Project

General

Profile

Actions

Bug #13319

closed

GC issues seen with GCC7

Added by rguenth (Richard Biener) about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Assignee:
-
Target version:
-
[ruby-core:80188]

Description

It looks like there is a latent GC issue somewhere that I can for example reproduce with ruby 2.3.3 and 2.2.6 when building with -O2 -g.
valgrind reports a lot of cases like

==24537== Invalid read of size 4
==24537==    at 0x4C44E8: node_newnode (parse.y:8799)
==24537==    by 0x4C44E8: ruby_yyparse (parse.y:3894)
==24537==    by 0x4CD4C5: yycompile0 (parse.y:5542)
==24537==    by 0x58527B: rb_suppress_tracing (vm_trace.c:407)
==24537==    by 0x56353A: rb_iseq_compile_with_option (iseq.c:637)
==24537==    by 0x578E79: eval_string_with_cref (vm_eval.c:1339)
==24537==    by 0x579605: eval_under (vm_eval.c:1633)
==24537==    by 0x579605: specific_eval (vm_eval.c:1657)
==24537==    by 0x56A218: vm_call_cfunc_with_frame (vm_insnhelper.c:1642)
==24537==    by 0x56A218: vm_call_cfunc (vm_insnhelper.c:1737)
==24537==    by 0x5719B6: vm_exec_core (insns.def:994)
==24537==    by 0x577AEE: vm_exec (vm.c:1650)
==24537==    by 0x57C86B: invoke_block (vm.c:921)
==24537==    by 0x57C86B: invoke_block_from_c_0 (vm.c:971)
==24537==    by 0x57C86B: invoke_block_from_c_splattable (vm.c:988)
==24537==    by 0x57C86B: vm_yield (vm.c:1023)
==24537==    by 0x57C86B: rb_yield_0 (vm_eval.c:1013)
==24537==    by 0x57C86B: rb_yield_1 (vm_eval.c:1019)
==24537==    by 0x57C86B: rb_yield (vm_eval.c:1029)
==24537==    by 0x41D68B: rb_ary_each (array.c:1815)
==24537==    by 0x56A218: vm_call_cfunc_with_frame (vm_insnhelper.c:1642)
==24537==    by 0x56A218: vm_call_cfunc (vm_insnhelper.c:1737)
==24537==  Address 0x650978c is 172 bytes inside a block of size 272 free'd
==24537==    at 0x4C2D27B: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24537==    by 0x47C1EC: objspace_xfree.isra.73 (gc.c:7716)
==24537==    by 0x47A513: obj_free (gc.c:2156)
==24537==    by 0x47A513: gc_page_sweep (gc.c:3392)
==24537==    by 0x47A513: gc_sweep_step (gc.c:3571)
==24537==    by 0x47AE17: gc_sweep (gc.c:3666)
==24537==    by 0x47CB0D: gc_marks_continue (gc.c:5448)
==24537==    by 0x47CB0D: heap_prepare (gc.c:1639)
==24537==    by 0x47CB0D: heap_get_freeobj_from_next_freepage (gc.c:1657)
==24537==    by 0x47CB0D: heap_get_freeobj (gc.c:1691)
==24537==    by 0x47CB0D: newobj_slowpath (gc.c:1820)
==24537==    by 0x47CB0D: newobj_slowpath_wb_unprotected (gc.c:1838)
==24537==    by 0x47D0F4: newobj_of (gc.c:1864)
==24537==    by 0x47D0F4: rb_node_newnode (gc.c:1900)
==24537==    by 0x4C44E7: node_newnode (parse.y:8798)
==24537==    by 0x4C44E7: ruby_yyparse (parse.y:3894)
==24537==    by 0x4CD4C5: yycompile0 (parse.y:5542)
==24537==    by 0x58527B: rb_suppress_tracing (vm_trace.c:407)
==24537==    by 0x56353A: rb_iseq_compile_with_option (iseq.c:637)
==24537==    by 0x578E79: eval_string_with_cref (vm_eval.c:1339)
==24537==    by 0x579605: eval_under (vm_eval.c:1633)
==24537==    by 0x579605: specific_eval (vm_eval.c:1657)
==24537==  Block was alloc'd at
==24537==    at 0x4C2E065: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==24537==    by 0x47C536: objspace_xcalloc (gc.c:7752)
==24537==    by 0x47C536: ruby_xcalloc (gc.c:7761)
==24537==    by 0x47D73F: rb_data_typed_object_zalloc (gc.c:1961)
==24537==    by 0x4BEC98: rb_parser_new (parse.y:10906)
==24537==    by 0x56351A: rb_iseq_compile_with_option (iseq.c:637)
==24537==    by 0x578E79: eval_string_with_cref (vm_eval.c:1339)
==24537==    by 0x579605: eval_under (vm_eval.c:1633)
==24537==    by 0x579605: specific_eval (vm_eval.c:1657)
==24537==    by 0x56A218: vm_call_cfunc_with_frame (vm_insnhelper.c:1642)
==24537==    by 0x56A218: vm_call_cfunc (vm_insnhelper.c:1737)
==24537==    by 0x5719B6: vm_exec_core (insns.def:994)
==24537==    by 0x577AEE: vm_exec (vm.c:1650)
==24537==    by 0x57C86B: invoke_block (vm.c:921)
==24537==    by 0x57C86B: invoke_block_from_c_0 (vm.c:971)
==24537==    by 0x57C86B: invoke_block_from_c_splattable (vm.c:988)
==24537==    by 0x57C86B: vm_yield (vm.c:1023)
==24537==    by 0x57C86B: rb_yield_0 (vm_eval.c:1013)
==24537==    by 0x57C86B: rb_yield_1 (vm_eval.c:1019)
==24537==    by 0x57C86B: rb_yield (vm_eval.c:1029)
==24537==    by 0x41D68B: rb_ary_each (array.c:1815)
==24537==

suspiciously the blocks are all freed via rb_node_newnode which has a
/* TODO: node also should be wb protected */ comment which looks like
a latent correctness issue?

I have disabled asm SET_MACHINE_STACK_END to no avail (it doesn't look
safe with respect to instruction scheduling).

Without valgrind the issue manifests itself as corrupt glibc heap.
It occurs on x86_64-linux, ppc64le-linux and i586-linux for me.

It does not reproduce (easily) when compiling with -O3 but I suspect
it's related to GC of objects on the stack / kept live via the stack.

Failure during build:

gcc-7 -O2 -g  -L. -fstack-protector -rdynamic -Wl,-export-dynamic -fstack-protector -pie  main.o dmydln.o miniinit.o dmyext.o miniprelude.o array.o bignum.o class.o compar.o complex.o dir.o dln_find.o encoding.o enum.o enumerator.o error.o eval.o load.o proc.o file.o gc.o hash.o inits.o io.o marshal.o math.o node.o numeric.o object.o pack.o parse.o process.o random.o range.o rational.o re.o regcomp.o regenc.o regerror.o regexec.o regparse.o regsyntax.o ruby.o safe.o signal.o sprintf.o st.o strftime.o string.o struct.o symbol.o time.o transcode.o util.o variable.o version.o compile.o debug.o iseq.o vm.o vm_dump.o vm_backtrace.o vm_trace.o thread.o cont.o  enc/ascii.o enc/us_ascii.o enc/unicode.o enc/utf_8.o enc/trans/newline.o explicit_bzero.o setproctitle.o strlcat.o strlcpy.o addr2line.o   -lpthread -lgmp -ldl -lcrypt -lm   -o miniruby
./miniruby -I./lib -I. -I.ext/common  ./tool/generic_erb.rb -c -o encdb.h ./template/encdb.h.tmpl ./enc enc
encdb.h updated
./miniruby -I./lib -I. -I.ext/common  ./tool/mkconfig.rb -timestamp=.rbconfig.time \
        -arch=x86_64-linux -version=2.3.3 \
        -install_name=ruby \
        -so_name=ruby rbconfig.rb
rbconfig.rb updated
./miniruby -I./lib -I. -I.ext/common  ./enc/make_encmake.rb --builtin-encs="enc/ascii.o enc/us_ascii.o enc/unicode.o enc/utf_8.o" --builtin-transes="enc/trans/newline.o" --module  enc.mk
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1747: [BUG] Segmentation fault at 0x0006ba0000000f
ruby 2.3.3p246 (2017-02-14) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0011 p:---- s:0040 e:000039 CFUNC  :module_eval
c:0010 p:0030 s:0034 e:000033 BLOCK  /tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1747 [FINISH]
c:0009 p:---- s:0031 e:000030 CFUNC  :each
c:0008 p:0065 s:0028 e:000027 CLASS  /tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1746
c:0007 p:2099 s:0026 e:000025 CLASS  /tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1741
c:0006 p:0009 s:0024 e:000023 TOP    /tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:88 [FINISH]
c:0005 p:---- s:0022 e:000021 CFUNC  :require
c:0004 p:0017 s:0018 e:000017 TOP    /tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/mkmf.rb:7 [FINISH]
c:0003 p:---- s:0016 e:000015 CFUNC  :load
c:0002 p:0082 s:0012 E:0023e0 EVAL   ./enc/make_encmake.rb:8 [FINISH]
c:0001 p:0000 s:0002 E:0004d0 (none) [FINISH]

-- Ruby level backtrace information ----------------------------------------
./enc/make_encmake.rb:8:in `<main>'
./enc/make_encmake.rb:8:in `load'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/mkmf.rb:7:in `<top (required)>'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/mkmf.rb:7:in `require'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:88:in `<top (required)>'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1741:in `<module:FileUtils>'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1746:in `<module:DryRun>'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1746:in `each'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1747:in `block in <module:DryRun>'
/tmp/home:rguenther:branches:devel:languages:ruby/ruby2.3/ruby-ruby_2_3/lib/fileutils.rb:1747:in `module_eval'

-- Machine register context ------------------------------------------------
 RIP: 0x0000559d83d5272c RBP: 0x00000000000000cf RSP: 0x00007ffe166d5e88
 RAX: 0x0000000000000000 RBX: 0x0000000000008a61 RCX: 0x0000559d85715a10
 RDX: 0x000006ba0000000f RDI: 0x0000559d8570fd40 RSI: 0x0000000000008a61
  R8: 0x0000000000000031  R9: 0x0000559d85715a10 R10: 0x0000000000000000
 R11: 0x0000000000008a61 R12: 0x0000559d85715ef0 R13: 0x00007ffe166d6178
 R14: 0x0000559d83e4f4e0 R15: 0x00007ffe166d5fb2 EFL: 0x0000000000010202

-- C level backtrace information -------------------------------------------
*** Error in `./miniruby': corrupted double-linked list: 0x0000559d8570f7c0 ***

uncommon.mk:654: recipe for target 'enc.mk' failed

Related issues 1 (0 open1 closed)

Is duplicate of Ruby master - Bug #13150: TestMarshal failures on FreeBSD with gcc7 because of GCClosedActions
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0