New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
YJIT: Protect strings from GC on String#<< #7466
Conversation
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
Maybe a noob question but shouldn't a bugfix like this with a somewhat esoteric fix have a breaking test? |
That's a fair point. We'll accept a PR if you can find one :) It would involve triggering GC during string concat, maybe with a very large string, or lots of repeated concatenation. |
Actually I tried to write one: original = (('a'..'z').to_a * 100).join
buf0 = ''
buf1 = ''
GC.stress = true
original.size.times do |i|
buf0 << original[i]
buf1 << original[i]
end
p(original == buf0)
p(original == buf1) and failed. You probably need to find an operation that are likely to (not just could) overwrite freed space with random bytes, but I can't think of one right now. It's possible to copy original code of rubylib even while it's a gem, but it was too rare to reproduce even with the original code in a few iterations. So we need to come up with something else. |
Hmm, but actually, let me try your code rubyzip/rubyzip#550 first. I've overlooked that PR. |
Ah I thought you meant "non-indeterministic" but it was actually "non-deterministic". I tried it but it doesn't seem to reproduce the issue with a few attempts. We need something else. |
Yes, I failed to provide a repro -- unfortunately i ate through my budget of investigating this but perhaps the reason it happens on my machine / CI is that it's running in a rake task of a large rails app with the Rails environment fully loaded with much higher memory pressure. Not sure the best way to simulate that. |
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
YJIT: Protect strings from GC on String#<< (ruby#7466) Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com> --- yjit/src/codegen.rs | 3 +++ 1 file changed, 3 insertions(+)
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com>
I have been seeing non-deterministic failures running `chromedriver` in GitHub Actions with Ruby 3.2.1 and the YJIT compiler same as: titusfortner/webdrivers#245 This was caused by an issue in rubyzip here: Shopify/yjit#310 And fixed in Ruby here: ruby/ruby#7466
I have been seeing non-deterministic failures running `chromedriver` in GitHub Actions with Ruby 3.2.1 and the YJIT compiler same as: titusfortner/webdrivers#245 This was caused by an issue in rubyzip here: Shopify/yjit#310 And fixed in Ruby here: ruby/ruby#7466 #209
…Backport #19483] YJIT: Protect strings from GC on String#<< (#7466) Fix Shopify/yjit#310 [Bug #19483] Co-authored-by: Maxime Chevalier-Boisvert <maxime.chevalierboisvert@shopify.com> Co-authored-by: Jimmy Miller <jimmy.miller@shopify.com> --- yjit/src/codegen.rs | 3 +++ 1 file changed, 3 insertions(+) YJIT: Save PC on rb_str_concat (#7586) [Bug #19483] Co-authored-by: Alan Wu <alansi.xingwu@shopify.com> --- test/ruby/test_yjit.rb | 19 +++++++++++++++++++ yjit/src/codegen.rs | 6 ++++-- 2 files changed, 23 insertions(+), 2 deletions(-)
Fix Shopify/yjit#310
[Bug #19483]
rb_str_buf_append
may allocate when a buffer needs to be reallocated. At that point, string objects could be freed and random bytes could be written to the string content. We needgen_save_sp
to let GC scan and mark those objects.