Bug #15971
closedSegfault with --jit-wait when using simple *= operator
Description
I get a segfault with the very simple Ruby code below with JIT debug options. Runs fine with only "--jit" (no --jit-wait or --jit-save-temps).
Ruby with "ruby --jit --jit-save-temps --jit-wait ./multiply.rb"
Ruby version: ruby 2.7.0dev (2019-07-02T06:22:22Z trunk 4d6c35d33a) [x86_64-darwin18]
multiply.rb¶
def multiply(a, b)
a *= b
end
1_000_000.times do
multiply(7.0, 10.0)
end
Files
Updated by noahgibbs (Noah Gibbs) about 5 years ago
When I change "a *= b" to "a * b" it doesn't crash.
Updated by k0kubun (Takashi Kokubun) about 5 years ago
- Status changed from Open to Assigned
- Assignee set to k0kubun (Takashi Kokubun)
Updated by k0kubun (Takashi Kokubun) about 5 years ago
- Backport changed from 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN to 2.4: DONTNEED, 2.5: DONTNEED, 2.6: DONTNEED
Updated by k0kubun (Takashi Kokubun) about 5 years ago
- Status changed from Assigned to Closed
Applied in changeset git|ea30dd702512ff9df34fe8c71c825f8f901bf5b1.
Avoid corrupting VM stack on inlined setlocal
setlocal relies on cfp->ep, and frame-omitted method inlining introduced
in Ruby 2.7 kept it wrong.
This change might slow down frame-omitted method inlining for cfp->ep
manipulation, and it obviously complicates the implementaion more. By
introducing an optimization that changes Ruby's local variable to C
local variable, we could optimize it and simplify the cfp->ep
manipulation later.
[Bug #15971]
Updated by k0kubun (Takashi Kokubun) about 5 years ago
This is a perfect bug report having a minimum code which reproduces the bug in Ruby 2.7 JIT's method inlining.
I wish we could catch this automatically by one of our CIs, but this time it didn't go well.
Thank you for testing Ruby 2.7 and reporting this, Noah. I believe ea30dd702512ff9df34fe8c71c825f8f901bf5b1 fixed the problem.