Trunk #2
Closed
Trunk #2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
I think this has been accepted. |
maxdjohnson
referenced
this pull request
in maxdjohnson/ruby
Nov 13, 2012
added locking logic for the global queue
funny-falcon
pushed a commit
to funny-falcon/ruby
that referenced
this pull request
Aug 13, 2015
id_table: some improvements on coalesced and quadratic algos
hsbt
pushed a commit
that referenced
this pull request
Jan 30, 2017
17+ years passed since standardized in ISO, 8 years since we added AC_HEADER_STDBOOL to configure.in. I'm quite confident that it's already safe to use <stdbool.h>. I understand that when we introduced AC_HEADER_STDBOOL, <stdbool.h> was remain not included because C standard and SVR4 curses conflicted miserably back then (#1). Though I believe such situation has been fixed already(#2), I'm afraid of your operating system might ship a proprietary curses that still conflicts with the standard. So to avoid potential problem, we limit the inclusion to our internal use only. #1 : 1997 version of SUSv2 said bool is "defined though typedef" in <curses.h>, while C99 said bool is a macro, plus in C++ bool is a keyword. AFASIK the curses library has never been a part of POSIX. #2 : In reality ncurses and NetBSD curses both just follow C99 to include <stdbool.h> from <curses.h>. I think C99 is now widely adopted. ---- * internal.h: #include <stdbool.h> if present. That is believed to be the case for 99.9% systems that lives today. Non-C99, non-C++ situations are intentionally left undefined, advised by Motohiro Kosaki. If you have such compiler, please fill the definition appropriately. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57460 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
hsbt
pushed a commit
that referenced
this pull request
Jun 6, 2017
Enqueuing multiple errors for one event causes spurious errors down the line, as reported by Nikolay Vashchenko in https://bugs.ruby-lang.org/issues/13632 This should fix bad interactions with test_race_gets_and_close in test/ruby/test_io.rb since we ensure rb_notify_fd_close continues returning the busy flag after enqueuing the interrupt. Backporting changes to 2.4 and earlier releases will be more challenging... * thread.c (rb_notify_fd_close): do not enqueue multiple interrupts [ruby-core:81581] [Bug #13632] * test/ruby/test_io.rb (test_single_exception_on_close): new test based on script from Nikolay git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59028 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jul 8, 2017
vm_core.h: ruby_error_stream_closed * vm_core.h (ruby_special_exceptions): renamed ruby_error_closed_stream as ruby_error_stream_closed, like the message. speed up IO#close with many threads Today, it increases IO#close performance with many threads: Execution time (sec) name trunk after vm_thread_close 4.276 3.018 Speedup ratio: compare with the result of `trunk' (greater is better) name after vm_thread_close 1.417 This speedup comes because rb_notify_fd_close only scans threads inside rb_thread_io_blocking_region, not all threads in the VM. In the future, this type data structure may allow us to notify waiters of multiple FDs on a single thread (when using Fibers). * thread.c (struct waiting_fd): declare (rb_thread_io_blocking_region): use on-stack list waiter (rb_notify_fd_close): walk vm->waiting_fds instead (call_without_gvl): remove old field setting (th_init): ditto * vm_core.h (typedef struct rb_vm_struct): add waiting_fds list * (typedef struct rb_thread_struct): remove waiting_fd field (rb_vm_living_threads_init): initialize waiting_fds list I am now kicking myself for not thinking about this 3 years ago when I introduced ccan/list in [Feature #9632] to optimize this same function :< IO#close: do not enqueue redundant interrupts (take #2) Enqueuing multiple errors for one event causes spurious errors down the line, as reported by Nikolay Vashchenko in https://bugs.ruby-lang.org/issues/13632 This should fix bad interactions with test_race_gets_and_close in test/ruby/test_io.rb since we ensure rb_notify_fd_close continues returning the busy flag after enqueuing the interrupt. Backporting changes to 2.4 and earlier releases will be more challenging... * thread.c (rb_notify_fd_close): do not enqueue multiple interrupts [ruby-core:81581] [Bug #13632] * test/ruby/test_io.rb (test_single_exception_on_close): new test based on script from Nikolay git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59286 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 2, 2018
obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 18, 2018
obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 24, 2018
fix SEGV touching uninitialized memory This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized local variable This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) fix SEGV inspecting already freed objects obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) fix SEGV inspecting uninitialized objects obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62023 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Jan 29, 2018
fix SEGV touching uninitialized memory This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) check an existence of block. * gc.c (rb_raw_obj_info): check block before using it. * vm_core.h (vm_block_iseq): r61565 introduced NULL check but this check is only needed by `rb_raw_obj_info()` and it is called at GC debug mode. Above fix for `rb_raw_obj_info()` solves this problem and NULL check should not be needed any more. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62095 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Feb 16, 2018
This is reported by @hasimo. Fixing a case like this: #0 __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 #1 0x00007fc7bd824dbd in __GI___pthread_mutex_lock (mutex=mutex@entry=0x55946d294440 <mjit_engine_mutex>) at ../nptl/pthread_mutex_lock.c:80 4 #2 0x000055946cec54d9 in rb_native_mutex_lock (lock=lock@entry=0x55946d294440 <mjit_engine_mutex>) at thread_pthread.c:211 #3 0x000055946cde10ca in CRITICAL_SECTION_START (msg=0x55946cfb5423 "mjit_gc_start_hook", level=4) at mjit.c:392 #4 mjit_gc_start_hook () at mjit.c:412 #5 0x000055946cda0dfe in gc_enter (event=0x55946cfaf91e "gc_rest", objspace=0x55946da51760) at gc.c:6623 #6 gc_rest (objspace=objspace@entry=0x55946da51760) at gc.c:6515 #7 0x000055946cd9f1cf in gc_rest (objspace=0x55946da51760) at gc.c:7841 #8 objspace_malloc_increase (objspace=objspace@entry=0x55946da51760, new_size=<optimized out>, old_size=old_size@entry=0, type=type@entry=MEMOP_TYPE_MALLOC, mem=0x7fc7a4439010) at gc.c:7842 #9 0x000055946cda1706 in objspace_malloc_fixup (size=<optimized out>, mem=0x7fc7a4439010, objspace=0x55946da51760) at gc.c:7910 #10 objspace_xmalloc0 (objspace=0x55946da51760, size=<optimized out>, size@entry=3145728) at gc.c:7939 #11 0x000055946cda3620 in ruby_xmalloc0 (size=3145728) at gc.c:8006 #12 ruby_xmalloc (size=size@entry=3145728) at gc.c:8015 #13 0x000055946ce93f4c in st_init_table_with_size (type=0x55946d28da30 <objhash>, size=<optimized out>) at st.c:602 #14 0x000055946ce94287 in rebuild_table (tab=tab@entry=0x55946db669f0) at st.c:777 #15 0x000055946ce963f7 in rebuild_table_if_necessary (tab=0x55946db669f0) at st.c:1139 #16 st_add_direct_with_hash (hash=8577035585096733536, value=20, key=808451, tab=0x55946db669f0) at st.c:1207 #17 st_update (tab=0x55946db669f0, key=key@entry=808451, func=<optimized out>, arg=140726472841392) at st.c:1512 #18 0x000055946cda9e27 in tbl_update (optional_arg=<optimized out>, func=<optimized out>, key=<optimized out>, hash=<optimized out>) at hash.c:561 #19 rb_hash_aset (hash=94095983218480, key=key@entry=808451, val=val@entry=20) at hash.c:1654 #20 0x000055946cde243a in mjit_add_class_serial (class_serial=class_serial@entry=404225) at mjit.c:1414 3 #21 0x000055946cefcfab in rb_next_class_serial () at vm.c:321 #22 0x000055946cf48324 in class_alloc (klass=<optimized out>, flags=28) at class.c:178 #23 rb_include_class_new (module=module@entry=94096115733840, super=0) at class.c:820 #24 0x000055946cf487ac in include_modules_at (klass=klass@entry=94096135960920, c=<optimized out>, module=<optimized out>, module@entry=94096115734160, search_super=search_super@entry=1) at class.c:913 #25 0x000055946cf48ac8 in rb_include_module (klass=94096135960920, module=module@entry=94096115734160) at class.c:870 #26 0x000055946cd84993 in rb_mod_append_features (module=94096115734160, include=<optimized out>) at eval.c:1178 #27 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6c9a20, cc=0x7ffd6f6c9ba0, argv=0x7ffd6f6c9ba0, calling=0x7ffd6f6c9a30, ec=0x55946da519c8) at vm_eval.c:87 #28 vm_call0_cfunc (argv=0x7ffd6f6c9ba0, cc=0x7ffd6f6c9ba0, ci=0x7ffd6f6c9a20, calling=0x7ffd6f6c9a30, ec=0x55946da519c8) at vm_eval.c:102 #29 vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6c9ae0, ci=ci@entry=0x7ffd6f6c9ad0, cc=cc@entry=0x7ffd6f6c9b00, argv=argv@entry=0x7ffd6f6c9ba0) at vm_eval.c:133 #30 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6c9ba0, argc=1, id=4849, recv=94096115734160, ec=0x55946da519c8) at vm_eval.c:60 #31 rb_call0 (ec=0x55946da519c8, recv=94096115734160, mid=4849, mid@entry=94096135960920, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6c9ba0, scope=scope@entry=CALL_FCALL, self=94096135960920) at vm_eval.c:302 #32 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x7ffd6f6c9ba0, argc=1, mid=94096135960920, recv=<optimized out>) at vm_eval.c:595 #33 rb_funcallv (recv=<optimized out>, mid=mid@entry=4849, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6c9ba0) at vm_eval.c:825 #34 0x000055946cd848a7 in rb_mod_include (argc=0, argv=0x7fc7bdb4fce8, module=94096135960920) at eval.c:1203 #35 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594710c06b0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4df00, ec=0x55946da519c8) at vm_insnhelper.c:1928 #36 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4df00, calling=<optimized out>, ci=0x5594710c06b0, cc=<optimized out>) at vm_insnhelper.c:1944 #37 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #38 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #39 0x000055946cf035fc in invoke_block (captured=0x7ffd6f6ca0a0, opt_pc=<optimized out>, type=<optimized out>, cref=0x559476c23930, self=94096135960920, iseq=0x559471335ee0, ec=0x55946da519c8) at vm.c:1005 #40 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7ffd6f6ca0a0, self=94096135960920, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x559476c23930, is_lambda=0) at vm.c:1057 #41 0x000055946cf04520 in invoke_block_from_c_bh (ec=ec@entry=0x55946da519c8, block_handler=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108, cref=<optimized out>, is_lambda=<optimized out>, is_lambda@entry=0, force_blockarg=0, passed_block_handler=0) at vm.c:1075 #42 0x000055946cf04958 in vm_yield_with_cref (is_lambda=0, cref=<optimized out>, argv=0x7ffd6f6ca108, argc=1, ec=0x55946da519c8) at vm.c:1112 #43 yield_under (under=94096135960920, self=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108) at vm_eval.c:1572 #44 0x000055946cf04b12 in rb_mod_module_exec (argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108, mod=<optimized out>) at vm_eval.c:1770 #45 0x000055946ce00fc6 in rb_mod_initialize (module=94096135960920) at object.c:1978 #46 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6ca130, cc=0x7fc7bdb4fc98, argv=0x7fc7bdb4fc98, calling=0x7ffd6f6ca140, ec=0x55946da519c8) at vm_eval.c:87 #47 vm_call0_cfunc (argv=0x7fc7bdb4fc98, cc=0x7fc7bdb4fc98, ci=0x7ffd6f6ca130, calling=0x7ffd6f6ca140, ec=0x55946da519c8) at vm_eval.c:102 #48 vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6ca1f0, ci=ci@entry=0x7ffd6f6ca1e0, cc=cc@entry=0x7ffd6f6ca210, argv=argv@entry=0x7fc7bdb4fc98) at vm_eval.c:133 #49 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7fc7bdb4fc98, argc=0, id=3057, recv=94096135960920, ec=0x55946da519c8) at vm_eval.c:60 #50 rb_call0 (ec=0x55946da519c8, recv=recv@entry=94096135960920, mid=mid@entry=3057, argc=argc@entry=3057, argv=argv@entry=0x0, scope=scope@entry=CALL_FCALL, self=94095983466120) at vm_eval.c:302 #51 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x0, argc=3057, mid=3057, recv=94096135960920) at vm_eval.c:595 #52 rb_funcallv (recv=recv@entry=94096135960920, mid=mid@entry=3057, argc=argc@entry=0, argv=argv@entry=0x7fc7bdb4fc98) at vm_eval.c:825 #53 0x000055946cd89673 in rb_obj_call_init (obj=obj@entry=94096135960920, argc=argc@entry=0, argv=argv@entry=0x7fc7bdb4fc98) at eval.c:1590 #54 0x000055946ce048a1 in rb_class_s_new (argc=0, argv=0x7fc7bdb4fc98, klass=<optimized out>) at object.c:2153 #55 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x559471339c80, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4dfa8, ec=0x55946da519c8) at vm_insnhelper.c:1928 #56 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4dfa8, calling=<optimized out>, ci=0x559471339c80, cc=<optimized out>) at vm_insnhelper.c:1944 #57 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #58 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #59 0x000055946cf03274 in invoke_bmethod (ec=ec@entry=0x55946da519c8, iseq=iseq@entry=0x55946f15cbc0, self=self@entry=94096115734640, me=me@entry=0x559475664e28, type=type@entry=572653825, opt_pc=0, captured=0x55947158e8a0) at vm.c:1026 #60 0x000055946cf03534 in invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x55947158e8a0, self=94096115734640, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=1) at vm.c:1060 #61 0x000055946cf036ce in invoke_block_from_c_proc (ec=<optimized out>, proc=<optimized out>, self=<optimized out>, argc=1, argv=<optimized out>, passed_block_handler=<optimized out>, is_lambda=<optimized out>) at vm.c:1150 #62 0x000055946cf03811 in vm_invoke_bmethod (block_handler=<optimized out>, argv=<optimized out>, argc=1, self=<optimized out>, proc=<optimized out>, ec=0x55946da519c8) at vm.c:1175 #63 vm_call_bmethod_body (ci=<optimized out>, cc=0x55946f625960, argv=<optimized out>, calling=0x7ffd6f6ca9b0, ec=0x55946da519c8) at vm_insnhelper.c:1971 #64 vm_call_bmethod (ec=0x55946da519c8, cfp=0x7fc7bdc4e0c0, calling=0x7ffd6f6ca9b0, ci=<optimized out>, cc=0x55946f625960) at vm_insnhelper.c:1988 #65 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e0c0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #66 0x000055946cf0e63e in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:797 #67 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #68 0x000055946cf06767 in vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6cad00, ci=ci@entry=0x7ffd6f6cacf0, cc=cc@entry=0x7ffd6f6cad20, argv=argv@entry=0x7ffd6f6cadb0) at vm_eval.c:129 #69 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6cadb0, argc=1, id=3681, recv=94096115734640, ec=0x55946da519c8) at vm_eval.c:60 #70 rb_call0 (ec=0x55946da519c8, recv=recv@entry=94096115734640, mid=3681, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cad90, scope=scope@entry=CALL_FCALL, self=94095983452880) at vm_eval.c:302 #71 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x7ffd6f6cad90, argc=1, mid=<optimized out>, recv=94096115734640) at vm_eval.c:595 #72 rb_funcallv (recv=recv@entry=94096115734640, mid=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cadb0) at vm_eval.c:825 #73 0x000055946cf477d2 in rb_class_inherited (super=super@entry=94096115734640, klass=klass@entry=94096135961440) at class.c:625 #74 0x000055946cf0f796 in vm_declare_class (super=<optimized out>, cbase=94096094868200, flags=<optimized out>, id=847387) at vm_insnhelper.c:3134 #75 vm_define_class (super=<optimized out>, cbase=<optimized out>, flags=<optimized out>, id=847387) at vm_insnhelper.c:3167 #76 vm_find_or_create_class_by_id (super=<optimized out>, cbase=<optimized out>, flags=<optimized out>, id=847387) at vm_insnhelper.c:3196 #77 vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:685 #78 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #79 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x559471f1b548) at vm.c:2046 #80 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94096135872160, wrap=wrap@entry=0) at load.c:611 #81 0x000055946cdd41f1 in rb_require_internal (fname=94096135872400, fname@entry=94096135872440, safe=0) at load.c:992 #82 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94096135872440) at load.c:1038 #83 rb_f_require (obj=<optimized out>, fname=94096135872440) at load.c:820 #84 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594708700a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e168, ec=0x55946da519c8) at vm_insnhelper.c:1928 #85 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e168, calling=<optimized out>, ci=0x5594708700a0, cc=<optimized out>) at vm_insnhelper.c:1944 #86 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e168, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #87 0x000055946cf0e63e in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:797 #88 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #89 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4e490, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94096096426480, iseq=0x55946e49f0b8, ec=0x55946da519c8) at vm.c:1005 #90 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4e490, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 #91 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 #92 vm_yield (argc=1, argv=0x7ffd6f6cb938, ec=<optimized out>) at vm.c:1120 #93 rb_yield_0 (argv=0x7ffd6f6cb938, argc=1) at vm_eval.c:980 #94 rb_yield_1 (val=94096130169040) at vm_eval.c:986 #95 rb_yield (val=<optimized out>) at vm_eval.c:996 #96 0x000055946cf2113d in rb_ary_each (ary=94096076222560) at array.c:1820 #97 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946ed0d090, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e478, ec=0x55946da519c8) at vm_insnhelper.c:1928 #98 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e478, calling=<optimized out>, ci=0x55946ed0d090, cc=<optimized out>) at vm_insnhelper.c:1944 #99 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #100 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #101 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4e500, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94096096426480, iseq=0x55946e49f298, ec=0x55946da519c8) at vm.c:1005 #102 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4e500, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 #103 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 #104 vm_yield (argc=1, argv=0x7ffd6f6cbdf8, ec=<optimized out>) at vm.c:1120 #105 rb_yield_0 (argv=0x7ffd6f6cbdf8, argc=1) at vm_eval.c:980 #106 rb_yield_1 (val=94096095502480) at vm_eval.c:986 #107 rb_yield (val=<optimized out>) at vm_eval.c:996 #108 0x000055946cf2113d in rb_ary_each (ary=94096095328480) at array.c:1820 #109 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e8552a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e4e8, ec=0x55946da519c8) at vm_insnhelper.c:1928 #110 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e4e8, calling=<optimized out>, ci=0x55946e8552a0, cc=<optimized out>) at vm_insnhelper.c:1944 #111 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #112 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #113 0x000055946cf06767 in vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6cc2d0, ci=ci@entry=0x7ffd6f6cc2c0, cc=cc@entry=0x7ffd6f6cc2f0, argv=argv@entry=0x7ffd6f6cc390) at vm_eval.c:129 #114 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6cc390, argc=0, id=135807, recv=94096096186440, ec=0x55946da519c8) at vm_eval.c:60 #115 rb_call0 (ec=0x55946da519c8, recv=94096096186440, mid=135807, argc=<optimized out>, argv=argv@entry=0x8, scope=scope@entry=CALL_PUBLIC, self=94095993048320) at vm_eval.c:302 #116 0x000055946cf0a31a in rb_call (scope=CALL_PUBLIC, argv=0x8, argc=<optimized out>, mid=<optimized out>, recv=<optimized out>) at vm_eval.c:595 #117 rb_funcall_with_block (recv=<optimized out>, mid=<optimized out>, argc=argc@entry=0, argv=argv@entry=0x7ffd6f6cc390, passed_procval=passed_procval@entry=8) at vm_eval.c:857 #118 0x000055946ceb319c in rb_sym_proc_call (mid=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cc388, passed_proc=passed_proc@entry=8) at string.c:10480 #119 0x000055946cf0477c in vm_yield_with_symbol (block_handler=0, argv=0x7ffd6f6cc388, argc=1, symbol=<optimized out>, ec=<optimized out>) at vm_insnhelper.c:2573 #120 invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1084 #121 vm_yield (argc=1, argv=0x7ffd6f6cc388, ec=<optimized out>) at vm.c:1120 #122 rb_yield_0 (argv=0x7ffd6f6cc388, argc=1) at vm_eval.c:980 #123 rb_yield_1 (val=94096096186440) at vm_eval.c:986 #124 rb_yield (val=<optimized out>) at vm_eval.c:996 #125 0x000055946cf2113d in rb_ary_each (ary=94095993048320) at array.c:1820 #126 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594744d8280, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e590, ec=0x55946da519c8) at vm_insnhelper.c:1928 #127 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e590, calling=<optimized out>, ci=0x5594744d8280, cc=<optimized out>) at vm_insnhelper.c:1944 #128 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e590, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #129 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #130 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #131 0x000055946cf035fc in invoke_block (captured=0x7ffd6f6cc8e0, opt_pc=<optimized out>, type=<optimized out>, cref=0x559474604128, self=94096096426480, iseq=0x5594745027e8, ec=0x55946da519c8) at vm.c:1005 #132 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7ffd6f6cc8e0, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x559474604128, is_lambda=0) at vm.c:1057 #133 0x000055946cf04520 in invoke_block_from_c_bh (ec=ec@entry=0x55946da519c8, block_handler=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7fc7bdb4f7f8, cref=<optimized out>, is_lambda=<optimized out>, is_lambda@entry=0, force_blockarg=0, passed_block_handler=0) at vm.c:1075 #134 0x000055946cf04958 in vm_yield_with_cref (is_lambda=0, cref=<optimized out>, argv=0x7fc7bdb4f7f8, argc=1, ec=0x55946da519c8) at vm.c:1112 #135 yield_under (under=94096093646040, self=<optimized out>, argc=1, argv=0x7fc7bdb4f7f8) at vm_eval.c:1572 #136 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e5cd230, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e600, ec=0x55946da519c8) at vm_insnhelper.c:1928 #137 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e600, calling=<optimized out>, ci=0x55946e5cd230, cc=<optimized out>) at vm_insnhelper.c:1944 #138 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #139 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #140 0x000055946cf035fc in invoke_block (captured=0x5594744c4fb0, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94095990659320, iseq=0x55946e192aa0, ec=0x55946da519c8) at vm.c:1005 #141 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x5594744c4fb0, self=94095990659320, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 #142 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 #143 vm_yield (argc=1, argv=0x7ffd6f6ccdc8, ec=<optimized out>) at vm.c:1120 #144 rb_yield_0 (argv=0x7ffd6f6ccdc8, argc=1) at vm_eval.c:980 #145 rb_yield_1 (val=94096094867920) at vm_eval.c:986 #146 rb_yield (val=<optimized out>) at vm_eval.c:996 #147 0x000055946cf2113d in rb_ary_each (ary=94096094867160) at array.c:1820 #148 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6cce00, cc=0x7ffd6f6cce70, argv=0x7fc7bdb4f6b8, calling=0x7ffd6f6cce50, ec=0x55946da519c8) at vm_eval.c:87 #149 vm_call0_cfunc (argv=0x7fc7bdb4f6b8, cc=0x7ffd6f6cce70, ci=0x7ffd6f6cce00, calling=0x7ffd6f6cce50, ec=0x55946da519c8) at vm_eval.c:102 #150 vm_call0_body (ec=0x55946da519c8, calling=calling@entry=0x7ffd6f6ccec0, ci=ci@entry=0x7ffd6f6cceb0, cc=cc@entry=0x7ffd6f6ccee0, argv=0x7fc7bdb4f6b8) at vm_eval.c:133 #151 0x000055946cf06c50 in vm_call0 (me=<optimized out>, argv=<optimized out>, argc=<optimized out>, id=<optimized out>, recv=<optimized out>, ec=<optimized out>) at vm_eval.c:60 #152 rb_vm_call (ec=<optimized out>, recv=<optimized out>, id=<optimized out>, argc=<optimized out>, argv=<optimized out>, me=<optimized out>) at vm_eval.c:209 #153 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946dba2780, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e7c0, ec=0x55946da519c8) at vm_insnhelper.c:1928 #154 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e7c0, calling=<optimized out>, ci=0x55946dba2780, cc=<optimized out>) at vm_insnhelper.c:1944 #155 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e7c0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #156 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #157 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #158 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946dfed3a8) at vm.c:2046 #159 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095988939080, wrap=wrap@entry=0) at load.c:611 #160 0x000055946cdd41f1 in rb_require_internal (fname=94095988939160, fname@entry=94095988939200, safe=0) at load.c:992 #161 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94095988939200) at load.c:1038 #162 rb_f_require (obj=<optimized out>, fname=94095988939200) at load.c:820 #163 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946dffa920, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e948, ec=0x55946da519c8) at vm_insnhelper.c:1928 #164 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e948, calling=<optimized out>, ci=0x55946dffa920, cc=<optimized out>) at vm_insnhelper.c:1944 #165 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e948, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #166 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #167 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #168 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946dfee438) at vm.c:2046 #169 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993039280, wrap=wrap@entry=0) at load.c:611 #170 0x000055946cdd41f1 in rb_require_internal (fname=fname@entry=94095993043840, safe=0) at load.c:992 #171 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94095993043840) at load.c:1038 #172 rb_f_require (obj=<optimized out>, fname=94095993043840) at load.c:820 #173 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946ea12160, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e9b8, ec=0x55946da519c8) at vm_insnhelper.c:1928 #174 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e9b8, calling=<optimized out>, ci=0x55946ea12160, cc=<optimized out>) at vm_insnhelper.c:1944 #175 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e9b8, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #176 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #177 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #178 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e3d7c48) at vm.c:2046 #179 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095988920840, wrap=<optimized out>) at load.c:611 #180 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095988920840) at load.c:642 #181 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 #182 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e7c96e0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ea28, ec=0x55946da519c8) at vm_insnhelper.c:1928 #183 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ea28, calling=<optimized out>, ci=0x55946e7c96e0, cc=<optimized out>) at vm_insnhelper.c:1944 #184 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ea28, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #185 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #186 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 #187 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4eae8, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94095998891400, iseq=0x55946e4dae10, ec=0x55946da519c8) at vm.c:1005 #188 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4eae8, self=94095998891400, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 #189 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 #190 vm_yield (argc=1, argv=0x7ffd6f6ce8e8, ec=<optimized out>) at vm.c:1120 #191 rb_yield_0 (argv=0x7ffd6f6ce8e8, argc=1) at vm_eval.c:980 #192 rb_yield_1 (val=94095988924840) at vm_eval.c:986 #193 rb_yield (val=<optimized out>) at vm_eval.c:996 #194 0x000055946cf2113d in rb_ary_each (ary=94095988920960) at array.c:1820 #195 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e421000, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ead0, ec=0x55946da519c8) at vm_insnhelper.c:1928 #196 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ead0, calling=<optimized out>, ci=0x55946e421000, cc=<optimized out>) at vm_insnhelper.c:1944 #197 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ead0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #198 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 #199 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #200 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e35f2c0) at vm.c:2046 #201 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095992643280, wrap=<optimized out>) at load.c:611 #202 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095992643280) at load.c:642 #203 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 #204 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e24bb20, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ec58, ec=0x55946da519c8) at vm_insnhelper.c:1928 #205 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ec58, calling=<optimized out>, ci=0x55946e24bb20, cc=<optimized out>) at vm_insnhelper.c:1944 #206 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ec58, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #207 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #208 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #209 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e3a7390) at vm.c:2046 #210 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993616120, wrap=<optimized out>) at load.c:611 #211 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095993616120) at load.c:642 #212 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 #213 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e6a00d0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ecc8, ec=0x55946da519c8) at vm_insnhelper.c:1928 #214 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ecc8, calling=<optimized out>, ci=0x55946e6a00d0, cc=<optimized out>) at vm_insnhelper.c:1944 #215 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ecc8, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #216 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #217 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #218 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e470100) at vm.c:2046 #219 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993672200, wrap=<optimized out>) at load.c:611 #220 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095993672200) at load.c:642 #221 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 #222 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e3306a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4efa0, ec=0x55946da519c8) at vm_insnhelper.c:1928 #223 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4efa0, calling=<optimized out>, ci=0x55946e3306a0, cc=<optimized out>) at vm_insnhelper.c:1944 #224 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4efa0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 #225 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 #226 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 #227 0x000055946cf119d5 in rb_iseq_eval_main (iseq=iseq@entry=0x55946e4bbba0) at vm.c:2057 #228 0x000055946cd83d54 in ruby_exec_internal (n=0x55946e4bbba0) at eval.c:247 #229 0x000055946cd87fdf in ruby_exec_node (n=0x55946e4bbba0) at eval.c:311 #230 ruby_run_node (n=<optimized out>) at eval.c:303 #231 0x000055946cd831bf in main (argc=22, argv=0x7ffd6f6d0148) at ./main.c:42 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Mar 19, 2018
fix SEGV touching uninitialized memory This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame #14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame #15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame #16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame #14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame #15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame #16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized local variable This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame #14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame #15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame #16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame #17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame #18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) fix SEGV inspecting already freed objects obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame #14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame #15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame #16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame #17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame #18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame #19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame #21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame #22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame #23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame #24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame #25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame #26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame #27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame #28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame #29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame #30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame #31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame #32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame #33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame #34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame #37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame #38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame #39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame #40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame #41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame #42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame #43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame #44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame #45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame #46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame #47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame #48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame #49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame #50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame #51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame #53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame #54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame #55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame #56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) fix SEGV inspecting uninitialized objects obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame #16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame #17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame #18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame #19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame #21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame #22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame #23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame #24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame #25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame #26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame #27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame #28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame #29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame #30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame #31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame #32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame #35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame #36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame #37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame #38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame #39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame #40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame #41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame #42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame #43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame #44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame #45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame #46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame #47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame #48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame #49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame #50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame #51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@62850 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
matzbot
pushed a commit
that referenced
this pull request
Mar 20, 2018
fix SEGV touching uninitialized memory This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame #14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame #15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) fix SEGV touching uninitialized memory This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame #14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame #15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame #16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame #17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame #18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame #19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame #21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame #22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame #23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame #24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame #25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame #26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame #27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) check an existence of block. * gc.c (rb_raw_obj_info): check block before using it. * vm_core.h (vm_block_iseq): r61565 introduced NULL check but this check is only needed by `rb_raw_obj_info()` and it is called at GC debug mode. Above fix for `rb_raw_obj_info()` solves this problem and NULL check should not be needed any more. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@62864 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
mame
added a commit
that referenced
this pull request
Jun 30, 2025
`name` is used via `RSTRING_PTR` within rb_str_catf, which may allocate
and thus potentially trigger GC. Although `name` is still referenced
by a local variable, the compiler might optimize away the reference
before the GC sees it, especially under aggressive optimization or when
debugging tools like ASAN are used.
This patch adds an explicit `RB_GC_GUARD` to ensure `name` is kept alive
until after the last use.
While it's not certain this is the root cause of the following observed
use-after-poison ASAN error, I believe this fix is indeed needed and
hopefully a likely candidate for preventing the error.
```
==1960369==ERROR: AddressSanitizer: use-after-poison on address 0x7ec6a00f1d88 at pc 0x5fb5bcafcf2e bp 0x7ffcc1178cb0 sp 0x7ffcc1178470
READ of size 61 at 0x7ec6a00f1d88 thread T0
#0 0x5fb5bcafcf2d in __asan_memcpy (/tmp/ruby/build/trunk_asan/ruby+0x204f2d) (BuildId: 6d92c84a27b87cfd253c38eeb552593f215ffb3d)
#1 0x5fb5bcde1fa5 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10
#2 0x5fb5bcde1fa5 in ruby_nonempty_memcpy /tmp/ruby/src/trunk_asan/include/ruby/internal/memory.h:758:16
#3 0x5fb5bcde1fa5 in ruby__sfvwrite /tmp/ruby/src/trunk_asan/sprintf.c:1083:9
#4 0x5fb5bcde1521 in BSD__sprint /tmp/ruby/src/trunk_asan/vsnprintf.c:318:8
#5 0x5fb5bcde0fbc in BSD_vfprintf /tmp/ruby/src/trunk_asan/vsnprintf.c:1215:3
#6 0x5fb5bcdde4b1 in ruby_vsprintf0 /tmp/ruby/src/trunk_asan/sprintf.c:1164:5
#7 0x5fb5bcddd648 in rb_str_vcatf /tmp/ruby/src/trunk_asan/sprintf.c:1234:5
#8 0x5fb5bcddd648 in rb_str_catf /tmp/ruby/src/trunk_asan/sprintf.c:1245:11
#9 0x5fb5bcf97c67 in location_format /tmp/ruby/src/trunk_asan/vm_backtrace.c:462:9
#10 0x5fb5bcf97c67 in location_to_str /tmp/ruby/src/trunk_asan/vm_backtrace.c:493:12
#11 0x5fb5bcf90a37 in location_to_str_dmyarg /tmp/ruby/src/trunk_asan/vm_backtrace.c:795:12
#12 0x5fb5bcf90a37 in backtrace_collect /tmp/ruby/src/trunk_asan/vm_backtrace.c:786:28
#13 0x5fb5bcf90a37 in backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:804:9
#14 0x5fb5bcf90a37 in rb_backtrace_to_str_ary /tmp/ruby/src/trunk_asan/vm_backtrace.c:816:9
#15 0x5fb5bd335b25 in exc_backtrace /tmp/ruby/src/trunk_asan/error.c:1904:15
#16 0x5fb5bd335b25 in rb_get_backtrace /tmp/ruby/src/trunk_asan/error.c:1924:16
```
https://ci.rvm.jp/results/trunk_asan@ruby-sp1/5810304
shioimm
added a commit
to shioimm/ruby
that referenced
this pull request
Jul 11, 2025
This change addresses the following ASAN error:
```
==1973462==ERROR: AddressSanitizer: heap-use-after-free on address 0x5110002117dc at pc 0x749c307c8a65 bp 0x7ffc3af331d0 sp 0x7ffc3af331c8
READ of size 4 at 0x5110002117dc thread T0
#0 0x749c307c8a64 in rb_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:564:14
#1 0x749c307c8a64 in rsock_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1008:21
ruby#2 0x749c307cac48 in rsock_addrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1049:12
ruby#3 0x749c307b10ae in init_inetsock_internal /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:62:23
ruby#4 0x562c5b2e327e in rb_ensure /tmp/ruby/src/trunk_asan/eval.c:1080:18
ruby#5 0x749c307aafd4 in rsock_init_inetsock /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:1318:12
ruby#6 0x749c307b3b78 in tcp_svr_init /tmp/ruby/src/trunk_asan/ext/socket/tcpserver.c:39:12
```
Fixed to avoid accessing memory that has already been freed after calling `free_getaddrinfo_arg`.
shioimm
added a commit
that referenced
this pull request
Jul 11, 2025
This change addresses the following ASAN error:
```
==1973462==ERROR: AddressSanitizer: heap-use-after-free on address 0x5110002117dc at pc 0x749c307c8a65 bp 0x7ffc3af331d0 sp 0x7ffc3af331c8
READ of size 4 at 0x5110002117dc thread T0
#0 0x749c307c8a64 in rb_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:564:14
#1 0x749c307c8a64 in rsock_getaddrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1008:21
#2 0x749c307cac48 in rsock_addrinfo /tmp/ruby/src/trunk_asan/ext/socket/raddrinfo.c:1049:12
#3 0x749c307b10ae in init_inetsock_internal /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:62:23
#4 0x562c5b2e327e in rb_ensure /tmp/ruby/src/trunk_asan/eval.c:1080:18
#5 0x749c307aafd4 in rsock_init_inetsock /tmp/ruby/src/trunk_asan/ext/socket/ipsocket.c:1318:12
#6 0x749c307b3b78 in tcp_svr_init /tmp/ruby/src/trunk_asan/ext/socket/tcpserver.c:39:12
```
Fixed to avoid accessing memory that has already been freed after calling `free_getaddrinfo_arg`.
tekknolagi
added a commit
that referenced
this pull request
Jul 11, 2025
This is notably faster: no need to hash indices. Before: ``` plum% samply record ~/.rubies/ruby-zjit/bin/ruby --zjit benchmarks/getivar.rb ruby 3.5.0dev (2025-07-10T14:40:49Z master 51252ef) +ZJIT dev +PRISM [arm64-darwin24] itr: time #1: 5311ms #2: 49ms #3: 49ms #4: 48ms ``` After: ``` plum% samply record ~/.rubies/ruby-zjit/bin/ruby --zjit benchmarks/getivar.rb ruby 3.5.0dev (2025-07-10T15:09:06Z mb-benchmark-compile 42ffd3c) +ZJIT dev +PRISM [arm64-darwin24] itr: time #1: 1332ms #2: 49ms #3: 48ms #4: 48ms ```
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Jul 30, 2025
During Ruby's shutdown, we no longer need to check the fstr of the symbol
because we don't use the fstr anymore for freeing the symbol. This can also
fix the following ASAN error:
==2721247==ERROR: AddressSanitizer: use-after-poison on address 0x75fa90a627b8 at pc 0x64a7b06fb4bc bp 0x7ffdf95ba9b0 sp 0x7ffdf95ba9a8
READ of size 8 at 0x75fa90a627b8 thread T0
#0 0x64a7b06fb4bb in RB_BUILTIN_TYPE include/ruby/internal/value_type.h:191:30
#1 0x64a7b06fb4bb in rb_gc_shutdown_call_finalizer_p gc.c:357:18
ruby#2 0x64a7b06fb4bb in rb_gc_impl_shutdown_call_finalizer gc/default/default.c:3045:21
ruby#3 0x64a7b06fb4bb in rb_objspace_call_finalizer gc.c:1739:5
ruby#4 0x64a7b06ca1b2 in rb_ec_finalize eval.c:165:5
ruby#5 0x64a7b06ca1b2 in rb_ec_cleanup eval.c:256:5
ruby#6 0x64a7b06c98a3 in ruby_cleanup eval.c:179:12
peterzhu2118
added a commit
that referenced
this pull request
Jul 30, 2025
During Ruby's shutdown, we no longer need to check the fstr of the symbol
because we don't use the fstr anymore for freeing the symbol. This can also
fix the following ASAN error:
==2721247==ERROR: AddressSanitizer: use-after-poison on address 0x75fa90a627b8 at pc 0x64a7b06fb4bc bp 0x7ffdf95ba9b0 sp 0x7ffdf95ba9a8
READ of size 8 at 0x75fa90a627b8 thread T0
#0 0x64a7b06fb4bb in RB_BUILTIN_TYPE include/ruby/internal/value_type.h:191:30
#1 0x64a7b06fb4bb in rb_gc_shutdown_call_finalizer_p gc.c:357:18
#2 0x64a7b06fb4bb in rb_gc_impl_shutdown_call_finalizer gc/default/default.c:3045:21
#3 0x64a7b06fb4bb in rb_objspace_call_finalizer gc.c:1739:5
#4 0x64a7b06ca1b2 in rb_ec_finalize eval.c:165:5
#5 0x64a7b06ca1b2 in rb_ec_cleanup eval.c:256:5
#6 0x64a7b06c98a3 in ruby_cleanup eval.c:179:12
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Aug 25, 2025
If we malloc when the current Ractor is locked, we can deadlock because
GC requires VM lock and Ractor barrier. If another Ractor is waiting on
this Ractor lock, then it will deadlock because the other Ractor will
never join the barrier.
For example, this script deadlocks:
r = Ractor.new do
loop do
Ractor::Port.new
end
end
100000.times do |i|
r.send(nil)
puts i
end
On debug builds, it fails with this assertion error:
vm_sync.c:75: Assertion Failed: vm_lock_enter:cr->sync.locked_by != rb_ractor_self(cr)
On non-debug builds, we can see that it deadlocks in the debugger:
Main Ractor:
frame ruby#3: 0x000000010021fdc4 miniruby`rb_native_mutex_lock(lock=<unavailable>) at thread_pthread.c:115:14
frame ruby#4: 0x0000000100193eb8 miniruby`ractor_send0 [inlined] ractor_lock(r=<unavailable>, file=<unavailable>, line=1180) at ractor.c:73:5
frame ruby#5: 0x0000000100193eb0 miniruby`ractor_send0 [inlined] ractor_send_basket(ec=<unavailable>, rp=0x0000000131092840, b=0x000000011c63de80, raise_on_error=true) at ractor_sync.c:1180:5
frame ruby#6: 0x0000000100193eac miniruby`ractor_send0(ec=<unavailable>, rp=0x0000000131092840, obj=4, move=<unavailable>, raise_on_error=true) at ractor_sync.c:1211:5
Second Ractor:
frame ruby#2: 0x00000001002208d0 miniruby`rb_ractor_sched_barrier_start [inlined] rb_native_cond_wait(cond=<unavailable>, mutex=<unavailable>) at thread_pthread.c:221:13
frame ruby#3: 0x00000001002208cc miniruby`rb_ractor_sched_barrier_start(vm=0x000000013180d600, cr=0x0000000131093460) at thread_pthread.c:1438:13
frame ruby#4: 0x000000010028a328 miniruby`rb_vm_barrier at vm_sync.c:262:13 [artificial]
frame ruby#5: 0x00000001000dfa6c miniruby`gc_start [inlined] rb_gc_vm_barrier at gc.c:179:5
frame ruby#6: 0x00000001000dfa68 miniruby`gc_start [inlined] gc_enter(objspace=0x000000013180fc00, event=gc_enter_event_start, lock_lev=<unavailable>) at default.c:6636:9
frame ruby#7: 0x00000001000dfa48 miniruby`gc_start(objspace=0x000000013180fc00, reason=<unavailable>) at default.c:6361:5
frame ruby#8: 0x00000001000e3fd8 miniruby`objspace_malloc_increase_body [inlined] garbage_collect(objspace=0x000000013180fc00, reason=512) at default.c:6341:15
frame ruby#9: 0x00000001000e3fa4 miniruby`objspace_malloc_increase_body [inlined] garbage_collect_with_gvl(objspace=0x000000013180fc00, reason=512) at default.c:6741:16
frame ruby#10: 0x00000001000e3f88 miniruby`objspace_malloc_increase_body(objspace=0x000000013180fc00, mem=<unavailable>, new_size=<unavailable>, old_size=<unavailable>, type=<unavailable>) at default.c:8007:13
frame ruby#11: 0x00000001000e3c44 miniruby`rb_gc_impl_malloc [inlined] objspace_malloc_fixup(objspace=0x000000013180fc00, mem=0x000000011c700000, size=12582912) at default.c:8085:5
frame ruby#12: 0x00000001000e3c30 miniruby`rb_gc_impl_malloc(objspace_ptr=0x000000013180fc00, size=12582912) at default.c:8182:12
frame ruby#13: 0x00000001000d4584 miniruby`ruby_xmalloc [inlined] ruby_xmalloc_body(size=<unavailable>) at gc.c:5128:12
frame ruby#14: 0x00000001000d4568 miniruby`ruby_xmalloc(size=<unavailable>) at gc.c:5118:34
frame ruby#15: 0x00000001001eb184 miniruby`rb_st_init_existing_table_with_size(tab=0x000000011c2b4b40, type=<unavailable>, size=<unavailable>) at st.c:559:39
frame ruby#16: 0x00000001001ebc74 miniruby`rebuild_table_if_necessary [inlined] rb_st_init_table_with_size(type=0x00000001004f4a78, size=524287) at st.c:585:5
frame ruby#17: 0x00000001001ebc5c miniruby`rebuild_table_if_necessary [inlined] rebuild_table(tab=0x000000013108e2f0) at st.c:753:19
frame ruby#18: 0x00000001001ebbfc miniruby`rebuild_table_if_necessary(tab=0x000000013108e2f0) at st.c:1125:9
frame ruby#19: 0x00000001001eba08 miniruby`rb_st_insert(tab=0x000000013108e2f0, key=262144, value=4767566624) at st.c:1143:5
frame #20: 0x0000000100194b84 miniruby`ractor_port_initialzie [inlined] ractor_add_port(r=0x0000000131093460, id=262144) at ractor_sync.c:399:9
frame ruby#21: 0x0000000100194b58 miniruby`ractor_port_initialzie [inlined] ractor_port_init(rpv=4750065560, r=0x0000000131093460) at ractor_sync.c:87:5
frame ruby#22: 0x0000000100194b34 miniruby`ractor_port_initialzie(self=4750065560) at ractor_sync.c:103:12
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Aug 25, 2025
If we malloc when the current Ractor is locked, we can deadlock because
GC requires VM lock and Ractor barrier. If another Ractor is waiting on
this Ractor lock, then it will deadlock because the other Ractor will
never join the barrier.
For example, this script deadlocks:
r = Ractor.new do
loop do
Ractor::Port.new
end
end
100000.times do |i|
r.send(nil)
puts i
end
On debug builds, it fails with this assertion error:
vm_sync.c:75: Assertion Failed: vm_lock_enter:cr->sync.locked_by != rb_ractor_self(cr)
On non-debug builds, we can see that it deadlocks in the debugger:
Main Ractor:
frame ruby#3: 0x000000010021fdc4 miniruby`rb_native_mutex_lock(lock=<unavailable>) at thread_pthread.c:115:14
frame ruby#4: 0x0000000100193eb8 miniruby`ractor_send0 [inlined] ractor_lock(r=<unavailable>, file=<unavailable>, line=1180) at ractor.c:73:5
frame ruby#5: 0x0000000100193eb0 miniruby`ractor_send0 [inlined] ractor_send_basket(ec=<unavailable>, rp=0x0000000131092840, b=0x000000011c63de80, raise_on_error=true) at ractor_sync.c:1180:5
frame ruby#6: 0x0000000100193eac miniruby`ractor_send0(ec=<unavailable>, rp=0x0000000131092840, obj=4, move=<unavailable>, raise_on_error=true) at ractor_sync.c:1211:5
Second Ractor:
frame ruby#2: 0x00000001002208d0 miniruby`rb_ractor_sched_barrier_start [inlined] rb_native_cond_wait(cond=<unavailable>, mutex=<unavailable>) at thread_pthread.c:221:13
frame ruby#3: 0x00000001002208cc miniruby`rb_ractor_sched_barrier_start(vm=0x000000013180d600, cr=0x0000000131093460) at thread_pthread.c:1438:13
frame ruby#4: 0x000000010028a328 miniruby`rb_vm_barrier at vm_sync.c:262:13 [artificial]
frame ruby#5: 0x00000001000dfa6c miniruby`gc_start [inlined] rb_gc_vm_barrier at gc.c:179:5
frame ruby#6: 0x00000001000dfa68 miniruby`gc_start [inlined] gc_enter(objspace=0x000000013180fc00, event=gc_enter_event_start, lock_lev=<unavailable>) at default.c:6636:9
frame ruby#7: 0x00000001000dfa48 miniruby`gc_start(objspace=0x000000013180fc00, reason=<unavailable>) at default.c:6361:5
frame ruby#8: 0x00000001000e3fd8 miniruby`objspace_malloc_increase_body [inlined] garbage_collect(objspace=0x000000013180fc00, reason=512) at default.c:6341:15
frame ruby#9: 0x00000001000e3fa4 miniruby`objspace_malloc_increase_body [inlined] garbage_collect_with_gvl(objspace=0x000000013180fc00, reason=512) at default.c:6741:16
frame ruby#10: 0x00000001000e3f88 miniruby`objspace_malloc_increase_body(objspace=0x000000013180fc00, mem=<unavailable>, new_size=<unavailable>, old_size=<unavailable>, type=<unavailable>) at default.c:8007:13
frame ruby#11: 0x00000001000e3c44 miniruby`rb_gc_impl_malloc [inlined] objspace_malloc_fixup(objspace=0x000000013180fc00, mem=0x000000011c700000, size=12582912) at default.c:8085:5
frame ruby#12: 0x00000001000e3c30 miniruby`rb_gc_impl_malloc(objspace_ptr=0x000000013180fc00, size=12582912) at default.c:8182:12
frame ruby#13: 0x00000001000d4584 miniruby`ruby_xmalloc [inlined] ruby_xmalloc_body(size=<unavailable>) at gc.c:5128:12
frame ruby#14: 0x00000001000d4568 miniruby`ruby_xmalloc(size=<unavailable>) at gc.c:5118:34
frame ruby#15: 0x00000001001eb184 miniruby`rb_st_init_existing_table_with_size(tab=0x000000011c2b4b40, type=<unavailable>, size=<unavailable>) at st.c:559:39
frame ruby#16: 0x00000001001ebc74 miniruby`rebuild_table_if_necessary [inlined] rb_st_init_table_with_size(type=0x00000001004f4a78, size=524287) at st.c:585:5
frame ruby#17: 0x00000001001ebc5c miniruby`rebuild_table_if_necessary [inlined] rebuild_table(tab=0x000000013108e2f0) at st.c:753:19
frame ruby#18: 0x00000001001ebbfc miniruby`rebuild_table_if_necessary(tab=0x000000013108e2f0) at st.c:1125:9
frame ruby#19: 0x00000001001eba08 miniruby`rb_st_insert(tab=0x000000013108e2f0, key=262144, value=4767566624) at st.c:1143:5
frame #20: 0x0000000100194b84 miniruby`ractor_port_initialzie [inlined] ractor_add_port(r=0x0000000131093460, id=262144) at ractor_sync.c:399:9
frame ruby#21: 0x0000000100194b58 miniruby`ractor_port_initialzie [inlined] ractor_port_init(rpv=4750065560, r=0x0000000131093460) at ractor_sync.c:87:5
frame ruby#22: 0x0000000100194b34 miniruby`ractor_port_initialzie(self=4750065560) at ractor_sync.c:103:12
peterzhu2118
added a commit
that referenced
this pull request
Aug 25, 2025
If we malloc when the current Ractor is locked, we can deadlock because
GC requires VM lock and Ractor barrier. If another Ractor is waiting on
this Ractor lock, then it will deadlock because the other Ractor will
never join the barrier.
For example, this script deadlocks:
r = Ractor.new do
loop do
Ractor::Port.new
end
end
100000.times do |i|
r.send(nil)
puts i
end
On debug builds, it fails with this assertion error:
vm_sync.c:75: Assertion Failed: vm_lock_enter:cr->sync.locked_by != rb_ractor_self(cr)
On non-debug builds, we can see that it deadlocks in the debugger:
Main Ractor:
frame #3: 0x000000010021fdc4 miniruby`rb_native_mutex_lock(lock=<unavailable>) at thread_pthread.c:115:14
frame #4: 0x0000000100193eb8 miniruby`ractor_send0 [inlined] ractor_lock(r=<unavailable>, file=<unavailable>, line=1180) at ractor.c:73:5
frame #5: 0x0000000100193eb0 miniruby`ractor_send0 [inlined] ractor_send_basket(ec=<unavailable>, rp=0x0000000131092840, b=0x000000011c63de80, raise_on_error=true) at ractor_sync.c:1180:5
frame #6: 0x0000000100193eac miniruby`ractor_send0(ec=<unavailable>, rp=0x0000000131092840, obj=4, move=<unavailable>, raise_on_error=true) at ractor_sync.c:1211:5
Second Ractor:
frame #2: 0x00000001002208d0 miniruby`rb_ractor_sched_barrier_start [inlined] rb_native_cond_wait(cond=<unavailable>, mutex=<unavailable>) at thread_pthread.c:221:13
frame #3: 0x00000001002208cc miniruby`rb_ractor_sched_barrier_start(vm=0x000000013180d600, cr=0x0000000131093460) at thread_pthread.c:1438:13
frame #4: 0x000000010028a328 miniruby`rb_vm_barrier at vm_sync.c:262:13 [artificial]
frame #5: 0x00000001000dfa6c miniruby`gc_start [inlined] rb_gc_vm_barrier at gc.c:179:5
frame #6: 0x00000001000dfa68 miniruby`gc_start [inlined] gc_enter(objspace=0x000000013180fc00, event=gc_enter_event_start, lock_lev=<unavailable>) at default.c:6636:9
frame #7: 0x00000001000dfa48 miniruby`gc_start(objspace=0x000000013180fc00, reason=<unavailable>) at default.c:6361:5
frame #8: 0x00000001000e3fd8 miniruby`objspace_malloc_increase_body [inlined] garbage_collect(objspace=0x000000013180fc00, reason=512) at default.c:6341:15
frame #9: 0x00000001000e3fa4 miniruby`objspace_malloc_increase_body [inlined] garbage_collect_with_gvl(objspace=0x000000013180fc00, reason=512) at default.c:6741:16
frame #10: 0x00000001000e3f88 miniruby`objspace_malloc_increase_body(objspace=0x000000013180fc00, mem=<unavailable>, new_size=<unavailable>, old_size=<unavailable>, type=<unavailable>) at default.c:8007:13
frame #11: 0x00000001000e3c44 miniruby`rb_gc_impl_malloc [inlined] objspace_malloc_fixup(objspace=0x000000013180fc00, mem=0x000000011c700000, size=12582912) at default.c:8085:5
frame #12: 0x00000001000e3c30 miniruby`rb_gc_impl_malloc(objspace_ptr=0x000000013180fc00, size=12582912) at default.c:8182:12
frame #13: 0x00000001000d4584 miniruby`ruby_xmalloc [inlined] ruby_xmalloc_body(size=<unavailable>) at gc.c:5128:12
frame #14: 0x00000001000d4568 miniruby`ruby_xmalloc(size=<unavailable>) at gc.c:5118:34
frame #15: 0x00000001001eb184 miniruby`rb_st_init_existing_table_with_size(tab=0x000000011c2b4b40, type=<unavailable>, size=<unavailable>) at st.c:559:39
frame #16: 0x00000001001ebc74 miniruby`rebuild_table_if_necessary [inlined] rb_st_init_table_with_size(type=0x00000001004f4a78, size=524287) at st.c:585:5
frame #17: 0x00000001001ebc5c miniruby`rebuild_table_if_necessary [inlined] rebuild_table(tab=0x000000013108e2f0) at st.c:753:19
frame #18: 0x00000001001ebbfc miniruby`rebuild_table_if_necessary(tab=0x000000013108e2f0) at st.c:1125:9
frame #19: 0x00000001001eba08 miniruby`rb_st_insert(tab=0x000000013108e2f0, key=262144, value=4767566624) at st.c:1143:5
frame #20: 0x0000000100194b84 miniruby`ractor_port_initialzie [inlined] ractor_add_port(r=0x0000000131093460, id=262144) at ractor_sync.c:399:9
frame #21: 0x0000000100194b58 miniruby`ractor_port_initialzie [inlined] ractor_port_init(rpv=4750065560, r=0x0000000131093460) at ractor_sync.c:87:5
frame #22: 0x0000000100194b34 miniruby`ractor_port_initialzie(self=4750065560) at ractor_sync.c:103:12
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Sep 2, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Sep 2, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Sep 2, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Sep 16, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```
matzbot
pushed a commit
that referenced
this pull request
Oct 6, 2025
We need to free the current_block_exits in parse_program when we're done
with it to prevent memory leaks. This fixes the following memory leak detected
when running Ruby using `RUBY_FREE_AT_EXIT=1 ruby -nc -e "break"`:
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x5bd3c5bc66c8 in realloc (miniruby+0x616c8) (BuildId: ruby/prism@ba6a96e5a060)
#1 0x5bd3c5f91fd9 in pm_node_list_grow prism/templates/src/node.c.erb:35:40
#2 0x5bd3c5f91e9d in pm_node_list_append prism/templates/src/node.c.erb:48:9
#3 0x5bd3c6001fa0 in parse_block_exit prism/prism.c:15788:17
#4 0x5bd3c5fee155 in parse_expression_prefix prism/prism.c:19221:50
#5 0x5bd3c5fe9970 in parse_expression prism/prism.c:22235:23
#6 0x5bd3c5fe0586 in parse_statements prism/prism.c:13976:27
#7 0x5bd3c5fd6792 in parse_program prism/prism.c:22508:40
ruby/prism@fdf9b8d24a
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Oct 22, 2025
When RUBYOPT is invalid, it raises an error which causes moreswitches
to leak memory. It can be seen when building with LSAN enabled:
$ RUBY_FREE_AT_EXIT=1 RUBYOPT=f ruby
ruby: invalid option -f (-h will show valid options) (RuntimeError)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x618cef8efa23 in malloc (miniruby+0x64a23)
#1 0x618cefa0e8d8 in rb_gc_impl_malloc gc/default/default.c:8182:5
ruby#2 0x618cef9f7f01 in ruby_xmalloc2_body gc.c:5182:12
ruby#3 0x618cef9f7eac in ruby_xmalloc2 gc.c:5176:34
ruby#4 0x618cefb547b2 in moreswitches ruby.c:919:18
ruby#5 0x618cefb526fe in process_options ruby.c:2350:9
ruby#6 0x618cefb524ac in ruby_process_options ruby.c:3202:12
ruby#7 0x618cef9dc11f in ruby_options eval.c:119:16
ruby#8 0x618cef8f2fb5 in rb_main main.c:42:26
ruby#9 0x618cef8f2f59 in main main.c:62:12
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Oct 22, 2025
When RUBYOPT is invalid, it raises an error which causes moreswitches
to leak memory. It can be seen when building with LSAN enabled:
$ RUBY_FREE_AT_EXIT=1 RUBYOPT=f ruby
ruby: invalid option -f (-h will show valid options) (RuntimeError)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x618cef8efa23 in malloc (miniruby+0x64a23)
#1 0x618cefa0e8d8 in rb_gc_impl_malloc gc/default/default.c:8182:5
ruby#2 0x618cef9f7f01 in ruby_xmalloc2_body gc.c:5182:12
ruby#3 0x618cef9f7eac in ruby_xmalloc2 gc.c:5176:34
ruby#4 0x618cefb547b2 in moreswitches ruby.c:919:18
ruby#5 0x618cefb526fe in process_options ruby.c:2350:9
ruby#6 0x618cefb524ac in ruby_process_options ruby.c:3202:12
ruby#7 0x618cef9dc11f in ruby_options eval.c:119:16
ruby#8 0x618cef8f2fb5 in rb_main main.c:42:26
ruby#9 0x618cef8f2f59 in main main.c:62:12
peterzhu2118
added a commit
that referenced
this pull request
Oct 22, 2025
When RUBYOPT is invalid, it raises an error which causes moreswitches
to leak memory. It can be seen when building with LSAN enabled:
$ RUBY_FREE_AT_EXIT=1 RUBYOPT=f ruby
ruby: invalid option -f (-h will show valid options) (RuntimeError)
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x618cef8efa23 in malloc (miniruby+0x64a23)
#1 0x618cefa0e8d8 in rb_gc_impl_malloc gc/default/default.c:8182:5
#2 0x618cef9f7f01 in ruby_xmalloc2_body gc.c:5182:12
#3 0x618cef9f7eac in ruby_xmalloc2 gc.c:5176:34
#4 0x618cefb547b2 in moreswitches ruby.c:919:18
#5 0x618cefb526fe in process_options ruby.c:2350:9
#6 0x618cefb524ac in ruby_process_options ruby.c:3202:12
#7 0x618cef9dc11f in ruby_options eval.c:119:16
#8 0x618cef8f2fb5 in rb_main main.c:42:26
#9 0x618cef8f2f59 in main main.c:62:12
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Oct 24, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Nov 3, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 ruby#1: 960ms 0 ruby#1: 943ms 0 ruby#2: 979ms 0 ruby#2: 939ms 0 ruby#3: 968ms 0 ruby#3: 948ms 0 ruby#4: 963ms 0 ruby#4: 946ms 0 ruby#5: 964ms 0 ruby#5: 944ms 1 ruby#1: 947ms 1 ruby#1: 940ms 1 ruby#2: 950ms 1 ruby#2: 947ms 1 ruby#3: 962ms 1 ruby#3: 950ms 1 ruby#4: 947ms 1 ruby#4: 945ms 1 ruby#5: 947ms 1 ruby#5: 943ms 2 ruby#1: 1131ms 2 ruby#1: 1005ms 2 ruby#2: 1153ms 2 ruby#2: 996ms 2 ruby#3: 1155ms 2 ruby#3: 1003ms 2 ruby#4: 1205ms 2 ruby#4: 1012ms 2 ruby#5: 1179ms 2 ruby#5: 1012ms 4 ruby#1: 1555ms 4 ruby#1: 1209ms 4 ruby#2: 1509ms 4 ruby#2: 1244ms 4 ruby#3: 1529ms 4 ruby#3: 1254ms 4 ruby#4: 1512ms 4 ruby#4: 1267ms 4 ruby#5: 1513ms 4 ruby#5: 1245ms 6 ruby#1: 2122ms 6 ruby#1: 1584ms 6 ruby#2: 2080ms 6 ruby#2: 1532ms 6 ruby#3: 2079ms 6 ruby#3: 1476ms 6 ruby#4: 2021ms 6 ruby#4: 1463ms 6 ruby#5: 1999ms 6 ruby#5: 1461ms 8 ruby#1: 2741ms 8 ruby#1: 1630ms 8 ruby#2: 2711ms 8 ruby#2: 1632ms 8 ruby#3: 2688ms 8 ruby#3: 1654ms 8 ruby#4: 2641ms 8 ruby#4: 1684ms 8 ruby#5: 2656ms 8 ruby#5: 1752ms ```
luke-gru
pushed a commit
that referenced
this pull request
Nov 3, 2025
We can avoid taking this barrier if we're not incremental marking or lazy sweeping. I found this was taking a significant amount of samples when profiling `Psych.load` in multiple ractors due to the vm barrier. With this change, we get significant improvements in ractor benchmarks that allocate lots of objects. -- Psych.load benchmark -- ``` Before: After: r: itr: time r: itr: time 0 #1: 960ms 0 #1: 943ms 0 #2: 979ms 0 #2: 939ms 0 #3: 968ms 0 #3: 948ms 0 #4: 963ms 0 #4: 946ms 0 #5: 964ms 0 #5: 944ms 1 #1: 947ms 1 #1: 940ms 1 #2: 950ms 1 #2: 947ms 1 #3: 962ms 1 #3: 950ms 1 #4: 947ms 1 #4: 945ms 1 #5: 947ms 1 #5: 943ms 2 #1: 1131ms 2 #1: 1005ms 2 #2: 1153ms 2 #2: 996ms 2 #3: 1155ms 2 #3: 1003ms 2 #4: 1205ms 2 #4: 1012ms 2 #5: 1179ms 2 #5: 1012ms 4 #1: 1555ms 4 #1: 1209ms 4 #2: 1509ms 4 #2: 1244ms 4 #3: 1529ms 4 #3: 1254ms 4 #4: 1512ms 4 #4: 1267ms 4 #5: 1513ms 4 #5: 1245ms 6 #1: 2122ms 6 #1: 1584ms 6 #2: 2080ms 6 #2: 1532ms 6 #3: 2079ms 6 #3: 1476ms 6 #4: 2021ms 6 #4: 1463ms 6 #5: 1999ms 6 #5: 1461ms 8 #1: 2741ms 8 #1: 1630ms 8 #2: 2711ms 8 #2: 1632ms 8 #3: 2688ms 8 #3: 1654ms 8 #4: 2641ms 8 #4: 1684ms 8 #5: 2656ms 8 #5: 1752ms ```
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Nov 6, 2025
We were seeing errors like: * thread ruby#8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame ruby#1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame ruby#2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame ruby#3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame ruby#4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame ruby#5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame ruby#6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame ruby#7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame ruby#8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame ruby#9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame ruby#10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame ruby#11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame ruby#12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame ruby#13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame ruby#14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame ruby#15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame ruby#16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame ruby#17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame ruby#18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame ruby#19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5
luke-gruber
added a commit
to luke-gruber/ruby
that referenced
this pull request
Nov 6, 2025
We were seeing errors like: ``` * thread ruby#8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame ruby#1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame ruby#2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame ruby#3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame ruby#4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame ruby#5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame ruby#6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame ruby#7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame ruby#8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame ruby#9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame ruby#10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame ruby#11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame ruby#12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame ruby#13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame ruby#14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame ruby#15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame ruby#16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame ruby#17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame ruby#18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame ruby#19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5 ```
luke-gru
pushed a commit
that referenced
this pull request
Nov 6, 2025
We were seeing errors like: ``` * thread #8, stop reason = EXC_BAD_ACCESS (code=1, address=0x803) * frame #0: 0x00000001001fe944 ruby`rb_st_lookup(tab=0x00000000000007fb, key=1, value=0x00000001305b7490) at st.c:1066:22 frame #1: 0x000000010002d658 ruby`remove_class_from_subclasses [inlined] class_get_subclasses_for_ns(tbl=0x00000000000007fb, ns_id=1) at class.c:604:9 frame #2: 0x000000010002d650 ruby`remove_class_from_subclasses(tbl=0x00000000000007fb, ns_id=1, klass=4754039232) at class.c:620:34 frame #3: 0x000000010002c8a8 ruby`rb_class_classext_free_subclasses(ext=0x000000011b5ce1d8, klass=4754039232, replacing=<unavailable>) at class.c:700:9 frame #4: 0x000000010002c760 ruby`rb_class_classext_free(klass=4754039232, ext=0x000000011b5ce1d8, is_prime=true) at class.c:105:5 frame #5: 0x00000001000e770c ruby`classext_free(ext=<unavailable>, is_prime=<unavailable>, namespace=<unavailable>, arg=<unavailable>) at gc.c:1231:5 [artificial] frame #6: 0x000000010002d178 ruby`rb_class_classext_foreach(klass=<unavailable>, func=(ruby`classext_free at gc.c:1228), arg=0x00000001305b75c0) at class.c:518:5 frame #7: 0x00000001000e745c ruby`rb_gc_obj_free(objspace=0x000000012500c400, obj=4754039232) at gc.c:1282:9 frame #8: 0x00000001000e70d4 ruby`gc_sweep_plane(objspace=0x000000012500c400, heap=<unavailable>, p=4754039232, bitset=4095, ctx=0x00000001305b76e8) at default.c:3482:21 frame #9: 0x00000001000e6e9c ruby`gc_sweep_page(objspace=0x000000012500c400, heap=0x000000012500c540, ctx=0x00000001305b76e8) at default.c:3567:13 frame #10: 0x00000001000e51d0 ruby`gc_sweep_step(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:3848:9 frame #11: 0x00000001000e1880 ruby`gc_continue [inlined] gc_sweep_continue(objspace=0x000000012500c400, sweep_heap=0x000000012500c540) at default.c:3931:13 frame #12: 0x00000001000e1754 ruby`gc_continue(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2037:9 frame #13: 0x00000001000e10bc ruby`newobj_cache_miss [inlined] heap_prepare(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2056:5 frame #14: 0x00000001000e1074 ruby`newobj_cache_miss [inlined] heap_next_free_page(objspace=0x000000012500c400, heap=0x000000012500c540) at default.c:2280:9 frame #15: 0x00000001000e106c ruby`newobj_cache_miss(objspace=0x000000012500c400, cache=0x0000600001b00300, heap_idx=2, vm_locked=false) at default.c:2387:38 frame #16: 0x00000001000e0d28 ruby`newobj_alloc(objspace=<unavailable>, cache=<unavailable>, heap_idx=<unavailable>, vm_locked=<unavailable>) at default.c:2411:15 [artificial] frame #17: 0x00000001000d7214 ruby`newobj_of [inlined] rb_gc_impl_new_obj(objspace_ptr=<unavailable>, cache_ptr=<unavailable>, klass=<unavailable>, flags=<unavailable>, wb_protected=<unavailable>, alloc_size=<unavailable>) at default.c:2490:15 frame #18: 0x00000001000d719c ruby`newobj_of(cr=<unavailable>, klass=4313971728, flags=258, wb_protected=<unavailable>, size=<unavailable>) at gc.c:995:17 frame #19: 0x00000001000d73ec ruby`rb_wb_protected_newobj_of(ec=<unavailable>, klass=<unavailable>, flags=<unavailable>, size=<unavailable>) at gc.c:1044:12 [artificial] frame #20: 0x0000000100032d34 ruby`class_alloc0(type=<unavailable>, klass=4313971728, namespaceable=<unavailable>) at class.c:803:5 ```
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Nov 9, 2025
We don't decrement the super and module subclasses count for iclasses that
are having their classext replaced. This causes the reference count to be
incorrect and leak memory.
The following script demonstrates the memory leak:
module Foo
refine(Object) do
define_method(:<=) {}
end
end
class Bar
include Comparable
end
With RUBY_FREE_AT_EXIT and ASAN, we can see many memory leaks, including:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x599f715adca2 in calloc (miniruby+0x64ca2)
#1 0x599f716bd779 in calloc1 gc/default/default.c:1495:12
ruby#2 0x599f716d1370 in rb_gc_impl_calloc gc/default/default.c:8216:5
ruby#3 0x599f716b8ab1 in ruby_xcalloc_body gc.c:5221:12
ruby#4 0x599f716b269c in ruby_xcalloc gc.c:5215:34
ruby#5 0x599f715eab23 in class_alloc0 class.c:790:22
ruby#6 0x599f715e4bec in class_alloc class.c:836:12
ruby#7 0x599f715e60c9 in module_new class.c:1693:17
ruby#8 0x599f715e60a2 in rb_module_new class.c:1701:12
ruby#9 0x599f715e6303 in rb_define_module class.c:1733:14
ruby#10 0x599f715ebc5f in Init_Comparable compar.c:315:22
ruby#11 0x599f716e35f5 in rb_call_inits inits.c:32:5
ruby#12 0x599f7169cbfd in ruby_setup eval.c:88:9
ruby#13 0x599f7169cdac in ruby_init eval.c:100:17
ruby#14 0x599f715b0fa9 in rb_main main.c:41:5
ruby#15 0x599f715b0f59 in main main.c:62:12
ruby#16 0x739b2f02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
ruby#17 0x739b2f02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
ruby#18 0x599f7157c424 in _start (miniruby+0x33424)
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Nov 9, 2025
We don't decrement the super and module subclasses count for iclasses that
are having their classext replaced. This causes the reference count to be
incorrect and leak memory.
The following script demonstrates the memory leak:
module Foo
refine(Object) do
define_method(:<=) {}
end
end
class Bar
include Comparable
end
With RUBY_FREE_AT_EXIT and ASAN, we can see many memory leaks, including:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x599f715adca2 in calloc (miniruby+0x64ca2)
#1 0x599f716bd779 in calloc1 gc/default/default.c:1495:12
ruby#2 0x599f716d1370 in rb_gc_impl_calloc gc/default/default.c:8216:5
ruby#3 0x599f716b8ab1 in ruby_xcalloc_body gc.c:5221:12
ruby#4 0x599f716b269c in ruby_xcalloc gc.c:5215:34
ruby#5 0x599f715eab23 in class_alloc0 class.c:790:22
ruby#6 0x599f715e4bec in class_alloc class.c:836:12
ruby#7 0x599f715e60c9 in module_new class.c:1693:17
ruby#8 0x599f715e60a2 in rb_module_new class.c:1701:12
ruby#9 0x599f715e6303 in rb_define_module class.c:1733:14
ruby#10 0x599f715ebc5f in Init_Comparable compar.c:315:22
ruby#11 0x599f716e35f5 in rb_call_inits inits.c:32:5
ruby#12 0x599f7169cbfd in ruby_setup eval.c:88:9
ruby#13 0x599f7169cdac in ruby_init eval.c:100:17
ruby#14 0x599f715b0fa9 in rb_main main.c:41:5
ruby#15 0x599f715b0f59 in main main.c:62:12
ruby#16 0x739b2f02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
ruby#17 0x739b2f02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
ruby#18 0x599f7157c424 in _start (miniruby+0x33424)
peterzhu2118
added a commit
that referenced
this pull request
Nov 10, 2025
We don't decrement the super and module subclasses count for iclasses that
are having their classext replaced. This causes the reference count to be
incorrect and leak memory.
The following script demonstrates the memory leak:
module Foo
refine(Object) do
define_method(:<=) {}
end
end
class Bar
include Comparable
end
With RUBY_FREE_AT_EXIT and ASAN, we can see many memory leaks, including:
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x599f715adca2 in calloc (miniruby+0x64ca2)
#1 0x599f716bd779 in calloc1 gc/default/default.c:1495:12
#2 0x599f716d1370 in rb_gc_impl_calloc gc/default/default.c:8216:5
#3 0x599f716b8ab1 in ruby_xcalloc_body gc.c:5221:12
#4 0x599f716b269c in ruby_xcalloc gc.c:5215:34
#5 0x599f715eab23 in class_alloc0 class.c:790:22
#6 0x599f715e4bec in class_alloc class.c:836:12
#7 0x599f715e60c9 in module_new class.c:1693:17
#8 0x599f715e60a2 in rb_module_new class.c:1701:12
#9 0x599f715e6303 in rb_define_module class.c:1733:14
#10 0x599f715ebc5f in Init_Comparable compar.c:315:22
#11 0x599f716e35f5 in rb_call_inits inits.c:32:5
#12 0x599f7169cbfd in ruby_setup eval.c:88:9
#13 0x599f7169cdac in ruby_init eval.c:100:17
#14 0x599f715b0fa9 in rb_main main.c:41:5
#15 0x599f715b0f59 in main main.c:62:12
#16 0x739b2f02a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#17 0x739b2f02a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#18 0x599f7157c424 in _start (miniruby+0x33424)
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Nov 14, 2025
These tests use NM threads but NT is not freed for MN thread, causing it
to be reported as memory leaks in LSAN. For example:
#1 0x62ee7bc67e99 in calloc1 gc/default/default.c:1495:12
ruby#2 0x62ee7bc7ba00 in rb_gc_impl_calloc gc/default/default.c:8216:5
ruby#3 0x62ee7bc631d1 in ruby_xcalloc_body gc.c:5221:12
ruby#4 0x62ee7bc5cdbc in ruby_xcalloc gc.c:5215:34
ruby#5 0x62ee7bdea4c6 in native_thread_alloc thread_pthread.c:2187:35
ruby#6 0x62ee7bdec31b in native_thread_check_and_create_shared thread_pthread_mn.c:429:39
ruby#7 0x62ee7bdea484 in native_thread_create_shared thread_pthread_mn.c:531:12
ruby#8 0x62ee7bdea1da in native_thread_create thread_pthread.c:2403:16
ruby#9 0x62ee7bdde2eb in thread_create_core thread.c:884:11
ruby#10 0x62ee7bde4466 in thread_initialize thread.c:992:16
peterzhu2118
added a commit
to peterzhu2118/ruby
that referenced
this pull request
Nov 14, 2025
These tests use NM threads but NT is not freed for MN thread, causing it
to be reported as memory leaks in LSAN. For example:
#1 0x62ee7bc67e99 in calloc1 gc/default/default.c:1495:12
ruby#2 0x62ee7bc7ba00 in rb_gc_impl_calloc gc/default/default.c:8216:5
ruby#3 0x62ee7bc631d1 in ruby_xcalloc_body gc.c:5221:12
ruby#4 0x62ee7bc5cdbc in ruby_xcalloc gc.c:5215:34
ruby#5 0x62ee7bdea4c6 in native_thread_alloc thread_pthread.c:2187:35
ruby#6 0x62ee7bdec31b in native_thread_check_and_create_shared thread_pthread_mn.c:429:39
ruby#7 0x62ee7bdea484 in native_thread_create_shared thread_pthread_mn.c:531:12
ruby#8 0x62ee7bdea1da in native_thread_create thread_pthread.c:2403:16
ruby#9 0x62ee7bdde2eb in thread_create_core thread.c:884:11
ruby#10 0x62ee7bde4466 in thread_initialize thread.c:992:16
peterzhu2118
added a commit
that referenced
this pull request
Nov 14, 2025
These tests use NM threads but NT is not freed for MN thread, causing it
to be reported as memory leaks in LSAN. For example:
#1 0x62ee7bc67e99 in calloc1 gc/default/default.c:1495:12
#2 0x62ee7bc7ba00 in rb_gc_impl_calloc gc/default/default.c:8216:5
#3 0x62ee7bc631d1 in ruby_xcalloc_body gc.c:5221:12
#4 0x62ee7bc5cdbc in ruby_xcalloc gc.c:5215:34
#5 0x62ee7bdea4c6 in native_thread_alloc thread_pthread.c:2187:35
#6 0x62ee7bdec31b in native_thread_check_and_create_shared thread_pthread_mn.c:429:39
#7 0x62ee7bdea484 in native_thread_create_shared thread_pthread_mn.c:531:12
#8 0x62ee7bdea1da in native_thread_create thread_pthread.c:2403:16
#9 0x62ee7bdde2eb in thread_create_core thread.c:884:11
#10 0x62ee7bde4466 in thread_initialize thread.c:992:16
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
net/http rdoc improvements associated with http://redmine.ruby-lang.org/issues/show/4093.