From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=AWL,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,UNPARSEABLE_RELAY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 051501F934 for ; Mon, 28 Sep 2020 00:07:55 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 0E3BA120A33; Mon, 28 Sep 2020 09:07:17 +0900 (JST) Received: from xtrwkhkc.outbound-mail.sendgrid.net (xtrwkhkc.outbound-mail.sendgrid.net [167.89.16.28]) by neon.ruby-lang.org (Postfix) with ESMTPS id 3A4AC120A31 for ; Mon, 28 Sep 2020 09:07:15 +0900 (JST) Received: by filterdrecv-p3mdw1-5dd6bc5999-sjdcs with SMTP id filterdrecv-p3mdw1-5dd6bc5999-sjdcs-19-5F712951-A7 2020-09-28 00:07:46.010197206 +0000 UTC m=+526152.795345594 Received: from herokuapp.com (unknown) by ismtpd0096p1iad2.sendgrid.net (SG) with ESMTP id GUKv7RKiRaedNjnUtoPzWQ for ; Mon, 28 Sep 2020 00:07:45.892 +0000 (UTC) Date: Mon, 28 Sep 2020 00:07:46 +0000 (UTC) From: sam.saffron@gmail.com Message-ID: References: Mime-Version: 1.0 X-Redmine-MailingListIntegration-Message-Ids: 76030 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 15661 X-Redmine-Issue-Author: headius X-Redmine-Sender: sam.saffron X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: =?us-ascii?Q?GD31AXMrLYtZC3ZmvheLkg5nAqKYtjT=2Fa5aksj98ZWOqX6Cc4ut1RhubHAxgwy?= =?us-ascii?Q?CpquQRVdFtZDxq5HJhzfHLaEvCD=2Ff16s3tO7wyS?= =?us-ascii?Q?19JLClKF+GI=2FS=2FmhfH6TjfRUGE2JqL8AMd1q6nw?= =?us-ascii?Q?6WHdn3pXhEighB6aoPcl=2FFuegUk0vIH86lxJ+bx?= =?us-ascii?Q?gk9jz0wm=2FAeH1Lz6LcmK0nQk+ygjQXPz+D8Ornp?= =?us-ascii?Q?7CPKwD63A3gXeO24U=3D?= To: ruby-core@ruby-lang.org X-ML-Name: ruby-core X-Mail-Count: 100190 Subject: [ruby-core:100190] [Ruby master Bug#15661] Disallow concurrent Dir.chdir with block X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #15661 has been updated by sam.saffron (Sam Saffron). I guess my bigger point here is that even with this fix the block form remains unsafe under concurrent use. At best this catches a few multithreading bugs. The construct is incompatible with multithreaded programming cause state leaks. I do not object to making this "a little less terrible". But ... it remains terrible. This fix also does nothing really for single threaded programs which are not in scope. ---------------------------------------- Bug #15661: Disallow concurrent Dir.chdir with block https://bugs.ruby-lang.org/issues/15661#change-87761 * Author: headius (Charles Nutter) * Status: Open * Priority: Normal * ruby -v: all * Backport: 2.4: UNKNOWN, 2.5: UNKNOWN, 2.6: UNKNOWN ---------------------------------------- `Dir.chdir` with a block should disallow concurrent use, since it will almost never produce the results a user expects. In https://bugs.ruby-lang.org/issues/9785 calls for `Dir.chdir` to be made thread-safe were rejected because the underlying native call is process-global. This is reasonable because there's no way to easily make the native chdir be thread-local (at least not without larger changes to CRuby itself). However the block form of `chdir` is explicitly bounded, and clearly indicates that the dir should be changed only for the given block. I believe `Dir.chdir` should prevent multiple threads from attempting to do this bounded `chdir` at the same time. Currently, if two threads attempt to do a `Dir.chdir` with a block, one of them will see a warning: "conflicting chdir during another chdir block". This warning is presumably intended to inform the user that they may see unpredictable results, but I can think of no cases where you would ever see predictable results. In other words, there's no reason to allow a user to do concurrent `Dir.chdir` with a block because they will always be at risk of unpredictable results, and I believe this only leads to hard-to-diagnose bugs. The warning should be a hard error. The warning should also be turned into an error if a non-block `Dir.chdir` call happens while a block Dir.chdir is in operation. The important thing is to protect the integrity of the current directory during the lifetime of that block invocation. In CRuby terms, the patch would be to check for `chdir_blocking > 0` and then simply error out, unless it's happening on the same thread. Concurrent non-block `Dir.chdir` would be unaffected. This only protects the block form from having the current dir change while it is executing. See https://github.com/jruby/jruby/issues/5649 -- https://bugs.ruby-lang.org/