2016-11-10 23:53:23 +01:00
|
|
|
// Copyright 2014 The Go Authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
|
|
|
package runtime
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
import (
|
|
|
|
"runtime/internal/atomic"
|
|
|
|
"unsafe"
|
|
|
|
)
|
|
|
|
|
2019-08-31 05:01:15 +02:00
|
|
|
// For gccgo, use go:linkname to export compiler-called functions.
|
2016-11-22 18:58:04 +01:00
|
|
|
//
|
2019-08-31 05:01:15 +02:00
|
|
|
//go:linkname deferproc
|
|
|
|
//go:linkname deferprocStack
|
|
|
|
//go:linkname deferreturn
|
|
|
|
//go:linkname setdeferretaddr
|
|
|
|
//go:linkname checkdefer
|
|
|
|
//go:linkname gopanic
|
|
|
|
//go:linkname canrecover
|
|
|
|
//go:linkname makefuncfficanrecover
|
|
|
|
//go:linkname makefuncreturning
|
|
|
|
//go:linkname gorecover
|
|
|
|
//go:linkname deferredrecover
|
|
|
|
//go:linkname goPanicIndex
|
|
|
|
//go:linkname goPanicIndexU
|
|
|
|
//go:linkname goPanicSliceAlen
|
|
|
|
//go:linkname goPanicSliceAlenU
|
|
|
|
//go:linkname goPanicSliceAcap
|
|
|
|
//go:linkname goPanicSliceAcapU
|
|
|
|
//go:linkname goPanicSliceB
|
|
|
|
//go:linkname goPanicSliceBU
|
|
|
|
//go:linkname goPanicSlice3Alen
|
|
|
|
//go:linkname goPanicSlice3AlenU
|
|
|
|
//go:linkname goPanicSlice3Acap
|
|
|
|
//go:linkname goPanicSlice3AcapU
|
|
|
|
//go:linkname goPanicSlice3B
|
|
|
|
//go:linkname goPanicSlice3BU
|
|
|
|
//go:linkname goPanicSlice3C
|
|
|
|
//go:linkname goPanicSlice3CU
|
|
|
|
//go:linkname panicmem
|
2016-11-22 18:58:04 +01:00
|
|
|
// Temporary for C code to call:
|
2019-08-31 05:01:15 +02:00
|
|
|
//go:linkname throw
|
2016-11-22 18:58:04 +01:00
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// Check to make sure we can really generate a panic. If the panic
|
|
|
|
// was generated from the runtime, or from inside malloc, then convert
|
|
|
|
// to a throw of msg.
|
|
|
|
// pc should be the program counter of the compiler-generated code that
|
|
|
|
// triggered this panic.
|
|
|
|
func panicCheck1(pc uintptr, msg string) {
|
|
|
|
name, _, _, _ := funcfileline(pc-1, -1)
|
|
|
|
if hasPrefix(name, "runtime.") {
|
|
|
|
throw(msg)
|
|
|
|
}
|
|
|
|
// TODO: is this redundant? How could we be in malloc
|
|
|
|
// but not in the runtime? runtime/internal/*, maybe?
|
2016-11-10 23:53:23 +01:00
|
|
|
gp := getg()
|
|
|
|
if gp != nil && gp.m != nil && gp.m.mallocing != 0 {
|
2019-08-28 20:27:30 +02:00
|
|
|
throw(msg)
|
2016-11-10 23:53:23 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// Same as above, but calling from the runtime is allowed.
|
|
|
|
func panicCheck2(err string) {
|
|
|
|
gp := getg()
|
|
|
|
if gp != nil && gp.m != nil && gp.m.mallocing != 0 {
|
|
|
|
throw(err)
|
|
|
|
}
|
|
|
|
}
|
2016-11-10 23:53:23 +01:00
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// The panic{Index,Slice,divide,shift} functions are called by
|
2018-09-24 23:46:21 +02:00
|
|
|
// code generated by the compiler for out of bounds index expressions,
|
2019-08-28 20:27:30 +02:00
|
|
|
// out of bounds slice expressions, division by zero, and shift by negative.
|
|
|
|
// The panicdivide (again), panicoverflow, panicfloat, and panicmem
|
2018-09-24 23:46:21 +02:00
|
|
|
// functions are called by the signal handler when a signal occurs
|
|
|
|
// indicating the respective problem.
|
|
|
|
//
|
2019-08-28 20:27:30 +02:00
|
|
|
// Since panic{Index,Slice,shift} are never called directly, and
|
2018-09-24 23:46:21 +02:00
|
|
|
// since the runtime package should never have an out of bounds slice
|
2019-08-28 20:27:30 +02:00
|
|
|
// or array reference or negative shift, if we see those functions called from the
|
2018-09-24 23:46:21 +02:00
|
|
|
// runtime package we turn the panic into a throw. That will dump the
|
|
|
|
// entire runtime stack for easier debugging.
|
2019-08-28 20:27:30 +02:00
|
|
|
//
|
|
|
|
// The entry points called by the signal handler will be called from
|
|
|
|
// runtime.sigpanic, so we can't disallow calls from the runtime to
|
|
|
|
// these (they always look like they're called from the runtime).
|
|
|
|
// Hence, for these, we just check for clearly bad runtime conditions.
|
|
|
|
|
|
|
|
// failures in the comparisons for s[x], 0 <= x < y (y == len(s))
|
|
|
|
func goPanicIndex(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "index out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsIndex})
|
|
|
|
}
|
|
|
|
func goPanicIndexU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "index out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsIndex})
|
|
|
|
}
|
2018-09-24 23:46:21 +02:00
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// failures in the comparisons for s[:x], 0 <= x <= y (y == len(s) or cap(s))
|
|
|
|
func goPanicSliceAlen(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSliceAlen})
|
|
|
|
}
|
|
|
|
func goPanicSliceAlenU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSliceAlen})
|
|
|
|
}
|
|
|
|
func goPanicSliceAcap(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSliceAcap})
|
|
|
|
}
|
|
|
|
func goPanicSliceAcapU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSliceAcap})
|
2016-11-10 23:53:23 +01:00
|
|
|
}
|
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// failures in the comparisons for s[x:y], 0 <= x <= y
|
|
|
|
func goPanicSliceB(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSliceB})
|
|
|
|
}
|
|
|
|
func goPanicSliceBU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSliceB})
|
|
|
|
}
|
2016-11-10 23:53:23 +01:00
|
|
|
|
2019-08-28 20:27:30 +02:00
|
|
|
// failures in the comparisons for s[::x], 0 <= x <= y (y == len(s) or cap(s))
|
|
|
|
func goPanicSlice3Alen(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSlice3Alen})
|
|
|
|
}
|
|
|
|
func goPanicSlice3AlenU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSlice3Alen})
|
|
|
|
}
|
|
|
|
func goPanicSlice3Acap(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSlice3Acap})
|
|
|
|
}
|
|
|
|
func goPanicSlice3AcapU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSlice3Acap})
|
|
|
|
}
|
|
|
|
|
|
|
|
// failures in the comparisons for s[:x:y], 0 <= x <= y
|
|
|
|
func goPanicSlice3B(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSlice3B})
|
|
|
|
}
|
|
|
|
func goPanicSlice3BU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSlice3B})
|
|
|
|
}
|
|
|
|
|
|
|
|
// failures in the comparisons for s[x:y:], 0 <= x <= y
|
|
|
|
func goPanicSlice3C(x int, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: true, y: y, code: boundsSlice3C})
|
|
|
|
}
|
|
|
|
func goPanicSlice3CU(x uint, y int) {
|
|
|
|
panicCheck1(getcallerpc(), "slice bounds out of range")
|
|
|
|
panic(boundsError{x: int64(x), signed: false, y: y, code: boundsSlice3C})
|
|
|
|
}
|
|
|
|
|
|
|
|
var shiftError = error(errorString("negative shift amount"))
|
|
|
|
|
|
|
|
func panicshift() {
|
|
|
|
panicCheck1(getcallerpc(), "negative shift amount")
|
|
|
|
panic(shiftError)
|
2016-11-10 23:53:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
var divideError = error(errorString("integer divide by zero"))
|
|
|
|
|
|
|
|
func panicdivide() {
|
2019-08-28 20:27:30 +02:00
|
|
|
panicCheck2("integer divide by zero")
|
2016-11-10 23:53:23 +01:00
|
|
|
panic(divideError)
|
|
|
|
}
|
|
|
|
|
|
|
|
var overflowError = error(errorString("integer overflow"))
|
|
|
|
|
|
|
|
func panicoverflow() {
|
2019-08-28 20:27:30 +02:00
|
|
|
panicCheck2("integer overflow")
|
2016-11-10 23:53:23 +01:00
|
|
|
panic(overflowError)
|
|
|
|
}
|
|
|
|
|
|
|
|
var floatError = error(errorString("floating point error"))
|
|
|
|
|
|
|
|
func panicfloat() {
|
2019-08-28 20:27:30 +02:00
|
|
|
panicCheck2("floating point error")
|
2016-11-10 23:53:23 +01:00
|
|
|
panic(floatError)
|
|
|
|
}
|
|
|
|
|
|
|
|
var memoryError = error(errorString("invalid memory address or nil pointer dereference"))
|
|
|
|
|
|
|
|
func panicmem() {
|
2019-08-28 20:27:30 +02:00
|
|
|
panicCheck2("invalid memory address or nil pointer dereference")
|
2016-11-10 23:53:23 +01:00
|
|
|
panic(memoryError)
|
|
|
|
}
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
// deferproc creates a new deferred function.
|
|
|
|
// The compiler turns a defer statement into a call to this.
|
|
|
|
// frame points into the stack frame; it is used to determine which
|
|
|
|
// deferred functions are for the current stack frame, and whether we
|
|
|
|
// have already deferred functions for this frame.
|
|
|
|
// pfn is a C function pointer.
|
|
|
|
// arg is a value to pass to pfn.
|
|
|
|
func deferproc(frame *bool, pfn uintptr, arg unsafe.Pointer) {
|
2017-06-22 16:31:16 +02:00
|
|
|
d := newdefer()
|
2017-06-23 15:45:36 +02:00
|
|
|
if d._panic != nil {
|
|
|
|
throw("deferproc: d.panic != nil after newdefer")
|
|
|
|
}
|
2017-06-22 16:31:16 +02:00
|
|
|
d.frame = frame
|
|
|
|
d.panicStack = getg()._panic
|
|
|
|
d.pfn = pfn
|
|
|
|
d.arg = arg
|
|
|
|
d.retaddr = 0
|
|
|
|
d.makefunccanrecover = false
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
2019-08-18 01:43:08 +02:00
|
|
|
// deferprocStack queues a new deferred function with a defer record on the stack.
|
|
|
|
// The defer record, d, does not need to be initialized.
|
|
|
|
// Other arguments are the same as in deferproc.
|
|
|
|
//go:nosplit
|
|
|
|
func deferprocStack(d *_defer, frame *bool, pfn uintptr, arg unsafe.Pointer) {
|
|
|
|
gp := getg()
|
|
|
|
if gp.m.curg != gp {
|
|
|
|
// go code on the system stack can't defer
|
|
|
|
throw("defer on system stack")
|
|
|
|
}
|
|
|
|
d.pfn = pfn
|
|
|
|
d.retaddr = 0
|
|
|
|
d.makefunccanrecover = false
|
|
|
|
d.heap = false
|
|
|
|
// The lines below implement:
|
|
|
|
// d.frame = frame
|
|
|
|
// d.arg = arg
|
|
|
|
// d._panic = nil
|
|
|
|
// d.panicStack = gp._panic
|
|
|
|
// d.link = gp._defer
|
|
|
|
// But without write barriers. They are writes to the stack so they
|
|
|
|
// don't need a write barrier, and furthermore are to uninitialized
|
|
|
|
// memory, so they must not use a write barrier.
|
|
|
|
*(*uintptr)(unsafe.Pointer(&d.frame)) = uintptr(unsafe.Pointer(frame))
|
|
|
|
*(*uintptr)(unsafe.Pointer(&d.arg)) = uintptr(unsafe.Pointer(arg))
|
|
|
|
*(*uintptr)(unsafe.Pointer(&d._panic)) = 0
|
|
|
|
*(*uintptr)(unsafe.Pointer(&d.panicStack)) = uintptr(unsafe.Pointer(gp._panic))
|
|
|
|
*(*uintptr)(unsafe.Pointer(&d.link)) = uintptr(unsafe.Pointer(gp._defer))
|
|
|
|
|
|
|
|
gp._defer = d
|
|
|
|
}
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
// Allocate a Defer, usually using per-P pool.
|
|
|
|
// Each defer must be released with freedefer.
|
|
|
|
func newdefer() *_defer {
|
|
|
|
var d *_defer
|
2017-01-14 01:05:42 +01:00
|
|
|
gp := getg()
|
|
|
|
pp := gp.m.p.ptr()
|
2016-11-22 18:58:04 +01:00
|
|
|
if len(pp.deferpool) == 0 && sched.deferpool != nil {
|
2017-01-14 01:05:42 +01:00
|
|
|
systemstack(func() {
|
|
|
|
lock(&sched.deferlock)
|
|
|
|
for len(pp.deferpool) < cap(pp.deferpool)/2 && sched.deferpool != nil {
|
|
|
|
d := sched.deferpool
|
|
|
|
sched.deferpool = d.link
|
|
|
|
d.link = nil
|
|
|
|
pp.deferpool = append(pp.deferpool, d)
|
|
|
|
}
|
|
|
|
unlock(&sched.deferlock)
|
|
|
|
})
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
if n := len(pp.deferpool); n > 0 {
|
|
|
|
d = pp.deferpool[n-1]
|
|
|
|
pp.deferpool[n-1] = nil
|
|
|
|
pp.deferpool = pp.deferpool[:n-1]
|
|
|
|
}
|
|
|
|
if d == nil {
|
2017-01-14 01:05:42 +01:00
|
|
|
systemstack(func() {
|
|
|
|
d = new(_defer)
|
|
|
|
})
|
2019-01-18 20:04:36 +01:00
|
|
|
if debugCachedWork {
|
|
|
|
// Duplicate the tail below so if there's a
|
|
|
|
// crash in checkPut we can tell if d was just
|
|
|
|
// allocated or came from the pool.
|
2019-08-18 01:43:08 +02:00
|
|
|
d.heap = true
|
2019-01-18 20:04:36 +01:00
|
|
|
d.link = gp._defer
|
|
|
|
gp._defer = d
|
|
|
|
return d
|
|
|
|
}
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
2019-08-18 01:43:08 +02:00
|
|
|
d.heap = true
|
2016-11-22 18:58:04 +01:00
|
|
|
d.link = gp._defer
|
|
|
|
gp._defer = d
|
|
|
|
return d
|
|
|
|
}
|
|
|
|
|
|
|
|
// Free the given defer.
|
|
|
|
// The defer cannot be used after this call.
|
2017-01-14 01:05:42 +01:00
|
|
|
//
|
|
|
|
// This must not grow the stack because there may be a frame without a
|
|
|
|
// stack map when this is called.
|
|
|
|
//
|
|
|
|
//go:nosplit
|
2016-11-22 18:58:04 +01:00
|
|
|
func freedefer(d *_defer) {
|
2018-09-24 23:46:21 +02:00
|
|
|
if d._panic != nil {
|
|
|
|
freedeferpanic()
|
|
|
|
}
|
|
|
|
if d.pfn != 0 {
|
|
|
|
freedeferfn()
|
|
|
|
}
|
2019-08-18 01:43:08 +02:00
|
|
|
if !d.heap {
|
|
|
|
return
|
|
|
|
}
|
2017-01-14 01:05:42 +01:00
|
|
|
pp := getg().m.p.ptr()
|
2016-11-22 18:58:04 +01:00
|
|
|
if len(pp.deferpool) == cap(pp.deferpool) {
|
|
|
|
// Transfer half of local cache to the central cache.
|
2017-01-14 01:05:42 +01:00
|
|
|
//
|
|
|
|
// Take this slow path on the system stack so
|
|
|
|
// we don't grow freedefer's stack.
|
|
|
|
systemstack(func() {
|
|
|
|
var first, last *_defer
|
|
|
|
for len(pp.deferpool) > cap(pp.deferpool)/2 {
|
|
|
|
n := len(pp.deferpool)
|
|
|
|
d := pp.deferpool[n-1]
|
|
|
|
pp.deferpool[n-1] = nil
|
|
|
|
pp.deferpool = pp.deferpool[:n-1]
|
|
|
|
if first == nil {
|
|
|
|
first = d
|
|
|
|
} else {
|
|
|
|
last.link = d
|
|
|
|
}
|
|
|
|
last = d
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
2017-01-14 01:05:42 +01:00
|
|
|
lock(&sched.deferlock)
|
|
|
|
last.link = sched.deferpool
|
|
|
|
sched.deferpool = first
|
|
|
|
unlock(&sched.deferlock)
|
|
|
|
})
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
2018-01-09 02:23:08 +01:00
|
|
|
|
|
|
|
// These lines used to be simply `*d = _defer{}` but that
|
|
|
|
// started causing a nosplit stack overflow via typedmemmove.
|
|
|
|
d.link = nil
|
|
|
|
d.frame = nil
|
|
|
|
d.panicStack = nil
|
|
|
|
d.arg = nil
|
|
|
|
d.retaddr = 0
|
|
|
|
d.makefunccanrecover = false
|
2018-09-24 23:46:21 +02:00
|
|
|
// d._panic and d.pfn must be nil already.
|
|
|
|
// If not, we would have called freedeferpanic or freedeferfn above,
|
|
|
|
// both of which throw.
|
2018-01-09 02:23:08 +01:00
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
pp.deferpool = append(pp.deferpool, d)
|
|
|
|
}
|
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
// Separate function so that it can split stack.
|
|
|
|
// Windows otherwise runs out of stack space.
|
|
|
|
func freedeferpanic() {
|
|
|
|
// _panic must be cleared before d is unlinked from gp.
|
|
|
|
throw("freedefer with d._panic != nil")
|
|
|
|
}
|
|
|
|
|
|
|
|
func freedeferfn() {
|
|
|
|
// fn must be cleared before d is unlinked from gp.
|
|
|
|
throw("freedefer with d.fn != nil")
|
|
|
|
}
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
// deferreturn is called to undefer the stack.
|
|
|
|
// The compiler inserts a call to this function as a finally clause
|
|
|
|
// wrapped around the body of any function that calls defer.
|
|
|
|
// The frame argument points to the stack frame of the function.
|
|
|
|
func deferreturn(frame *bool) {
|
|
|
|
gp := getg()
|
|
|
|
for gp._defer != nil && gp._defer.frame == frame {
|
|
|
|
d := gp._defer
|
|
|
|
pfn := d.pfn
|
|
|
|
d.pfn = 0
|
|
|
|
|
|
|
|
if pfn != 0 {
|
|
|
|
// This is rather awkward.
|
|
|
|
// The gc compiler does this using assembler
|
|
|
|
// code in jmpdefer.
|
|
|
|
var fn func(unsafe.Pointer)
|
2018-01-10 06:15:52 +01:00
|
|
|
*(*uintptr)(unsafe.Pointer(&fn)) = uintptr(noescape(unsafe.Pointer(&pfn)))
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = true
|
2016-11-22 18:58:04 +01:00
|
|
|
fn(d.arg)
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = false
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
2019-01-18 20:04:36 +01:00
|
|
|
// If that was CgocallBackDone, it will have freed the
|
|
|
|
// defer for us, since we are no longer running as Go code.
|
runtime: complete defer handling in CgocallBackDone
When C code calls a Go function, it actually calls a function
generated by cgo. That function is written in Go, and, among other
things, it calls the real Go function like this:
CgocallBack()
defer CgocallBackDone()
RealGoFunction()
The deferred CgocallBackDone function enters syscall mode as we return
to C. Typically the C function will then eventually return to Go.
However, in the case where the C function is running on a thread
created in C, it will not return to Go. For that case we will have
allocated an m struct, with an associated g struct, for the duration
of the Go code, and when the Go is complete we will return the m and g
to a free list.
That all works, but we are running in a deferred function, which means
that we have been invoked by deferreturn, and deferreturn expects to
do a bit of cleanup to record that the defer has been completed. Doing
that cleanup while using an m and g that have already been returned to
the free list is clearly a bad idea. It was kind of working because
deferreturn was holding the g pointer in a local variable, but there
were races with some other thread picking up and using the newly freed g.
It was also kind of working because of a special check in freedefer;
that check is no longer necessary.
This patch changes the special case of releasing the m and g to do the
defer cleanup in CgocallBackDone itself.
This patch also checks for the special case of a panic through
CgocallBackDone. In that special case, we don't want to release the m
and g. Since we are returning to C code that was not called by Go
code, we know that the panic is not going to be caught and we are
going to exit the program. So for that special case we keep the m and
g structs so that the rest of the panic code can use them.
Reviewed-on: https://go-review.googlesource.com/46530
From-SVN: r249611
2017-06-23 22:19:40 +02:00
|
|
|
if getg() == nil {
|
|
|
|
*frame = true
|
|
|
|
return
|
|
|
|
}
|
2019-01-18 20:04:36 +01:00
|
|
|
if gp.ranCgocallBackDone {
|
|
|
|
gp.ranCgocallBackDone = false
|
|
|
|
*frame = true
|
|
|
|
return
|
|
|
|
}
|
runtime: complete defer handling in CgocallBackDone
When C code calls a Go function, it actually calls a function
generated by cgo. That function is written in Go, and, among other
things, it calls the real Go function like this:
CgocallBack()
defer CgocallBackDone()
RealGoFunction()
The deferred CgocallBackDone function enters syscall mode as we return
to C. Typically the C function will then eventually return to Go.
However, in the case where the C function is running on a thread
created in C, it will not return to Go. For that case we will have
allocated an m struct, with an associated g struct, for the duration
of the Go code, and when the Go is complete we will return the m and g
to a free list.
That all works, but we are running in a deferred function, which means
that we have been invoked by deferreturn, and deferreturn expects to
do a bit of cleanup to record that the defer has been completed. Doing
that cleanup while using an m and g that have already been returned to
the free list is clearly a bad idea. It was kind of working because
deferreturn was holding the g pointer in a local variable, but there
were races with some other thread picking up and using the newly freed g.
It was also kind of working because of a special check in freedefer;
that check is no longer necessary.
This patch changes the special case of releasing the m and g to do the
defer cleanup in CgocallBackDone itself.
This patch also checks for the special case of a panic through
CgocallBackDone. In that special case, we don't want to release the m
and g. Since we are returning to C code that was not called by Go
code, we know that the panic is not going to be caught and we are
going to exit the program. So for that special case we keep the m and
g structs so that the rest of the panic code can use them.
Reviewed-on: https://go-review.googlesource.com/46530
From-SVN: r249611
2017-06-23 22:19:40 +02:00
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
gp._defer = d.link
|
|
|
|
|
|
|
|
freedefer(d)
|
|
|
|
|
|
|
|
// Since we are executing a defer function now, we
|
|
|
|
// know that we are returning from the calling
|
|
|
|
// function. If the calling function, or one of its
|
|
|
|
// callees, panicked, then the defer functions would
|
|
|
|
// be executed by panic.
|
|
|
|
*frame = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// __builtin_extract_return_addr is a GCC intrinsic that converts an
|
|
|
|
// address returned by __builtin_return_address(0) to a real address.
|
|
|
|
// On most architectures this is a nop.
|
|
|
|
//extern __builtin_extract_return_addr
|
|
|
|
func __builtin_extract_return_addr(uintptr) uintptr
|
|
|
|
|
|
|
|
// setdeferretaddr records the address to which the deferred function
|
|
|
|
// returns. This is check by canrecover. The frontend relies on this
|
|
|
|
// function returning false.
|
|
|
|
func setdeferretaddr(retaddr uintptr) bool {
|
|
|
|
gp := getg()
|
|
|
|
if gp._defer != nil {
|
|
|
|
gp._defer.retaddr = __builtin_extract_return_addr(retaddr)
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// checkdefer is called by exception handlers used when unwinding the
|
|
|
|
// stack after a recovered panic. The exception handler is simply
|
|
|
|
// checkdefer(frame)
|
|
|
|
// return;
|
|
|
|
// If we have not yet reached the frame we are looking for, we
|
|
|
|
// continue unwinding.
|
|
|
|
func checkdefer(frame *bool) {
|
|
|
|
gp := getg()
|
|
|
|
if gp == nil {
|
|
|
|
// We should never wind up here. Even if some other
|
|
|
|
// language throws an exception, the cgo code
|
|
|
|
// should ensure that g is set.
|
|
|
|
throw("no g in checkdefer")
|
|
|
|
} else if gp.isforeign {
|
|
|
|
// Some other language has thrown an exception.
|
|
|
|
// We need to run the local defer handlers.
|
|
|
|
// If they call recover, we stop unwinding here.
|
|
|
|
var p _panic
|
|
|
|
p.isforeign = true
|
|
|
|
p.link = gp._panic
|
2018-01-10 06:15:52 +01:00
|
|
|
gp._panic = (*_panic)(noescape(unsafe.Pointer(&p)))
|
2016-11-22 18:58:04 +01:00
|
|
|
for {
|
|
|
|
d := gp._defer
|
|
|
|
if d == nil || d.frame != frame || d.pfn == 0 {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
pfn := d.pfn
|
|
|
|
gp._defer = d.link
|
|
|
|
|
|
|
|
var fn func(unsafe.Pointer)
|
2018-01-10 06:15:52 +01:00
|
|
|
*(*uintptr)(unsafe.Pointer(&fn)) = uintptr(noescape(unsafe.Pointer(&pfn)))
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = true
|
2016-11-22 18:58:04 +01:00
|
|
|
fn(d.arg)
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = false
|
2016-11-22 18:58:04 +01:00
|
|
|
|
|
|
|
freedefer(d)
|
|
|
|
|
|
|
|
if p.recovered {
|
|
|
|
// The recover function caught the panic
|
|
|
|
// thrown by some other language.
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
recovered := p.recovered
|
|
|
|
gp._panic = p.link
|
|
|
|
|
|
|
|
if recovered {
|
|
|
|
// Just return and continue executing Go code.
|
|
|
|
*frame = true
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// We are panicking through this function.
|
|
|
|
*frame = false
|
|
|
|
} else if gp._defer != nil && gp._defer.pfn == 0 && gp._defer.frame == frame {
|
|
|
|
// This is the defer function that called recover.
|
|
|
|
// Simply return to stop the stack unwind, and let the
|
|
|
|
// Go code continue to execute.
|
|
|
|
d := gp._defer
|
|
|
|
gp._defer = d.link
|
|
|
|
freedefer(d)
|
|
|
|
|
|
|
|
// We are returning from this function.
|
|
|
|
*frame = true
|
|
|
|
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// This is some other defer function. It was already run by
|
|
|
|
// the call to panic, or just above. Rethrow the exception.
|
|
|
|
rethrowException()
|
|
|
|
throw("rethrowException returned")
|
|
|
|
}
|
|
|
|
|
|
|
|
// unwindStack starts unwinding the stack for a panic. We unwind
|
|
|
|
// function calls until we reach the one which used a defer function
|
|
|
|
// which called recover. Each function which uses a defer statement
|
|
|
|
// will have an exception handler, as shown above for checkdefer.
|
|
|
|
func unwindStack() {
|
|
|
|
// Allocate the exception type used by the unwind ABI.
|
|
|
|
// It would be nice to define it in runtime_sysinfo.go,
|
|
|
|
// but current definitions don't work because the required
|
|
|
|
// alignment is larger than can be represented in Go.
|
|
|
|
// The type never contains any Go pointers.
|
|
|
|
size := unwindExceptionSize()
|
|
|
|
usize := uintptr(unsafe.Sizeof(uintptr(0)))
|
|
|
|
c := (size + usize - 1) / usize
|
|
|
|
s := make([]uintptr, c)
|
|
|
|
getg().exception = unsafe.Pointer(&s[0])
|
|
|
|
throwException()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Goexit terminates the goroutine that calls it. No other goroutine is affected.
|
|
|
|
// Goexit runs all deferred calls before terminating the goroutine. Because Goexit
|
2018-01-09 02:23:08 +01:00
|
|
|
// is not a panic, any recover calls in those deferred functions will return nil.
|
2016-11-22 18:58:04 +01:00
|
|
|
//
|
|
|
|
// Calling Goexit from the main goroutine terminates that goroutine
|
|
|
|
// without func main returning. Since func main has not returned,
|
|
|
|
// the program continues execution of other goroutines.
|
|
|
|
// If all other goroutines exit, the program crashes.
|
|
|
|
func Goexit() {
|
|
|
|
// Run all deferred functions for the current goroutine.
|
|
|
|
// This code is similar to gopanic, see that implementation
|
|
|
|
// for detailed comments.
|
|
|
|
gp := getg()
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.goexiting = true
|
2016-11-22 18:58:04 +01:00
|
|
|
for {
|
|
|
|
d := gp._defer
|
|
|
|
if d == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
pfn := d.pfn
|
2017-06-23 15:45:36 +02:00
|
|
|
if pfn == 0 {
|
|
|
|
if d._panic != nil {
|
|
|
|
d._panic.aborted = true
|
|
|
|
d._panic = nil
|
|
|
|
}
|
|
|
|
gp._defer = d.link
|
|
|
|
freedefer(d)
|
|
|
|
continue
|
|
|
|
}
|
2016-11-22 18:58:04 +01:00
|
|
|
d.pfn = 0
|
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
var fn func(unsafe.Pointer)
|
2018-01-10 06:15:52 +01:00
|
|
|
*(*uintptr)(unsafe.Pointer(&fn)) = uintptr(noescape(unsafe.Pointer(&pfn)))
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = true
|
2017-06-23 15:45:36 +02:00
|
|
|
fn(d.arg)
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = false
|
2016-11-22 18:58:04 +01:00
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
if gp._defer != d {
|
|
|
|
throw("bad defer entry in Goexit")
|
|
|
|
}
|
|
|
|
d._panic = nil
|
|
|
|
gp._defer = d.link
|
2016-11-22 18:58:04 +01:00
|
|
|
freedefer(d)
|
|
|
|
// Note: we ignore recovers here because Goexit isn't a panic
|
|
|
|
}
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.goexiting = false
|
2016-11-22 18:58:04 +01:00
|
|
|
goexit1()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Call all Error and String methods before freezing the world.
|
|
|
|
// Used when crashing with panicking.
|
|
|
|
func preprintpanics(p *_panic) {
|
2017-01-14 01:05:42 +01:00
|
|
|
defer func() {
|
|
|
|
if recover() != nil {
|
|
|
|
throw("panic while printing panic value")
|
|
|
|
}
|
|
|
|
}()
|
2016-11-22 18:58:04 +01:00
|
|
|
for p != nil {
|
|
|
|
switch v := p.arg.(type) {
|
|
|
|
case error:
|
|
|
|
p.arg = v.Error()
|
|
|
|
case stringer:
|
|
|
|
p.arg = v.String()
|
|
|
|
}
|
|
|
|
p = p.link
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Print all currently active panics. Used when crashing.
|
2018-01-28 00:44:29 +01:00
|
|
|
// Should only be called after preprintpanics.
|
2016-11-22 18:58:04 +01:00
|
|
|
func printpanics(p *_panic) {
|
|
|
|
if p.link != nil {
|
|
|
|
printpanics(p.link)
|
|
|
|
print("\t")
|
|
|
|
}
|
|
|
|
print("panic: ")
|
|
|
|
printany(p.arg)
|
|
|
|
if p.recovered {
|
|
|
|
print(" [recovered]")
|
|
|
|
}
|
|
|
|
print("\n")
|
|
|
|
}
|
|
|
|
|
|
|
|
// The implementation of the predeclared function panic.
|
|
|
|
func gopanic(e interface{}) {
|
|
|
|
gp := getg()
|
|
|
|
if gp.m.curg != gp {
|
|
|
|
print("panic: ")
|
|
|
|
printany(e)
|
|
|
|
print("\n")
|
|
|
|
throw("panic on system stack")
|
|
|
|
}
|
|
|
|
|
|
|
|
if gp.m.mallocing != 0 {
|
|
|
|
print("panic: ")
|
|
|
|
printany(e)
|
|
|
|
print("\n")
|
|
|
|
throw("panic during malloc")
|
|
|
|
}
|
|
|
|
if gp.m.preemptoff != "" {
|
|
|
|
print("panic: ")
|
|
|
|
printany(e)
|
|
|
|
print("\n")
|
|
|
|
print("preempt off reason: ")
|
|
|
|
print(gp.m.preemptoff)
|
|
|
|
print("\n")
|
|
|
|
throw("panic during preemptoff")
|
|
|
|
}
|
|
|
|
if gp.m.locks != 0 {
|
|
|
|
print("panic: ")
|
|
|
|
printany(e)
|
|
|
|
print("\n")
|
|
|
|
throw("panic holding locks")
|
|
|
|
}
|
|
|
|
|
runtime: allocate _panic struct on heap
The gc library allocates a _panic struct on the stack. This does not
work for gccgo, because when a deferred function recovers the panic we
unwind the stack up to that point so that returning from the function
will work correctly.
Allocating on the stack fine if the panic is not recovered, and it
works fine if the panic is recovered by a function that
returns. However, it fails if the panic is recovered by a function
that itself panics, and if that second panic is then recovered by a
function higher up on the stack. When we unwind the stack to that
second panic, the g will wind up pointing at a panic farther down on
the stack. Even then everything will often work fine, except when the
deferred function catching the second panic makes a bunch of calls
that use stack space before returning. In that case the code can
overwrite the panic struct, which will then cause disaster when we
remove the struct from the linked list, as the link field will be
garbage. This case is rare enough that all the x86 tests were passing,
but there was a failure on ppc64le.
Before https://golang.org/cl/33414 we allocated the panic struct on
the heap, so go back to doing that again.
Fixes golang/go#18228.
Reviewed-on: https://go-review.googlesource.com/34027
From-SVN: r243444
2016-12-08 16:54:30 +01:00
|
|
|
// The gc compiler allocates this new _panic struct on the
|
|
|
|
// stack. We can't do that, because when a deferred function
|
|
|
|
// recovers the panic we unwind the stack. We unlink this
|
|
|
|
// entry before unwinding the stack, but that doesn't help in
|
|
|
|
// the case where we panic, a deferred function recovers and
|
|
|
|
// then panics itself, that panic is in turn recovered, and
|
|
|
|
// unwinds the stack past this stack frame.
|
|
|
|
|
|
|
|
p := &_panic{
|
|
|
|
arg: e,
|
|
|
|
link: gp._panic,
|
|
|
|
}
|
|
|
|
gp._panic = p
|
2016-11-22 18:58:04 +01:00
|
|
|
|
2017-09-14 19:11:35 +02:00
|
|
|
atomic.Xadd(&runningPanicDefers, 1)
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
for {
|
|
|
|
d := gp._defer
|
|
|
|
if d == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
pfn := d.pfn
|
2017-06-23 15:45:36 +02:00
|
|
|
|
|
|
|
// If defer was started by earlier panic or Goexit (and, since we're back here, that triggered a new panic),
|
|
|
|
// take defer off list. The earlier panic or Goexit will not continue running.
|
|
|
|
if pfn == 0 {
|
|
|
|
if d._panic != nil {
|
|
|
|
d._panic.aborted = true
|
|
|
|
}
|
|
|
|
d._panic = nil
|
|
|
|
gp._defer = d.link
|
|
|
|
freedefer(d)
|
|
|
|
continue
|
|
|
|
}
|
2016-11-22 18:58:04 +01:00
|
|
|
d.pfn = 0
|
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
// Record the panic that is running the defer.
|
|
|
|
// If there is a new panic during the deferred call, that panic
|
|
|
|
// will find d in the list and will mark d._panic (this panic) aborted.
|
|
|
|
d._panic = p
|
2016-11-22 18:58:04 +01:00
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
var fn func(unsafe.Pointer)
|
2018-01-10 06:15:52 +01:00
|
|
|
*(*uintptr)(unsafe.Pointer(&fn)) = uintptr(noescape(unsafe.Pointer(&pfn)))
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = true
|
2017-06-23 15:45:36 +02:00
|
|
|
fn(d.arg)
|
2019-01-18 20:04:36 +01:00
|
|
|
gp.deferring = false
|
2017-06-23 15:45:36 +02:00
|
|
|
|
|
|
|
if gp._defer != d {
|
|
|
|
throw("bad defer entry in panic")
|
|
|
|
}
|
|
|
|
d._panic = nil
|
|
|
|
|
|
|
|
if p.recovered {
|
2017-09-14 19:11:35 +02:00
|
|
|
atomic.Xadd(&runningPanicDefers, -1)
|
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
gp._panic = p.link
|
|
|
|
|
|
|
|
// Aborted panics are marked but remain on the g.panic list.
|
|
|
|
// Remove them from the list.
|
|
|
|
for gp._panic != nil && gp._panic.aborted {
|
|
|
|
gp._panic = gp._panic.link
|
|
|
|
}
|
|
|
|
if gp._panic == nil { // must be done with signal
|
|
|
|
gp.sig = 0
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
// Unwind the stack by throwing an exception.
|
|
|
|
// The compiler has arranged to create
|
|
|
|
// exception handlers in each function
|
|
|
|
// that uses a defer statement. These
|
|
|
|
// exception handlers will check whether
|
|
|
|
// the entry on the top of the defer stack
|
|
|
|
// is from the current function. If it is,
|
|
|
|
// we have unwound the stack far enough.
|
|
|
|
unwindStack()
|
|
|
|
|
|
|
|
throw("unwindStack returned")
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
2017-06-23 15:45:36 +02:00
|
|
|
// Because we executed that defer function by a panic,
|
|
|
|
// and it did not call recover, we know that we are
|
|
|
|
// not returning from the calling function--we are
|
|
|
|
// panicking through it.
|
|
|
|
*d.frame = false
|
|
|
|
|
|
|
|
// Deferred function did not panic. Remove d.
|
|
|
|
// In the p.recovered case, d will be removed by checkdefer.
|
2016-11-22 18:58:04 +01:00
|
|
|
gp._defer = d.link
|
2017-06-23 15:45:36 +02:00
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
freedefer(d)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ran out of deferred calls - old-school panic now
|
|
|
|
// Because it is unsafe to call arbitrary user code after freezing
|
|
|
|
// the world, we call preprintpanics to invoke all necessary Error
|
|
|
|
// and String methods to prepare the panic strings before startpanic.
|
|
|
|
preprintpanics(gp._panic)
|
2017-09-14 19:11:35 +02:00
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
fatalpanic(gp._panic) // should not return
|
|
|
|
*(*int)(nil) = 0 // not reached
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// currentDefer returns the top of the defer stack if it can be recovered.
|
|
|
|
// Otherwise it returns nil.
|
|
|
|
func currentDefer() *_defer {
|
|
|
|
gp := getg()
|
|
|
|
d := gp._defer
|
|
|
|
if d == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// The panic that would be recovered is the one on the top of
|
|
|
|
// the panic stack. We do not want to recover it if that panic
|
|
|
|
// was on the top of the panic stack when this function was
|
|
|
|
// deferred.
|
2017-06-22 16:31:16 +02:00
|
|
|
if d.panicStack == gp._panic {
|
2016-11-22 18:58:04 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// The deferred thunk will call setdeferretaddr. If this has
|
|
|
|
// not happened, then we have not been called via defer, and
|
|
|
|
// we can not recover.
|
|
|
|
if d.retaddr == 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return d
|
|
|
|
}
|
|
|
|
|
|
|
|
// canrecover is called by a thunk to see if the real function would
|
|
|
|
// be permitted to recover a panic value. Recovering a value is
|
|
|
|
// permitted if the thunk was called directly by defer. retaddr is the
|
|
|
|
// return address of the function that is calling canrecover--that is,
|
|
|
|
// the thunk.
|
|
|
|
func canrecover(retaddr uintptr) bool {
|
|
|
|
d := currentDefer()
|
|
|
|
if d == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
ret := __builtin_extract_return_addr(retaddr)
|
|
|
|
dret := d.retaddr
|
|
|
|
if ret <= dret && ret+16 >= dret {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// On some systems, in some cases, the return address does not
|
|
|
|
// work reliably. See http://gcc.gnu.org/PR60406. If we are
|
|
|
|
// permitted to call recover, the call stack will look like this:
|
|
|
|
// runtime.gopanic, runtime.deferreturn, etc.
|
|
|
|
// thunk to call deferred function (calls __go_set_defer_retaddr)
|
|
|
|
// function that calls __go_can_recover (passing return address)
|
|
|
|
// runtime.canrecover
|
|
|
|
// Calling callers will skip the thunks. So if our caller's
|
|
|
|
// caller starts with "runtime.", then we are permitted to
|
|
|
|
// call recover.
|
|
|
|
var locs [16]location
|
2018-01-09 02:23:08 +01:00
|
|
|
if callers(1, locs[:2]) < 2 {
|
2016-11-22 18:58:04 +01:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
name := locs[1].function
|
2019-01-18 20:04:36 +01:00
|
|
|
if hasPrefix(name, "runtime.") {
|
2016-11-22 18:58:04 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the function calling recover was created by reflect.MakeFunc,
|
|
|
|
// then makefuncfficanrecover will have set makefunccanrecover.
|
|
|
|
if !d.makefunccanrecover {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// We look up the stack, ignoring libffi functions and
|
|
|
|
// functions in the reflect package, until we find
|
|
|
|
// reflect.makeFuncStub or reflect.ffi_callback called by FFI
|
|
|
|
// functions. Then we check the caller of that function.
|
|
|
|
|
2018-01-09 02:23:08 +01:00
|
|
|
n := callers(2, locs[:])
|
2016-11-22 18:58:04 +01:00
|
|
|
foundFFICallback := false
|
|
|
|
i := 0
|
|
|
|
for ; i < n; i++ {
|
|
|
|
name = locs[i].function
|
|
|
|
if name == "" {
|
|
|
|
// No function name means this caller isn't Go code.
|
|
|
|
// Assume that this is libffi.
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ignore function in libffi.
|
2019-01-18 20:04:36 +01:00
|
|
|
if hasPrefix(name, "ffi_") {
|
2016-11-22 18:58:04 +01:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if foundFFICallback {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
if name == "reflect.ffi_callback" {
|
|
|
|
foundFFICallback = true
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ignore other functions in the reflect package.
|
2019-01-18 20:04:36 +01:00
|
|
|
if hasPrefix(name, "reflect.") || hasPrefix(name, ".1reflect.") {
|
2016-11-22 18:58:04 +01:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// We should now be looking at the real caller.
|
|
|
|
break
|
|
|
|
}
|
|
|
|
|
|
|
|
if i < n {
|
|
|
|
name = locs[i].function
|
2019-01-18 20:04:36 +01:00
|
|
|
if hasPrefix(name, "runtime.") {
|
2016-11-22 18:58:04 +01:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
// This function is called when code is about to enter a function
|
|
|
|
// created by the libffi version of reflect.MakeFunc. This function is
|
|
|
|
// passed the names of the callers of the libffi code that called the
|
|
|
|
// stub. It uses them to decide whether it is permitted to call
|
|
|
|
// recover, and sets d.makefunccanrecover so that gorecover can make
|
|
|
|
// the same decision.
|
|
|
|
func makefuncfficanrecover(loc []location) {
|
|
|
|
d := currentDefer()
|
|
|
|
if d == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we are already in a call stack of MakeFunc functions,
|
|
|
|
// there is nothing we can usefully check here.
|
|
|
|
if d.makefunccanrecover {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// loc starts with the caller of our caller. That will be a thunk.
|
|
|
|
// If its caller was a function function, then it was called
|
|
|
|
// directly by defer.
|
|
|
|
if len(loc) < 2 {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
name := loc[1].function
|
2019-01-18 20:04:36 +01:00
|
|
|
if hasPrefix(name, "runtime.") {
|
2016-11-22 18:58:04 +01:00
|
|
|
d.makefunccanrecover = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// makefuncreturning is called when code is about to exit a function
|
|
|
|
// created by reflect.MakeFunc. It is called by the function stub used
|
|
|
|
// by reflect.MakeFunc. It clears the makefunccanrecover field. It's
|
|
|
|
// OK to always clear this field, because canrecover will only be
|
|
|
|
// called by a stub created for a function that calls recover. That
|
|
|
|
// stub will not call a function created by reflect.MakeFunc, so by
|
|
|
|
// the time we get here any caller higher up on the call stack no
|
|
|
|
// longer needs the information.
|
|
|
|
func makefuncreturning() {
|
|
|
|
d := getg()._defer
|
|
|
|
if d != nil {
|
|
|
|
d.makefunccanrecover = false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// The implementation of the predeclared function recover.
|
|
|
|
func gorecover() interface{} {
|
|
|
|
gp := getg()
|
|
|
|
p := gp._panic
|
|
|
|
if p != nil && !p.recovered {
|
|
|
|
p.recovered = true
|
|
|
|
return p.arg
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// deferredrecover is called when a call to recover is deferred. That
|
|
|
|
// is, something like
|
|
|
|
// defer recover()
|
|
|
|
//
|
|
|
|
// We need to handle this specially. In gc, the recover function
|
|
|
|
// looks up the stack frame. In particular, that means that a deferred
|
|
|
|
// recover will not recover a panic thrown in the same function that
|
|
|
|
// defers the recover. It will only recover a panic thrown in a
|
|
|
|
// function that defers the deferred call to recover.
|
|
|
|
//
|
|
|
|
// In other words:
|
|
|
|
//
|
|
|
|
// func f1() {
|
|
|
|
// defer recover() // does not stop panic
|
|
|
|
// panic(0)
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// func f2() {
|
|
|
|
// defer func() {
|
|
|
|
// defer recover() // stops panic(0)
|
|
|
|
// }()
|
|
|
|
// panic(0)
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// func f3() {
|
|
|
|
// defer func() {
|
|
|
|
// defer recover() // does not stop panic
|
|
|
|
// panic(0)
|
|
|
|
// }()
|
|
|
|
// panic(1)
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// func f4() {
|
|
|
|
// defer func() {
|
|
|
|
// defer func() {
|
|
|
|
// defer recover() // stops panic(0)
|
|
|
|
// }()
|
|
|
|
// panic(0)
|
|
|
|
// }()
|
|
|
|
// panic(1)
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// The interesting case here is f3. As can be seen from f2, the
|
|
|
|
// deferred recover could pick up panic(1). However, this does not
|
|
|
|
// happen because it is blocked by the panic(0).
|
|
|
|
//
|
|
|
|
// When a function calls recover, then when we invoke it we pass a
|
|
|
|
// hidden parameter indicating whether it should recover something.
|
|
|
|
// This parameter is set based on whether the function is being
|
|
|
|
// invoked directly from defer. The parameter winds up determining
|
|
|
|
// whether __go_recover or __go_deferred_recover is called at all.
|
|
|
|
//
|
|
|
|
// In the case of a deferred recover, the hidden parameter that
|
|
|
|
// controls the call is actually the one set up for the function that
|
|
|
|
// runs the defer recover() statement. That is the right thing in all
|
|
|
|
// the cases above except for f3. In f3 the function is permitted to
|
|
|
|
// call recover, but the deferred recover call is not. We address that
|
|
|
|
// here by checking for that specific case before calling recover. If
|
|
|
|
// this function was deferred when there is already a panic on the
|
|
|
|
// panic stack, then we can only recover that panic, not any other.
|
|
|
|
|
|
|
|
// Note that we can get away with using a special function here
|
|
|
|
// because you are not permitted to take the address of a predeclared
|
|
|
|
// function like recover.
|
|
|
|
func deferredrecover() interface{} {
|
|
|
|
gp := getg()
|
2017-06-22 16:31:16 +02:00
|
|
|
if gp._defer == nil || gp._defer.panicStack != gp._panic {
|
2016-11-22 18:58:04 +01:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return gorecover()
|
|
|
|
}
|
|
|
|
|
2017-01-14 01:05:42 +01:00
|
|
|
//go:linkname sync_throw sync.throw
|
|
|
|
func sync_throw(s string) {
|
|
|
|
throw(s)
|
|
|
|
}
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
//go:nosplit
|
|
|
|
func throw(s string) {
|
2018-09-24 23:46:21 +02:00
|
|
|
// Everything throw does should be recursively nosplit so it
|
|
|
|
// can be called even when it's unsafe to grow the stack.
|
|
|
|
systemstack(func() {
|
|
|
|
print("fatal error: ", s, "\n")
|
|
|
|
})
|
2016-11-22 18:58:04 +01:00
|
|
|
gp := getg()
|
|
|
|
if gp.m.throwing == 0 {
|
|
|
|
gp.m.throwing = 1
|
|
|
|
}
|
2018-09-24 23:46:21 +02:00
|
|
|
fatalthrow()
|
2016-11-22 18:58:04 +01:00
|
|
|
*(*int)(nil) = 0 // not reached
|
|
|
|
}
|
|
|
|
|
2017-09-14 19:11:35 +02:00
|
|
|
// runningPanicDefers is non-zero while running deferred functions for panic.
|
|
|
|
// runningPanicDefers is incremented and decremented atomically.
|
|
|
|
// This is used to try hard to get a panic stack trace out when exiting.
|
|
|
|
var runningPanicDefers uint32
|
|
|
|
|
|
|
|
// panicking is non-zero when crashing the program for an unrecovered panic.
|
|
|
|
// panicking is incremented and decremented atomically.
|
|
|
|
var panicking uint32
|
|
|
|
|
|
|
|
// paniclk is held while printing the panic information and stack trace,
|
|
|
|
// so that two concurrent panics don't overlap their output.
|
2016-11-22 18:58:04 +01:00
|
|
|
var paniclk mutex
|
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
// fatalthrow implements an unrecoverable runtime throw. It freezes the
|
|
|
|
// system, prints stack traces starting from its caller, and terminates the
|
|
|
|
// process.
|
|
|
|
//
|
|
|
|
//go:nosplit
|
|
|
|
func fatalthrow() {
|
|
|
|
pc := getcallerpc()
|
|
|
|
sp := getcallersp()
|
|
|
|
gp := getg()
|
|
|
|
|
|
|
|
startpanic_m()
|
|
|
|
|
|
|
|
if dopanic_m(gp, pc, sp) {
|
|
|
|
crash()
|
|
|
|
}
|
|
|
|
|
|
|
|
exit(2)
|
|
|
|
|
|
|
|
*(*int)(nil) = 0 // not reached
|
|
|
|
}
|
|
|
|
|
|
|
|
// fatalpanic implements an unrecoverable panic. It is like fatalthrow, except
|
|
|
|
// that if msgs != nil, fatalpanic also prints panic messages and decrements
|
|
|
|
// runningPanicDefers once main is blocked from exiting.
|
|
|
|
//
|
|
|
|
//go:nosplit
|
|
|
|
func fatalpanic(msgs *_panic) {
|
|
|
|
pc := getcallerpc()
|
|
|
|
sp := getcallersp()
|
|
|
|
gp := getg()
|
|
|
|
var docrash bool
|
|
|
|
|
|
|
|
if startpanic_m() && msgs != nil {
|
|
|
|
// There were panic messages and startpanic_m
|
|
|
|
// says it's okay to try to print them.
|
|
|
|
|
|
|
|
// startpanic_m set panicking, which will
|
|
|
|
// block main from exiting, so now OK to
|
|
|
|
// decrement runningPanicDefers.
|
|
|
|
atomic.Xadd(&runningPanicDefers, -1)
|
|
|
|
|
|
|
|
printpanics(msgs)
|
|
|
|
}
|
|
|
|
|
|
|
|
docrash = dopanic_m(gp, pc, sp)
|
|
|
|
|
|
|
|
if docrash {
|
|
|
|
// By crashing outside the above systemstack call, debuggers
|
|
|
|
// will not be confused when generating a backtrace.
|
|
|
|
// Function crash is marked nosplit to avoid stack growth.
|
|
|
|
crash()
|
|
|
|
}
|
|
|
|
|
|
|
|
systemstack(func() {
|
|
|
|
exit(2)
|
|
|
|
})
|
|
|
|
|
|
|
|
*(*int)(nil) = 0 // not reached
|
|
|
|
}
|
|
|
|
|
2018-01-28 00:44:29 +01:00
|
|
|
// startpanic_m prepares for an unrecoverable panic.
|
2018-01-09 02:23:08 +01:00
|
|
|
//
|
2018-09-24 23:46:21 +02:00
|
|
|
// It returns true if panic messages should be printed, or false if
|
|
|
|
// the runtime is in bad shape and should just print stacks.
|
|
|
|
//
|
2019-01-18 20:04:36 +01:00
|
|
|
// It must not have write barriers even though the write barrier
|
|
|
|
// explicitly ignores writes once dying > 0. Write barriers still
|
|
|
|
// assume that g.m.p != nil, and this function may not have P
|
|
|
|
// in some contexts (e.g. a panic in a signal handler for a signal
|
|
|
|
// sent to an M with no P).
|
2018-01-09 02:23:08 +01:00
|
|
|
//
|
2019-01-18 20:04:36 +01:00
|
|
|
//go:nowritebarrierrec
|
2018-09-24 23:46:21 +02:00
|
|
|
func startpanic_m() bool {
|
2016-11-22 18:58:04 +01:00
|
|
|
_g_ := getg()
|
2018-01-28 00:44:29 +01:00
|
|
|
if mheap_.cachealloc.size == 0 { // very early
|
|
|
|
print("runtime: panic before malloc heap initialized\n")
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
2018-01-28 00:44:29 +01:00
|
|
|
// Disallow malloc during an unrecoverable panic. A panic
|
|
|
|
// could happen in a signal handler, or in a throw, or inside
|
|
|
|
// malloc itself. We want to catch if an allocation ever does
|
|
|
|
// happen (even if we're not in one of these situations).
|
|
|
|
_g_.m.mallocing++
|
2016-11-22 18:58:04 +01:00
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
// If we're dying because of a bad lock count, set it to a
|
|
|
|
// good lock count so we don't recursively panic below.
|
|
|
|
if _g_.m.locks < 0 {
|
|
|
|
_g_.m.locks = 1
|
|
|
|
}
|
|
|
|
|
2016-11-22 18:58:04 +01:00
|
|
|
switch _g_.m.dying {
|
|
|
|
case 0:
|
2019-01-18 20:04:36 +01:00
|
|
|
// Setting dying >0 has the side-effect of disabling this G's writebuf.
|
2016-11-22 18:58:04 +01:00
|
|
|
_g_.m.dying = 1
|
|
|
|
atomic.Xadd(&panicking, 1)
|
|
|
|
lock(&paniclk)
|
|
|
|
if debug.schedtrace > 0 || debug.scheddetail > 0 {
|
|
|
|
schedtrace(true)
|
|
|
|
}
|
|
|
|
freezetheworld()
|
2018-09-24 23:46:21 +02:00
|
|
|
return true
|
2016-11-22 18:58:04 +01:00
|
|
|
case 1:
|
2018-09-24 23:46:21 +02:00
|
|
|
// Something failed while panicking.
|
|
|
|
// Just print a stack trace and exit.
|
2016-11-22 18:58:04 +01:00
|
|
|
_g_.m.dying = 2
|
|
|
|
print("panic during panic\n")
|
2018-09-24 23:46:21 +02:00
|
|
|
return false
|
2016-11-22 18:58:04 +01:00
|
|
|
case 2:
|
|
|
|
// This is a genuine bug in the runtime, we couldn't even
|
|
|
|
// print the stack trace successfully.
|
|
|
|
_g_.m.dying = 3
|
|
|
|
print("stack trace unavailable\n")
|
|
|
|
exit(4)
|
|
|
|
fallthrough
|
|
|
|
default:
|
2018-01-09 02:23:08 +01:00
|
|
|
// Can't even print! Just exit.
|
2016-11-22 18:58:04 +01:00
|
|
|
exit(5)
|
2018-09-24 23:46:21 +02:00
|
|
|
return false // Need to return something.
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var didothers bool
|
|
|
|
var deadlock mutex
|
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
func dopanic_m(gp *g, pc, sp uintptr) bool {
|
2016-11-22 18:58:04 +01:00
|
|
|
if gp.sig != 0 {
|
|
|
|
signame := signame(gp.sig)
|
|
|
|
if signame != "" {
|
|
|
|
print("[signal ", signame)
|
|
|
|
} else {
|
|
|
|
print("[signal ", hex(gp.sig))
|
|
|
|
}
|
|
|
|
print(" code=", hex(gp.sigcode0), " addr=", hex(gp.sigcode1), " pc=", hex(gp.sigpc), "]\n")
|
|
|
|
}
|
|
|
|
|
|
|
|
level, all, docrash := gotraceback()
|
|
|
|
_g_ := getg()
|
|
|
|
if level > 0 {
|
|
|
|
if gp != gp.m.curg {
|
|
|
|
all = true
|
|
|
|
}
|
|
|
|
if gp != gp.m.g0 {
|
|
|
|
print("\n")
|
|
|
|
goroutineheader(gp)
|
|
|
|
traceback(0)
|
|
|
|
} else if level >= 2 || _g_.m.throwing > 0 {
|
|
|
|
print("\nruntime stack:\n")
|
|
|
|
traceback(0)
|
|
|
|
}
|
|
|
|
if !didothers && all {
|
|
|
|
didothers = true
|
|
|
|
tracebackothers(gp)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
unlock(&paniclk)
|
|
|
|
|
|
|
|
if atomic.Xadd(&panicking, -1) != 0 {
|
|
|
|
// Some other m is panicking too.
|
|
|
|
// Let it print what it needs to print.
|
|
|
|
// Wait forever without chewing up cpu.
|
|
|
|
// It will exit when it's done.
|
|
|
|
lock(&deadlock)
|
|
|
|
lock(&deadlock)
|
|
|
|
}
|
|
|
|
|
2019-09-06 20:12:46 +02:00
|
|
|
printDebugLog()
|
|
|
|
|
2018-09-24 23:46:21 +02:00
|
|
|
return docrash
|
2016-11-22 18:58:04 +01:00
|
|
|
}
|
|
|
|
|
2018-01-28 00:44:29 +01:00
|
|
|
// canpanic returns false if a signal should throw instead of
|
|
|
|
// panicking.
|
|
|
|
//
|
2016-11-10 23:53:23 +01:00
|
|
|
//go:nosplit
|
|
|
|
func canpanic(gp *g) bool {
|
|
|
|
// Note that g is m->gsignal, different from gp.
|
|
|
|
// Note also that g->m can change at preemption, so m can go stale
|
|
|
|
// if this function ever makes a function call.
|
|
|
|
_g_ := getg()
|
|
|
|
_m_ := _g_.m
|
|
|
|
|
|
|
|
// Is it okay for gp to panic instead of crashing the program?
|
|
|
|
// Yes, as long as it is running Go code, not runtime code,
|
|
|
|
// and not stuck in a system call.
|
|
|
|
if gp == nil || gp != _m_.curg {
|
|
|
|
return false
|
|
|
|
}
|
2018-09-24 23:46:21 +02:00
|
|
|
if _m_.locks != 0 || _m_.mallocing != 0 || _m_.throwing != 0 || _m_.preemptoff != "" || _m_.dying != 0 {
|
2016-11-10 23:53:23 +01:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
status := readgstatus(gp)
|
|
|
|
if status&^_Gscan != _Grunning || gp.syscallsp != 0 {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
2018-09-24 23:46:21 +02:00
|
|
|
|
2019-01-18 20:04:36 +01:00
|
|
|
// isAbortPC reports whether pc is the program counter at which
|
2018-09-24 23:46:21 +02:00
|
|
|
// runtime.abort raises a signal.
|
|
|
|
//
|
|
|
|
// It is nosplit because it's part of the isgoexception
|
|
|
|
// implementation.
|
|
|
|
//
|
|
|
|
//go:nosplit
|
|
|
|
func isAbortPC(pc uintptr) bool {
|
|
|
|
return false
|
|
|
|
}
|