search

fengari-lua / fengari

🌙 φεγγάρι - The Lua VM written in JS ES6 for Node and the browser
MIT License
1.81k stars 65 forks source link

'lastpc' in symbolic execution off by one #29

Closed daurnimator closed 7 years ago

daurnimator commented 7 years ago

Notice the missing location:

$ lua  -e 'lol()'
lua: (command line):1: attempt to call a nil value (global 'lol')
stack traceback:
    (command line):1: in main chunk
    [C]: in ?
$ ./tests/manual-tests/lua-cli.js  -e 'lol()'
(command line):1: attempt to call a nil value
stack traceback:
    ...(command line)1: in main chunk

I tracked this down to lastpc in ldebug.js getobjname being one too many.

Possible fix:

diff --git a/src/ldebug.js b/src/ldebug.js
index d565829..fed0ecb 100644
--- a/src/ldebug.js
+++ b/src/ldebug.js
@@ -530,7 +530,7 @@ const varinfo = function(L, o) {
         kind = getupvalname(L, ci, o);  /* check whether 'o' is an upvalue */
         let stkid = isinstack(L, ci, o);
         if (!kind && stkid)  /* no? try a register */
-            kind = getobjname(ci.func.value.p, ci.pcOff, stkid - ci.u.l.base);
+            kind = getobjname(ci.func.value.p, ci.pcOff - 1, stkid - ci.u.l.base);
     }

     return defs.to_luastring(kind ? ` (${defs.to_jsstring(kind.funcname)} '${defs.to_jsstring(kind.name.value ? kind.name.value : kind.name)}')` : ``);

However I'm not sure if that is correct: pcOff is a field new in fengari (I assume due to pointer arithmetic not being an option in JS), and there is no replacement pcRel macro, so I don't have the lua C code to reference.

giann commented 7 years ago

Isn't this fixed ?

daurnimator commented 7 years ago

No. The patch above still needs commiting (though I'm not sure it's the correct/full fix)