From eb92159d72fc711387f7e17ffbaca1678f23fd47 Mon Sep 17 00:00:00 2001 From: 卜部昌平 Date: Thu, 3 Oct 2019 12:26:41 +0900 Subject: Revert https://github.com/ruby/ruby/pull/2486 This reverts commits: 10d6a3aca7 8ba48c1b85 fba8627dc1 dd883de5ba 6c6a25feca 167e6b48f1 7cb96d41a5 3207979278 595b3c4fdd 1521f7cf89 c11c5e69ac cf33608203 3632a812c0 f56506be0d 86427a3219 . The reason for the revert is that we observe ABA problem around inline method cache. When a cache misshits, we search for a method entry. And if the entry is identical to what was cached before, we reuse the cache. But the commits we are reverting here introduced situations where a method entry is freed, then the identical memory region is used for another method entry. An inline method cache cannot detect that ABA. Here is a code that reproduce such situation: ```ruby require 'prime' class << Integer alias org_sqrt sqrt def sqrt(n) raise end GC.stress = true Prime.each(7*37){} rescue nil # <- Here we populate CC class << Object.new; end # These adjacent remove-then-alias maneuver # frees a method entry, then immediately # reuses it for another. remove_method :sqrt alias sqrt org_sqrt end Prime.each(7*37).to_a # <- SEGV ``` --- proc.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'proc.c') diff --git a/proc.c b/proc.c index 0fd2126fff..667b86ac1b 100644 --- a/proc.c +++ b/proc.c @@ -1426,7 +1426,7 @@ bm_compact(void *ptr) UPDATE_REFERENCE(data->recv); UPDATE_REFERENCE(data->klass); UPDATE_REFERENCE(data->iclass); - UPDATE_TYPED_REFERENCE(const rb_method_entry_t *, data->me); + UPDATE_TYPED_REFERENCE(rb_method_entry_t *, data->me); } static size_t @@ -1474,9 +1474,19 @@ mnew_missing(VALUE klass, VALUE obj, ID id, VALUE mclass) { struct METHOD *data; VALUE method = TypedData_Make_Struct(mclass, struct METHOD, &method_data_type, data); + rb_method_entry_t *me; + rb_method_definition_t *def; + RB_OBJ_WRITE(method, &data->recv, obj); RB_OBJ_WRITE(method, &data->klass, klass); - RB_OBJ_WRITE(method, &data->me, rb_method_entry_for_missing(id, klass)); + + def = ZALLOC(rb_method_definition_t); + def->type = VM_METHOD_TYPE_MISSING; + def->original_id = id; + + me = rb_method_entry_create(id, klass, METHOD_VISI_UNDEF, def); + + RB_OBJ_WRITE(method, &data->me, me); OBJ_INFECT(method, klass); @@ -1519,7 +1529,7 @@ mnew_internal(const rb_method_entry_t *me, VALUE klass, VALUE iclass, if (me->defined_class) { VALUE klass = RCLASS_SUPER(RCLASS_ORIGIN(me->defined_class)); id = me->def->original_id; - me = (const rb_method_entry_t *)rb_callable_method_entry_with_refinements(klass, id, &iclass); + me = (rb_method_entry_t *)rb_callable_method_entry_with_refinements(klass, id, &iclass); } else { VALUE klass = RCLASS_SUPER(me->owner); @@ -1557,7 +1567,7 @@ mnew(VALUE klass, VALUE obj, ID id, VALUE mclass, int scope) me = rb_method_entry_with_refinements(klass, id, &iclass); } else { - me = (const rb_method_entry_t *)rb_callable_method_entry_with_refinements(klass, id, &iclass); + me = (rb_method_entry_t *)rb_callable_method_entry_with_refinements(klass, id, &iclass); } return mnew_from_me(me, klass, iclass, obj, id, mclass, scope); } @@ -2947,7 +2957,7 @@ method_super_method(VALUE method) super_class = RCLASS_SUPER(RCLASS_ORIGIN(iclass)); mid = data->me->called_id; if (!super_class) return Qnil; - me = (const rb_method_entry_t *)rb_callable_method_entry_with_refinements(super_class, mid, &iclass); + me = (rb_method_entry_t *)rb_callable_method_entry_with_refinements(super_class, mid, &iclass); if (!me) return Qnil; return mnew_internal(me, me->owner, iclass, data->recv, mid, rb_obj_class(method), FALSE, FALSE); } -- cgit v1.2.3