In article <E1MG8Ws-0005P3-40 / x61.netlab.jp>,
  Yukihiro Matsumoto <matz / ruby-lang.org> writes:

> |回収されていない配列が回収されたオブジェクトを指してるんです
> |か?
>
> そうです。

回収されたものではなく、隠されているもののようですね。

> 変なのは確かです。が、だれがオブジェクトを壊しているのか見付
> けられませんでした。

調べたところ、壊しているというか、隠しているところは 20分で
見つかりました。

compile.c:4408 の

            hide_obj(node->nd_lit);

というのが klass を 0 にしていますね。オブジェクトを隠すとき
は隠されていないオブジェクトから参照してはいけないんですが、
それがそうなっていないようです。

なお、コツは、
* echo 0 > /proc/sys/kernel/randomize_va_space
* watchpoint
でしょうか。

(gdb) c
Continuing.
Hardware watchpoint 4: (*(struct RBasic *) 136308180).klass

Old value = 136379420
New value = 0
iseq_compile_each (iseq=0x82c1888, ret=0xbfffaa98, node=0x81fe5c0, poped=0) at compile.c:4409
4409                ADD_INSN1(ret, nd_line(node), putstring, node->nd_lit);
(gdb) bt
#0  iseq_compile_each (iseq=0x82c1888, ret=0xbfffaa98, node=0x81fe5c0, poped=0) at compile.c:4409
#1  0x081254d1 in when_vals (iseq=0x82c1888, cond_seq=0xbfffaa98, vals=0x81fe5e8, l1=0x82c388c, special_literals=136292680)
    at compile.c:2331
#2  0x08127c1d in iseq_compile_each (iseq=0x82c1888, ret=0xbfffaf98, node=0x81fe200, poped=1) at compile.c:3052
#3  0x0812774e in iseq_compile_each (iseq=0x82c1888, ret=0xbfffb908, node=0x81fe1c4, poped=1) at compile.c:2993
#4  0x0812758b in iseq_compile_each (iseq=0x82c1888, ret=0xbfffb908, node=0x81fe19c, poped=0) at compile.c:2969
#5  0x08127774 in iseq_compile_each (iseq=0x82c1888, ret=0xbfffbbe4, node=0x81fe098, poped=0) at compile.c:2994
#6  0x0812278e in rb_iseq_compile_node (self=136292760, node=0x81fe070) at compile.c:458
#7  0x08132dd8 in rb_iseq_new_with_bopt_and_opt (node=0x81fe070, name=136292780, filename=136330040, parent=0, type=5, 
    bopt=0, option=0xbfffe5ac) at iseq.c:351
#8  0x08132e24 in rb_iseq_new_with_opt (node=0x81fe070, name=136292780, filename=136330040, parent=0, type=5, 
    option=0xbfffe5ac) at iseq.c:362
#9  0x0812301e in new_child_iseq (iseq=0x82be6d8, node=0x81fe070, name=136292780, parent=0, type=5) at compile.c:919
#10 0x0812e1e7 in iseq_compile_each (iseq=0x82be6d8, ret=0xbfffc664, node=0x81fe05c, poped=1) at compile.c:4503
#11 0x0812758b in iseq_compile_each (iseq=0x82be6d8, ret=0xbfffc664, node=0x81fe034, poped=0) at compile.c:2969
#12 0x081226bf in rb_iseq_compile_node (self=136293400, node=0x81fbf00) at compile.c:452
#13 0x08132dd8 in rb_iseq_new_with_bopt_and_opt (node=0x81fbf00, name=136293420, filename=136330040, parent=136295900, 
    type=9, bopt=0, option=0xbfffe5ac) at iseq.c:351
#14 0x08132e24 in rb_iseq_new_with_opt (node=0x81fbf00, name=136293420, filename=136330040, parent=136295900, type=9, 
    option=0xbfffe5ac) at iseq.c:362
#15 0x0812301e in new_child_iseq (iseq=0x82b92e0, node=0x81fbf00, name=136293420, parent=136295900, type=9) at compile.c:919
#16 0x0812eaa0 in iseq_compile_each (iseq=0x82b92e0, ret=0xbfffd0e4, node=0x81fbeec, poped=1) at compile.c:4591
#17 0x0812758b in iseq_compile_each (iseq=0x82b92e0, ret=0xbfffd0e4, node=0x81fbec4, poped=0) at compile.c:2969
#18 0x081226bf in rb_iseq_compile_node (self=136295900, node=0x81fbe24) at compile.c:452
#19 0x08132dd8 in rb_iseq_new_with_bopt_and_opt (node=0x81fbe24, name=136295920, filename=136330040, parent=136296360, 
    type=9, bopt=0, option=0xbfffe5ac) at iseq.c:351
#20 0x08132e24 in rb_iseq_new_with_opt (node=0x81fbe24, name=136295920, filename=136330040, parent=136296360, type=9, 
    option=0xbfffe5ac) at iseq.c:362
#21 0x0812301e in new_child_iseq (iseq=0x82b85a0, node=0x81fbe24, name=136295920, parent=136296360, type=9) at compile.c:919
#22 0x0812eaa0 in iseq_compile_each (iseq=0x82b85a0, ret=0xbfffdd58, node=0x81fbe10, poped=1) at compile.c:4591
#23 0x0812758b in iseq_compile_each (iseq=0x82b85a0, ret=0xbfffdd58, node=0x81fbdd4, poped=1) at compile.c:2969
#24 0x0812774e in iseq_compile_each (iseq=0x82b85a0, ret=0xbfffe4e4, node=0x81fb8e8, poped=1) at compile.c:2993
#25 0x0812758b in iseq_compile_each (iseq=0x82b85a0, ret=0xbfffe4e4, node=0x81fb8ac, poped=0) at compile.c:2969
#26 0x0812280c in rb_iseq_compile_node (self=136296360, node=0x81fb7d0) at compile.c:463
#27 0x08132dd8 in rb_iseq_new_with_bopt_and_opt (node=0x81fb7d0, name=136296380, filename=136330040, parent=0, type=3, 
    bopt=0, option=0xbfffe5ac) at iseq.c:351
#28 0x08132e24 in rb_iseq_new_with_opt (node=0x81fb7d0, name=136296380, filename=136330040, parent=0, type=3, 
    option=0xbfffe5ac) at iseq.c:362
#29 0x081336a2 in rb_iseq_compile_with_option (src=136330020, file=136330040, line=1, opt=4) at iseq.c:502
#30 0x081336d5 in rb_iseq_compile (src=136330020, file=136330040, line=1) at iseq.c:510
-- 
[田中 哲][たなか あきら][Tanaka Akira]