ruby.git/compile.c, branch v3_2_11 The Ruby Programming Language merge revision(s) e0d600ec190c64aff76cfcbd6009cffb927da166: [Backport #21012] 2025-01-25T05:37:41+00:00 nagachika nagachika@ruby-lang.org 2025-01-25T05:37:41+00:00 f9adaab928dff8dd7ecd4c560c288300a3c74880 Avoid opt_aset_with optimization inside multiple assignment Previously, since the opt_aset_with optimization was introduced, use of the opt_aset_with optimization inside multiple assignment would result in a segfault or incorrect instructions. Fixes [Bug #21012] Co-authored-by: Nobuyoshi Nakada <nobu.nakada@gmail.com> 
	Avoid opt_aset_with optimization inside multiple assignment

	Previously, since the opt_aset_with optimization was introduced,
	use of the opt_aset_with optimization inside multiple assignment
	would result in a segfault or incorrect instructions.

	Fixes [Bug #21012]

	Co-authored-by: Nobuyoshi Nakada <nobu.nakada@gmail.com>
merge revision(s) 992596fb7af18a7f472589a607d0eb3fbb03b49a: [Backport #20344] 2024-08-18T09:07:14+00:00 nagachika nagachika@ruby-lang.org 2024-08-18T09:07:14+00:00 21c708ee802e1a59901eccc6448e40e8f72189b8 Fix next inside block argument stack underflow [Bug #20344] Fix compile_next adding removable adjust label 
	Fix next inside block argument stack underflow

	[Bug #20344]
	Fix compile_next adding removable adjust label
merge revision(s) 1870505f478cc75993b296b7144a45137ace6937: [Backport #20651] [Backport #20571] 2024-08-18T02:19:09+00:00 nagachika nagachika@ruby-lang.org 2024-08-18T02:18:49+00:00 50399eebd96c76ce808ea4d84fe39693f585a531 Fix wrong unreachable chunk remove when jump destination label is unremovable 
	Fix wrong unreachable chunk remove when jump destination label is unremovable
merge revision(s) 2dd46bb82ffc4dff01d7ea70922f0e407acafb4e: [Backport #20468] 2024-07-20T03:53:25+00:00 nagachika nagachika@ruby-lang.org 2024-07-20T03:53:25+00:00 c10c73fd16f1b7c9b658afee2b1b53ecfaed4fa4 [Bug #20468] Fix safe navigation in `for` variable 
	[Bug #20468] Fix safe navigation in `for` variable
Fix inconsistent evaluation of keyword splat (#10959) 2024-06-15T04:02:26+00:00 Peter Zhu peter@peterzhu.ca 2024-06-10T23:05:58+00:00 b494ecfbc1b2a934d27233b7171c40adaa81e3c5 [Bug #20180] Backports #9624. 
[Bug #20180]

Backports #9624.
compile.c: use putspecialobject for RubyVM::FrozenCore 2024-06-15T03:58:19+00:00 Jean Boussier jean.boussier@gmail.com 2024-06-10T13:12:54+00:00 e0e1a0f502fe57e7e7e8cf643b8f141b4582d62d [Bug #20569] `putobject RubyVM::FrozenCore`, is not serializable, we have to use `putspecialobject VM_SPECIAL_OBJECT_VMCORE`. 
[Bug #20569]

`putobject RubyVM::FrozenCore`, is not serializable, we
have to use `putspecialobject VM_SPECIAL_OBJECT_VMCORE`.
merge revision(s) 6ebcf25de2859b5b6402b7e8b181066c32d0e0bf: [Backport #20036] 2023-12-02T08:58:03+00:00 nagachika nagachika@ruby-lang.org 2023-12-02T08:58:03+00:00 82d39cb846748cd7de618b34b818f34d2c077e7e GC guard catch_table_ary in iseq_set_exception_table The function iseq_set_exception_table allocates memory which can cause a GC compaction to run. Since catch_table_ary is not on the stack, it can be moved, which would make tptr incorrect. --- compile.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) 
	GC guard catch_table_ary in iseq_set_exception_table

	The function iseq_set_exception_table allocates memory which can cause
	a GC compaction to run. Since catch_table_ary is not on the stack, it
	can be moved, which would make tptr incorrect.
	---
	 compile.c | 10 +++++++---
	 1 file changed, 7 insertions(+), 3 deletions(-)
[Backport 3.2] Fix missing write barrier in iseq instruction list (#8431) 2023-09-16T05:17:20+00:00 Peter Zhu peter@peterzhu.ca 2023-09-16T05:17:20+00:00 a7335e11e354d1ee2e15233f32f087230069ad5c Fix missing write barrier in iseq instruction list [Bug #19880] There's a missing write barrier for operands in the iseq instruction list, which can cause crashes. It can be reproduced when Ruby is compiled with `-DRUBY_DEBUG_ENV=1`. Using the following command: ``` RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=0 RUBY_DEBUG=gc_stress ruby -w --disable=gems -Itool/lib -W0 test.rb ``` The following script crashes: ``` require "test/unit" ``` 
Fix missing write barrier in iseq instruction list

[Bug #19880]

There's a missing write barrier for operands in the iseq instruction
list, which can cause crashes.

It can be reproduced when Ruby is compiled with `-DRUBY_DEBUG_ENV=1`.
Using the following command:

```
RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=0 RUBY_DEBUG=gc_stress ruby -w --disable=gems -Itool/lib -W0 test.rb
```

The following script crashes:

```
require "test/unit"
```
 merge revision(s) 86de48e9f69b665ba9ffb5bdc5a181a3adb1a7b8: [Backport #19419] 2023-03-07T01:11:43+00:00 NARUSE, Yui naruse@airemix.jp 2023-03-07T01:11:43+00:00 f1cde05d99898f491c8e302ae74029468fdb6eb9 Remove ibf_dumper's WB_PROTECTED status It doesn't have the right write barriers in place. For example, there is rb_mark_set(dump->global_buffer.obj_table); in the mark function, but there is no corresponding write barrier when adding to the table in the `ibf_dump_object() -> ibf_table_find_or_insert() -> st_insert()` code path. To insert write barrier correctly, we need to store the T_STRUCT VALUE inside `struct ibf_dump`. Instead of doing that, let's just demote it to WB unproected for correctness. These dumper object are ephemeral so there is not a huge benefit for having them WB protected. Users of the bootsnap gem ran into crashes due to this issue: https://github.com/Shopify/bootsnap/issues/436 Fixes [Bug #19419] --- compile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) 
	Remove ibf_dumper's WB_PROTECTED status

	It doesn't have the right write barriers in place. For example, there is

	    rb_mark_set(dump->global_buffer.obj_table);

	in the mark function, but there is no corresponding write barrier when
	adding to the table in the
	`ibf_dump_object() -> ibf_table_find_or_insert() -> st_insert()` code path.

	To insert write barrier correctly, we need to store the T_STRUCT VALUE
	inside `struct ibf_dump`. Instead of doing that, let's just demote it
	to WB unproected for correctness. These dumper object are ephemeral so
	there is not a huge benefit for having them WB protected.

	Users of the bootsnap gem ran into crashes due to this issue:
	https://github.com/Shopify/bootsnap/issues/436

	Fixes [Bug #19419]
	---
	 compile.c | 2 +-
	 1 file changed, 1 insertion(+), 1 deletion(-)
merge revision(s) df6b72b8ff7af16a56fa48f3b4abb1d8850f4d1c: [Backport #19348] 2023-01-25T01:23:38+00:00 NARUSE, Yui naruse@airemix.jp 2023-01-25T01:23:38+00:00 0090cb82b0bf477c29a659e34cf4427a3b1ceb27 Avoid checking interrupt when loading iseq MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The interrupt check will unintentionally release the VM lock when loading an iseq. And this will cause issues with the `debug` gem's [`ObjectSpace.each_iseq` method](https://github.com/ruby/debug/blob/0fcfc28acae33ec1c08068fb7c33703cfa681fa7/ext/debug/iseq_collector.c#L61-L67), which wraps iseqs with a wrapper and exposes their internal states when they're actually not ready to be used. And when that happens, errors like this would occur and kill the `debug` gem's thread: ``` DEBUGGER: ReaderThreadError: uninitialized InstructionSequence ┃ DEBUGGER: Disconnected. ┃ ["/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:247:in `absolute_path'", ┃ "/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:247:in `block in iterate_iseq'", ┃ "/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:246:in `each_iseq'", ... ``` A way to reproduce the issue is to satisfy these conditions at the same time: 1. `debug` gem calling `ObjectSpace.each_iseq` (e.g. [activating a `LineBreakpoint`](https://github.com/ruby/debug/blob/0fcfc28acae33ec1c08068fb7c33703cfa681fa7/lib/debug/breakpoint.rb#L246)). 2. A large amount of iseq being loaded from another thread (possibly through the `bootsnap` gem). 3. 1 and 2 iterating through the same iseq(s) at the same time. Because this issue requires external dependencies and a rather complicated timing setup to reproduce, I wasn't able to write a test case for it. But here's some pseudo code to help reproduce it: ```rb require "debug/session" Thread.new do 100.times do ObjectSpace.each_iseq do |iseq| iseq.absolute_path end end end sleep 0.1 load_a_bunch_of_iseq possibly_through_bootsnap ``` [Bug #19348] Co-authored-by: Peter Zhu <peter@peterzhu.ca> --- compile.c | 2 +- vm_core.h | 1 + vm_insnhelper.c | 11 +++++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) 
	Avoid checking interrupt when loading iseq
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	The interrupt check will unintentionally release the VM lock when loading an iseq.
	And this will cause issues with the `debug` gem's
	[`ObjectSpace.each_iseq` method](https://github.com/ruby/debug/blob/0fcfc28acae33ec1c08068fb7c33703cfa681fa7/ext/debug/iseq_collector.c#L61-L67),
	which wraps iseqs with a wrapper and exposes their internal states when they're actually not ready to be used.

	And when that happens, errors like this would occur and kill the `debug` gem's thread:

	```
	 DEBUGGER: ReaderThreadError: uninitialized InstructionSequence
	┃ DEBUGGER: Disconnected.
	┃ ["/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:247:in `absolute_path'",
	┃  "/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:247:in `block in iterate_iseq'",
	┃  "/opt/rubies/ruby-3.2.0/lib/ruby/gems/3.2.0/gems/debug-1.7.1/lib/debug/breakpoint.rb:246:in `each_iseq'",
	...
	```

	A way to reproduce the issue is to satisfy these conditions at the same time:

	1. `debug` gem calling `ObjectSpace.each_iseq` (e.g. [activating a `LineBreakpoint`](https://github.com/ruby/debug/blob/0fcfc28acae33ec1c08068fb7c33703cfa681fa7/lib/debug/breakpoint.rb#L246)).
	2. A large amount of iseq being loaded from another thread (possibly through the `bootsnap` gem).
	3. 1 and 2 iterating through the same iseq(s) at the same time.

	Because this issue requires external dependencies and a rather complicated timing setup to reproduce, I wasn't able to write a test case for it.
	But here's some pseudo code to help reproduce it:

	```rb
	require "debug/session"

	Thread.new do
	  100.times do
	    ObjectSpace.each_iseq do |iseq|
	      iseq.absolute_path
	    end
	  end
	end

	sleep 0.1

	load_a_bunch_of_iseq
	possibly_through_bootsnap
	```

	[Bug #19348]

	Co-authored-by: Peter Zhu <peter@peterzhu.ca>
	---
	 compile.c       |  2 +-
	 vm_core.h       |  1 +
	 vm_insnhelper.c | 11 +++++++++++
	 3 files changed, 13 insertions(+), 1 deletion(-)