From 67d6aaca3521f6fe089103e72157e05ee950882a Mon Sep 17 00:00:00 2001 From: ko1 Date: Tue, 18 Jun 2013 19:50:44 +0000 Subject: * variable.c (rb_const_set): fix WB miss. WBs had located before creating reference between a klass and constant value. It causes GC bug. # pseudo code: WB(klass, value); # WB and remember klass st_insert(klass->const_table, const_id, value); `st_insert()' can cause GC before inserting `value' and forget `klass' from the remember set. After that, relationship between `klass' and `value' are created with constant table. Now, `value' can be young (shady) object and `klass' can be old object, without remembering `klass' object. At the next GC, old `klass' object will be skipped and young (shady) `value' will be miss-collected. -> GC bug Lesson: The place of a WB is important. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@41396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 21 +++++++++++++++++++++ variable.c | 8 ++++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 60071c515c..482f152f86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ +Wed Jun 19 04:33:22 2013 Koichi Sasada + + * variable.c (rb_const_set): fix WB miss. + + WBs had located before creating reference between a klass + and constant value. It causes GC bug. + + # pseudo code: + WB(klass, value); # WB and remember klass + st_insert(klass->const_table, const_id, value); + + `st_insert()' can cause GC before inserting `value' and + forget `klass' from the remember set. After that, relationship + between `klass' and `value' are created with constant table. + Now, `value' can be young (shady) object and `klass' can be old + object, without remembering `klass' object. + At the next GC, old `klass' object will be skipped and + young (shady) `value' will be miss-collected. -> GC bug + + Lesson: The place of a WB is important. + Tue Jun 18 22:01:00 2013 Charlie Somerville * vm_insnhelper.c (vm_call_method): ensure methods of type diff --git a/variable.c b/variable.c index 79fcca0280..0dad3663a4 100644 --- a/variable.c +++ b/variable.c @@ -2155,7 +2155,7 @@ rb_const_set(VALUE klass, ID id, VALUE val) /* for autoloading thread, keep the defined value to autoloading storage */ if (load && (ele = check_autoload_data(load)) && (ele->thread == rb_thread_current())) { rb_vm_change_state(); - ele->value = val; + ele->value = val; /* autoload_i is shady */ return; } /* otherwise, allow to override */ @@ -2180,12 +2180,12 @@ rb_const_set(VALUE klass, ID id, VALUE val) rb_vm_change_state(); ce = ALLOC(rb_const_entry_t); + MEMZERO(ce, rb_const_entry_t, 1); ce->flag = visibility; - OBJ_WRITE(klass, (VALUE *)&ce->value, val); - OBJ_WRITE(klass, (VALUE *)&ce->file, rb_sourcefilename()); ce->line = rb_sourceline(); - st_insert(RCLASS_CONST_TBL(klass), (st_data_t)id, (st_data_t)ce); + OBJ_WRITE(klass, (VALUE *)&ce->value, val); + OBJ_WRITE(klass, (VALUE *)&ce->file, rb_sourcefilename()); } void -- cgit v1.2.3