From 5c46f47736f7609be407c88d531ecd1689d40a79 Mon Sep 17 00:00:00 2001
From: Mike Pall <mike>
Date: Mon, 12 Oct 2020 15:45:05 +0200
Subject: Fix snapshot PC when linking to BC_JLOOP that was a BC_RET*.
Reported by Arseny Vakhrushev.
Fix contributed by Peter Cawley.
---
src/lj_record.c | 9 +++++----
src/lj_snap.c | 3 +++
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/lj_record.c b/src/lj_record.c
index 69822f54..f5632f6c 100644
--- a/src/lj_record.c
+++ b/src/lj_record.c
@@ -513,10 +513,10 @@ static LoopEvent rec_iterl(jit_State *J, const BCIns iterins)
}
/* Record LOOP/JLOOP. Now, that was easy. */
-static LoopEvent rec_loop(jit_State *J, BCReg ra)
+static LoopEvent rec_loop(jit_State *J, BCReg ra, int skip)
{
if (ra < J->maxslot) J->maxslot = ra;
- J->pc++;
+ J->pc += skip;
return LOOPEV_ENTER;
}
@@ -2027,7 +2027,7 @@ void lj_record_ins(jit_State *J)
rec_loop_interp(J, pc, rec_iterl(J, *pc));
break;
case BC_LOOP:
- rec_loop_interp(J, pc, rec_loop(J, ra));
+ rec_loop_interp(J, pc, rec_loop(J, ra, 1));
break;
case BC_JFORL:
@@ -2037,7 +2037,8 @@ void lj_record_ins(jit_State *J)
rec_loop_jit(J, rc, rec_iterl(J, traceref(J, rc)->startins));
break;
case BC_JLOOP:
- rec_loop_jit(J, rc, rec_loop(J, ra));
+ rec_loop_jit(J, rc, rec_loop(J, ra,
+ !bc_isret(bc_op(traceref(J, rc)->startins))));
break;
case BC_IFORL:
diff --git a/src/lj_snap.c b/src/lj_snap.c
index de8068ac..bcd03038 100644
--- a/src/lj_snap.c
+++ b/src/lj_snap.c
@@ -97,6 +97,9 @@ static BCReg snapshot_framelinks(jit_State *J, SnapEntry *map)
cTValue *ftop = frame + funcproto(frame_func(frame))->framesize;
MSize f = 0;
map[f++] = SNAP_MKPC(J->pc); /* The current PC is always the first entry. */
+ lua_assert(!J->pt ||
+ (J->pc >= proto_bc(J->pt) &&
+ J->pc < proto_bc(J->pt) + J->pt->sizebc));
while (frame > lim) { /* Backwards traversal of all frames above base. */
if (frame_islua(frame)) {
map[f++] = SNAP_MKPC(frame_pc(frame));
--
cgit v1.2.3-55-g6feb