From 96fc114a7a3be3fd2c227d5a0ac53aa50cfb85d1 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sun, 16 Apr 2023 13:24:08 +0200 Subject: [PATCH 1/2] Fix canonicalization of +-0.0 keys for IR_NEWREF. Reported by Sergey Kaplun. #981 --- src/lj_record.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lj_record.c b/src/lj_record.c index dee53327..10a14a6f 100644 --- a/src/lj_record.c +++ b/src/lj_record.c @@ -1256,6 +1256,8 @@ TRef lj_record_idx(jit_State *J, RecordIndex *ix) TRef key = ix->key; if (tref_isinteger(key)) /* NEWREF needs a TValue as a key. */ key = emitir(IRTN(IR_CONV), key, IRCONV_NUM_INT); + else if (tref_isnumber(key) && tref_isk(key) && tvismzero(&ix->keyv)) + key = lj_ir_knum_zero(J); /* Canonicalize -0.0 to +0.0. */ xref = emitir(IRT(IR_NEWREF, IRT_P32), ix->tab, key); keybarrier = 0; /* NEWREF already takes care of the key barrier. */ } From c7db8255e1eb59f933fac7bc9322f0e4f8ddc6e6 Mon Sep 17 00:00:00 2001 From: Mike Pall Date: Sun, 16 Apr 2023 13:26:18 +0200 Subject: [PATCH 2/2] Fix TDUP load forwarding after table rehash. Reported by Sergey Kaplun. #980 --- src/lj_opt_mem.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/lj_opt_mem.c b/src/lj_opt_mem.c index feec6bb7..5b1ad898 100644 --- a/src/lj_opt_mem.c +++ b/src/lj_opt_mem.c @@ -154,6 +154,7 @@ static TRef fwd_ahload(jit_State *J, IRRef xref) if (ir->o == IR_TNEW || (ir->o == IR_TDUP && irref_isk(xr->op2))) { /* A NEWREF with a number key may end up pointing to the array part. ** But it's referenced from HSTORE and not found in the ASTORE chain. + ** Or a NEWREF may rehash the table and move unrelated number keys. ** For now simply consider this a conflict without forwarding anything. */ if (xr->o == IR_AREF) { @@ -164,6 +165,11 @@ static TRef fwd_ahload(jit_State *J, IRRef xref) goto cselim; ref2 = newref->prev; } + } else { + IRIns *key = IR(xr->op2); + if (key->o == IR_KSLOT) key = IR(key->op1); + if (irt_isnum(key->t) && J->chain[IR_NEWREF] > tab) + goto cselim; } /* NEWREF inhibits CSE for HREF, and dependent FLOADs from HREFK/AREF. ** But the above search for conflicting stores was limited by xref.