7b28fa2c6b
Backport https://codereview.appspot.com/155450044 from the master Go library. Original description: I came across this while debugging a GC problem in gccgo. There is code in assignTo and cvtT2I that handles assignment to all interface values. It allocates an empty interface even if the real type is a non-empty interface. The fields are then set for a non-empty interface, but the memory is recorded as holding an empty interface. This means that the GC has incorrect information. This is extremely unlikely to fail, because the code in the GC that handles empty interfaces looks like this: obj = nil; typ = eface->type; if(typ != nil) { if(!(typ->kind&KindDirectIface) || !(typ->kind&KindNoPointers)) obj = eface->data; In the current runtime the condition is always true--if KindDirectIface is set, then KindNoPointers is clear--and we always want to set obj = eface->data. So the question is what happens when we incorrectly store a non-empty interface value in memory marked as an empty interface. In that case eface->type will not be a *rtype as we expect, but will instead be a pointer to an Itab. We are going to use this pointer to look at a *rtype kind field. The *rtype struct starts out like this: type rtype struct { size uintptr hash uint32 // hash of type; avoids computation in hash tables _ uint8 // unused/padding align uint8 // alignment of variable with this type fieldAlign uint8 // alignment of struct field with this type kind uint8 // enumeration for C An Itab always has at least two pointers, so on a little-endian 64-bit system the kind field will be the high byte of the second pointer. This will normally be zero, so the test of typ->kind will succeed, which is what we want. On a 32-bit system it might be possible to construct a failing case by somehow getting the Itab for an interface with one method to be immediately followed by a word that is all ones. The effect would be that the test would sometimes fail and the GC would not mark obj, leading to an invalid dangling pointer. I have not tried to construct this test. I noticed this in gccgo, where this error is much more likely to cause trouble for a rather random reason: gccgo uses a different layout of rtype, and in gccgo the kind field happens to be the low byte of a pointer, not the high byte. From-SVN: r216489 |
||
|---|---|---|
| .. | ||
| config | ||
| go | ||
| runtime | ||
| testsuite | ||
| LICENSE | ||
| MERGE | ||
| Makefile.am | ||
| Makefile.in | ||
| PATENTS | ||
| README | ||
| README.gcc | ||
| aclocal.m4 | ||
| config.h.in | ||
| configure | ||
| configure.ac | ||
| godeps.sh | ||
| merge.sh | ||
| mksysinfo.sh | ||
README
See ../README. This is the runtime support library for the Go programming language. This library is intended for use with the Go frontend. The library has only been tested on GNU/Linux using glibc. It should not be difficult to port to other operating systems. The library has only been tested on x86/x86_64 systems. It should not be difficult to port to other architectures. Directories: go A copy of the Go library from http://golang.org/, with a few changes for gccgo. Notably, the reflection interface is different. runtime Runtime functions, written in C, which are called directly by the compiler or by the library. syscalls System call support. Contributing ============ To contribute patches to the files in this directory, please see http://golang.org/doc/gccgo_contribute.html . The master copy of these files is hosted at http://code.google.com/p/gofrontend . Changes to these files require signing a Google contributor license agreement. If you are the copyright holder, you will need to agree to the individual contributor license agreement at http://code.google.com/legal/individual-cla-v1.0.html. This agreement can be completed online. If your organization is the copyright holder, the organization will need to agree to the corporate contributor license agreement at http://code.google.com/legal/corporate-cla-v1.0.html. If the copyright holder for your code has already completed the agreement in connection with another Google open source project, it does not need to be completed again.