From 2751b5366dd506bdb77a1f1a03b9c108f64eddba Mon Sep 17 00:00:00 2001 From: k0kubun Date: Thu, 22 Nov 2018 13:29:44 +0000 Subject: [PATCH] mjit.c: avoid running copy job handler after ISeq GC like this http://ci.rvm.jp/results/trunk-mjit@silicon-docker/1471633 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65928 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- mjit.c | 16 ++++++++-------- mjit_worker.c | 13 +++++++------ 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/mjit.c b/mjit.c index 91360e8e4c..5fa93a3cfa 100644 --- a/mjit.c +++ b/mjit.c @@ -25,7 +25,7 @@ static void mjit_copy_job_handler(void *data) { struct mjit_copy_job *job = data; - int finish_p; + const struct rb_iseq_constant_body *body; if (stop_worker_p) { /* `copy_cache_from_main_thread()` stops to wait for this job. Then job data which is allocated by `alloca()` could be expired and we might not be able to access that. @@ -34,20 +34,20 @@ mjit_copy_job_handler(void *data) } CRITICAL_SECTION_START(3, "in mjit_copy_job_handler"); - finish_p = job->finish_p; - CRITICAL_SECTION_FINISH(3, "in mjit_copy_job_handler"); - if (finish_p) { - return; /* make sure that this job is never executed while job is being modified. */ + /* Make sure that this job is never executed while job is being modified or ISeq is GC-ed */ + if (job->finish_p || job->unit->iseq == NULL) { + CRITICAL_SECTION_FINISH(3, "in mjit_copy_job_handler"); + return; } + body = job->unit->iseq->body; if (job->cc_entries) { - memcpy(job->cc_entries, job->body->cc_entries, sizeof(struct rb_call_cache) * (job->body->ci_size + job->body->ci_kw_size)); + memcpy(job->cc_entries, body->cc_entries, sizeof(struct rb_call_cache) * (body->ci_size + body->ci_kw_size)); } if (job->is_entries) { - memcpy(job->is_entries, job->body->is_entries, sizeof(union iseq_inline_storage_entry) * job->body->is_size); + memcpy(job->is_entries, body->is_entries, sizeof(union iseq_inline_storage_entry) * body->is_size); } - CRITICAL_SECTION_START(3, "in mjit_copy_job_handler"); job->finish_p = TRUE; rb_native_cond_broadcast(&mjit_worker_wakeup); CRITICAL_SECTION_FINISH(3, "in mjit_copy_job_handler"); diff --git a/mjit_worker.c b/mjit_worker.c index b23d18d6bb..4b70c0ba73 100644 --- a/mjit_worker.c +++ b/mjit_worker.c @@ -1121,7 +1121,7 @@ convert_unit_to_func(struct rb_mjit_unit *unit, struct rb_call_cache *cc_entries } struct mjit_copy_job { - const struct rb_iseq_constant_body *body; + struct rb_mjit_unit *unit; struct rb_call_cache *cc_entries; union iseq_inline_storage_entry *is_entries; int finish_p; @@ -1197,14 +1197,15 @@ mjit_worker(void) if (unit) { mjit_func_t func; + const struct rb_iseq_constant_body *body = unit->iseq->body; - job.body = unit->iseq->body; + job.unit = unit; job.cc_entries = NULL; - if (job.body->ci_size > 0 || job.body->ci_kw_size > 0) - job.cc_entries = alloca(sizeof(struct rb_call_cache) * (job.body->ci_size + job.body->ci_kw_size)); + if (body->ci_size > 0 || body->ci_kw_size > 0) + job.cc_entries = alloca(sizeof(struct rb_call_cache) * (body->ci_size + body->ci_kw_size)); job.is_entries = NULL; - if (job.body->is_size > 0) - job.is_entries = alloca(sizeof(union iseq_inline_storage_entry) * job.body->is_size); + if (body->is_size > 0) + job.is_entries = alloca(sizeof(union iseq_inline_storage_entry) * body->is_size); /* Copy ISeq's inline caches values to avoid race condition. */ if (job.cc_entries != NULL || job.is_entries != NULL) {