From: ko1@... Date: 2015-02-23T10:41:35+00:00 Subject: [ruby-core:68248] [Ruby trunk - Bug #10871] Sclass thread unsafe due to CREF sharing Issue #10871 has been updated by Koichi Sasada. Deterministic example (avoiding non-deterministic). ```ruby class C end class D end $fibs = [] $xs = [] [C, D].each{|klass| klass.class_eval{ $fibs << Fiber.new{ class << self class X $xs << self CONST = $i def self.i CONST end def i CONST end end end } } } 2.times{|i| $i = i $fibs[i].resume } $xs.each{|x| p [x::CONST, x.i, x.new.i] } ``` To solve this issue, I will duplicate iseq (CREF holder) for sclass. I need to check other cases. ---------------------------------------- Bug #10871: Sclass thread unsafe due to CREF sharing https://bugs.ruby-lang.org/issues/10871#change-51608 * Author: Evan Phoenix * Status: Open * Priority: High * Assignee: * ruby -v: 2.2.0p0, trunk * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- When entering an sclass, the context is tracked via the same cref mechanism used for class and module, specifically on the iseq->cref_stack. The bug is that the cref_stack is the wrong place to put the new cref because the scope is specific only to that sclass body. Mutating and using the iseq->cref_stack causes any code that reads the cref via this cref_stack to incorrectly pick up the sclass instance instead of the proper scope! This is major thread safety bug because it means that all uses of `class << obj` are thread-unsafe and can cause random code to fail. Here is a simple reproduction of the bug: https://gist.github.com/evanphx/6eef92f2c40662a4171b I attempted to fix the bug by treating an sclass body the same as an eval, which already has special handling for cref's but I don't understand the code enough to make that change quickly. I believe this is a major bug and hope that ruby-core can address it soon. Thank you! -- https://bugs.ruby-lang.org/