Project

General

Profile

Actions
Copy link

Bug #21208

open

`Ractor#send(move: true)` allow moving objects that are on the stack, and used by C code.

Bug #21208: `Ractor#send(move: true)` allow moving objects that are on the stack, and used by C code.

Added by byroot (Jean Boussier) 7 months ago. Updated 6 months ago.

Status:
Assigned
Assignee:
ractor
Target version:
-
ruby -v:
Backport:
3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN, 3.4: UNKNOWN
[ruby-core:121490]

Description

The following script causes a crash:

rac = Ractor.new do
  Ractor.receive
end

hash = Hash[*50.times]

hash.merge!(12 => 0, 14 => 0) do |key, old_val, new_val|
  if key == 12
    rac.send(hash, move: true)
  end
  new_val
end

p rac.take

Contrary to previous crashes related to send(move: true), I'm afraid this one is with the design of the feature itself, not just the implementation.

If we allow objects to be moved, any C code that calls rb_yield() may cause memory corruption if one of the objects it uses is moved.

I personally can't see any realistic solution to this.

Actions
Copy link

Also available in: PDF Atom