ruby.git/ext/objspace, branch v3_4_9 The Ruby Programming Language objspace_dump: Skip invalid CME when dumping CCs 2026-03-07T05:17:15+00:00 John Hawthorn john@hawthorn.email 2026-02-10T02:39:51+00:00 153fa85994f3f06c93e2b10726c98b6f3b824225 When a CC is invalidated only the klass field is set to 0. After it's invalidated it isn't safe to access the CME, as it may have been freed. I made a similar change in Ruby 4.0 in 640a2f1dc77c0ecf226dbd71cf7a1eb876a1f037, but assumed it was due to the changes we'd made to callcaches making klass a weak-reference. Co-authored-by: Christian Bruckmayer <christian.bruckmayer@shopify.com> 
When a CC is invalidated only the klass field is set to 0. After it's
invalidated it isn't safe to access the CME, as it may have been freed.

I made a similar change in Ruby 4.0 in
640a2f1dc77c0ecf226dbd71cf7a1eb876a1f037, but assumed it was due to the
changes we'd made to callcaches making klass a weak-reference.

Co-authored-by: Christian Bruckmayer <christian.bruckmayer@shopify.com>
use `st_update` to prevent table extension 2024-12-23T02:05:34+00:00 Koichi Sasada ko1@atdot.net 2024-12-20T08:42:53+00:00 c695536cc8ea4be69849394b0c64c974d52c603a to prevent the following scenario: 1. `delete_unique_str()` can be called while GC (sweeping) 2. it calls `st_insert()` to decrement the counter 3. `st_insert()` can try to extend the table even if the key exists 4. `xmalloc` while GC and cause BUG 
to prevent the following scenario:

1. `delete_unique_str()` can be called while GC (sweeping)
2. it calls `st_insert()` to decrement the counter
3. `st_insert()` can try to extend the table even if the key exists
4. `xmalloc` while GC and cause BUG
Prefix asan_poison_object with rb 2024-12-19T14:14:34+00:00 Peter Zhu peter@peterzhu.ca 2024-12-18T17:01:09+00:00 a58675386c10f4183116056bc0cf289548883ac0 






Check whether object is valid in allocation_info_tracer_compact
2024-12-16T17:24:24+00:00

Peter Zhu
peter@peterzhu.ca

2024-12-16T16:41:41+00:00

516a6cd1ad620b880651c1333bd856a9d7dec3c4

When reference updating ObjectSpace.trace_object_allocations, we need to
check whether the object is valid or not because it does not mark the
object so the object may be dead. This can cause a segmentation fault
if the object is on a free heap page.

For example, the following script crashes:

    require "objspace"

    objs = []
    ObjectSpace.trace_object_allocations do
      1_000_000.times do
        objs << Object.new
      end
    end

    objs = nil

    # Free pages that the objs were on
    GC.start

    # Run compaction and check that it doesn't crash
    GC.compact





When reference updating ObjectSpace.trace_object_allocations, we need to
check whether the object is valid or not because it does not mark the
object so the object may be dead. This can cause a segmentation fault
if the object is on a free heap page.

For example, the following script crashes:

    require "objspace"

    objs = []
    ObjectSpace.trace_object_allocations do
      1_000_000.times do
        objs << Object.new
      end
    end

    objs = nil

    # Free pages that the objs were on
    GC.start

    # Run compaction and check that it doesn't crash
    GC.compact







Fix ObjectSpace.trace_object_allocations for compaction
2024-12-16T15:12:54+00:00

Peter Zhu
peter@peterzhu.ca

2024-12-13T17:20:30+00:00

15765eac0ae156afe69b53ab317c4096f2c2c0ec

We need to reinsert into the ST table when an object moves because it is
a numtable that hashes on the object address, so when an object moves we
need to reinsert it rather than just updating the key.





We need to reinsert into the ST table when an object moves because it is
a numtable that hashes on the object address, so when an object moves we
need to reinsert it rather than just updating the key.







Fix compaction check for ObjectSpace.trace_object_allocations
2024-12-16T15:12:54+00:00

Peter Zhu
peter@peterzhu.ca

2024-12-13T17:20:01+00:00

b0385305060e6edf98f92993f3f13c5e6a978b0e

We should be checking for key for moved objects rather than the value
because the key is a Ruby object and the value is malloc'd memory.





We should be checking for key for moved objects rather than the value
because the key is a Ruby object and the value is malloc'd memory.







objspace_dump: Use FILE* to avoid crashing in mark functions
2024-12-09T21:08:35+00:00

Alan Wu
XrXr@users.noreply.github.com

2024-12-07T03:49:53+00:00

476d655053b0e3ea447dc6549b821d18636c6603

We observed crashes from rb_io_bufwrite() thread switching (through
rb_thread_check_ints()) in the middle of rb_execution_context_mark(). By
the time rb_execution_context_mark() gets a timeslice again, it read
garbage from a frame that was already popped in another thread, crashing
the process in SEGV. Other mark functions probably have their own ways
of breaking, but clearly, the usual IO code do too much for this
perilous pseudo GC context.

Use `FILE*` like before 5001cc47169614ea07d87651c95c2ee185e374e0
("Optimize ObjectSpace.dump_all"). Also, add type checking for
the private _dump methods.

Co-authored-by: Peter Zhu <peter@peterzhu.ca>





We observed crashes from rb_io_bufwrite() thread switching (through
rb_thread_check_ints()) in the middle of rb_execution_context_mark(). By
the time rb_execution_context_mark() gets a timeslice again, it read
garbage from a frame that was already popped in another thread, crashing
the process in SEGV. Other mark functions probably have their own ways
of breaking, but clearly, the usual IO code do too much for this
perilous pseudo GC context.

Use `FILE*` like before 5001cc47169614ea07d87651c95c2ee185e374e0
("Optimize ObjectSpace.dump_all"). Also, add type checking for
the private _dump methods.

Co-authored-by: Peter Zhu <peter@peterzhu.ca>







ObjectSpace.dump: handle Module#set_temporary_name
2024-11-12T19:21:27+00:00

Jean Boussier
jean.boussier@gmail.com

2024-11-12T18:52:39+00:00

ee1cd1656fc667840282a4e9c3f2cc5e3154e50e

[Bug #20892]

Until the introduction of that method, it was impossible for a
Module name not to be valid JSON, hence it wasn't going through
the slower escaping function.

This assumption no longer hold.





[Bug #20892]

Until the introduction of that method, it was impossible for a
Module name not to be valid JSON, hence it wasn't going through
the slower escaping function.

This assumption no longer hold.







[Feature #20470] Split GC into gc_impl.c
2024-07-03T13:03:40+00:00

Peter Zhu
peter@peterzhu.ca

2024-05-03T16:00:24+00:00

51bd816517941798c63e587a5a9f3caf69cd510e

This commit splits gc.c into two files:

- gc.c now only contains code not specific to Ruby GC. This includes
  code to mark objects (which the GC implementation may choose not to
  use) and wrappers for internal APIs that the implementation may need
  to use (e.g. locking the VM).

- gc_impl.c now contains the implementation of Ruby's GC. This includes
  marking, sweeping, compaction, and statistics. Most importantly,
  gc_impl.c only uses public APIs in Ruby and a limited set of functions
  exposed in gc.c. This allows us to build gc_impl.c independently of
  Ruby and plug Ruby's GC into itself.





This commit splits gc.c into two files:

- gc.c now only contains code not specific to Ruby GC. This includes
  code to mark objects (which the GC implementation may choose not to
  use) and wrappers for internal APIs that the implementation may need
  to use (e.g. locking the VM).

- gc_impl.c now contains the implementation of Ruby's GC. This includes
  marking, sweeping, compaction, and statistics. Most importantly,
  gc_impl.c only uses public APIs in Ruby and a limited set of functions
  exposed in gc.c. This allows us to build gc_impl.c independently of
  Ruby and plug Ruby's GC into itself.







ruby tool/update-deps --fix
2024-04-27T12:55:28+00:00

卜部昌平
shyouhei@ruby-lang.org

2024-04-25T07:59:22+00:00

c844968b725416efba767ea6161b4c14d8fd9536