diff options
author | 卜部昌平 <shyouhei@ruby-lang.org> | 2019-10-03 12:26:41 +0900 |
---|---|---|
committer | 卜部昌平 <shyouhei@ruby-lang.org> | 2019-10-03 12:45:24 +0900 |
commit | eb92159d72fc711387f7e17ffbaca1678f23fd47 (patch) | |
tree | 13c5177b80fbd50c7113eee5aca5158652f24f1b /vm_backtrace.c | |
parent | ef697388becedf36966a2edcdcf88baca342b9e2 (diff) |
Revert https://github.com/ruby/ruby/pull/2486
This reverts commits: 10d6a3aca7 8ba48c1b85 fba8627dc1 dd883de5ba
6c6a25feca 167e6b48f1 7cb96d41a5 3207979278 595b3c4fdd 1521f7cf89
c11c5e69ac cf33608203 3632a812c0 f56506be0d 86427a3219 .
The reason for the revert is that we observe ABA problem around
inline method cache. When a cache misshits, we search for a
method entry. And if the entry is identical to what was cached
before, we reuse the cache. But the commits we are reverting here
introduced situations where a method entry is freed, then the
identical memory region is used for another method entry. An
inline method cache cannot detect that ABA.
Here is a code that reproduce such situation:
```ruby
require 'prime'
class << Integer
alias org_sqrt sqrt
def sqrt(n)
raise
end
GC.stress = true
Prime.each(7*37){} rescue nil # <- Here we populate CC
class << Object.new; end
# These adjacent remove-then-alias maneuver
# frees a method entry, then immediately
# reuses it for another.
remove_method :sqrt
alias sqrt org_sqrt
end
Prime.each(7*37).to_a # <- SEGV
```
Diffstat (limited to 'vm_backtrace.c')
-rw-r--r-- | vm_backtrace.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/vm_backtrace.c b/vm_backtrace.c index 3a8ad9143d..44a4ac0784 100644 --- a/vm_backtrace.c +++ b/vm_backtrace.c @@ -1349,7 +1349,7 @@ frame2iseq(VALUE frame) return (const rb_iseq_t *)frame; case imemo_ment: { - const rb_callable_method_entry_t *cme = (const rb_callable_method_entry_t *)frame; + const rb_callable_method_entry_t *cme = (rb_callable_method_entry_t *)frame; switch (cme->def->type) { case VM_METHOD_TYPE_ISEQ: return cme->def->body.iseq.iseqptr; @@ -1405,7 +1405,7 @@ frame2klass(VALUE frame) if (frame == Qnil) return Qnil; if (RB_TYPE_P(frame, T_IMEMO)) { - const rb_callable_method_entry_t *cme = (const rb_callable_method_entry_t *)frame; + const rb_callable_method_entry_t *cme = (rb_callable_method_entry_t *)frame; if (imemo_type(frame) == imemo_ment) { return cme->defined_class; |