Syslog test fixes #4
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
March 24, 2011 18:54
LOG_PERROR isn't a POSIX option for syslog, so it fails on platforms that don't define it. Solaris 9 and 10 are examples of this. Use LOG_PID instead. Signed-off-by: Ben Walton <bwalton@artsci.utoronto.ca>
Instead of checking looking at the platform to determine if the tests relying on LOG_PERROR should be run, look for the definition of the constant as this will be robust against all platforms as long as the underlying syslog.c code sets it up correctly. This specifically addresses failures on Solaris 9. Signed-off-by: Ben Walton <bwalton@artsci.utoronto.ca>
|
Fix seems fine, I've forwarded this to our issue tracker. Stay tuned. |
|
merged. Thank you. |
|
Great! I've got a few more test failures on solaris 9 to sort out. Thanks On Fri, Mar 25, 2011 at 7:08 AM, shyouhei
Ben Walton bdwalton@gmail.com The impact of human uniqueness upon the world -Stephen Jay Gould |
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame ruby#14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame ruby#15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame ruby#16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame ruby#14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame ruby#15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame ruby#16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame ruby#17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame ruby#14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame ruby#15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame ruby#14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame ruby#15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame ruby#16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame ruby#17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame ruby#18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame ruby#19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame ruby#21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame ruby#22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame ruby#23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame ruby#24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame ruby#25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame ruby#26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame ruby#27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame ruby#14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame ruby#15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame ruby#16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame ruby#17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame ruby#18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame ruby#14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame ruby#15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame ruby#16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame ruby#17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame ruby#18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame ruby#19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame ruby#21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame ruby#22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame ruby#23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame ruby#24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame ruby#25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame ruby#26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame ruby#27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame ruby#28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame ruby#29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame ruby#30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame ruby#31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame ruby#32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame ruby#33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame ruby#34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame ruby#37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame ruby#38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame ruby#39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame ruby#40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame ruby#41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame ruby#42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame ruby#43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame ruby#44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame ruby#45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame ruby#46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame ruby#47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame ruby#48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame ruby#49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame ruby#50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame ruby#51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame ruby#53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame ruby#54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame ruby#55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame ruby#56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame ruby#57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 3, 2018
obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame ruby#14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame ruby#15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame ruby#16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame ruby#17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame ruby#18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame ruby#19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame ruby#21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame ruby#22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame ruby#23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame ruby#24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame ruby#25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame ruby#26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame ruby#27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame ruby#28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame ruby#29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame ruby#30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame ruby#31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame ruby#32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame ruby#35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame ruby#36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame ruby#37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame ruby#38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame ruby#39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame ruby#40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame ruby#41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame ruby#42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame ruby#43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame ruby#44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame ruby#47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame ruby#48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame ruby#49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame ruby#50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame ruby#51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
This function can be called from boot_defclass(). No assumption can be made about object internals. (lldb) run Process 2386 launched: './miniruby' (x86_64) Process 2386 stopped * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 318 VALUE 319 rb_class_path_cached(VALUE klass) 320 { -> 321 st_table *ivtbl = RCLASS_IV_TBL(klass); 322 st_data_t n; 323 324 if (!ivtbl) return Qnil; (lldb) bt * thread #1: tid = 0x13f3b6, 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x8) * frame #0: 0x00000001001e0b26 miniruby`rb_class_path_cached(klass=4311373720) + 20 at variable.c:321 frame #1: 0x000000010009cbd0 miniruby`rb_raw_obj_info(buff="0x0000000100fa5798 [2 ] T_CLASS", buff_size=256, obj=4311373720) + 1393 at gc.c:9341 frame #2: 0x000000010009cf16 miniruby`obj_info(obj=4311373720) + 98 at gc.c:9423 frame #3: 0x000000010008ca87 miniruby`newobj_init(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007cf280, obj=4311373720) + 338 at gc.c:1887 frame #4: 0x000000010008cd51 miniruby`newobj_of(klass=0, flags=66, v1=0, v2=0, v3=0, wb_protected=1) + 171 at gc.c:1970 frame #5: 0x000000010008ce1b miniruby`rb_wb_protected_newobj_of(klass=0, flags=66) + 54 at gc.c:1990 frame #6: 0x0000000100027563 miniruby`class_alloc(flags=2, klass=0) + 46 at class.c:165 frame #7: 0x000000010002761a miniruby`rb_class_boot(super=0) + 35 at class.c:203 frame #8: 0x0000000100028612 miniruby`boot_defclass(name="BasicObject", super=0) + 28 at class.c:537 frame #9: 0x000000010002868b miniruby`Init_class_hierarchy + 26 at class.c:548 frame #10: 0x00000001000efe69 miniruby`InitVM_Object + 9 at object.c:3892 frame #11: 0x00000001000f138e miniruby`Init_Object + 57 at object.c:4122 frame #12: 0x00000001000a59bd miniruby`rb_call_inits + 29 at inits.c:23 frame #13: 0x000000010007af30 miniruby`ruby_setup + 229 at eval.c:61 frame ruby#14: 0x000000010007af7e miniruby`ruby_init + 13 at eval.c:78 frame ruby#15: 0x0000000100000c58 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 88 at main.c:41 frame ruby#16: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
This function can be called from InitVM_Object(). No assumption can be made about object internals. (lldb) run Process 10675 launched: './miniruby' (x86_64) Process 10675 stopped * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 9380 const rb_method_entry_t *me = &RANY(obj)->as.imemo.ment; 9381 snprintf(buff, buff_size, "%s (called_id: %s, type: %s, alias: %d, owner: %s, defined_class: %s)", buff, 9382 rb_id2name(me->called_id), -> 9383 method_type_name(me->def->type), 9384 me->def->alias_count, 9385 obj_info(me->owner), 9386 obj_info(me->defined_class)); (lldb) p *me (rb_method_entry_t) $0 = { flags = 24602 defined_class = 4311488400 def = 0x0000000000000000 called_id = 3057 owner = 4311488400 } (lldb) bt * thread #1: tid = 0x14252c, 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bdda9 miniruby`rb_raw_obj_info(buff="0x0000000100fc1588 [0 ] T_IMEMO ment", buff_size=256, obj=4311487880) + 2489 at gc.c:9383 frame #1: 0x00000001000b7cbf miniruby`obj_info(obj=4311487880) + 95 at gc.c:9423 frame #2: 0x00000001000c16a8 miniruby`newobj_init(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1, objspace=0x00000001007ee280, obj=4311487880) + 424 at gc.c:1887 frame #3: 0x00000001000b4529 miniruby`newobj_of(klass=4311488400, flags=24602, v1=0, v2=3057, v3=4311488400, wb_protected=1) + 217 at gc.c:1970 frame #4: 0x00000001000b46ab miniruby`rb_imemo_new(type=imemo_ment, v1=0, v2=3057, v3=4311488400, v0=4311488400) + 75 at gc.c:2017 frame #5: 0x00000001002773b4 miniruby`rb_method_entry_alloc(called_id=3057, owner=4311488400, defined_class=4311488400, def=0x0000000000000000) + 52 at vm_method.c:368 frame #6: 0x0000000100277307 miniruby`rb_method_entry_create(called_id=3057, klass=4311488400, visi=METHOD_VISI_PRIVATE, def=0x0000000000000000) + 71 at vm_method.c:389 frame #7: 0x00000001002784c7 miniruby`rb_method_entry_make(klass=4311488400, mid=3057, defined_class=4311488400, visi=METHOD_VISI_PRIVATE, type=VM_METHOD_TYPE_CFUNC, def=0x0000000000000000, original_id=3057, opts=0x00007fff5fbfd9e8) + 1207 at vm_method.c:594 frame #8: 0x00000001002770f9 miniruby`rb_add_method(klass=4311488400, mid=3057, type=VM_METHOD_TYPE_CFUNC, opts=0x00007fff5fbfd9e8, visi=METHOD_VISI_PRIVATE) + 73 at vm_method.c:650 frame #9: 0x000000010027708a miniruby`rb_add_method_cfunc(klass=4311488400, mid=3057, func=(miniruby`rb_obj_dummy at object.c:1125), argc=0, visi=METHOD_VISI_PRIVATE) + 138 at vm_method.c:137 frame #10: 0x00000001000391e4 miniruby`rb_define_private_method(klass=4311488400, name="initialize", func=(miniruby`rb_obj_dummy at object.c:1125), argc=0) + 68 at class.c:1529 frame #11: 0x000000010013f5bf miniruby`InitVM_Object + 47 at object.c:3905 frame #12: 0x0000000100142ffd miniruby`Init_Object + 61 at object.c:4122 frame #13: 0x00000001000d4edd miniruby`rb_call_inits + 29 at inits.c:23 frame ruby#14: 0x000000010009fe66 miniruby`ruby_setup + 198 at eval.c:61 frame ruby#15: 0x000000010009febd miniruby`ruby_init + 13 at eval.c:78 frame ruby#16: 0x0000000100000a4d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame ruby#17: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61563 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
This function can be called from Init_VM(). No assumption can be made about object internals. (lldb) run Process 15734 launched: './miniruby' (x86_64) Process 15734 stopped * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 9270 static void 9271 rb_raw_iseq_info(char *buff, const int buff_size, const rb_iseq_t *iseq) 9272 { -> 9273 if (iseq->body->location.label) { 9274 VALUE path = rb_iseq_path(iseq); 9275 snprintf(buff, buff_size, "%s %s@%s:%d", buff, 9276 RSTRING_PTR(iseq->body->location.label), (lldb) p *iseq (rb_iseq_t) $0 = { flags = 28698 reserved1 = 0 body = 0x0000000000000000 aux = { compile_data = 0x0000000000000000 loader = (obj = 0, index = 0) trace_events = 0 } } (lldb) bt * thread #1: tid = 0x1441d4, 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x50) * frame #0: 0x00000001000bdfcb miniruby`rb_raw_iseq_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, iseq=0x0000000100f61f48) + 27 at gc.c:9273 frame #1: 0x00000001000bde72 miniruby`rb_raw_obj_info(buff="0x0000000100f61f48 [0 ] T_IMEMO iseq", buff_size=256, obj=4311097160) + 2786 at gc.c:9396 frame #2: 0x00000001000b7c5f miniruby`obj_info(obj=4311097160) + 95 at gc.c:9428 frame #3: 0x00000001000c16a8 miniruby`newobj_init(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x00000001007ee280, obj=4311097160) + 424 at gc.c:1887 frame #4: 0x00000001000b44c9 miniruby`newobj_of(klass=0, flags=28698, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1970 frame #5: 0x00000001000b464b miniruby`rb_imemo_new(type=imemo_iseq, v1=0, v2=0, v3=0, v0=0) + 75 at gc.c:2017 frame #6: 0x00000001000fd914 miniruby`iseq_imemo_alloc + 36 at iseq.h:156 frame #7: 0x00000001000f6e1d miniruby`iseq_alloc + 13 at iseq.c:211 frame #8: 0x00000001000f6bf8 miniruby`rb_iseq_new_with_opt(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, first_lineno=1, parent=0x0000000000000000, type=ISEQ_TYPE_TOP, option=0x0000000100335c30) + 56 at iseq.c:519 frame #9: 0x00000001000f6bb6 miniruby`rb_iseq_new(node=0x0000000000000000, name=4311097200, path=4311097200, realpath=8, parent=0x0000000000000000, type=ISEQ_TYPE_TOP) + 86 at iseq.c:480 frame #10: 0x0000000100284bb0 miniruby`Init_VM + 1040 at vm.c:3022 frame #11: 0x00000001000d4f7d miniruby`rb_call_inits + 189 at inits.c:55 frame #12: 0x000000010009fe06 miniruby`ruby_setup + 198 at eval.c:61 frame #13: 0x000000010009fe5d miniruby`ruby_init + 13 at eval.c:78 frame ruby#14: 0x00000001000009ed miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 93 at main.c:41 frame ruby#15: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
This function can be called from rb_data_typed_object_zalloc(). No assumption can be made about object internals. (lldb) run Process 22135 launched: './miniruby' (x86_64) Process 22135 stopped * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 1361 break; 1362 } 1363 #endif -> 1364 return block->type; 1365 } 1366 1367 static inline void (lldb) bt * thread #1: tid = 0x14a3af, 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x18) * frame #0: 0x000000010008ac8a miniruby`vm_block_type(block=0x0000000000000000) + 12 at vm_core.h:1364 frame #1: 0x000000010008acdb miniruby`vm_block_iseq(block=0x0000000000000000) + 24 at vm_core.h:1399 frame #2: 0x000000010008acc1 miniruby`vm_proc_iseq(procval=4310866360) + 32 at vm_core.h:1387 frame #3: 0x000000010009cbed miniruby`rb_raw_obj_info(buff="0x0000000100f299b8 [0 ] proc (Proc)", buff_size=256, obj=4310866360) + 1513 at gc.c:9349 frame #4: 0x000000010009cf01 miniruby`obj_info(obj=4310866360) + 98 at gc.c:9428 frame #5: 0x000000010008ca1b miniruby`newobj_init(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32, objspace=0x00000001007cf280, obj=4310866360) + 338 at gc.c:1887 frame #6: 0x000000010008cce5 miniruby`newobj_of(klass=4311027960, flags=12, v1=4298186080, v2=1, v3=0, wb_protected=32) + 171 at gc.c:1970 frame #7: 0x000000010008d01d miniruby`rb_data_typed_object_wrap(klass=4311027960, datap=0x0000000000000000, type=0x0000000100311d60) + 133 at gc.c:2062 frame #8: 0x000000010008d04e miniruby`rb_data_typed_object_zalloc(klass=4311027960, size=40, type=0x0000000100311d60) + 42 at gc.c:2073 frame #9: 0x000000010011b459 miniruby`rb_proc_alloc(klass=4311027960) + 36 at proc.c:113 frame #10: 0x0000000100204d8e miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x00000001025003f8, block_type=block_type_iseq, is_from_method='\0', is_lambda='\x01') + 44 at vm.c:814 frame #11: 0x00000001002050d8 miniruby`rb_vm_make_proc_lambda(ec=0x00000001007cf548, captured=0x00000001025003f8, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011c0d2 miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011c154 miniruby`rb_block_lambda + 27 at proc.c:808 frame ruby#14: 0x00000001001ee7e3 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000102400480) + 41 at vm_insnhelper.c:1729 frame ruby#15: 0x00000001001ef2c3 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 386 at vm_insnhelper.c:1918 frame ruby#16: 0x00000001001ef412 miniruby`vm_call_cfunc(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 149 at vm_insnhelper.c:1934 frame ruby#17: 0x00000001001f0655 miniruby`vm_call_method_each_type(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 239 at vm_insnhelper.c:2232 frame ruby#18: 0x00000001001f0ce0 miniruby`vm_call_method(ec=0x00000001007cf548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 117 at vm_insnhelper.c:2355 frame ruby#19: 0x00000001001f0eb6 miniruby`vm_call_general(ec=0x00000001007cf548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd4d0, ci=0x0000000102537be0, cc=0x000000010253e0f0) + 59 at vm_insnhelper.c:2398 frame #20: 0x00000001001f6e61 miniruby`vm_exec_core(ec=0x00000001007cf548, initial=0) + 7480 at insns.def:850 frame ruby#21: 0x0000000100207995 miniruby`vm_exec(ec=0x00000001007cf548) + 230 at vm.c:1771 frame ruby#22: 0x0000000100208647 miniruby`rb_iseq_eval_main(iseq=0x0000000100f29fd0) + 52 at vm.c:2019 frame ruby#23: 0x000000010007b750 miniruby`ruby_exec_internal(n=0x0000000100f29fd0) + 297 at eval.c:246 frame ruby#24: 0x000000010007b876 miniruby`ruby_exec_node(n=0x0000000100f29fd0) + 36 at eval.c:310 frame ruby#25: 0x000000010007b849 miniruby`ruby_run_node(n=0x0000000100f29fd0) + 62 at eval.c:302 frame ruby#26: 0x0000000100000c05 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame ruby#27: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61565 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
This imemo_name is used uninitialized because the switch above does not cover all possible imemo types. (lldb) run Process 26068 launched: './miniruby' (x86_64) Process 26068 stopped * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 libsystem_c.dylib`strlen: -> 0x7fff8a402132 <+18>: pcmpeqb (%rdi), %xmm0 0x7fff8a402136 <+22>: pmovmskb %xmm0, %esi 0x7fff8a40213a <+26>: andq $0xf, %rcx 0x7fff8a40213e <+30>: orq $-0x1, %rax (lldb) bt * thread #1: tid = 0x14ba96, 0x00007fff8a402132 libsystem_c.dylib`strlen + 18, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xfffffffffffffff0) * frame #0: 0x00007fff8a402132 libsystem_c.dylib`strlen + 18 frame #1: 0x00000001001f1531 miniruby`BSD_vfprintf(fp=0x00007fff5fbfc9e0, fmt0="%s %s", ap=0x00007fff5fbfcbf0) + 5873 at vsnprintf.c:1026 frame #2: 0x00000001001ef213 miniruby`ruby_do_vsnprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s", ap=0x00007fff5fbfcbf0) + 131 at sprintf.c:1285 frame #3: 0x00000001001ef3ea miniruby`ruby_snprintf(str="0x0000000100f46450 [0 ] T_IMEMO", n=256, fmt="%s %s") + 426 at sprintf.c:1300 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 frame #5: 0x00000001000b7bff miniruby`obj_info(obj=4310983760) + 95 at gc.c:9428 frame #6: 0x00000001000c1658 miniruby`newobj_init(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1, objspace=0x00000001007ee280, obj=4310983760) + 424 at gc.c:1887 frame #7: 0x00000001000b4469 miniruby`newobj_of(klass=0, flags=36890, v1=0, v2=4303040512, v3=4310983800, wb_protected=1) + 217 at gc.c:1970 frame #8: 0x00000001000b45eb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=4303040512, v3=4310983800, v0=0) + 75 at gc.c:2017 frame #9: 0x000000010011daed miniruby`rb_ast_new + 61 at node.c:1146 frame #10: 0x0000000100160e15 miniruby`rb_parser_compile_file_path(vparser=4310984400, fname=4310984960, file=4310984080, start=1) + 53 at parse.y:5776 frame #11: 0x00000001001e18ea miniruby`load_file_internal(argp_v=140734799795024) + 1834 at ruby.c:1907 frame #12: 0x00000001000a1bb5 miniruby`rb_ensure(b_proc=(miniruby`load_file_internal at ruby.c:1795), data1=140734799795024, e_proc=(miniruby`restore_load_file at ruby.c:2007), data2=140734799795024) + 245 at eval.c:1037 frame #13: 0x00000001001df4a4 miniruby`load_file(parser=4310984400, fname=4310984960, f=4310984080, script=1, opt=0x00007fff5fbfda28) + 100 at ruby.c:2026 frame ruby#14: 0x00000001001e084e miniruby`process_options(argc=0, argv=0x00007fff5fbfdc00, opt=0x00007fff5fbfda28) + 3454 at ruby.c:1682 frame ruby#15: 0x00000001001dfaae miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf0) + 238 at ruby.c:2257 frame ruby#16: 0x000000010009ff43 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf0) + 211 at eval.c:105 frame ruby#17: 0x0000000100000989 miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 105 at main.c:42 frame ruby#18: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) up 4 frame #4: 0x00000001000bdc61 miniruby`rb_raw_obj_info(buff="0x0000000100f46450 [0 ] T_IMEMO", buff_size=256, obj=4310983760) + 2353 at gc.c:9376 9373 #undef IMEMO_NAME 9374 default: UNREACHABLE; 9375 } -> 9376 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9377 9378 switch (imemo_type(obj)) { 9379 case imemo_ment: { (lldb) p imemo_name (const char *) $0 = 0xffffffffffffffff (lldb) p imemo_type(obj) (imemo_type) $1 = imemo_ast (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61566 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
obj_info() assumes the given object is alive. Passing freed objects to it results in SEGV. (lldb) run Process 29718 launched: './miniruby' (x86_64) Process 29718 stopped * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 266 } 267 else { 268 VM_ASSERT(RB_TYPE_P(pathobj, T_ARRAY)); -> 269 return RARRAY_AREF(pathobj, PATHOBJ_PATH); 270 } 271 } 272 (lldb) bt * thread #1: tid = 0x3082c5, 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) * frame #0: 0x00000001000bfaab miniruby`pathobj_path(pathobj=4478683640) + 70 at vm_core.h:269 frame #1: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x000000010af34a20) + 32 at iseq.c:723 frame #2: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, iseq=0x000000010af34a20) + 69 at gc.c:9274 frame #3: 0x000000010009e45a miniruby`rb_raw_obj_info(buff="0x000000010af34a20 [1 ] T_IMEMO iseq", buff_size=256, obj=4478683680) + 2191 at gc.c:9397 frame #4: 0x000000010009e4d5 miniruby`obj_info(obj=4478683680) + 98 at gc.c:9429 frame #5: 0x0000000100091ae3 miniruby`gc_page_sweep(objspace=0x00000001007d3280, heap=0x00000001007d32a0, sweep_page=0x000000010ae07bc0) + 622 at gc.c:3529 frame #6: 0x000000010009206a miniruby`gc_sweep_step(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 188 at gc.c:3705 frame #7: 0x0000000100092254 miniruby`gc_sweep_continue(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 133 at gc.c:3772 frame #8: 0x000000010008d7f9 miniruby`heap_prepare(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 48 at gc.c:1746 frame #9: 0x000000010008d8a1 miniruby`heap_get_freeobj_from_next_freepage(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 37 at gc.c:1769 frame #10: 0x000000010008d98d miniruby`heap_get_freeobj(objspace=0x00000001007d3280, heap=0x00000001007d32a0) + 83 at gc.c:1803 frame #11: 0x000000010008dcb0 miniruby`newobj_slowpath(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280, wb_protected=1) + 220 at gc.c:1930 frame #12: 0x000000010008dd6c miniruby`newobj_slowpath_wb_protected(klass=4334386280, flags=5, v1=0, v2=0, v3=0, objspace=0x00000001007d3280) + 76 at gc.c:1942 frame #13: 0x000000010008dea1 miniruby`newobj_of(klass=4334386280, flags=5, v1=0, v2=0, v3=0, wb_protected=1) + 221 at gc.c:1974 frame ruby#14: 0x000000010008df39 miniruby`rb_wb_protected_newobj_of(klass=4334386280, flags=5) + 54 at gc.c:1990 frame ruby#15: 0x0000000100195f7c miniruby`str_alloc(klass=4334386280) + 29 at string.c:692 frame ruby#16: 0x0000000100195fe9 miniruby`str_new0(klass=4334386280, ptr="gitm", len=4, termlen=1) + 73 at string.c:714 frame ruby#17: 0x000000010019633e miniruby`rb_enc_str_new(ptr="gitm", len=4, enc=0x00000001025d50a0) + 81 at string.c:766 frame ruby#18: 0x000000010010a80a miniruby`parser_str_new(p="gitm", n=4, enc=0x00000001025d50a0, func=66, enc0=0x00000001025d50a0) + 50 at parse.y:5817 frame ruby#19: 0x000000010010ce1a miniruby`parser_parse_string(parser=0x00000001042ac5c0, quote=0x000000010460c028) + 795 at parse.y:6675 frame #20: 0x00000001001120bd miniruby`parser_yylex(parser=0x00000001042ac5c0) + 159 at parse.y:8281 frame ruby#21: 0x0000000100115068 miniruby`yylex(lval=0x00007fff5fbf9948, yylloc=0x00007fff5fbf9ab0, parser=0x00000001042ac5c0) + 55 at parse.y:8931 frame ruby#22: 0x00000001000fc79f miniruby`ruby_yyparse(parser=0x00000001042ac5c0) + 1198 at parse.c:5798 frame ruby#23: 0x0000000100109f5a miniruby`yycompile0(arg=4364879296) + 317 at parse.y:5595 frame ruby#24: 0x0000000100214ef0 miniruby`rb_suppress_tracing(func=(miniruby`yycompile0 at parse.y:5565), arg=4364879296) + 349 at vm_trace.c:397 frame ruby#25: 0x000000010010a1df miniruby`yycompile(parser=0x00000001042ac5c0, fname=4443743440, line=1) + 126 at parse.y:5637 frame ruby#26: 0x000000010010a4c1 miniruby`parser_compile_string(vparser=4443743480, fname=4443743440, s=4443743520, line=1) + 191 at parse.y:5706 frame ruby#27: 0x000000010010a5b7 miniruby`rb_parser_compile_string_path(vparser=4443743480, f=4443743440, s=4443743520, line=1) + 58 at parse.y:5730 frame ruby#28: 0x0000000100206025 miniruby`eval_make_iseq(src=4443743520, fname=4443743440, line=1, bind=0x0000000000000000, base_block=0x00007fff5fbfb370) + 266 at vm_eval.c:1274 frame ruby#29: 0x0000000100206153 miniruby`eval_string_with_cref(self=4334412520, src=4443743520, cref=0x0000000000000000, file=52, line=1) + 197 at vm_eval.c:1307 frame ruby#30: 0x0000000100206389 miniruby`rb_f_eval(argc=1, argv=0x0000000102400eb8, self=4334412520) + 219 at vm_eval.c:1382 frame ruby#31: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_eval at vm_eval.c:1364), recv=4334412520, argc=1, argv=0x0000000102400eb8) + 47 at vm_insnhelper.c:1723 frame ruby#32: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 386 at vm_insnhelper.c:1918 frame ruby#33: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500d80, calling=0x00007fff5fbfbf50, ci=0x000000010263f240, cc=0x0000000100749b50) + 149 at vm_insnhelper.c:1934 frame ruby#34: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#35: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#36: 0x00000001002093f8 miniruby`invoke_block(ec=0x00000001007d3548, iseq=0x000000010252d7f0, self=4334412520, captured=0x0000000102500df8, cref=0x0000000000000000, type=572653569, opt_pc=0) + 224 at vm.c:988 frame ruby#37: 0x0000000100209766 miniruby`invoke_iseq_block_from_c(ec=0x00000001007d3548, captured=0x0000000102500df8, self=4334412520, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0) + 389 at vm.c:1040 frame ruby#38: 0x0000000100209824 miniruby`invoke_block_from_c_bh(ec=0x00000001007d3548, block_handler=4333768185, argc=0, argv=0x0000000000000000, passed_block_handler=0, cref=0x0000000000000000, is_lambda=0, force_blockarg=0) + 138 at vm.c:1058 frame ruby#39: 0x00000001002099d0 miniruby`vm_yield(ec=0x00000001007d3548, argc=0, argv=0x0000000000000000) + 69 at vm.c:1103 frame ruby#40: 0x0000000100205623 miniruby`rb_yield_0(argc=0, argv=0x0000000000000000) + 40 at vm_eval.c:970 frame ruby#41: 0x0000000100205964 miniruby`loop_i + 19 at vm_eval.c:1049 frame ruby#42: 0x000000010007db07 miniruby`rb_rescue2(b_proc=(miniruby`loop_i at vm_eval.c:1047), data1=0, r_proc=(miniruby`loop_stop at vm_eval.c:1056), data2=0) + 369 at eval.c:896 frame ruby#43: 0x0000000100205a2e miniruby`rb_f_loop(self=4334412520) + 121 at vm_eval.c:1100 frame ruby#44: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_f_loop at vm_eval.c:1098), recv=4334412520, argc=0, argv=0x0000000102400e80) + 41 at vm_insnhelper.c:1729 frame ruby#45: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 386 at vm_insnhelper.c:1918 frame ruby#46: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 149 at vm_insnhelper.c:1934 frame ruby#47: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 239 at vm_insnhelper.c:2232 frame ruby#48: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 253 at vm_insnhelper.c:2366 frame ruby#49: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500de0, calling=0x00007fff5fbfd4d0, ci=0x000000010263bbf0, cc=0x0000000102642118) + 59 at vm_insnhelper.c:2398 frame ruby#50: 0x00000001001fab2f miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 7480 at insns.def:850 frame ruby#51: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#52: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x000000010252dd90) + 52 at vm.c:2019 frame ruby#53: 0x000000010007c768 miniruby`ruby_exec_internal(n=0x000000010252dd90) + 297 at eval.c:246 frame ruby#54: 0x000000010007c88e miniruby`ruby_exec_node(n=0x000000010252dd90) + 36 at eval.c:310 frame ruby#55: 0x000000010007c861 miniruby`ruby_run_node(n=0x000000010252dd90) + 62 at eval.c:302 frame ruby#56: 0x000000010000138d miniruby`main(argc=2, argv=0x00007fff5fbfdbf0) + 113 at main.c:42 frame ruby#57: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) p ((struct RVALUE*)pathobj)->as.basic (RBasic) $0 = (flags = 0, klass = 4478683600) (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61568 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Jan 20, 2018
obj_info() assumes the given object is alive. OTOH gc_writebarrier_incremental is called before or in middle of object initialization. Can casue SEGV. (lldb) run Process 48188 launched: './miniruby' (x86_64) Process 48188 stopped * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 2069 static inline const VALUE * 2070 rb_array_const_ptr(VALUE a) 2071 { -> 2072 return FIX_CONST_VALUE_PTR((RBASIC(a)->flags & RARRAY_EMBED_FLAG) ? 2073 RARRAY(a)->as.ary : RARRAY(a)->as.heap.ptr); 2074 } 2075 (lldb) bt * thread #1: tid = 0x30fd53, 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00000001000bf7a9 miniruby`rb_array_const_ptr(a=5251291222225483145) + 12 at ruby.h:2072 frame #1: 0x00000001000bfaab miniruby`pathobj_path(pathobj=5251291222225483145) + 70 at vm_core.h:269 frame #2: 0x00000001000c25ff miniruby`rb_iseq_path(iseq=0x00000001025b71a8) + 32 at iseq.c:723 frame #3: 0x000000010009db09 miniruby`rb_raw_iseq_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, iseq=0x00000001025b71a8) + 69 at gc.c:9274 frame #4: 0x000000010009e1d5 miniruby`rb_raw_obj_info(buff="0x00000001025b7158 [0 ] proc (Proc)", buff_size=256, obj=4334514520) + 1546 at gc.c:9351 frame #5: 0x000000010009e4d5 miniruby`obj_info(obj=4334514520) + 98 at gc.c:9429 frame #6: 0x0000000100096658 miniruby`gc_writebarrier_incremental(a=4334514520, b=4334514600, objspace=0x00000001007d3280) + 61 at gc.c:5963 frame #7: 0x00000001000968ca miniruby`rb_gc_writebarrier(a=4334514520, b=4334514600) + 127 at gc.c:6009 frame #8: 0x00000001001eabe0 miniruby`rb_obj_written(a=4334514520, oldv=52, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 72 at ruby.h:1472 frame #9: 0x00000001001eac2c miniruby`rb_obj_write(a=4334514520, slot=0x000000010259ff10, b=4334514600, filename="/Users/urabe.shyouhei/data/src/pedantic/vm.c", line=821) + 70 at ruby.h:1489 frame #10: 0x0000000100208b6f miniruby`vm_proc_create_from_captured(klass=4311027960, captured=0x0000000102500338, block_type=block_type_ifunc, is_from_method='\0', is_lambda='\x01') + 137 at vm.c:821 frame #11: 0x0000000100208e5c miniruby`rb_vm_make_proc_lambda(ec=0x00000001007d3548, captured=0x0000000102500338, klass=4311027960, is_lambda='\x01') + 134 at vm.c:892 frame #12: 0x000000010011f08e miniruby`proc_new(klass=4311027960, is_lambda='\x01') + 445 at proc.c:752 frame #13: 0x000000010011f110 miniruby`rb_block_lambda + 27 at proc.c:808 frame ruby#14: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`rb_block_lambda at proc.c:807), recv=4310991600, argc=0, argv=0x0000000000000000) + 41 at vm_insnhelper.c:1729 frame ruby#15: 0x00000001002033de miniruby`vm_call0_cfunc_with_frame(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 370 at vm_eval.c:85 frame ruby#16: 0x00000001002034d9 miniruby`vm_call0_cfunc(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 59 at vm_eval.c:100 frame ruby#17: 0x000000010020368f miniruby`vm_call0_body(ec=0x00000001007d3548, calling=0x00007fff5fbfb080, ci=0x00007fff5fbfb070, cc=0x00007fff5fbfb0a0, argv=0x0000000000000000) + 436 at vm_eval.c:131 frame ruby#18: 0x000000010020326a miniruby`vm_call0(ec=0x00000001007d3548, recv=4310991600, id=2993, argc=0, argv=0x0000000000000000, me=0x0000000100f48110) + 142 at vm_eval.c:58 frame ruby#19: 0x0000000100203c60 miniruby`rb_call0(ec=0x00000001007d3548, recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL, self=4334514640) + 166 at vm_eval.c:296 frame #20: 0x0000000100204827 miniruby`rb_call(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000, scope=CALL_FCALL) + 84 at vm_eval.c:589 frame ruby#21: 0x000000010020518b miniruby`rb_funcallv(recv=4310991600, mid=2993, argc=0, argv=0x0000000000000000) + 52 at vm_eval.c:815 frame ruby#22: 0x000000010012242e miniruby`mlambda(method=0) + 45 at proc.c:2661 frame ruby#23: 0x0000000100205bac miniruby`rb_iterate0(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, ifunc=0x00000001025b71a8, ec=0x00000001007d3548) + 380 at vm_eval.c:1134 frame ruby#24: 0x0000000100205d16 miniruby`rb_iterate(it_proc=(miniruby`mlambda at proc.c:2660), data1=0, bl_proc=(miniruby`bmcall at proc.c:2666), data2=4334514640) + 88 at vm_eval.c:1166 frame ruby#25: 0x00000001001224c7 miniruby`method_to_proc(method=4334514640) + 43 at proc.c:2701 frame ruby#26: 0x00000001001f24a7 miniruby`call_cfunc_0(func=(miniruby`method_to_proc at proc.c:2688), recv=4334514640, argc=0, argv=0x0000000102400568) + 41 at vm_insnhelper.c:1729 frame ruby#27: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 386 at vm_insnhelper.c:1918 frame ruby#28: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 149 at vm_insnhelper.c:1934 frame ruby#29: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 239 at vm_insnhelper.c:2232 frame ruby#30: 0x00000001001f49a4 miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 117 at vm_insnhelper.c:2355 frame ruby#31: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x0000000102500350, calling=0x00007fff5fbfc030, ci=0x0000000100f2ec70, cc=0x0000000102735718) + 59 at vm_insnhelper.c:2398 frame ruby#32: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#33: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#34: 0x000000010020c3d1 miniruby`rb_iseq_eval(iseq=0x00000001007f8270) + 52 at vm.c:2008 frame ruby#35: 0x00000001000caa4a miniruby`rb_load_internal0(ec=0x00000001007d3548, fname=4310799960, wrap=0) + 631 at load.c:611 frame ruby#36: 0x00000001000cab36 miniruby`rb_load_internal(fname=4310799960, wrap=0) + 46 at load.c:642 frame ruby#37: 0x00000001000cae1d miniruby`rb_f_load(argc=1, argv=0x00000001024004b8) + 217 at load.c:710 frame ruby#38: 0x00000001001f247c miniruby`call_cfunc_m1(func=(miniruby`rb_f_load at load.c:695), recv=4311327440, argc=1, argv=0x00000001024004b8) + 47 at vm_insnhelper.c:1723 frame ruby#39: 0x00000001001f2f87 miniruby`vm_call_cfunc_with_frame(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 386 at vm_insnhelper.c:1918 frame ruby#40: 0x00000001001f30d6 miniruby`vm_call_cfunc(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 149 at vm_insnhelper.c:1934 frame ruby#41: 0x00000001001f4319 miniruby`vm_call_method_each_type(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 239 at vm_insnhelper.c:2232 frame ruby#42: 0x00000001001f4a2c miniruby`vm_call_method(ec=0x00000001007d3548, cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 253 at vm_insnhelper.c:2366 frame ruby#43: 0x00000001001f4b7a miniruby`vm_call_general(ec=0x00000001007d3548, reg_cfp=0x00000001025003e0, calling=0x00007fff5fbfd3e0, ci=0x0000000102541070, cc=0x0000000100f9e918) + 59 at vm_insnhelper.c:2398 frame ruby#44: 0x00000001001faf0e miniruby`vm_exec_core(ec=0x00000001007d3548, initial=0) + 8471 at insns.def:915 frame ruby#45: 0x000000010020b75d miniruby`vm_exec(ec=0x00000001007d3548) + 230 at vm.c:1771 frame ruby#46: 0x000000010020c40f miniruby`rb_iseq_eval_main(iseq=0x0000000100f21240) + 52 at vm.c:2019 frame ruby#47: 0x000000010007c774 miniruby`ruby_exec_internal(n=0x0000000100f21240) + 297 at eval.c:246 frame ruby#48: 0x000000010007c89a miniruby`ruby_exec_node(n=0x0000000100f21240) + 36 at eval.c:310 frame ruby#49: 0x000000010007c86d miniruby`ruby_run_node(n=0x0000000100f21240) + 62 at eval.c:302 frame ruby#50: 0x0000000100001399 miniruby`main(argc=9, argv=0x00007fff5fbfdae0) + 113 at main.c:42 frame ruby#51: 0x00007fff88eda5ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61569 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
pushed a commit
that referenced
this pull request
Jun 5, 2018
This is reported by @hasimo. Fixing a case like this: #0 __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 #1 0x00007fc7bd824dbd in __GI___pthread_mutex_lock (mutex=mutex@entry=0x55946d294440 <mjit_engine_mutex>) at ../nptl/pthread_mutex_lock.c:80 4 #2 0x000055946cec54d9 in rb_native_mutex_lock (lock=lock@entry=0x55946d294440 <mjit_engine_mutex>) at thread_pthread.c:211 #3 0x000055946cde10ca in CRITICAL_SECTION_START (msg=0x55946cfb5423 "mjit_gc_start_hook", level=4) at mjit.c:392 #4 mjit_gc_start_hook () at mjit.c:412 #5 0x000055946cda0dfe in gc_enter (event=0x55946cfaf91e "gc_rest", objspace=0x55946da51760) at gc.c:6623 #6 gc_rest (objspace=objspace@entry=0x55946da51760) at gc.c:6515 #7 0x000055946cd9f1cf in gc_rest (objspace=0x55946da51760) at gc.c:7841 #8 objspace_malloc_increase (objspace=objspace@entry=0x55946da51760, new_size=<optimized out>, old_size=old_size@entry=0, type=type@entry=MEMOP_TYPE_MALLOC, mem=0x7fc7a4439010) at gc.c:7842 #9 0x000055946cda1706 in objspace_malloc_fixup (size=<optimized out>, mem=0x7fc7a4439010, objspace=0x55946da51760) at gc.c:7910 #10 objspace_xmalloc0 (objspace=0x55946da51760, size=<optimized out>, size@entry=3145728) at gc.c:7939 #11 0x000055946cda3620 in ruby_xmalloc0 (size=3145728) at gc.c:8006 #12 ruby_xmalloc (size=size@entry=3145728) at gc.c:8015 #13 0x000055946ce93f4c in st_init_table_with_size (type=0x55946d28da30 <objhash>, size=<optimized out>) at st.c:602 ruby#14 0x000055946ce94287 in rebuild_table (tab=tab@entry=0x55946db669f0) at st.c:777 ruby#15 0x000055946ce963f7 in rebuild_table_if_necessary (tab=0x55946db669f0) at st.c:1139 ruby#16 st_add_direct_with_hash (hash=8577035585096733536, value=20, key=808451, tab=0x55946db669f0) at st.c:1207 ruby#17 st_update (tab=0x55946db669f0, key=key@entry=808451, func=<optimized out>, arg=140726472841392) at st.c:1512 ruby#18 0x000055946cda9e27 in tbl_update (optional_arg=<optimized out>, func=<optimized out>, key=<optimized out>, hash=<optimized out>) at hash.c:561 ruby#19 rb_hash_aset (hash=94095983218480, key=key@entry=808451, val=val@entry=20) at hash.c:1654 #20 0x000055946cde243a in mjit_add_class_serial (class_serial=class_serial@entry=404225) at mjit.c:1414 3 ruby#21 0x000055946cefcfab in rb_next_class_serial () at vm.c:321 ruby#22 0x000055946cf48324 in class_alloc (klass=<optimized out>, flags=28) at class.c:178 ruby#23 rb_include_class_new (module=module@entry=94096115733840, super=0) at class.c:820 ruby#24 0x000055946cf487ac in include_modules_at (klass=klass@entry=94096135960920, c=<optimized out>, module=<optimized out>, module@entry=94096115734160, search_super=search_super@entry=1) at class.c:913 ruby#25 0x000055946cf48ac8 in rb_include_module (klass=94096135960920, module=module@entry=94096115734160) at class.c:870 ruby#26 0x000055946cd84993 in rb_mod_append_features (module=94096115734160, include=<optimized out>) at eval.c:1178 ruby#27 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6c9a20, cc=0x7ffd6f6c9ba0, argv=0x7ffd6f6c9ba0, calling=0x7ffd6f6c9a30, ec=0x55946da519c8) at vm_eval.c:87 ruby#28 vm_call0_cfunc (argv=0x7ffd6f6c9ba0, cc=0x7ffd6f6c9ba0, ci=0x7ffd6f6c9a20, calling=0x7ffd6f6c9a30, ec=0x55946da519c8) at vm_eval.c:102 ruby#29 vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6c9ae0, ci=ci@entry=0x7ffd6f6c9ad0, cc=cc@entry=0x7ffd6f6c9b00, argv=argv@entry=0x7ffd6f6c9ba0) at vm_eval.c:133 ruby#30 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6c9ba0, argc=1, id=4849, recv=94096115734160, ec=0x55946da519c8) at vm_eval.c:60 ruby#31 rb_call0 (ec=0x55946da519c8, recv=94096115734160, mid=4849, mid@entry=94096135960920, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6c9ba0, scope=scope@entry=CALL_FCALL, self=94096135960920) at vm_eval.c:302 ruby#32 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x7ffd6f6c9ba0, argc=1, mid=94096135960920, recv=<optimized out>) at vm_eval.c:595 ruby#33 rb_funcallv (recv=<optimized out>, mid=mid@entry=4849, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6c9ba0) at vm_eval.c:825 ruby#34 0x000055946cd848a7 in rb_mod_include (argc=0, argv=0x7fc7bdb4fce8, module=94096135960920) at eval.c:1203 ruby#35 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594710c06b0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4df00, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#36 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4df00, calling=<optimized out>, ci=0x5594710c06b0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#37 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#38 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#39 0x000055946cf035fc in invoke_block (captured=0x7ffd6f6ca0a0, opt_pc=<optimized out>, type=<optimized out>, cref=0x559476c23930, self=94096135960920, iseq=0x559471335ee0, ec=0x55946da519c8) at vm.c:1005 ruby#40 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7ffd6f6ca0a0, self=94096135960920, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x559476c23930, is_lambda=0) at vm.c:1057 ruby#41 0x000055946cf04520 in invoke_block_from_c_bh (ec=ec@entry=0x55946da519c8, block_handler=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108, cref=<optimized out>, is_lambda=<optimized out>, is_lambda@entry=0, force_blockarg=0, passed_block_handler=0) at vm.c:1075 ruby#42 0x000055946cf04958 in vm_yield_with_cref (is_lambda=0, cref=<optimized out>, argv=0x7ffd6f6ca108, argc=1, ec=0x55946da519c8) at vm.c:1112 ruby#43 yield_under (under=94096135960920, self=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108) at vm_eval.c:1572 ruby#44 0x000055946cf04b12 in rb_mod_module_exec (argc=argc@entry=1, argv=argv@entry=0x7ffd6f6ca108, mod=<optimized out>) at vm_eval.c:1770 ruby#45 0x000055946ce00fc6 in rb_mod_initialize (module=94096135960920) at object.c:1978 ruby#46 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6ca130, cc=0x7fc7bdb4fc98, argv=0x7fc7bdb4fc98, calling=0x7ffd6f6ca140, ec=0x55946da519c8) at vm_eval.c:87 ruby#47 vm_call0_cfunc (argv=0x7fc7bdb4fc98, cc=0x7fc7bdb4fc98, ci=0x7ffd6f6ca130, calling=0x7ffd6f6ca140, ec=0x55946da519c8) at vm_eval.c:102 ruby#48 vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6ca1f0, ci=ci@entry=0x7ffd6f6ca1e0, cc=cc@entry=0x7ffd6f6ca210, argv=argv@entry=0x7fc7bdb4fc98) at vm_eval.c:133 ruby#49 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7fc7bdb4fc98, argc=0, id=3057, recv=94096135960920, ec=0x55946da519c8) at vm_eval.c:60 ruby#50 rb_call0 (ec=0x55946da519c8, recv=recv@entry=94096135960920, mid=mid@entry=3057, argc=argc@entry=3057, argv=argv@entry=0x0, scope=scope@entry=CALL_FCALL, self=94095983466120) at vm_eval.c:302 ruby#51 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x0, argc=3057, mid=3057, recv=94096135960920) at vm_eval.c:595 ruby#52 rb_funcallv (recv=recv@entry=94096135960920, mid=mid@entry=3057, argc=argc@entry=0, argv=argv@entry=0x7fc7bdb4fc98) at vm_eval.c:825 ruby#53 0x000055946cd89673 in rb_obj_call_init (obj=obj@entry=94096135960920, argc=argc@entry=0, argv=argv@entry=0x7fc7bdb4fc98) at eval.c:1590 ruby#54 0x000055946ce048a1 in rb_class_s_new (argc=0, argv=0x7fc7bdb4fc98, klass=<optimized out>) at object.c:2153 ruby#55 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x559471339c80, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4dfa8, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#56 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4dfa8, calling=<optimized out>, ci=0x559471339c80, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#57 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#58 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#59 0x000055946cf03274 in invoke_bmethod (ec=ec@entry=0x55946da519c8, iseq=iseq@entry=0x55946f15cbc0, self=self@entry=94096115734640, me=me@entry=0x559475664e28, type=type@entry=572653825, opt_pc=0, captured=0x55947158e8a0) at vm.c:1026 ruby#60 0x000055946cf03534 in invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x55947158e8a0, self=94096115734640, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=1) at vm.c:1060 ruby#61 0x000055946cf036ce in invoke_block_from_c_proc (ec=<optimized out>, proc=<optimized out>, self=<optimized out>, argc=1, argv=<optimized out>, passed_block_handler=<optimized out>, is_lambda=<optimized out>) at vm.c:1150 ruby#62 0x000055946cf03811 in vm_invoke_bmethod (block_handler=<optimized out>, argv=<optimized out>, argc=1, self=<optimized out>, proc=<optimized out>, ec=0x55946da519c8) at vm.c:1175 ruby#63 vm_call_bmethod_body (ci=<optimized out>, cc=0x55946f625960, argv=<optimized out>, calling=0x7ffd6f6ca9b0, ec=0x55946da519c8) at vm_insnhelper.c:1971 ruby#64 vm_call_bmethod (ec=0x55946da519c8, cfp=0x7fc7bdc4e0c0, calling=0x7ffd6f6ca9b0, ci=<optimized out>, cc=0x55946f625960) at vm_insnhelper.c:1988 ruby#65 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e0c0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#66 0x000055946cf0e63e in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:797 ruby#67 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#68 0x000055946cf06767 in vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6cad00, ci=ci@entry=0x7ffd6f6cacf0, cc=cc@entry=0x7ffd6f6cad20, argv=argv@entry=0x7ffd6f6cadb0) at vm_eval.c:129 ruby#69 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6cadb0, argc=1, id=3681, recv=94096115734640, ec=0x55946da519c8) at vm_eval.c:60 ruby#70 rb_call0 (ec=0x55946da519c8, recv=recv@entry=94096115734640, mid=3681, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cad90, scope=scope@entry=CALL_FCALL, self=94095983452880) at vm_eval.c:302 ruby#71 0x000055946cf07b9b in rb_call (scope=CALL_FCALL, argv=0x7ffd6f6cad90, argc=1, mid=<optimized out>, recv=94096115734640) at vm_eval.c:595 ruby#72 rb_funcallv (recv=recv@entry=94096115734640, mid=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cadb0) at vm_eval.c:825 ruby#73 0x000055946cf477d2 in rb_class_inherited (super=super@entry=94096115734640, klass=klass@entry=94096135961440) at class.c:625 ruby#74 0x000055946cf0f796 in vm_declare_class (super=<optimized out>, cbase=94096094868200, flags=<optimized out>, id=847387) at vm_insnhelper.c:3134 ruby#75 vm_define_class (super=<optimized out>, cbase=<optimized out>, flags=<optimized out>, id=847387) at vm_insnhelper.c:3167 ruby#76 vm_find_or_create_class_by_id (super=<optimized out>, cbase=<optimized out>, flags=<optimized out>, id=847387) at vm_insnhelper.c:3196 ruby#77 vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:685 ruby#78 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#79 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x559471f1b548) at vm.c:2046 ruby#80 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94096135872160, wrap=wrap@entry=0) at load.c:611 ruby#81 0x000055946cdd41f1 in rb_require_internal (fname=94096135872400, fname@entry=94096135872440, safe=0) at load.c:992 ruby#82 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94096135872440) at load.c:1038 ruby#83 rb_f_require (obj=<optimized out>, fname=94096135872440) at load.c:820 ruby#84 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594708700a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e168, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#85 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e168, calling=<optimized out>, ci=0x5594708700a0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#86 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e168, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#87 0x000055946cf0e63e in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:797 ruby#88 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#89 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4e490, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94096096426480, iseq=0x55946e49f0b8, ec=0x55946da519c8) at vm.c:1005 ruby#90 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4e490, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 ruby#91 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 ruby#92 vm_yield (argc=1, argv=0x7ffd6f6cb938, ec=<optimized out>) at vm.c:1120 ruby#93 rb_yield_0 (argv=0x7ffd6f6cb938, argc=1) at vm_eval.c:980 ruby#94 rb_yield_1 (val=94096130169040) at vm_eval.c:986 ruby#95 rb_yield (val=<optimized out>) at vm_eval.c:996 ruby#96 0x000055946cf2113d in rb_ary_each (ary=94096076222560) at array.c:1820 ruby#97 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946ed0d090, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e478, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#98 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e478, calling=<optimized out>, ci=0x55946ed0d090, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#99 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#100 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#101 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4e500, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94096096426480, iseq=0x55946e49f298, ec=0x55946da519c8) at vm.c:1005 ruby#102 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4e500, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 ruby#103 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 ruby#104 vm_yield (argc=1, argv=0x7ffd6f6cbdf8, ec=<optimized out>) at vm.c:1120 ruby#105 rb_yield_0 (argv=0x7ffd6f6cbdf8, argc=1) at vm_eval.c:980 ruby#106 rb_yield_1 (val=94096095502480) at vm_eval.c:986 ruby#107 rb_yield (val=<optimized out>) at vm_eval.c:996 ruby#108 0x000055946cf2113d in rb_ary_each (ary=94096095328480) at array.c:1820 ruby#109 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e8552a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e4e8, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#110 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e4e8, calling=<optimized out>, ci=0x55946e8552a0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#111 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#112 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#113 0x000055946cf06767 in vm_call0_body (ec=ec@entry=0x55946da519c8, calling=calling@entry=0x7ffd6f6cc2d0, ci=ci@entry=0x7ffd6f6cc2c0, cc=cc@entry=0x7ffd6f6cc2f0, argv=argv@entry=0x7ffd6f6cc390) at vm_eval.c:129 ruby#114 0x000055946cf074b2 in vm_call0 (me=<optimized out>, argv=0x7ffd6f6cc390, argc=0, id=135807, recv=94096096186440, ec=0x55946da519c8) at vm_eval.c:60 ruby#115 rb_call0 (ec=0x55946da519c8, recv=94096096186440, mid=135807, argc=<optimized out>, argv=argv@entry=0x8, scope=scope@entry=CALL_PUBLIC, self=94095993048320) at vm_eval.c:302 ruby#116 0x000055946cf0a31a in rb_call (scope=CALL_PUBLIC, argv=0x8, argc=<optimized out>, mid=<optimized out>, recv=<optimized out>) at vm_eval.c:595 ruby#117 rb_funcall_with_block (recv=<optimized out>, mid=<optimized out>, argc=argc@entry=0, argv=argv@entry=0x7ffd6f6cc390, passed_procval=passed_procval@entry=8) at vm_eval.c:857 ruby#118 0x000055946ceb319c in rb_sym_proc_call (mid=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7ffd6f6cc388, passed_proc=passed_proc@entry=8) at string.c:10480 ruby#119 0x000055946cf0477c in vm_yield_with_symbol (block_handler=0, argv=0x7ffd6f6cc388, argc=1, symbol=<optimized out>, ec=<optimized out>) at vm_insnhelper.c:2573 ruby#120 invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1084 ruby#121 vm_yield (argc=1, argv=0x7ffd6f6cc388, ec=<optimized out>) at vm.c:1120 ruby#122 rb_yield_0 (argv=0x7ffd6f6cc388, argc=1) at vm_eval.c:980 ruby#123 rb_yield_1 (val=94096096186440) at vm_eval.c:986 ruby#124 rb_yield (val=<optimized out>) at vm_eval.c:996 ruby#125 0x000055946cf2113d in rb_ary_each (ary=94095993048320) at array.c:1820 ruby#126 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x5594744d8280, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e590, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#127 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e590, calling=<optimized out>, ci=0x5594744d8280, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#128 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e590, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#129 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#130 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#131 0x000055946cf035fc in invoke_block (captured=0x7ffd6f6cc8e0, opt_pc=<optimized out>, type=<optimized out>, cref=0x559474604128, self=94096096426480, iseq=0x5594745027e8, ec=0x55946da519c8) at vm.c:1005 ruby#132 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7ffd6f6cc8e0, self=94096096426480, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x559474604128, is_lambda=0) at vm.c:1057 ruby#133 0x000055946cf04520 in invoke_block_from_c_bh (ec=ec@entry=0x55946da519c8, block_handler=<optimized out>, argc=argc@entry=1, argv=argv@entry=0x7fc7bdb4f7f8, cref=<optimized out>, is_lambda=<optimized out>, is_lambda@entry=0, force_blockarg=0, passed_block_handler=0) at vm.c:1075 ruby#134 0x000055946cf04958 in vm_yield_with_cref (is_lambda=0, cref=<optimized out>, argv=0x7fc7bdb4f7f8, argc=1, ec=0x55946da519c8) at vm.c:1112 ruby#135 yield_under (under=94096093646040, self=<optimized out>, argc=1, argv=0x7fc7bdb4f7f8) at vm_eval.c:1572 ruby#136 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e5cd230, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e600, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#137 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e600, calling=<optimized out>, ci=0x55946e5cd230, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#138 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#139 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#140 0x000055946cf035fc in invoke_block (captured=0x5594744c4fb0, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94095990659320, iseq=0x55946e192aa0, ec=0x55946da519c8) at vm.c:1005 ruby#141 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x5594744c4fb0, self=94095990659320, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 ruby#142 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 ruby#143 vm_yield (argc=1, argv=0x7ffd6f6ccdc8, ec=<optimized out>) at vm.c:1120 ruby#144 rb_yield_0 (argv=0x7ffd6f6ccdc8, argc=1) at vm_eval.c:980 ruby#145 rb_yield_1 (val=94096094867920) at vm_eval.c:986 ruby#146 rb_yield (val=<optimized out>) at vm_eval.c:996 ruby#147 0x000055946cf2113d in rb_ary_each (ary=94096094867160) at array.c:1820 ruby#148 0x000055946cf06829 in vm_call0_cfunc_with_frame (ci=0x7ffd6f6cce00, cc=0x7ffd6f6cce70, argv=0x7fc7bdb4f6b8, calling=0x7ffd6f6cce50, ec=0x55946da519c8) at vm_eval.c:87 ruby#149 vm_call0_cfunc (argv=0x7fc7bdb4f6b8, cc=0x7ffd6f6cce70, ci=0x7ffd6f6cce00, calling=0x7ffd6f6cce50, ec=0x55946da519c8) at vm_eval.c:102 ruby#150 vm_call0_body (ec=0x55946da519c8, calling=calling@entry=0x7ffd6f6ccec0, ci=ci@entry=0x7ffd6f6cceb0, cc=cc@entry=0x7ffd6f6ccee0, argv=0x7fc7bdb4f6b8) at vm_eval.c:133 ruby#151 0x000055946cf06c50 in vm_call0 (me=<optimized out>, argv=<optimized out>, argc=<optimized out>, id=<optimized out>, recv=<optimized out>, ec=<optimized out>) at vm_eval.c:60 ruby#152 rb_vm_call (ec=<optimized out>, recv=<optimized out>, id=<optimized out>, argc=<optimized out>, argv=<optimized out>, me=<optimized out>) at vm_eval.c:209 ruby#153 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946dba2780, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e7c0, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#154 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e7c0, calling=<optimized out>, ci=0x55946dba2780, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#155 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e7c0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#156 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#157 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#158 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946dfed3a8) at vm.c:2046 ruby#159 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095988939080, wrap=wrap@entry=0) at load.c:611 ruby#160 0x000055946cdd41f1 in rb_require_internal (fname=94095988939160, fname@entry=94095988939200, safe=0) at load.c:992 ruby#161 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94095988939200) at load.c:1038 ruby#162 rb_f_require (obj=<optimized out>, fname=94095988939200) at load.c:820 ruby#163 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946dffa920, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e948, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#164 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e948, calling=<optimized out>, ci=0x55946dffa920, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#165 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e948, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#166 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#167 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#168 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946dfee438) at vm.c:2046 ruby#169 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993039280, wrap=wrap@entry=0) at load.c:611 ruby#170 0x000055946cdd41f1 in rb_require_internal (fname=fname@entry=94095993043840, safe=0) at load.c:992 ruby#171 0x000055946cdd4493 in rb_require_safe (safe=<optimized out>, fname=94095993043840) at load.c:1038 ruby#172 rb_f_require (obj=<optimized out>, fname=94095993043840) at load.c:820 ruby#173 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946ea12160, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4e9b8, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#174 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4e9b8, calling=<optimized out>, ci=0x55946ea12160, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#175 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4e9b8, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#176 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#177 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#178 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e3d7c48) at vm.c:2046 ruby#179 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095988920840, wrap=<optimized out>) at load.c:611 ruby#180 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095988920840) at load.c:642 ruby#181 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 ruby#182 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e7c96e0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ea28, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#183 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ea28, calling=<optimized out>, ci=0x55946e7c96e0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#184 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ea28, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#185 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#186 0x000055946cf02f4c in vm_exec (ec=ec@entry=0x55946da519c8) at vm.c:1804 ruby#187 0x000055946cf035fc in invoke_block (captured=0x7fc7bdc4eae8, opt_pc=<optimized out>, type=<optimized out>, cref=0x0, self=94095998891400, iseq=0x55946e4dae10, ec=0x55946da519c8) at vm.c:1005 ruby#188 invoke_iseq_block_from_c (ec=0x55946da519c8, captured=0x7fc7bdc4eae8, self=94095998891400, argc=<optimized out>, argv=<optimized out>, passed_block_handler=0, cref=0x0, is_lambda=0) at vm.c:1057 ruby#189 0x000055946cf04699 in invoke_block_from_c_bh (argc=<optimized out>, passed_block_handler=<optimized out>, cref=<optimized out>, is_lambda=<optimized out>, force_blockarg=<optimized out>, argv=<optimized out>, block_handler=<optimized out>, ec=<optimized out>) at vm.c:1075 ruby#190 vm_yield (argc=1, argv=0x7ffd6f6ce8e8, ec=<optimized out>) at vm.c:1120 ruby#191 rb_yield_0 (argv=0x7ffd6f6ce8e8, argc=1) at vm_eval.c:980 ruby#192 rb_yield_1 (val=94095988924840) at vm_eval.c:986 ruby#193 rb_yield (val=<optimized out>) at vm_eval.c:996 ruby#194 0x000055946cf2113d in rb_ary_each (ary=94095988920960) at array.c:1820 ruby#195 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e421000, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ead0, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#196 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ead0, calling=<optimized out>, ci=0x55946e421000, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#197 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ead0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#198 0x000055946cf0cb05 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:716 ruby#199 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#200 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e35f2c0) at vm.c:2046 ruby#201 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095992643280, wrap=<optimized out>) at load.c:611 ruby#202 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095992643280) at load.c:642 ruby#203 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 ruby#204 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e24bb20, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ec58, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#205 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ec58, calling=<optimized out>, ci=0x55946e24bb20, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#206 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ec58, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#207 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#208 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#209 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e3a7390) at vm.c:2046 ruby#210 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993616120, wrap=<optimized out>) at load.c:611 ruby#211 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095993616120) at load.c:642 ruby#212 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 ruby#213 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e6a00d0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4ecc8, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#214 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4ecc8, calling=<optimized out>, ci=0x55946e6a00d0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#215 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4ecc8, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#216 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#217 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#218 0x000055946cf118d1 in rb_iseq_eval (iseq=iseq@entry=0x55946e470100) at vm.c:2046 ruby#219 0x000055946cdd2164 in rb_load_internal0 (ec=ec@entry=0x55946da519c8, fname=fname@entry=94095993672200, wrap=<optimized out>) at load.c:611 ruby#220 0x000055946cdd2850 in rb_load_internal (wrap=0, fname=94095993672200) at load.c:642 ruby#221 rb_f_load (argc=<optimized out>, argv=<optimized out>) at load.c:710 ruby#222 0x000055946cefb61f in vm_call_cfunc_with_frame (ci=0x55946e3306a0, cc=<optimized out>, calling=<optimized out>, reg_cfp=0x7fc7bdc4efa0, ec=0x55946da519c8) at vm_insnhelper.c:1928 ruby#223 vm_call_cfunc (ec=0x55946da519c8, reg_cfp=0x7fc7bdc4efa0, calling=<optimized out>, ci=0x55946e3306a0, cc=<optimized out>) at vm_insnhelper.c:1944 ruby#224 0x000055946cf03ea3 in vm_call_method (ec=0x55946da519c8, cfp=0x7fc7bdc4efa0, calling=<optimized out>, ci=<optimized out>, cc=<optimized out>) at vm_insnhelper.c:2417 ruby#225 0x000055946cf0b5c2 in vm_exec_core (ec=ec@entry=0x55946da519c8, initial=initial@entry=0) at /tmp/ruby-build.20180216151216.13740/ruby-trunk/insns.def:779 ruby#226 0x000055946cf02f4c in vm_exec (ec=0x55946da519c8) at vm.c:1804 ruby#227 0x000055946cf119d5 in rb_iseq_eval_main (iseq=iseq@entry=0x55946e4bbba0) at vm.c:2057 ruby#228 0x000055946cd83d54 in ruby_exec_internal (n=0x55946e4bbba0) at eval.c:247 ruby#229 0x000055946cd87fdf in ruby_exec_node (n=0x55946e4bbba0) at eval.c:311 ruby#230 ruby_run_node (n=<optimized out>) at eval.c:303 ruby#231 0x000055946cd831bf in main (argc=22, argv=0x7ffd6f6d0148) at ./main.c:42 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Oct 18, 2018
This funcion can be called from inside of rb_ast_new(). Should add appropriate case branches. (lldb) run Process 9135 launched: './miniruby' (x86_64) Process 9135 stopped * thread #1: tid = 0xdf36b, 0x00000001000ca4f9 miniruby`rb_raw_obj_info(buff="0x000000010205d158 [0 ] T_IMEMO", buff_size=256, obj=4328903000) + 2361 at gc.c:9617, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0) frame #0: 0x00000001000ca4f9 miniruby`rb_raw_obj_info(buff="0x000000010205d158 [0 ] T_IMEMO", buff_size=256, obj=4328903000) + 2361 at gc.c:9617 9614 IMEMO_NAME(iseq); 9615 IMEMO_NAME(tmpbuf); 9616 #undef IMEMO_NAME -> 9617 default: UNREACHABLE; 9618 } 9619 snprintf(buff, buff_size, "%s %s", buff, imemo_name); 9620 (lldb) bt * thread #1: tid = 0xdf36b, 0x00000001000ca4f9 miniruby`rb_raw_obj_info(buff="0x000000010205d158 [0 ] T_IMEMO", buff_size=256, obj=4328903000) + 2361 at gc.c:9617, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0) * frame #0: 0x00000001000ca4f9 miniruby`rb_raw_obj_info(buff="0x000000010205d158 [0 ] T_IMEMO", buff_size=256, obj=4328903000) + 2361 at gc.c:9617 frame #1: 0x00000001000c433f miniruby`obj_info(obj=4328903000) + 95 at gc.c:9671 frame #2: 0x00000001000ce2ac miniruby`newobj_init(klass=4302478608, flags=36890, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x0000000101800410, obj=4328903000) + 444 at gc.c:1882 frame #3: 0x00000001000c0a49 miniruby`newobj_of(klass=4302478608, flags=36890, v1=0, v2=0, v3=0, wb_protected=1) + 217 at gc.c:1968 frame #4: 0x00000001000c0bcb miniruby`rb_imemo_new(type=imemo_ast, v1=0, v2=0, v3=0, v0=4302478608) + 75 at gc.c:2017 frame #5: 0x0000000100148f2a miniruby`rb_ast_new + 58 at node.c:1118 frame #6: 0x000000010018d9e2 miniruby`yycompile(vparser=4328903720, p=0x0000000100729670, fname=4328903160, line=1) + 98 at parse.y:4925 frame #7: 0x000000010018d66f miniruby`parser_compile_string(vparser=4328903720, fname=4328903160, s=4328904440, line=1) + 143 at parse.y:4995 frame #8: 0x000000010018d768 miniruby`rb_parser_compile_string_path(vparser=4328903720, f=4328903160, s=4328904440, line=1) + 56 at parse.y:5015 frame #9: 0x000000010018d71e miniruby`rb_parser_compile_string(vparser=4328903720, f="-e", s=4328904440, line=1) + 62 at parse.y:5008 frame #10: 0x00000001002130d5 miniruby`process_options(argc=0, argv=0x00007fff5fbfdc08, opt=0x00007fff5fbfd9e8) + 3477 at ruby.c:1754 frame #11: 0x00000001002122dd miniruby`ruby_process_options(argc=2, argv=0x00007fff5fbfdbf8) + 285 at ruby.c:2332 frame #12: 0x00000001000aa966 miniruby`ruby_options(argc=2, argv=0x00007fff5fbfdbf8) + 262 at eval.c:118 frame #13: 0x0000000100000ed4 miniruby`main(argc=2, argv=0x00007fff5fbfdbf8) + 116 at main.c:42 frame ruby#14: 0x00007fff933845ad libdyld.dylib`start + 1 frame ruby#15: 0x00007fff933845ad libdyld.dylib`start + 1 (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Nov 12, 2018
This is rather nitpicking but at the moment the process terminates, heap_pages_final_slots overflows. (lldb) bt * thread #1: tid = 0xc0903, 0x00000001002b3bf7 miniruby`finalize_list(objspace=0x0000000101c09240, zombie=4329149840) + 999 at gc.c:2946, queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0) * frame #0: 0x00000001002b3bf7 miniruby`finalize_list(objspace=0x0000000101c09240, zombie=4329149840) + 999 at gc.c:2946 frame #1: 0x000000010026a69e miniruby`rb_objspace_call_finalizer(objspace=0x0000000101c09240) + 7118 at gc.c:3092 frame #2: 0x0000000100268ac5 miniruby`rb_gc_call_finalizer_at_exit + 149 at gc.c:3015 frame #3: 0x00000001002272bc miniruby`ruby_finalize_1 + 156 at eval.c:146 frame #4: 0x00000001002282b6 miniruby`ruby_cleanup(ex=0) + 4070 at eval.c:238 frame #5: 0x0000000100228785 miniruby`ruby_run_node(n=0x0000000102060ad8) + 85 at eval.c:317 frame #6: 0x0000000100000b9c miniruby`main(argc=2, argv=0x00007fff5fbfdc38) + 124 at main.c:42 frame #7: 0x00007fff9966a5ad libdyld.dylib`start + 1 frame #8: 0x00007fff9966a5ad libdyld.dylib`start + 1 (lldb) p objspace->heap_pages (rb_objspace::(anonymous struct)) $0 = { sorted = 0x0000000101c070b0 allocated_pages = 24 allocatable_pages = 0 sorted_length = 24 range = { [0] = 0x0000000102020028 [1] = 0x00000001020dbfd0 } freeable_pages = 0 final_slots = 0 deferred_final = 4329149840 } (lldb) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65633 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
added a commit
that referenced
this pull request
Apr 24, 2019
autoload_reset() can read this state.result. Because autoload_reset
is a function passed to rb_ensure, there is a chance when an
execption raises before actually filling this memory region.
test/ruby/test_defined.rb:test_autoload_noload is one of such case.
Found using memory sanitizer.
==54014==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x557a683f3e5a in autoload_reset variable.c:2372:9
#1 0x557a6707a93b in rb_ensure eval.c:1084:5
#2 0x557a683efbf5 in rb_autoload_load variable.c:2475:14
#3 0x557a685fc460 in vm_get_ev_const vm_insnhelper.c:938:4
#4 0x557a68448e0a in vm_exec_core insns.def:267:11
shyouhei
added a commit
that referenced
this pull request
Apr 24, 2019
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
autoload_reset() can read this state.result. Because autoload_reset
is a function passed to rb_ensure, there is a chance when an
execption raises before actually filling this memory region.
test/ruby/test_defined.rb:test_autoload_noload is one of such case.
Found using memory sanitizer.
==54014==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x557a683f3e5a in autoload_reset variable.c:2372:9
#1 0x557a6707a93b in rb_ensure eval.c:1084:5
#2 0x557a683efbf5 in rb_autoload_load variable.c:2475:14
#3 0x557a685fc460 in vm_get_ev_const vm_insnhelper.c:938:4
#4 0x557a68448e0a in vm_exec_core insns.def:267:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
GC.stress unveils that an ivptr allocated using transient heap gets
marked right before it evacuates to normal heaps (the evacuation
itself triggers GC).
Should fill something beforehand.
=================================================================
==60984==ERROR: AddressSanitizer: use-after-poison on address 0x7f0fcfdf0020 at pc 0x55bdaad55381 bp 0x7fffcddc0910 sp 0x7fffcddc0908
READ of size 8 at 0x7f0fcfdf0020 thread T0
#0 0x55bdaad55380 in gc_mark_children gc.c:5063:39
#1 0x55bdaad6b7c2 in gc_mark_stacked_objects gc.c:5156:9
#2 0x55bdaad6cb1a in gc_mark_stacked_objects_all gc.c:5196:12
#3 0x55bdaad6a180 in gc_marks_rest gc.c:6109:2
#4 0x55bdaad6ef51 in gc_marks gc.c:6169:6
#5 0x55bdaad63bfd in gc_start gc.c:6974:2
#6 0x55bdaad4fa73 in garbage_collect gc.c:6869:12
#7 0x55bdaad7866e in garbage_collect_with_gvl gc.c:7127:9
#8 0x55bdaad784d6 in objspace_malloc_gc_stress gc.c:9270:9
#9 0x55bdaad56f29 in objspace_xmalloc0 gc.c:9416:5
#10 0x55bdaad56ef2 in ruby_xmalloc2_body gc.c:9623:12
#11 0x55bdaad615dc in ruby_xmalloc2 gc.c:11479:12
#12 0x55bdab26a601 in obj_ivar_heap_alloc variable.c:1405:18
#13 0x55bdab27a35b in obj_ivar_heap_realloc variable.c:1418:23
ruby#14 0x55bdab26ac98 in obj_ivar_set variable.c:1490:26
ruby#15 0x55bdab2621fd in rb_ivar_set variable.c:1513:16
ruby#16 0x55bdab2e841d in vm_setivar vm_insnhelper.c:1118:12
ruby#17 0x55bdab2ecca4 in vm_setinstancevariable vm_insnhelper.c:1130:5
ruby#18 0x55bdab28113c in vm_exec_core insns.def:227:5
0x7f0fcfdf0020 is located 26181664 bytes inside of 33554432-byte region [0x7f0fce4f8000,0x7f0fd04f8000)
allocated by thread T0 here:
#0 0x55bdaacd3047 in posix_memalign (ruby+0x1c2047)
#1 0x55bdaad56b75 in rb_aligned_malloc gc.c:9195:9
#2 0x55bdab24c523 in transient_heap_block_alloc transient_heap.c:296:24
#3 0x55bdab24c1fe in Init_TransientHeap transient_heap.c:435:39
#4 0x55bdaada26f8 in rb_call_inits inits.c:20:5
#5 0x55bdaad076af in ruby_setup eval.c:74:2
#6 0x55bdaad0796c in ruby_init eval.c:91:17
#7 0x55bdaad01598 in main main.c:41:2
#8 0x7f0fd344cb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: use-after-poison gc.c:5063:39 in gc_mark_children
Shadow bytes around the buggy address:
0x0fe279fb5fb0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fd0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fe0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5ff0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
=>0x0fe279fb6000: 00 00 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6010: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6020: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6030: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6040: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6050: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==60984==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
ec->cfp->iseq might not exist at the very beginning of a thread.
=================================================================
==82954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc86f334810 at pc 0x55ceaf013125 bp 0x7ffe2eddbbf0 sp 0x7ffe2eddbbe8
READ of size 8 at 0x7fc86f334810 thread T0
#0 0x55ceaf013124 in vm_check_canary vm_insnhelper.c:217:24
#1 0x55ceaefb4796 in vm_push_frame vm_insnhelper.c:276:5
#2 0x55ceaf0124bd in th_init vm.c:2661:5
#3 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#4 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#5 0x55ceaef0038b in thread_s_new thread.c:872:20
#6 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#7 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#8 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#9 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#10 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
#11 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
#12 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
#13 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#14 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#15 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
ruby#17 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#18 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#19 0x55ceae88c486 in main main.c:42:9
#20 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x55ceae7e5289 in _start (miniruby+0x15f289)
0x7fc86f334810 is located 16 bytes to the right of 1048576-byte region [0x7fc86f234800,0x7fc86f334800)
allocated by thread T0 here:
#0 0x55ceae85d56d in malloc (miniruby+0x1d756d)
#1 0x55ceaea71d12 in objspace_xmalloc0 gc.c:9416:5
#2 0x55ceaea71cd2 in ruby_xmalloc2_body gc.c:9623:12
#3 0x55ceaea7d09c in ruby_xmalloc2 gc.c:11479:12
#4 0x55ceaf00c3b7 in rb_thread_recycle_stack vm.c:2462:12
#5 0x55ceaf012256 in th_init vm.c:2656:29
#6 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#7 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#8 0x55ceaef0038b in thread_s_new thread.c:872:20
#9 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#10 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#11 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#12 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#13 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
ruby#14 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
ruby#15 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
ruby#16 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#17 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#18 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#19 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
#20 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#21 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#22 0x55ceae88c486 in main main.c:42:9
ruby#23 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow vm_insnhelper.c:217:24 in vm_check_canary
Shadow bytes around the buggy address:
0x0ff98de5e8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff98de5e900: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==82954==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
rb_io_fptr_finalize_internal frees the memory region.
=================================================================
==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438
READ of size 4 at 0x610000000d8c thread T0
#0 0x5608e38077f6 in rb_io_memsize io.c:4749:24
#1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14
#2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2
#3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5
#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18
#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x5608e3522289 in _start (miniruby+0x15f289)
0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00)
freed by thread T0 here:
#0 0x5608e359a2ed in free (miniruby+0x1d72ed)
#1 0x5608e37af421 in objspace_xfree gc.c:9591:5
#2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2
#3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5
#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5
#5 0x5608e38191ed in rb_f_backquote io.c:9020:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
previously allocated by thread T0 here:
#0 0x5608e359a56d in malloc (miniruby+0x1d756d)
#1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5
#2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12
#3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12
#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12
#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19
#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10
#7 0x5608e3850ea0 in pipe_open io.c:6707:5
#8 0x5608e384edb4 in pipe_open_s io.c:6772:12
#9 0x5608e381910b in rb_f_backquote io.c:9014:12
#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#20 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#23 0x5608e35c9486 in main main.c:42:9
ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in
rb_io_memsize
Shadow bytes around the buggy address:
0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==85264==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
autoload_reset() can read this state.result. Because autoload_reset
is a function passed to rb_ensure, there is a chance when an
execption raises before actually filling this memory region.
test/ruby/test_defined.rb:test_autoload_noload is one of such case.
Found using memory sanitizer.
==54014==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x557a683f3e5a in autoload_reset variable.c:2372:9
#1 0x557a6707a93b in rb_ensure eval.c:1084:5
#2 0x557a683efbf5 in rb_autoload_load variable.c:2475:14
#3 0x557a685fc460 in vm_get_ev_const vm_insnhelper.c:938:4
#4 0x557a68448e0a in vm_exec_core insns.def:267:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
GC.stress unveils that an ivptr allocated using transient heap gets
marked right before it evacuates to normal heaps (the evacuation
itself triggers GC).
Should fill something beforehand.
=================================================================
==60984==ERROR: AddressSanitizer: use-after-poison on address 0x7f0fcfdf0020 at pc 0x55bdaad55381 bp 0x7fffcddc0910 sp 0x7fffcddc0908
READ of size 8 at 0x7f0fcfdf0020 thread T0
#0 0x55bdaad55380 in gc_mark_children gc.c:5063:39
#1 0x55bdaad6b7c2 in gc_mark_stacked_objects gc.c:5156:9
#2 0x55bdaad6cb1a in gc_mark_stacked_objects_all gc.c:5196:12
#3 0x55bdaad6a180 in gc_marks_rest gc.c:6109:2
#4 0x55bdaad6ef51 in gc_marks gc.c:6169:6
#5 0x55bdaad63bfd in gc_start gc.c:6974:2
#6 0x55bdaad4fa73 in garbage_collect gc.c:6869:12
#7 0x55bdaad7866e in garbage_collect_with_gvl gc.c:7127:9
#8 0x55bdaad784d6 in objspace_malloc_gc_stress gc.c:9270:9
#9 0x55bdaad56f29 in objspace_xmalloc0 gc.c:9416:5
#10 0x55bdaad56ef2 in ruby_xmalloc2_body gc.c:9623:12
#11 0x55bdaad615dc in ruby_xmalloc2 gc.c:11479:12
#12 0x55bdab26a601 in obj_ivar_heap_alloc variable.c:1405:18
#13 0x55bdab27a35b in obj_ivar_heap_realloc variable.c:1418:23
ruby#14 0x55bdab26ac98 in obj_ivar_set variable.c:1490:26
ruby#15 0x55bdab2621fd in rb_ivar_set variable.c:1513:16
ruby#16 0x55bdab2e841d in vm_setivar vm_insnhelper.c:1118:12
ruby#17 0x55bdab2ecca4 in vm_setinstancevariable vm_insnhelper.c:1130:5
ruby#18 0x55bdab28113c in vm_exec_core insns.def:227:5
0x7f0fcfdf0020 is located 26181664 bytes inside of 33554432-byte region [0x7f0fce4f8000,0x7f0fd04f8000)
allocated by thread T0 here:
#0 0x55bdaacd3047 in posix_memalign (ruby+0x1c2047)
#1 0x55bdaad56b75 in rb_aligned_malloc gc.c:9195:9
#2 0x55bdab24c523 in transient_heap_block_alloc transient_heap.c:296:24
#3 0x55bdab24c1fe in Init_TransientHeap transient_heap.c:435:39
#4 0x55bdaada26f8 in rb_call_inits inits.c:20:5
#5 0x55bdaad076af in ruby_setup eval.c:74:2
#6 0x55bdaad0796c in ruby_init eval.c:91:17
#7 0x55bdaad01598 in main main.c:41:2
#8 0x7f0fd344cb96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: use-after-poison gc.c:5063:39 in gc_mark_children
Shadow bytes around the buggy address:
0x0fe279fb5fb0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fc0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fd0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5fe0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb5ff0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
=>0x0fe279fb6000: 00 00 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6010: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6020: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6030: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6040: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
0x0fe279fb6050: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==60984==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
ec->cfp->iseq might not exist at the very beginning of a thread.
=================================================================
==82954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc86f334810 at pc 0x55ceaf013125 bp 0x7ffe2eddbbf0 sp 0x7ffe2eddbbe8
READ of size 8 at 0x7fc86f334810 thread T0
#0 0x55ceaf013124 in vm_check_canary vm_insnhelper.c:217:24
#1 0x55ceaefb4796 in vm_push_frame vm_insnhelper.c:276:5
#2 0x55ceaf0124bd in th_init vm.c:2661:5
#3 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#4 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#5 0x55ceaef0038b in thread_s_new thread.c:872:20
#6 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#7 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#8 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#9 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#10 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
#11 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
#12 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
#13 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#14 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#15 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
ruby#17 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#18 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#19 0x55ceae88c486 in main main.c:42:9
#20 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x55ceae7e5289 in _start (miniruby+0x15f289)
0x7fc86f334810 is located 16 bytes to the right of 1048576-byte region [0x7fc86f234800,0x7fc86f334800)
allocated by thread T0 here:
#0 0x55ceae85d56d in malloc (miniruby+0x1d756d)
#1 0x55ceaea71d12 in objspace_xmalloc0 gc.c:9416:5
#2 0x55ceaea71cd2 in ruby_xmalloc2_body gc.c:9623:12
#3 0x55ceaea7d09c in ruby_xmalloc2 gc.c:11479:12
#4 0x55ceaf00c3b7 in rb_thread_recycle_stack vm.c:2462:12
#5 0x55ceaf012256 in th_init vm.c:2656:29
#6 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#7 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#8 0x55ceaef0038b in thread_s_new thread.c:872:20
#9 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#10 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#11 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#12 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#13 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
ruby#14 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
ruby#15 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
ruby#16 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#17 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#18 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#19 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
#20 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#21 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#22 0x55ceae88c486 in main main.c:42:9
ruby#23 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow vm_insnhelper.c:217:24 in vm_check_canary
Shadow bytes around the buggy address:
0x0ff98de5e8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff98de5e900: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==82954==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
rb_io_fptr_finalize_internal frees the memory region.
=================================================================
==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438
READ of size 4 at 0x610000000d8c thread T0
#0 0x5608e38077f6 in rb_io_memsize io.c:4749:24
#1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14
#2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2
#3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5
#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18
#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x5608e3522289 in _start (miniruby+0x15f289)
0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00)
freed by thread T0 here:
#0 0x5608e359a2ed in free (miniruby+0x1d72ed)
#1 0x5608e37af421 in objspace_xfree gc.c:9591:5
#2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2
#3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5
#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5
#5 0x5608e38191ed in rb_f_backquote io.c:9020:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
previously allocated by thread T0 here:
#0 0x5608e359a56d in malloc (miniruby+0x1d756d)
#1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5
#2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12
#3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12
#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12
#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19
#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10
#7 0x5608e3850ea0 in pipe_open io.c:6707:5
#8 0x5608e384edb4 in pipe_open_s io.c:6772:12
#9 0x5608e381910b in rb_f_backquote io.c:9014:12
#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#20 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#23 0x5608e35c9486 in main main.c:42:9
ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in
rb_io_memsize
Shadow bytes around the buggy address:
0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==85264==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
autoload_reset() can read this state.result. Because autoload_reset
is a function passed to rb_ensure, there is a chance when an
execption raises before actually filling this memory region.
test/ruby/test_defined.rb:test_autoload_noload is one of such case.
Found using memory sanitizer.
==54014==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x557a683f3e5a in autoload_reset variable.c:2372:9
#1 0x557a6707a93b in rb_ensure eval.c:1084:5
#2 0x557a683efbf5 in rb_autoload_load variable.c:2475:14
#3 0x557a685fc460 in vm_get_ev_const vm_insnhelper.c:938:4
#4 0x557a68448e0a in vm_exec_core insns.def:267:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
ec->cfp->iseq might not exist at the very beginning of a thread.
=================================================================
==82954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc86f334810 at pc 0x55ceaf013125 bp 0x7ffe2eddbbf0 sp 0x7ffe2eddbbe8
READ of size 8 at 0x7fc86f334810 thread T0
#0 0x55ceaf013124 in vm_check_canary vm_insnhelper.c:217:24
#1 0x55ceaefb4796 in vm_push_frame vm_insnhelper.c:276:5
#2 0x55ceaf0124bd in th_init vm.c:2661:5
#3 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#4 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#5 0x55ceaef0038b in thread_s_new thread.c:872:20
#6 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#7 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#8 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#9 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#10 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
#11 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
#12 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
#13 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#14 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#15 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
ruby#17 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#18 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#19 0x55ceae88c486 in main main.c:42:9
#20 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x55ceae7e5289 in _start (miniruby+0x15f289)
0x7fc86f334810 is located 16 bytes to the right of 1048576-byte region [0x7fc86f234800,0x7fc86f334800)
allocated by thread T0 here:
#0 0x55ceae85d56d in malloc (miniruby+0x1d756d)
#1 0x55ceaea71d12 in objspace_xmalloc0 gc.c:9416:5
#2 0x55ceaea71cd2 in ruby_xmalloc2_body gc.c:9623:12
#3 0x55ceaea7d09c in ruby_xmalloc2 gc.c:11479:12
#4 0x55ceaf00c3b7 in rb_thread_recycle_stack vm.c:2462:12
#5 0x55ceaf012256 in th_init vm.c:2656:29
#6 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#7 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#8 0x55ceaef0038b in thread_s_new thread.c:872:20
#9 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#10 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#11 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#12 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#13 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
ruby#14 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
ruby#15 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
ruby#16 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#17 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#18 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#19 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
#20 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#21 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#22 0x55ceae88c486 in main main.c:42:9
ruby#23 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow vm_insnhelper.c:217:24 in vm_check_canary
Shadow bytes around the buggy address:
0x0ff98de5e8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff98de5e900: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==82954==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
rb_io_fptr_finalize_internal frees the memory region.
=================================================================
==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438
READ of size 4 at 0x610000000d8c thread T0
#0 0x5608e38077f6 in rb_io_memsize io.c:4749:24
#1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14
#2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2
#3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5
#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18
#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x5608e3522289 in _start (miniruby+0x15f289)
0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00)
freed by thread T0 here:
#0 0x5608e359a2ed in free (miniruby+0x1d72ed)
#1 0x5608e37af421 in objspace_xfree gc.c:9591:5
#2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2
#3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5
#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5
#5 0x5608e38191ed in rb_f_backquote io.c:9020:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
previously allocated by thread T0 here:
#0 0x5608e359a56d in malloc (miniruby+0x1d756d)
#1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5
#2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12
#3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12
#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12
#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19
#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10
#7 0x5608e3850ea0 in pipe_open io.c:6707:5
#8 0x5608e384edb4 in pipe_open_s io.c:6772:12
#9 0x5608e381910b in rb_f_backquote io.c:9014:12
#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#20 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#23 0x5608e35c9486 in main main.c:42:9
ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in
rb_io_memsize
Shadow bytes around the buggy address:
0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==85264==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
autoload_reset() can read this state.result. Because autoload_reset
is a function passed to rb_ensure, there is a chance when an
execption raises before actually filling this memory region.
test/ruby/test_defined.rb:test_autoload_noload is one of such case.
Found using memory sanitizer.
==54014==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x557a683f3e5a in autoload_reset variable.c:2372:9
#1 0x557a6707a93b in rb_ensure eval.c:1084:5
#2 0x557a683efbf5 in rb_autoload_load variable.c:2475:14
#3 0x557a685fc460 in vm_get_ev_const vm_insnhelper.c:938:4
#4 0x557a68448e0a in vm_exec_core insns.def:267:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
memo.float_value might change inside of hash_sum. In case it
flipped from false to true there, and the calculated sum is Inf,
memo.c might not be initialized at all. This is bad.
Found using memory sanitizer:
==55293==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55dfb8d6c529 in rb_float_new_inline internal.h:1814:53
#1 0x55dfb8d1b30c in enum_sum enum.c:4017:18
#2 0x55dfb86d75ad in call_cfunc_m1 vm_insnhelper.c:2041:12
#3 0x55dfb864b141 in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#4 0x55dfb85e843d in vm_call_cfunc vm_insnhelper.c:2225:12
#5 0x55dfb85e08f3 in vm_call_method_each_type vm_insnhelper.c:2560:9
#6 0x55dfb85de9c7 in vm_call_method vm_insnhelper.c:2686:13
#7 0x55dfb849eac6 in vm_call_general vm_insnhelper.c:2730:12
#8 0x55dfb8686103 in vm_sendish vm_insnhelper.c:3623:11
#9 0x55dfb84dc29e in vm_exec_core insns.def:789:11
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
ec->cfp->iseq might not exist at the very beginning of a thread.
=================================================================
==82954==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fc86f334810 at pc 0x55ceaf013125 bp 0x7ffe2eddbbf0 sp 0x7ffe2eddbbe8
READ of size 8 at 0x7fc86f334810 thread T0
#0 0x55ceaf013124 in vm_check_canary vm_insnhelper.c:217:24
#1 0x55ceaefb4796 in vm_push_frame vm_insnhelper.c:276:5
#2 0x55ceaf0124bd in th_init vm.c:2661:5
#3 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#4 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#5 0x55ceaef0038b in thread_s_new thread.c:872:20
#6 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#7 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#8 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#9 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#10 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
#11 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
#12 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
#13 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#14 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#15 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
ruby#17 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#18 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#19 0x55ceae88c486 in main main.c:42:9
#20 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x55ceae7e5289 in _start (miniruby+0x15f289)
0x7fc86f334810 is located 16 bytes to the right of 1048576-byte region [0x7fc86f234800,0x7fc86f334800)
allocated by thread T0 here:
#0 0x55ceae85d56d in malloc (miniruby+0x1d756d)
#1 0x55ceaea71d12 in objspace_xmalloc0 gc.c:9416:5
#2 0x55ceaea71cd2 in ruby_xmalloc2_body gc.c:9623:12
#3 0x55ceaea7d09c in ruby_xmalloc2 gc.c:11479:12
#4 0x55ceaf00c3b7 in rb_thread_recycle_stack vm.c:2462:12
#5 0x55ceaf012256 in th_init vm.c:2656:29
#6 0x55ceaf00d5eb in ruby_thread_init vm.c:2690:5
#7 0x55ceaf00d4b1 in rb_thread_alloc vm.c:2703:5
#8 0x55ceaef0038b in thread_s_new thread.c:872:20
#9 0x55ceaf04d8c1 in call_cfunc_m1 vm_insnhelper.c:2041:12
#10 0x55ceaf03118d in vm_call_cfunc_with_frame vm_insnhelper.c:2207:11
#11 0x55ceaf017985 in vm_call_cfunc vm_insnhelper.c:2225:12
#12 0x55ceaf01548b in vm_call_method_each_type vm_insnhelper.c:2560:9
#13 0x55ceaf014c96 in vm_call_method vm_insnhelper.c:2686:13
ruby#14 0x55ceaefb5de4 in vm_call_general vm_insnhelper.c:2730:12
ruby#15 0x55ceaf03c868 in vm_sendish vm_insnhelper.c:3623:11
ruby#16 0x55ceaefc95bb in vm_exec_core insns.def:771:11
ruby#17 0x55ceaf006700 in rb_vm_exec vm.c:1892:22
ruby#18 0x55ceaf00acbf in rb_iseq_eval_main vm.c:2151:11
ruby#19 0x55ceaea250ca in ruby_exec_internal eval.c:262:2
#20 0x55ceaea2498b in ruby_exec_node eval.c:326:12
ruby#21 0x55ceaea247d0 in ruby_run_node eval.c:318:25
ruby#22 0x55ceae88c486 in main main.c:42:9
ruby#23 0x7fc874330b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-buffer-overflow vm_insnhelper.c:217:24 in vm_check_canary
Shadow bytes around the buggy address:
0x0ff98de5e8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ff98de5e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ff98de5e900: fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e910: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e920: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e930: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e940: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0ff98de5e950: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==82954==ABORTING
shyouhei
added a commit
that referenced
this pull request
Apr 26, 2019
rb_io_fptr_finalize_internal frees the memory region.
=================================================================
==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438
READ of size 4 at 0x610000000d8c thread T0
#0 0x5608e38077f6 in rb_io_memsize io.c:4749:24
#1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14
#2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2
#3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5
#4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18
#5 0x5608e38191f9 in rb_f_backquote io.c:9021:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
ruby#21 0x5608e3522289 in _start (miniruby+0x15f289)
0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00)
freed by thread T0 here:
#0 0x5608e359a2ed in free (miniruby+0x1d72ed)
#1 0x5608e37af421 in objspace_xfree gc.c:9591:5
#2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2
#3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5
#4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5
#5 0x5608e38191ed in rb_f_backquote io.c:9020:5
#6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
#10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
#11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
#12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
#13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#19 0x5608e35c9486 in main main.c:42:9
#20 0x7f62e9421b96 in __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
previously allocated by thread T0 here:
#0 0x5608e359a56d in malloc (miniruby+0x1d756d)
#1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5
#2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12
#3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12
#4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12
#5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19
#6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10
#7 0x5608e3850ea0 in pipe_open io.c:6707:5
#8 0x5608e384edb4 in pipe_open_s io.c:6772:12
#9 0x5608e381910b in rb_f_backquote io.c:9014:12
#10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12
#11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11
#12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12
#13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9
ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13
ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12
ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11
ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11
ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22
ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11
#20 0x5608e37620ca in ruby_exec_internal eval.c:262:2
ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12
ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25
ruby#23 0x5608e35c9486 in main main.c:42:9
ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in
rb_io_memsize
Shadow bytes around the buggy address:
0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==85264==ABORTING
shyouhei
added a commit
that referenced
this pull request
Dec 16, 2019
This changeset makes no difference unless GC_DEBUG is on. When that flag is set, struct RVALUE is bigger than struct RObject. We have to take care of the additional fields. Otherwise we get a SIGSEGV like shown below. The way obj is initialized in this patch works for both GC_DEBUG is on and off. See also ISO/IEC 9899:1999 section 6.7.8 paragraph ruby#21. ``` Program received signal SIGSEGV, Segmentation fault. __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62 62 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory (gdb) bt #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62 #1 0x00005555557dd9a7 in BSD_vfprintf (fp=0x7fffffff6be0, fmt0=0x5555558f3059 "@%s:%d", ap=0x7fffffff6dd0) at vsnprintf.c:1027 #2 0x00005555557db6f5 in ruby_do_vsnprintf (str=0x555555bfc58d <obj_info_buffers+1325> "", n=211, fmt=0x5555558f3059 "@%s:%d", ap=0x7fffffff6dd0) at sprintf.c:1022 #3 0x00005555557db909 in ruby_snprintf (str=0x555555bfc58d <obj_info_buffers+1325> "", n=211, fmt=0x5555558f3059 "@%s:%d") at sprintf.c:1040 #4 0x0000555555661ef4 in rb_raw_obj_info (buff=0x555555bfc560 <obj_info_buffers+1280> "0x0000555555d2bfa0 [0 ] T_STRING (String)", buff_size=256, obj=93825000456096) at gc.c:11449 #5 0x000055555565baaf in obj_info (obj=93825000456096) at gc.c:11612 #6 0x000055555565bae1 in rgengc_remembered (objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:6618 #7 0x0000555555666987 in newobj_init (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:2134 #8 0x0000555555666e49 in newobj_slowpath (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, objspace=0x555555c0a1c0, wb_protected=1) at gc.c:2209 #9 0x0000555555666b94 in newobj_slowpath_wb_protected (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, objspace=0x555555c0a1c0) at gc.c:2220 #10 0x000055555565751b in newobj_of (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1) at gc.c:2256 #11 0x00005555556575ca in rb_wb_protected_newobj_of (klass=93824999964192, flags=5) at gc.c:2272 #12 0x00005555557f36ea in str_alloc (klass=93824999964192) at string.c:728 #13 0x00005555557f2128 in rb_str_buf_new (capa=0) at string.c:1317 ruby#14 0x000055555578c66d in rb_reg_preprocess (p=0x555555cc8148 "^-(.)(.+)?", end=0x555555cc8152 "", enc=0x555555cc7c80, fixed_enc=0x7fffffff74e8, err=0x7fffffff75f0 "") at re.c:2682 ruby#15 0x000055555578ea13 in rb_reg_initialize (obj=93825000046736, s=0x555555cc8148 "^-(.)(.+)?", len=10, enc=0x555555cc7c80, options=0, err=0x7fffffff75f0 "", sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2808 ruby#16 0x000055555578e285 in rb_reg_initialize_str (obj=93825000046736, str=93825000046904, options=0, err=0x7fffffff75f0 "", sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2869 ruby#17 0x000055555578ee02 in rb_reg_compile (str=93825000046904, options=0, sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2958 ruby#18 0x0000555555748dfb in rb_parser_reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12157 ruby#19 0x00005555557581c3 in parser_reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12151 #20 0x00005555557580ac in reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12167 ruby#21 0x0000555555746ebb in new_regexp (p=0x555555d1f760, node=0x555555dece68, options=0, loc=0x7fffffff89e8) at parse.y:10072 ruby#22 0x000055555573d1f5 in ruby_yyparse (p=0x555555d1f760) at parse.y:4395 ruby#23 0x000055555574a582 in yycompile0 (arg=93825000404832) at parse.y:5945 ruby#24 0x00005555558c6898 in rb_suppress_tracing (func=0x55555574a470 <yycompile0>, arg=93825000404832) at vm_trace.c:427 ruby#25 0x0000555555748290 in yycompile (vparser=93824999283456, p=0x555555d1f760, fname=93824999283624, line=1) at parse.y:5994 ruby#26 0x00005555557481ae in rb_parser_compile_file_path (vparser=93824999283456, fname=93824999283624, file=93824999283400, start=1) at parse.y:6098 ruby#27 0x00005555557cdd35 in load_file_internal (argp_v=140737488331760) at ruby.c:2023 ruby#28 0x00005555556438c5 in rb_ensure (b_proc=0x5555557cd610 <load_file_internal>, data1=140737488331760, e_proc=0x5555557cddd0 <restore_load_file>, data2=140737488331760) at eval.c:1128 ruby#29 0x00005555557cb68b in load_file (parser=93824999283456, fname=93824999283624, f=93824999283400, script=0, opt=0x7fffffffa468) at ruby.c:2142 ruby#30 0x00005555557cb339 in rb_parser_load_file (parser=93824999283456, fname_v=93824999283624) at ruby.c:2164 ruby#31 0x00005555556ba3e1 in load_iseq_eval (ec=0x555555c0a650, fname=93824999283624) at load.c:579 ruby#32 0x00005555556b857a in require_internal (ec=0x555555c0a650, fname=93824999284352, exception=1) at load.c:1016 ruby#33 0x00005555556b7967 in rb_require_string (fname=93824999284464) at load.c:1105 ruby#34 0x00005555556b7939 in rb_f_require (obj=93824999994824, fname=93824999284464) at load.c:811 ruby#35 0x00005555558b7ae0 in call_cfunc_1 (recv=93824999994824, argc=1, argv=0x7ffff7ecd0a8, func=0x5555556b7920 <rb_f_require>) at vm_insnhelper.c:2348 ruby#36 0x00005555558a8889 in vm_call_cfunc_with_frame (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10, empty_kw_splat=0) at vm_insnhelper.c:2513 ruby#37 0x000055555589fb5c in vm_call_cfunc (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:2538 ruby#38 0x000055555589f22e in vm_call_method_each_type (ec=0x555555c0a650, cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:2924 ruby#39 0x000055555589ef47 in vm_call_method (ec=0x555555c0a650, cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:3038 ruby#40 0x0000555555866dbd in vm_call_general (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:3075 ruby#41 0x00005555558ae557 in vm_sendish (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, cd=0x555555d76a10, block_handler=0, method_explorer=0x5555558ae5d0 <vm_search_method_wrap>) at vm_insnhelper.c:4021 ruby#42 0x000055555587745b in vm_exec_core (ec=0x555555c0a650, initial=0) at insns.def:801 ruby#43 0x0000555555899b9c in rb_vm_exec (ec=0x555555c0a650, mjit_enable_p=1) at vm.c:1907 ruby#44 0x000055555589aaf0 in rb_iseq_eval_main (iseq=0x555555c1da80) at vm.c:2166 ruby#45 0x0000555555641f0b in rb_ec_exec_node (ec=0x555555c0a650, n=0x555555c1da80) at eval.c:277 ruby#46 0x0000555555641d62 in ruby_run_node (n=0x555555c1da80) at eval.c:335 ruby#47 0x000055555557a188 in main (argc=11, argv=0x7fffffffc848) at main.c:50 (gdb) fr 7 #7 0x0000555555666987 in newobj_init (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:2134 2134 if (rgengc_remembered(objspace, (VALUE)obj)) rb_bug("newobj: %s is remembered.", obj_info(obj)); (gdb) p ((struct RVALUE*)obj)->file $1 = 0x65a5992b0fb25ce7 <error: Cannot access memory at address 0x65a5992b0fb25ce7> (gdb) ```
shyouhei
pushed a commit
that referenced
this pull request
Jun 11, 2020
This reverts commit 02b216e. This reverts commit 9b8825b. I found that combining sweep and move is not safe. I don't think that we can do compaction concurrently with _anything_ unless there is a read barrier installed. Here is a simple example. A class object is freed, and during it's free step, it tries to remove itself from its parent's subclass list. However, during the sweep step, the parent class was moved and the "currently being freed" class didn't have references updated yet. So we get a segv like this: ``` (lldb) bt * thread #1, name = 'ruby', stop reason = signal SIGSEGV * frame #0: 0x0000560763e344cb ruby`rb_st_lookup at st.c:320:43 frame #1: 0x0000560763e344cb ruby`rb_st_lookup(tab=0x2f7469672f6e6f72, key=3809, value=0x0000560765bf2270) at st.c:1010 frame #2: 0x0000560763e8f16a ruby`rb_search_class_path at variable.c:99:9 frame #3: 0x0000560763e8f141 ruby`rb_search_class_path at variable.c:145 frame #4: 0x0000560763e8f141 ruby`rb_search_class_path(klass=94589785585880) at variable.c:191 frame #5: 0x0000560763ec744e ruby`rb_vm_bugreport at vm_dump.c:996:17 frame #6: 0x0000560763f5b958 ruby`rb_bug_for_fatal_signal at error.c:675:5 frame #7: 0x0000560763e27dad ruby`sigsegv(sig=<unavailable>, info=<unavailable>, ctx=<unavailable>) at signal.c:955:5 frame #8: 0x00007f8b891d33c0 libpthread.so.0`___lldb_unnamed_symbol1$$libpthread.so.0 + 1 frame #9: 0x0000560763efa8bb ruby`rb_class_remove_from_super_subclasses(klass=94589790314280) at class.c:93:56 frame #10: 0x0000560763d10cb7 ruby`gc_sweep_step at gc.c:2674:2 frame #11: 0x0000560763d1187b ruby`gc_sweep at gc.c:4540:2 frame #12: 0x0000560763d101f0 ruby`gc_start at gc.c:6797:6 frame #13: 0x0000560763d15153 ruby`rb_gc_compact at gc.c:7479:12 frame ruby#14: 0x0000560763eb4eb8 ruby`vm_exec_core at vm_insnhelper.c:5183:13 frame ruby#15: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame ruby#16: 0x0000560763eac08d ruby`rb_yield at vm.c:1132:9 frame ruby#17: 0x0000560763edb4f2 ruby`rb_ary_collect at array.c:3186:9 frame ruby#18: 0x0000560763e9ee15 ruby`vm_call_cfunc_with_frame at vm_insnhelper.c:2575:12 frame ruby#19: 0x0000560763eb2e66 ruby`vm_exec_core at vm_insnhelper.c:4177:11 frame #20: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame ruby#21: 0x0000560763eac08d ruby`rb_yield at vm.c:1132:9 frame ruby#22: 0x0000560763edb4f2 ruby`rb_ary_collect at array.c:3186:9 frame ruby#23: 0x0000560763e9ee15 ruby`vm_call_cfunc_with_frame at vm_insnhelper.c:2575:12 frame ruby#24: 0x0000560763eb2e66 ruby`vm_exec_core at vm_insnhelper.c:4177:11 frame ruby#25: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame ruby#26: 0x0000560763ceee01 ruby`rb_ec_exec_node(ec=0x0000560765afa530, n=0x0000560765b088e0) at eval.c:296:2 frame ruby#27: 0x0000560763cf3b7b ruby`ruby_run_node(n=0x0000560765b088e0) at eval.c:354:12 frame ruby#28: 0x0000560763cee4a3 ruby`main(argc=<unavailable>, argv=<unavailable>) at main.c:50:9 frame ruby#29: 0x00007f8b88e560b3 libc.so.6`__libc_start_main + 243 frame ruby#30: 0x0000560763cee4ee ruby`_start + 46 (lldb) f 9 frame #9: 0x0000560763efa8bb ruby`rb_class_remove_from_super_subclasses(klass=94589790314280) at class.c:93:56 90 91 *RCLASS_EXT(klass)->parent_subclasses = entry->next; 92 if (entry->next) { -> 93 RCLASS_EXT(entry->next->klass)->parent_subclasses = RCLASS_EXT(klass)->parent_subclasses; 94 } 95 xfree(entry); 96 } (lldb) command script import -r misc/lldb_cruby.py lldb scripts for ruby has been installed. (lldb) rp entry->next->klass (struct RMoved) $1 = (flags = 30, destination = 94589792806680, next = 94589784369160) (lldb) ```
shyouhei
pushed a commit
that referenced
this pull request
Jul 28, 2020
eliminate use of freed memory rb_io_fptr_finalize_internal frees the memory region. ================================================================= ==85264==ERROR: AddressSanitizer: heap-use-after-free on address 0x610000000d8c at pc 0x5608e38077f7 bp 0x7ffee12d5440 sp 0x7ffee12d5438 READ of size 4 at 0x610000000d8c thread T0 #0 0x5608e38077f6 in rb_io_memsize io.c:4749:24 #1 0x5608e37a0481 in obj_memsize_of gc.c:3547:14 #2 0x5608e37a4f30 in check_rvalue_consistency gc.c:1107:2 #3 0x5608e37a2624 in RVALUE_OLD_P gc.c:1218:5 #4 0x5608e37a5bae in rb_gc_force_recycle gc.c:6652:18 #5 0x5608e38191f9 in rb_f_backquote io.c:9021:5 #6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 #7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 #8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 #9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 #10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 #11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 #12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 #13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#19 0x5608e35c9486 in main main.c:42:9 #20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 ruby#21 0x5608e3522289 in _start (miniruby+0x15f289) 0x610000000d8c is located 76 bytes inside of 192-byte region [0x610000000d40,0x610000000e00) freed by thread T0 here: #0 0x5608e359a2ed in free (miniruby+0x1d72ed) #1 0x5608e37af421 in objspace_xfree gc.c:9591:5 #2 0x5608e37af3da in ruby_sized_xfree gc.c:9687:2 #3 0x5608e3799ac8 in ruby_xfree gc.c:9694:5 #4 0x5608e380746d in rb_io_fptr_finalize_internal io.c:4728:5 #5 0x5608e38191ed in rb_f_backquote io.c:9020:5 #6 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 #7 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 #8 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 #9 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 #10 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 #11 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 #12 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 #13 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#14 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#15 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 ruby#16 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#17 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#18 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#19 0x5608e35c9486 in main main.c:42:9 #20 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 previously allocated by thread T0 here: #0 0x5608e359a56d in malloc (miniruby+0x1d756d) #1 0x5608e37aed12 in objspace_xmalloc0 gc.c:9416:5 #2 0x5608e37aebe7 in ruby_xmalloc0 gc.c:9600:12 #3 0x5608e37aea8b in ruby_xmalloc_body gc.c:9609:12 #4 0x5608e37a6d64 in ruby_xmalloc gc.c:11469:12 #5 0x5608e380e4b4 in rb_io_fptr_new io.c:8040:19 #6 0x5608e380e446 in rb_io_make_open_file io.c:8077:10 #7 0x5608e3850ea0 in pipe_open io.c:6707:5 #8 0x5608e384edb4 in pipe_open_s io.c:6772:12 #9 0x5608e381910b in rb_f_backquote io.c:9014:12 #10 0x5608e3d8aa14 in call_cfunc_1 vm_insnhelper.c:2058:12 #11 0x5608e3d6e23d in vm_call_cfunc_with_frame vm_insnhelper.c:2211:11 #12 0x5608e3d54a35 in vm_call_cfunc vm_insnhelper.c:2229:12 #13 0x5608e3d5253b in vm_call_method_each_type vm_insnhelper.c:2564:9 ruby#14 0x5608e3d51f50 in vm_call_method vm_insnhelper.c:2701:13 ruby#15 0x5608e3cf2de4 in vm_call_general vm_insnhelper.c:2734:12 ruby#16 0x5608e3d79918 in vm_sendish vm_insnhelper.c:3627:11 ruby#17 0x5608e3d06cf5 in vm_exec_core insns.def:789:11 ruby#18 0x5608e3d43700 in rb_vm_exec vm.c:1892:22 ruby#19 0x5608e3d47cbf in rb_iseq_eval_main vm.c:2151:11 #20 0x5608e37620ca in ruby_exec_internal eval.c:262:2 ruby#21 0x5608e376198b in ruby_exec_node eval.c:326:12 ruby#22 0x5608e37617d0 in ruby_run_node eval.c:318:25 ruby#23 0x5608e35c9486 in main main.c:42:9 ruby#24 0x7f62e9421b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 SUMMARY: AddressSanitizer: heap-use-after-free io.c:4749:24 in rb_io_memsize Shadow bytes around the buggy address: 0x0c207fff8160: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c207fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c207fff8180: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c207fff8190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c207fff81a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x0c207fff81b0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c207fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff81f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c207fff8200: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==85264==ABORTING git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67710 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
shyouhei
pushed a commit
that referenced
this pull request
Apr 23, 2021
This commit adds a check on the ep just like in the mark function. The env can contain null bytes if allocation tracing is enabled. We're seeing errors during autocompaction like this: ``` (lldb) bt 40 * thread #1, name = 'ruby', stop reason = signal SIGABRT frame #0: 0x00007f7d64b6018b libc.so.6`raise + 203 frame #1: 0x00007f7d64b3f859 libc.so.6`abort + 299 frame #2: 0x000055af5f2fefc9 ruby`die at error.c:764:5 frame #3: 0x000055af5f2ff1ac ruby`rb_bug_for_fatal_signal(default_sighandler=0x0000000000000000, sig=11, ctx=0x000055af60bc3340, fmt="") at error.c:804:5 frame #4: 0x000055af5f4bd08f ruby`sigsegv(sig=11, info=0x000055af60bc3470, ctx=0x000055af60bc3340) at signal.c:960:5 frame #5: 0x00007f7d64ebe3c0 libpthread.so.0`__restore_rt frame #6: 0x000055af5f339b0a ruby`gc_ref_update_imemo(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9046:13 frame #7: 0x000055af5f339172 ruby`gc_update_object_references(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9307:9 frame #8: 0x000055af5f338e79 ruby`gc_ref_update(vstart=0x00007f7d5b510010, vend=0x00007f7d5b513ff8, stride=40, objspace=0x000055af60b2b040, page=0x000055af62577aa0) at gc.c:9452:21 frame #9: 0x000055af5f337846 ruby`gc_update_references(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:9481:9 frame #10: 0x000055af5f336569 ruby`gc_compact_finish(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:4840:5 frame #11: 0x000055af5f335efb ruby`gc_page_sweep(objspace=0x000055af60b2b040, heap=0x000055af60b2b068, sweep_page=0x000055af63a1eb30) at gc.c:5046:13 frame #12: 0x000055af5f3355c5 ruby`gc_sweep_step(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:5214:19 frame #13: 0x000055af5f33daf6 ruby`gc_sweep_rest(objspace=0x000055af60b2b040) at gc.c:5271:2 frame ruby#14: 0x000055af5f33cacd ruby`gc_sweep(objspace=0x000055af60b2b040) at gc.c:5389:2 frame ruby#15: 0x000055af5f33c21d ruby`gc_marks_rest(objspace=0x000055af60b2b040) at gc.c:7555:5 frame ruby#16: 0x000055af5f324d41 ruby`gc_rest(objspace=0x000055af60b2b040) at gc.c:8457:13 frame ruby#17: 0x000055af5f3297d8 ruby`garbage_collect(objspace=0x000055af60b2b040, reason=45568) at gc.c:8318:9 frame ruby#18: 0x000055af5f344ece ruby`garbage_collect_with_gvl(objspace=0x000055af60b2b040, reason=45568) at gc.c:8632:9 frame ruby#19: 0x000055af5f344e61 ruby`objspace_malloc_gc_stress(objspace=0x000055af60b2b040) at gc.c:10592:9 frame #20: 0x000055af5f32ced1 ruby`objspace_xmalloc0(objspace=0x000055af60b2b040, size=64) at gc.c:10767:5 frame ruby#21: 0x000055af5f32ce11 ruby`ruby_xmalloc0(size=64) at gc.c:10988:12 frame ruby#22: 0x000055af5f32cdac ruby`ruby_xmalloc_body(size=64) at gc.c:10997:12 frame ruby#23: 0x000055af5f329415 ruby`ruby_xmalloc(size=64) at gc.c:12942:12 frame ruby#24: 0x00007f7d611c4fe5 objspace.so`newobj_i(tpval=0x00007f7d5b553770, data=0x000055af639031a0) at object_tracing.c:101:35 frame ruby#25: 0x000055af5f5b283f ruby`tp_call_trace(tpval=0x00007f7d5b553770, trace_arg=0x00007fff1016d398) at vm_trace.c:1115:2 frame ruby#26: 0x000055af5f5b50ec ruby`exec_hooks_body(ec=0x000055af60b2b700, list=0x000055af60b2b920, trace_arg=0x00007fff1016d398) at vm_trace.c:304:3 frame ruby#27: 0x000055af5f5b0f24 ruby`exec_hooks_unprotected(ec=0x000055af60b2b700, list=0x000055af60b2b920, trace_arg=0x00007fff1016d398) at vm_trace.c:333:5 frame ruby#28: 0x000055af5f5b0da8 ruby`rb_exec_event_hooks(trace_arg=0x00007fff1016d398, hooks=0x000055af60b2b920, pop_p=0) at vm_trace.c:378:13 frame ruby#29: 0x000055af5f33f8e2 ruby`rb_exec_event_hook_orig(ec=0x000055af60b2b700, hooks=0x000055af60b2b920, flag=1048576, self=0x00007f7d5b5c08c0, id=0, called_id=0, klass=0x0000000000000000, data=0x00007f7d5b513fd0, pop_p=0) at vm_core.h:1989:5 frame ruby#30: 0x000055af5f334975 ruby`gc_event_hook_body(ec=0x000055af60b2b700, objspace=0x000055af60b2b040, event=1048576, data=0x00007f7d5b513fd0) at gc.c:2083:5 * frame ruby#31: 0x000055af5f3342df ruby`newobj_slowpath_wb_protected [inlined] newobj_slowpath(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910, wb_protected=1) at gc.c:2284:9 frame ruby#32: 0x000055af5f33410f ruby`newobj_slowpath_wb_protected(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910) at gc.c:2299 frame ruby#33: 0x000055af5f333de9 ruby`newobj_of0(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, wb_protected=1, cr=0x000055af60b2b910) at gc.c:2338:11 frame ruby#34: 0x000055af5f3227ae ruby`newobj_of(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, v1=0x000055af657d88a0, v2=0x000055af657d8890, v3=0x0000000000000000, wb_protected=1) at gc.c:2348:17 frame ruby#35: 0x000055af5f322c5b ruby`rb_imemo_new(type=imemo_env, v1=0x000055af657d88a0, v2=0x000055af657d8890, v3=0x0000000000000000, v0=0x00007f7d5b9d19c8) at gc.c:2434:12 frame ruby#36: 0x000055af5f5a3925 ruby`vm_env_new(env_ep=0x000055af657d88a0, env_body=0x000055af657d8890, env_size=4, iseq=0x00007f7d5b9d19c8) at vm_core.h:1363:33 frame ruby#37: 0x000055af5f5a3808 ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fc90) at vm.c:801:11 frame ruby#38: 0x000055af5f5a368d ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fc20) at vm.c:752:13 frame ruby#39: 0x000055af5f5a368d ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fbb0) at vm.c:752:13 (lldb) f 31 frame ruby#31: 0x000055af5f3342df ruby`newobj_slowpath_wb_protected [inlined] newobj_slowpath(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910, wb_protected=1) at gc.c:2284:9 2281 } 2282 GC_ASSERT(obj != 0); 2283 newobj_init(klass, flags, wb_protected, objspace, obj); -> 2284 gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_fill(obj, 0, 0, 0)); 2285 } 2286 RB_VM_LOCK_LEAVE_CR_LEV(cr, &lev); 2287 (lldb) p obj (VALUE) $3 = 0x00007f7d5b513fd0 (lldb) f 6 frame #6: 0x000055af5f339b0a ruby`gc_ref_update_imemo(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9046:13 9043 { 9044 rb_env_t *env = (rb_env_t *)obj; 9045 TYPED_UPDATE_IF_MOVED(objspace, rb_iseq_t *, env->iseq); -> 9046 UPDATE_IF_MOVED(objspace, env->ep[VM_ENV_DATA_INDEX_ENV]); 9047 gc_update_values(objspace, (long)env->env_size, (VALUE *)env->env); 9048 } 9049 break; (lldb) p obj (VALUE) $4 = 0x00007f7d5b513fd0 (lldb) ```
shyouhei
pushed a commit
that referenced
this pull request
Oct 22, 2021
This script is an lldb helper that just loops through all the comments stored and prints out the comment along with the address corresponding to the comment. For example, I'm crashing in JIT code at address 0x0000000110000168. Using the `lc` helper I can see that it's probably crashing inside the exit back to the interpreter ``` (lldb) bt 5 * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x22220021) frame #0: 0x0000000110000168 * frame #1: 0x00000001002b5ff5 miniruby`invoke_block_from_c_bh [inlined] invoke_block(ec=0x0000000100e05350, iseq=0x0000000100c1ff10, self=0x0000000100c76cc0, captured=<unavailable>, cref=0x0000000000000000, type=<unavailable>, opt_pc=<unavailable>) at vm.c:1268:12 frame #2: 0x00000001002b5f7d miniruby`invoke_block_from_c_bh [inlined] invoke_iseq_block_from_c(ec=<unavailable>, captured=<unavailable>, self=0x0000000100c76cc0, argc=2, argv=<unavailable>, kw_splat=0, passed_block_handler=0x0000000000000000, cref=0x0000000000000000, is_lambda=<unavailable>, me=0x0000000000000000) at vm.c:1340 frame #3: 0x00000001002b5e14 miniruby`invoke_block_from_c_bh(ec=<unavailable>, block_handler=<unavailable>, argc=<unavailable>, argv=<unavailable>, kw_splat=0, passed_block_handler=0x0000000000000000, cref=0x0000000000000000, is_lambda=<unavailable>, force_blockarg=0) at vm.c:1358 frame #4: 0x000000010029860b miniruby`rb_yield_values(n=<unavailable>) at vm_eval.c:0 (lldb) lc 0x11000006d "putobject_INT2FIX_1_" 0x110000083 "leave" 0x110000087 "check for interrupts" 0x110000087 "RUBY_VM_CHECK_INTS(ec)" 0x110000098 "check for finish frame" 0x1100000ed "getlocal_WC_0" 0x110000107 "getlocal_WC_1" 0x11000012a "opt_send_without_block" 0x110000139 "opt_send_without_block" 0x11000013c "exit to interpreter" ```
shyouhei
pushed a commit
that referenced
this pull request
Aug 24, 2023
[Bug #19793]
Dummy frames are created at the top level when requiring another file.
While requiring a file, it will try to convert using encodings. Some of
these encodings will not respond to to_str. If method_missing is
redefined on Object, then it will call method_missing and attempt raise
an error. However, the iseq is invalid as it's a dummy frame so it will
write an invalid iseq to the created NoMethodError.
The following script crashes:
```
GC.stress = true
class Object
public :method_missing
end
File.write("/tmp/empty.rb", "")
require "/tmp/empty.rb"
```
With the following backtrace:
```
frame #0: 0x00000001000fa8b8 miniruby`RVALUE_MARKED(obj=4308637824) at gc.c:1638:12
frame #1: 0x00000001000fb440 miniruby`RVALUE_BLACK_P(obj=4308637824) at gc.c:1763:12
frame #2: 0x00000001000facdc miniruby`gc_writebarrier_incremental(a=4308637824, b=4308332208, objspace=0x000000010180b000) at gc.c:8822:9
frame #3: 0x00000001000faad8 miniruby`rb_gc_writebarrier(a=4308637824, b=4308332208) at gc.c:8864:17
frame #4: 0x000000010016aff0 miniruby`rb_obj_written(a=4308637824, oldv=36, b=4308332208, filename="../iseq.c", line=1279) at gc.h:804:9
frame #5: 0x0000000100162a60 miniruby`rb_obj_write(a=4308637824, slot=0x0000000100d09888, b=4308332208, filename="../iseq.c", line=1279) at gc.h:837:5
frame #6: 0x0000000100165b0c miniruby`iseqw_new(iseq=0x0000000100d09880) at iseq.c:1279:9
frame #7: 0x0000000100165a64 miniruby`rb_iseqw_new(iseq=0x0000000100d09880) at iseq.c:1289:12
frame #8: 0x00000001000d8324 miniruby`name_err_init_attr(exc=4309777920, recv=4304780496, method=827660) at error.c:1830:35
frame #9: 0x00000001000d1b80 miniruby`name_err_init(exc=4309777920, mesg=4308332496, recv=4304780496, method=827660) at error.c:1869:12
frame #10: 0x00000001000d1bd4 miniruby`rb_nomethod_err_new(mesg=4308332496, recv=4304780496, method=827660, args=4308332448, priv=0) at error.c:1957:5
frame #11: 0x000000010039049c miniruby`rb_make_no_method_exception(exc=4304914512, format=4308332496, obj=4304780496, argc=1, argv=0x000000016fdfab00, priv=0) at vm_eval.c:959:16
frame #12: 0x00000001003b3274 miniruby`raise_method_missing(ec=0x0000000100b06f40, argc=1, argv=0x000000016fdfab00, obj=4304780496, last_call_status=MISSING_NOENTRY) at vm_eval.c:999:15
frame #13: 0x00000001003945d4 miniruby`rb_method_missing(argc=1, argv=0x000000016fdfab00, obj=4304780496) at vm_eval.c:944:5
...
frame ruby#23: 0x000000010038f5e4 miniruby`rb_vm_call_kw(ec=0x0000000100b06f40, recv=4304780496, id=2865, argc=1, argv=0x000000016fdfab00, me=0x0000000100cbfcf0, kw_splat=0) at vm_eval.c:326:12
frame ruby#24: 0x00000001003c18e4 miniruby`call_method_entry(ec=0x0000000100b06f40, defined_class=4304927952, obj=4304780496, id=2865, cme=0x0000000100cbfcf0, argc=1, argv=0x000000016fdfab00, kw_splat=0) at vm_method.c:2720:20
frame ruby#25: 0x00000001003c440c miniruby`check_funcall_exec(v=6171896792) at vm_eval.c:589:12
frame ruby#26: 0x00000001000dec00 miniruby`rb_vrescue2(b_proc=(miniruby`check_funcall_exec at vm_eval.c:587), data1=6171896792, r_proc=(miniruby`check_funcall_failed at vm_eval.c:596), data2=6171896792, args="Pȗ") at eval.c:919:18
frame ruby#27: 0x00000001000deab0 miniruby`rb_rescue2(b_proc=(miniruby`check_funcall_exec at vm_eval.c:587), data1=6171896792, r_proc=(miniruby`check_funcall_failed at vm_eval.c:596), data2=6171896792) at eval.c:900:17
frame ruby#28: 0x000000010039008c miniruby`check_funcall_missing(ec=0x0000000100b06f40, klass=4304923536, recv=4304780496, mid=3233, argc=0, argv=0x0000000000000000, respond=-1, def=36, kw_splat=0) at vm_eval.c:666:15
frame ruby#29: 0x000000010038fa60 miniruby`rb_check_funcall_default_kw(recv=4304780496, mid=3233, argc=0, argv=0x0000000000000000, def=36, kw_splat=0) at vm_eval.c:703:21
frame ruby#30: 0x000000010038fb04 miniruby`rb_check_funcall(recv=4304780496, mid=3233, argc=0, argv=0x0000000000000000) at vm_eval.c:685:12
frame ruby#31: 0x00000001001c469c miniruby`convert_type_with_id(val=4304780496, tname="String", method=3233, raise=0, index=-1) at object.c:3061:15
frame ruby#32: 0x00000001001c4a4c miniruby`rb_check_convert_type_with_id(val=4304780496, type=5, tname="String", method=3233) at object.c:3153:9
frame ruby#33: 0x00000001002d59f8 miniruby`rb_check_string_type(str=4304780496) at string.c:2571:11
frame ruby#34: 0x000000010014b7b0 miniruby`io_encoding_set(fptr=0x0000000100d09ca0, v1=4304780496, v2=4, opt=4) at io.c:11655:19
frame ruby#35: 0x0000000100139a58 miniruby`rb_io_set_encoding(argc=1, argv=0x000000016fdfb450, io=4308334032) at io.c:13497:5
frame ruby#36: 0x00000001003c0004 miniruby`ractor_safe_call_cfunc_m1(recv=4308334032, argc=1, argv=0x000000016fdfb450, func=(miniruby`rb_io_set_encoding at io.c:13487)) at vm_insnhelper.c:3271:12
...
frame ruby#43: 0x0000000100390b08 miniruby`rb_funcall(recv=4308334032, mid=16593, n=1) at vm_eval.c:1137:12
frame ruby#44: 0x00000001002a43d8 miniruby`load_file_internal(argp_v=6171899936) at ruby.c:2500:5
...
```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
I'm attempting to get 1.9.2 packaged for OpenCSW and the test suite was failing on the use of LOG_PERROR in the syslog test suite (among other places). The two patches on this branch address the problems adequately, I believe.
Thanks
-Ben