From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ruby-core-bounces@ruby-lang.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS4713 221.184.0.0/13
X-Spam-Status: No, score=-3.0 required=3.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75])
	by dcvr.yhbt.net (Postfix) with ESMTP id 833501F45F
	for <normalperson@yhbt.net>; Sat,  4 May 2019 05:42:34 +0000 (UTC)
Received: from neon.ruby-lang.org (localhost [IPv6:::1])
	by neon.ruby-lang.org (Postfix) with ESMTP id E12841209C3;
	Sat,  4 May 2019 14:42:28 +0900 (JST)
Received: from o1678916x28.outbound-mail.sendgrid.net
 (o1678916x28.outbound-mail.sendgrid.net [167.89.16.28])
 by neon.ruby-lang.org (Postfix) with ESMTPS id AA734120927
 for <ruby-core@ruby-lang.org>; Sat,  4 May 2019 14:42:26 +0900 (JST)
Received: by filter0079p3las1.sendgrid.net with SMTP id
 filter0079p3las1-29944-5CCD2642-1C
 2019-05-04 05:42:26.786135759 +0000 UTC m=+723443.234125051
Received: from herokuapp.com (unknown [35.173.254.39])
 by ismtpd0038p1iad2.sendgrid.net (SG) with ESMTP id PDQgaT7_SUaj62AMbWfcQg
 for <ruby-core@ruby-lang.org>; Sat, 04 May 2019 05:42:26.681 +0000 (UTC)
Date: Sat, 04 May 2019 05:42:26 +0000 (UTC)
From: s.wanabe@gmail.com
Message-ID: <redmine.issue-15821.20190504054225.de3f3922e5139860@ruby-lang.org>
References: <redmine.issue-15821.20190504054225@ruby-lang.org>
Mime-Version: 1.0
X-Redmine-MailingListIntegration-Message-Ids: 68020
X-Redmine-Project: ruby-trunk
X-Redmine-Issue-Id: 15821
X-Redmine-Issue-Author: wanabe
X-Redmine-Sender: wanabe
X-Mailer: Redmine
X-Redmine-Host: bugs.ruby-lang.org
X-Redmine-Site: Ruby Issue Tracking System
X-Auto-Response-Suppress: All
Auto-Submitted: auto-generated
X-SG-EID: =?us-ascii?Q?FsuGSN1PD4adq4aDFRSSBF8ffe=2F4plpeX9T+dOtlSNYjfx+b+kDo9xyyRA4do6?=
 =?us-ascii?Q?SbrH6WvI=2FssWjpKroreZlfyizsraP5QaCYDt8DG?=
 =?us-ascii?Q?ZQj2=2F8Y8603x9dXx16jHOScvsFt94itOmPpc4zZ?=
 =?us-ascii?Q?rgDlWuFCGt0S=2FgvlAomA1FifHBfv1ESEoyuv4Ym?=
 =?us-ascii?Q?S+0+cyh4BkLYqxtv2AabrGmC+EWQgqco2+A=3D=3D?=
To: ruby-core@ruby-lang.org
X-ML-Name: ruby-core
X-Mail-Count: 92537
Subject: [ruby-core:92537] [Ruby trunk Bug#15821] ruby_process_options() may
 cause "WB miss (O->Y)"
X-BeenThere: ruby-core@ruby-lang.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Ruby developers <ruby-core@ruby-lang.org>
List-Id: Ruby developers <ruby-core.ruby-lang.org>
List-Unsubscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
List-Post: <mailto:ruby-core@ruby-lang.org>
List-Help: <mailto:ruby-core-request@ruby-lang.org?subject=help>
List-Subscribe: <https://lists.ruby-lang.org/cgi-bin/mailman/listinfo/ruby-core>, 
 <mailto:ruby-core-request@ruby-lang.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ruby-core-bounces@ruby-lang.org
Sender: "ruby-core" <ruby-core-bounces@ruby-lang.org>

Issue #15821 has been reported by wanabe (_ wanabe).

----------------------------------------
Bug #15821: ruby_process_options() may cause "WB miss (O->Y)"
https://bugs.ruby-lang.org/issues/15821

* Author: wanabe (_ wanabe)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
* ruby -v: ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]
* Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN
----------------------------------------
## Problem

Ruby interpreter may cause error "WB miss (O->Y)" on some conditions that are `RGENGC_CHECK_MODE=5` and `RUBY_DEBUG=gc_stress`

## How to reproduce

1. build ruby with high RGENGC_CHECK_MODE
   * `make ruby optflags="-O3 -DRGENGC_CHECK_MODE=5"`
2. run ruby with gc_stress
   * `RUBY_DEBUG=gc_stress ./ruby --disable-gems -ve 1`

## Probable cause

1. `rb_construct_expanded_load_path` calls `rb_ary_replace(vm->load_path_snapshot, vm->load_path)`.
2. It creates shared root array and makes `vm->load_path` SHARED_ARRAY.
3. After a while, `process_options` calls `RARRAY_ASET(load_path, i, path)`.
4. It calls `rb_gc_writebarrier` -> `gc_writebarrier_generational`.
   * Incremental mark phase is finished because of `RUBY_DEBUG=gc_stress`.
5. It makes `vm->load_path` remembered, but not shared root array!
6. "WB miss (O->Y)" is done.
   * Old parent is shared root array.
   * New child is `path` of above 3.

## Proposal

How about call `rb_ary_modify` before `RARRAY_SET` in `process_options`?
Or using `rb_ary_store` instead of `RARRAY_SET` may avoid the error.

## Sample output

An example of full output is attached.
(Sorry, I GZipped it because of file-size limitation)
The snippet is here:

```
ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]
verify_internal_consistency_reachable_i: WB miss (O->Y) 0x000055c3262f3610 [3LM   ] T_ARRAY [   ] len: 20, capa:2 ptr:0x000055c326498380 -> 0x000055c3262f3908 [2  P  ] T_STRING (String) /home/wanabe/.rbenv/versions/trunk/lib/ruby/site_ruby/2.7.0
[all refs] (size: 5307)
(snip)
[allrefs_dump_i] 0x000055c3263349f8 [3LMP  ] T_ARRAY [E ] len: 0 (embed) <- <0x000055c326336f28 [0  P U] VM/thread (Thread) VM/thread>
./ruby: [BUG] Segmentation fault at 0x0000000000000010
ruby 2.7.0dev (2019-05-04 trunk b72623012d) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0001 p:0000 s:0003 E:0022c0 (none) [FINISH]


-- Machine register context ------------------------------------------------
 RIP: 0x000055c32452e15a RBP: 0x0000000000000001 RSP: 0x00007ffea126d470
 RAX: 0x0000000000000000 RBX: 0x000055c3262ef3c8 RCX: 0x0000000000000001
 RDX: 0x000055c324773446 RDI: 0x00007ff8c77cb680 RSI: 0x0000000000000001
  R8: 0x000055c3262ef3b8  R9: 0x0000000000000018 R10: 0x0000000000000018
 R11: 0x0000000000000246 R12: 0x0000000000000100 R13: 0x0000000000000005
 R14: 0x000055c3262f3c28 R15: 0x000055c3262ef1b0 EFL: 0x0000000000010206

-- C level backtrace information -------------------------------------------
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(rb_vm_bugreport+0x554) [0x55c324769fa4] ../../vm_dump.c:715
[0x55c324760088]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(sigsegv+0x42) [0x55c324640d42] ../../signal.c:997
/lib/x86_64-linux-gnu/libpthread.so.0(__restore_rt+0x0) [0x7ff8c797ff40]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(allrefs_dump+0x1a) [0x55c32452e15a] /usr/include/x86_64-linux-gnu/bits/stdio2.h:100
[0x55c32453a478]
[0x55c32453a64c]
[0x55c32453f874]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(rb_str_dup+0x29) [0x55c32465aa59] ../../string.c:722
[0x55c32463f2e1]
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(ruby_process_options+0xc0) [0x55c3246404a0] ../../ruby.c:2380
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(ruby_options+0xca) [0x55c32451e1ea] ../../eval.c:118
/home/wanabe/work/prog/ruby/ruby/tmp/trunk/ruby(main+0x67) [0x55c324519ec7] ../../main.c:42
(snip)
Aborted (core dumped)
```

---Files--------------------------------
out.log.gz (114 KB)


-- 
https://bugs.ruby-lang.org/