Project

General

Profile

Bug #19051

Updated by eightbitraptor (Matthew Valentine-House) over 1 year ago

[Github PR 6531](https://github.com/ruby/ruby/pull/6531) 

 During auto-compaction, T_IMEMO objects get moved around the heap. `vm->The global_cc_cache_table` is an array of pointers to callcache objects, stored as T_IMEMO's of type callcache on the GC heap. These pointers are never updated during the update references step of compaction. If the T_IMEMO object gets moved and another object allocated in the same slot, then the contents of the `global_cc_cache_table` will be incorrect, resulting in a crash when attempting to access it. 

 An example of this is during the mark phase when we attempt to check the validity of the callcache entry before marking it, but the object is not actually a callcache. 

 ``` 
 -- C level backtrace information ------------------------------------------- 
 /usr/local/ruby/bin/ruby(rb_print_backtrace+0x11) [0x5610067b325e] vm_dump.c:759 
 /usr/local/ruby/bin/ruby(rb_vm_bugreport) vm_dump.c:1045 
 /usr/local/ruby/bin/ruby(rb_bug_for_fatal_signal+0xec) [0x5610068603bc] error.c:821 
 /usr/local/ruby/bin/ruby(sigsegv+0x4d) [0x561006706d9d] signal.c:964 
 /lib/x86_64-linux-gnu/libpthread.so.0(__restore_rt+0x0) [0x7f87ce6ea420] 
 /usr/local/ruby/bin/ruby(vm_cc_invalidated_p+0x4) [0x5610067acb84] vm_callinfo.h:369 
 /usr/local/ruby/bin/ruby(rb_vm_mark) vm.c:2652 
 /usr/local/ruby/bin/ruby(gc_mark_roots+0x55) [0x5610065f4305] gc.c:7180 
 /usr/local/ruby/bin/ruby(gc_marks_start+0x13) [0x5610065f6450] gc.c:7852 
 /usr/local/ruby/bin/ruby(gc_marks) gc.c:8149 
 ``` 

Back