https://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17113305112012-09-22T08:01:24ZRuby Issue Tracking SystemBackport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=296522012-09-22T08:01:24Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>Redmine did not parse the patch URL correctly. It is <a href="https://gist.github.com/3764377" class="external">https://gist.github.com/3764377</a></p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=296762012-09-23T01:56:42Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>Oh, I also want to make it clear that this is broken on MRI too, for both the nested, same-thread case and the separate, concurrent thread cases. It needs to be patched.</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=296972012-09-24T15:53:13Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul></ul><p>Hi,</p>
<p>At Sat, 22 Sep 2012 07:59:51 +0900,<br>
headius (Charles Nutter) wrote in <a href="/issues/7046">[ruby-core:47638]</a>:</p>
<blockquote>
<p>I have provided a patch (<a href="https://gist.github.com/3764377" class="external">https://gist.github.com/3764377</a>) that is still very close to the toplevel binding, but instead uses the following logic each call to get a new, isolated binding in which to run the template:</p>
<p>eval "proc{binding}.call", TOPLEVEL_BINDING</p>
</blockquote>
<p>`TOPLEVEL_BINDING.dup' would work too.</p>
<p>--<br>
Nobu Nakada</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=297162012-09-25T02:58:31Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>In JRuby it does not appear that dup'ing a binding copies all structures over, so we'd need to fix that as well to use TOPLEVEL_BINDING.dup.</p>
<p>It appears we match 1.8.7 behavior still, for Binding#dup:</p>
<p>system ~/projects/jruby $ ruby-1.8.7-p358 -e "eval 'a = 1', TOPLEVEL_BINDING.dup; eval 'puts a', TOPLEVEL_BINDING.dup"<br>
1</p>
<p>system ~/projects/jruby $ jruby -e "eval 'a = 1', TOPLEVEL_BINDING.dup; eval 'puts a', TOPLEVEL_BINDING.dup"<br>
1</p>
<p>system ~/projects/jruby $ ruby-1.9.3 -e "eval 'a = 1', TOPLEVEL_BINDING.dup; eval 'puts a', TOPLEVEL_BINDING.dup"</p>
:in `': undefined local variable or method `a' for main:Object (NameError)
from -e:1:in `eval'
from -e:1:in `'
<p>Given that we would not be releasing patched ERB in any release other than one with this fixed, I think TOPLEVEL_BINDING.dup is probably the simplest way.</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=297242012-09-25T10:29:10Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul></ul><p>Hi,</p>
<p>At Tue, 25 Sep 2012 02:58:32 +0900,<br>
headius (Charles Nutter) wrote in <a href="/issues/7046">[ruby-core:47676]</a>:</p>
<blockquote>
<p>It appears we match 1.8.7 behavior still, for Binding#dup:</p>
</blockquote>
<p>1.8.7 is dying.</p>
<p>--<br>
Nobu Nakada</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=297352012-09-26T00:24:29Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>Indeed, and we will fix our 1.9 mode to work like 1.9.3.</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=297362012-09-26T01:28:49Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>We are shipping the proc-based fix in JRuby 1.7.0.RC1 today. There's a good chance we'll fix the Binding#dup behavior for 1.7.0, in which case we'd use the TOPLEVEL_BINDING.dup fix.</p>
<p>Functionally, I think they should both appear to be the same to any user.</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=306632012-10-15T04:47:40Zheadius (Charles Nutter)headius@headius.com
<ul></ul><p>Ping! I am wondering if a decision has been made about how to fix this. As mentioned, JRuby is shipping the proc-based fix.</p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=324062012-11-05T21:50:10Zmame (Yusuke Endoh)mame@ruby-lang.org
<ul><li><strong>Status</strong> changed from <i>Open</i> to <i>Assigned</i></li><li><strong>Assignee</strong> set to <i>nobu (Nobuyoshi Nakada)</i></li><li><strong>Target version</strong> set to <i>2.0.0</i></li></ul><p>Looks good to me. Nobu, do you have any concern?</p>
<p>--<br>
Yusuke Endoh <a href="mailto:mame@tsg.ne.jp" class="email">mame@tsg.ne.jp</a></p> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=327142012-11-09T23:33:12Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>This issue was solved with changeset r37594.<br>
Charles, thank you for reporting this issue.<br>
Your contribution to Ruby is greatly appreciated.<br>
May Ruby be with you.</p>
<hr>
<p>erb.rb: safe concurrent use</p>
<ul>
<li>lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for<br>
safe concurrent use. <a href="/issues/7046">[ruby-core:47638]</a> [Bug <a class="issue tracker-4 status-6 priority-4 priority-default closed" title="Backport: ERB#run and ERB#result are not safe for concurrent use (Rejected)" href="https://bugs.ruby-lang.org/issues/7046">#7046</a>]</li>
</ul> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=327152012-11-09T23:33:46Znobu (Nobuyoshi Nakada)nobu@ruby-lang.org
<ul><li><strong>Tracker</strong> changed from <i>Bug</i> to <i>Backport</i></li><li><strong>Project</strong> changed from <i>Ruby master</i> to <i>Backport193</i></li><li><strong>Category</strong> deleted (<del><i>lib</i></del>)</li><li><strong>Status</strong> changed from <i>Closed</i> to <i>Assigned</i></li><li><strong>Assignee</strong> changed from <i>nobu (Nobuyoshi Nakada)</i> to <i>usa (Usaku NAKAMURA)</i></li><li><strong>Target version</strong> deleted (<del><i>2.0.0</i></del>)</li></ul> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=346052012-12-11T19:14:10Zusa (Usaku NAKAMURA)usa@garbagecollect.jp
<ul><li><strong>Status</strong> changed from <i>Assigned</i> to <i>Closed</i></li></ul><p>This issue was solved with changeset r38318.<br>
Charles, thank you for reporting this issue.<br>
Your contribution to Ruby is greatly appreciated.<br>
May Ruby be with you.</p>
<hr>
<p>merge revision(s) 37594: [Backport <a class="issue tracker-4 status-6 priority-4 priority-default closed" title="Backport: ERB#run and ERB#result are not safe for concurrent use (Rejected)" href="https://bugs.ruby-lang.org/issues/7046">#7046</a>]</p>
<pre><code>* lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for
safe concurrent use. <a href="/issues/7046">[ruby-core:47638]</a> [Bug #7046]
</code></pre> Backport193 - Backport #7046: ERB#run and ERB#result are not safe for concurrent usehttps://bugs.ruby-lang.org/issues/7046?journal_id=348502012-12-19T20:51:09Zusa (Usaku NAKAMURA)usa@garbagecollect.jp
<ul><li><strong>Status</strong> changed from <i>Closed</i> to <i>Rejected</i></li></ul><p>I once backported r37594 at r38318, but it broke rubyspec.</p>