Actions
Bug #12575
closedConditional jump or move depends on uninitialised value(s) at rb_wait_for_single_fd (thread.c:3864)
Description
x86_64 の Debian GNU/Linux 8 にて、valgrind上でdrbのテストを実行すると、以下のレポートが出ました。
(r55612 にて確認)
$ valgrind ./ruby test/runner.rb -v test/drb
(中略)
[ 12/115] DRbTests::ACLTest#test_not_1 = 0.01 s
[ 13/115] DRbTests::TestBug4409#test_bug4409==14331== Conditional jump or move depends on uninitialised value(s)
==14331== at 0x250F20: rb_wait_for_single_fd (thread.c:3864)
==14331== by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331== by 0x89E9E31: io_wait_readable (wait.c:139)
==14331== by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331== by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331== by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331== by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331== by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331== by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331== by 0x2826F8: vm_exec_core (insns.def:1064)
==14331== by 0x293AEA: vm_exec (vm.c:1653)
==14331== by 0x29182C: invoke_block (vm.c:923)
==14331==
==14331== Conditional jump or move depends on uninitialised value(s)
==14331== at 0x250F47: rb_wait_for_single_fd (thread.c:3874)
==14331== by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331== by 0x89E9E31: io_wait_readable (wait.c:139)
==14331== by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331== by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331== by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331== by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331== by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331== by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331== by 0x2826F8: vm_exec_core (insns.def:1064)
==14331== by 0x293AEA: vm_exec (vm.c:1653)
==14331== by 0x29182C: invoke_block (vm.c:923)
==14331==
==14331== Conditional jump or move depends on uninitialised value(s)
==14331== at 0x250F59: rb_wait_for_single_fd (thread.c:3876)
==14331== by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331== by 0x89E9E31: io_wait_readable (wait.c:139)
==14331== by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331== by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331== by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331== by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331== by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331== by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331== by 0x2826F8: vm_exec_core (insns.def:1064)
==14331== by 0x293AEA: vm_exec (vm.c:1653)
==14331== by 0x29182C: invoke_block (vm.c:923)
==14331==
==14331== Conditional jump or move depends on uninitialised value(s)
==14331== at 0x250F69: rb_wait_for_single_fd (thread.c:3878)
==14331== by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331== by 0x89E9E31: io_wait_readable (wait.c:139)
==14331== by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331== by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331== by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331== by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331== by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331== by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331== by 0x2826F8: vm_exec_core (insns.def:1064)
==14331== by 0x293AEA: vm_exec (vm.c:1653)
==14331== by 0x29182C: invoke_block (vm.c:923)
==14331==
= 0.58 s
[ 14/115] DRbTests::TestDRbAry#test_01 = 0.30 s
(以下略)
当該箇所のコードを見ると、struct pollfd fds
の fds.revents
が未初期化の場合があるようです。
これは、ppollシステムコールの結果を返す構造体メンバですが、システムコール内で値をセットされず戻ってくる場合があり得るようです。(おそらくタイムアウトの場合など。)
http://docs.oracle.com/cd/E19253-01/816-5177/poll-7d/ のExample(ppollではなくpollの例ですが)など、巷に流通しているコードを見る限りは、struct pollfd構造体のreventsメンバーは呼出元で0に初期化してあげる必要があるようです。
Actions
Like0
Like0Like0Like0Like0