From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: poffice@blade.nagaokaut.ac.jp Delivered-To: poffice@blade.nagaokaut.ac.jp Received: from kankan.nagaokaut.ac.jp (kankan.nagaokaut.ac.jp [133.44.2.24]) by blade.nagaokaut.ac.jp (Postfix) with ESMTP id C261517DE323 for ; Mon, 23 Feb 2015 19:38:17 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (smtp.nagaokaut.ac.jp [133.44.2.201]) by kankan.nagaokaut.ac.jp (Postfix) with ESMTP id DF156B5D92D for ; Mon, 23 Feb 2015 19:41:53 +0900 (JST) Received: from funfun.nagaokaut.ac.jp (localhost.nagaokaut.ac.jp [127.0.0.1]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id 257A897A826 for ; Mon, 23 Feb 2015 19:41:56 +0900 (JST) X-Virus-Scanned: amavisd-new at nagaokaut.ac.jp Authentication-Results: funfun.nagaokaut.ac.jp (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=sendgrid.me Received: from funfun.nagaokaut.ac.jp ([127.0.0.1]) by funfun.nagaokaut.ac.jp (funfun.nagaokaut.ac.jp [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 90wguuThkZxt for ; Mon, 23 Feb 2015 19:41:56 +0900 (JST) Received: from voscc.nagaokaut.ac.jp (voscc.nagaokaut.ac.jp [133.44.1.100]) by funfun.nagaokaut.ac.jp (Postfix) with ESMTP id DE19E97A820 for ; Mon, 23 Feb 2015 19:41:55 +0900 (JST) Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by voscc.nagaokaut.ac.jp (Postfix) with ESMTP id 664D395241A for ; Mon, 23 Feb 2015 19:41:52 +0900 (JST) Received: from [221.186.184.76] (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 68F8712044E; Mon, 23 Feb 2015 19:41:44 +0900 (JST) X-Original-To: ruby-core@ruby-lang.org Delivered-To: ruby-core@ruby-lang.org Received: from o10.shared.sendgrid.net (o10.shared.sendgrid.net [173.193.132.135]) by neon.ruby-lang.org (Postfix) with ESMTPS id C1B98120413 for ; Mon, 23 Feb 2015 19:41:40 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=kPTio5s9j74JyTIz8wK/ROr6nAU=; b=kkHuj10KdwsL4H2pi6 6iRUo7InI0DoYIlMZgNL8mp4GYkT4AWqSw+ZFf5qqmHvFI7VGjiI6e7s/qOdAG9h PqacZS9jz8XFqGxWZfqFiYZltnRfiyMrJnphrvjnvksUNBVTADS4pWVV6nb5OwpE cbZiNc65KYL/JTCdOeoWo7Xpk= Received: by filter0055p1mdw1.sendgrid.net with SMTP id filter0055p1mdw1.4495.54EB03DF15 2015-02-23 10:41:36.030004023 +0000 UTC Received: from herokuapp.com (ec2-54-224-24-226.compute-1.amazonaws.com [54.224.24.226]) by ismtpd-025 (SG) with ESMTP id 14bb607228f.2f85.7d8b4f Mon, 23 Feb 2015 10:41:35 +0000 (UTC) Date: Mon, 23 Feb 2015 10:41:35 +0000 From: ko1@atdot.net To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Redmine-MailingListIntegration-Message-Ids: 42676 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 10871 X-Redmine-Issue-Author: evanphx X-Redmine-Sender: ko1 X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: OOF Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS6vRP3m3gGEM2BAZwfgO6tXPdTROK28fhoDSn +nLqb4Dp/OLk6Rw9tjqGTrv0WtFCK2rr+pf4aUzqpReKEv7QDKbQY0m4kfcJQNLTpVYBSptdkK7ivB ++0DHh6TyZloF5MpWfTA3JrA5rgb9p+CTqV/ X-ML-Name: ruby-core X-Mail-Count: 68248 Subject: [ruby-core:68248] [Ruby trunk - Bug #10871] Sclass thread unsafe due to CREF sharing X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #10871 has been updated by Koichi Sasada. Deterministic example (avoiding non-deterministic). ```ruby class C end class D end $fibs = [] $xs = [] [C, D].each{|klass| klass.class_eval{ $fibs << Fiber.new{ class << self class X $xs << self CONST = $i def self.i CONST end def i CONST end end end } } } 2.times{|i| $i = i $fibs[i].resume } $xs.each{|x| p [x::CONST, x.i, x.new.i] } ``` To solve this issue, I will duplicate iseq (CREF holder) for sclass. I need to check other cases. ---------------------------------------- Bug #10871: Sclass thread unsafe due to CREF sharing https://bugs.ruby-lang.org/issues/10871#change-51608 * Author: Evan Phoenix * Status: Open * Priority: High * Assignee: * ruby -v: 2.2.0p0, trunk * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- When entering an sclass, the context is tracked via the same cref mechanism used for class and module, specifically on the iseq->cref_stack. The bug is that the cref_stack is the wrong place to put the new cref because the scope is specific only to that sclass body. Mutating and using the iseq->cref_stack causes any code that reads the cref via this cref_stack to incorrectly pick up the sclass instance instead of the proper scope! This is major thread safety bug because it means that all uses of `class << obj` are thread-unsafe and can cause random code to fail. Here is a simple reproduction of the bug: https://gist.github.com/evanphx/6eef92f2c40662a4171b I attempted to fix the bug by treating an sclass body the same as an eval, which already has special handling for cref's but I don't understand the code enough to make that change quickly. I believe this is a major bug and hope that ruby-core can address it soon. Thank you! -- https://bugs.ruby-lang.org/