We are pleased to announce the release of Ruby 3.2.0. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on a Web browser, a Serverless Edge environment, or other kinds of WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using the Thread API.
Background
WebAssembly (Wasm) was originally introduced to run programs safely and fast in web browsers. But its objective - running programs efficiently with security on various environment - is long wanted not only for web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which run on such promised platforms.
Use case
This support encourages developers to utilize CRuby in a WebAssembly environment. An example use case is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself is missing some features to implement Fiber, exception, and GC because it’s still evolving, and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
Has been tested on production workloads for over a year and proven to be quite stable.
YJIT now supports both x86-64 and arm64/aarch64 CPUs on Linux, MacOS, BSD and other UNIX platforms.
This release brings support for Apple M1/M2, AWS Graviton, Raspberry Pi 4 and more.
Building YJIT now requires Rust 1.58.0+. [Feature #18481]
In order to ensure that CRuby is built with YJIT, please install rustc >= 1.58.0
before running the ./configure script.
Please reach out to the YJIT team should you run into any issues.
The YJIT 3.2 release is faster than 3.1, and has about 1/3 as much memory overhead.
Overall YJIT is 41% faster (geometric mean) than the Ruby interpreter on yjit-bench.
Physical memory for JIT code is lazily allocated. Unlike Ruby 3.1,
the RSS of a Ruby process is minimized because virtual memory pages
allocated by --yjit-exec-mem-size will not be mapped to physical
memory pages until actually utilized by JIT code.
Introduce Code GC that frees all code pages when the memory consumption
by JIT code reaches --yjit-exec-mem-size.
RubyVM::YJIT.runtime_stats returns Code GC metrics in addition to
existing inline_code_size and outlined_code_size keys:
code_gc_count, live_page_count, freed_page_count, and freed_code_size.
Most of the statistics produced by RubyVM::YJIT.runtime_stats are now available in release builds.
Simply run ruby with --yjit-stats to compute and dump stats (incurs some run-time overhead).
YJIT is now optimized to take advantage of object shapes. [Feature #18776]
Take advantage of finer-grained constant invalidation to invalidate less code when defining new constants. [Feature #18589]
The default --yjit-exec-mem-size is changed to 64 (MiB).
The default --yjit-call-threshold is changed to 30.
Regexp improvements against ReDoS
It is known that Regexp matching may take unexpectedly long. If your code attempts to match a possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
We have introduced two improvements that significantly mitigate ReDoS.
Improved Regexp matching algorithm
Since Ruby 3.2, Regexp’s matching algorithm has been greatly improved by using a memoization technique.
# This match takes 10 sec. in Ruby 3.1, and 0.003 sec. in Ruby 3.2
/^a*b?a*$/ =~ "a" * 50000 + "x"
The improved matching algorithm allows most Regexp matching (about 90% in our experiments) to be completed in linear time.
(For preview users: this optimization may consume memory proportional to the input length for each match. We expect no practical problems to arise because this memory allocation is usually delayed, and a normal Regexp match should consume at most 10 times as much memory as the input length. If you run out of memory when matching Regexps in a real-world application, please report it.)
The original proposal is https://bugs.ruby-lang.org/issues/19104
Regexp timeout
The optimization above cannot be applied to some kind of regular expressions, such as those including advanced features (e.g., back-references or look-around), or with a huge fixed number of repetitions. As a fallback measure, a timeout feature for Regexp matches is also introduced.
Regexp.timeout = 1.0
/^a*b?a*()\1$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use the timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new('^a*b?a*()\1$', timeout: Float::INFINITY)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The feature of syntax_suggest (formerly dead_end) is integrated into Ruby. This helps you find the position of errors such as missing or superfluous ends, to get you back on your way faster, such as in the following example:
Unmatched `end', missing keyword (`do', `def`, `if`, etc.) ?
1 class Dog
> 2 defbark
> 3 end
4 end
Now it points at the relevant argument(s) for TypeError and ArgumentError
test.rb:2:in `+': nil can't be coerced into Integer (TypeError)
sum = ary[0] + ary[1]
^^^^^^
Language
Anonymous rest and keyword rest arguments can now be passed as
arguments, instead of just used in method parameters.
[Feature #18351]
def foo(*)
bar(*)
end
def baz(**)
quux(**)
end
A proc that accepts a single positional argument and keywords will
no longer autosplat. [Bug #18633]
proc{|a, **k| a}.call([1, 2])
# Ruby 3.1 and before
# => 1
# Ruby 3.2 and after
# => [1, 2]
Constant assignment evaluation order for constants set on explicit
objects has been made consistent with single attribute assignment
evaluation order. With this code:
foo::BAR = baz
foo is now called before baz. Similarly, for multiple assignments
to constants, left-to-right evaluation order is used. With this
code:
The find pattern is no longer experimental.
[Feature #18585]
Methods taking a rest parameter (like *args) and wishing to delegate keyword
arguments through foo(*args) must now be marked with ruby2_keywords
(if not already the case). In other words, all methods wishing to delegate
keyword arguments through *args must now be marked with ruby2_keywords,
with no exception. This will make it easier to transition to other ways of
delegation once a library can require Ruby 3+. Previously, the ruby2_keywords
flag was kept if the receiving method took *args, but this was a bug and an
inconsistency. A good technique to find potentially missing ruby2_keywords
is to run the test suite, find the last method which must
receive keyword arguments for each place where the test suite fails, and use puts nil, caller, nil there. Then check that each
method/block on the call chain which must delegate keywords is correctly marked
with ruby2_keywords. [Bug #18625] [Bug #16466]
def target(**kw)
end
# Accidentally worked without ruby2_keywords in Ruby 2.7-3.1, ruby2_keywords
# needed in 3.2+. Just like (*args, **kwargs) or (...) would be needed on
# both #foo and #bar when migrating away from ruby2_keywords.
ruby2_keywords def bar(*args)
target(*args)
end
ruby2_keywords def foo(*args)
bar(*args)
end
foo(k: 1)
Performance improvements
MJIT
The MJIT compiler is re-implemented in Ruby as ruby_vm/mjit/compiler.
MJIT compiler is executed under a forked Ruby process instead of
doing it in a native thread called MJIT worker. [Feature #18968]
As a result, Microsoft Visual Studio (MSWIN) is no longer supported.
PubGrub is the next generation solving algorithm used by pub package manager for the Dart programming language.
You may get different resolution result after this change. Please report such cases to RubyGems/Bundler issues
RubyGems still uses Molinillo resolver in Ruby 3.2. We plan to replace it with PubGrub in the future.
Other notable changes since 3.1
Data
New core class to represent simple immutable value object. The class is
similar to Struct and partially shares an implementation, but has more
lean and strict API. [Feature #16122]
Proc#dup returns an instance of subclass. [Bug #17545]
Proc#parameters now accepts lambda keyword. [Feature #15357]
Refinement
Refinement#refined_class has been added. [Feature #12737]
RubyVM::AbstractSyntaxTree
Add error_tolerant option for parse, parse_file and of. [Feature #19013]
With this option
SyntaxError is suppressed
AST is returned for invalid input
end is complemented when a parser reaches to the end of input but end is insufficient
end is treated as keyword based on indent
# Without error_tolerant option
root = RubyVM::AbstractSyntaxTree.parse(<<~RUBY)
def m
a = 10
if
end
RUBY
# => <internal:ast>:33:in `parse': syntax error, unexpected `end' (SyntaxError)
# With error_tolerant option
root = RubyVM::AbstractSyntaxTree.parse(<<~RUBY, error_tolerant: true)
def m
a = 10
if
end
RUBY
p root # => #<RubyVM::AbstractSyntaxTree::Node:SCOPE@1:0-4:3>
# `end` is treated as keyword based on indent
root = RubyVM::AbstractSyntaxTree.parse(<<~RUBY, error_tolerant: true)
module Z
class Foo
foo.
end
def bar
end
end
RUBY
p root.children[-1].children[-1].children[-1].children[-2..-1]
# => [#<RubyVM::AbstractSyntaxTree::Node:CLASS@2:2-4:5>, #<RubyVM::AbstractSyntaxTree::Node:DEFN@6:2-7:5>]
Add keep_tokens option for parse, parse_file and of. [Feature #19070]
Set is now available as a builtin class without the need for require "set". [Feature #16989]
It is currently autoloaded via the Set constant or a call to Enumerable#to_set.
String
String#byteindex and String#byterindex have been added. [Feature #13110]
Update Unicode to Version 15.0.0 and Emoji Version 15.0. [Feature #18639]
(also applies to Regexp)
A Struct class can also be initialized with keyword arguments
without keyword_init: true on Struct.new [Feature #16806]
Post = Struct.new(:id, :name)
Post.new(1, "hello") #=> #<struct Post id=1, name="hello">
# From Ruby 3.2, the following code also works without keyword_init: true.
Post.new(id: 1, name: "hello") #=> #<struct Post id=1, name="hello">
We no longer bundle 3rd party sources like libyaml, libffi.
libyaml source has been removed from psych. You may need to install libyaml-dev with Ubuntu/Debian platform. The package name is different for each platform.
Bundled libffi source is also removed from fiddle
Psych and fiddle supported static builds with specific versions of libyaml and libffi sources. You can build psych with libyaml-0.2.5 like this:
rb_random_interface_t updated and versioned.
Extension libraries which use this interface and built for older versions.
Also init_int32 function needs to be defined.
Removed C APIs
The following deprecated APIs are removed.
rb_cData variable.
“taintedness” and “trustedness” functions. [Feature #16131]
Standard library updates
Bundler
Add –ext=rust support to bundle gem for creating simple gems with Rust extensions.
[GH-rubygems-6149]
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.
We are pleased to announce the release of Ruby 3.2.0-rc1. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on a Web browser, a Serverless Edge environment, or other kinds of WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using the Thread API.
Background
WebAssembly (Wasm) was originally introduced to run programs safely and fast in web browsers. But its objective - running programs efficiently with security on various environment - is long wanted not only for web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which run on such promised platforms.
Use case
This support encourages developers to utilize CRuby in a WebAssembly environment. An example use case is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself is missing some features to implement Fiber, exception, and GC because it’s still evolving, and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
It is known that Regexp matching may take unexpectedly long. If your code attempts to match a possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
We have introduced two improvements that significantly mitigate ReDoS.
Improved Regexp matching algorithm
Since Ruby 3.2, Regexp’s matching algorithm has been greatly improved by using a memoization technique.
# This match takes 10 sec. in Ruby 3.1, and 0.003 sec. in Ruby 3.2
/^a*b?a*$/ =~ "a" * 50000 + "x"
The improved matching algorithm allows most Regexp matching (about 90% in our experiments) to be completed in linear time.
(For preview users: this optimization may consume memory proportional to the input length for each match. We expect no practical problems to arise because this memory allocation is usually delayed, and a normal Regexp match should consume at most 10 times as much memory as the input length. If you run out of memory when matching Regexps in a real-world application, please report it.)
The original proposal is https://bugs.ruby-lang.org/issues/19104
Regexp timeout
The optimization above cannot be applied to some kind of regular expressions, such as those including advanced features (e.g., back-references or look-around), or with a huge fixed number of repetitions. As a fallback measure, a timeout feature for Regexp matches is also introduced.
Regexp.timeout = 1.0
/^a*b?a*()\1$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use the timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*()\1$", timeout: Float::INFINITY)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The original proposal is https://bugs.ruby-lang.org/issues/17837
Other Notable New Features
SyntaxSuggest
The feature of syntax_suggest (formerly dead_end) is integrated into Ruby. This helps you find the position of errors such as missing or superfluous ends, to get you back on your way faster, such as in the following example:
Unmatched `end', missing keyword (`do', `def`, `if`, etc.) ?
1 class Dog
> 2 defbark
> 4 end
5 end
Now it points at the relevant argument(s) for TypeError and ArgumentError
test.rb:2:in `+': nil can't be coerced into Integer (TypeError)
sum = ary[0] + ary[1]
^^^^^^
Language
Anonymous rest and keyword rest arguments can now be passed as
arguments, instead of just used in method parameters.
[Feature #18351]
def foo(*)
bar(*)
end
def baz(**)
quux(**)
end
A proc that accepts a single positional argument and keywords will
no longer autosplat. [Bug #18633]
proc{|a, **k| a}.call([1, 2])
# Ruby 3.1 and before
# => 1
# Ruby 3.2 and after
# => [1, 2]
Constant assignment evaluation order for constants set on explicit
objects has been made consistent with single attribute assignment
evaluation order. With this code:
foo::BAR = baz
foo is now called before baz. Similarly, for multiple assignments
to constants, left-to-right evaluation order is used. With this
code:
The find pattern is no longer experimental.
[Feature #18585]
Methods taking a rest parameter (like *args) and wishing to delegate keyword
arguments through foo(*args) must now be marked with ruby2_keywords
(if not already the case). In other words, all methods wishing to delegate
keyword arguments through *args must now be marked with ruby2_keywords,
with no exception. This will make it easier to transition to other ways of
delegation once a library can require Ruby 3+. Previously, the ruby2_keywords
flag was kept if the receiving method took *args, but this was a bug and an
inconsistency. A good technique to find potentially missing ruby2_keywords
is to run the test suite, find the last method which must
receive keyword arguments for each place where the test suite fails, and use puts nil, caller, nil there. Then check that each
method/block on the call chain which must delegate keywords is correctly marked
with ruby2_keywords. [Bug #18625] [Bug #16466]
def target(**kw)
end
# Accidentally worked without ruby2_keywords in Ruby 2.7-3.1, ruby2_keywords
# needed in 3.2+. Just like (*args, **kwargs) or (...) would be needed on
# both #foo and #bar when migrating away from ruby2_keywords.
ruby2_keywords def bar(*args)
target(*args)
end
ruby2_keywords def foo(*args)
bar(*args)
end
foo(k: 1)
Performance improvements
YJIT
YJIT now supports both x86-64 and arm64/aarch64 CPUs on Linux, MacOS, BSD and other UNIX platforms.
This release brings support for Mac M1/M2, AWS Graviton and Raspberry Pi 4 ARM64 processors.
In order to ensure that CRuby is built with YJIT, please install rustc >= 1.58.0 and
run ./configure with --enable-yjit.
Please reach out to the YJIT team should you run into any issues.
Physical memory for JIT code is lazily allocated. Unlike Ruby 3.1,
the RSS of a Ruby process is minimized because virtual memory pages
allocated by --yjit-exec-mem-size will not be mapped to physical
memory pages until actually utilized by JIT code.
Introduce Code GC that frees all code pages when the memory consumption
by JIT code reaches --yjit-exec-mem-size.
RubyVM::YJIT.runtime_stats returns Code GC metrics in addition to
existing inline_code_size and outlined_code_size keys:
code_gc_count, live_page_count, freed_page_count, and freed_code_size.
Most of the statistics produced by RubyVM::YJIT.runtime_stats are now available in release builds.
Simply run ruby with --yjit-stats to compute stats (incurs some run-time overhead).
YJIT is now optimized to take advantage of object shapes. [Feature #18776]
Take advantage of finer-grained constant invalidation to invalidate less code when defining new constants. [Feature #18589]
MJIT
The MJIT compiler is re-implemented in Ruby as a standard library mjit.
MJIT compiler is executed under a forked Ruby process instead of
doing it in a native thread called MJIT worker. [[Feature #18968]]
As a result, Microsoft Visual Studio (MSWIN) is no longer supported.
MinGW is no longer supported. [[Feature #18824]]
Rename --mjit-min-calls to --mjit-call-threshold.
Change default --mjit-max-cache back from 10000 to 100.
Proc#dup returns an instance of subclass. [Bug #17545]
Proc#parameters now accepts lambda keyword. [Feature #15357]
Refinement
Refinement#refined_class has been added. [Feature #12737]
RubyVM::AbstractSyntaxTree
Add error_tolerant option for parse, parse_file and of. [[Feature #19013]]
Set
Set is now available as a builtin class without the need for require "set". [Feature #16989]
It is currently autoloaded via the Set constant or a call to Enumerable#to_set.
String
String#byteindex and String#byterindex have been added. [Feature #13110]
Update Unicode to Version 15.0.0 and Emoji Version 15.0. [Feature #18639]
(also applies to Regexp)
We no longer bundle 3rd party sources like libyaml, libffi.
libyaml source has been removed from psych. You may need to install libyaml-dev with Ubuntu/Debian platfrom. The package name is different for each platform.
Bundled libffi source is also removed from fiddle
Psych and fiddle supported static builds with specific versions of libyaml and libffi sources. You can build psych with libyaml-0.2.5 like this:
PRNG update
rb_random_interface_t updated and versioned.
Extension libraries which use this interface and built for older versions.
Also init_int32 function needs to be defined.
Removed C APIs
The following deprecated APIs are removed.
rb_cData variable.
“taintedness” and “trustedness” functions. [Feature #16131]
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.
This release also includes some build problem fixes. They are not considered to affect compatibility with previous versions.
See the commit logs for further details.
We have released the cgi gem version 0.3.5, 0.2.2, and 0.1.0.2 that has a security fix for a HTTP response splitting vulnerability.
This vulnerability has been assigned the CVE identifier CVE-2021-33621.
Details
If an application that generates HTTP responses using the cgi gem with untrusted user input, an attacker can exploit it to inject a malicious HTTP response header and/or body.
Also, the contents for a CGI::Cookie object were not checked properly. If an application creates a CGI::Cookie object based on user input, an attacker may exploit it to inject invalid attributes in Set-Cookie header. We think such applications are unlikely, but we have included a change to check arguments for CGI::Cookie#initialize preventatively.
Please update the cgi gem to version 0.3.5, 0.2.2, and 0.1.0.2, or later. You can use gem update cgi to update it.
If you are using bundler, please add gem "cgi", ">= 0.3.5" to your Gemfile.
We are pleased to announce the release of Ruby 3.2.0-preview3. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on Web browser, Serverless Edge environment, and other WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using Thread API.
Background
WebAssembly (Wasm) is originally introduced to run programs safely and fast in web browsers. But its objective - running programs efficinently with security on various environment - is long wanted not only by web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI Support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which runs on such promised platform.
Use case
This support encourages developers can utilize CRuby in WebAssembly environment. An example use case of it is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself has some missing features to implement Fiber, exception, and GC because it’s still evolving and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
It is known that Regexp matching may take unexpectedly long. If your code attempts to match an possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
We have introduced two improvements that significantly mitigate ReDoS.
Improved Regexp matching algorithm
Since Ruby 3.2, Regexp’s matching algorithm has been greatly improved by using memoization technique.
# This matching takes 10 sec. in Ruby 3.1, and does 0.003 sec. in Ruby 3.2
/^a*b?a*$/ =~ "a" * 50000 + "x"
The improved matching algorithm allows most of Regexp matching (about 90% in our experiments) to be completed in linear time.
(For preview users: this optimization may consume memory proportional to the input length for each matching. We expect no practical problems to arise because this memory allocation is usually delayed, and a normal Regexp matching should consume at most 10 times as much memory as the input length. If you run out of memory when matching Regexps in a real-world application, please report it.)
The original proposal is https://bugs.ruby-lang.org/issues/19104
Regexp timeout
The optimization above cannot be applied to some kind of regular expressions, such as including advanced features (e.g., back-references or look-around), or with huge fixed number of repetitions. As a fallback measure, a timeout feature for Regexp matching is also introduced.
Regexp.timeout = 1.0
/^a*b?a*()\1$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*()\1$", timeout: Float::INFINITY)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The original proposal is https://bugs.ruby-lang.org/issues/17837
Other Notable New Features
No longer bundle 3rd party sources
We no longer bundle 3rd party sources like libyaml, libffi.
libyaml source has been removed from psych. You may need to install libyaml-dev with Ubuntu/Debian platfrom. The package name is different each platforms.
bundled libffi source is also removed from fiddle
Language
Anonymous rest and keyword rest arguments can now be passed as
arguments, instead of just used in method parameters.
[Feature #18351]
def foo(*)
bar(*)
end
def baz(**)
quux(**)
end
A proc that accepts a single positional argument and keywords will
no longer autosplat. [Bug #18633]
proc{|a, **k| a}.call([1, 2])
# Ruby 3.1 and before
# => 1
# Ruby 3.2 and after
# => [1, 2]
Constant assignment evaluation order for constants set on explicit
objects has been made consistent with single attribute assignment
evaluation order. With this code:
foo::BAR = baz
foo is now called before baz. Similarly, for multiple assignments
to constants, left-to-right evaluation order is used. With this
code:
Find pattern is no longer experimental.
[Feature #18585]
Methods taking a rest parameter (like *args) and wishing to delegate keyword
arguments through foo(*args) must now be marked with ruby2_keywords
(if not already the case). In other words, all methods wishing to delegate
keyword arguments through *args must now be marked with ruby2_keywords,
with no exception. This will make it easier to transition to other ways of
delegation once a library can require Ruby 3+. Previously, the ruby2_keywords
flag was kept if the receiving method took *args, but this was a bug and an
inconsistency. A good technique to find the potentially-missing ruby2_keywords
is to run the test suite, for where it fails find the last method which must
receive keyword arguments, use puts nil, caller, nil there, and check each
method/block on the call chain which must delegate keywords is correctly marked
as ruby2_keywords. [Bug #18625] [Bug #16466]
def target(**kw)
end
# Accidentally worked without ruby2_keywords in Ruby 2.7-3.1, ruby2_keywords
# needed in 3.2+. Just like (*args, **kwargs) or (...) would be needed on
# both #foo and #bar when migrating away from ruby2_keywords.
ruby2_keywords def bar(*args)
target(*args)
end
ruby2_keywords def foo(*args)
bar(*args)
end
foo(k: 1)
Proc#dup returns an instance of subclass. [Bug #17545]
Proc#parameters now accepts lambda keyword. [Feature #15357]
Refinement
Refinement#refined_class has been added. [Feature #12737]
RubyVM::AbstractSyntaxTree
Add error_tolerant option for parse, parse_file and of. [[Feature #19013]]
Set
Set is now available as a builtin class without the need for require "set". [Feature #16989]
It is currently autoloaded via the Set constant or a call to Enumerable#to_set.
String
String#byteindex and String#byterindex have been added. [Feature #13110]
Update Unicode to Version 14.0.0 and Emoji Version 14.0. [Feature #18037]
(also applies to Regexp)
Psych no longer bundles libyaml sources.
Users need to install the libyaml library themselves via the package
system. [Feature #18571]
C API updates
Updated C APIs
The following APIs are updated.
PRNG update
rb_random_interface_t updated and versioned.
Extension libraries which use this interface and built for older versions.
Also init_int32 function needs to be defined.
Removed C APIs
The following deprecated APIs are removed.
rb_cData variable.
“taintedness” and “trustedness” functions. [Feature #16131]
Standard libraries updates
SyntaxSuggest
The feature of syntax_suggest formerly dead_end is integrated in Ruby.
[Feature #18159]
ErrorHighlight
Now it points an argument(s) of TypeError and ArgumentError
test.rb:2:in `+': nil can't be coerced into Integer (TypeError)
sum = ary[0] + ary[1]
^^^^^^
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.
We are pleased to announce the release of Ruby 3.2.0-preview2. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on Web browser, Serverless Edge environment, and other WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using Thread API.
Background
WebAssembly (WASM) is originally introduced to run programs safely and fast in web browsers. But its objective - running programs efficinently with security on various environment - is long wanted not only by web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI Support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which runs on such promised platform.
Use case
This support encourages developers can utilize CRuby in WebAssembly environment. An example use case of it is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself has some missing features to implement Fiber, exception, and GC because it’s still evolving and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
A timeout feature for Regexp matching is introduced.
Regexp.timeout = 1.0
/^a*b?a*$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
It is known that Regexp matching may take unexpectedly long. If your code attempts to match an possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
The risk of DoS can be prevented or significantly mitigated by configuring Regexp.timeout according to the requirements of your Ruby application. Please try it out in your application and welcome your feedback.
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*$", timeout: nil)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The original proposal is https://bugs.ruby-lang.org/issues/17837
Other Notable New Features
No longer bundle 3rd party sources
We no longer bundle 3rd party sources like libyaml, libffi.
libyaml source has been removed from psych. You may need to install libyaml-dev with Ubuntu/Debian platfrom. The package name is different each platforms.
libffi will be removed from fiddle at preview2
Language
Anonymous rest and keyword rest arguments can now be passed as
arguments, instead of just used in method parameters.
[Feature #18351]
def foo(*)
bar(*)
end
def baz(**)
quux(**)
end
A proc that accepts a single positional argument and keywords will
no longer autosplat. [Bug #18633]
proc{|a, **k| a}.call([1, 2])
# Ruby 3.1 and before
# => 1
# Ruby 3.2 and after
# => [1, 2]
Constant assignment evaluation order for constants set on explicit
objects has been made consistent with single attribute assignment
evaluation order. With this code:
foo::BAR = baz
foo is now called before baz. Similarly, for multiple assignments
to constants, left-to-right evaluation order is used. With this
code:
Find pattern is no longer experimental.
[Feature #18585]
Methods taking a rest parameter (like *args) and wishing to delegate keyword
arguments through foo(*args) must now be marked with ruby2_keywords
(if not already the case). In other words, all methods wishing to delegate
keyword arguments through *args must now be marked with ruby2_keywords,
with no exception. This will make it easier to transition to other ways of
delegation once a library can require Ruby 3+. Previously, the ruby2_keywords
flag was kept if the receiving method took *args, but this was a bug and an
inconsistency. A good technique to find the potentially-missing ruby2_keywords
is to run the test suite, for where it fails find the last method which must
receive keyword arguments, use puts nil, caller, nil there, and check each
method/block on the call chain which must delegate keywords is correctly marked
as ruby2_keywords. [Bug #18625] [Bug #16466]
def target(**kw)
end
# Accidentally worked without ruby2_keywords in Ruby 2.7-3.1, ruby2_keywords
# needed in 3.2+. Just like (*args, **kwargs) or (...) would be needed on
# both #foo and #bar when migrating away from ruby2_keywords.
ruby2_keywords def bar(*args)
target(*args)
end
ruby2_keywords def foo(*args)
bar(*args)
end
foo(k: 1)
Proc#dup returns an instance of subclass. [Bug #17545]
Proc#parameters now accepts lambda keyword. [Feature #15357]
Refinement
Refinement#refined_class has been added. [Feature #12737]
Set
Set is now available as a builtin class without the need for require "set". [Feature #16989]
It is currently autoloaded via the Set constant or a call to Enumerable#to_set.
String
String#byteindex and String#byterindex have been added. [Feature #13110]
Update Unicode to Version 14.0.0 and Emoji Version 14.0. [Feature #18037]
(also applies to Regexp)
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.
This release also includes some bug fixes.
See the commit logs for further details.
After thies release, we end the normal maintenance phase of Ruby 2.7, and Ruby 2.7 enters the security maintenance phase.
This means that we will no longer backport any bug fixes to Ruby 2.7 excpet security fixes.
Ther term of the security maintenance pahse is scheduled for a year.
Ruby 2.7 reaches EOL and its official support ends by the end of the security maintenance phase.
Therefore, we recommend that you start to plan upgrade to Ruby 3.0 or 3.1.
This release also includes a fix of a build problem with very old compilers and a fix of a regression of date library.
See the commit logs for further details.
After this release, Ruby 2.6 reaches EOL. In other words, this is expected to be the last release of Ruby 2.6 series.
We will not release Ruby 2.6.11 even if a security vulnerability is found (but ocould release if a severe regression is found).
We recommend all Ruby 2.6 users to start migration to Ruby 3.1, 3.0, or 2.7 immediately.
A double-free vulnerability is discovered in Regexp compilation.
This vulnerability has been assigned the CVE identifier CVE-2022-28738.
We strongly recommend upgrading Ruby.
Details
Due to a bug in the Regexp compilation process, creating a Regexp object with a crafted source string could cause the same memory to be freed twice. This is known as a “double free” vulnerability.
Note that, in general, it is considered unsafe to create and use a Regexp object generated from untrusted input. In this case, however, following a comprehensive assessment, we treat this issue as a vulnerability.
Please update Ruby to 3.0.4, or 3.1.2.
Affected versions
ruby 3.0.3 or prior
ruby 3.1.1 or prior
Note that ruby 2.6 series and 2.7 series are not affected.
A buffer-overrun vulnerability is discovered in a conversion algorithm from a String to a Float.
This vulnerability has been assigned the CVE identifier CVE-2022-28739.
We strongly recommend upgrading Ruby.
Details
Due to a bug in an internal function that converts a String to a Float, some convertion methods like Kernel#Float and String#to_f could cause buffer over-read.
A typical consequence is a process termination due to segmentation fault, but in a limited circumstances, it may be exploitable for illegal memory read.
Please update Ruby to 2.6.10, 2.7.6, 3.0.4, or 3.1.2.
We are pleased to announce the release of Ruby 3.2.0-preview1. Ruby 3.2 adds many features and performance improvements.
WASI based WebAssembly support
This is an initial port of WASI based WebAssembly support. This enables a CRuby binary to be available on Web browser, Serverless Edge environment, and other WebAssembly/WASI embedders. Currently this port passes basic and bootstrap test suites not using Thread API.
Background
WebAssembly (WASM) is originally introduced to run programs safely and fast in web browsers. But its objective - running programs efficinently with security on various environment - is long wanted not only by web but also by general applications.
WASI (The WebAssembly System Interface) is designed for such use cases. Though such applications need to communicate with operating systems, WebAssembly runs on a virtual machine which didn’t have a system interface. WASI standardizes it.
WebAssembly/WASI Support in Ruby intends to leverage those projects. It enables Ruby developers to write applications which runs on such promised platform.
Use case
This support encourages developers can utilize CRuby in WebAssembly environment. An example use case of it is TryRuby playground’s CRuby support. Now you can try original CRuby in your web browser.
Technical points
Today’s WASI and WebAssembly itself has some missing features to implement Fiber, exception, and GC because it’s still evolving and also for security reasons. So CRuby fills the gap by using Asyncify, which is a binary transformation technique to control execution in userland.
In addition, we built a VFS on top of WASI so that we can easily pack Ruby apps into a single .wasm file. This makes distribution of Ruby apps a bit easier.
A timeout feature for Regexp matching is introduced.
Regexp.timeout = 1.0
/^a*b?a*$/ =~ "a" * 50000 + "x"
#=> Regexp::TimeoutError is raised in one second
It is known that Regexp matching may take unexpectedly long. If your code attempts to match an possibly inefficient Regexp against an untrusted input, an attacker may exploit it for efficient Denial of Service (so-called Regular expression DoS, or ReDoS).
The risk of DoS can be prevented or significantly mitigated by configuring Regexp.timeout according to the requirements of your Ruby application. Please try it out in your application and welcome your feedback.
Note that Regexp.timeout is a global configuration. If you want to use different timeout settings for some special Regexps, you may want to use timeout keyword for Regexp.new.
Regexp.timeout = 1.0
# This regexp has no timeout
long_time_re = Regexp.new("^a*b?a*$", timeout: nil)
long_time_re =~ "a" * 50000 + "x" # never interrupted
The original proposal is https://bugs.ruby-lang.org/issues/17837
Other Notable New Features
No longer bundle 3rd party sources
We no longer bundle 3rd party sources like libyaml, libffi.
libyaml source has been removed from psych. You may need to install libyaml-dev with Ubuntu/Debian platfrom. The package name is different each platforms.
libffi will be removed from fiddle at preview2
Language
Find pattern is no longer experimental.
Performance improvements
Other notable changes since 3.1
Hash
Hash#shift now always returns nil if the hash is
empty, instead of returning the default value or
calling the default proc. [[Bug #16908]]
MatchData
MatchData#byteoffset has been added. [[Feature #13110]]
Module
Module.used_refinements has been added. [[Feature #14332]]
Module#refinements has been added. [[Feature #12737]]
Module#const_added has been added. [[Feature #17881]]
Proc
Proc#dup returns an instance of subclass. [[Bug #17545]]
Proc#parameters now accepts lambda keyword. [[Feature #15357]]
Refinement
Refinement#refined_class has been added. [[Feature #12737]]
Set
Set is now available as a builtin class without the need for require "set". [[Feature #16989]]
It is currently autoloaded via the Set constant or a call to Enumerable#to_set.
String
String#byteindex and String#byterindex have been added. [[Feature #13110]]
Update Unicode to Version 14.0.0 and Emoji Version 14.0. [[Feature #18037]]
(also applies to Regexp)
String#bytesplice has been added. [[Feature #18598]]
Struct
A Struct class can also be initialized with keyword arguments
without keyword_init: true on Struct.new [[Feature #16806]]
Standard libraries updates
The following default gem are updated.
TBD
The following bundled gems are updated.
TBD
The following default gems are now bundled gems. You need to add the following libraries to Gemfile under the bundler environment.
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.
Recently Shopify contributed many Ruby improvements to speed up their Rails application. YJIT is an important contribution, and aims to improve the performance of Rails applications.
Though MJIT is a method-based JIT compiler and uses an external C compiler, YJIT uses Basic Block Versioning and includes JIT compiler inside it. With Lazy Basic Block Versioning (LBBV) it first compiles the beginning of a method, and incrementally compiles the rest when the type of arguments and variables are dynamically determined. See YJIT: a basic block versioning JIT compiler for CRuby for a detailed introduction.
With this technology, YJIT achieves both fast warmup time and performance improvements on most real-world software, up to 22% on railsbench, 39% on liquid-render.
YJIT is still an experimental feature, and as such, it is disabled by default. If you want to use this, specify the --yjit command-line option to enable YJIT. It is also limited to Unix-like x86-64 platforms for now.
A completely rewritten debugger debug.gem is bundled. debug.gem has the following features:
Improve the debugging performance (it does not slow down the application even with the debugger)
Support remote debugging
Support rich debugging frontend (VSCode and Chrome browser are supported now)
Support multi-process/multi-thread debugging
Colorful REPL
And other useful features like recod & replay feature, tracing feature and so on.
Ruby had bundled lib/debug.rb, but it was not well maintained and it had issues about performance and features. debug.gem replaced lib/debug.rb completely.
error_highlight: Fine-grained error location in backtrace
A built-in gem, error_highlight, has been introduced. It includes fine-grained error location in backtrace:
$ ruby test.rb
test.rb:1:in `<main>': undefined method `time' for 1:Integer (NoMethodError)
1.time {}
^^^^^
Did you mean? times
Currently, only NameError is supported.
This gem is enabled by default. You can disable it by using a command-line option --disable-error_highlight. See the repository in detail.
IRB Autocomplete and Document Display
The IRB now has an autocomplete feature, where you can just type in the code, and the completion candidates dialog will appear. You can use Tab and Shift+Tab to move up and down.
If documents are installed when you select a completion candidate, the documentation dialog will appear next to the completion candidates dialog, showing part of the content. You can read the full document by pressing Alt+d.
Other Notable New Features
Language
Values in Hash literals and keyword arguments can be omitted. [Feature #14579]
{x:, y:} is a syntax sugar of {x: x, y: y}.
foo(x:, y:) is a syntax sugar of foo(x: x, y: y).
Pin operator in pattern matching now takes an expression. [Feature #17411]
TypeProf is a static type analyzer for Ruby. It generates a prototype of RBS from non-type-annotated Ruby code. See the document for detail.
The main updates since Ruby 3.0.0 is an experimental IDE support called “TypeProf for IDE”.
The vscode extension shows a guessed (or explicitly written in a RBS file) method signature above each method definition, draws a red underline under the code that may cause a name error or type error, and completes method names (i.e., shows method candidates). See the document in detail.
Also, the release includes many bug fixes and performance improvements.
Performance improvements
MJIT
For workloads like Rails, the default --jit-max-cache is changed from 100 to 10000.
The JIT compiler no longer skips compilation of methods longer than 1000 instructions.
To support Zeitwerk of Rails, JIT-ed code is no longer cancelled
when a TracePoint for class events is enabled.
Other notable changes since 3.0
One-line pattern matching, e.g., ary => [x, y, z], is no longer experimental.
Multiple assignment evaluation order has been changed slightly. [Bug #4443]
foo[0], bar[0] = baz, qux was evaluated in order baz, qux, foo, and then bar in Ruby 3.0. In Ruby 3.1, it is evaluated in order foo, bar, baz, and then qux.
Ruby was first developed by Matz (Yukihiro Matsumoto) in 1993,
and is now developed as Open Source. It runs on multiple platforms
and is used all over the world especially for web development.