https://redmine.ruby-lang.org/https://redmine.ruby-lang.org/favicon.ico?17113305112020-04-22T09:49:54ZRuby Issue Tracking SystemRuby master - Bug #16807: Ruby 2.7 segfault loading sources under GC.stresshttps://redmine.ruby-lang.org/issues/16807?journal_id=852502020-04-22T09:49:54Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul></ul><p><code>ID</code> list in <code>NODE_SCOPE</code> seems corrupted.<br>
Maybe a GC compaction related issue?</p> Ruby master - Bug #16807: Ruby 2.7 segfault loading sources under GC.stresshttps://redmine.ruby-lang.org/issues/16807?journal_id=878382020-10-01T11:39:13Zmame (Yusuke Endoh)mame@ruby-lang.org
<ul></ul><p>This issue still reproduces on ruby_2_7 branch, and does not on master.</p>
<p>I investigated the issue. <code>local_tbl()</code> allocates imemo_tmpbuf for a local variable table and returns a pointer to the buffer. And then, <code>node_newnode_with_locals()</code> creates a AST node with the pointer. However, if GC may occur on the allocation of the new NODE, the table is freed, so the NODE contains a dangling pointer, which cause a very rare segfault issue.</p>
<p>I created a patch to fix the issue. But it does not apply to master because the relevant functions have been drastically refactored at 35ba2783fe6b3316a6bbc6f00bf975ad7185d6e0, which also (maybe unknowingly) fixes the issue. So, we may backport the commit to ruby_2_7.</p>
<pre><code class="diff syntaxhl" data-language="diff"><span class="gh">diff --git a/parse.y b/parse.y
index dc9c37555d..7734beecdf 100644
</span><span class="gd">--- a/parse.y
</span><span class="gi">+++ b/parse.y
</span><span class="p">@@ -518,7 +518,7 @@</span> static NODE *symbol_append(struct parser_params *p, NODE *symbols, NODE *symbol)
static NODE *match_op(struct parser_params*,NODE*,NODE*,const YYLTYPE*,const YYLTYPE*);
<span class="gd">-static ID *local_tbl(struct parser_params*);
</span><span class="gi">+static VALUE local_tbl(struct parser_params*);
</span> static VALUE reg_compile(struct parser_params*, VALUE, int);
static void reg_fragment_setenc(struct parser_params*, VALUE, int);
<span class="p">@@ -11819,7 +11819,7 @@</span> local_pop(struct parser_params *p)
}
#ifndef RIPPER
<span class="gd">-static ID*
</span><span class="gi">+static VALUE
</span> local_tbl(struct parser_params *p)
{
int cnt_args = vtable_size(p->lvtbl->args);
<span class="p">@@ -11849,17 +11849,18 @@</span> local_tbl(struct parser_params *p)
buf[cnt + 1] = (ID)tbl;
RB_OBJ_WRITTEN(p->ast, Qnil, tbl);
<span class="gd">- return buf;
</span><span class="gi">+ return tbl;
</span> }
static NODE*
node_newnode_with_locals(struct parser_params *p, enum node_type type, VALUE a1, VALUE a2, const rb_code_location_t *loc)
{
<span class="gd">- ID *a0;
</span> NODE *n;
<span class="gd">- a0 = local_tbl(p);
</span><span class="gi">+ VALUE tbl = local_tbl(p);
+ ID *a0 = tbl ? RB_IMEMO_TMPBUF_PTR(tbl) : 0;
</span> n = NEW_NODE(type, a0, a1, a2, loc);
<span class="gi">+ RB_GC_GUARD(tbl);
</span> return n;
}
</code></pre> Ruby master - Bug #16807: Ruby 2.7 segfault loading sources under GC.stresshttps://redmine.ruby-lang.org/issues/16807?journal_id=878392020-10-01T11:42:39Znagachika (Tomoyuki Chikanaga)nagachika00@gmail.com
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Closed</i></li><li><strong>Backport</strong> changed from <i>2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN</i> to <i>2.5: DONTNEED, 2.6: DONTNEED, 2.7: REQUIRED</i></li></ul><p>Thank you for your report.</p>
<p>It seems that the git:35ba2783fe6b3316a6bbc6f00bf975ad7185d6e0 fixed this issue.<br>
I will backport it to ruby_2_7 branch.</p> Ruby master - Bug #16807: Ruby 2.7 segfault loading sources under GC.stresshttps://redmine.ruby-lang.org/issues/16807?journal_id=878402020-10-01T12:02:27Znagachika (Tomoyuki Chikanaga)nagachika00@gmail.com
<ul><li><strong>Backport</strong> changed from <i>2.5: DONTNEED, 2.6: DONTNEED, 2.7: REQUIRED</i> to <i>2.5: DONTNEED, 2.6: DONTNEED, 2.7: DONE</i></li></ul><p>ruby_2_7 b35bfa6abb7760e4323a4341dff840f59ddcfde1 merged revision(s) 35ba2783fe6b3316a6bbc6f00bf975ad7185d6e0,e8edc34f0abe176b24975a1fed1f2c3782f0a252.</p>