'[ruby-core:94076] [Ruby master Bug#15821] ruby_process_options() may cause "WB miss (O->Y)"'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ruby-core
Subject:    [ruby-core:94076] [Ruby master Bug#15821] ruby_process_options() may cause "WB miss (O->Y)"
From:       nagachika00 () gmail ! com
Date:       2019-07-31 14:32:50
Message-ID: redmine.journal-80306.20190731143249.d217ae4c320d1859 () ruby-lang ! org
[Download RAW message or body]

Issue #15821 has been updated by nagachika (Tomoyuki Chikanaga).

Backport changed from 2.4: REQUIRED, 2.5: REQUIRED, 2.6: REQUIRED to 2.4: REQUIRED, \
2.5: REQUIRED, 2.6: DONE

ruby_2_6 r67720 merged revision(s) \
b165bedcbd41d791a85fc1ce90b57a0d0525f319,ac00bdc8a8ac2c62a94dd36a7784d15bbcb7df19.

----------------------------------------
Bug #15821: ruby_process_options() may cause "WB miss (O->Y)"
https://bugs.ruby-lang.org/issues/15821#change-80306

* Author: wanabe (_ wanabe)
* Status: Closed
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]
* Backport: 2.4: REQUIRED, 2.5: REQUIRED, 2.6: DONE
----------------------------------------
## Problem

Ruby interpreter may cause error "WB miss (O->Y)" on some conditions that are \
`RGENGC_CHECK_MODE=5` and `RUBY_DEBUG=gc_stress`

## How to reproduce

1. build ruby with high RGENGC_CHECK_MODE
   * `make ruby optflags="-O3 -DRGENGC_CHECK_MODE=5"`
2. run ruby with gc_stress
   * `RUBY_DEBUG=gc_stress ./ruby --disable-gems -ve 1`

## Probable cause

1. `rb_construct_expanded_load_path` calls `rb_ary_replace(vm->load_path_snapshot, \
vm->load_path)`. 2. It creates shared root array and makes `vm->load_path` \
SHARED_ARRAY. 3. After a while, `process_options` calls `RARRAY_ASET(load_path, i, \
path)`. 4. It calls `rb_gc_writebarrier` -> `gc_writebarrier_generational`.
   * Incremental mark phase is finished because of `RUBY_DEBUG=gc_stress`.
5. It makes `vm->load_path` remembered, but not shared root array!
6. "WB miss (O->Y)" is done.
   * Old parent is shared root array.
   * New child is `path` of above 3.

## Proposal

How about call `rb_ary_modify` before `RARRAY_SET` in `process_options`?
Or using `rb_ary_store` instead of `RARRAY_SET` may avoid the error.

## Sample output

An example of full output is attached.
(Sorry, I GZipped it because of file-size limitation)
The snippet is here:

```
ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]
verify_internal_consistency_reachable_i: WB miss (O->Y) 0x000055c3262f3610 [3LM   ] \
T_ARRAY [   ] len: 20, capa:2 ptr:0x000055c326498380 -> 0x000055c3262f3908 [2  P  ] \
T_STRING (String) /home/wanabe/.rbenv/versions/trunk/lib/ruby/site_ruby/2.7.0 [all \
refs] (size: 5307) (snip)
[allrefs_dump_i] 0x000055c3263349f8 [3LMP  ] T_ARRAY [E ] len: 0 (embed) <- \
                <0x000055c326336f28 [0  P U] VM/thread (Thread) VM/thread>
./ruby: [BUG] Segmentation fault at 0x0000000000000010
ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0001 p:0000 s:0003 E:0022c0 (none) [FINISH]


-- Machine register context ------------------------------------------------
 RIP: 0x000055c32452e15a RBP: 0x0000000000000001 RSP: 0x00007ffea126d470
 RAX: 0x0000000000000000 RBX: 0x000055c3262ef3c8 RCX: 0x0000000000000001
 RDX: 0x000055c324773446 RDI: 0x00007ff8c77cb680 RSI: 0x0000000000000001
  R8: 0x000055c3262ef3b8  R9: 0x0000000000000018 R10: 0x0000000000000018
 R11: 0x0000000000000246 R12: 0x0000000000000100 R13: 0x0000000000000005
 R14: 0x000055c3262f3c28 R15: 0x000055c3262ef1b0 EFL: 0x0000000000010206

-- C level backtrace information -------------------------------------------
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(rb_vm_bugreport+0x554) \
[0x55c324769fa4] ../../vm_dump.c:715 [0x55c324760088]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(sigsegv+0x42) [0x55c324640d42] \
                ../../signal.c:997
/lib/x86_64-linux-gnu/libpthread.so.0(__restore_rt+0x0) [0x7ff8c797ff40]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(allrefs_dump+0x1a) [0x55c32452e15a] \
/usr/include/x86_64-linux-gnu/bits/stdio2.h:100 [0x55c32453a478]
[0x55c32453a64c]
[0x55c32453f874]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(rb_str_dup+0x29) [0x55c32465aa59] \
../../string.c:722 [0x55c32463f2e1]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(ruby_process_options+0xc0) \
                [0x55c3246404a0] ../../ruby.c:2380
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(ruby_options+0xca) [0x55c32451e1ea] \
                ../../eval.c:118
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(main+0x67) [0x55c324519ec7] \
../../main.c:42 (snip)
Aborted (core dumped)
```

---Files--------------------------------
out.log.gz (114 KB)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic