Actions
Bug #20501
open
ruby SEGV
Description
I encountered SEGV of ruby.
% ./ruby -v
ruby 3.4.0dev (2024-05-22T06:59:19Z master 5613d6e95b) [x86_64-linux]
% ./ruby t.rb
t.rb:33: [BUG] Segmentation fault at 0x00007fc243696098
ruby 3.4.0dev (2024-05-22T06:59:19Z master 5613d6e95b) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0003 p:0000 s:4294967313 e:000018 METHOD t.rb:33
c:0002 p:0022 s:0006 e:000005 EVAL t.rb:52 [FINISH]
c:0001 p:0000 s:0003 E:000350 DUMMY [FINISH]
-- Ruby level backtrace information ----------------------------------------
t.rb:52:in '<main>'
t.rb:33:in 'create_no_file'
-- Threading information ---------------------------------------------------
Total ractor count: 1
Ruby thread count for this ractor: 1
-- Machine register context ------------------------------------------------
RIP: 0x000055a1cdc8bb9c RBP: 0x000055a1cee844b0 RSP: 0x00007ffcde5cdae0
RAX: 0x00007fc2436960a0 RBX: 0x00007fba43795f68 RCX: 0x0000000000000000
RDX: 0x000055a1cf115cf0 RDI: 0x0000000000000009 RSI: 0x00007fba28526860
R8: 0x00007fba436960a1 R9: 0x0000000000000000 R10: 0x00007fba28526860
R11: 0x0000000000000003 R12: 0x0000000000000006 R13: 0x00007fba2853b698
R14: 0x0000000d00000009 R15: 0x0000000000000b21 EFL: 0x0000000000010246
-- C level backtrace information -------------------------------------------
/home/ruby/t2/ruby/ruby(rb_print_backtrace+0x14) [0x55a1cdcae243] /home/ruby/t2/ruby/vm_dump.c:820
/home/ruby/t2/ruby/ruby(rb_vm_bugreport) /home/ruby/t2/ruby/vm_dump.c:1151
/home/ruby/t2/ruby/ruby(rb_bug_for_fatal_signal+0xf8) [0x55a1cde5abe8] /home/ruby/t2/ruby/error.c:1108
/home/ruby/t2/ruby/ruby(sigsegv+0x44) [0x55a1cdbf7864] /home/ruby/t2/ruby/signal.c:929
/lib/x86_64-linux-gnu/libc.so.6(0x7fba438f8050) [0x7fba438f8050]
/home/ruby/t2/ruby/ruby(vm_exec_handle_exception+0x2ac) [0x55a1cdc8bb9c] /home/ruby/t2/ruby/vm.c:2782
...
t.rb and the full crash report are attached.
Files
Updated by akr (Akira Tanaka) about 1 month ago
t.rb is not minimized because the probability of SEGV is reduced when I make the file smaller.
Updated by nobu (Nobuyoshi Nakada) about 1 month ago
Although I can't reproduce it, it looks like that catch_iseq is broken, from the backtrace.
Updated by akr (Akira Tanaka) about 1 month ago
- File crash2.txt crash2.txt added
git bisect shows the problem is caused by the following commit.
% git bisect bad
84e4453436c3549b4fda6014cdd5fcc9e0b80755 is the first bad commit
commit 84e4453436c3549b4fda6014cdd5fcc9e0b80755
Author: Aaron Patterson <tenderlove@ruby-lang.org>
Date: Tue Feb 7 17:46:42 2023 -0800
Use a functional red-black tree for indexing the shapes
This is an experimental commit that uses a functional red-black tree to
create an index of the ancestor shapes. It uses an Okasaki style
functional red black tree:
https://www.cs.tufts.edu/comp/150FP/archive/chris-okasaki/redblack99.pdf
This tree is advantageous because:
* It offers O(n log n) insertions and O(n log n) lookups.
* It shares memory with previous "versions" of the tree
When we insert a node in the tree, only the parts of the tree that need
to be rebalanced are newly allocated. Parts of the tree that don't need
to be rebalanced are not reallocated, so "new trees" are able to share
memory with old trees. This is in contrast to a sorted set where we
would have to duplicate the set, and also resort the set on each
insertion.
I've added a new stat to RubyVM.stat so we can understand how the red
black tree increases.
benchmark/vm_ivar_ic_miss.yml | 20 +++
rjit_c.rb | 5 +
shape.c | 309 ++++++++++++++++++++++++++++++++++++++++--
shape.h | 15 ++
vm.c | 8 +-
5 files changed, 342 insertions(+), 15 deletions(-)
create mode 100644 benchmark/vm_ivar_ic_miss.yml
% ./miniruby -v
ruby 3.3.0dev (2023-10-24T17:52:06Z v3_3_0_preview3~561 84e4453436) [x86_64-linux]
% ./miniruby t.rb
t.rb:32593: [BUG] Segmentation fault at 0x00007f596f3e1098
ruby 3.3.0dev (2023-10-24T17:52:06Z v3_3_0_preview3~561 84e4453436) [x86_64-linux]
-- Control frame information -----------------------------------------------
c:0003 p:21907 s:4294967313 e:000018 METHOD t.rb:32593
c:0002 p:0022 s:0006 e:000005 EVAL t.rb:52 [FINISH]
c:0001 p:0000 s:0003 E:001b90 DUMMY [FINISH]
-- Ruby level backtrace information ----------------------------------------
t.rb:52:in `<main>'
t.rb:32593:in `create_no_file'
-- Threading information ---------------------------------------------------
Total ractor count: 1
Ruby thread count for this ractor: 1
-- Machine register context ------------------------------------------------
RIP: 0x0000559323b21d31 RBP: 0x00007ffd7d3f5730 RSP: 0x00007ffd7d3f55e0
RAX: 0x00007f596f3e1098 RBX: 0x00007f51542a27c0 RCX: 0x00007f516f4e0f30
RDX: 0x00007f51542a27c0 RDI: 0x00007f516f3e10a0 RSI: 0x0000000000000080
R8: 0x00000000000005f5 R9: 0x0000559325ad6220 R10: 0x06c15729dbba7803
R11: 0x0000000000000090 R12: 0x00007f516f3e1040 R13: 0x0000000000000000
R14: 0x000055932591c490 R15: 0x00007f516f4e0f30 EFL: 0x0000000000010206
-- C level backtrace information -------------------------------------------
/home/ruby/t4/ruby/miniruby(rb_print_backtrace+0x20) [0x559323b2be67] /home/ruby/t4/ruby/vm_dump.c:812
/home/ruby/t4/ruby/miniruby(rb_vm_bugreport+0x28c) [0x559323b2c57e] /home/ruby/t4/ruby/vm_dump.c:1143
./miniruby(rb_bug_for_fatal_signal+0x143) [0x559323906dd1]
/home/ruby/t4/ruby/miniruby(sigsegv+0x75) [0x559323a70ced] /home/ruby/t4/ruby/signal.c:920
/home/ruby/t4/ruby/miniruby(sigill) (null):0
/lib/x86_64-linux-gnu/libc.so.6(0x7f516f641050) [0x7f516f641050]
/home/ruby/t4/ruby/miniruby(vm_exec_handle_exception+0xb18) [0x559323b21d31] /home/ruby/t4/ruby/vm.c:2687
...
The full crash log is attached as crash2.txt.
Actions
Like0
Like0Like0Like0