1 files changed, 550 insertions, 196 deletions
diff --git a/src/lj_err.c b/src/lj_err.c
index 0ff37212..d2cffb0d 100644
--- a/src/lj_err.c
+++ b/src/lj_err.c
@@ -16,6 +16,7 @@
 #include "lj_ff.h"
 #include "lj_trace.h"
 #include "lj_vm.h"
+#include "lj_strfmt.h"
 /*
 ** LuaJIT can either use internal or external frame unwinding:
@@ -28,12 +29,18 @@
 ** Pros and Cons:
 **
 ** - EXT requires unwind tables for *all* functions on the C stack between
-**   the pcall/catch and the error/throw. This is the default on x64,
+**   the pcall/catch and the error/throw. C modules used by Lua code can
-**   but needs to be manually enabled on x86/PPC for non-C++ code.
+**   throw errors, so these need to have unwind tables, too. Transitively
+**   this applies to all system libraries used by C modules -- at least
+**   when they have callbacks which may throw an error.
 **
-** - INT is faster when actually throwing errors (but this happens rarely).
+** - INT is faster when actually throwing errors, but this happens rarely.
 **   Setting up error handlers is zero-cost in any case.
 **
+** - INT needs to save *all* callee-saved registers when entering the
+**   interpreter. EXT only needs to save those actually used inside the
+**   interpreter. JIT-compiled code may need to save some more.
+**
 ** - EXT provides full interoperability with C++ exceptions. You can throw
 **   Lua errors or C++ exceptions through a mix of Lua frames and C++ frames.
 **   C++ destructors are called as needed. C++ exceptions caught by pcall
@@ -45,27 +52,38 @@
 **   the wrapper function feature. Lua errors thrown through C++ frames
 **   cannot be caught by C++ code and C++ destructors are not run.
 **
-** EXT is the default on x64 systems, INT is the default on all other systems.
+** - EXT can handle errors from internal helper functions that are called
+**   from JIT-compiled code (except for Windows/x86 and 32 bit ARM).
+**   INT has no choice but to call the panic handler, if this happens.
+**   Note: this is mainly relevant for out-of-memory errors.
+**
+** EXT is the default on all systems where the toolchain produces unwind
+** tables by default (*). This is hard-coded and/or detected in src/Makefile.
+** You can thwart the detection with: TARGET_XCFLAGS=-DLUAJIT_UNWIND_INTERNAL
+**
+** INT is the default on all other systems.
+**
+** EXT can be manually enabled for toolchains that are able to produce
+** conforming unwind tables:
+**   "TARGET_XCFLAGS=-funwind-tables -DLUAJIT_UNWIND_EXTERNAL"
+** As explained above, *all* C code used directly or indirectly by LuaJIT
+** must be compiled with -funwind-tables (or -fexceptions). C++ code must
+** *not* be compiled with -fno-exceptions.
+**
+** If you're unsure whether error handling inside the VM works correctly,
+** try running this and check whether it prints "OK":
 **
-** EXT can be manually enabled on POSIX systems using GCC and DWARF2 stack
+**   luajit -e "print(select(2, load('OK')):match('OK'))"
-** unwinding with -DLUAJIT_UNWIND_EXTERNAL. *All* C code must be compiled
-** with -funwind-tables (or -fexceptions). This includes LuaJIT itself (set
-** TARGET_CFLAGS), all of your C/Lua binding code, all loadable C modules
-** and all C libraries that have callbacks which may be used to call back
-** into Lua. C++ code must *not* be compiled with -fno-exceptions.
 **
-** EXT cannot be enabled on WIN32 since system exceptions use code-driven SEH.
+** (*) Originally, toolchains only generated unwind tables for C++ code. For
-** EXT is mandatory on WIN64 since the calling convention has an abundance
+** interoperability reasons, this can be manually enabled for plain C code,
-** of callee-saved registers (rbx, rbp, rsi, rdi, r12-r15, xmm6-xmm15).
+** too (with -funwind-tables). With the introduction of the x64 architecture,
-** The POSIX/x64 interpreter only saves r12/r13 for INT (e.g. PS4).
+** the corresponding POSIX and Windows ABIs mandated unwind tables for all
+** code. Over the following years most desktop and server platforms have
+** enabled unwind tables by default on all architectures. OTOH mobile and
+** embedded platforms do not consistently mandate unwind tables.
 */
-#if defined(__GNUC__) && (LJ_TARGET_X64 || defined(LUAJIT_UNWIND_EXTERNAL)) && !LJ_NO_UNWIND
-#define LJ_UNWIND_EXT   1
-#elif LJ_TARGET_X64 && LJ_TARGET_WINDOWS
-#define LJ_UNWIND_EXT   1
-#endif
 /* -- Error messages ------------------------------------------------------ */
 /* Error message strings. */
@@ -98,14 +116,14 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
      TValue *top = restorestack(L, -nres);
      if (frame < top) {  /* Frame reached? */
        if (errcode) {
-          L->cframe = cframe_prev(cf);
          L->base = frame+1;
+          L->cframe = cframe_prev(cf);
          unwindstack(L, top);
        }
        return cf;
      }
    }
-    if (frame <= tvref(L->stack))
+    if (frame <= tvref(L->stack)+LJ_FR2)
      break;
    switch (frame_typep(frame)) {
    case FRAME_LUA:  /* Lua frame. */
@@ -113,14 +131,12 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
      frame = frame_prevl(frame);
      break;
    case FRAME_C:  /* C frame. */
-#if LJ_HASFFI
    unwind_c:
-#endif
 #if LJ_UNWIND_EXT
      if (errcode) {
-        L->cframe = cframe_prev(cf);
        L->base = frame_prevd(frame) + 1;
-        unwindstack(L, frame);
+        L->cframe = cframe_prev(cf);
+        unwindstack(L, frame - LJ_FR2);
      } else if (cf != stopcf) {
        cf = cframe_prev(cf);
        frame = frame_prevd(frame);
@@ -143,16 +159,14 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
        return cf;
      }
      if (errcode) {
-        L->cframe = cframe_prev(cf);
        L->base = frame_prevd(frame) + 1;
-        unwindstack(L, frame);
+        L->cframe = cframe_prev(cf);
+        unwindstack(L, frame - LJ_FR2);
      }
      return cf;
    case FRAME_CONT:  /* Continuation frame. */
-#if LJ_HASFFI
+      if (frame_iscont_fficb(frame))
-      if ((frame-1)->u32.lo == LJ_CONT_FFI_CALLBACK)
        goto unwind_c;
-#endif
      /* fallthrough */
    case FRAME_VARG:  /* Vararg frame. */
      frame = frame_prevd(frame);
@@ -160,14 +174,17 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
    case FRAME_PCALL:  /* FF pcall() frame. */
    case FRAME_PCALLH:  /* FF pcall() frame inside hook. */
      if (errcode) {
+        global_State *g;
        if (errcode == LUA_YIELD) {
          frame = frame_prevd(frame);
          break;
        }
+        g = G(L);
+        setgcref(g->cur_L, obj2gco(L));
        if (frame_typep(frame) == FRAME_PCALL)
-          hook_leave(G(L));
+          hook_leave(g);
-        L->cframe = cf;
        L->base = frame_prevd(frame) + 1;
+        L->cframe = cf;
        unwindstack(L, L->base);
      }
      return (void *)((intptr_t)cf | CFRAME_UNWIND_FF);
@@ -175,8 +192,8 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
  }
  /* No C frame. */
  if (errcode) {
+    L->base = tvref(L->stack)+1+LJ_FR2;
    L->cframe = NULL;
-    L->base = tvref(L->stack)+1;
    unwindstack(L, L->base);
    if (G(L)->panic)
      G(L)->panic(L);
@@ -187,33 +204,226 @@ static void *err_unwind(lua_State *L, void *stopcf, int errcode)
 /* -- External frame unwinding -------------------------------------------- */
-#if defined(__GNUC__) && !LJ_NO_UNWIND && !LJ_ABI_WIN
+#if LJ_ABI_WIN
 /*
-** We have to use our own definitions instead of the mandatory (!) unwind.h,
+** Someone in Redmond owes me several days of my life. A lot of this is
-** since various OS, distros and compilers mess up the header installation.
+** undocumented or just plain wrong on MSDN. Some of it can be gathered
+** from 3rd party docs or must be found by trial-and-error. They really
+** don't want you to write your own language-specific exception handler
+** or to interact gracefully with MSVC. :-(
 */
-typedef struct _Unwind_Exception
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#if LJ_TARGET_X86
+typedef void *UndocumentedDispatcherContext;  /* Unused on x86. */
+#else
+/* Taken from: http://www.nynaeve.net/?p=99 */
+typedef struct UndocumentedDispatcherContext {
+  ULONG64 ControlPc;
+  ULONG64 ImageBase;
+  PRUNTIME_FUNCTION FunctionEntry;
+  ULONG64 EstablisherFrame;
+  ULONG64 TargetIp;
+  PCONTEXT ContextRecord;
+  void (*LanguageHandler)(void);
+  PVOID HandlerData;
+  PUNWIND_HISTORY_TABLE HistoryTable;
+  ULONG ScopeIndex;
+  ULONG Fill0;
+} UndocumentedDispatcherContext;
+#endif
+/* Another wild guess. */
+extern void __DestructExceptionObject(EXCEPTION_RECORD *rec, int nothrow);
+#define LJ_MSVC_EXCODE          ((DWORD)0xe06d7363)
+#define LJ_GCC_EXCODE           ((DWORD)0x20474343)
+#define LJ_EXCODE               ((DWORD)0xe24c4a00)
+#define LJ_EXCODE_MAKE(c)       (LJ_EXCODE | (DWORD)(c))
+#define LJ_EXCODE_CHECK(cl)     (((cl) ^ LJ_EXCODE) <= 0xff)
+#define LJ_EXCODE_ERRCODE(cl)   ((int)((cl) & 0xff))
+/* Windows exception handler for interpreter frame. */
+LJ_FUNCA int lj_err_unwind_win(EXCEPTION_RECORD *rec,
+  void *f, CONTEXT *ctx, UndocumentedDispatcherContext *dispatch)
 {
-  uint64_t exclass;
+#if LJ_TARGET_X86
-  void (*excleanup)(int, struct _Unwind_Exception *);
+  void *cf = (char *)f - CFRAME_OFS_SEH;
-  uintptr_t p1, p2;
+#elif LJ_TARGET_ARM64
-} __attribute__((__aligned__)) _Unwind_Exception;
+  void *cf = (char *)f - CFRAME_SIZE;
+#else
+  void *cf = f;
+#endif
+  lua_State *L = cframe_L(cf);
+  int errcode = LJ_EXCODE_CHECK(rec->ExceptionCode) ?
+                LJ_EXCODE_ERRCODE(rec->ExceptionCode) : LUA_ERRRUN;
+  if ((rec->ExceptionFlags & 6)) {  /* EH_UNWINDING|EH_EXIT_UNWIND */
+    if (rec->ExceptionCode == STATUS_LONGJUMP &&
+        rec->ExceptionRecord &&
+        LJ_EXCODE_CHECK(rec->ExceptionRecord->ExceptionCode)) {
+      errcode = LJ_EXCODE_ERRCODE(rec->ExceptionRecord->ExceptionCode);
+      if ((rec->ExceptionFlags & 0x20)) {  /* EH_TARGET_UNWIND */
+        /* Unwinding is about to finish; revert the ExceptionCode so that
+        ** RtlRestoreContext does not try to restore from a _JUMP_BUFFER.
+        */
+        rec->ExceptionCode = 0;
+      }
+    }
+    /* Unwind internal frames. */
+    err_unwind(L, cf, errcode);
+  } else {
+    void *cf2 = err_unwind(L, cf, 0);
+    if (cf2) {  /* We catch it, so start unwinding the upper frames. */
+#if !LJ_TARGET_X86
+      EXCEPTION_RECORD rec2;
+#endif
+      if (rec->ExceptionCode == LJ_MSVC_EXCODE ||
+          rec->ExceptionCode == LJ_GCC_EXCODE) {
+#if !LJ_TARGET_CYGWIN
+        __DestructExceptionObject(rec, 1);
+#endif
+        setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRCPP));
+      } else if (!LJ_EXCODE_CHECK(rec->ExceptionCode)) {
+        /* Don't catch access violations etc. */
+        return 1;  /* ExceptionContinueSearch */
+      }
+#if LJ_TARGET_X86
+      UNUSED(ctx);
+      UNUSED(dispatch);
+      /* Call all handlers for all lower C frames (including ourselves) again
+      ** with EH_UNWINDING set. Then call the specified function, passing cf
+      ** and errcode.
+      */
+      lj_vm_rtlunwind(cf, (void *)rec,
+        (cframe_unwind_ff(cf2) && errcode != LUA_YIELD) ?
+        (void *)lj_vm_unwind_ff : (void *)lj_vm_unwind_c, errcode);
+      /* lj_vm_rtlunwind does not return. */
+#else
+      if (LJ_EXCODE_CHECK(rec->ExceptionCode)) {
+        /* For unwind purposes, wrap the EXCEPTION_RECORD in something that
+        ** looks like a longjmp, so that MSVC will execute C++ destructors in
+        ** the frames we unwind over. ExceptionInformation[0] should really
+        ** contain a _JUMP_BUFFER*, but hopefully nobody is looking too closely
+        ** at this point.
+        */
+        rec2.ExceptionCode = STATUS_LONGJUMP;
+        rec2.ExceptionRecord = rec;
+        rec2.ExceptionAddress = 0;
+        rec2.NumberParameters = 1;
+        rec2.ExceptionInformation[0] = (ULONG_PTR)ctx;
+        rec = &rec2;
+      }
+      /* Unwind the stack and call all handlers for all lower C frames
+      ** (including ourselves) again with EH_UNWINDING set. Then set
+      ** stack pointer = f, result = errcode and jump to the specified target.
+      */
+      RtlUnwindEx(f, (void *)((cframe_unwind_ff(cf2) && errcode != LUA_YIELD) ?
+                              lj_vm_unwind_ff_eh :
+                              lj_vm_unwind_c_eh),
+                  rec, (void *)(uintptr_t)errcode, dispatch->ContextRecord,
+                  dispatch->HistoryTable);
+      /* RtlUnwindEx should never return. */
+#endif
+    }
+  }
+  return 1;  /* ExceptionContinueSearch */
+}
+#if LJ_UNWIND_JIT
+#if LJ_TARGET_X64
+#define CONTEXT_REG_PC  Rip
+#elif LJ_TARGET_ARM64
+#define CONTEXT_REG_PC  Pc
+#else
+#error "NYI: Windows arch-specific unwinder for JIT-compiled code"
+#endif
+/* Windows unwinder for JIT-compiled code. */
+static void err_unwind_win_jit(global_State *g, int errcode)
+{
+  CONTEXT ctx;
+  UNWIND_HISTORY_TABLE hist;
+  memset(&hist, 0, sizeof(hist));
+  RtlCaptureContext(&ctx);
+  while (1) {
+    DWORD64 frame, base, addr = ctx.CONTEXT_REG_PC;
+    void *hdata;
+    PRUNTIME_FUNCTION func = RtlLookupFunctionEntry(addr, &base, &hist);
+    if (!func) {  /* Found frame without .pdata: must be JIT-compiled code. */
+      ExitNo exitno;
+      uintptr_t stub = lj_trace_unwind(G2J(g), (uintptr_t)(addr - sizeof(MCode)), &exitno);
+      if (stub) {  /* Jump to side exit to unwind the trace. */
+        ctx.CONTEXT_REG_PC = stub;
+        G2J(g)->exitcode = errcode;
+        RtlRestoreContext(&ctx, NULL);  /* Does not return. */
+      }
+      break;
+    }
+    RtlVirtualUnwind(UNW_FLAG_NHANDLER, base, addr, func,
+                     &ctx, &hdata, &frame, NULL);
+    if (!addr) break;
+  }
+  /* Unwinding failed, if we end up here. */
+}
+#endif
+/* Raise Windows exception. */
+static void err_raise_ext(global_State *g, int errcode)
+{
+#if LJ_UNWIND_JIT
+  if (tvref(g->jit_base)) {
+    err_unwind_win_jit(g, errcode);
+    return;  /* Unwinding failed. */
+  }
+#elif LJ_HASJIT
+  /* Cannot catch on-trace errors for Windows/x86 SEH. Unwind to interpreter. */
+  setmref(g->jit_base, NULL);
+#endif
+  UNUSED(g);
+  RaiseException(LJ_EXCODE_MAKE(errcode), 1 /* EH_NONCONTINUABLE */, 0, NULL);
+}
+#elif !LJ_NO_UNWIND && (defined(__GNUC__) || defined(__clang__))
+/*
+** We have to use our own definitions instead of the mandatory (!) unwind.h,
+** since various OS, distros and compilers mess up the header installation.
+*/
 typedef struct _Unwind_Context _Unwind_Context;
 #define _URC_OK                 0
+#define _URC_FATAL_PHASE2_ERROR 2
 #define _URC_FATAL_PHASE1_ERROR 3
 #define _URC_HANDLER_FOUND      6
 #define _URC_INSTALL_CONTEXT    7
 #define _URC_CONTINUE_UNWIND    8
 #define _URC_FAILURE            9
+#define LJ_UEXCLASS             0x4c55414a49543200ULL   /* LUAJIT2\0 */
+#define LJ_UEXCLASS_MAKE(c)     (LJ_UEXCLASS | (uint64_t)(c))
+#define LJ_UEXCLASS_CHECK(cl)   (((cl) ^ LJ_UEXCLASS) <= 0xff)
+#define LJ_UEXCLASS_ERRCODE(cl) ((int)((cl) & 0xff))
 #if !LJ_TARGET_ARM
+typedef struct _Unwind_Exception
+{
+  uint64_t exclass;
+  void (*excleanup)(int, struct _Unwind_Exception *);
+  uintptr_t p1, p2;
+} __attribute__((__aligned__)) _Unwind_Exception;
+#define UNWIND_EXCEPTION_TYPE   _Unwind_Exception
 extern uintptr_t _Unwind_GetCFA(_Unwind_Context *);
 extern void _Unwind_SetGR(_Unwind_Context *, int, uintptr_t);
+extern uintptr_t _Unwind_GetIP(_Unwind_Context *);
 extern void _Unwind_SetIP(_Unwind_Context *, uintptr_t);
 extern void _Unwind_DeleteException(_Unwind_Exception *);
 extern int _Unwind_RaiseException(_Unwind_Exception *);
@@ -223,11 +433,6 @@ extern int _Unwind_RaiseException(_Unwind_Exception *);
 #define _UA_HANDLER_FRAME       4
 #define _UA_FORCE_UNWIND        8
-#define LJ_UEXCLASS             0x4c55414a49543200ULL   /* LUAJIT2\0 */
-#define LJ_UEXCLASS_MAKE(c)     (LJ_UEXCLASS | (uint64_t)(c))
-#define LJ_UEXCLASS_CHECK(cl)   (((cl) ^ LJ_UEXCLASS) <= 0xff)
-#define LJ_UEXCLASS_ERRCODE(cl) ((int)((cl) & 0xff))
 /* DWARF2 personality handler referenced from interpreter .eh_frame. */
 LJ_FUNCA int lj_err_unwind_dwarf(int version, int actions,
  uint64_t uexclass, _Unwind_Exception *uex, _Unwind_Context *ctx)
@@ -236,7 +441,6 @@ LJ_FUNCA int lj_err_unwind_dwarf(int version, int actions,
  lua_State *L;
  if (version != 1)
    return _URC_FATAL_PHASE1_ERROR;
-  UNUSED(uexclass);
  cf = (void *)_Unwind_GetCFA(ctx);
  L = cframe_L(cf);
  if ((actions & _UA_SEARCH_PHASE)) {
@@ -263,10 +467,10 @@ LJ_FUNCA int lj_err_unwind_dwarf(int version, int actions,
    if ((actions & _UA_FORCE_UNWIND)) {
      return _URC_CONTINUE_UNWIND;
    } else if (cf) {
+      ASMFunction ip;
      _Unwind_SetGR(ctx, LJ_TARGET_EHRETREG, errcode);
-      _Unwind_SetIP(ctx, (uintptr_t)(cframe_unwind_ff(cf) ?
+      ip = cframe_unwind_ff(cf) ? lj_vm_unwind_ff_eh : lj_vm_unwind_c_eh;
-                                     lj_vm_unwind_ff_eh :
+      _Unwind_SetIP(ctx, (uintptr_t)lj_ptr_strip(ip));
-                                     lj_vm_unwind_c_eh));
      return _URC_INSTALL_CONTEXT;
    }
 #if LJ_TARGET_X86ORX64
@@ -284,27 +488,170 @@ LJ_FUNCA int lj_err_unwind_dwarf(int version, int actions,
    ** it on non-x64 because the interpreter restores all callee-saved regs.
    */
    lj_err_throw(L, errcode);
+#if LJ_TARGET_X64
+#error "Broken build system -- only use the provided Makefiles!"
+#endif
 #endif
  }
  return _URC_CONTINUE_UNWIND;
 }
-#if LJ_UNWIND_EXT
+#if LJ_UNWIND_EXT && defined(LUA_USE_ASSERT)
-static __thread _Unwind_Exception static_uex;
+struct dwarf_eh_bases { void *tbase, *dbase, *func; };
+extern const void *_Unwind_Find_FDE(void *pc, struct dwarf_eh_bases *bases);
-/* Raise DWARF2 exception. */
+/* Verify that external error handling actually has a chance to work. */
-static void err_raise_ext(int errcode)
+void lj_err_verify(void)
 {
-  static_uex.exclass = LJ_UEXCLASS_MAKE(errcode);
+#if !LJ_TARGET_OSX
-  static_uex.excleanup = NULL;
+  /* Check disabled on MacOS due to brilliant software engineering at Apple. */
-  _Unwind_RaiseException(&static_uex);
+  struct dwarf_eh_bases ehb;
+  lj_assertX(_Unwind_Find_FDE((void *)lj_err_throw, &ehb), "broken build: external frame unwinding enabled, but missing -funwind-tables");
+#endif
+  /* Check disabled, because of broken Fedora/ARM64. See #722.
+  lj_assertX(_Unwind_Find_FDE((void *)_Unwind_RaiseException, &ehb), "broken build: external frame unwinding enabled, but system libraries have no unwind tables");
+  */
 }
 #endif
+#if LJ_UNWIND_JIT
+/* DWARF2 personality handler for JIT-compiled code. */
+static int err_unwind_jit(int version, int actions,
+  uint64_t uexclass, _Unwind_Exception *uex, _Unwind_Context *ctx)
+{
+  /* NYI: FFI C++ exception interoperability. */
+  if (version != 1 || !LJ_UEXCLASS_CHECK(uexclass))
+    return _URC_FATAL_PHASE1_ERROR;
+  if ((actions & _UA_SEARCH_PHASE)) {
+    return _URC_HANDLER_FOUND;
+  }
+  if ((actions & _UA_CLEANUP_PHASE)) {
+    global_State *g = *(global_State **)(uex+1);
+    ExitNo exitno;
+    uintptr_t addr = _Unwind_GetIP(ctx);  /* Return address _after_ call. */
+    uintptr_t stub = lj_trace_unwind(G2J(g), addr - sizeof(MCode), &exitno);
+    lj_assertG(tvref(g->jit_base), "unexpected throw across mcode frame");
+    if (stub) {  /* Jump to side exit to unwind the trace. */
+      G2J(g)->exitcode = LJ_UEXCLASS_ERRCODE(uexclass);
+#ifdef LJ_TARGET_MIPS
+      _Unwind_SetGR(ctx, 4, stub);
+      _Unwind_SetGR(ctx, 5, exitno);
+      _Unwind_SetIP(ctx, (uintptr_t)(void *)lj_vm_unwind_stub);
+#else
+      _Unwind_SetIP(ctx, stub);
+#endif
+      return _URC_INSTALL_CONTEXT;
+    }
+    return _URC_FATAL_PHASE2_ERROR;
+  }
+  return _URC_FATAL_PHASE1_ERROR;
+}
+/* DWARF2 template frame info for JIT-compiled code.
+**
+** After copying the template to the start of the mcode segment,
+** the frame handler function and the code size is patched.
+** The frame handler always installs a new context to jump to the exit,
+** so don't bother to add any unwind opcodes.
+*/
+static const uint8_t err_frame_jit_template[] = {
+#if LJ_BE
+  0,0,0,
+#endif
+  LJ_64 ? 0x1c : 0x14,  /* CIE length. */
+#if LJ_LE
+  0,0,0,
+#endif
+  0,0,0,0, 1, 'z','P','R',0,  /* CIE mark, CIE version, augmentation. */
+  1, LJ_64 ? 0x78 : 0x7c, LJ_TARGET_EHRAREG,  /* Code/data align, RA. */
+#if LJ_64
+  10, 0, 0,0,0,0,0,0,0,0, 0x1b,  /* Aug. data ABS handler, PCREL|SDATA4 code. */
+  0,0,0,0,0,  /* Alignment. */
+#else
+  6, 0, 0,0,0,0, 0x1b,  /* Aug. data ABS handler, PCREL|SDATA4 code. */
+  0,  /* Alignment. */
+#endif
+#if LJ_BE
+  0,0,0,
+#endif
+  LJ_64 ? 0x14 : 0x10,  /* FDE length. */
+  0,0,0,
+  LJ_64 ? 0x24 : 0x1c,  /* CIE offset. */
+  0,0,0,
+  LJ_64 ? 0x14 : 0x10,  /* Code offset. After Final FDE. */
+#if LJ_LE
+  0,0,0,
+#endif
+  0,0,0,0, 0, 0,0,0, /* Code size, augmentation length, alignment. */
+#if LJ_64
+  0,0,0,0,  /* Alignment. */
+#endif
+  0,0,0,0  /* Final FDE. */
+};
+#define ERR_FRAME_JIT_OFS_HANDLER       0x12
+#define ERR_FRAME_JIT_OFS_FDE           (LJ_64 ? 0x20 : 0x18)
+#define ERR_FRAME_JIT_OFS_CODE_SIZE     (LJ_64 ? 0x2c : 0x24)
+#if LJ_TARGET_OSX
+#define ERR_FRAME_JIT_OFS_REGISTER      ERR_FRAME_JIT_OFS_FDE
 #else
+#define ERR_FRAME_JIT_OFS_REGISTER      0
+#endif
+extern void __register_frame(const void *);
+extern void __deregister_frame(const void *);
+uint8_t *lj_err_register_mcode(void *base, size_t sz, uint8_t *info)
+{
+  ASMFunction handler = (ASMFunction)err_unwind_jit;
+  memcpy(info, err_frame_jit_template, sizeof(err_frame_jit_template));
+#if LJ_ABI_PAUTH
+#if LJ_TARGET_ARM64
+  handler = ptrauth_auth_and_resign(handler,
+    ptrauth_key_function_pointer, 0,
+    ptrauth_key_process_independent_code, info + ERR_FRAME_JIT_OFS_HANDLER);
+#else
+#error "missing pointer authentication support for this architecture"
+#endif
+#endif
+  memcpy(info + ERR_FRAME_JIT_OFS_HANDLER, &handler, sizeof(handler));
+  *(uint32_t *)(info + ERR_FRAME_JIT_OFS_CODE_SIZE) =
+    (uint32_t)(sz - sizeof(err_frame_jit_template) - (info - (uint8_t *)base));
+  __register_frame(info + ERR_FRAME_JIT_OFS_REGISTER);
+#ifdef LUA_USE_ASSERT
+  {
+    struct dwarf_eh_bases ehb;
+    lj_assertX(_Unwind_Find_FDE(info + sizeof(err_frame_jit_template)+1, &ehb),
+               "bad JIT unwind table registration");
+  }
+#endif
+  return info + sizeof(err_frame_jit_template);
+}
+void lj_err_deregister_mcode(void *base, size_t sz, uint8_t *info)
+{
+  UNUSED(base); UNUSED(sz);
+  __deregister_frame(info + ERR_FRAME_JIT_OFS_REGISTER);
+}
+#endif
+#else /* LJ_TARGET_ARM */
-extern void _Unwind_DeleteException(void *);
+#define _US_VIRTUAL_UNWIND_FRAME        0
-extern int __gnu_unwind_frame (void *, _Unwind_Context *);
+#define _US_UNWIND_FRAME_STARTING       1
+#define _US_ACTION_MASK                 3
+#define _US_FORCE_UNWIND                8
+typedef struct _Unwind_Control_Block _Unwind_Control_Block;
+#define UNWIND_EXCEPTION_TYPE   _Unwind_Control_Block
+struct _Unwind_Control_Block {
+  uint64_t exclass;
+  uint32_t misc[20];
+};
+extern int _Unwind_RaiseException(_Unwind_Control_Block *);
+extern int __gnu_unwind_frame(_Unwind_Control_Block *, _Unwind_Context *);
 extern int _Unwind_VRS_Set(_Unwind_Context *, int, uint32_t, int, void *);
 extern int _Unwind_VRS_Get(_Unwind_Context *, int, uint32_t, int, void *);
@@ -320,120 +667,98 @@ static inline void _Unwind_SetGR(_Unwind_Context *ctx, int r, uint32_t v)
  _Unwind_VRS_Set(ctx, 0, r, 0, &v);
 }
-#define _US_VIRTUAL_UNWIND_FRAME        0
+extern void lj_vm_unwind_ext(void);
-#define _US_UNWIND_FRAME_STARTING       1
-#define _US_ACTION_MASK                 3
-#define _US_FORCE_UNWIND                8
 /* ARM unwinder personality handler referenced from interpreter .ARM.extab. */
-LJ_FUNCA int lj_err_unwind_arm(int state, void *ucb, _Unwind_Context *ctx)
+LJ_FUNCA int lj_err_unwind_arm(int state, _Unwind_Control_Block *ucb,
+                               _Unwind_Context *ctx)
 {
  void *cf = (void *)_Unwind_GetGR(ctx, 13);
  lua_State *L = cframe_L(cf);
-  if ((state & _US_ACTION_MASK) == _US_VIRTUAL_UNWIND_FRAME) {
+  int errcode;
-    setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRCPP));
+  switch ((state & _US_ACTION_MASK)) {
+  case _US_VIRTUAL_UNWIND_FRAME:
+    if ((state & _US_FORCE_UNWIND)) break;
    return _URC_HANDLER_FOUND;
-  }
+  case _US_UNWIND_FRAME_STARTING:
-  if ((state&(_US_ACTION_MASK|_US_FORCE_UNWIND)) == _US_UNWIND_FRAME_STARTING) {
+    if (LJ_UEXCLASS_CHECK(ucb->exclass)) {
-    _Unwind_DeleteException(ucb);
+      errcode = LJ_UEXCLASS_ERRCODE(ucb->exclass);
-    _Unwind_SetGR(ctx, 15, (uint32_t)(void *)lj_err_throw);
+    } else {
-    _Unwind_SetGR(ctx, 0, (uint32_t)L);
+      errcode = LUA_ERRRUN;
-    _Unwind_SetGR(ctx, 1, (uint32_t)LUA_ERRRUN);
+      setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRCPP));
+    }
+    cf = err_unwind(L, cf, errcode);
+    if ((state & _US_FORCE_UNWIND) || cf == NULL) break;
+    _Unwind_SetGR(ctx, 15, (uint32_t)lj_vm_unwind_ext);
+    _Unwind_SetGR(ctx, 0, (uint32_t)ucb);
+    _Unwind_SetGR(ctx, 1, (uint32_t)errcode);
+    _Unwind_SetGR(ctx, 2, cframe_unwind_ff(cf) ?
+                            (uint32_t)lj_vm_unwind_ff_eh :
+                            (uint32_t)lj_vm_unwind_c_eh);
    return _URC_INSTALL_CONTEXT;
+  default:
+    return _URC_FAILURE;
  }
  if (__gnu_unwind_frame(ucb, ctx) != _URC_OK)
    return _URC_FAILURE;
+#ifdef LUA_USE_ASSERT
+  /* We should never get here unless this is a forced unwind aka backtrace. */
+  if (_Unwind_GetGR(ctx, 0) == 0xff33aa77) {
+    _Unwind_SetGR(ctx, 0, 0xff33aa88);
+  }
+#endif
  return _URC_CONTINUE_UNWIND;
 }
-#endif
+#if LJ_UNWIND_EXT && defined(LUA_USE_ASSERT)
+typedef int (*_Unwind_Trace_Fn)(_Unwind_Context *, void *);
+extern int _Unwind_Backtrace(_Unwind_Trace_Fn, void *);
-#elif LJ_TARGET_X64 && LJ_ABI_WIN
+static int err_verify_bt(_Unwind_Context *ctx, int *got)
+{
+  if (_Unwind_GetGR(ctx, 0) == 0xff33aa88) { *got = 2; }
+  else if (*got == 0) { *got = 1; _Unwind_SetGR(ctx, 0, 0xff33aa77); }
+  return _URC_OK;
+}
+/* Verify that external error handling actually has a chance to work. */
+void lj_err_verify(void)
+{
+  int got = 0;
+  _Unwind_Backtrace((_Unwind_Trace_Fn)err_verify_bt, &got);
+  lj_assertX(got == 2, "broken build: external frame unwinding enabled, but missing -funwind-tables");
+}
+#endif
 /*
-** Someone in Redmond owes me several days of my life. A lot of this is
+** Note: LJ_UNWIND_JIT is not implemented for 32 bit ARM.
-** undocumented or just plain wrong on MSDN. Some of it can be gathered
-** from 3rd party docs or must be found by trial-and-error. They really
-** don't want you to write your own language-specific exception handler
-** or to interact gracefully with MSVC. :-(
 **
-** Apparently MSVC doesn't call C++ destructors for foreign exceptions
+** The quirky ARM unwind API doesn't have __register_frame().
-** unless you compile your C++ code with /EHa. Unfortunately this means
+** A potential workaround might involve _Unwind_Backtrace.
-** catch (...) also catches things like access violations. The use of
+** But most 32 bit ARM targets don't qualify for LJ_UNWIND_EXT, anyway,
-** _set_se_translator doesn't really help, because it requires /EHa, too.
+** since they are built without unwind tables by default.
 */
-#define WIN32_LEAN_AND_MEAN
+#endif /* LJ_TARGET_ARM */
-#include <windows.h>
-/* Taken from: http://www.nynaeve.net/?p=99 */
-typedef struct UndocumentedDispatcherContext {
-  ULONG64 ControlPc;
-  ULONG64 ImageBase;
-  PRUNTIME_FUNCTION FunctionEntry;
-  ULONG64 EstablisherFrame;
-  ULONG64 TargetIp;
-  PCONTEXT ContextRecord;
-  void (*LanguageHandler)(void);
-  PVOID HandlerData;
-  PUNWIND_HISTORY_TABLE HistoryTable;
-  ULONG ScopeIndex;
-  ULONG Fill0;
-} UndocumentedDispatcherContext;
-/* Another wild guess. */
-extern void __DestructExceptionObject(EXCEPTION_RECORD *rec, int nothrow);
-#define LJ_MSVC_EXCODE          ((DWORD)0xe06d7363)
-#define LJ_GCC_EXCODE           ((DWORD)0x20474343)
-#define LJ_EXCODE               ((DWORD)0xe24c4a00)
+#if LJ_UNWIND_EXT
-#define LJ_EXCODE_MAKE(c)       (LJ_EXCODE | (DWORD)(c))
+static __thread struct {
-#define LJ_EXCODE_CHECK(cl)     (((cl) ^ LJ_EXCODE) <= 0xff)
+  UNWIND_EXCEPTION_TYPE ex;
-#define LJ_EXCODE_ERRCODE(cl)   ((int)((cl) & 0xff))
+  global_State *g;
+} static_uex;
-/* Win64 exception handler for interpreter frame. */
+/* Raise external exception. */
-LJ_FUNCA EXCEPTION_DISPOSITION lj_err_unwind_win64(EXCEPTION_RECORD *rec,
+static void err_raise_ext(global_State *g, int errcode)
-  void *cf, CONTEXT *ctx, UndocumentedDispatcherContext *dispatch)
 {
-  lua_State *L = cframe_L(cf);
+  memset(&static_uex, 0, sizeof(static_uex));
-  int errcode = LJ_EXCODE_CHECK(rec->ExceptionCode) ?
+  static_uex.ex.exclass = LJ_UEXCLASS_MAKE(errcode);
-                LJ_EXCODE_ERRCODE(rec->ExceptionCode) : LUA_ERRRUN;
+  static_uex.g = g;
-  if ((rec->ExceptionFlags & 6)) {  /* EH_UNWINDING|EH_EXIT_UNWIND */
+  _Unwind_RaiseException(&static_uex.ex);
-    /* Unwind internal frames. */
-    err_unwind(L, cf, errcode);
-  } else {
-    void *cf2 = err_unwind(L, cf, 0);
-    if (cf2) {  /* We catch it, so start unwinding the upper frames. */
-      if (rec->ExceptionCode == LJ_MSVC_EXCODE ||
-          rec->ExceptionCode == LJ_GCC_EXCODE) {
-#if LJ_TARGET_WINDOWS
-        __DestructExceptionObject(rec, 1);
-#endif
-        setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRCPP));
-      } else if (!LJ_EXCODE_CHECK(rec->ExceptionCode)) {
-        /* Don't catch access violations etc. */
-        return ExceptionContinueSearch;
-      }
-      /* Unwind the stack and call all handlers for all lower C frames
-      ** (including ourselves) again with EH_UNWINDING set. Then set
-      ** rsp = cf, rax = errcode and jump to the specified target.
-      */
-      RtlUnwindEx(cf, (void *)((cframe_unwind_ff(cf2) && errcode != LUA_YIELD) ?
-                               lj_vm_unwind_ff_eh :
-                               lj_vm_unwind_c_eh),
-                  rec, (void *)(uintptr_t)errcode, ctx, dispatch->HistoryTable);
-      /* RtlUnwindEx should never return. */
-    }
-  }
-  return ExceptionContinueSearch;
 }
-/* Raise Windows exception. */
+#endif
-static void err_raise_ext(int errcode)
-{
-  RaiseException(LJ_EXCODE_MAKE(errcode), 1 /* EH_NONCONTINUABLE */, 0, NULL);
-}
 #endif
@@ -444,22 +769,23 @@ LJ_NOINLINE void LJ_FASTCALL lj_err_throw(lua_State *L, int errcode)
 {
  global_State *g = G(L);
  lj_trace_abort(g);
-  setgcrefnull(g->jit_L);
+  L->status = LUA_OK;
-  L->status = 0;
 #if LJ_UNWIND_EXT
-  err_raise_ext(errcode);
+  err_raise_ext(g, errcode);
  /*
  ** A return from this function signals a corrupt C stack that cannot be
  ** unwound. We have no choice but to call the panic function and exit.
  **
  ** Usually this is caused by a C function without unwind information.
-  ** This should never happen on x64, but may happen if you've manually
+  ** This may happen if you've manually enabled LUAJIT_UNWIND_EXTERNAL
-  ** enabled LUAJIT_UNWIND_EXTERNAL and forgot to recompile *every*
+  ** and forgot to recompile *every* non-C++ file with -funwind-tables.
-  ** non-C++ file with -funwind-tables.
  */
  if (G(L)->panic)
    G(L)->panic(L);
 #else
+#if LJ_HASJIT
+  setmref(g->jit_base, NULL);
+#endif
  {
    void *cf = err_unwind(L, NULL, errcode);
    if (cframe_unwind_ff(cf))
@@ -477,17 +803,29 @@ LJ_NOINLINE GCstr *lj_err_str(lua_State *L, ErrMsg em)
  return lj_str_newz(L, err2msg(em));
 }
+LJ_NORET LJ_NOINLINE static void lj_err_err(lua_State *L)
+{
+  setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRERR));
+  lj_err_throw(L, LUA_ERRERR);
+}
 /* Out-of-memory error. */
 LJ_NOINLINE void lj_err_mem(lua_State *L)
 {
+  if (L->status == LUA_ERRERR)
+    lj_err_err(L);
  if (L->status == LUA_ERRERR+1)  /* Don't touch the stack during lua_open. */
    lj_vm_unwind_c(L->cframe, LUA_ERRMEM);
+  if (LJ_HASJIT) {
+    TValue *base = tvref(G(L)->jit_base);
+    if (base) L->base = base;
+  }
  if (curr_funcisL(L)) {
    L->top = curr_topL(L);
    if (LJ_UNLIKELY(L->top > tvref(L->maxstack))) {
      /* The current Lua frame violates the stack. Replace it with a dummy. */
      L->top = L->base;
-      setframe_gc(L->base - 1, obj2gco(L));
+      setframe_gc(L->base - 1 - LJ_FR2, obj2gco(L), LJ_TTHREAD);
    }
  }
  setstrV(L, L->top++, lj_err_str(L, LJ_ERR_ERRMEM));
@@ -497,7 +835,7 @@ LJ_NOINLINE void lj_err_mem(lua_State *L)
 /* Find error function for runtime errors. Requires an extra stack traversal. */
 static ptrdiff_t finderrfunc(lua_State *L)
 {
-  cTValue *frame = L->base-1, *bot = tvref(L->stack);
+  cTValue *frame = L->base-1, *bot = tvref(L->stack)+LJ_FR2;
  void *cf = L->cframe;
  while (frame > bot && cf) {
    while (cframe_nres(cframe_raw(cf)) < 0) {  /* cframe without frame? */
@@ -521,10 +859,8 @@ static ptrdiff_t finderrfunc(lua_State *L)
      frame = frame_prevd(frame);
      break;
    case FRAME_CONT:
-#if LJ_HASFFI
+      if (frame_iscont_fficb(frame))
-      if ((frame-1)->u32.lo == LJ_CONT_FFI_CALLBACK)
        cf = cframe_prev(cf);
-#endif
      frame = frame_prevd(frame);
      break;
    case FRAME_CP:
@@ -536,11 +872,11 @@ static ptrdiff_t finderrfunc(lua_State *L)
      break;
    case FRAME_PCALL:
    case FRAME_PCALLH:
-      if (frame_ftsz(frame) >= (ptrdiff_t)(2*sizeof(TValue)))  /* xpcall? */
+      if (frame_func(frame_prevd(frame))->c.ffid == FF_xpcall)
-        return savestack(L, frame-1);  /* Point to xpcall's errorfunc. */
+        return savestack(L, frame_prevd(frame)+1);  /* xpcall's errorfunc. */
      return 0;
    default:
-      lua_assert(0);
+      lj_assertL(0, "bad frame type");
      return 0;
    }
  }
@@ -550,7 +886,7 @@ static ptrdiff_t finderrfunc(lua_State *L)
 /* Runtime error. */
 LJ_NOINLINE void LJ_FASTCALL lj_err_run(lua_State *L)
 {
-  ptrdiff_t ef = finderrfunc(L);
+  ptrdiff_t ef = (LJ_HASJIT && tvref(G(L)->jit_base)) ? 0 : finderrfunc(L);
  if (ef) {
    TValue *errfunc, *top;
    lj_state_checkstack(L, LUA_MINSTACK * 2);  /* Might raise new error. */
@@ -562,8 +898,9 @@ LJ_NOINLINE void LJ_FASTCALL lj_err_run(lua_State *L)
      lj_err_throw(L, LUA_ERRERR);
    }
    L->status = LUA_ERRERR;
-    copyTV(L, top, top-1);
+    copyTV(L, top+LJ_FR2, top-1);
    copyTV(L, top-1, errfunc);
+    if (LJ_FR2) setnilV(top++);
    L->top = top+1;
    lj_vm_call(L, top, 1+1);  /* Stack: |errfunc|msg| -> |msg| */
  }
@@ -573,18 +910,35 @@ LJ_NOINLINE void LJ_FASTCALL lj_err_run(lua_State *L)
 /* Stack overflow error. */
 void LJ_FASTCALL lj_err_stkov(lua_State *L)
 {
+  if (L->status == LUA_ERRERR)
+    lj_err_err(L);
  lj_debug_addloc(L, err2msg(LJ_ERR_STKOV), L->base-1, NULL);
  lj_err_run(L);
 }
+#if LJ_HASJIT
+/* Rethrow error after doing a trace exit. */
+LJ_NOINLINE void LJ_FASTCALL lj_err_trace(lua_State *L, int errcode)
+{
+  if (errcode == LUA_ERRRUN)
+    lj_err_run(L);
+  else
+    lj_err_throw(L, errcode);
+}
+#endif
 /* Formatted runtime error message. */
 LJ_NORET LJ_NOINLINE static void err_msgv(lua_State *L, ErrMsg em, ...)
 {
  const char *msg;
  va_list argp;
  va_start(argp, em);
+  if (LJ_HASJIT) {
+    TValue *base = tvref(G(L)->jit_base);
+    if (base) L->base = base;
+  }
  if (curr_funcisL(L)) L->top = curr_topL(L);
-  msg = lj_str_pushvf(L, err2msg(em), argp);
+  msg = lj_strfmt_pushvf(L, err2msg(em), argp);
  va_end(argp);
  lj_debug_addloc(L, msg, L->base-1, NULL);
  lj_err_run(L);
@@ -602,11 +956,11 @@ LJ_NOINLINE void lj_err_lex(lua_State *L, GCstr *src, const char *tok,
 {
  char buff[LUA_IDSIZE];
  const char *msg;
-  lj_debug_shortname(buff, src);
+  lj_debug_shortname(buff, src, line);
-  msg = lj_str_pushvf(L, err2msg(em), argp);
+  msg = lj_strfmt_pushvf(L, err2msg(em), argp);
-  msg = lj_str_pushf(L, "%s:%d: %s", buff, line, msg);
+  msg = lj_strfmt_pushf(L, "%s:%d: %s", buff, line, msg);
  if (tok)
-    lj_str_pushf(L, err2msg(LJ_ERR_XNEAR), msg, tok);
+    lj_strfmt_pushf(L, err2msg(LJ_ERR_XNEAR), msg, tok);
  lj_err_throw(L, LUA_ERRSYNTAX);
 }
@@ -645,8 +999,9 @@ LJ_NOINLINE void lj_err_optype_call(lua_State *L, TValue *o)
  const BCIns *pc = cframe_Lpc(L);
  if (((ptrdiff_t)pc & FRAME_TYPE) != FRAME_LUA) {
    const char *tname = lj_typename(o);
+    setframe_gc(o, obj2gco(L), LJ_TTHREAD);
+    if (LJ_FR2) o++;
    setframe_pc(o, pc);
-    setframe_gc(o, obj2gco(L));
    L->top = L->base = o+1;
    err_msgv(L, LJ_ERR_BADCALL, tname);
  }
@@ -656,28 +1011,27 @@ LJ_NOINLINE void lj_err_optype_call(lua_State *L, TValue *o)
 /* Error in context of caller. */
 LJ_NOINLINE void lj_err_callermsg(lua_State *L, const char *msg)
 {
-  TValue *frame = L->base-1;
+  TValue *frame = NULL, *pframe = NULL;
-  TValue *pframe = NULL;
+  if (!(LJ_HASJIT && tvref(G(L)->jit_base))) {
-  if (frame_islua(frame)) {
+    frame = L->base-1;
-    pframe = frame_prevl(frame);
+    if (frame_islua(frame)) {
-  } else if (frame_iscont(frame)) {
+      pframe = frame_prevl(frame);
+    } else if (frame_iscont(frame)) {
+      if (frame_iscont_fficb(frame)) {
+        pframe = frame;
+        frame = NULL;
+      } else {
+        pframe = frame_prevd(frame);
 #if LJ_HASFFI
-    if ((frame-1)->u32.lo == LJ_CONT_FFI_CALLBACK) {
+        /* Remove frame for FFI metamethods. */
-      pframe = frame;
+        if (frame_func(frame)->c.ffid >= FF_ffi_meta___index &&
-      frame = NULL;
+            frame_func(frame)->c.ffid <= FF_ffi_meta___tostring) {
-    } else
+          L->base = pframe+1;
+          L->top = frame;
+          setcframe_pc(cframe_raw(L->cframe), frame_contpc(frame));
+        }
 #endif
-    {
-      pframe = frame_prevd(frame);
-#if LJ_HASFFI
-      /* Remove frame for FFI metamethods. */
-      if (frame_func(frame)->c.ffid >= FF_ffi_meta___index &&
-          frame_func(frame)->c.ffid <= FF_ffi_meta___tostring) {
-        L->base = pframe+1;
-        L->top = frame;
-        setcframe_pc(cframe_raw(L->cframe), frame_contpc(frame));
      }
-#endif
    }
  }
  lj_debug_addloc(L, msg, pframe, frame);
@@ -690,7 +1044,7 @@ LJ_NOINLINE void lj_err_callerv(lua_State *L, ErrMsg em, ...)
  const char *msg;
  va_list argp;
  va_start(argp, em);
-  msg = lj_str_pushvf(L, err2msg(em), argp);
+  msg = lj_strfmt_pushvf(L, err2msg(em), argp);
  va_end(argp);
  lj_err_callermsg(L, msg);
 }
@@ -710,9 +1064,9 @@ LJ_NORET LJ_NOINLINE static void err_argmsg(lua_State *L, int narg,
  if (narg < 0 && narg > LUA_REGISTRYINDEX)
    narg = (int)(L->top - L->base) + narg + 1;
  if (ftype && ftype[3] == 'h' && --narg == 0)  /* Check for "method". */
-    msg = lj_str_pushf(L, err2msg(LJ_ERR_BADSELF), fname, msg);
+    msg = lj_strfmt_pushf(L, err2msg(LJ_ERR_BADSELF), fname, msg);
  else
-    msg = lj_str_pushf(L, err2msg(LJ_ERR_BADARG), narg, fname, msg);
+    msg = lj_strfmt_pushf(L, err2msg(LJ_ERR_BADARG), narg, fname, msg);
  lj_err_callermsg(L, msg);
 }
@@ -722,7 +1076,7 @@ LJ_NOINLINE void lj_err_argv(lua_State *L, int narg, ErrMsg em, ...)
  const char *msg;
  va_list argp;
  va_start(argp, em);
-  msg = lj_str_pushvf(L, err2msg(em), argp);
+  msg = lj_strfmt_pushvf(L, err2msg(em), argp);
  va_end(argp);
  err_argmsg(L, narg, msg);
 }
@@ -752,7 +1106,7 @@ LJ_NOINLINE void lj_err_argtype(lua_State *L, int narg, const char *xname)
    TValue *o = narg < 0 ? L->top + narg : L->base + narg-1;
    tname = o < L->top ? lj_typename(o) : lj_obj_typename[0];
  }
-  msg = lj_str_pushf(L, err2msg(LJ_ERR_BADTYPE), xname, tname);
+  msg = lj_strfmt_pushf(L, err2msg(LJ_ERR_BADTYPE), xname, tname);
  err_argmsg(L, narg, msg);
 }
@@ -802,7 +1156,7 @@ LUALIB_API int luaL_error(lua_State *L, const char *fmt, ...)
  const char *msg;
  va_list argp;
  va_start(argp, fmt);
-  msg = lj_str_pushvf(L, fmt, argp);
+  msg = lj_strfmt_pushvf(L, fmt, argp);
  va_end(argp);
  lj_err_callermsg(L, msg);
  return 0;  /* unreachable */