From: ngotogenome@...
Date: 2016-07-08T12:46:37+00:00
Subject: [ruby-dev:49725] [Ruby trunk Bug#12575] Conditional jump or move depends on uninitialised value(s) at rb_wait_for_single_fd (thread.c:3864)

Issue #12575 has been reported by Naohisa Goto.

----------------------------------------
Bug #12575: Conditional jump or move depends on uninitialised value(s) at rb_wait_for_single_fd (thread.c:3864)
https://bugs.ruby-lang.org/issues/12575

* Author: Naohisa Goto
* Status: Open
* Priority: Normal
* Assignee: 
* ruby -v: 
* Backport: 2.1: UNKNOWN, 2.2: UNKNOWN, 2.3: UNKNOWN
----------------------------------------
x86_64 の Debian GNU/Linux 8 にて、valgrind上でdrbのテストを実行すると、以下のレポートが出ました。
（r55612 にて確認）

```
$ valgrind ./ruby test/runner.rb -v test/drb 
（中略）
[ 12/115] DRbTests::ACLTest#test_not_1 = 0.01 s
[ 13/115] DRbTests::TestBug4409#test_bug4409==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F20: rb_wait_for_single_fd (thread.c:3864)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F47: rb_wait_for_single_fd (thread.c:3874)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F59: rb_wait_for_single_fd (thread.c:3876)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
==14331== Conditional jump or move depends on uninitialised value(s)
==14331==    at 0x250F69: rb_wait_for_single_fd (thread.c:3878)
==14331==    by 0x89E9C62: wait_for_single_fd (wait.c:64)
==14331==    by 0x89E9E31: io_wait_readable (wait.c:139)
==14331==    by 0x27C251: call_cfunc_m1 (vm_insnhelper.c:1462)
==14331==    by 0x27CD37: vm_call_cfunc_with_frame (vm_insnhelper.c:1641)
==14331==    by 0x27CE9D: vm_call_cfunc (vm_insnhelper.c:1736)
==14331==    by 0x27DD37: vm_call_method_each_type (vm_insnhelper.c:2028)
==14331==    by 0x27E3DB: vm_call_method (vm_insnhelper.c:2152)
==14331==    by 0x27E5B1: vm_call_general (vm_insnhelper.c:2195)
==14331==    by 0x2826F8: vm_exec_core (insns.def:1064)
==14331==    by 0x293AEA: vm_exec (vm.c:1653)
==14331==    by 0x29182C: invoke_block (vm.c:923)
==14331== 
 = 0.58 s
[ 14/115] DRbTests::TestDRbAry#test_01 = 0.30 s
（以下略）
```

当該箇所のコードを見ると、`struct pollfd fds` の `fds.revents` が未初期化の場合があるようです。
これは、ppollシステムコールの結果を返す構造体メンバですが、システムコール内で値をセットされず戻ってくる場合があり得るようです。（おそらくタイムアウトの場合など。）

http://docs.oracle.com/cd/E19253-01/816-5177/poll-7d/ のExample（ppollではなくpollの例ですが）など、巷に流通しているコードを見る限りは、struct pollfd構造体のreventsメンバーは呼出元で0に初期化してあげる必要があるようです。



-- 
https://bugs.ruby-lang.org/