YJIT: Protect strings from GC on String#<< #7466
Conversation
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
|
Maybe a noob question but shouldn't a bugfix like this with a somewhat esoteric fix have a breaking test? |
That's a fair point. We'll accept a PR if you can find one :) It would involve triggering GC during string concat, maybe with a very large string, or lots of repeated concatenation. |
|
Actually I tried to write one: original = (('a'..'z').to_a * 100).join
buf0 = ''
buf1 = ''
GC.stress = true
original.size.times do |i|
buf0 << original[i]
buf1 << original[i]
end
p(original == buf0)
p(original == buf1)and failed. You probably need to find an operation that are likely to (not just could) overwrite freed space with random bytes, but I can't think of one right now. It's possible to copy original code of rubylib even while it's a gem, but it was too rare to reproduce even with the original code in a few iterations. So we need to come up with something else. |
|
Hmm, but actually, let me try your code rubyzip/rubyzip#550 first. I've overlooked that PR. |
|
Ah I thought you meant "non-indeterministic" but it was actually "non-deterministic". I tried it but it doesn't seem to reproduce the issue with a few attempts. We need something else. |
|
Yes, I failed to provide a repro -- unfortunately i ate through my budget of investigating this but perhaps the reason it happens on my machine / CI is that it's running in a rake task of a large rails app with the Rails environment fully loaded with much higher memory pressure. Not sure the best way to simulate that. |
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
YJIT: Protect strings from GC on String#<< (ruby#7466) Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com> --- yjit/src/codegen.rs | 3 +++ 1 file changed, 3 insertions(+)
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
I have been seeing non-deterministic failures running `chromedriver` in GitHub Actions with Ruby 3.2.1 and the YJIT compiler same as: titusfortner/webdrivers#245 This was caused by an issue in rubyzip here: Shopify/yjit#310 And fixed in Ruby here: ruby/ruby#7466
I have been seeing non-deterministic failures running `chromedriver` in GitHub Actions with Ruby 3.2.1 and the YJIT compiler same as: titusfortner/webdrivers#245 This was caused by an issue in rubyzip here: Shopify/yjit#310 And fixed in Ruby here: ruby/ruby#7466 #209
…Backport #19483] YJIT: Protect strings from GC on String#<< (#7466) Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com> --- yjit/src/codegen.rs | 3 +++ 1 file changed, 3 insertions(+) YJIT: Save PC on rb_str_concat (#7586) [Bug #19483] Co-authored-by: Alan Wu <alansi.xingwu@shopify.com> --- test/ruby/test_yjit.rb | 19 +++++++++++++++++++ yjit/src/codegen.rs | 6 ++++-- 2 files changed, 23 insertions(+), 2 deletions(-)
Fix Shopify/yjit#310
[Bug #19483]
rb_str_buf_appendmay allocate when a buffer needs to be reallocated. At that point, string objects could be freed and random bytes could be written to the string content. We needgen_save_spto let GC scan and mark those objects.