| Age | Commit message (Collapse) | Author |
|---|
|
To avoid VM nesting with mrb_funcall()
|
|
|
|
|
|
|
|
|
|
when multiple mrb_gc_register() were called for the same object
|
|
need to find out real memory bug that appears in full-debug/mrbtest
|
|
|
|
RUBY_ENGINE_VERSION and MRUBY_VERSION should refer to the same string.
|
|
d4ee409ae912dec6eb719a5727da4566f817d9d8 should remove this line.
|
|
See https://github.com/mruby/mruby/pull/3142#issuecomment-201138873
|
|
|
|
mrb_vm_define_class() may realloc() mrb->c->stack because it calls
mrb_funcall() for inherited hook. If mrb->c->stack is realloc()-ed, regs
refers orphan address.
|
|
|
|
GitHub: fix #3122
It reverts #3126. #3126 fixes the segmentation fault but generates
broken backtrace.
This change fixes the segmentation fault and generates correct
backtrace. The strategy of this change is "generating backtrace while
irep is alive".
/tmp/test.rb:
def gen
e0 = nil
begin
1.times {
raise 'foobar'
}
rescue => e
e0 = e
end
e0
end
e = gen
GC.start
gen
GC.start
puts e.backtrace.join("\n")
Run:
% bin/mruby /tmp/test.rb
/tmp/test.rb:5:in Object.gen
/home/kou/work/ruby/mruby.kou/mrblib/numeric.rb:77:in Integral#times
/tmp/test.rb:4:in Object.gen
/tmp/test.rb:13
FYI:
% ruby -v /tmp/test.rb
ruby 2.3.0p0 (2015-12-25) [x86_64-linux-gnu]
/tmp/test.rb:5:in `block in gen'
/tmp/test.rb:4:in `times'
/tmp/test.rb:4:in `gen'
/tmp/test.rb:13:in `<main>'
|
|
This reverts commit bf7719fe8da1b704c2cb72dd629dc75135fd1ad5, reversing
changes made to 4f4fa0ade0fd80a3a6fa64bebcb5f71b0d4a8648.
We should get backtrace while irep is alive.
|
|
|
|
|
|
It looks like the logic to reallocate the backtrace was flawed,
based on the wrong variable (loc_raw->i, which, as I have verified,
decreases from 16 to 0 instead of increasing)
I am not sure if this is the correct fix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mrb_get_args() keeps pointer of the current stack. But address of the
current stack maybe changed by method call.
'i' format character calls #to_i when the argument isn't integer but
has #to_i.
Here is a code that may call #to_i in mrb_get_args():
case 'i':
// ...
default:
*p = mrb_fixnum(mrb_Integer(mrb, ARGV[arg_i]));
break;
// ...
Here is a code #to_i is called:
class X
def initialize(i)
@i = i
end
def to_i
@i
end
end
[][X.new(0), 0] # X#to_i is called
So, mrb_get_args() shouldn't keep pointer and use it. mrb_get_args()
should always refer mrb->ci->stack to use valid address of the current
stack.
|
|
Think about the following Ruby script:
segv.rb:
begin
lambda do
lambda do
"x" * 1000 # NoMemoryError
end.call
end.call
rescue
raise
end
If memory can't allocate after `"x" * 1000`, mruby crashes.
Because L_RAISE: block in mrb_vm_exec() calls mrb_env_unshare() via
cipop() and mrb_env_unshare() uses allocated memory without NULL check:
L_RAISE: block:
L_RAISE:
// ...
while (ci[0].ridx == ci[-1].ridx) {
cipop(mrb);
// ...
}
cipop():
static void
cipop(mrb_state *mrb)
{
struct mrb_context *c = mrb->c;
if (c->ci->env) {
mrb_env_unshare(mrb, c->ci->env);
}
c->ci--;
}
mrb_env_unshare():
MRB_API void
mrb_env_unshare(mrb_state *mrb, struct REnv *e)
{
size_t len = (size_t)MRB_ENV_STACK_LEN(e);
// p is NULL in this case
mrb_value *p = (mrb_value *)mrb_malloc(mrb, sizeof(mrb_value)*len);
MRB_ENV_UNSHARE_STACK(e);
if (len > 0) {
stack_copy(p, e->stack, len); // p is NULL but used. It causes SEGV.
}
e->stack = p;
mrb_write_barrier(mrb, (struct RBasic *)e);
}
To solve the SEGV, this change always raises NoMemoryError even when
realloc() is failed after the first NoMemoryError in
mrb_realloc(). mrb_unv_unshare() doesn't need to check NULL with this
change.
But it causes infinite loop in the following while:
L_RAISE:
// ...
while (ci[0].ridx == ci[-1].ridx) {
cipop(mrb);
// ...
}
Because cipop() never pops ci.
This change includes cipop() change. The change pops ci even when
mrb_unv_unshare() is failed by NoMemoryError.
This case can be reproduced by the following program:
#include <stdlib.h>
#include <mruby.h>
#include <mruby/compile.h>
static void *
allocf(mrb_state *mrb, void *ptr, size_t size, void *ud)
{
static mrb_bool always_fail = FALSE;
if (size == 1001) {
always_fail = TRUE;
}
if (always_fail) {
return NULL;
}
if (size == 0) {
free(ptr);
return NULL;
} else {
return realloc(ptr, size);
}
}
int
main(int argc, char **argv)
{
mrb_state *mrb;
mrbc_context *c;
FILE *file;
mrb = mrb_open_allocf(allocf, NULL);
c = mrbc_context_new(mrb);
file = fopen(argv[1], "r");
mrb_load_file_cxt(mrb, file, c);
fclose(file);
mrbc_context_free(mrb, c);
mrb_close(mrb);
return EXIT_SUCCESS;
}
Try the following command lines:
% cc -I include -L build/host/lib -O0 -g3 -o no-memory no-memory.c -lmruby -lm
% ./no-memory segv.rb
|
|
|
|
Fix class variable reference in module
|
|
Fix #3079
|
|
The code to iterate over backtrace locations was changed in #3065, but
unfortunately output_backtrace was not correctly updated to forward the
callback.
|
|
|
|
|
|
|
|
There is a problem when MRB_INT64 is enabled.
|
|
|
|
character boundary; ref #3067
that means String#index matches first byte of a multi-byte character. this behavior is different
from CRuby, but a compromise for mruby which does not have encoding stuffs.
|
|
|
|
|
|
mrb_funcall(); close #3056
|
|
Use memchr for performance
|
|
```ruby
s = "b"
str = ("a" * 100 + s)
t = Time.now
str.index(s)
puts Time.now - t
```
before => 0.000788
after => 0.000508
---
```ruby
s = "b"
str = ("a" * 100 * 1024 * 1024 + s)
t = Time.now
str.index(s)
puts Time.now - t
```
before => 0.225474
after => 0.008658
|
|
|
|
GitHub: fix #2902, #2917
The current implementation traverses stack to retrieve backtrace. But
stack will be changed when some operations are occurred. It means that
backtrace may be broken after some operations.
This change (1) saves the minimum information to retrieve backtrace when
exception is raised and (2) restores backtrace from the minimum
information when backtrace is needed. It reduces overhead for creating
backtrace Ruby objects.
The space for the minimum information is reused by multiple
exceptions. So memory allocation isn't occurred for each exception.
|
|
|
|
|
|
|
|
|
