Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recording of __concat in GC64 mode #839

Closed
levno-710 opened this issue May 1, 2022 · 3 comments
Closed

Recording of __concat in GC64 mode #839

levno-710 opened this issue May 1, 2022 · 3 comments
Labels
2.1 bug GC64

Comments

@levno-710
Copy link

I am using LuaJIT 2.1.0-beta3.
The issue occurs in some Programs, that use metatables a lot.

I created the following minimal example that shows this issue:

local v1 = setmetatable({value = " World!"}, {
    __concat = function(E, v)
        return E.value
    end,
});

local v2 = setmetatable({value = "Hello,"}, {
    __add = function(E, v)
        return E.value
    end,
});

local v3 = setmetatable({value = nil}, {
    __concat = function(E, v)
        E.value = v
    end,
});

local function doNothing(a) end
local function bug(n)
    for i = 1, n do
        doNothing(v3 .. v2 + "Whatever" .. (v1 .. "Whatever"))
    end
    assert(v3.value == "Hello, World!");
    print(n, "Worked!")
end


for i = 1, 200 do
    bug(i)
end
print("Loop Finished!");

When running using Lua 5.1 it produces the following correct output:

1   Worked!
2   Worked!
3   Worked!
4   Worked!
[...]
199 Worked!
200 Worked!
Loop Finished!

However, when running the same script using LuaJIT, i get the following output:

1       Worked!
2       Worked!
3       Worked!
4       Worked!
5       Worked!
6       Worked!
7       Worked!
8       Worked!
9       Worked!
10      Worked!

Then LuaJIT simply crashes without any error message.
According to Powershell, it exits with the exit code -1073741819
@arsham
Copy link

arsham commented May 2, 2022

On Arch Linux it crashes with segmentation fault. My luajit version is 2.1.0.beta3.r395.ge2c312e0-1 from the AUR.

Here is the coredump:

           PID: 544186 (luajit)                                                                                 
           UID: 1000 (arsham)
           GID: 1000 (arsham)                
        Signal: 11 (SEGV)                                                                                       
     Timestamp: Mon 2022-05-02 01:33:46 BST (12s ago)
  Command Line: luajit tmp/crash.lua                                                                            
    Executable: /usr/bin/luajit-2.1.0-beta3                                                                     
 Control Group: /user.slice/user-1000.slice/session-5.scope
          Unit: session-5.scope
         Slice: user-1000.slice               
       Session: 5                                                                                               
     Owner UID: 1000 (arsham)  
       Boot ID: 5e04f6ab0fb44540bd04df3955f8a637                                                                
    Machine ID: a3e9c54c3be941c9b3b7045be4c9ca51
      Hostname: lapden         
       Storage: /var/lib/systemd/coredump/core.luajit.1000.5e04f6ab0fb44540bd04df3955f8a637.544186.1651451626000000.zst (present)
     Disk Size: 48.3K          
       Message: Process 544186 (luajit) of user 1000 dumped core.
                                                                                                                
                Module linux-vdso.so.1 with build-id a35ae5a4b3bff20a0e699f0ca7c0972f830b3876
                Module ld-linux-x86-64.so.2 with build-id c09c6f50f6bcec73c64a0b4be77eadb8f7202410
                Module libgcc_s.so.1 with build-id 5d817452a709ca3a213341555ddcf446ecee37fa
                Module libm.so.6 with build-id 596b63a006a4386dcab30912d2b54a7a61827b07
                Module libc.so.6 with build-id 85766e9d8458b16e9c7ce6e07c712c02b8471dbc
                Module libluajit-5.1.so.2 with build-id 89e9577d9f6089f8e3ccb3f51a348c7ec5a3afe4
                Module luajit-2.1.0-beta3 with build-id dc5a754175251dda7f2629aee581f727f73abf25
                Stack trace of thread 544186:
                #0  0x00007f9a0d756adb n/a (libluajit-5.1.so.2 + 0x9adb)
                #1  0x00007f9a0d76973a lua_pcall (libluajit-5.1.so.2 + 0x1c73a)
                #2  0x000055fddbc2c440 n/a (luajit-2.1.0-beta3 + 0x2440)
                #3  0x000055fddbc2d576 n/a (luajit-2.1.0-beta3 + 0x3576)
                #4  0x00007f9a0d756f06 n/a (libluajit-5.1.so.2 + 0x9f06)
                #5  0x00007f9a0d769791 lua_cpcall (libluajit-5.1.so.2 + 0x1c791)
                #6  0x000055fddbc2c070 main (luajit-2.1.0-beta3 + 0x2070)
                #7  0x00007f9a0d570310 __libc_start_call_main (libc.so.6 + 0x2d310)
                #8  0x00007f9a0d5703c1 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x2d3c1)
                #9  0x000055fddbc2c0e5 _start (luajit-2.1.0-beta3 + 0x20e5)
                ELF object binary architecture: AMD x86-64

@XmiliaH
Copy link

XmiliaH commented May 2, 2022

The problem seems to be that

LuaJIT/src/lj_record.c

Line 1129 in f2b37f5

copyTV(J->L, basev+2+LJ_FR2, &ix->keyv);
is overriding a stack slot which is not restored in

LuaJIT/src/lj_record.c

Line 2085 in f2b37f5

memcpy(&J->L->base[topslot-1], savetv, sizeof(savetv)); /* Restore slots. */
as savetv is to short. When increasing its length to 6 the bug goes away. However, I do not know if this is the appropriate fix.

@MikePall MikePall changed the title [Bug] LuaJIT crashes when using Metatables in a specific way Recording of __concat in GC64 mode May 2, 2022
@MikePall
Copy link
Member

MikePall commented May 2, 2022

Fixed. Thanks!

@MikePall MikePall closed this as completed May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2.1 bug GC64
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@arsham @MikePall @XmiliaH @levno-710