WIP Hackdays method dispatch #3

methodmissing · 2019-12-12T00:10:15Z

On digging a little deeper in a Intel VTune Amplifier profiler I noticed the memory bound line referencing argc on the rb_call_info struct.

Looking at the struct layout in master we have:

lourens@CarbonX1:~/src/ruby/trunk$ pahole -C rb_call_info ./miniruby
struct rb_call_info {
	ID                         mid;                  /*     0     8 */
	unsigned int               flag;                 /*     8     4 */
	int                        orig_argc;            /*    12     4 */

	/* size: 16, cachelines: 1, members: 3 */
	/* last cacheline: 16 bytes */
};
lourens@CarbonX1:~/src/ruby/trunk$ pahole -C rb_call_cache ./miniruby
struct rb_call_cache {
	rb_serial_t                method_state;         /*     0     8 */
	rb_serial_t                class_serial[3];      /*     8    24 */
	const struct rb_callable_method_entry_struct  * me; /*    32     8 */
	const struct rb_method_definition_struct  * def; /*    40     8 */
	VALUE                      (*call)(struct rb_execution_context_struct *, struct rb_control_frame_struct *, struct rb_calling_info *, struct rb_call_data *); /*    48     8 */
	union {
		unsigned int       index;                /*    56     4 */
		enum method_missing_reason method_missing_reason; /*    56     4 */
	} aux;                                           /*    56     4 */

	/* size: 64, cachelines: 1, members: 6 */
	/* padding: 4 */
};
lourens@CarbonX1:~/src/ruby/trunk$ pahole -C rb_call_data ./miniruby
struct rb_call_data {
	struct rb_call_cache cc;                         /*     0    64 */

	/* XXX last struct has 4 bytes of padding */

	/* --- cacheline 1 boundary (64 bytes) --- */
	struct rb_call_info ci;                          /*    64    16 */

	/* size: 80, cachelines: 2, members: 2 */
	/* paddings: 1, sum paddings: 4 */
	/* last cacheline: 16 bytes */
};

Conclusions:

rb_call_data is a wrapper / container for both the inline method cache and the "static" rb_call_info struct (ideally should be qualified as const, but it changes state at runtime and hydrating from dumped bytecode is complicated otherwise)
This looks like the classic hot / cold struct split, HOWEVER only the inline method call cache fits into a single cache line with the whole call info struct spilling over into the next.
If we look at rb_call_cache layout, there's 4 bytes of padding up for grabs to cache additional concerns
A skim through the VM source revealed that the orig_argc and flag members are referenced regularly at runtime, with a bit of chicken and egg going on with this hot / cold struct container split.

Approaches taken:

Given the set of flags currently used being minimal, a 2 byte short int would suffice for a flag member mirroring the flag member on rb_call_info
Given the maximum number of arguments ruby supports is 16 (update: for cfuncs only, max 65k using unsigned short int, see WIP Hackdays method dispatch #3 (comment)), a 2 byte short int would also work for mirroring orig_argc from the call info to the cache struct.
The 4 byte padding is perfect for this.

Layout after:

lourens@CarbonX1:~/src/ruby/ruby$ pahole -C rb_call_info ./miniruby
struct rb_call_info {
	ID                         mid;                  /*     0     8 */
	short unsigned int         flag;                 /*     8     2 */
	short int                  orig_argc;            /*    10     2 */

	/* size: 16, cachelines: 1, members: 3 */
	/* padding: 4 */
	/* last cacheline: 16 bytes */
};
lourens@CarbonX1:~/src/ruby/ruby$ pahole -C rb_call_cache ./miniruby
struct rb_call_cache {
	rb_serial_t                method_state;         /*     0     8 */
	rb_serial_t                class_serial[3];      /*     8    24 */
	const struct rb_callable_method_entry_struct  * me; /*    32     8 */
	const struct rb_method_definition_struct  * def; /*    40     8 */
	VALUE                      (*call)(struct rb_execution_context_struct *, struct rb_control_frame_struct *, struct rb_calling_info *, struct rb_call_data *); /*    48     8 */
	short int                  orig_argc;            /*    56     2 */
	short int                  flag;                 /*    58     2 */
	union {
		unsigned int       index;                /*    60     4 */
		enum method_missing_reason method_missing_reason; /*    60     4 */
	} aux;                                           /*    60     4 */

	/* size: 64, cachelines: 1, members: 8 */
};
lourens@CarbonX1:~/src/ruby/ruby$ pahole -C rb_call_data ./miniruby
struct rb_call_data {
	struct rb_call_cache cc;                         /*     0    64 */
	/* --- cacheline 1 boundary (64 bytes) --- */
	struct rb_call_info ci;                          /*    64    16 */

	/* XXX last struct has 4 bytes of padding */

	/* size: 80, cachelines: 2, members: 2 */
	/* paddings: 1, sum paddings: 4 */
	/* last cacheline: 16 bytes */
};

Conclusions:

I tried to shrink the call info struct's ints to short ints, but it doesn't make a size difference to the struct, cause well, padding.
Therefore the containing call data struct also doesn't change in size (I'll revert this)
We do however end up with a nice fully packed rb_call_cache struct and managed to sneak the flag and orig_argc in.

Direction of this optimization:

Try to use a single cache line for most call and cache data specific operations
Needs to also be backwards compatible with dumped bytecode (dumped as call info, hydrated as call data and the cache member needs to reflect the new flag and argc members too)
Reduce locals referencing rb_call_info structs in some of the vm_ (hot, supports iseqs directly) functions
Allow flag checks to be interchangeable with either rb_call_info or rb_cache_info as they both have the same member and not all helper methods pass call data OR call cache as arguments.
This approach does not clobber the mjit implementation

I'll do some further testing tomorrow.

…l_info to group those concerns into a single cache line as well

…nge be unlikely (spurious is much more common from debug counters with Rails)

…ompile.c instead + handle loading bytecode as well

methodmissing · 2019-12-12T00:43:31Z

History of the structure splits:


Sun Sep 20 02:46:34 2015  Koichi Sasada  <ko1@atdot.net>
	* vm_core.h: split rb_call_info_t into several structs.
	  * rb_call_info (ci) has compiled fixed information.
	  * if ci->flag & VM_CALL_KWARG, then rb_call_info is
	    also rb_call_info_with_kwarg. This technique reduce one word
	    for major rb_call_info data.
	  * rb_calling_info has temporary data (argc, blockptr, recv).
	    for each method dispatch. This data is allocated only on
	    machine stack.
	  * rb_call_cache is for inline method cache.
	  Before this patch, only rb_call_info_t data is passed.
	  After this patch, above three structs are passed.
	  This patch improves:
	  * data locality (rb_call_info is now read-only data).
	  * reduce memory consumption (rb_call_info_with_kwarg,
	    rb_calling_info).
	* compile.c: use above data.
	* insns.def: ditto.
	* iseq.c: ditto.
	* vm_args.c: ditto.
	* vm_eval.c: ditto.
	* vm_insnhelper.c: ditto.
	* vm_insnhelper.h: ditto.
	* iseq.h: add iseq_compile_data::ci_index and
	  iseq_compile_data::ci_kw_index.
	* tool/instruction.rb: introduce TS_CALLCACHE operand type.

If it's possible to get ID mid into the cache one, then rb_call_data falls away and just 1 cache line for everything method info and cache related.

methodmissing · 2019-12-12T00:46:10Z

Current cache miss stats, I find the refinements one interesting @ 0 for a Rails process - rb_call_cache has an 8 byte def member just for that and if there's a workaround here, that can be repurposed for ID mid instead

Exiting
[RUBY_DEBUG_COUNTER]	4179 normal exit.
[RUBY_DEBUG_COUNTER]	mc_inline_hit                 	      54683229
[RUBY_DEBUG_COUNTER]	mc_inline_miss                	       6114388
[RUBY_DEBUG_COUNTER]	mc_global_hit                 	      14806735
[RUBY_DEBUG_COUNTER]	mc_global_miss                	       2062697
[RUBY_DEBUG_COUNTER]	mc_global_state_miss          	        387724
[RUBY_DEBUG_COUNTER]	mc_class_serial_miss          	       5726664
[RUBY_DEBUG_COUNTER]	mc_cme_complement             	       3259129
[RUBY_DEBUG_COUNTER]	mc_cme_complement_hit         	       3256326
[RUBY_DEBUG_COUNTER]	mc_search_super               	      35322200
[RUBY_DEBUG_COUNTER]	mc_miss_by_nome               	           348
[RUBY_DEBUG_COUNTER]	mc_miss_by_distinct           	       2341956
[RUBY_DEBUG_COUNTER]	mc_miss_by_refine             	             0
[RUBY_DEBUG_COUNTER]	mc_miss_by_visi               	        329615
[RUBY_DEBUG_COUNTER]	mc_miss_spurious              	       3442469

…members

methodmissing · 2019-12-12T10:23:30Z

After discussing with @casperisfine , the 16 argc limit is for cfuncs only. I changed orig_argc to unsigned short int which is still 65535 args. Violating that in theory and practice is possible, but there'd be larger problems. To revisit.

Jean Boussier Today at 9:52 AM
Given the maximum number of arguments ruby supports is 16,
Really?

Lourens Naudé 28 minutes ago
yes, sec for confirmation of that

Lourens Naudé 28 minutes ago
this is why these discussions are so nice - fact checking 😄

Jean Boussier 27 minutes ago
def a(b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, v, w, x, y, z)
p z
end
a(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)

Jean Boussier 27 minutes ago
Seem to work fine

Lourens Naudé 27 minutes ago
yeah, confirming - I last bumped into this a year ago

Jean Boussier 26 minutes ago
Ran fine on 2.3 trying a newer one

Lourens Naudé 26 minutes ago
But you know it, :rubocop: rules for sure catches this anywhere @ shop already, right?

Jean Boussier 25 minutes ago
No idea

Jean Boussier 25 minutes ago
I mean I see why a linter wouldn't want it

Jean Boussier 25 minutes ago
but not why a language would limit it

Jean Boussier 25 minutes ago
especially when we got lots of methods taking *splats

Lourens Naudé 22 minutes ago
trying to remember if it was for cfuncs only

Lourens Naudé 21 minutes ago
can let it be unsigned short ints, 65k args

Jean Boussier 21 minutes ago
👌

Lourens Naudé 21 minutes ago
I mean at that point there's a code hygiene problem already

Jean Boussier 21 minutes ago
sounds reasonable

Lourens Naudé 21 minutes ago
still circling back on this - gimme a few

Jean Boussier 20 minutes ago
640K ought to be enough for anyone.

Jean Boussier 20 minutes ago
More seriously, yes a method taking more than 16 arguments is silly, but such low limitation would be just as silly

Jean Boussier 19 minutes ago
50 or 64 probably nobody would complian as long as it doesn't impact splats

Lourens Naudé 3 minutes ago
ok, found it - https://github.com/ruby/ruby/blob/master/include/ruby/intern.h#L1072

include/ruby/intern.h:1072
#define RB_METHOD_DEFINITION_DECL(def,nonnull,decl,vars)
https://github.com/ruby/ruby|ruby/rubyruby/ruby | Added by GitHub

Lourens Naudé 3 minutes ago
references cfuncs

Jean Boussier 3 minutes ago
That makes more sense

Lourens Naudé 3 minutes ago
https://github.com/ruby/ruby/blob/b753929806d0e42cdfde3f1a8dcdbf678f937e44/include/ruby/ruby.h#L2775

include/ruby/ruby.h:2775
RB_METHOD_DEFINITION_DECL(rb_define_method, (2,3), (VALUE klass, const char *name), (klass, name))
https://github.com/ruby/ruby|ruby/rubyruby/ruby | Added by GitHub

Lourens Naudé 2 minutes ago
thx for poking @ this, I'll amend with a comment and link the original statement there

… for refinement by new VM_CALL_REFINED instead

methodmissing · 2019-12-12T11:27:16Z

Managed to pack the method ID on the rb_call_cache struct as well (not used yet, see below) in 62c27ee

It doesn't make much sense to carry around the method definition member JUST for the refinement check
Opted instead for flagging that at compile time with a new VM_CALL_REFINED flag and have the inline method cache check for and reset @ runtime
This frees up the 8 bytes needed to pack ID mid (method id) onto the cache struct as well and subsequently all of rb_call_info has been packed into rb_call_cache, effectively constraining memory access patterns of rb_call_data during dispatch to just the first cache line

Tackling integrating this method ID with dispatch now.

lourens@CarbonX1:~/src/ruby/ruby$ pahole -C rb_call_cache ./miniruby
struct rb_call_cache {
	rb_serial_t                method_state;         /*     0     8 */
	rb_serial_t                class_serial[3];      /*     8    24 */
	const struct rb_callable_method_entry_struct  * me; /*    32     8 */
	ID                         mid;                  /*    40     8 */ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
	VALUE                      (*call)(struct rb_execution_context_struct *, struct rb_control_frame_struct *, struct rb_calling_info *, struct rb_call_data *); /*    48     8 */
	short unsigned int         orig_argc;            /*    56     2 */
	short unsigned int         flag;                 /*    58     2 */
	union {
		unsigned int       index;                /*    60     4 */
		enum method_missing_reason method_missing_reason; /*    60     4 */
	} aux;                                           /*    60     4 */

	/* size: 64, cachelines: 1, members: 8 */
};

…thod ID from the call cache into dispatch helpers

methodmissing · 2019-12-12T23:09:57Z

Tried an inverse approach with flag VM_CALL_UNREFINED in 73c819f instead and let method dispatch prefer method ID from the call cache instead of call info. Also managed to remove a few local declarations of rb_call_info * types

…properly set on the call cache

methodmissing · 2019-12-13T12:09:56Z

Local test failures fixed in 3edf237 , but need to pay attention to the JIT ones still:

Fiber count: 10000 (skipping)
Thread count: 9839 (can't create Thread: Resource temporarily unavailable)
PASS all 1409 tests
exec ./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems "./bootstraptest/runner.rb" --ruby="ruby --disable-gems"   ./KNOWNBUGS.rb
2019-12-13 11:54:17 +0000
Driver is ruby 2.7.0dev (2019-12-12T23:06:24Z hackdays-method-di.. 73c819f958) [x86_64-linux]
Target is ruby 2.7.0dev (2019-12-12T23:06:24Z hackdays-method-di.. 73c819f958) [x86_64-linux]

KNOWNBUGS.rb  PASS 0
No tests, no problem

test succeeded
Run options: "--ruby=./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems"

# Running tests:

Finished tests in 2.551074s, 89.7661 tests/s, 195.9959 assertions/s.                                            
229 tests, 500 assertions, 0 failures, 0 errors, 0 skips

ruby -v: ruby 2.7.0dev (2019-12-12T23:06:24Z hackdays-method-di.. 73c819f958) [x86_64-linux]
Run options: "--ruby=./miniruby -I./lib -I. -I.ext/common  ./tool/runruby.rb --extout=.ext  -- --disable-gems" --excludes-dir=./test/excludes --name=!/memory_leak/

# Running tests:

Leaked thread: DRbTests::TestDRbSSLCore#test_10_yield: #<Thread:0x000055b8e37dfe00@/home/lourens/src/ruby/ruby/lib/drb/drb.rb:1258 sleep_forever>
Finished thread: DRbTests::TestDRbSSLCore#test_10_yield_undumped: #<Thread:0x000055b8e37dfe00@/home/lourens/src/ruby/ruby/lib/drb/drb.rb:1258 dead>
Leaked file descriptor: DRbTests::TestDRbTCP#test_immediate_close: 10 : #<IO:fd 10>     
Finished tests in 444.155192s, 46.9701 tests/s, 6127.8536 assertions/s.                                                              
20862 tests, 2721718 assertions, 0 failures, 0 errors, 65 skips

ruby -v: ruby 2.7.0dev (2019-12-12T23:06:24Z hackdays-method-di.. 73c819f958) [x86_64-linux]
$ /home/lourens/src/ruby/ruby/miniruby -I/home/lourens/src/ruby/ruby/lib /home/lourens/src/ruby/ruby/tool/runruby.rb --archdir=/home/lourens/src/ruby/ruby --extout=.ext -- /home/lourens/src/ruby/ruby/spec/mspec/bin/mspec-run -B ./spec/default.mspec
ruby 2.7.0dev (2019-12-12T23:06:24Z hackdays-method-di.. 73c819f958) [x86_64-linux]
[| | ==================100%================== | 00:00:00]      0F      0E 

Finished in 60.285608 seconds

3745 files, 30411 examples, 146687 expectations, 0 failures, 0 errors, 0 tagged
check succeeded

methodmissing · 2019-12-13T12:23:47Z

First larger app / Rails test:

lourens@CarbonX1:~/src/redmine$ ruby -v
ruby 2.7.0dev (2019-12-11T22:43:38Z hackdays-method-di.. a6e27ce15b) [x86_64-linux]

Booted redmine fine:

[2019-12-13 12:14:35] INFO  WEBrick 1.6.0
[2019-12-13 12:14:35] INFO  ruby 2.7.0 (2019-12-09) [x86_64-linux]
[2019-12-13 12:14:35] INFO  WEBrick::HTTPServer#start: pid=29822 port=3000

Processed 1750 requests without any issues:

lourens@CarbonX1:~/src/redmine$ wrk -c 2 -d 60 http://localhost:3000
Running 1m test @ http://localhost:3000
  2 threads and 2 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    82.47ms  118.03ms   1.41s    97.99%
    Req/Sec    14.90      5.03    20.00     50.90%
  1750 requests in 1.00m, 9.32MB read
Requests/sec:     29.12
Transfer/sec:    158.83KB

CI failing on a windows package repo error though:

Err:41 https://packages.microsoft.com/ubuntu/16.04/prod xenial/main amd64 Packages
  Hash Sum mismatch
Get:42 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [32.2 kB]
Get:44 http://ppa.launchpad.net/git-core/ppa/ubuntu xenial/main amd64 Packages [3,340 B]
Get:45 http://ppa.launchpad.net/hvr/ghc/ubuntu xenial/main amd64 Packages [16.0 kB]
Get:46 https://packagecloud.io/github/git-lfs/ubuntu xenial/main amd64 Packages [7,521 B]
Get:47 http://ppa.launchpad.net/ondrej/php/ubuntu xenial/main amd64 Packages [58.1 kB]
Fetched 5,234 kB in 2s (1,860 kB/s)
Reading package lists...
E: Failed to fetch https://packages.microsoft.com/ubuntu/16.04/prod/dists/xenial/main/binary-amd64/Packages.bz2  Hash Sum mismatch

This changeset makes no difference unless GC_DEBUG is on. When that flag is set, struct RVALUE is bigger than struct RObject. We have to take care of the additional fields. Otherwise we get a SIGSEGV like shown below. The way obj is initialized in this patch works for both GC_DEBUG is on and off. See also ISO/IEC 9899:1999 section 6.7.8 paragraph #21. ``` Program received signal SIGSEGV, Segmentation fault. __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62 62 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory (gdb) bt #0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62 #1 0x00005555557dd9a7 in BSD_vfprintf (fp=0x7fffffff6be0, fmt0=0x5555558f3059 "@%s:%d", ap=0x7fffffff6dd0) at vsnprintf.c:1027 #2 0x00005555557db6f5 in ruby_do_vsnprintf (str=0x555555bfc58d <obj_info_buffers+1325> "", n=211, fmt=0x5555558f3059 "@%s:%d", ap=0x7fffffff6dd0) at sprintf.c:1022 #3 0x00005555557db909 in ruby_snprintf (str=0x555555bfc58d <obj_info_buffers+1325> "", n=211, fmt=0x5555558f3059 "@%s:%d") at sprintf.c:1040 #4 0x0000555555661ef4 in rb_raw_obj_info (buff=0x555555bfc560 <obj_info_buffers+1280> "0x0000555555d2bfa0 [0 ] T_STRING (String)", buff_size=256, obj=93825000456096) at gc.c:11449 #5 0x000055555565baaf in obj_info (obj=93825000456096) at gc.c:11612 #6 0x000055555565bae1 in rgengc_remembered (objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:6618 #7 0x0000555555666987 in newobj_init (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:2134 #8 0x0000555555666e49 in newobj_slowpath (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, objspace=0x555555c0a1c0, wb_protected=1) at gc.c:2209 #9 0x0000555555666b94 in newobj_slowpath_wb_protected (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, objspace=0x555555c0a1c0) at gc.c:2220 #10 0x000055555565751b in newobj_of (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1) at gc.c:2256 #11 0x00005555556575ca in rb_wb_protected_newobj_of (klass=93824999964192, flags=5) at gc.c:2272 #12 0x00005555557f36ea in str_alloc (klass=93824999964192) at string.c:728 #13 0x00005555557f2128 in rb_str_buf_new (capa=0) at string.c:1317 #14 0x000055555578c66d in rb_reg_preprocess (p=0x555555cc8148 "^-(.)(.+)?", end=0x555555cc8152 "", enc=0x555555cc7c80, fixed_enc=0x7fffffff74e8, err=0x7fffffff75f0 "") at re.c:2682 #15 0x000055555578ea13 in rb_reg_initialize (obj=93825000046736, s=0x555555cc8148 "^-(.)(.+)?", len=10, enc=0x555555cc7c80, options=0, err=0x7fffffff75f0 "", sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2808 #16 0x000055555578e285 in rb_reg_initialize_str (obj=93825000046736, str=93825000046904, options=0, err=0x7fffffff75f0 "", sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2869 #17 0x000055555578ee02 in rb_reg_compile (str=93825000046904, options=0, sourcefile=0x555555d1a5c0 "lib/optparse.rb", sourceline=1460) at re.c:2958 #18 0x0000555555748dfb in rb_parser_reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12157 #19 0x00005555557581c3 in parser_reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12151 #20 0x00005555557580ac in reg_compile (p=0x555555d1f760, str=93825000046904, options=0) at parse.y:12167 #21 0x0000555555746ebb in new_regexp (p=0x555555d1f760, node=0x555555dece68, options=0, loc=0x7fffffff89e8) at parse.y:10072 #22 0x000055555573d1f5 in ruby_yyparse (p=0x555555d1f760) at parse.y:4395 #23 0x000055555574a582 in yycompile0 (arg=93825000404832) at parse.y:5945 #24 0x00005555558c6898 in rb_suppress_tracing (func=0x55555574a470 <yycompile0>, arg=93825000404832) at vm_trace.c:427 #25 0x0000555555748290 in yycompile (vparser=93824999283456, p=0x555555d1f760, fname=93824999283624, line=1) at parse.y:5994 #26 0x00005555557481ae in rb_parser_compile_file_path (vparser=93824999283456, fname=93824999283624, file=93824999283400, start=1) at parse.y:6098 #27 0x00005555557cdd35 in load_file_internal (argp_v=140737488331760) at ruby.c:2023 #28 0x00005555556438c5 in rb_ensure (b_proc=0x5555557cd610 <load_file_internal>, data1=140737488331760, e_proc=0x5555557cddd0 <restore_load_file>, data2=140737488331760) at eval.c:1128 #29 0x00005555557cb68b in load_file (parser=93824999283456, fname=93824999283624, f=93824999283400, script=0, opt=0x7fffffffa468) at ruby.c:2142 #30 0x00005555557cb339 in rb_parser_load_file (parser=93824999283456, fname_v=93824999283624) at ruby.c:2164 #31 0x00005555556ba3e1 in load_iseq_eval (ec=0x555555c0a650, fname=93824999283624) at load.c:579 #32 0x00005555556b857a in require_internal (ec=0x555555c0a650, fname=93824999284352, exception=1) at load.c:1016 #33 0x00005555556b7967 in rb_require_string (fname=93824999284464) at load.c:1105 #34 0x00005555556b7939 in rb_f_require (obj=93824999994824, fname=93824999284464) at load.c:811 #35 0x00005555558b7ae0 in call_cfunc_1 (recv=93824999994824, argc=1, argv=0x7ffff7ecd0a8, func=0x5555556b7920 <rb_f_require>) at vm_insnhelper.c:2348 #36 0x00005555558a8889 in vm_call_cfunc_with_frame (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10, empty_kw_splat=0) at vm_insnhelper.c:2513 #37 0x000055555589fb5c in vm_call_cfunc (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:2538 #38 0x000055555589f22e in vm_call_method_each_type (ec=0x555555c0a650, cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:2924 #39 0x000055555589ef47 in vm_call_method (ec=0x555555c0a650, cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:3038 #40 0x0000555555866dbd in vm_call_general (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, calling=0x7fffffffaab0, cd=0x555555d76a10) at vm_insnhelper.c:3075 #41 0x00005555558ae557 in vm_sendish (ec=0x555555c0a650, reg_cfp=0x7ffff7fccfa0, cd=0x555555d76a10, block_handler=0, method_explorer=0x5555558ae5d0 <vm_search_method_wrap>) at vm_insnhelper.c:4021 #42 0x000055555587745b in vm_exec_core (ec=0x555555c0a650, initial=0) at insns.def:801 #43 0x0000555555899b9c in rb_vm_exec (ec=0x555555c0a650, mjit_enable_p=1) at vm.c:1907 #44 0x000055555589aaf0 in rb_iseq_eval_main (iseq=0x555555c1da80) at vm.c:2166 #45 0x0000555555641f0b in rb_ec_exec_node (ec=0x555555c0a650, n=0x555555c1da80) at eval.c:277 #46 0x0000555555641d62 in ruby_run_node (n=0x555555c1da80) at eval.c:335 #47 0x000055555557a188 in main (argc=11, argv=0x7fffffffc848) at main.c:50 (gdb) fr 7 #7 0x0000555555666987 in newobj_init (klass=93824999964192, flags=5, v1=0, v2=0, v3=0, wb_protected=1, objspace=0x555555c0a1c0, obj=93825000456096) at gc.c:2134 2134 if (rgengc_remembered(objspace, (VALUE)obj)) rb_bug("newobj: %s is remembered.", obj_info(obj)); (gdb) p ((struct RVALUE*)obj)->file $1 = 0x65a5992b0fb25ce7 <error: Cannot access memory at address 0x65a5992b0fb25ce7> (gdb) ```

This reverts commit 02b216e. This reverts commit 9b8825b. I found that combining sweep and move is not safe. I don't think that we can do compaction concurrently with _anything_ unless there is a read barrier installed. Here is a simple example. A class object is freed, and during it's free step, it tries to remove itself from its parent's subclass list. However, during the sweep step, the parent class was moved and the "currently being freed" class didn't have references updated yet. So we get a segv like this: ``` (lldb) bt * thread #1, name = 'ruby', stop reason = signal SIGSEGV * frame #0: 0x0000560763e344cb ruby`rb_st_lookup at st.c:320:43 frame #1: 0x0000560763e344cb ruby`rb_st_lookup(tab=0x2f7469672f6e6f72, key=3809, value=0x0000560765bf2270) at st.c:1010 frame #2: 0x0000560763e8f16a ruby`rb_search_class_path at variable.c:99:9 frame #3: 0x0000560763e8f141 ruby`rb_search_class_path at variable.c:145 frame #4: 0x0000560763e8f141 ruby`rb_search_class_path(klass=94589785585880) at variable.c:191 frame #5: 0x0000560763ec744e ruby`rb_vm_bugreport at vm_dump.c:996:17 frame #6: 0x0000560763f5b958 ruby`rb_bug_for_fatal_signal at error.c:675:5 frame #7: 0x0000560763e27dad ruby`sigsegv(sig=<unavailable>, info=<unavailable>, ctx=<unavailable>) at signal.c:955:5 frame #8: 0x00007f8b891d33c0 libpthread.so.0`___lldb_unnamed_symbol1$$libpthread.so.0 + 1 frame #9: 0x0000560763efa8bb ruby`rb_class_remove_from_super_subclasses(klass=94589790314280) at class.c:93:56 frame #10: 0x0000560763d10cb7 ruby`gc_sweep_step at gc.c:2674:2 frame #11: 0x0000560763d1187b ruby`gc_sweep at gc.c:4540:2 frame #12: 0x0000560763d101f0 ruby`gc_start at gc.c:6797:6 frame #13: 0x0000560763d15153 ruby`rb_gc_compact at gc.c:7479:12 frame #14: 0x0000560763eb4eb8 ruby`vm_exec_core at vm_insnhelper.c:5183:13 frame #15: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame #16: 0x0000560763eac08d ruby`rb_yield at vm.c:1132:9 frame #17: 0x0000560763edb4f2 ruby`rb_ary_collect at array.c:3186:9 frame #18: 0x0000560763e9ee15 ruby`vm_call_cfunc_with_frame at vm_insnhelper.c:2575:12 frame #19: 0x0000560763eb2e66 ruby`vm_exec_core at vm_insnhelper.c:4177:11 frame #20: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame #21: 0x0000560763eac08d ruby`rb_yield at vm.c:1132:9 frame #22: 0x0000560763edb4f2 ruby`rb_ary_collect at array.c:3186:9 frame #23: 0x0000560763e9ee15 ruby`vm_call_cfunc_with_frame at vm_insnhelper.c:2575:12 frame #24: 0x0000560763eb2e66 ruby`vm_exec_core at vm_insnhelper.c:4177:11 frame #25: 0x0000560763ea9bae ruby`rb_vm_exec at vm.c:1953:22 frame #26: 0x0000560763ceee01 ruby`rb_ec_exec_node(ec=0x0000560765afa530, n=0x0000560765b088e0) at eval.c:296:2 frame #27: 0x0000560763cf3b7b ruby`ruby_run_node(n=0x0000560765b088e0) at eval.c:354:12 frame #28: 0x0000560763cee4a3 ruby`main(argc=<unavailable>, argv=<unavailable>) at main.c:50:9 frame #29: 0x00007f8b88e560b3 libc.so.6`__libc_start_main + 243 frame #30: 0x0000560763cee4ee ruby`_start + 46 (lldb) f 9 frame #9: 0x0000560763efa8bb ruby`rb_class_remove_from_super_subclasses(klass=94589790314280) at class.c:93:56 90 91 *RCLASS_EXT(klass)->parent_subclasses = entry->next; 92 if (entry->next) { -> 93 RCLASS_EXT(entry->next->klass)->parent_subclasses = RCLASS_EXT(klass)->parent_subclasses; 94 } 95 xfree(entry); 96 } (lldb) command script import -r misc/lldb_cruby.py lldb scripts for ruby has been installed. (lldb) rp entry->next->klass (struct RMoved) $1 = (flags = 30, destination = 94589792806680, next = 94589784369160) (lldb) ```

maximecb · 2020-12-07T18:18:44Z

Should we close this PR?

This commit adds a check on the ep just like in the mark function. The env can contain null bytes if allocation tracing is enabled. We're seeing errors during autocompaction like this: ``` (lldb) bt 40 * thread #1, name = 'ruby', stop reason = signal SIGABRT frame #0: 0x00007f7d64b6018b libc.so.6`raise + 203 frame #1: 0x00007f7d64b3f859 libc.so.6`abort + 299 frame #2: 0x000055af5f2fefc9 ruby`die at error.c:764:5 frame #3: 0x000055af5f2ff1ac ruby`rb_bug_for_fatal_signal(default_sighandler=0x0000000000000000, sig=11, ctx=0x000055af60bc3340, fmt="") at error.c:804:5 frame #4: 0x000055af5f4bd08f ruby`sigsegv(sig=11, info=0x000055af60bc3470, ctx=0x000055af60bc3340) at signal.c:960:5 frame #5: 0x00007f7d64ebe3c0 libpthread.so.0`__restore_rt frame #6: 0x000055af5f339b0a ruby`gc_ref_update_imemo(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9046:13 frame #7: 0x000055af5f339172 ruby`gc_update_object_references(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9307:9 frame #8: 0x000055af5f338e79 ruby`gc_ref_update(vstart=0x00007f7d5b510010, vend=0x00007f7d5b513ff8, stride=40, objspace=0x000055af60b2b040, page=0x000055af62577aa0) at gc.c:9452:21 frame #9: 0x000055af5f337846 ruby`gc_update_references(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:9481:9 frame #10: 0x000055af5f336569 ruby`gc_compact_finish(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:4840:5 frame #11: 0x000055af5f335efb ruby`gc_page_sweep(objspace=0x000055af60b2b040, heap=0x000055af60b2b068, sweep_page=0x000055af63a1eb30) at gc.c:5046:13 frame #12: 0x000055af5f3355c5 ruby`gc_sweep_step(objspace=0x000055af60b2b040, heap=0x000055af60b2b068) at gc.c:5214:19 frame #13: 0x000055af5f33daf6 ruby`gc_sweep_rest(objspace=0x000055af60b2b040) at gc.c:5271:2 frame #14: 0x000055af5f33cacd ruby`gc_sweep(objspace=0x000055af60b2b040) at gc.c:5389:2 frame #15: 0x000055af5f33c21d ruby`gc_marks_rest(objspace=0x000055af60b2b040) at gc.c:7555:5 frame #16: 0x000055af5f324d41 ruby`gc_rest(objspace=0x000055af60b2b040) at gc.c:8457:13 frame #17: 0x000055af5f3297d8 ruby`garbage_collect(objspace=0x000055af60b2b040, reason=45568) at gc.c:8318:9 frame #18: 0x000055af5f344ece ruby`garbage_collect_with_gvl(objspace=0x000055af60b2b040, reason=45568) at gc.c:8632:9 frame #19: 0x000055af5f344e61 ruby`objspace_malloc_gc_stress(objspace=0x000055af60b2b040) at gc.c:10592:9 frame #20: 0x000055af5f32ced1 ruby`objspace_xmalloc0(objspace=0x000055af60b2b040, size=64) at gc.c:10767:5 frame #21: 0x000055af5f32ce11 ruby`ruby_xmalloc0(size=64) at gc.c:10988:12 frame #22: 0x000055af5f32cdac ruby`ruby_xmalloc_body(size=64) at gc.c:10997:12 frame #23: 0x000055af5f329415 ruby`ruby_xmalloc(size=64) at gc.c:12942:12 frame #24: 0x00007f7d611c4fe5 objspace.so`newobj_i(tpval=0x00007f7d5b553770, data=0x000055af639031a0) at object_tracing.c:101:35 frame #25: 0x000055af5f5b283f ruby`tp_call_trace(tpval=0x00007f7d5b553770, trace_arg=0x00007fff1016d398) at vm_trace.c:1115:2 frame #26: 0x000055af5f5b50ec ruby`exec_hooks_body(ec=0x000055af60b2b700, list=0x000055af60b2b920, trace_arg=0x00007fff1016d398) at vm_trace.c:304:3 frame #27: 0x000055af5f5b0f24 ruby`exec_hooks_unprotected(ec=0x000055af60b2b700, list=0x000055af60b2b920, trace_arg=0x00007fff1016d398) at vm_trace.c:333:5 frame #28: 0x000055af5f5b0da8 ruby`rb_exec_event_hooks(trace_arg=0x00007fff1016d398, hooks=0x000055af60b2b920, pop_p=0) at vm_trace.c:378:13 frame #29: 0x000055af5f33f8e2 ruby`rb_exec_event_hook_orig(ec=0x000055af60b2b700, hooks=0x000055af60b2b920, flag=1048576, self=0x00007f7d5b5c08c0, id=0, called_id=0, klass=0x0000000000000000, data=0x00007f7d5b513fd0, pop_p=0) at vm_core.h:1989:5 frame #30: 0x000055af5f334975 ruby`gc_event_hook_body(ec=0x000055af60b2b700, objspace=0x000055af60b2b040, event=1048576, data=0x00007f7d5b513fd0) at gc.c:2083:5 * frame #31: 0x000055af5f3342df ruby`newobj_slowpath_wb_protected [inlined] newobj_slowpath(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910, wb_protected=1) at gc.c:2284:9 frame #32: 0x000055af5f33410f ruby`newobj_slowpath_wb_protected(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910) at gc.c:2299 frame #33: 0x000055af5f333de9 ruby`newobj_of0(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, wb_protected=1, cr=0x000055af60b2b910) at gc.c:2338:11 frame #34: 0x000055af5f3227ae ruby`newobj_of(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, v1=0x000055af657d88a0, v2=0x000055af657d8890, v3=0x0000000000000000, wb_protected=1) at gc.c:2348:17 frame #35: 0x000055af5f322c5b ruby`rb_imemo_new(type=imemo_env, v1=0x000055af657d88a0, v2=0x000055af657d8890, v3=0x0000000000000000, v0=0x00007f7d5b9d19c8) at gc.c:2434:12 frame #36: 0x000055af5f5a3925 ruby`vm_env_new(env_ep=0x000055af657d88a0, env_body=0x000055af657d8890, env_size=4, iseq=0x00007f7d5b9d19c8) at vm_core.h:1363:33 frame #37: 0x000055af5f5a3808 ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fc90) at vm.c:801:11 frame #38: 0x000055af5f5a368d ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fc20) at vm.c:752:13 frame #39: 0x000055af5f5a368d ruby`vm_make_env_each(ec=0x000055af60b2b700, cfp=0x00007f7d6482fbb0) at vm.c:752:13 (lldb) f 31 frame #31: 0x000055af5f3342df ruby`newobj_slowpath_wb_protected [inlined] newobj_slowpath(klass=0x00007f7d5b9d19c8, flags=0x000000000000001a, objspace=0x000055af60b2b040, cr=0x000055af60b2b910, wb_protected=1) at gc.c:2284:9 2281 } 2282 GC_ASSERT(obj != 0); 2283 newobj_init(klass, flags, wb_protected, objspace, obj); -> 2284 gc_event_hook_prep(objspace, RUBY_INTERNAL_EVENT_NEWOBJ, obj, newobj_fill(obj, 0, 0, 0)); 2285 } 2286 RB_VM_LOCK_LEAVE_CR_LEV(cr, &lev); 2287 (lldb) p obj (VALUE) $3 = 0x00007f7d5b513fd0 (lldb) f 6 frame #6: 0x000055af5f339b0a ruby`gc_ref_update_imemo(objspace=0x000055af60b2b040, obj=0x00007f7d5b513fd0) at gc.c:9046:13 9043 { 9044 rb_env_t *env = (rb_env_t *)obj; 9045 TYPED_UPDATE_IF_MOVED(objspace, rb_iseq_t *, env->iseq); -> 9046 UPDATE_IF_MOVED(objspace, env->ep[VM_ENV_DATA_INDEX_ENV]); 9047 gc_update_values(objspace, (long)env->env_size, (VALUE *)env->env); 9048 } 9049 break; (lldb) p obj (VALUE) $4 = 0x00007f7d5b513fd0 (lldb) ```

Enable CodeQL on YJIT repo