Issue #19575 has been reported by peterzhu2118 (Peter Zhu).
----------------------------------------
Bug #19575: Crash in Time on 32-bit systems
https://bugs.ruby-lang.org/issues/19575
* Author: peterzhu2118 (Peter Zhu)
* Status: Open
* Priority: Normal
* Backport: 3.0: REQUIRED, 3.1: REQUIRED, 3.2: REQUIRED
----------------------------------------
GitHub PR: https://github.com/ruby/ruby/pull/7650
struct vtm is packed causing it to have a size that is not aligned on 32-bit systems. When allocating it on the stack, it will have unaligned addresses which means that the fields won't be marked by the GC when scanning the stack (since the GC only marks aligned addresses). This can cause crashes when the fields are heap allocated objects like Bignums.
The proposed fix moves the flags in struct time_object into struct vtm for space efficiency and removes the need for packing.
This is an example of a crash:
ruby(rb_print_backtrace+0xd) [0x56848945] ../src/vm_dump.c:785
ruby(rb_vm_bugreport) ../src/vm_dump.c:1101
ruby(rb_assert_failure+0x7a) [0x56671857] ../src/error.c:878
ruby(vm_search_cc+0x0) [0x56666e47] ../src/vm_method.c:1366
ruby(rb_vm_search_method_slowpath) ../src/vm_insnhelper.c:2090
ruby(callable_method_entry+0x5) [0x568232d3] ../src/vm_method.c:1406
ruby(rb_callable_method_entry) ../src/vm_method.c:1413
ruby(gccct_method_search_slowpath) ../src/vm_eval.c:427
ruby(gccct_method_search+0x20f) [0x568237ef] ../src/vm_eval.c:476
ruby(opt_equality_by_mid_slowpath+0x2c) [0x5682388c] ../src/vm_insnhelper.c:2338
ruby(rb_equal+0x37) [0x566fe577] ../src/object.c:133
ruby(rb_big_eq+0x34) [0x56876ee4] ../src/bignum.c:5554
ruby(rb_int_equal+0x14) [0x566f3ed4] ../src/numeric.c:4640
ruby(rb_int_equal) ../src/numeric.c:4634
ruby(vm_call0_cfunc_with_frame+0x6d) [0x568303c2] ../src/vm_eval.c:148
ruby(vm_call0_cfunc) ../src/vm_eval.c:162
ruby(vm_call0_body) ../src/vm_eval.c:208
ruby(rb_funcallv_scope+0xd1) [0x56833971] ../src/vm_eval.c:85
ruby(RB_TEST+0x0) [0x567e8488] ../src/time.c:78
ruby(eq) ../src/time.c:78
ruby(small_vtm_sub) ../src/time.c:1523
ruby(timelocalw+0x23b) [0x567f3e9b] ../src/time.c:1593
ruby(time_s_alloc+0x0) [0x567f536b] ../src/time.c:3698
ruby(time_new_timew) ../src/time.c:2694
ruby(time_s_mktime) ../src/time.c:3698
--
https://bugs.ruby-lang.org/
Issue #19550 has been reported by peterzhu2118 (Peter Zhu).
----------------------------------------
Bug #19550: Memory leak in iclass for 32 bit systems
https://bugs.ruby-lang.org/issues/19550
* Author: peterzhu2118 (Peter Zhu)
* Status: Open
* Priority: Normal
* Backport: 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED
----------------------------------------
If !RCLASS_EXT_EMBEDDED (e.g. 32 bit systems) then the rb_classext_t is allocated throug malloc so it must be freed.
The issue can be seen in the following script:
```ruby
20.times do
100_000.times do
mod = Module.new
Class.new do
include mod
end
end
# Output the Resident Set Size (memory usage, in KB) of the current Ruby process
puts `ps -o rss= -p #{$$}`
end
```
Before this fix, the max RSS is 280MB, while after this change, it's 30MB.
--
https://bugs.ruby-lang.org/
Issue #19084 has been updated by nagachika (Tomoyuki Chikanaga).
Backport changed from 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: REQUIRED, 3.2: REQUIRED to 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: REQUIRED, 3.2: DONE
ruby_3_2 c911cbd6c3dcc80def61ab48be1815cd910fc91b merged revision(s) bd786e78969f9d4a8699376ceafe10934b6ad533.
----------------------------------------
Bug #19084: Using `IO::Buffer` to change an extended String affects other Strings sharing the same buffer
https://bugs.ruby-lang.org/issues/19084#change-103889
* Author: jemmai (Jemma Issroff)
* Status: Closed
* Priority: Normal
* ruby -v: master
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: REQUIRED, 3.2: DONE
----------------------------------------
When two extended Strings share a buffer, and one String's buffer changes, it currently affects the other String's buffer.
Here is a snippet to demonstrate this:
```
string = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
other_string = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
IO::Buffer.for(string) do |buffer|
buffer.set_value(:U8, 0, "*".ord)
end
other_string[0] == "a"
# => false
```
[Here is a PR which adds the above example as a test](https://github.com/ruby/ruby/pull/6630), and is currently failing CI.
(cc @ioquatix)
--
https://bugs.ruby-lang.org/
Issue #19482 has been reported by peterzhu2118 (Peter Zhu).
----------------------------------------
Bug #19482: Fix crash when allocating classes with newobj hook
https://bugs.ruby-lang.org/issues/19482
* Author: peterzhu2118 (Peter Zhu)
* Status: Open
* Priority: Normal
* Backport: 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED
----------------------------------------
GitHub PR: https://github.com/ruby/ruby/pull/7464
We need to zero out the whole slot when running the newobj hook for a newly allocated class because the slot could be filled with garbage, which would cause a crash if a GC runs inside of the newobj hook.
For example, the following script crashes:
```ruby
require "objspace"
GC.stress = true
ObjectSpace.trace_object_allocations {
100.times do
Class.new
end
}
```
--
https://bugs.ruby-lang.org/
Issue #19463 has been reported by alanwu (Alan Wu).
----------------------------------------
Bug #19463: YJIT `[BUG] Stack consistency error` under certain invalidation scenarios
https://bugs.ruby-lang.org/issues/19463
* Author: alanwu (Alan Wu)
* Status: Open
* Priority: Normal
* ruby -v: ruby 3.2.1 (2023-02-08 revision 31819e82c8) +YJIT [arm64-darwin22]
* Backport: 2.7: DONTNEED, 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED
----------------------------------------
> test.rb:19: [BUG] Stack consistency error (sp: 15, bp: 16)
With the following:
```ruby
klass = Class.new do
def self.lookup(hash, key) = hash[key]
def self.foo(a, b) = []
def self.test(hash, key)
[lookup(hash, key), key, "".freeze]
# 05 opt_send_without_block :lookup
# 07 getlocal_WC_0 :hash
# 09 opt_str_freeze ""
# 12 newarray 3
# 14 leave
#
# YJIT will put instructions (07..14) into a block.
# When String#freeze is redefined from within lookup(),
# the return address to the block is still on-stack. We rely
# on invalidation patching the code at the return address
# to service this situation correctly.
end
end
# get YJIT to compile test()
hash = { 1 => [] }
31.times { klass.test(hash, 1) }
# inject invalidation into lookup()
evil_hash = Hash.new do |_, key|
class String
undef :freeze
def freeze = :ugokanai
end
key
end
p klass.test(evil_hash, 1)
```
The fix is fairly simple and I'll apply it shortly.
--
https://bugs.ruby-lang.org/
Issue #19714 has been reported by shugo (Shugo Maeda).
----------------------------------------
Feature #19714: Add Refinement#refined_module
https://bugs.ruby-lang.org/issues/19714
* Author: shugo (Shugo Maeda)
* Status: Assigned
* Priority: Normal
* Assignee: matz (Yukihiro Matsumoto)
* Target version: 3.3
----------------------------------------
Eregon (Benoit Daloze) wrote in https://bugs.ruby-lang.org/issues/12737#note-15:
> `Refinement#refined_class` is a bit strange given it can return a module.
> How about adding `Refinement#refined_module` as an alias for clarity?
I'm for it. What do you think, Matz?
--
https://bugs.ruby-lang.org/
Issue #19769 has been reported by alexandre (alexandre borderes).
----------------------------------------
Bug #19769: Range of size 1 in String#tr causes unexpected behavior
https://bugs.ruby-lang.org/issues/19769
* Author: alexandre (alexandre borderes)
* Status: Open
* Priority: Normal
* Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN
----------------------------------------
Hi,
I noticed a possible unexpected behavior in String#tr.
Is that intentional?
``` ruby
'ABC'.tr 'A-AB', 'XY' # => "YYC"
```
I would expect the same result as:
``` ruby
'ABC'.tr 'AB', 'XY' # => "XYC"
```
The tr utility does exactly that:
``` shell
echo ABC | tr A-AB XY # => "XYC"
```
The letter 'A' is interpreted 2 times in that case, shifting by 1 all the replacement string.
--
https://bugs.ruby-lang.org/