Project

General

Profile

Actions

Bug #15971

closed

Segfault with --jit-wait when using simple *= operator

Added by noahgibbs (Noah Gibbs) over 4 years ago. Updated over 4 years ago.

Status:
Closed
Target version:
-
ruby -v:
ruby 2.7.0dev (2019-07-02T06:22:22Z trunk 4d6c35d33a) [x86_64-darwin18]
[ruby-core:93473]

Description

I get a segfault with the very simple Ruby code below with JIT debug options. Runs fine with only "--jit" (no --jit-wait or --jit-save-temps).

Ruby with "ruby --jit --jit-save-temps --jit-wait ./multiply.rb"
Ruby version: ruby 2.7.0dev (2019-07-02T06:22:22Z trunk 4d6c35d33a) [x86_64-darwin18]

multiply.rb

def multiply(a, b)
a *= b
end

1_000_000.times do
multiply(7.0, 10.0)
end


Files

crash_report_text.txt (6.25 KB) crash_report_text.txt Segfault console output noahgibbs (Noah Gibbs), 07/02/2019 11:13 AM
ruby_2019-07-02-120741_C02RP0G1G8WM.crash (38.8 KB) ruby_2019-07-02-120741_C02RP0G1G8WM.crash Crash report file from Mac noahgibbs (Noah Gibbs), 07/02/2019 11:13 AM

Updated by noahgibbs (Noah Gibbs) over 4 years ago

When I change "a *= b" to "a * b" it doesn't crash.

Updated by k0kubun (Takashi Kokubun) over 4 years ago

  • Status changed from Open to Assigned
  • Assignee set to k0kubun (Takashi Kokubun)
Actions #3

Updated by k0kubun (Takashi Kokubun) over 4 years ago

  • Backport changed from 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN to 2.4: DONTNEED, 2.5: DONTNEED, 2.6: DONTNEED
Actions #4

Updated by k0kubun (Takashi Kokubun) over 4 years ago

  • Status changed from Assigned to Closed

Applied in changeset git|ea30dd702512ff9df34fe8c71c825f8f901bf5b1.


Avoid corrupting VM stack on inlined setlocal

setlocal relies on cfp->ep, and frame-omitted method inlining introduced
in Ruby 2.7 kept it wrong.

This change might slow down frame-omitted method inlining for cfp->ep
manipulation, and it obviously complicates the implementaion more. By
introducing an optimization that changes Ruby's local variable to C
local variable, we could optimize it and simplify the cfp->ep
manipulation later.

[Bug #15971]

Updated by k0kubun (Takashi Kokubun) over 4 years ago

This is a perfect bug report having a minimum code which reproduces the bug in Ruby 2.7 JIT's method inlining.
I wish we could catch this automatically by one of our CIs, but this time it didn't go well.

Thank you for testing Ruby 2.7 and reporting this, Noah. I believe ea30dd702512ff9df34fe8c71c825f8f901bf5b1 fixed the problem.

Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0Like0