Revert https://github.com/ruby/ruby/pull/2486

This reverts commits: 10d6a3aca7 8ba48c1b85 fba8627dc1 dd883de5ba 6c6a25feca 167e6b48f1 7cb96d41a5 3207979278 595b3c4fdd 1521f7cf89 c11c5e69ac cf33608203 3632a812c0 f56506be0d 86427a3219 . The reason for the revert is that we observe ABA problem around inline method cache. When a cache misshits, we search for a method entry. And if the entry is identical to what was cached before, we reuse the cache. But the commits we are reverting here introduced situations where a method entry is freed, then the identical memory region is used for another method entry. An inline method cache cannot detect that ABA. Here is a code that reproduce such situation: ```ruby require 'prime' class << Integer alias org_sqrt sqrt def sqrt(n) raise end GC.stress = true Prime.each(7*37){} rescue nil # <- Here we populate CC class << Object.new; end # These adjacent remove-then-alias maneuver # frees a method entry, then immediately # reuses it for another. remove_method :sqrt alias sqrt org_sqrt end Prime.each(7*37).to_a # <- SEGV ```
2025-08-15 21:49:06 +02:00 · 2019-10-03 12:26:41 +09:00 · 2019-10-03 12:26:41 +09:00 · eb92159d72
commit eb92159d72
parent ef697388be
14 changed files with 390 additions and 500 deletions
--- a/ext/coverage/coverage.c
+++ b/ext/coverage/coverage.c
@ -123,7 +123,7 @@ method_coverage_i(void *vstart, void *vend, size_t stride, void *data)

    for (v = (VALUE)vstart; v != (VALUE)vend; v += stride) {
 	if (RB_TYPE_P(v, T_IMEMO) && imemo_type(v) == imemo_ment) {
-            const rb_method_entry_t *me = (const rb_method_entry_t *) v;
+	    const rb_method_entry_t *me = (rb_method_entry_t *) v;
 	    VALUE path, first_lineno, first_column, last_lineno, last_column;
 	    VALUE data[5], ncoverage, methods;
 	    VALUE methods_id = ID2SYM(rb_intern("methods"));