Project

General

Profile

Actions

Bug #12575

closed

Conditional jump or move depends on uninitialised value(s) at rb_wait_for_single_fd (thread.c:3864)

Added by ngoto (Naohisa Goto) over 7 years ago. Updated over 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-dev:49725]

Description

x86_64 の Debian GNU/Linux 8 にて、valgrind上でdrbのテストを実行すると、以下のレポートが出ました。
(r55612 にて確認)

$ valgrind ./ruby test/runner.rb -v test/drb 
(中略)
[ 12/115] DRbTests::ACLTest#test_not_1 = 0.01 s
[ 13/115] DRbTests::TestBug4409#test_bug4409==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F20: rb_wait_for_single_fd (thread.c:3864)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F47: rb_wait_for_single_fd (thread.c:3874)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F59: rb_wait_for_single_fd (thread.c:3876)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F69: rb_wait_for_single_fd (thread.c:3878)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
 = 0.58 s
[ 14/115] DRbTests::TestDRbAry#test_01 = 0.30 s
(以下略)

当該箇所のコードを見ると、struct pollfd fdsfds.revents が未初期化の場合があるようです。
これは、ppollシステムコールの結果を返す構造体メンバですが、システムコール内で値をセットされず戻ってくる場合があり得るようです。(おそらくタイムアウトの場合など。)

http://docs.oracle.com/cd/E19253-01/816-5177/poll-7d/ のExample(ppollではなくpollの例ですが)など、巷に流通しているコードを見る限りは、struct pollfd構造体のreventsメンバーは呼出元で0に初期化してあげる必要があるようです。

Actions #1

Updated by ngoto (Naohisa Goto) over 7 years ago

  • Status changed from Open to Closed

Applied in changeset r55613.


  • thread.c (rb_wait_for_single_fd): Clean up fds.revents every time
    before calling ppoll(2). [Bug #12575] [ruby-dev:49725]

Updated by usa (Usaku NAKAMURA) over 7 years ago

  • Backport changed from 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN to 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED

Updated by usa (Usaku NAKAMURA) over 7 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: REQUIRED, 2.3: REQUIRED to 2.1: WONTFIX, 2.2: DONE, 2.3: REQUIRED

ruby_2_2 r55924 merged revision(s) 55613.

Updated by nagachika (Tomoyuki Chikanaga) over 7 years ago

  • Backport changed from 2.1: WONTFIX, 2.2: DONE, 2.3: REQUIRED to 2.1: WONTFIX, 2.2: DONE, 2.3: DONE

ruby_2_3 r55957 merged revision(s) 55613.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0