Trunk #1

alexkv · 2010-11-11T11:46:15Z

Added tcp connection closing.
In case of a greate number of requests no close connection led to a bug.

Added tcp connection closing. In case of a greate number of requests no close connection led to a bug.

shyouhei · 2010-11-11T21:18:17Z

Hi. Is there any code to reproduce that bug? I want one (if any) because I just want to write a test case on it.

alexkv · 2010-11-12T07:55:54Z

Hi. You can try this one.

Dummy server:


#!/usr/bin/ruby
require "xmlrpc/server"

s = XMLRPC::Server.new(8080) 
s.add_handler("dummy") do |a|
    'Yeah'
end
s.serve

Client:


#!/usr/bin/ruby

require 'xmlrpc/client'
1000.times{
    result = XMLRPC::Client.new2('http://localhost:8080/').call( 'dummy', ['Are you here?'])
    p result
}

shyouhei · 2010-11-30T09:46:50Z

Hi, we are discussing this. Please stay tuned…

nahi · 2011-06-28T12:29:01Z

Sorry for late reply.

Axy, you can use call_async instead of call for such case (non Keep-Alive TCP connection which is closed per connection.)
Yeah, I think that method name is awfully confusing but we don't want to touch xmlrpc lib as far as possible.

alexkv · 2011-06-28T12:55:40Z

Ok, tnx for the info.

On Tue, Jun 28, 2011 at 1:29 PM, nahi <
[email protected]>wrote:

Sorry for late reply.

Axy, you can use call_async instead of call for such case (non Keep-Alive
TCP connection which is closed per connection.)
Yeah, I think that method name is awfully confusing but we don't want to
touch xmlrpc lib as far as possible.

Reply to this email directly or view it on GitHub:
#1 (comment)

Best regards,

Aleksei Kvitinskii

Basic naive, single-threaded queue implementation. Slow.

id_table.c: simple hash with quadratic probing

Activating the gem puts the gem on the load path, where simply requiring the file will search every gem that's installed until it can find a gem that contains the `did_you_mean` file. Calling RubyGems' `require` will search each installed gem until it can find one that contains the file it should require. This means that the more gems you have installed, the longer it can take to require that gem. To see this in action, lets compare the number of `stat` calls for a "bare require" vs the number of `stat` calls for a require that follows a gem activation by using these two programs: ``` [aaron@TC rubygems (master)]$ cat req_dym.rb begin require 'did_you_mean' rescue LoadError end [aaron@TC rubygems (master)]$ cat gem_dym.rb begin gem 'did_you_mean' require 'did_you_mean' rescue Gem::LoadError, LoadError end ``` The first program just requires the `did_you_mean` gem, where the second one activates the gem, then requires it. We can count the number of `stat` calls using `dtrace`: ``` [aaron@TC rubygems (master)]$ ruby -v ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-darwin15] [aaron@TC rubygems (master)]$ sudo dtrace -q -n 'syscall::stat*:entry { printf("%s\n", copyinstr(arg0)); }' -c`rbenv which ruby`" --disable-did_you_mean req_dym.rb" | wc -l dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 283 [aaron@TC rubygems (master)]$ sudo dtrace -q -n 'syscall::stat*:entry { printf("%s\n", copyinstr(arg0)); }' -c`rbenv which ruby`" --disable-did_you_mean gem_dym.rb" | wc -l dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 13 ``` The "bare require" version does over 10x the number of stat calls compared to the "gem, then require" version. Of course the number for the first one depends on the number of gems you have installed that sort before the `did_you_mean` gem. Lets also look at trunk Ruby: ``` [aaron@TC rubygems (master)]$ ruby -v ruby 2.4.0dev (2016-02-25 trunk 53940) [x86_64-darwin15] [aaron@TC rubygems (master)]$ sudo dtrace -q -n 'syscall::stat*:entry { printf("%s\n", copyinstr(arg0)); }' -c`rbenv which ruby`" --disable-did_you_mean req_dym.rb" | wc -l dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 2325 [aaron@TC rubygems (master)]$ sudo dtrace -q -n 'syscall::stat*:entry { printf("%s\n", copyinstr(arg0)); }' -c`rbenv which ruby`" --disable-did_you_mean gem_dym.rb" | wc -l dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 dtrace: error on enabled probe ID 3 (ID 826: syscall::stat64:entry): invalid user access in action #1 at DIF offset 24 685 ``` This change will reduce the number of `stat` calls on trunk Ruby too, but since this installation doesn't have the `did_you_mean` gem, RubyGems is still reading every gem spec file so that it can raise a `Gem::LoadError` exception with a nice error message. If we can modify RubyGems a little, it may be possible to drop the number of stat calls even on a Ruby installation that doesn't have the `did_you_mean` gem. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Update from original

17+ years passed since standardized in ISO, 8 years since we added AC_HEADER_STDBOOL to configure.in. I'm quite confident that it's already safe to use <stdbool.h>. I understand that when we introduced AC_HEADER_STDBOOL, <stdbool.h> was remain not included because C standard and SVR4 curses conflicted miserably back then (#1). Though I believe such situation has been fixed already(#2), I'm afraid of your operating system might ship a proprietary curses that still conflicts with the standard. So to avoid potential problem, we limit the inclusion to our internal use only. #1 : 1997 version of SUSv2 said bool is "defined though typedef" in <curses.h>, while C99 said bool is a macro, plus in C++ bool is a keyword. AFASIK the curses library has never been a part of POSIX. #2 : In reality ncurses and NetBSD curses both just follow C99 to include <stdbool.h> from <curses.h>. I think C99 is now widely adopted. ---- * internal.h: #include <stdbool.h> if present. That is believed to be the case for 99.9% systems that lives today. Non-C99, non-C++ situations are intentionally left undefined, advised by Motohiro Kosaki. If you have such compiler, please fill the definition appropriately. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

fix SEGV touching uninitialized memory This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized local variable This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) fix SEGV inspecting already freed objects obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) fix SEGV inspecting uninitialized objects obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

fix SEGV touching uninitialized memory This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) check an existence of block. * gc.c (rb_raw_obj_info): check block before using it. * vm_core.h (vm_block_iseq): r61565 introduced NULL check but this check is only needed by `rb_raw_obj_info()` and it is called at GC debug mode. Above fix for `rb_raw_obj_info()` solves this problem and NULL check should not be needed any more. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62095 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

Fix use-after-free in constant cache [Bug #20921] When we create a cache entry for a constant, the following sequence of events could happen: - vm_track_constant_cache is called to insert a constant cache. - In vm_track_constant_cache, we first look up the ST table for the ID of the constant. Assume the ST table exists because another iseq also holds a cache entry for this ID. - We then insert into this ST table with the iseq_inline_constant_cache. - However, while inserting into this ST table, it allocates memory, which could trigger a GC. Assume that it does trigger a GC. - The GC frees the one and only other iseq that holds a cache entry for this ID. - In remove_from_constant_cache, it will appear that the ST table is now empty because there are no more iseq with cache entries for this ID, so we free the ST table. - We complete GC and continue our st_insert. However, this ST table has been freed so we now have a use-after-free. This issue is very hard to reproduce, because it requires that the GC runs at a very specific time. However, we can make it show up by applying this patch which runs GC right before the st_insert to mimic the st_insert triggering a GC: diff --git a/vm_insnhelper.c b/vm_insnhelper.c index 3cb23f0..a93998136a 100644 --- a/vm_insnhelper.c +++ b/vm_insnhelper.c @@ -6338,6 +6338,10 @@ vm_track_constant_cache(ID id, void *ic) rb_id_table_insert(const_cache, id, (VALUE)ics); } + if (id == rb_intern("MyConstant")) rb_gc(); + st_insert(ics, (st_data_t) ic, (st_data_t) Qtrue); } And if we run this script: Object.const_set("MyConstant", "Hello!") my_proc = eval("-> { MyConstant }") my_proc.call my_proc = eval("-> { MyConstant }") my_proc.call We can see that ASAN outputs a use-after-free error: ==36540==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000049528 at pc 0x000102f3ceac bp 0x00016d607a70 sp 0x00016d607a68 READ of size 8 at 0x606000049528 thread T0 #0 0x102f3cea8 in do_hash st.c:321 #1 0x102f3ddd0 in rb_st_insert st.c:1132 #2 0x103140700 in vm_track_constant_cache vm_insnhelper.c:6345 #3 0x1030b91d8 in vm_ic_track_const_chain vm_insnhelper.c:6356 #4 0x1030b8cf8 in rb_vm_opt_getconstant_path vm_insnhelper.c:6424 #5 0x1030bc1e0 in vm_exec_core insns.def:263 #6 0x1030b55fc in rb_vm_exec vm.c:2585 #7 0x1030fe0ac in rb_iseq_eval_main vm.c:2851 #8 0x102a82588 in rb_ec_exec_node eval.c:281 #9 0x102a81fe0 in ruby_run_node eval.c:319 #10 0x1027f3db4 in rb_main main.c:43 #11 0x1027f3bd4 in main main.c:68 #12 0x183900270 (<unknown module>) 0x606000049528 is located 8 bytes inside of 56-byte region [0x606000049520,0x606000049558) freed by thread T0 here: #0 0x104174d40 in free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x54d40) #1 0x102ada89c in rb_gc_impl_free default.c:8183 #2 0x102ada7dc in ruby_sized_xfree gc.c:4507 #3 0x102ac4d34 in ruby_xfree gc.c:4518 #4 0x102f3cb34 in rb_st_free_table st.c:663 #5 0x102bd52d8 in remove_from_constant_cache iseq.c:119 #6 0x102bbe2cc in iseq_clear_ic_references iseq.c:153 #7 0x102bbd2a0 in rb_iseq_free iseq.c:166 #8 0x102b32ed0 in rb_imemo_free imemo.c:564 #9 0x102ac4b44 in rb_gc_obj_free gc.c:1407 #10 0x102af4290 in gc_sweep_plane default.c:3546 #11 0x102af3bdc in gc_sweep_page default.c:3634 #12 0x102aeb140 in gc_sweep_step default.c:3906 #13 0x102aeadf0 in gc_sweep_rest default.c:3978 #14 0x102ae4714 in gc_sweep default.c:4155 #15 0x102af8474 in gc_start default.c:6484 #16 0x102afbe30 in garbage_collect default.c:6363 #17 0x102ad37f0 in rb_gc_impl_start default.c:6816 #18 0x102ad3634 in rb_gc gc.c:3624 #19 0x1031406ec in vm_track_constant_cache vm_insnhelper.c:6342 #20 0x1030b91d8 in vm_ic_track_const_chain vm_insnhelper.c:6356 #21 0x1030b8cf8 in rb_vm_opt_getconstant_path vm_insnhelper.c:6424 #22 0x1030bc1e0 in vm_exec_core insns.def:263 #23 0x1030b55fc in rb_vm_exec vm.c:2585 #24 0x1030fe0ac in rb_iseq_eval_main vm.c:2851 #25 0x102a82588 in rb_ec_exec_node eval.c:281 #26 0x102a81fe0 in ruby_run_node eval.c:319 #27 0x1027f3db4 in rb_main main.c:43 #28 0x1027f3bd4 in main main.c:68 #29 0x183900270 (<unknown module>) previously allocated by thread T0 here: #0 0x104174c04 in malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x54c04) #1 0x102ada0ec in rb_gc_impl_malloc default.c:8198 #2 0x102acee44 in ruby_xmalloc gc.c:4438 #3 0x102f3c85c in rb_st_init_table_with_size st.c:571 #4 0x102f3c900 in rb_st_init_table st.c:600 #5 0x102f3c920 in rb_st_init_numtable st.c:608 #6 0x103140698 in vm_track_constant_cache vm_insnhelper.c:6337 #7 0x1030b91d8 in vm_ic_track_const_chain vm_insnhelper.c:6356 #8 0x1030b8cf8 in rb_vm_opt_getconstant_path vm_insnhelper.c:6424 #9 0x1030bc1e0 in vm_exec_core insns.def:263 #10 0x1030b55fc in rb_vm_exec vm.c:2585 #11 0x1030fe0ac in rb_iseq_eval_main vm.c:2851 #12 0x102a82588 in rb_ec_exec_node eval.c:281 #13 0x102a81fe0 in ruby_run_node eval.c:319 #14 0x1027f3db4 in rb_main main.c:43 #15 0x1027f3bd4 in main main.c:68 #16 0x183900270 (<unknown module>) This commit fixes this bug by adding a inserting_constant_cache_id field to the VM, which stores the ID that is currently being inserted and, in remove_from_constant_cache, we don't free the ST table for ID equal to this one. Co-Authored-By: Alan Wu <[email protected]>

Fix title, repository URL, and license in README

…13231) This change addresses the following ASAN error: ``` ==36597==ERROR: AddressSanitizer: heap-use-after-free on address 0x512000396ba8 at pc 0x7fcad5cbad9f bp 0x7fff19739af0 sp 0x7fff19739ae8 WRITE of size 8 at 0x512000396ba8 thread T0 [643/756] 36600=optparse/test_summary #0 0x7fcad5cbad9e in free_fast_fallback_getaddrinfo_entry /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/raddrinfo.c:3046:22 #1 0x7fcad5c9fb48 in fast_fallback_inetsock_cleanup /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/ipsocket.c:1179:17 #2 0x7fcadf3b611a in rb_ensure /home/runner/work/ruby-dev-builder/ruby-dev-builder/eval.c:1081:5 #3 0x7fcad5c9b44b in rsock_init_inetsock /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/ipsocket.c:1289:20 #4 0x7fcad5ca22b8 in tcp_init /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/tcpsocket.c:76:12 #5 0x7fcadf83ba70 in vm_call0_cfunc_with_frame /home/runner/work/ruby-dev-builder/ruby-dev-builder/./vm_eval.c:164:15 ... ``` A `struct fast_fallback_getaddrinfo_shared` is shared between the main thread and two child threads. This struct contains an array of `fast_fallback_getaddrinfo_entry`. `fast_fallback_getaddrinfo_entry` and `fast_fallback_getaddrinfo_shared` were freed separately, and if `fast_fallback_getaddrinfo_shared` was freed first and then an attempt was made to free a `fast_fallback_getaddrinfo_entry`, a `heap-use-after-free` could occur. This change avoids that possibility by separating the deallocation of the addrinfo memory held by `fast_fallback_getaddrinfo_entry` from the access and lifecycle of the `fast_fallback_getaddrinfo_entry` itself.

[Bug #18119] When we create classes, it pushes the class to the subclass list of the superclass. This access needs to be synchronized because multiple Ractors may be creating classes with the same superclass, which would cause race conditions and cause the linked list to be corrupted. For example, we can reproduce with this script crashing: workers = (0...8).map do Ractor.new do loop do 100.times.map { Class.new } Ractor.yield nil end end end 100.times { Ractor.select(*workers) } With ASAN enabled, we can see that there are use-after-free errors: ==176013==ERROR: AddressSanitizer: heap-use-after-free on address 0x5030000974f0 at pc 0x62f9e56f892d bp 0x7a503f1ffd90 sp 0x7a503f1ffd88 WRITE of size 8 at 0x5030000974f0 thread T4 #0 0x62f9e56f892c in rb_class_remove_from_super_subclasses class.c:149:24 #1 0x62f9e58c9dd2 in rb_gc_obj_free gc.c:1262:9 #2 0x62f9e58f6e19 in gc_sweep_plane gc/default/default.c:3450:21 #3 0x62f9e58f686a in gc_sweep_page gc/default/default.c:3535:13 #4 0x62f9e58f12b4 in gc_sweep_step gc/default/default.c:3810:9 #5 0x62f9e58ed2a7 in gc_sweep gc/default/default.c:4058:13 #6 0x62f9e58fac93 in gc_start gc/default/default.c:6402:13 #7 0x62f9e58e8b69 in heap_prepare gc/default/default.c:2032:13 #8 0x62f9e58e8b69 in heap_next_free_page gc/default/default.c:2255:9 #9 0x62f9e58e8b69 in newobj_cache_miss gc/default/default.c:2362:38 ... 0x5030000974f0 is located 16 bytes inside of 24-byte region [0x5030000974e0,0x5030000974f8) freed by thread T4 here: #0 0x62f9e562f28a in free (miniruby+0x1fd28a) (BuildId: 5ad6d9e7cec8318df6726ea5ce34d3c76d0d0233) #1 0x62f9e58ca2ab in rb_gc_impl_free gc/default/default.c:8102:9 #2 0x62f9e58ca2ab in ruby_sized_xfree gc.c:5029:13 #3 0x62f9e58ca2ab in ruby_xfree gc.c:5040:5 #4 0x62f9e56f88e6 in rb_class_remove_from_super_subclasses class.c:152:9 #5 0x62f9e58c9dd2 in rb_gc_obj_free gc.c:1262:9 #6 0x62f9e58f6e19 in gc_sweep_plane gc/default/default.c:3450:21 #7 0x62f9e58f686a in gc_sweep_page gc/default/default.c:3535:13 #8 0x62f9e58f12b4 in gc_sweep_step gc/default/default.c:3810:9 #9 0x62f9e58ed2a7 in gc_sweep gc/default/default.c:4058:13 ... previously allocated by thread T5 here: #0 0x62f9e562f70d in calloc (miniruby+0x1fd70d) (BuildId: 5ad6d9e7cec8318df6726ea5ce34d3c76d0d0233) #1 0x62f9e58c8e1a in calloc1 gc/default/default.c:1472:12 #2 0x62f9e58c8e1a in rb_gc_impl_calloc gc/default/default.c:8138:5 #3 0x62f9e58c8e1a in ruby_xcalloc_body gc.c:4964:12 #4 0x62f9e58c8e1a in ruby_xcalloc gc.c:4958:34 #5 0x62f9e56f906e in push_subclass_entry_to_list class.c:88:13 #6 0x62f9e56f906e in rb_class_subclass_add class.c:111:38 #7 0x62f9e56f906e in RCLASS_SET_SUPER internal/class.h:257:9 #8 0x62f9e56fca7a in make_metaclass class.c:786:5 #9 0x62f9e59db982 in rb_class_initialize object.c:2101:5

In commit d42b9ff, an optimization was introduced that can speed up Regexp#match by 15% when it matches with strings of different encodings. This optimization, however, does not work across ractors. To fix this, we only use the optimization if no ractors have been started. In the future, we could use atomics for the reference counting if we find it's needed and if it's more performant. The backtrace of the misbehaving native thread: ``` * frame #0: 0x0000000189c94388 libsystem_kernel.dylib`__pthread_kill + 8 frame ruby#1: 0x0000000189ccd88c libsystem_pthread.dylib`pthread_kill + 296 frame ruby#2: 0x0000000189bd6c60 libsystem_c.dylib`abort + 124 frame ruby#3: 0x0000000189adb174 libsystem_malloc.dylib`malloc_vreport + 892 frame ruby#4: 0x0000000189adec90 libsystem_malloc.dylib`malloc_report + 64 frame ruby#5: 0x0000000189ae321c libsystem_malloc.dylib`___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED + 32 frame ruby#6: 0x00000001001c3be4 ruby`onig_free_body(reg=0x000000012d84b660) at regcomp.c:5663:5 frame ruby#7: 0x00000001001ba828 ruby`rb_reg_prepare_re(re=4748462304, str=4748451168) at re.c:1680:13 frame ruby#8: 0x00000001001bac58 ruby`rb_reg_onig_match(re=4748462304, str=4748451168, match=(ruby`reg_onig_search [inlined] rbimpl_RB_TYPE_P_fastpath at value_type.h:349:14 ruby`reg_onig_search [inlined] rbimpl_rstring_getmem at rstring.h:391:5 ruby`reg_onig_search at re.c:1781:5), args=0x000000013824b168, regs=0x000000013824b150) at re.c:1708:20 frame ruby#9: 0x00000001001baefc ruby`rb_reg_search_set_match(re=4748462304, str=4748451168, pos=<unavailable>, reverse=0, set_backref_str=1, set_match=0x0000000000000000) at re.c:1809:27 frame ruby#10: 0x00000001001bae80 ruby`rb_reg_search0(re=<unavailable>, str=<unavailable>, pos=<unavailable>, reverse=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at re.c:1861:12 [artificial] frame ruby#11: 0x0000000100230b90 ruby`rb_pat_search0(pat=<unavailable>, str=<unavailable>, pos=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at string.c:6619:16 [artificial] frame ruby#12: 0x00000001002287f4 ruby`rb_str_sub_bang [inlined] rb_pat_search(pat=4748462304, str=4748451168, pos=0, set_backref_str=1) at string.c:6626:12 frame ruby#13: 0x00000001002287dc ruby`rb_str_sub_bang(argc=1, argv=0x00000001381280d0, str=4748451168) at string.c:6668:11 frame ruby#14: 0x000000010022826c ruby`rb_str_sub ``` You can reproduce this by running: ``` RUBY_TESTOPTS="--name=/test_str_capitalize/" make test-all TESTS=test/ruby/test_m17n.comb ``` However, you need to run it with multiple ractors at once. Co-authored-by: jhawthorn <[email protected]>

In commit d42b9ff, an optimization was introduced that can speed up Regexp#match by 15% when it matches with strings of different encodings. This optimization, however, does not work across ractors. To fix this, we only use the optimization if no ractors have been started. In the future, we could use atomics for the reference counting if we find it's needed and if it's more performant. The backtrace of the misbehaving native thread: ``` * frame #0: 0x0000000189c94388 libsystem_kernel.dylib`__pthread_kill + 8 frame #1: 0x0000000189ccd88c libsystem_pthread.dylib`pthread_kill + 296 frame #2: 0x0000000189bd6c60 libsystem_c.dylib`abort + 124 frame #3: 0x0000000189adb174 libsystem_malloc.dylib`malloc_vreport + 892 frame #4: 0x0000000189adec90 libsystem_malloc.dylib`malloc_report + 64 frame #5: 0x0000000189ae321c libsystem_malloc.dylib`___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED + 32 frame #6: 0x00000001001c3be4 ruby`onig_free_body(reg=0x000000012d84b660) at regcomp.c:5663:5 frame #7: 0x00000001001ba828 ruby`rb_reg_prepare_re(re=4748462304, str=4748451168) at re.c:1680:13 frame #8: 0x00000001001bac58 ruby`rb_reg_onig_match(re=4748462304, str=4748451168, match=(ruby`reg_onig_search [inlined] rbimpl_RB_TYPE_P_fastpath at value_type.h:349:14 ruby`reg_onig_search [inlined] rbimpl_rstring_getmem at rstring.h:391:5 ruby`reg_onig_search at re.c:1781:5), args=0x000000013824b168, regs=0x000000013824b150) at re.c:1708:20 frame #9: 0x00000001001baefc ruby`rb_reg_search_set_match(re=4748462304, str=4748451168, pos=<unavailable>, reverse=0, set_backref_str=1, set_match=0x0000000000000000) at re.c:1809:27 frame #10: 0x00000001001bae80 ruby`rb_reg_search0(re=<unavailable>, str=<unavailable>, pos=<unavailable>, reverse=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at re.c:1861:12 [artificial] frame #11: 0x0000000100230b90 ruby`rb_pat_search0(pat=<unavailable>, str=<unavailable>, pos=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at string.c:6619:16 [artificial] frame #12: 0x00000001002287f4 ruby`rb_str_sub_bang [inlined] rb_pat_search(pat=4748462304, str=4748451168, pos=0, set_backref_str=1) at string.c:6626:12 frame #13: 0x00000001002287dc ruby`rb_str_sub_bang(argc=1, argv=0x00000001381280d0, str=4748451168) at string.c:6668:11 frame #14: 0x000000010022826c ruby`rb_str_sub ``` You can reproduce this by running: ``` RUBY_TESTOPTS="--name=/test_str_capitalize/" make test-all TESTS=test/ruby/test_m17n.comb ``` However, you need to run it with multiple ractors at once. Co-authored-by: jhawthorn <[email protected]>

In commit d42b9ff, an optimization was introduced that can speed up Regexp#match by 15% when it matches with strings of different encodings. This optimization, however, does not work across ractors. To fix this, we only use the optimization if no ractors have been started. In the future, we could use atomics for the reference counting if we find it's needed and if it's more performant. The backtrace of the misbehaving native thread: ``` * frame #0: 0x0000000189c94388 libsystem_kernel.dylib`__pthread_kill + 8 frame ruby#1: 0x0000000189ccd88c libsystem_pthread.dylib`pthread_kill + 296 frame ruby#2: 0x0000000189bd6c60 libsystem_c.dylib`abort + 124 frame ruby#3: 0x0000000189adb174 libsystem_malloc.dylib`malloc_vreport + 892 frame ruby#4: 0x0000000189adec90 libsystem_malloc.dylib`malloc_report + 64 frame ruby#5: 0x0000000189ae321c libsystem_malloc.dylib`___BUG_IN_CLIENT_OF_LIBMALLOC_POINTER_BEING_FREED_WAS_NOT_ALLOCATED + 32 frame ruby#6: 0x00000001001c3be4 ruby`onig_free_body(reg=0x000000012d84b660) at regcomp.c:5663:5 frame ruby#7: 0x00000001001ba828 ruby`rb_reg_prepare_re(re=4748462304, str=4748451168) at re.c:1680:13 frame ruby#8: 0x00000001001bac58 ruby`rb_reg_onig_match(re=4748462304, str=4748451168, match=(ruby`reg_onig_search [inlined] rbimpl_RB_TYPE_P_fastpath at value_type.h:349:14 ruby`reg_onig_search [inlined] rbimpl_rstring_getmem at rstring.h:391:5 ruby`reg_onig_search at re.c:1781:5), args=0x000000013824b168, regs=0x000000013824b150) at re.c:1708:20 frame ruby#9: 0x00000001001baefc ruby`rb_reg_search_set_match(re=4748462304, str=4748451168, pos=<unavailable>, reverse=0, set_backref_str=1, set_match=0x0000000000000000) at re.c:1809:27 frame ruby#10: 0x00000001001bae80 ruby`rb_reg_search0(re=<unavailable>, str=<unavailable>, pos=<unavailable>, reverse=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at re.c:1861:12 [artificial] frame ruby#11: 0x0000000100230b90 ruby`rb_pat_search0(pat=<unavailable>, str=<unavailable>, pos=<unavailable>, set_backref_str=<unavailable>, match=<unavailable>) at string.c:6619:16 [artificial] frame ruby#12: 0x00000001002287f4 ruby`rb_str_sub_bang [inlined] rb_pat_search(pat=4748462304, str=4748451168, pos=0, set_backref_str=1) at string.c:6626:12 frame ruby#13: 0x00000001002287dc ruby`rb_str_sub_bang(argc=1, argv=0x00000001381280d0, str=4748451168) at string.c:6668:11 frame ruby#14: 0x000000010022826c ruby`rb_str_sub ``` You can reproduce this by running: ``` RUBY_TESTOPTS="--name=/test_str_capitalize/" make test-all TESTS=test/ruby/test_m17n.comb ``` However, you need to run it with multiple ractors at once. Co-authored-by: jhawthorn <[email protected]>

…13231) This change addresses the following ASAN error: ``` ==36597==ERROR: AddressSanitizer: heap-use-after-free on address 0x512000396ba8 at pc 0x7fcad5cbad9f bp 0x7fff19739af0 sp 0x7fff19739ae8 WRITE of size 8 at 0x512000396ba8 thread T0 [643/756] 36600=optparse/test_summary #0 0x7fcad5cbad9e in free_fast_fallback_getaddrinfo_entry /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/raddrinfo.c:3046:22 #1 0x7fcad5c9fb48 in fast_fallback_inetsock_cleanup /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/ipsocket.c:1179:17 #2 0x7fcadf3b611a in rb_ensure /home/runner/work/ruby-dev-builder/ruby-dev-builder/eval.c:1081:5 #3 0x7fcad5c9b44b in rsock_init_inetsock /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/ipsocket.c:1289:20 #4 0x7fcad5ca22b8 in tcp_init /home/runner/work/ruby-dev-builder/ruby-dev-builder/ext/socket/tcpsocket.c:76:12 #5 0x7fcadf83ba70 in vm_call0_cfunc_with_frame /home/runner/work/ruby-dev-builder/ruby-dev-builder/./vm_eval.c:164:15 ... ``` A `struct fast_fallback_getaddrinfo_shared` is shared between the main thread and two child threads. This struct contains an array of `fast_fallback_getaddrinfo_entry`. `fast_fallback_getaddrinfo_entry` and `fast_fallback_getaddrinfo_shared` were freed separately, and if `fast_fallback_getaddrinfo_shared` was freed first and then an attempt was made to free a `fast_fallback_getaddrinfo_entry`, a `heap-use-after-free` could occur. This change avoids that possibility by separating the deallocation of the addrinfo memory held by `fast_fallback_getaddrinfo_entry` from the access and lifecycle of the `fast_fallback_getaddrinfo_entry` itself.

`name` is used via `RSTRING_PTR` within rb_str_catf, which may allocate and thus potentially trigger GC. Although `name` is still referenced by a local variable, the compiler might optimize away the reference before the GC sees it, especially under aggressive optimization or when debugging tools like ASAN are used. This patch adds an explicit `RB_GC_GUARD` to ensure `name` is kept alive until after the last use. While it's not certain this is the root cause of the following observed use-after-poison ASAN error, I believe this fix is indeed needed and hopefully a likely candidate for preventing the error. ``` ==1960369==ERROR: AddressSanitizer: use-after-poison on address 0x7ec6a00f1d88 at pc 0x5fb5bcafcf2e bp 0x7ffcc1178cb0 sp 0x7ffcc1178470 READ of size 61 at 0x7ec6a00f1d88 thread T0 #0 0x5fb5bcafcf2d in __asan_memcpy (/tmp/ruby/build/trunk_asan/ruby+0x204f2d) (BuildId: 6d92c84a27b87cfd253c38eeb552593f215ffb3d) ruby#1 0x5fb5bcde1fa5 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10 ruby#2 0x5fb5bcde1fa5 in ruby_nonempty_memcpy /tmp/ruby/src/trunk_asan/include/ruby/internal/memory.h:758:16 ruby#3 0x5fb5bcde1fa5 in ruby__sfvwrite /tmp/ruby/src/trunk_asan/sprintf.c:1083:9 ruby#4 0x5fb5bcde1521 in BSD__sprint /tmp/ruby/src/trunk_asan/vsnprintf.c:318:8 ruby#5 0x5fb5bcde0fbc in BSD_vfprintf /tmp/ruby/src/trunk_asan/vsnprintf.c:1215:3 ruby#6 0x5fb5bcdde4b1 in ruby_vsprintf0 /tmp/ruby/src/trunk_asan/sprintf.c:1164:5 ruby#7 0x5fb5bcddd648 in rb_str_vcatf /tmp/ruby/src/trunk_asan/sprintf.c:1234:5 ruby#8 0x5fb5bcddd648 in rb_str_catf /tmp/ruby/src/trunk_asan/sprintf.c:1245:11 ruby#9 0x5fb5bcf97c67 in location_format /tmp/ruby/src/trunk_asan/vm_backtrace.c:462:9 ruby#10 0x5fb5bcf97c67 in location_to_str /tmp/ruby/src/trunk_asan/vm_backtrace.c:493:12 ruby#11 0x5fb5bcf90a37 in location_to_str_dmyarg /tmp/ruby/src/trunk_asan/vm_backtrace.c:795:12 ruby#12 0x5fb5bcf90a37 in backtrace_collect /tmp/ruby/src/trunk_asan/vm_backtrace.c:786:28 ruby#13 0x5fb5bcf90a37 in backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:804:9 ruby#14 0x5fb5bcf90a37 in rb_backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:816:9 ruby#15 0x5fb5bd335b25 in exc_backtrace /tmp/ruby/src/trunk_asan/error.c:1904:15 ruby#16 0x5fb5bd335b25 in rb_get_backtrace /tmp/ruby/src/trunk_asan/error.c:1924:16 ``` https://ci.rvm.jp/results/trunk_asan@ruby-sp1/5810304

`name` is used via `RSTRING_PTR` within rb_str_catf, which may allocate and thus potentially trigger GC. Although `name` is still referenced by a local variable, the compiler might optimize away the reference before the GC sees it, especially under aggressive optimization or when debugging tools like ASAN are used. This patch adds an explicit `RB_GC_GUARD` to ensure `name` is kept alive until after the last use. While it's not certain this is the root cause of the following observed use-after-poison ASAN error, I believe this fix is indeed needed and hopefully a likely candidate for preventing the error. ``` ==1960369==ERROR: AddressSanitizer: use-after-poison on address 0x7ec6a00f1d88 at pc 0x5fb5bcafcf2e bp 0x7ffcc1178cb0 sp 0x7ffcc1178470 READ of size 61 at 0x7ec6a00f1d88 thread T0 #0 0x5fb5bcafcf2d in __asan_memcpy (/tmp/ruby/build/trunk_asan/ruby+0x204f2d) (BuildId: 6d92c84a27b87cfd253c38eeb552593f215ffb3d) #1 0x5fb5bcde1fa5 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10 #2 0x5fb5bcde1fa5 in ruby_nonempty_memcpy /tmp/ruby/src/trunk_asan/include/ruby/internal/memory.h:758:16 #3 0x5fb5bcde1fa5 in ruby__sfvwrite /tmp/ruby/src/trunk_asan/sprintf.c:1083:9 #4 0x5fb5bcde1521 in BSD__sprint /tmp/ruby/src/trunk_asan/vsnprintf.c:318:8 #5 0x5fb5bcde0fbc in BSD_vfprintf /tmp/ruby/src/trunk_asan/vsnprintf.c:1215:3 #6 0x5fb5bcdde4b1 in ruby_vsprintf0 /tmp/ruby/src/trunk_asan/sprintf.c:1164:5 #7 0x5fb5bcddd648 in rb_str_vcatf /tmp/ruby/src/trunk_asan/sprintf.c:1234:5 #8 0x5fb5bcddd648 in rb_str_catf /tmp/ruby/src/trunk_asan/sprintf.c:1245:11 #9 0x5fb5bcf97c67 in location_format /tmp/ruby/src/trunk_asan/vm_backtrace.c:462:9 #10 0x5fb5bcf97c67 in location_to_str /tmp/ruby/src/trunk_asan/vm_backtrace.c:493:12 #11 0x5fb5bcf90a37 in location_to_str_dmyarg /tmp/ruby/src/trunk_asan/vm_backtrace.c:795:12 #12 0x5fb5bcf90a37 in backtrace_collect /tmp/ruby/src/trunk_asan/vm_backtrace.c:786:28 #13 0x5fb5bcf90a37 in backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:804:9 #14 0x5fb5bcf90a37 in rb_backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:816:9 #15 0x5fb5bd335b25 in exc_backtrace /tmp/ruby/src/trunk_asan/error.c:1904:15 #16 0x5fb5bd335b25 in rb_get_backtrace /tmp/ruby/src/trunk_asan/error.c:1924:16 ``` https://ci.rvm.jp/results/trunk_asan@ruby-sp1/5810304

This change addresses the following ASAN error: ``` ==1973462==ERROR: AddressSanitizer: heap-use-after-free on address 0x5110002117dc at pc 0x749c307c8a65 bp 0x7ffc3af331d0 sp 0x7ffc3af331c8 READ of size 4 at 0x5110002117dc thread T0 #0 0x749c307c8a64 in rb_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:564:14 #1 0x749c307c8a64 in rsock_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1008:21 #2 0x749c307cac48 in rsock_addrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1049:12 #3 0x749c307b10ae in init_inetsock_internal /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:62:23 #4 0x562c5b2e327e in rb_ensure /tmp/ruby/src/trunk_asan/eval.c:1080:18 #5 0x749c307aafd4 in rsock_init_inetsock /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:1318:12 #6 0x749c307b3b78 in tcp_svr_init /tmp/ruby/src/trunk_asan/ext/socket/tcpserver.c:39:12 ``` Fixed to avoid accessing memory that has already been freed after calling `free_getaddrinfo_arg`.

This is notably faster: no need to hash indices. Before: ``` plum% samply record ~/.rubies/ruby-zjit/bin/ruby --zjit benchmarks/getivar.rb ruby 3.5.0dev (2025-07-10T14:40:49Z master 51252ef) +ZJIT dev +PRISM [arm64-darwin24] itr: time #1: 5311ms #2: 49ms #3: 49ms #4: 48ms ``` After: ``` plum% samply record ~/.rubies/ruby-zjit/bin/ruby --zjit benchmarks/getivar.rb ruby 3.5.0dev (2025-07-10T15:09:06Z mb-benchmark-compile 42ffd3c) +ZJIT dev +PRISM [arm64-darwin24] itr: time #1: 1332ms #2: 49ms #3: 48ms #4: 48ms ```

Previously, ZJIT miscompiled the following because of native SP interference. def a(n1,n2,n3,n4,n5,n6,n7,n8) = [n8] a(0,0,0,0,0,0,0, :ok) Commented problematic disassembly: ; call rb_ary_new_capa mov x0, #1 mov x16, #0x1278 movk x16, #0x4bc, lsl #16 movk x16, #1, lsl #32 blr x16 ; call rb_ary_push mov x1, x0 str x1, [sp, #-0x10]! ; c_push() from alloc_regs() mov x0, x1 ; arg0, the array ldur x1, [sp] ; meant to be arg1=n8, but sp just moved! mov x16, #0x3968 movk x16, #0x4bc, lsl #16 movk x16, #1, lsl #32 blr x16 Since the frame pointer stays constant in the body of the function, static offsets based on it don't run the risk of being invalidated by SP movements. Pass the registers to preserve through Insn::FrameSetup. This allows ARM to use STP and waste no gaps between EC, SP, and CFP. x86 now preserves and restores RBP since we use it as the frame pointer. Since all arches now have a frame pointer, remove offset based SP movement in the epilogue and restore registers using the frame pointer.

During Ruby's shutdown, we no longer need to check the fstr of the symbol because we don't use the fstr anymore for freeing the symbol. This can also fix the following ASAN error: ==2721247==ERROR: AddressSanitizer: use-after-poison on address 0x75fa90a627b8 at pc 0x64a7b06fb4bc bp 0x7ffdf95ba9b0 sp 0x7ffdf95ba9a8 READ of size 8 at 0x75fa90a627b8 thread T0 #0 0x64a7b06fb4bb in RB_BUILTIN_TYPE include/ruby/internal/value_type.h:191:30 #1 0x64a7b06fb4bb in rb_gc_shutdown_call_finalizer_p gc.c:357:18 #2 0x64a7b06fb4bb in rb_gc_impl_shutdown_call_finalizer gc/default/default.c:3045:21 #3 0x64a7b06fb4bb in rb_objspace_call_finalizer gc.c:1739:5 #4 0x64a7b06ca1b2 in rb_ec_finalize eval.c:165:5 #5 0x64a7b06ca1b2 in rb_ec_cleanup eval.c:256:5 #6 0x64a7b06c98a3 in ruby_cleanup eval.c:179:12

We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms

We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```

rb_profile_frames() is used by profilers in a way such that it can run on any instruction in the binary, and it crashed previously in the following situation in `RUBY_DEBUG` builds: ``` * thread #1, queue = 'com.apple.main-thread', stop reason = step over frame #0: 0x00000001002827f0 miniruby`vm_make_env_each(ec=0x0000000101866b00, cfp=0x000000080c91bee8) at vm.c:992:74 989 } 990 991 vm_make_env_each(ec, prev_cfp); -> 992 VM_FORCE_WRITE_SPECIAL_CONST(&ep[VM_ENV_DATA_INDEX_SPECVAL], VM_GUARDED_PREV_EP(prev_cfp->ep)); 993 } 994 } 995 else { (lldb) call rb_profile_frames(0, 100, $2, $3) /Users/alan/ruby/vm_core.h:1448: Assertion Failed: VM_ENV_FLAGS:FIXNUM_P(flags) ruby 3.5.0dev (2025-09-23T20:20:04Z master 06b7a70) +PRISM [arm64-darwin25] -- Crash Report log information -------------------------------------------- See Crash Report log file in one of the following locations: * ~/Library/Logs/DiagnosticReports * /Library/Logs/DiagnosticReports for more details. Don't forget to include the above Crash Report log file in bug reports. -- Control frame information ----------------------------------------------- c:0008 p:---- s:0029 e:000028 CFUNC :lambda /Users/alan/ruby/vm_core.h:1448: Assertion Failed: VM_ENV_FLAGS:FIXNUM_P(flags) ruby 3.5.0dev (2025-09-23T20:20:04Z master 06b7a70) +PRISM [arm64-darwin25] -- Crash Report log information -------------------------------------------- <snip> ``` There is a small window where the control frame is invalid and fails the assert. The double crash also shows that in `RUBY_DEBUG` builds, the crash reporter was previously not resilient to corrupt frame state. In release builds, it prints more info. Add unchecked APIs for the crash reporter and profilers so they work as well in `RUBY_DEBUG` builds as non-debug builds.

We need to free the current_block_exits in parse_program when we're done with it to prevent memory leaks. This fixes the following memory leak detected when running Ruby using `RUBY_FREE_AT_EXIT=1 ruby -nc -e "break"`: Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x5bd3c5bc66c8 in realloc (miniruby+0x616c8) (BuildId: ruby/prism@ba6a96e5a060) #1 0x5bd3c5f91fd9 in pm_node_list_grow prism/templates/src/node.c.erb:35:40 #2 0x5bd3c5f91e9d in pm_node_list_append prism/templates/src/node.c.erb:48:9 #3 0x5bd3c6001fa0 in parse_block_exit prism/prism.c:15788:17 #4 0x5bd3c5fee155 in parse_expression_prefix prism/prism.c:19221:50 #5 0x5bd3c5fe9970 in parse_expression prism/prism.c:22235:23 #6 0x5bd3c5fe0586 in parse_statements prism/prism.c:13976:27 #7 0x5bd3c5fd6792 in parse_program prism/prism.c:22508:40 ruby/prism@fdf9b8d24a

When RUBYOPT is invalid, it raises an error which causes moreswitches to leak memory. It can be seen when building with LSAN enabled: $ RUBY_FREE_AT_EXIT=1 RUBYOPT=f ruby ruby: invalid option -f (-h will show valid options) (RuntimeError) Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x618cef8efa23 in malloc (miniruby+0x64a23) #1 0x618cefa0e8d8 in rb_gc_impl_malloc gc/default/default.c:8182:5 #2 0x618cef9f7f01 in ruby_xmalloc2_body gc.c:5182:12 #3 0x618cef9f7eac in ruby_xmalloc2 gc.c:5176:34 #4 0x618cefb547b2 in moreswitches ruby.c:919:18 #5 0x618cefb526fe in process_options ruby.c:2350:9 #6 0x618cefb524ac in ruby_process_options ruby.c:3202:12 #7 0x618cef9dc11f in ruby_options eval.c:119:16 #8 0x618cef8f2fb5 in rb_main main.c:42:26 #9 0x618cef8f2f59 in main main.c:62:12

We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```

We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 #1: 960ms 0 #1: 943ms 0 #2: 979ms 0 #2: 939ms 0 #3: 968ms 0 #3: 948ms 0 #4: 963ms 0 #4: 946ms 0 #5: 964ms 0 #5: 944ms 1 #1: 947ms 1 #1: 940ms 1 #2: 950ms 1 #2: 947ms 1 #3: 962ms 1 #3: 950ms 1 #4: 947ms 1 #4: 945ms 1 #5: 947ms 1 #5: 943ms 2 #1: 1131ms 2 #1: 1005ms 2 #2: 1153ms 2 #2: 996ms 2 #3: 1155ms 2 #3: 1003ms 2 #4: 1205ms 2 #4: 1012ms 2 #5: 1179ms 2 #5: 1012ms 4 #1: 1555ms 4 #1: 1209ms 4 #2: 1509ms 4 #2: 1244ms 4 #3: 1529ms 4 #3: 1254ms 4 #4: 1512ms 4 #4: 1267ms 4 #5: 1513ms 4 #5: 1245ms 6 #1: 2122ms 6 #1: 1584ms 6 #2: 2080ms 6 #2: 1532ms 6 #3: 2079ms 6 #3: 1476ms 6 #4: 2021ms 6 #4: 1463ms 6 #5: 1999ms 6 #5: 1461ms 8 #1: 2741ms 8 #1: 1630ms 8 #2: 2711ms 8 #2: 1632ms 8 #3: 2688ms 8 #3: 1654ms 8 #4: 2641ms 8 #4: 1684ms 8 #5: 2656ms 8 #5: 1752ms ```

We were seeing errors like: * thread ruby#8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame ruby#1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame ruby#2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame ruby#3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame ruby#4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame ruby#5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame ruby#6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame ruby#7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame ruby#8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame ruby#9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame ruby#10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame ruby#11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame ruby#12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame ruby#13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame ruby#14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame ruby#15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame ruby#16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame ruby#17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame ruby#18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame ruby#19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5

We were seeing errors like: ``` * thread ruby#8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame ruby#1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame ruby#2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame ruby#3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame ruby#4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame ruby#5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame ruby#6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame ruby#7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame ruby#8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame ruby#9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame ruby#10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame ruby#11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame ruby#12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame ruby#13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame ruby#14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame ruby#15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame ruby#16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame ruby#17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame ruby#18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame ruby#19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5 ```

We were seeing errors like: ``` * thread #8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame #1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame #2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame #3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame #4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame #5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame #6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame #7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame #8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame #9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame #10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame #11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame #12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame #13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame #14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame #15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame #16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame #17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame #18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame #19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5 ```

We don't decrement the super and module subclasses count for iclasses that are having their classext replaced. This causes the reference count to be incorrect and leak memory. The following script demonstrates the memory leak: module Foo refine(Object) do define_method(:<=) {} end end class Bar include Comparable end With RUBY_FREE_AT_EXIT and ASAN, we can see many memory leaks, including: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x599f715adca2 in calloc (miniruby+0x64ca2) #1 0x599f716bd779 in calloc1 gc/default/default.c:1495:12 #2 0x599f716d1370 in rb_gc_impl_calloc gc/default/default.c:8216:5 #3 0x599f716b8ab1 in ruby_xcalloc_body gc.c:5221:12 #4 0x599f716b269c in ruby_xcalloc gc.c:5215:34 #5 0x599f715eab23 in class_alloc0 class.c:790:22 #6 0x599f715e4bec in class_alloc class.c:836:12 #7 0x599f715e60c9 in module_new class.c:1693:17 #8 0x599f715e60a2 in rb_module_new class.c:1701:12 #9 0x599f715e6303 in rb_define_module class.c:1733:14 #10 0x599f715ebc5f in Init_Comparable compar.c:315:22 #11 0x599f716e35f5 in rb_call_inits inits.c:32:5 #12 0x599f7169cbfd in ruby_setup eval.c:88:9 #13 0x599f7169cdac in ruby_init eval.c:100:17 #14 0x599f715b0fa9 in rb_main main.c:41:5 #15 0x599f715b0f59 in main main.c:62:12 #16 0x739b2f02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #17 0x739b2f02a28a in __libc_start_main csu/../csu/libc-start.c:360:3 #18 0x599f7157c424 in _start (miniruby+0x33424)

These tests use NM threads but NT is not freed for MN thread, causing it to be reported as memory leaks in LSAN. For example: #1 0x62ee7bc67e99 in calloc1 gc/default/default.c:1495:12 #2 0x62ee7bc7ba00 in rb_gc_impl_calloc gc/default/default.c:8216:5 #3 0x62ee7bc631d1 in ruby_xcalloc_body gc.c:5221:12 #4 0x62ee7bc5cdbc in ruby_xcalloc gc.c:5215:34 #5 0x62ee7bdea4c6 in native_thread_alloc thread_pthread.c:2187:35 #6 0x62ee7bdec31b in native_thread_check_and_create_shared thread_pthread_mn.c:429:39 #7 0x62ee7bdea484 in native_thread_create_shared thread_pthread_mn.c:531:12 #8 0x62ee7bdea1da in native_thread_create thread_pthread.c:2403:16 #9 0x62ee7bdde2eb in thread_create_core thread.c:884:11 #10 0x62ee7bde4466 in thread_initialize thread.c:992:16

modified: lib/xmlrpc/client.rb

e3eb024

Added tcp connection closing. In case of a greate number of requests no close connection led to a bug.

shyouhei closed this Jun 29, 2011

andrewmains12 referenced this pull request in andrewmains12/ruby Nov 13, 2012

Merge pull request kevints#1 from maxdjohnson/cs194_master

036d641

Basic naive, single-threaded queue implementation. Slow.

avdi mentioned this pull request Apr 23, 2015

parse.y: add heredoc <<~ syntax (Feature #9098) #878

Closed

funny-falcon referenced this pull request in funny-falcon/ruby Aug 7, 2015

Merge pull request #1 from funny-falcon/mtbl

97c6293

id_table.c: simple hash with quadratic probing

spinute pushed a commit to spinute/ruby that referenced this pull request Sep 5, 2016

Merge pull request ruby#1 from ruby/trunk

373f789

Update from original

trofi mentioned this pull request May 20, 2017

ia64: fix crash on register stack mark/sweep pass #1625

Closed

djberube pushed a commit to djberube/ruby that referenced this pull request Feb 19, 2025

Merge pull request ruby#1 from stomar/readme

9fded44

Fix title, repository URL, and license in README

XrXr mentioned this pull request Sep 24, 2025

Unchecked backtrace APIs for profilers and crash reporter #14648

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Trunk #1

Trunk #1

Uh oh!

alexkv commented Nov 11, 2010

Uh oh!

shyouhei commented Nov 11, 2010

Uh oh!

alexkv commented Nov 12, 2010

Uh oh!

shyouhei commented Nov 30, 2010

Uh oh!

nahi commented Jun 28, 2011

Uh oh!

alexkv commented Jun 28, 2011

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Trunk #1

Trunk #1

Uh oh!

Conversation

alexkv commented Nov 11, 2010

Uh oh!

shyouhei commented Nov 11, 2010

Uh oh!

alexkv commented Nov 12, 2010

Uh oh!

shyouhei commented Nov 30, 2010

Uh oh!

nahi commented Jun 28, 2011

Uh oh!

alexkv commented Jun 28, 2011

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants