Project

General

Profile

Bug #16098

SEGV with RUBY_ISEQ_DUMP_DEBUG=to_binary make check

Added by alanwu (Alan Wu) about 1 month ago. Updated 29 days ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
ruby -v:
ruby 2.7.0dev (2019-08-11T07:20:11Z master 9fe7e042f5) [x86_64-linux]
[ruby-core:<unknown>]

Description

I get a SEGV in TestSetTraceFunc when I run env RUBY_ISEQ_DUMP_DEBUG=to_binary make check.
The crash doesn't happen when I run just that test file with make test-all TESTOPTS="test/ruby/test_settracefunc.rb".
I only investigated briefly but I thought I would report it in case the cause is obvious to you.

Associated revisions

Revision dc0e45e3
Added by alanwu (Alan Wu) 29 days ago

Update moved objects in original_iseq

Without doing this, enabling a TracePoint on a method could lead to use
of moved objects. This was found by running
env RUBY_ISEQ_DUMP_DEBUG=to_binary make test-all, which sets
orignal_iseq then runs the compaction tests and the tracepoint tests.

Please excuse the lack of tests. I was not able to figure out how to
reliably trigger a move on a specific iseq imemo to make a good
regression test.

To manually confirm the problem and this fix, you can run:

env RUBY_ISEQ_DUMP_DEBUG=to_binary make test-all \
  TESTOPTS="test/ruby/test_gc_compact.rb \
            test/gdbm/test_gdbm.rb \
            test/ruby/test_settracefunc.rb"

Or the following script:

tp = TracePoint.new(:line) {}
1.times do # put it in a block to not keep these objects alive
  objects = 10_000.times.map { Object.new }
  objects.hash
end

1.times do
  # this allocation pattern can realistically happen in an app
  # at load time
  beek = 10_000.times.map do
    eval(<<-RUBY)
      def foo
        a + b
        1.times {
          4 + 234234
        }
        nil + 234
      end
    RUBY
    Object.new
    Object.new
  end
  beek.hash
end

tp.enable(target: self.:foo) { 234 } # allocate original iseq

GC.verify_compaction_references(toward: :empty)
GC.compact

tp.enable(target: self.:foo) { 234234 } # crash

[Bug #16098]

History

#1

Updated by alanwu (Alan Wu) 29 days ago

  • Status changed from Open to Closed

Applied in changeset git|dc0e45e39b37556af8abf6cdb0180e2973041931.


Update moved objects in original_iseq

Without doing this, enabling a TracePoint on a method could lead to use
of moved objects. This was found by running
env RUBY_ISEQ_DUMP_DEBUG=to_binary make test-all, which sets
orignal_iseq then runs the compaction tests and the tracepoint tests.

Please excuse the lack of tests. I was not able to figure out how to
reliably trigger a move on a specific iseq imemo to make a good
regression test.

To manually confirm the problem and this fix, you can run:

env RUBY_ISEQ_DUMP_DEBUG=to_binary make test-all \
  TESTOPTS="test/ruby/test_gc_compact.rb \
            test/gdbm/test_gdbm.rb \
            test/ruby/test_settracefunc.rb"

Or the following script:

tp = TracePoint.new(:line) {}
1.times do # put it in a block to not keep these objects alive
  objects = 10_000.times.map { Object.new }
  objects.hash
end

1.times do
  # this allocation pattern can realistically happen in an app
  # at load time
  beek = 10_000.times.map do
    eval(<<-RUBY)
      def foo
        a + b
        1.times {
          4 + 234234
        }
        nil + 234
      end
    RUBY
    Object.new
    Object.new
  end
  beek.hash
end

tp.enable(target: self.:foo) { 234 } # allocate original iseq

GC.verify_compaction_references(toward: :empty)
GC.compact

tp.enable(target: self.:foo) { 234234 } # crash

[Bug #16098]

Also available in: Atom PDF