From: "nagachika (Tomoyuki Chikanaga) via ruby-core" Date: 2023-07-17T08:27:13+00:00 Subject: [ruby-core:114215] [Ruby master Bug#19601] YJIT `try to mark T_NONE object` stemming from object shape transition on `self` Issue #19601 has been updated by nagachika (Tomoyuki Chikanaga). Backport changed from 3.0: DONTNEED, 3.1: DONTNEED, 3.2: REQUIRED to 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONE ruby_3_2 5fbd72764e020c6b165604e9cdcc932a1c5d2a93 merged revision(s) 31e67a476f2262e01a0829e8ab5e6d8a97e0724e,0b95cbcbde8875effdbcbb676cb0a7f751a1d4c1. ---------------------------------------- Bug #19601: YJIT `try to mark T_NONE object` stemming from object shape transition on `self` https://bugs.ruby-lang.org/issues/19601#change-103902 * Author: alanwu (Alan Wu) * Status: Closed * Priority: Normal * ruby -v: ruby 3.2.2 (2023-03-30 revision e51014f9c0) +YJIT [arm64-darwin22] * Backport: 3.0: DONTNEED, 3.1: DONTNEED, 3.2: DONE ---------------------------------------- We've identified a false collection bug with YJIT. Symptoms can range from `[BUG] try to mark T_NONE object` to SEGVs. Due to the bug requiring specific transient heap state to reproduce, it may be hard to identify by looking at the crash-site stack trace. `ruby --yjit-call-threshold=1` reproducer: ```ruby class RegressionTest def initialize @a = @b = @fourth_ivar_does_shape_transition = nil end def extender @first_extended_ivar = [:ok] end end GC.stress = true test = RegressionTest.new # Used to crash due to GC run in rb_ensure_iv_list_size() # not marking the newly allocated [:ok]. test.extender GC.start ``` Fix: https://github.com/ruby/ruby/pull/7718 -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/