Backport https://codereview.appspot.com/155450044 from the
master Go library. Original description:
I came across this while debugging a GC problem in gccgo.
There is code in assignTo and cvtT2I that handles assignment
to all interface values. It allocates an empty interface even
if the real type is a non-empty interface. The fields are
then set for a non-empty interface, but the memory is recorded
as holding an empty interface. This means that the GC has
incorrect information.
This is extremely unlikely to fail, because the code in the GC
that handles empty interfaces looks like this:
obj = nil;
typ = eface->type;
if(typ != nil) {
if(!(typ->kind&KindDirectIface) || !(typ->kind&KindNoPointers))
obj = eface->data;
In the current runtime the condition is always true--if
KindDirectIface is set, then KindNoPointers is clear--and we
always want to set obj = eface->data. So the question is what
happens when we incorrectly store a non-empty interface value
in memory marked as an empty interface. In that case
eface->type will not be a *rtype as we expect, but will
instead be a pointer to an Itab. We are going to use this
pointer to look at a *rtype kind field. The *rtype struct
starts out like this:
type rtype struct {
size uintptr
hash uint32 // hash of type; avoids computation in hash tables
_ uint8 // unused/padding
align uint8 // alignment of variable with this type
fieldAlign uint8 // alignment of struct field with this type
kind uint8 // enumeration for C
An Itab always has at least two pointers, so on a
little-endian 64-bit system the kind field will be the high
byte of the second pointer. This will normally be zero, so
the test of typ->kind will succeed, which is what we want.
On a 32-bit system it might be possible to construct a failing
case by somehow getting the Itab for an interface with one
method to be immediately followed by a word that is all ones.
The effect would be that the test would sometimes fail and the
GC would not mark obj, leading to an invalid dangling
pointer. I have not tried to construct this test.
I noticed this in gccgo, where this error is much more likely
to cause trouble for a rather random reason: gccgo uses a
different layout of rtype, and in gccgo the kind field happens
to be the low byte of a pointer, not the high byte.
From-SVN: r216489
We want to create goroutines with a small stack, at least on
systems where split stacks are supported. We don't need to
create threads with a small stack.
From-SVN: r216353
PR go/60406
runtime: Check callers in can_recover if return address doesn't match.
Also use __builtin_extract_return_address and tighten up the
checks in FFI code.
Fixes PR 60406.
From-SVN: r216003
PR go/61877
refect: fix direct call of variadic method value
As reported in bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61877
gcc mainline has regressed in this. This CL adds the tests proposed
for the main Go repository:
https://codereview.appspot.com/151280043/https://codereview.appspot.com/152060043/
restores the code from the amd64/386 path that makes this work and
was lost when the Go 1.3 stdlib was merged and changes the FFI path
to call into the same helper code as the amd64/386 path.
I've only tested this on amd64 but I did test a version that was
patched to unconditionally take the FFI path.
From-SVN: r215859
This supports clang, which by default issues warnings about
unused command line arguments, a habit that interacts poorly
with configure scripts.
From-SVN: r215699
If the compiler inlines this function into kickoff, it may reuse
the TLS block address to load g. However, this is not necessarily
correct, as the call to g->entry in kickoff may cause the TLS
address to change. If the wrong value is loaded for g->status in
runtime_goexit, it may cause a runtime panic.
By marking the function as noinline we prevent the compiler from
reusing the TLS address.
From-SVN: r215484
The Go frontend passes closures through to functions using the
functions __go_set_closure and __go_get_closure. The
expectation is that there are no function calls between
set_closure and get_closure. However, it turns out that there
can be function calls if some of the function arguments
require type conversion to an interface type. Converting to
an interface type can allocate memory, and that can in turn
trigger a garbage collection, and that can in turn call pool
cleanup functions that may call __go_set_closure. So the
called function can see the wrong closure value, which is bad.
This patch fixes the problem in two different ways. First, we
move all type conversions in function arguments into temporary
variables so that they can not appear before the call to
__go_set_closure. (This required shifting the flatten phase
after the simplify_thunk phase, since the latter expects to
work with unconverted argument types.) Second, we fix the
memory allocation function to preserve the closure value
across any possible garbage collection.
A test case is the libgo database/sql check run with the
environment variable GOGC set to 1.
From-SVN: r213932
PR other/61895
runtime: Ignore small argv[0] file for backtrace.
Reportedly in some cases Docker starts processes with argv[0]
pointing to an empty file. That would cause libgo to pass
that empty file to libbacktrace, which would then fail to do
any backtraces. Everything should work fine if libbacktrace
falls back to /proc/self/exe.
This patch to libgo works around the problem by ignoring
argv[0] if it is a small file, or if stat fails. This is not
a perfect fix but it's an unusual problem.
From-SVN: r213513
This variable is unused apparently as a result of local changes.
gccgo accepts this variable declaration, but other frontends may not.
From-SVN: r212873
PR go/61620
runtime: Don't free tiny blocks in map deletion.
The memory allocator now has a special case for tiny blocks
(smaller than 16 bytes) and they can not be explicitly freed.
From-SVN: r212233
This introduces the "bench" build target, which can be used to run
all benchmarks.
It is also possible to run subsets of benchmarks with the
"package/check" build targets by setting GOBENCH to a matching regex.
From-SVN: r212212
PR go/52583
runtime: Stop backtrace at a few recognized functions.
On x86_64 Solaris the makecontext function does not properly
indicate that it is at the top of the stack. Attempting to
unwind the stack past a call to makecontext tends to crash.
This patch changes libgo to look for certain functions that
are always found at the top of the stack, and to stop
unwinding when it reaches one of those functions. There is
never anything interesting past these functions--that is,
there is never any code written by the user.
From-SVN: r211640
PR go/61498
runtime: Always set gcnext_sp to pointer-aligned address.
The gcnext_sp field is only used on systems that do not use
split stacks. It marks the bottom of the stack for the
garbage collector. This change makes sure that the stack
bottom is always aligned to a pointer value.
Previously the garbage collector would align all the addresses
that it scanned, but it now expects them to be aligned before
scanning.
From-SVN: r211639
This revision was committed January 7, 2014. The next
revision deleted runtime/mfinal.c. That will be done in a
subsequent merge.
This merge changes type descriptors to add a zero field,
pointing to a zero value for that type. This is implemented
as a common variable.
* go-gcc.cc (Gcc_backend::implicit_variable): Add is_common and
alignment parameters. Permit init parameter to be NULL.
From-SVN: r211249
This adds the --without-libatomic configure option, which is useful for building libgo
with a non-gcc compiler.
It disables libgo's dependency on libatomic. This
is useful for platforms where it is known that the libatomic runtime
functions are not required, or where the compiler automatically
provides an implementation of them.
From-SVN: r211065
LLVM's code generator does not currently support split stacks for vararg
functions, so we disable split stacks for the only function that uses this
feature under Clang. This appears to be OK as long as:
- this function only calls non-inlined, internal-linkage (hence no dynamic
loader) functions compiled with split stacks (i.e. go_vprintf), which can
allocate more stack space as required;
- this function itself does not occupy more than BACKOFF bytes of stack space
(see libgcc/config/i386/morestack.S).
These conditions are currently known to be satisfied by Clang on x86-32 and
x86-64. Note that signal handlers receive slightly less stack space than they
would normally do if they happen to be called while this function is being
run. If this turns out to be a problem we could consider increasing BACKOFF.
From-SVN: r211037
This includes the use of __complex and __builtin_ functions where
unprefixed entities would suffice, and the use of a union for
bit-casting between types.
From-SVN: r211036
PR go/60931
runtime: Fix garbage collector issue with non 4kB system page size
The go garbage collector tracks memory in terms of 4kB pages.
Most of the code checks getpagesize() at runtime and does the
right thing.
On a 64kB ppc64 box I see SEGVs in long running processes
which has been diagnosed as a bug in scavengelist.
scavengelist does a madvise(MADV_DONTNEED) without rounding
the arguments to the system page size. A strace of one of the
failures shows the problem:
madvise(0xc211030000, 4096, MADV_DONTNEED) = 0
The kernel rounds the length up to 64kB and we mark 60kB of
valid data as no longer needed.
Round start up to a system page and end down before calling
madvise.
From-SVN: r209777
A gccgo language extension allows a function to be declared multiple
times. Avoid the use of this extension by dedeplicating declarations
in mksyscall.awk.
From-SVN: r209508
Avoid the use of a gccgo language extension which allows unsafe.Sizeof
to accept a type by passing an expression of the relevant type.
From-SVN: r209503
This patch fixes a rare but serious bug. The Go garbage
collector only examines Go stacks. When Go code calls a
function that is not written in Go, it first calls
syscall.Entersyscall. Entersyscall records the position of
the Go stack pointer and saves a copy of all the registers.
If the garbage collector runs while the thread is executing
the non-Go code, the garbage collector fetches the stack
pointer and registers from the saved location.
Entersyscall saves the registers using the getcontext
function. Unfortunately I didn't consider the possibility
that Entersyscall might itself change a register before
calling getcontext. This only matters for callee-saved
registers, as caller-saved registers would be visible on the
saved stack. And it only matters if Entersyscall is compiled
to save and modify a callee-saved register before it calls
getcontext. And it only matters if a garbage collection
occurs while the non-Go code is executing. And it only
matters if the only copy of a valid Go pointer happens to be
in the callee-saved register when Entersyscall is called.
When all those conditions are true, the Go pointer might get
collected incorrectly, leading to memory corruption.
This patch tries to avoid the problem by splitting
Entersyscall into two functions. The first is a simple
function that just calls getcontext and then calls the rest of
Entersyscall. This should fix the problem, provided the
simple Entersyscall function does not itself modify any
callee-saved registers before calling getcontext. That seems
to be true on the systems I checked. But since the argument
to getcontext is an offset from a TLS variable, it won't be
true on a system which needs to save callee-saved registers in
order to get the address of a TLS variable. I don't know why
any system would work that way, but I don't know how to rule
it out. I think that on any such system this will have to be
implemented in assembler. I can't put the ucontext_t
structure on the stack, because this function can not split
stacks, and the ucontext_t structure is large enough that it
could cause a stack overflow.
From-SVN: r208390