Bug #19601
Updated by alanwu (Alan Wu) over 1 year ago
We've identified a false collection bug with YJIT.
Symptoms can range from `[BUG] try to mark T_NONE object` to SEGVs.
Due to the bug requiring specific transient heap state to reproduce,
it may be hard to identify by looking at the crash-site stack trace.
`ruby --yjit-call-threshold=1` reproducer:
```ruby
class RegressionTest
def initialize
@a = @b = @fourth_ivar_does_shape_transition = nil
end
def extender
@first_extended_ivar = [:ok]
end
end
GC.stress = true
test = RegressionTest.new
# Used to crash due to GC run in rb_ensure_iv_list_size()
# not marking the newly allocated [:ok].
test.extender
GC.start RegressionTest.new.extender.itself
```
Fix: https://github.com/ruby/ruby/pull/7718