From: shyouhei@... Date: 2021-05-07T04:40:31+00:00 Subject: [ruby-core:103768] [Ruby master Bug#17854] Crash with certain "case" expressions on FreeBSD Issue #17854 has been updated by shyouhei (Shyouhei Urabe). Thank you for reporting! This is my bug, clang optimizer is not guilty here. Trying to fix at: https://github.com/ruby/ruby/pull/4469 ---------------------------------------- Bug #17854: Crash with certain "case" expressions on FreeBSD https://bugs.ruby-lang.org/issues/17854#change-91879 * Author: meta@vmeta.jp (Koichiro Iwao) * Status: Assigned * Priority: Normal * Assignee: shyouhei (Shyouhei Urabe) * ruby -v: ruby 2.7.3p183 (2021-04-05 revision 6847ee089d) [amd64-freebsd13] * Backport: 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN ---------------------------------------- ## Affected version * Ruby 2.6, 2.7, 3.0 compiled with **clang on FressBD** No tested with other versions. Ruby compiled with GCC doesn't have this issue. ## Snippet to reproduce ``` ruby -e 'case 1; when 2r; 3; end' ``` ## Step to reproduce Prepare a fresh installation of FreeBSD 13. Either Ruby installed from system package or ruby-build can reproduce the issue. ``` # clang -v FreeBSD clang version 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-0-g43ff75f2c3fe) Target: x86_64-unknown-freebsd13.0 Thread model: posix InstalledDir: /usr/bin [root@ruby-bug /tmp]# clang -v FreeBSD clang version 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-0-g43ff75f2c3fe) Target: x86_64-unknown-freebsd13.0 Thread model: posix InstalledDir: /usr/bin ``` ### System Ruby ``` # pkg install ruby # /usr/local/bin/ruby -v # /usr/local/bin/ruby -e 'case 1; when 2r; 3; end' ``` ### Ruby installed by ruby-build Same as Ruby installed by ruby-build. ``` # pkg install rbenv ruby-build # bash bash# eval "$(rbenv init -)" bash# cd /tmp bash# rbenv install 2.7.3 bash# rbenv local 2.7.3 bash# rbenv which ruby /root/.rbenv/versions/2.7.3/bin/ruby bash# ruby -e 'case 1; when 2r; 3; end' ``` ## Backtrace (submitted by the original reporter) ``` Backtrace (with a debug build): * thread #1, name = 'ruby27', stop reason = signal SIGSEGV frame #0: 0x0000000801add4e8 libruby27.so.27`append_compile_error(iseq=0x000000089445a6b8, line=1125956, fmt="") at compile.c:380:47 frame #1: 0x00007fffffffc930 * frame #2: 0x0000000801c4d915 libruby27.so.27`rb_st_lookup [inlined] do_hash(key=36847331000, tab=0x000000086f314d40) at st.c:326:33 frame #3: 0x0000000801c4d90b libruby27.so.27`rb_st_lookup(tab=0x000000086f314d40, key=36847331000, value=0x00007fffffffc958) at st.c:1104 frame #4: 0x0000000801b63443 libruby27.so.27`rb_hash_lookup2 [inlined] hash_stlike_lookup(hash=36847330480, key=, pval=0x00007fffffffc958) at hash.c:0 frame #5: 0x0000000801b6339a libruby27.so.27`rb_hash_lookup2(hash=36847330480, key=36847331000, def=8) at hash.c:2070 frame #6: 0x0000000801b0640a libruby27.so.27`when_vals(iseq=0x000000089445a550, cond_seq=0x00007fffffffcb60, vals=0x0000000878b93098, l1=, only_special_literals=1, literals=) at compile.c:4322:18 frame #7: 0x0000000801afac70 libruby27.so.27`iseq_compile_each0 at compile.c:5334:27 frame #8: 0x0000000801afa5c1 libruby27.so.27`iseq_compile_each0(iseq=0x000000089445a550, ret=0x00007fffffffcd60, node=0x0000000878b93108, popped=0) at compile.c:7162 frame #9: 0x0000000801b0ab71 libruby27.so.27`setup_args_core [inlined] compile_args(node=0x0000000878b93140) at compile.c:3923:13 frame #10: 0x0000000801b0ab59 libruby27.so.27`setup_args_core(iseq=0x000000089445a550, args=0x00007fffffffcd60, argn=, dup_rest=, flag=, keywords=0x00007fffffffcd28) at compile.c:5049 frame #11: 0x0000000801af4dbf libruby27.so.27`iseq_compile_each0 [inlined] compile_call(iseq=0x000000089445a550, ret=0x00007fffffffce80, node=0x0000000878b93060, type=, line=1, popped=0) at compile.c:7046:16 frame #12: 0x0000000801af4ce1 libruby27.so.27`iseq_compile_each0(iseq=0x000000089445a550, ret=0x00007fffffffce80, node=0x0000000878b93060, popped=0) at compile.c:7670 frame #13: 0x0000000801adc735 libruby27.so.27`rb_iseq_compile_node(iseq=0x000000089445a550, node=) at compile.c:702:6 frame #14: 0x0000000801b85a47 libruby27.so.27`rb_iseq_new_with_opt(ast=0x000000089445a718, name=, path=, realpath=, first_lineno=1, parent=0x0000000819358010, type=ISEQ_TYPE_MAIN, option=0x0000000801cf1d28) at iseq.c:821:5 frame #15: 0x0000000801b85b6d libruby27.so.27`rb_iseq_new_main(ast=, path=, realpath=, parent=) at iseq.c:787:12 frame #16: 0x0000000801c40537 libruby27.so.27`ruby_process_options at ruby.c:1904:9 frame #17: 0x0000000801c3f433 libruby27.so.27`ruby_process_options(argc=, argv=) at ruby.c:2413 frame #18: 0x0000000801b3f513 libruby27.so.27`ruby_options(argc=, argv=) at eval.c:124:2 frame #19: 0x0000000000201cca ruby27`main(argc=, argv=) at main.c:50:23 frame #20: 0x0000000000201a70 ruby27`_start(ap=, cleanup=) at crt1.c:76:7 ``` ## Patch The following patch is provided by the original reporter but it looks too ad-hoc. If this bug is fixed in Ruby upstream, I'll apply it to FreeBSD package. ```diff diff --git a/compile.c b/compile.c index 1cabb8c..a954176 100644 --- a/compile.c +++ b/compile.c @@ -1987,7 +1987,7 @@ cdhash_cmp(VALUE val, VALUE lit) return rb_float_cmp(lit, val); } else { - UNREACHABLE_RETURN(-1); + return -1; } } @@ -2005,7 +2005,7 @@ cdhash_hash(VALUE a) case T_FLOAT: return rb_dbl_long_hash(RFLOAT_VALUE(a)); default: - UNREACHABLE_RETURN(0); + return 0; } } ``` ## See also Downstream bug: * https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255583 ---Files-------------------------------- trace.log (37.5 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: