Issue #17540 has been updated by xtkoba (Tee KOBAYASHI).


Here is an alternative workaround which inserts a memory barrier into the function `rb_str_vcatf` from `sprintf.c`:
```
--- a/sprintf.c
+++ b/sprintf.c
@@ -1227,6 +1227,7 @@
     f._bf._base = (unsigned char *)str;
     f._p = (unsigned char *)RSTRING_END(str);
     klass = RBASIC(str)->klass;
+    __asm__ __volatile__ ("" : : : "memory");
     RBASIC_CLEAR_CLASS(str);
     f.vwrite = ruby__sfvwrite;
     f.vextra = ruby__sfvextra;
```

Without the memory barrier, the flow of `rb_str_vcatf` looks as follows:
```
Breakpoint 1, rb_str_vcatf (str=str@entry=1024669056, fmt=0x3fc64e95 " %s>", ap=...) at ../sprintf.c:1222
1222        StringValue(str);
1223        rb_str_modify(str);
1226        f._w = rb_str_capacity(str);
1225        f._bf._size = 0;
1224        f._flags = __SWR | __SSTR;
1226        f._w = rb_str_capacity(str);
1228        f._p = (unsigned char *)RSTRING_END(str);
1227        f._bf._base = (unsigned char *)str;
1228        f._p = (unsigned char *)RSTRING_END(str);
1226        f._w = rb_str_capacity(str);
1228        f._p = (unsigned char *)RSTRING_END(str);
1232        f.vwrite = ruby__sfvwrite;
1233        f.vextra = ruby__sfvextra;
1228        f._p = (unsigned char *)RSTRING_END(str);
1231        RBASIC_CLEAR_CLASS(str);
1232        f.vwrite = ruby__sfvwrite;
1233        f.vextra = ruby__sfvextra;
1228        f._p = (unsigned char *)RSTRING_END(str);
1229        klass = RBASIC(str)->klass;
1234        buffer.value = 0;
1233        f.vextra = ruby__sfvextra;
1235        BSD_vfprintf(&f, fmt, ap);
1232        f.vwrite = ruby__sfvwrite;
1235        BSD_vfprintf(&f, fmt, ap);
1236        RBASIC_SET_CLASS_RAW(str, klass);
1237        rb_str_resize(str, (char *)f._p - RSTRING_PTR(str));
1236        RBASIC_SET_CLASS_RAW(str, klass);
1237        rb_str_resize(str, (char *)f._p - RSTRING_PTR(str));
1240        return str;
(gdb) p *(struct RBasic *)str
$1 = {flags = 8197, klass = 0}
```

With the memory barrier, the flow becomes as follows:
```
Breakpoint 1, rb_str_vcatf (str=str@entry=1024669056, fmt=0x3fc64e95 " %s>", ap=...) at ../sprintf.c:1222
1222        StringValue(str);
1223        rb_str_modify(str);
1226        f._w = rb_str_capacity(str);
1225        f._bf._size = 0;
1224        f._flags = __SWR | __SSTR;
1226        f._w = rb_str_capacity(str);
1228        f._p = (unsigned char *)RSTRING_END(str);
1227        f._bf._base = (unsigned char *)str;
1228        f._p = (unsigned char *)RSTRING_END(str);
1226        f._w = rb_str_capacity(str);
1228        f._p = (unsigned char *)RSTRING_END(str);
1229        klass = RBASIC(str)->klass;
1230        __asm__ __volatile__ ("" : : : "memory");
1231        RBASIC_CLEAR_CLASS(str);
1232        f.vwrite = ruby__sfvwrite;
1233        f.vextra = ruby__sfvextra;
1232        f.vwrite = ruby__sfvwrite;
1231        RBASIC_CLEAR_CLASS(str);
1233        f.vextra = ruby__sfvextra;
1234        buffer.value = 0;
1233        f.vextra = ruby__sfvextra;
1232        f.vwrite = ruby__sfvwrite;
1235        BSD_vfprintf(&f, fmt, ap);
1236        RBASIC_SET_CLASS_RAW(str, klass);
1237        rb_str_resize(str, (char *)f._p - RSTRING_PTR(str));
1236        RBASIC_SET_CLASS_RAW(str, klass);
1237        rb_str_resize(str, (char *)f._p - RSTRING_PTR(str));
1240        return str;
(gdb) p *(struct RBasic *)str
$1 = {flags = 8197, klass = 1062619968}
```

And yes, this looks pretty much a bug of Clang/LLVM to me for now. I'm going to create a minimal reproducing example to send to Clang/LLVM maintainers. One more push...

----------------------------------------
Bug #17540: A segfault due to Clang/LLVM optimization on 32-bit ARM Linux 
https://bugs.ruby-lang.org/issues/17540#change-90644

* Author: xtkoba (Tee KOBAYASHI)
* Status: Open
* Priority: Normal
* ruby -v: ruby 3.0.0p0 (2020-12-25 revision 95aff21468) [armv7a-linux-eabi]
* Backport: 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN
----------------------------------------
When built with `optflags=-O3` (which is the default), `ruby -e "pp Thread.main"` causes a segfault, which seems to be worked around by the following change:
```
--- a/include/ruby/internal/fl_type.h
+++ b/include/ruby/internal/fl_type.h
@@ -231,7 +231,7 @@
 RBIMPL_ATTR_PURE_UNLESS_DEBUG()
 RBIMPL_ATTR_ARTIFICIAL()
 static inline VALUE
-RB_FL_TEST_RAW(VALUE obj, VALUE flags)
+RB_FL_TEST_RAW(volatile VALUE obj, VALUE flags)
 {
     RBIMPL_ASSERT_OR_ASSUME(RB_FL_ABLE(obj));
     return RBASIC(obj)->flags & flags;
```

There might be a bug in the optimizer of Clang/LLVM (version 11.0.1).



-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>