatable
• ligurio/gh-xxxx-close-file-profiler
• ligurio/gh-xxxx-define-unused
• ligurio/gh-xxxx-fix-msg-stop-sysprof
• ligurio/gh-xxxx-fix-stack-checks-in-vararg-calls
• ligurio/gh-xxxx-fix-sysprof-opts-processing
• ligurio/gh-xxxx-set-max-length
• ligurio/gh-xxxx-skip-sysprof-tests
• ligurio/gh-xxxx-spellchecking
• ligurio/gh-xxxx-update-ubsan-supp
• ligurio/lj-1054-incorrect-pc-value-predict_next
• ligurio/lj-1087-vm-handler-call
• ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer
• ligurio/lj-1168-heap-use-after-free-on-access-to-CTState-finalizer-nointegration
• ligurio/lj-549-fix-embedded-bytecode-loader
• ligurio/lj-611-always-snapshot-functions-for-non-base-frames
• ligurio/lj-720-throw-any-errors-before-stack-changes-in-trace-stitching
• ligurio/lj-736-prevent-loop-in-snap_usedef
• ligurio/lj-865-fix_generation_of_mach-o_object_files
• ligurio/lj-881-fix-concat
• ligurio/skaplun/gh-9656-gcc-asan-build
• ligurio/support-diff-cover
• locker/ci-drop-centos-7-workflow
• mandesero/dlmalloc-instr
• mandesero/dlmalloc-instr-nointegration
• mandesero/lj-10231-ASAN-and-LJ-allocator
• mandesero/lj-3705-turn-off-strcmp-opt-in-debug
• mkokryashkin/integration-testing-2.11
• mkokryashkin/integration-testing-3.0
• mkokryashkin/profile-parsers-refactoring-p2
• mkokryashkin/test
• skaplun/disable-lj-1196-tarantool
• skaplun/ffi-fixes
• skaplun/fix-binary-number-parsing
• skaplun/fix-bit-shift-dualnum
• skaplun/fix-build-dir
• skaplun/fix-ff-select-recording
• skaplun/fix-flake8-7.2.0
• skaplun/fix-flaky-unit-jit-parse
• skaplun/fix-getmetrics-lapi-test
• skaplun/fix-ir-conv
• skaplun/fix-jit-dump-ir-conv-flaky
• skaplun/fix-luajit-tests-centos7
• skaplun/fix-luajit-tests-tablebump
• skaplun/fix-recording-bc-varg-used-in-select
• skaplun/fix-stack-alloc-on-trace
• skaplun/fix-test-complex-double
• skaplun/follow-up-fix-gh-9398-p2
• skaplun/gh-11185-stream-trace-assert
• skaplun/gh-11300-use-perftools-flag
• skaplun/gh-8473-ubsan
• skaplun/gh-8825-mips-ppc-refactoring
• skaplun/gh-9398-more-luajit-tests
• skaplun/gh-9398-more-luajit-tests-p2
• skaplun/gh-no-ticket-codespell-2.3.0-fixes
• skaplun/gh-noticket-codespell-nd
• skaplun/gh-noticket-disable-ecosystem-intergration
• skaplun/gh-noticket-fix-alpine-build
• skaplun/gh-noticket-fix-codespell
• skaplun/gh-noticket-fix-flaky-mips-spare-exit
• skaplun/gh-noticket-fix-flaky-test
• skaplun/gh-noticket-fix-gc-finalizer-pressure
• skaplun/gh-noticket-fix-glibc-versions
• skaplun/gh-noticket-fix-macos-c-tests
• skaplun/gh-noticket-fix-mips64-flaky-test
• skaplun/gh-noticket-justtest-integration
• skaplun/lj-1016-1031-asm-head-side
• skaplun/lj-1025-tsetm-maxslot
• skaplun/lj-1026-arm64-invalid-hrefk-offset-check
• skaplun/lj-1026-fix-ra-hrefk
• skaplun/lj-1028-ldr-fusion-to-ldp-negative-offset
• skaplun/lj-1033-fix-parsing-predict-next
• skaplun/lj-1046-fix-bc-varg-recording
• skaplun/lj-1052-unsink-with-irfl-tab-nomm
• skaplun/lj-1056-arm64-ldp-sdp-misaligned-fusing
• skaplun/lj-1057-arm64-stp-fusing-across-tbar
• skaplun/lj-1062-random-ra
• skaplun/lj-1069-newref-nan-key
• skaplun/lj-1075-arm64-incorrect-ldp-stp-fusion
• skaplun/lj-1079-fix-64-bitshift-folds
• skaplun/lj-1082-min-max-0-commutative
• skaplun/lj-1083-missing-tostring-coercion-in-select
• skaplun/lj-1094-ir-chain-dce
• skaplun/lj-1110-x64-return-dispatch
• skaplun/lj-1114-ffi-pragma-pack
• skaplun/lj-1115-invalid-scev-entry-lower-frame
• skaplun/lj-1116-redzones-checks
• skaplun/lj-1117-loads-fusion
• skaplun/lj-1128-double-ir-newref-on-restore-sunk
• skaplun/lj-1132-bad-snap-refs
• skaplun/lj-1133-fwd-href-hrefk-alias
• skaplun/lj-1134-fix-link-nointegration
• skaplun/lj-1134-hotside-jit-off
• skaplun/lj-1147-fstore-null-meta
• skaplun/lj-1149-g-number-formating
• skaplun/lj-1152-stack-buffer-overflow-on-error
• skaplun/lj-1164-record-meta-concat-varg-pcall
• skaplun/lj-1166-errors-stitching
• skaplun/lj-1169-down-rec-side
• skaplun/lj-1172-debug-handling-ref
• skaplun/lj-1173-frame-limit-lower-frame
• skaplun/lj-1196-partial-snap-restore
• skaplun/lj-1203-limit-format-elements
• skaplun/lj-1224-fix-jit-cdata-arith
• skaplun/lj-1226-fix-predict-next
• skaplun/lj-1232-fix-enum-tostring
• skaplun/lj-1234-err-in-record-concat
• skaplun/lj-1244-missing-phi-carg
• skaplun/lj-1247-fin-tab-rehashing-on-trace
• skaplun/lj-1248-close-state-early-OOM
• skaplun/lj-1249-loadfile-fd-leak
• skaplun/lj-1252-missing-bit64-coercion
• skaplun/lj-1262-fix-limit-narrow-conv-backprop
• skaplun/lj-1295-bad-renames-for-sunk-values
• skaplun/lj-1298-oom-on-concat-recording
• skaplun/lj-1329-getfenv-setfenv-negative
• skaplun/lj-1345-flushing-trace-twice
• skaplun/lj-1353-loadfile-err-use-after-free
• skaplun/lj-1358-jslot-overflow-uprecursion
• skaplun/lj-1359-bad-pc-on-snap-restore-stackov
• skaplun/lj-1360-dangling-ctype-ref-on-ccall
• skaplun/lj-1369-stackov-invalid-bc
• skaplun/lj-1376-undefined-mul-test-flag
• skaplun/lj-382-clear-stack-after-jit-status
• skaplun/lj-522-fix-dlerror-return-null
• skaplun/lj-567-1176-print-nyi-names
• skaplun/lj-611-always-snapshot-functions-for-non-base-frames
• skaplun/lj-737-snap-usedef-upvalues
• skaplun/lj-783-fix-fold-x-0
• skaplun/lj-784-cse-ref-base-over-retf
• skaplun/lj-788-limit-exponents-range
• skaplun/lj-791-fold-bufhdr-append
• skaplun/lj-792-hrefk-table-clear
• skaplun/lj-794-abc-fold-constants
• skaplun/lj-833-fold-conv-from-num
• skaplun/lj-859-math-ceil-sign
• skaplun/lj-861-1005-ffi-fixes
• skaplun/lj-9-pow-inconsistencies
• skaplun/lj-903-arm64-unused-number-sload-typecheck
• skaplun/lj-917-arm64-sload-typecheck-conversion
• skaplun/lj-918-fma-optimization
• skaplun/lj-928-1193-sanitizer-fixes
• skaplun/lj-980-load-fwd-after-table-rehash
• skaplun/lj-994-instable-pri-types
• skaplun/lj-994-load-fwd-instable-types-tdup
• skaplun/lj-noticket-err-concat-oom
• skaplun/lj-noticket-fix-slots-overflow-for-varg-record
• skaplun/lj-noticket-test-cat-fix
• skaplun/luajit-performance-tests
• skaplun/shrink-test-env
• skaplun/tarantool-integration-branch-revision
• skaplun/test-integrational-ci-3.2
• tarantool/archive/2.10
• tarantool/archive/3.0
• tarantool/archive/3.1
• tarantool/master
• tarantool/release/2.10
• tarantool/release/2.11
• tarantool/release/3.0
• tarantool/release/3.1
• tarantool/release/3.2
• tarantool/release/3.3
• tarantool/release/3.4
• tarantool/release/3.5

Build # 13969493665

Build Type

push

github

Committed by Buristan

Commit Message

Fix IR_ABC hoisting.

Reported by pwnhacker0x18. Fixed by Peter Cawley.

(cherry picked from commit 7369eff67)

The `IR_ABC` has 2 different types:
* `IRT_INT` for generic condition check.
* `IRT_P32` as a marker for the invariant checks for upper and lower
  boundaries of the loop index. These checks may be dropped during the
  folding optimization in recording the variant part of the loop.
The checks may be dropped if the instruction is not PHI, the first
operand is invariant, and the upper bound of the array part of the table
isn't changed, or the table itself isn't changed on the trace.

The checks in the `abc_invar` fold rule assume that the constant values
of the first operand of ABC may be dropped. But when this constant value
comes from the folding chain that does CSE, the check is still necessary
if the original instruction (not resulting after loop optimization
substitution and the folding chain) isn't a constant.

Hence, this patch additionally singularizes the `IRT_U32` type for the
`IR_ABC` in the case when the asize is a constant on the trace so it can
be simply dropped from the invariant part of the loop. For `IRT_P32`
type, this patch adds a check that the first operand isn't a constant to
be sure that it isn't a result of the fold chain.

Sergey Kaplun:
* added the description and the test for the problem

Part of tarantool/tarantool#11055

Run Details

5703 of 6039 branches covered (94.44%)

Branch coverage included in aggregate %.

5 of 5 new or added lines in 2 files covered. (100.0%)

21741 of 23464 relevant lines covered (92.66%)

2957556.21 hits per line