Project

General

Profile

Actions

Bug #11928

closed

Segmentation fault in did_you_mean extension

Added by amw (Adam Wróbel) almost 9 years ago. Updated over 8 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-darwin15]
[ruby-core:72620]

Description

I'm getting a segmentation fault in my Rails application test suite if I attempt to use an undefined method/object.

I was not able to reproduce this outside of the complex environment of my application, but hopefully you might be able to figure out what is going on just using the crash logs. I had to filter out lines that contained file paths of my application - fortunately they were only in the "Loaded features" section and not anywhere in C or Ruby backtraces.


Files

did_you_mean_clean.log (300 KB) did_you_mean_clean.log amw (Adam Wróbel), 12/30/2015 03:27 PM
ruby_2015-12-27-133453_iMac.crash (26.4 KB) ruby_2015-12-27-133453_iMac.crash amw (Adam Wróbel), 12/30/2015 03:27 PM

Related issues 5 (0 open5 closed)

Has duplicate Ruby master - Bug #12000: Crash report for 2.3.0ClosedActions
Has duplicate Ruby master - Bug #12107: Segmentation fault at 0x000000000000b8 - did_you_meanClosedyuki24 (Yuki Nishijima)Actions
Has duplicate Ruby master - Bug #12078: Segmentation fault in did_you_mean with ruby revision 53608 ClosedActions
Has duplicate Ruby master - Bug #12265: did_you_mean spell checker crashCloseddurfee (Sean Durfee)Actions
Has duplicate Ruby master - Bug #12796: Segmentation fault at ~/.rvm/gems/ruby-2.3.0@global/gems/did_you_mean-1.0.0/lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb:10: [BUG]ClosedActions

Updated by nobu (Nobuyoshi Nakada) almost 9 years ago

  • Status changed from Open to Feedback

What exception will raise with --disable=did_you_mean command line option?

Updated by hirokiraj (Jakub Jatczak) almost 9 years ago

I think i encountered similiar or even the same issue, managed to replicate in quite simple env with roda
https://github.com/hirokiraj/roda-2.3.0-bug

Control frame and backtrace -> https://gist.github.com/hirokiraj/83d917de90e0f60253ba
Crash diagnostic report -> https://gist.github.com/hirokiraj/4ef37abec72bec2f6ada

Will investigate what happens with --disable=did_you_mean

Updated by yuki24 (Yuki Nishijima) almost 9 years ago

I was able to replicate it without did_you_mean.

  1. Save this file as loader.rb:

    -> { require_relative 'segfault' }.call
    
  2. Save this file as segfault.rb:

    class Segfault
      at_exit { Segfault.new.segfault }
    
      define_method 'segfault' do
        while true do
          (foo rescue $!).local_variables
        end
      end
    end
    
  3. Then run:

    $ ruby --disable-gems loader.rb
    

Updated by wanabe (_ wanabe) almost 9 years ago

  • Status changed from Feedback to Open
  • Assignee deleted (yuki24 (Yuki Nishijima))

With the just experimental patch, I didn't encounter SEGV.
I suspect about GC mark matter of T_IMEMO iseq, referenced by NameError#local_variables.

diff --git a/gc.c b/gc.c
index 874cb98..e34da14 100644
--- a/gc.c
+++ b/gc.c
@@ -2064,6 +2064,10 @@ obj_free(rb_objspace_t *objspace, VALUE obj)
 #endif
 #endif
 
+    if (BUILTIN_TYPE(obj) == T_IMEMO && imemo_type(obj) == imemo_iseq) {
+       return 1;
+    }
+
     switch (BUILTIN_TYPE(obj)) {
       case T_OBJECT:
        if (!(RANY(obj)->as.basic.flags & ROBJECT_EMBED) &&

I changed the status and the assignee because this seem not to be a did_you_mean matter.

Actions #5

Updated by nobu (Nobuyoshi Nakada) almost 9 years ago

  • Status changed from Open to Closed

Applied in changeset r53514.


iseq.c: mark parents of wrapped iseq

  • iseq.c (iseqw_mark): as wrapped iseq is isolated from the call
    stack, it needs to take care of its parent and ancestors, so
    that they do not become orphans. [ruby-core:72620] [Bug #11928]

Updated by wanabe (_ wanabe) almost 9 years ago

This script still causes SEGV.
Confirmed with ruby 2.4.0dev (2016-01-13 trunk 53518) [x86_64-darwin15] and ruby 2.4.0dev (2016-01-13 trunk 53518) [x86_64-linux].

->{
  ->{
    ->{
      eval <<-EOS
        class Segfault
          at_exit { Segfault.new.segfault } 

          define_method :segfault do
            GC.disable
            0.step do |n|
              n.times do
                (foo rescue $!).local_variables
              end
              GC.start
            end
          end
        end
      EOS
    }.call
  }.call
}.call

Updated by wanabe (_ wanabe) almost 9 years ago

_ wanabe wrote:

This script still causes SEGV.

Fixed at r53524. Thanks!

Actions #8

Updated by nobu (Nobuyoshi Nakada) almost 9 years ago

  • Has duplicate Bug #12000: Crash report for 2.3.0 added

Updated by wanabe (_ wanabe) over 8 years ago

ruby-2.3 seems to have the bug as pointed by #12078.
I guess the issue should be set "2.3: REQUIRED" to make r53514 and r53524 backported, shouldn't this?

Updated by amw (Adam Wróbel) over 8 years ago

  • Backport changed from 2.3: UNKNOWN to 2.3: REQUIRED

I've changed the backport flag as requested, but can't change ticket status. Hope a responsible party will be notified.

Updated by yuki24 (Yuki Nishijima) over 8 years ago

  • Status changed from Closed to Open
  • Backport changed from 2.3: REQUIRED to 2.1: DONTNEED, 2.2: DONTNEED, 2.3: REQUIRED

I'm re-opening this ticket as the fix needs to be backported to 2.3.0 as well.

Updated by usa (Usaku NAKAMURA) over 8 years ago

  • Status changed from Open to Closed

Never change the status!
"Open" means that it's not fixed in trunk and then not be able to be backported yet.
"Closed" means "It's already fixed! Now it can be backported!"

Actions #13

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Has duplicate Bug #12107: Segmentation fault at 0x000000000000b8 - did_you_mean added
Actions #14

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Has duplicate Bug #12078: Segmentation fault in did_you_mean with ruby revision 53608 added
Actions #15

Updated by naruse (Yui NARUSE) over 8 years ago

  • Backport changed from 2.1: DONTNEED, 2.2: DONTNEED, 2.3: REQUIRED to 2.1: DONTNEED, 2.2: DONTNEED, 2.3: DONE

ruby_2_3 r54405 merged revision(s) 53514,53524.

Actions #16

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Has duplicate Bug #12265: did_you_mean spell checker crash added
Actions #17

Updated by nobu (Nobuyoshi Nakada) about 8 years ago

  • Has duplicate Bug #12796: Segmentation fault at ~/.rvm/gems/ruby-2.3.0@global/gems/did_you_mean-1.0.0/lib/did_you_mean/spell_checkers/name_error_checkers/variable_name_checker.rb:10: [BUG] added
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0Like0