Revert to stack allocation: safe due to GVL ordering, no heap cost on hot path

samuel-williams-shopify · cursoragent · samuel-williams-shopify · commit 5ca29f7e10a9 · 2026-05-11T17:47:01.000+09:00
Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/ext/io/event/worker_pool.c b/ext/io/event/worker_pool.c
@@ -363,41 +363,44 @@ static VALUE worker_pool_call(VALUE self, VALUE _blocking_operation) {
 		rb_raise(rb_eArgError, "Invalid blocking operation!");
 	}
 	
-	// Heap-allocate the work item. A stack allocation would be destroyed by
-	// rb_jump_tag (used on the exception path) while the worker thread may
-	// still be accessing the struct (e.g. inside rb_fiber_scheduler_unblock).
-	// In practice the GVL prevents concurrent access, but the implicit
-	// ordering is fragile; heap allocation makes the lifetime explicit and
-	// safe regardless of future refactoring.
-	struct IO_Event_WorkerPool_Work *work = RB_ALLOC(struct IO_Event_WorkerPool_Work);
-	work->blocking_operation = blocking_operation;
-	work->blocking_operation_value = _blocking_operation;
-	work->completed = false;
-	work->scheduler = scheduler;
-	work->blocker = self;
-	work->fiber = fiber;
-	work->next = NULL;
+	// Stack-allocate the work item. The struct is alive for the entire
+	// execution of worker_pool_call:
+	//   - While in the queue: worker_pool_mark traces it via pool->work_queue.
+	//   - While executing (dequeued): it is on this fiber's C stack, which
+	//     the conservative GC scanner covers.
+	//   - rb_jump_tag is only called after work.completed is true, meaning
+	//     the worker has already released the GVL — so the stack frame is
+	//     not destroyed while the worker is still using the struct.
+	struct IO_Event_WorkerPool_Work work = {
+		.blocking_operation = blocking_operation,
+		.blocking_operation_value = _blocking_operation,
+		.completed = false,
+		.scheduler = scheduler,
+		.blocker = self,
+		.fiber = fiber,
+		.next = NULL
+	};
 	
 	// Enqueue work:
 	pthread_mutex_lock(&pool->mutex);
-	enqueue_work(pool, work);
+	enqueue_work(pool, &work);
 	pthread_cond_signal(&pool->work_available);
 	pthread_mutex_unlock(&pool->mutex);
 	
 	// Block the current fiber until work is completed:
 	int state = 0;
 	while (true) {
 		int current_state = 0;
-		rb_protect(worker_pool_work_begin, (VALUE)work, &current_state);
-		if (DEBUG) fprintf(stderr, "-- worker_pool_call:work completed=%d, current_state=%d, state=%d\n", work->completed, current_state, state);
+		rb_protect(worker_pool_work_begin, (VALUE)&work, &current_state);
+		if (DEBUG) fprintf(stderr, "-- worker_pool_call:work completed=%d, current_state=%d, state=%d\n", work.completed, current_state, state);
 		
 		// Store the first exception state:
 		if (!state) {
 			state = current_state;
 		}
 		
 		// If the work is still in the queue, we must wait for a worker to complete it (even if cancelled):
-		if (work->completed) {
+		if (work.completed) {
 			// The work was completed, we can exit the loop:
 			break;
 		} else {
@@ -409,11 +412,7 @@ static VALUE worker_pool_call(VALUE self, VALUE _blocking_operation) {
 		}
 	}
 	
-	if (DEBUG) fprintf(stderr, "<- worker_pool_call:work completed=%d, state=%d\n", work->completed, state);
-	
-	// Work is done — worker has released the GVL and will no longer access
-	// the struct. Safe to free before re-raising any pending exception.
-	xfree(work);
+	if (DEBUG) fprintf(stderr, "<- worker_pool_call:work completed=%d, state=%d\n", work.completed, state);
 	
 	if (state) {
 		if (DEBUG) fprintf(stderr, "[worker_pool] exception path: blocking_operation=%p state_tag=%d\n",
