add VM Lock around rb_const_remove operations (Module#remove_const)

luke-gruber · peterzhu2118 · commit 1bb15bdff7ef · 2025-08-18T09:36:47.000-04:00
Without a VM Lock, there's an unlocked `rb_id_table_delete` for the
class's const_tbl which can cause problems. Example:

```ruby
class C
  CONSTANT = 3
end
$VERBOSE = nil
rs = []
100.times do
  rs &lt;&lt; Ractor.new do
    10_000.times do
      if defined?(C::CONSTANT)
        C.send(:remove_const, :CONSTANT) rescue NameError
      else
        C.send(:const_set, :CONSTANT, 3)
      end
    end
  end
end
while rs.any?
  r, obj = Ractor.select(*rs)
  rs.delete(r)
end
```

Without lock:
../ruby-release/test.rb:14: [BUG] Segmentation fault at 0x0000000000000001
-- Control frame information -----------------------------------------------
miniruby(82790,0x16f49f000) malloc: *** error for object 0x600000f880a0: pointer being freed was not allocated
miniruby(82790,0x16f49f000) malloc: *** set a breakpoint in malloc_error_break to debug
diff --git a/variable.c b/variable.c
@@ -3717,29 +3717,31 @@ rb_const_remove(VALUE mod, ID id)
 
     rb_check_frozen(mod);
 
-    ce = rb_const_lookup(mod, id);
-    if (!ce || !rb_id_table_delete(RCLASS_WRITABLE_CONST_TBL(mod), id)) {
-        if (rb_const_defined_at(mod, id)) {
-            rb_name_err_raise("cannot remove %2$s::%1$s", mod, ID2SYM(id));
-        }
+    RB_VM_LOCKING() {
+        ce = rb_const_lookup(mod, id);
+        if (!ce || !rb_id_table_delete(RCLASS_WRITABLE_CONST_TBL(mod), id)) {
+            if (rb_const_defined_at(mod, id)) {
+                rb_name_err_raise("cannot remove %2$s::%1$s", mod, ID2SYM(id));
+            }
 
-        undefined_constant(mod, ID2SYM(id));
-    }
+            undefined_constant(mod, ID2SYM(id));
+        }
 
-    rb_const_warn_if_deprecated(ce, mod, id);
-    rb_clear_constant_cache_for_id(id);
+        rb_const_warn_if_deprecated(ce, mod, id);
+        rb_clear_constant_cache_for_id(id);
 
-    val = ce->value;
+        val = ce->value;
 
-    if (UNDEF_P(val)) {
-        autoload_delete(mod, id);
-        val = Qnil;
-    }
+        if (UNDEF_P(val)) {
+            autoload_delete(mod, id);
+            val = Qnil;
+        }
 
-    if (ce != const_lookup(RCLASS_PRIME_CONST_TBL(mod), id)) {
-        ruby_xfree(ce);
+        if (ce != const_lookup(RCLASS_PRIME_CONST_TBL(mod), id)) {
+            ruby_xfree(ce);
+        }
+        // else - skip free'ing the ce because it still exists in the prime classext
     }
-    // else - skip free'ing the ce because it still exists in the prime classext
 
     return val;
 }
