Old: "Failed to allocate 2147483648 bytes in hash_table for key"
New: "Failed to allocate 16384 bytes in hash_table for key"

ERRINJ_INDEX_ALLOC cannot be used to test this error, because it fails
earlier, so ERRINJ_HASH_INDEX_REPLACE is introduced.

Follow-up #3594

NO_DOC=minor
NO_CHANGELOG=minor

The issue is fixed in the `small' submodule by the following commit:

* matras: fix matras_view::block_count overflow

Closes #3594

NO_TEST=The test requires more than 64 GB of RAM.

@TarantoolBot document
Title: Document maximum number of tuples in hash index
Product: Tarantool
Root document: https://www.tarantool.io/en/doc/latest/book/box/limitations/

Number of tuples in hash index: 2147483648

The bug was fixed in the small library:
 - slab: fix NULL ptr deref in assertion in slab_get
   https://github.com/tarantool/small/commit/ef77efacd452cb90caea2caf22d266f791c95ec3
 - slab: fix uint32_t overflow in slab_capacity
   https://github.com/tarantool/small/commit/77203600a7c645d97bce56f901eec25de0b29d6e

The small library submodule was updated in commit ebafd684
("small: bump version").

Closes #9218

NO_DOC=changelog
NO_TEST=changelog

Recently added persistent instance/replicaset/cluster names have certain
validation rules (see #5029 and #9148). An instance name and a
replicaset name that are provided in a declarative configuration are
stored in the database, so they should follow the same rules.

This patch implements the validation for instance/replicaset/group
names, for `--name` CLI option and `TT_INSTANCE_NAME` environment
variable.

Part of #8862
Related to #9148

NO_DOC=The user visible change is about a better error message if a
       wrong name is passed. The naming rules are documented in
       https://github.com/tarantool/doc/issues/3466,
       https://github.com/tarantool/doc/issues/3467,
       https://github.com/tarantool/doc/issues/3468.

Sometimes shell quoting is needed in tests to trigger a validation
error. For example, if the argument is empty or contains whitespaces.

Left the default unchanged to don't affect existing tests.

Part of #8862

NO_DOC=testing helper change
NO_CHANGELOG=see NO_DOC
NO_TEST=see NO_DOC

We hit #3807 in release/2.11 for release ASAN build with ASAN-friendly
small allocators.

Follow-up #7327

NO_CHANGELOG=internal
NO_DOC=internal

Closes #9277

@TarantoolBot document
Title: Document `box_space_execute_priv` compatibility option

Historically, it was possible to grant the `execte` privilege on
a space although this action had no effect. Since Tarantool 3.0
it isn't allowed anymore. The new `compat` module option
`box_space_execute_priv` was added to revert to the old behavior.

Please create a documentation page for the new compatibility option at
https://tarantool.io/compat/box_space_execute_priv

Example:

```
tarantool> box.cfg{log_level = 'error'}
---
...

tarantool> box.schema.user.create('alice')
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
- error: Unsupported space privilege 'execute'
...

tarantool> require('compat').box_space_execute_priv = 'old'
---
...

tarantool> box.schema.user.grant('alice', 'execute', 'space')
---
...
```

Configuring log modules work differently with log.cfg and box.cfg:
box.cfg{log_modules=...} overwrites the current config completely while
log.cfg{modules=...} overwrites the currently config only for the
specified modules. Let's fix this inconsistency by making log.cfg behave
exactly as box.cfg.

Closes #7962

NO_DOC=bug fix

This reverts commit 0ea1ba87.

Bump is reverted due to regression in Curl 8.4.0.

Needed for #9283

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump
NO_CHANGELOG=libcurl submodule bump

We decided to allow underscore in names to provide easier support
for many existent installations.

Closes #9148

NO_CHANGELOG=no updates to the feature description
NO_DOC=update existent doc tickets 3466, 3467, 3468

Message body resides in one of rotating input buffers for the
connection. When we don't need message body anymore we advance the
reading end of the input buffer by the size of the message. But message
processing order can differ from the order of messages in the wire.
Thus this advancing a bit hacky. Let's instead mark the data in the
input buffer as read when we process all the messages in the input
buffer. We cannot reuse the buffer any earlier anyway.

Follow-up #7327

NO_TEST=refactoring
NO_CHANGELOG=refactoring
NO_DOC=refactoring

The API functions additionally poison related data in ASAN build.

Follow-up #7327

NO_TEST=refactoring
NO_CHANGELOG=refactoring
NO_DOC=refactoring

New commits:

- ibuf: change ibuf_consume_before argument type to const void ptr
- ibuf: introduce ibuf_consume/ibuf_consume_before API
- matras: fix matras_view::block_count overflow
- slab: fix uint32_t overflow in slab_capacity
- debug: add assertions of ASAN version to non ASAN
- ibuf: add ibuf_discard
- slab: fix NULL ptr deref in assertion in slab_get

NO_TEST=submodule bump
NO_CHANGELOG=submodule bump
NO_DOC=submodule bump

The test is quite a flacky in debug ASAN CI workflow. The issue is test
check upper boundary of it's execution time. I run many instances of
this test on in parallel and got average time of 40s for memtex and 70s
for vinyl.

The time quota is already changed by the commit 84cb1e04 ("sql:
increase time quota for selectG test on vinyl") for laptops with HDD.
I did not check execution time for HDD though. I guess the bottleneck
for debug ASAN is CPU.

Follow-up #7327

NO_CHANGELOG=internal
NO_DOC=internal

The error message was not quite clear in case instance has any name
defined and config provides a different one.

Closes #8692

NO_CHANGELOG=no previous release with this error message
NO_DOC=not needed since no changes to the public API

We install a signal handler that prints the stack trace on SIGSEGV,
SIGBUS, SIGILL, SIGFPE. The signal handler uses the current stack.
This works fine for most issues, but not for stack overflow, because
the latter makes the current stack unusable, leading to a crash in
the signal handler. Let's install an alternative signal stack in each
thread so that we can print the stack trace on stack overflow.

Note that we skip this for ASAN because it installs its own signal
stack. (Installing a custom stack would result in a crash.)

Closes #9222

NO_DOC=bug fix

Modify Linux workflows for running jobs inside Docker containers. It
helps isolate the building and testing environment from the runner's
system and other workflows.

Closes tarantool/tarantool-qa#327

NO_DOC=ci
NO_TEST=ci
NO_CHANGELOG=ci

The macro expands to inline keyword and always_inline attribute if
it's supported. This attribute forces the compiler to inline the
function if it's possible and raise a diagnostic if it's not.

Needed for tarantool/tarantool-ee#580

NO_DOC=internal
NO_TEST=internal
NO_CHANGELOG=internal

With this patch the following log/alert structure is introduced:
* all informational messages (e.g. some privs granted) use `log.verbose()`
* all warnings about postponed apply use `config:_alert{type = 'warn'}`
* all apply errors are reported with `config:_alert{type = 'error'}`

Debug logs are removed.

Part of #8967

NO_DOC=logging and alerts
NO_CHANGELOG=see NO_DOC
NO_TEST=see NO_DOC

Before this patch luatest.server used to fail if the instance status
was different from 'ready'. Now it allows 'check_warnings' state too.
It is required to test legal corner cases inside config applier.

Part of #8967

NO_DOC=test helper update
NO_TEST=see NO_DOC
NO_CHANGELOG=see NO_DOC

There are four problems we have to address to make this possible:

 1. memtx_engine_shutdown may delete the tuple referenced by
    box_tuple_last so that tuple_free, which is called later by
    box_free, will crash trying to free it. Fix this by clearing
    box_tuple_last in memtx_engine_shutdown.

 2. tuple_format_destroy and tuple_field_delete, called by it, expect
    all constraints to be detached. Let's destroy the constraints if
    this isn't the case. This effectively reverts commit 7a87b9a5
    ("box: do not call constraint[i].destroy() in
    tuple_field_delete()").

 3. tuple_field_delete, called by tuple_format_destroy, expects the
    default value function to be unpinned. Let's unpin it if this isn't
    the case. To avoid linking dependencies between the tuple and box
    libraries, we have to introduce a virtual destructor for
    field_default_func.

 4. The tuple_format unit test calls tuple_free after box_free. If
    box_free calls tuple_free by itself, this leads to a crash. Fix this
    by removing tuple_free and tuple_init calls from the test.

Closes #9174

NO_DOC=code health
NO_CHANGELOG=code health
NO_TEST=checked by existing tests

The patch updates curl module to the version 8.4.0 [1] that brings a
number of functional fixes and security fix of SOCKS5 heap buffer
overflow (CVE-2023-38545), see description in [2] and commit
fb4415d8aee6 ("socks: return error if hostname too long for remote
resolve") in [3].

1. https://curl.se/changes.html#8_4_0
2. https://curl.se/docs/CVE-2023-38545.html
3. https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147

NO_DOC=libcurl submodule bump
NO_TEST=libcurl submodule bump

The motivation is to reduce time slip on Tarantool startup before
running init scripts. Internal ev time is set in fiber_init/ev_default_loop
and is not get updated until starting event loop. This causes
timeouts slip up to 0.3 in debug ASAN build in init script (see #9261).

Let's run event loop right at the beginning of the run_script_f before
executing any script. This way besides updating internal ev time we make
an explicit place of starting script event loop. Currently it is started
lazily when config script yields.

This will fix CI for PR https://github.com/tarantool/tarantool-ee/pull/572
for debug ASAN workflow.

We can also remove start_loop condition. It does not make sense now. It
was added in the commit 3a851430 ("Fix tarantool -e "os.exit()"
hang") but since then we start to stop event loop after handling
os.exit().

Also this fixes #9266. The issue is we don't have an event loop to run
on shutdown triggers if -e command line expression add such a trigger
and then call os.exit().

Follow-up #7327
Closes #9266

NO_DOC=bugfix

Tarantool supports two console protocols: text and binary. The binary
protocol is implemented with IPROTO EVAL request so the console module
reuses the net.box module to establish and maintain a binary connection.
Currently, instead of passing the original URI specified by the user to
net.box.connect as is, the console module parses the URI and passes the
host and port. As a result, extra information that may be specified in
URI parameters is lost. This prevents the user from connecting to the
binary console using the SSL transport because to use the SSL transport
the user must specify transport=ssl URI parameter.

Needed for tarantool/tarantool-ee#567

NO_DOC=no visible changes in CE
NO_TEST=no visible changes in CE
NO_CHANGELOG=no visible changes in CE

User password is stored in a system space is a form of hash when
'chap-sha1' auth type is set, and in a form of hash with salt when
'pap-sha256' is set.

Now, if a user is set inside config, and the current auth type is
different from the type the users password is stored in, the password
hash will be regenerated.

Part of #8967

NO_DOC=documentation request will be filed manually for the whole
       credentials

With #8906 the object types mentioned above were introduced. They control
access to code execution over IPROTO.
This patch adds such object types support to credentials applier. Now
'execute' can be granted to a user or role for 'lua_eval', 'lua_call' and
'sql'. Note that similar to 'universe', objects can't be specified in
the config, only 'all' is allowed.

Part of #8967

NO_DOC=documentation request will be filed manually for the whole
       credentials

The new parameters will be implemented in Tarantool Enterprise Edition.
This commit just adds configuration stubs.

Needed for tarantool/tarantool-ee#502
Needed for tarantool/tarantool-ee#503

NO_DOC=stubs for enterprise edition
NO_CHANGELOG=stubs for enterprise edition

Let's obtain box.cfg parameters from audit_log_init with cfg_get instead
of passing them as arguments, like we do with the security module, for
example. This simplifies addition of new audit log parameters.

Needed for tarantool/tarantool-ee#502
Needed for tarantool/tarantool-ee#503

NO_DOC=refactoring
NO_TEST=refactoring
NO_CHANGELOG=refactoring

During building an index in background, some transaction can perform a dml
request that affects space size (e.g. a replace), but the size will remain
the same, because bsize is moved from the old space to the new space in
memtx_space_prepare_alter() prior to space_execute_dml(). Fix this issue by
calling space_finish_alter() in alter_space_do().
In fact, this patch partially reverts commit 9ec3b1a4 ("alter: zap
space_vtab::commit_alter").

NO_DOC=bugfix

Closes #9247

Consider the following example:
```
tarantool -e "box.cfg{} require('console').start()"
```
When a local console is exited by pressing Ctrl+D, Tarantool seemingly
freezes - console stops to work, typed characters are not echoed. But
the event loop is not stopped because there are background fibers running.
This patch adds a message that Ctrl+C should be pressed in such a case.

Closes #7017

NO_DOC=minor

Attaching triggers to space id instead of space object is a significant
pitfall. The users who haven't discovered new triggers may not expect
the triggers of a dropped space will be fired by a new one. So let's
drop triggers that were set with old API along with the space.

All the tests, changed because of described above breaking change, are
restored.

Closes #9223

NO_DOC=later

The patch provides event triggers with flags and introduces the first
one - EVENT_TRIGGER_IS_TEMPORARY. When the new
event_remove_temporary_triggers method is called, all the temporary
triggers are removed from the event.

Part of #9223

NO_CHANGELOG=internal
NO_DOC=internal

This patch also includes:
  - misc trivial fixes for ASAN discovered issues
  - minor adaptations for ASAN friendly allocators

Closes #7327

NO_DOC=internal
NO_CHANGELOG=internal

With new ASAN-friendly small implementation unit/fiber_stack.c test
start to fail. The issue is leak sanitizer reports a leak. This is an
expected leak of test for mprotect failure on fiber stack destruction.
Let's tell sanitizer to ignore this case.

By the way let's drop test code for temporary redirecting stderr. It is
outdated as test is TAP-compatible. It was a PITA as due to this
redirection there was no leak report only error exit code.

Part of #7327

NO_CHANGELOG=internal
NO_DOC=internal

With ASAN-friendly small allocators there are a lot test failures due
to leak reports which are gone if JIT is off.

Fortunately all the reports related to a few functions. Let's suppress
temporarily such reports.

Part of #7327

NO_TEST=internal
NO_CHANGELOG=internal
NO_DOC=internal

When SMALL_MALLOC_IMPL is defined and ASAN-friendly allocators are used
the arena allocator is not used at all as we not allocate memory
directly from there. And other ASAN-friendly allocators are not allocate
from it too. Thus box.slab.info().arena_size == 0. Same for usage
of runtime arena box.runtime.info().used.

Also usage with ASAN-friendly lsregion is a bit different as it does
not account for size of alignment padding. Thus we need to adapt
box.stat.vinyl().memory.level0 tests. Approach is to check for lower
and upper limit instead of checking for exact values.

Part of #7327

NO_DOC=test changes
NO_CHANGELOG=test changes

ASAN-friendly implementation poisons memory after allocation with
ibuf_alloc so we need to fix existing places in code where we access
memory after allocation.

Part of ibuf implementation is inline functions in headers. Thus ibuf
implementation in Lua reimplement this parts. We add poison to these
inline functions in ASAN-friedly implementation so we need add same poison
in Lua implementation.

Part of #7327

NO_CHANGELOG=internal
NO_DOC=internal

We are going to include generated small_config.h into small allocator
headers (currently it is only included in small source files).
core/memory.h depends on small headers and salad/heap.h depends on
core/memory.h. As a result we need to provide a way for salad/heap.h
users to find small_config.h header.

Instead let's drop dependency from core/memory.h as we only use it for
typeof definition.

Part of #7327

NO_CHANGELOG=code cleanup
NO_DOC=code cleanup

If leak sanitizer reaches the memory protected from read with mprotect
it exhibits all sorts of odd behaviour. It can hang, can crash, can
return errors with no leak backtraces.

We use mprotect to create guard zones at the end of fiber stack so if
stack is overflowed we get a signal and crash. We take protection off
when fiber is destroyed. Unfortunately we do not destroy cords (and its
fibers) which cancelled through cord_cancel_and_join. This is going to
be addressed in patch for issue #8423 ("Get rid of pthread_cancel()").
Until that moment let's disable protection for ASAN builds.

Note that we did not hit this behaviour before because LSAN only scans
memory allocated using malloc and regular slab cache uses mmap to get
memory.

Part of #7327

NO_CHANGELOG=internal
NO_DOC=internal

Regularly fiber stack slab is page aligned. So upper stack border is
page aligned too when stack grows down. But with ASAN friendly slab
cache implementation this border is not page aligned. As a result
madvise call on stack may zero memory beyond stack slab which will cause
heap corruption. In debug build corruption is detected by assertion:

NO_WRAP
 >  Fatal glibc error: malloc.c:2593 (sysmalloc): assertion failed: (old_top
 >  == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >=
 >  MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize
 >  - 1)) == 0)
NO_WRAP

Interestingly enough the issue can not be investigated using ASAN. The
memory is zeroed by kernel code which is not instrumented so it is
invisible for sanitizer.

Looks like non-ASAN builds are not affected. Even if stack_size is
not page aligned the slab allocated for stack is page aligned. Thus
memory zeroing will be inside the slab and there will be no memory
corruption.

Also when stack grows up lower stack border in not aligned even with
regular small implementation. So madvise call will fail with EINVAL as
it is required that start address is page aligned. We ignore the error
though. Let's fix this issue too while we at it.

Let's introduce fiber_madvise_aligned to align madvise range with proper
direction before calling madvise(2). To justify its usage note that
besides fixing the issues described above, in case of stack growing down
fiber->stack is page aligned and in case of stack growing up
fiber->stack + fiber->stack_size is page aligned.

Part of #7327

NO_TEST=tested by ASAN (debug build)
NO_CHANGELOG=has effect only with newly introduced ASAN friendly slab cache
NO_DOC=has effect only with newly introduced ASAN friendly slab cache