ruby-core

Now 'a' shows up twice in the local table:

== disasm: <ISeq:<main>@<compiled>>=====================================
== catch table
| catch type: retry  st: 0002 ed: 0010 sp: 0000 cont: 0002
|------------------------------------------------------------------------
local table (size: 3, argc: 0 [opts: 0, rest: -1, post: 0, block: -1] c)
[ 3] ?          [ 2] a          [ 1] a          
0000 trace            1
0002 newarray         0
0004 send             :each, 0, block in <main>, 0, <ic>
0010 leave            

And I'm seeing this warning from valgrind:

==30248== Thread 1:
==30248== Invalid read of size 4
==30248==    at 0x80D9C88: ruby_iseq_disasm (iseq.c:763)
==30248==    by 0x80E2A41: call_cfunc (call_cfunc.ci:27)
==30248==    by 0x80DF993: th_eval (insns.def:1279)
==30248==    by 0x80E1E91: th_eval_body (vm.c:1620)
==30248==    by 0x80E2625: rb_thread_eval (vm.c:1826)
==30248==    by 0x80E48BD: yarvcore_eval_iseq (yarvcore.c:97)
==30248==    by 0x80E498D: yarvcore_eval_parsed (yarvcore.c:129)
==30248==    by 0x805968D: ruby_exec_internal (eval.c:210)
==30248==    by 0x80596C4: ruby_exec (eval.c:223)
==30248==    by 0x80596FE: ruby_run (eval.c:242)
==30248==    by 0x8056B35: main (main.c:47)
==30248==  Address 0x447FDA4 is 0 bytes after a block of size 4 alloc'd
==30248==    at 0x4018651: malloc (vg_replace_malloc.c:149)
==30248==    by 0x805F8E8: ruby_xmalloc (gc.c:238)
==30248==    by 0x805F984: ruby_xmalloc2 (gc.c:258)
==30248==    by 0x810AD0D: set_local_table (compile.c:976)
==30248==    by 0x81098A2: rb_iseq_compile (compile.c:149)
==30248==    by 0x80D8999: rb_iseq_new_with_bopt_and_opt (iseq.c:277)
==30248==    by 0x80D89D1: rb_iseq_new_with_opt (iseq.c:287)
==30248==    by 0x80D903A: iseq_s_compile (iseq.c:414)
==30248==    by 0x80E2A2B: call_cfunc (call_cfunc.ci:24)
==30248==    by 0x80DF993: th_eval (insns.def:1279)
==30248==    by 0x80E1E91: th_eval_body (vm.c:1620)
==30248==    by 0x80E2625: rb_thread_eval (vm.c:1826)

for this program:

i = VM::InstructionSequence.new('for a in []; end')
puts i.disasm

Line 763 of iseq.c is:

            const char *name = rb_id2name(tbl[i]);

I think the loop is going off the end of the array.  If I change the
previous line back to use local_table_size instead of local_size, the
warning goes away, but the indexes into the table are still wrong (or
maybe just printed wrong).

Paul

On Fri, May 18, 2007 at 03:24:55AM +0900, Nobuyoshi Nakada wrote:
> Hi,
> 
> At Thu, 17 May 2007 23:39:54 +0900,
> Paul Brannan wrote in [ruby-core:11196]:
> > disasm seems to not like local_table being set to NULL when there are
> > dynamic variables.
> 
> Indeed.
> 
> 
> Index: compile.c
> ===================================================================
> --- compile.c	(revision 12289)
> +++ compile.c	(working copy)
> @@ -4794,13 +4794,22 @@ iseq_build_from_ary(rb_iseq_t *iseq, VAL
>      }
>  
> -    iseq->local_size = opt + RARRAY_LEN(locals);
> -    iseq->local_table_size = iseq->local_size;
> -    iseq->local_table = (ID *)ALLOC_N(ID *, iseq->local_size);
> -    tbl = iseq->local_table + opt;
> -    
> -    for (i=0; i<RARRAY_LEN(locals); i++) {
> -	tbl[i] = SYM2ID(RARRAY_PTR(locals)[i]);
> +    iseq->local_table_size = RARRAY_LEN(locals);
> +    iseq->local_size = opt + iseq->local_table_size;
> +    if (iseq->local_table_size) {
> +	iseq->local_table = (ID *)ALLOC_N(ID *, iseq->local_size);
> +	tbl = iseq->local_table + opt;
> +
> +	if (opt) {
> +	    iseq->local_table[0] = (ID)-1;
> +	}
> +	for (i=0; i<RARRAY_LEN(locals); i++) {
> +	    VALUE lv = RARRAY_PTR(locals)[i];
> +	    tbl[i] = FIXNUM_P(lv) ? FIX2INT(lv) : SYM2ID(lv);
> +	}
>      }
> -    
> +    else {
> +	iseq->local_table = NULL;
> +    }
> +
>      /* args */
>      if (FIXNUM_P(args)) {
> Index: iseq.c
> ===================================================================
> --- iseq.c	(revision 12289)
> +++ iseq.c	(working copy)
> @@ -760,5 +760,5 @@ ruby_iseq_disasm(VALUE self)
>  	rb_str_cat2(str, buff);
>  
> -	for (i = 0; i < iseqdat->local_table_size; i++) {
> +	for (i = 0; i < iseqdat->local_size; i++) {
>  	    const char *name = rb_id2name(tbl[i]);
>  	    char info[0x100];
> @@ -1141,5 +1141,5 @@ iseq_data_to_ary(rb_iseq_t *iseq)
>  	ID lid = iseq->local_table[i];
>  	if (lid) {
> -	    if (rb_id2str(lid)) rb_ary_push(locals, ID2SYM(lid));
> +	    rb_ary_push(locals, rb_id2str(lid) ? ID2SYM(lid) : INT2FIX(lid));
>  	}
>  	else {
> 
> 
> -- 
> Nobu Nakada

Thread

Prev Next

In This Thread

Prev Next

[#11066] question about frame_unique — Paul Brannan <pbrannan@...>

[#11069] High-precision Rationals cannot be converted to Floats — <noreply@...>

[#11070] Re: Welcome to our (ruby-core ML) You are added automatically — "Bunno Lim" <bunno_lim@...>

[#11071] autorunner -n option does not work in trunk — <noreply@...>

[#11073] segfault printing instruction sequence for iterator — <noreply@...>

[#11074] sub! causing unexpected side effect — <noreply@...>

[#11075] Ruby fails to parse valid wsdl — <noreply@...>

[#11076] Windows DEP causes crash — <noreply@...>

[#11077] Submitting an RDoc patch — gga <ggarra@...>

[#11078] sub! causing unexpected side effect — <noreply@...>

[#11079] ruby packer prototype: core dumps ( design review request ) — "Adam Bozanich" <adam.boz@...>

[#11081] sub! causing unexpected side effect — <noreply@...>

[#11082] Understanding code: Kernel#require and blocks. — Hugh Sasse <hgs@...>

[#11088] Net::HTTP encodes parameters improperly. — <noreply@...>

[#11090] parsedate fails — <noreply@...>

[#11092] return from block inside a lambda does not work as expected — <noreply@...>

[#11094] RDoc for Kernel#select same as IO.select — <noreply@...>

[#11095] RDoc for Kernel#select same as IO.select — <noreply@...>

[#11097] TestReadline fails depending on the terminal in which the test is run. — <noreply@...>

[#11098] Short read with readline, popen and timeout - first byte of the line disappears — <noreply@...>

[#11099] Short read with readline, popen and timeout - first byte of the line disappears — <noreply@...>

[#11100] Short read with readline, popen and timeout - first byte of the line disappears — <noreply@...>

[#11102] Net::HTTP encodes parameters improperly. — <noreply@...>

[#11103] irb attempts to escape '\c' inside single quotes — <noreply@...>

[#11104] overriding autoloads with classes and modules — Thomas Enebo <Thomas.Enebo@...>

[#11106] Failure parsing dates returned by WIN32OLE — <noreply@...>

[#11107] unable to build ruby HEAD without previously installed ruby — <noreply@...>

[#11108] pattern for implementation-private constants? — David Flanagan <david@...>

[#11117] BUGS in metaclasses inheritance — <noreply@...>

[#11118] BUGS in metaclasses inheritance — <noreply@...>

[#11121] Weird rounding behavior.. — <noreply@...>

[#11124] IRHG - Found interesting Japanese Document exploring various GC's — Charles Thornton <ceo@...>

[#11125] two fixes for sync.rb: sync_try_lock, Err.Fail — "Dmitry Borodaenko" <angdraug@...>

[#11127] Bugs that can be closed — "Jano Svitok" <jan.svitok@...>

[#11128] Weird rounding behavior.. — <noreply@...>

[#11129] sub! causing unexpected side effect — <noreply@...>

[#11130] :!~ not a symbol — <noreply@...>

[#11131] Documentation for String.scan has a bad example. — <noreply@...>

[#11132] rdoc/usage uses an uninitalized constant — <noreply@...>

[#11133] bug in newton.rb — <noreply@...>

[#11134] each_with_index (Enumerable) does not forward arguments to each — <noreply@...>

[#11135] Ruby Gem installer not playing nice on Ubuntu — <noreply@...>

[#11136] Ruby one-click installer wiped out system PATH environment variable. — <noreply@...>

[#11137] Ruby one-click installer wiped out system PATH environment variable. — <noreply@...>

[#11138] Marshal.dump shouldn't complain about singletons if the _dump method is defined — <noreply@...>

[#11139] exit from within block returns wrong value. — <noreply@...>

[#11140] :!~ not a symbol — <noreply@...>

[#11141] Weird rounding behavior.. — <noreply@...>

[#11143] Logger::Application accessor for logger — Brian Candler <B.Candler@...>

[#11144] Rational comparison to 0 fails when denominator is != 1 — <noreply@...>

[#11145] Rational comparison to 0 fails when denominator is != 1 — <noreply@...>

[#11147] RDoc patch to better support documenting multiple classes/SWIG — <noreply@...>

[#11150] "password" is case sensitive in lib/telnet.rb — <noreply@...>

[#11153] segfault printing instruction sequence for iterator — <noreply@...>

[#11154] Rational comparison to 0 fails when denominator is != 1 — <noreply@...>

[#11155] Class#=== bug — <noreply@...>

[#11156] Class#=== bug — <noreply@...>

[#11157] Class#=== bug — <noreply@...>

[#11158] Class#=== bug — <noreply@...>

[#11159] Rational comparison to 0 fails when denominator is != 1 — <noreply@...>

[#11165] Rational comparison to 0 fails when denominator is != 1 — <noreply@...>

[#11166] rdoc patches — Joel VanderWerf <vjoel@...>

[#11167] Date parsing bug with patch — <noreply@...>

[#11169] Allow back reference with nest level in Oniguruma for Ruby again — =?ISO-8859-15?Q?Wolfgang_N=E1dasi-Donner?= <wonado@...>

[#11171] Loss of precision during iteration. — <noreply@...>

[#11172] "read_nonblock" Problem (Windows and Ruby 1.8) — =?ISO-8859-15?Q?Wolfgang_N=E1dasi-Donner?= <wonado@...>

[#11174] Loss of precision during iteration. — <noreply@...>

[#11175] Loss of precision during iteration. — <noreply@...>

[#11176] FileUtils.rm_rf misfeature? — johan556@...

[#11177] Loss of precision during iteration. — <noreply@...>

[#11187] Garbage collection of Symbols in future release? — Sven Suska <sven716rc@...>

[#11193] IRHG -- Downloadable Files — Charles Thornton <ceo@...>

[#11204] URI Methods Raise Unclear Exceptions When Passed URI Objects — <noreply@...>

[#11206] ri HTML output bug with constants — Chris Thomas <chris@...>

[#11208] How to handle Change Proposals that affect mainly Oniguruma (for Ruby)? — =?ISO-8859-15?Q?Wolfgang_N=E1dasi-Donner?= <wonado@...>

[#11209] eval("0.0025 + 9 * 0.0025") === 0.025 => false — <noreply@...>

[#11210] Pathname ascend and descend inclusive parameter — TRANS <transfire@...>

[#11211] eval("0.0025 + 9 * 0.0025") === 0.025 => false — <noreply@...>

[#11213] eval(&quot;0.0025 + 9 * 0.0025&quot;) === 0.025 =&gt; false — <noreply@...>

[#11214] eval(&quot;0.0025 + 9 * 0.0025&quot;) === 0.025 =&gt; false — <noreply@...>

[#11213] eval("0.0025 + 9 * 0.0025") === 0.025 => false — <noreply@...>

[#11214] eval("0.0025 + 9 * 0.0025") === 0.025 => false — <noreply@...>

[#11216] eval("0.0025 + 9 * 0.0025") === 0.025 => false — <noreply@...>

[#11290] [TINY][PATCH] Array#last is not working for n > 3 — <noreply@...>

[#11291] In a c++ program, when I call "fclose()", or "ofstream::close()" in a file that includes ruby.h, the program crashes — <noreply@...>

[#11318] Problem with Benchmark::Tms#add! - expects &blk but takes no parameters — <noreply@...>