Actions
Bug #19463
closed
YJIT `[BUG] Stack consistency error` under certain invalidation scenarios
Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +YJIT [arm64-darwin22]
Description
test.rb:19: [BUG] Stack consistency error (sp: 15, bp: 16)
With the following:
klass = Class.new do
def self.lookup(hash, key) = hash[key]
def self.foo(a, b) = []
def self.test(hash, key)
[lookup(hash, key), key, "".freeze]
# 05 opt_send_without_block :lookup
# 07 getlocal_WC_0 :hash
# 09 opt_str_freeze ""
# 12 newarray 3
# 14 leave
#
# YJIT will put instructions (07..14) into a block.
# When String#freeze is redefined from within lookup(),
# the return address to the block is still on-stack. We rely
# on invalidation patching the code at the return address
# to service this situation correctly.
end
end
# get YJIT to compile test()
hash = { 1 => [] }
31.times { klass.test(hash, 1) }
# inject invalidation into lookup()
evil_hash = Hash.new do |_, key|
class String
undef :freeze
def freeze = :ugokanai
end
key
end
p klass.test(evil_hash, 1)
The fix is fairly simple and I'll apply it shortly.
Updated by 
Updated by
Actions
Like0
Like0Like0