ruby.git/bootstraptest/test_yjit.rb, branch v3_4_9 The Ruby Programming Language merge revision(s) 9168cad4d63a5d281d443bde4edea6be213b0b25: [Backport #21266] 2025-12-16T23:53:40+00:00 Takashi Kokubun takashikkbn@gmail.com 2025-12-16T23:53:40+00:00 d8f087b581735ec250b8671c3574fa4d5b16ae54 [PATCH] YJIT: Bail out if proc would be stored above stack top Fixes [Bug #21266]. 
	[PATCH] YJIT: Bail out if proc would be stored above stack top

	Fixes [Bug #21266].
YJIT: Fix panic from overly loose filtering in identity method inlining 2025-12-12T23:43:41+00:00 Alan Wu XrXr@users.noreply.github.com 2025-12-12T23:00:18+00:00 f19e9c6699150d56853ba1a33f6149d7588c8478 Credits to @rwstauner for noticing this issue in GH-15533. 
Credits to @rwstauner for noticing this issue in GH-15533.
YJIT: Add missing local variable type update for fallback setlocal blocks 2025-12-12T23:43:41+00:00 Alan Wu XrXr@users.noreply.github.com 2025-12-12T18:42:00+00:00 628a94104768b294ae8068c7bb39ab9e495fdd94 Previously, the chain_depth>0 version of setlocal blocks did not update the type of the local variable in the context. This can leave the context with stale type information and trigger or lead to miscompilation. To trigger the issue, YJIT needs to see the same ISEQ before and after environment escape and have tracked type info before the escape. To trigger in ISEQs that do not send with a block, it probably requires Kernel#binding or the use of include/ruby/debug.h APIs. [Backport #21772] 
Previously, the chain_depth>0 version of setlocal blocks did not
update the type of the local variable in the context. This can leave
the context with stale type information and trigger or lead to miscompilation.

To trigger the issue, YJIT needs to see the same ISEQ before and after
environment escape and have tracked type info before the escape. To
trigger in ISEQs that do not send with a block, it probably requires
Kernel#binding or the use of include/ruby/debug.h APIs.

[Backport #21772]
YJIT: Abort expandarray optimization if method_missing is defined 2025-12-01T17:45:35+00:00 Randy Stauner randy@r4s6.net 2025-11-26T02:29:02+00:00 28b2e2ede97b569c2f6121e7808975fbd5c6f298 Fixes: [Bug #21707] [AW: rewrote comments] Co-authored-by: Alan Wu <alanwu@ruby-lang.org> 
Fixes: [Bug #21707]
[AW: rewrote comments]
Co-authored-by: Alan Wu <alanwu@ruby-lang.org>
YJIT: Fix stack handling in rb_str_dup 2025-11-14T18:07:34+00:00 John Hawthorn john@hawthorn.email 2025-11-13T20:01:55+00:00 0b559eab0447905a784092824e5ea0999018cd01 Previously because we did a stack_push before ccall, in some cases we could end up pushing an uninitialized value to the VM stack when spilling regs as part of the ccall. Co-authored-by: Luke Gruber <luke.gru@gmail.com> 
Previously because we did a stack_push before ccall, in some cases we
could end up pushing an uninitialized value to the VM stack when
spilling regs as part of the ccall.

Co-authored-by: Luke Gruber <luke.gru@gmail.com>
YJIT: Fix `defined?(yield)` and `block_given?` at top level 2025-10-22T20:53:20+00:00 Alan Wu XrXr@users.noreply.github.com 2025-08-13T16:39:06+00:00 3afa38d0ee34a453d7c53d4512a8f14d25d23f57 Previously, YJIT returned truthy for the block given query at the top level. That's incorrect because the top level script never receives a block, and `yield` is a syntax error there. Inside methods, the number of hops to get from `iseq` to `iseq->body->local_iseq` is the same as the number of `VM_ENV_PREV_EP(ep)` hops to get to an environment with `VM_ENV_FLAG_LOCAL`. YJIT and the interpreter both rely on this as can be seen in get_lvar_level(). However, this identity does not hold for the top level frame because of `vm_set_eval_stack()`, which sets up `TOPLEVEL_BINDING`. Since only methods can take a block that `yield` goes to, have ISEQs that are the child of a non-method ISEQ return falsy for the block given query. This fixes the issue for the top level script and is an optimization for non-method contexts such as inside `ISEQ_TYPE_CLASS`. 
Previously, YJIT returned truthy for the block given query at the top
level. That's incorrect because the top level script never receives a
block, and `yield` is a syntax error there.

Inside methods, the number of hops to get from `iseq` to
`iseq->body->local_iseq` is the same as the number of
`VM_ENV_PREV_EP(ep)` hops to get to an environment with
`VM_ENV_FLAG_LOCAL`. YJIT and the interpreter both rely on this as can
be seen in get_lvar_level(). However, this identity does not hold for
the top level frame because of `vm_set_eval_stack()`, which sets up
`TOPLEVEL_BINDING`.

Since only methods can take a block that `yield` goes to, have ISEQs
that are the child of a non-method ISEQ return falsy for the block given
query. This fixes the issue for the top level script and is an
optimization for non-method contexts such as inside `ISEQ_TYPE_CLASS`.
YJIT: Fix potential infinite loop when OOM (GH-13186) 2025-04-28T16:23:33+00:00 Rian McGuire rian@rian.id.au 2025-04-28T12:50:29+00:00 50b1759be00713535c41f5650feb3967c533450a Avoid generating an infinite loop in the case where: 1. Block `first` is adjacent to block `second`, and the branch from `first` to `second` is a fallthrough, and 2. Block `second` immediately exits to the interpreter, and 3. Block `second` is invalidated and YJIT is OOM While pondering how to fix this, I think I've stumbled on another related edge case: 1. Block `incoming_one` and `incoming_two` both branch to block `second`. Block `incoming_one` has a fallthrough 2. Block `second` immediately exits to the interpreter (so it starts with its exit) 3. When Block `second` is invalidated, the incoming fallthrough branch from `incoming_one` might be rewritten first, which overwrites the start of block `second` with a jump to a new branch stub. 4. YJIT runs of out memory 5. The incoming branch from `incoming_two` is then rewritten, but because we're OOM we can't generate a new stub, so we use `second`'s exit as the branch target. However `second`'s exit was already overwritten with a jump to the branch stub for `incoming_one`, so `incoming_two` will end up jumping to `incoming_one`'s branch stub. Backport [Bug #21257] 
Avoid generating an infinite loop in the case where:
1. Block `first` is adjacent to block `second`, and the branch from `first` to
   `second` is a fallthrough, and
2. Block `second` immediately exits to the interpreter, and
3. Block `second` is invalidated and YJIT is OOM

While pondering how to fix this, I think I've stumbled on another related edge case:
1. Block `incoming_one` and `incoming_two` both branch to block `second`. Block
   `incoming_one` has a fallthrough
2. Block `second` immediately exits to the interpreter (so it starts with its exit)
3. When Block `second` is invalidated, the incoming fallthrough branch from
   `incoming_one` might be rewritten first, which overwrites the start of block
   `second` with a jump to a new branch stub.
4. YJIT runs of out memory
5. The incoming branch from `incoming_two` is then rewritten, but because we're
   OOM we can't generate a new stub, so we use `second`'s exit as the branch
   target. However `second`'s exit was already overwritten with a jump to the
   branch stub for `incoming_one`, so `incoming_two` will end up jumping to
   `incoming_one`'s branch stub.

Backport [Bug #21257]
YJIT: Filter `&` calls from specialized C method codegen 2025-02-14T01:46:14+00:00 Alan Wu XrXr@users.noreply.github.com 2025-01-09T00:07:07+00:00 294aef53b8c988f605001e4555d9532cefe8806d Evident with the crash reported in [Bug #20997], the C replacement codegen functions aren't authored to handle block arguments (nor should they because the extra code from the complexity defeats optimization). Filter sites with VM_CALL_ARGS_BLOCKARG. 
Evident with the crash reported in [Bug #20997], the C replacement
codegen functions aren't authored to handle block arguments (nor
should they because the extra code from the complexity defeats
optimization). Filter sites with VM_CALL_ARGS_BLOCKARG.
YJIT: Initialize locals in ISeqs defined with `...` 2025-02-14T01:44:58+00:00 Alan Wu XrXr@users.noreply.github.com 2025-01-28T21:13:28+00:00 706f1d0573f0b807bee4c0cc8937b8f5b9b24ebd Backport of GH-12660: Previously, callers of forwardable ISeqs moved the stack pointer up without writing to the stack. If there happens to be a stale value in the area skipped over, it could crash due to "try to mark T_NONE". Also, the uninitialized local variables were observable through `binding`. Initialize the locals to nil. [Bug #21021] 
Backport of GH-12660:

    Previously, callers of forwardable ISeqs moved the stack pointer up
    without writing to the stack. If there happens to be a stale value in
    the area skipped over, it could crash due to "try to mark T_NONE". Also,
    the uninitialized local variables were observable through `binding`.

    Initialize the locals to nil.

    [Bug #21021]
YJIT: Add crashing test for yielding keyword args 2025-02-14T01:37:38+00:00 Nick Dower nicholasdower@gmail.com 2025-01-02T16:24:55+00:00 cefa630bce3aea8317f09fe73c6439f67c42bb69 Code like the following is crashing for us on 3.4.1: ```ruby def a(&) = yield(x: 0) 1000.times { a { |x:| x } } ``` Crash: ``` ruby: YJIT has panicked. More info to follow... thread '<unnamed>' panicked at ./yjit/src/codegen.rs:8018:13: assertion `left == right` failed left: 0 right: 1 ``` Co-authored-by: Dani Acherkan <dtl.117@gmail.com> 
Code like the following is crashing for us on 3.4.1:

```ruby
def a(&) = yield(x: 0)

1000.times { a { |x:| x } }
```

Crash:

```
ruby: YJIT has panicked. More info to follow...
thread '<unnamed>' panicked at ./yjit/src/codegen.rs:8018:13:
assertion `left == right` failed
  left: 0
 right: 1
```

Co-authored-by: Dani Acherkan <dtl.117@gmail.com>