|
| 1 | +--[[ |
| 2 | +SPDX-License-Identifier: ISC |
| 3 | +Copyright (c) 2023-2025, Sergey Bronnikov. |
| 4 | +
|
| 5 | +2.6 – Coroutines |
| 6 | +https://www.lua.org/manual/5.3/manual.html#2.6 |
| 7 | +
|
| 8 | +Computation of stack limit when entering a coroutine is wrong, |
| 9 | +https://github.com/lua/lua/commit/e1d8770f12542d34a3e32b825c95b93f8a341ee1 |
| 10 | +
|
| 11 | +C-stack overflow with deep nesting of coroutine.close, |
| 12 | +https://www.lua.org/bugs.html#5.4.4-9 |
| 13 | +
|
| 14 | +C stack overflow (again), |
| 15 | +https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27 |
| 16 | +
|
| 17 | +When a coroutine tries to resume a non-suspended coroutine, |
| 18 | +it can do some mess (and break C assertions) before detecting the error, |
| 19 | +https://www.lua.org/bugs.html#5.3.3-4 |
| 20 | +
|
| 21 | +debug.getlocal on a coroutine suspended in a hook can crash the interpreter, |
| 22 | +https://www.lua.org/bugs.html#5.3.0-2 |
| 23 | +
|
| 24 | +Suspended __le metamethod can give wrong result, |
| 25 | +https://www.lua.org/bugs.html#5.3.0-3 |
| 26 | +
|
| 27 | +Resuming the running coroutine makes it unyieldable, |
| 28 | +https://www.lua.org/bugs.html#5.2.2-8 |
| 29 | +
|
| 30 | +pcall may not restore previous error function when inside coroutines, |
| 31 | +https://www.lua.org/bugs.html#5.2.1-2 |
| 32 | +
|
| 33 | +Wrong handling of nCcalls in coroutines, |
| 34 | +https://www.lua.org/bugs.html#5.2.0-4 |
| 35 | +
|
| 36 | +coroutine.resume pushes element without ensuring stack size, |
| 37 | +https://www.lua.org/bugs.html#5.1.3-2 |
| 38 | +
|
| 39 | +Recursive coroutines may overflow C stack, |
| 40 | +https://www.lua.org/bugs.html#5.1.2-4 |
| 41 | +
|
| 42 | +Stand-alone interpreter shows incorrect error message when the |
| 43 | +"message" is a coroutine, |
| 44 | +https://www.lua.org/bugs.html#5.1.2-12 |
| 45 | +
|
| 46 | +Debug hooks may get wrong when mixed with coroutines, |
| 47 | +https://www.lua.org/bugs.html#5.1-7 |
| 48 | +
|
| 49 | +Values held in open upvalues of suspended threads may be |
| 50 | +incorrectly collected, |
| 51 | +https://www.lua.org/bugs.html#5.0.2-3 |
| 52 | +
|
| 53 | +Attempt to resume a running coroutine crashes Lua, |
| 54 | +https://www.lua.org/bugs.html#5.0-2 |
| 55 | +
|
| 56 | +debug.getlocal on a coroutine suspended in a hook can crash the interpreter, |
| 57 | +https://www.lua.org/bugs.html#5.3.0-2 |
| 58 | +
|
| 59 | +debug.sethook/gethook may overflow the thread's stack, |
| 60 | +https://www.lua.org/bugs.html#5.1.2-13 |
| 61 | +
|
| 62 | +Memory hoarding when creating Lua hooks for coroutines, |
| 63 | +https://www.lua.org/bugs.html#5.2.0-1 |
| 64 | +
|
| 65 | +Synopsis: |
| 66 | +
|
| 67 | +coroutine.close(co) |
| 68 | +coroutine.create(f) |
| 69 | +coroutine.isyieldable([co]) |
| 70 | +coroutine.resume(co [, val1, ...]) |
| 71 | +coroutine.running() |
| 72 | +coroutine.status(co) |
| 73 | +coroutine.wrap(f) |
| 74 | +coroutine.yield(...) |
| 75 | +]] |
| 76 | + |
| 77 | +local luzer = require("luzer") |
| 78 | + |
| 79 | +local CORO_OBJECTS = {} |
| 80 | + |
| 81 | +-- Possible coroutine statuses, described in Lua 5.1 Reference Manual, |
| 82 | +-- https://www.lua.org/manual/5.4/manual.html#6.2 |
| 83 | +local CORO_STATUS = { |
| 84 | + DEAD = "dead", |
| 85 | + NORMAL = "normal", |
| 86 | + RUNNING = "running", |
| 87 | + SUSPENDED = "suspended", |
| 88 | +} |
| 89 | + |
| 90 | +local CORO_ACTION_NAME = { |
| 91 | + "close", |
| 92 | + "create", |
| 93 | + "resume", |
| 94 | + "yield", |
| 95 | +} |
| 96 | + |
| 97 | +-- Forward declaration. |
| 98 | +local coro_function |
| 99 | + |
| 100 | +local function coro_action(fdp) |
| 101 | + local action = fdp:oneof(CORO_ACTION_NAME) |
| 102 | + if action == "create" then |
| 103 | + local co = coroutine.create(coro_function) |
| 104 | + local set_hook = fdp:consume_boolean() |
| 105 | + local hook_args = {} |
| 106 | + if set_hook then |
| 107 | + table.insert(hook_args, function () return co end) |
| 108 | + table.insert(hook_args, fdp:oneof({"c", "r", "l"})) |
| 109 | + end |
| 110 | + debug.sethook(co, unpack(hook_args)) |
| 111 | + table.insert(CORO_OBJECTS, co) |
| 112 | + coroutine.resume(co, 1) |
| 113 | + return |
| 114 | + end |
| 115 | + |
| 116 | + local coro = fdp:oneof(CORO_OBJECTS) |
| 117 | + if coroutine.status(coro) == CORO_STATUS["DEAD"] then |
| 118 | + return |
| 119 | + end |
| 120 | + if action == "close" then |
| 121 | + coroutine.close(coro) |
| 122 | + elseif action == "yield" and coroutine.isyieldable(coro) then |
| 123 | + coroutine.yield(coro) |
| 124 | + elseif action == "resume" then |
| 125 | + coroutine.resume(coro) |
| 126 | + end |
| 127 | +end |
| 128 | + |
| 129 | +coro_function = function(fdp, coro_max_number) |
| 130 | + local n = fdp:consume_integer(1, coro_max_number) |
| 131 | + for _ = 1, n do |
| 132 | + coro_action(fdp) |
| 133 | + end |
| 134 | +end |
| 135 | + |
| 136 | +local function TestOneInput(buf, _size) |
| 137 | + local fdp = luzer.FuzzedDataProvider(buf) |
| 138 | + local coro_max_number = fdp:consume_integer(0, 100) |
| 139 | + local co = coroutine.create(coro_function) |
| 140 | + table.insert(CORO_OBJECTS, co) |
| 141 | + -- The function `coroutine.resume` starts the execution of |
| 142 | + -- a coroutine, changing its state from suspended to running. |
| 143 | + coroutine.resume(co, fdp, coro_max_number) |
| 144 | +end |
| 145 | + |
| 146 | +local args = { |
| 147 | + artifact_prefix = "coroutine_", |
| 148 | +} |
| 149 | +luzer.Fuzz(TestOneInput, nil, args) |
0 commit comments