A very small number of old browsers consider content as HTML
even when it is explicitly stated in the Content-Type header
that it is not. If content served is based on user-supplied
input, then an XSS is possible. Introduce three mitigations:
+ Don't reflect user input in error strings
+ Set a Content-Disposition header when requesting a resource
that should never be displayed in a browser window
+ Set X-Content-Type-Options: nosniff on all responses
Change-Id: I81c9d6736e0439ebd1db99cd7fb701cc56d24805
Reviewed-on: https://go-review.googlesource.com/102318
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
When snapshotting the execution time stats of a goroutine
we take into account the intermediate values kepts in the GDesc's
gdesc field. At the end of goroutine analysis, we go through all
goroutines and replace the GExecutionStat with the new snapshot.
Here the mistake was that we replaced the GExecutionStat with
the value that reflects the intermediate values, but did clear
the intermediate values. So, when the following finalizeActiveSpans
runs, it trieds to add the intermediate values again (double-counting)
when taking a snapshot.
Fix the issue by using the finalized GExecutionStat instead of
recomputing the snapshot. While we are here, refactor the finalization
logic so it can be used when processing GoEnd, GoStop events.
Change-Id: Ibdb342214c29b65d4ea37e52b1f8b83f1fb20143
Reviewed-on: https://go-review.googlesource.com/103157
Reviewed-by: Peter Weinberger <pjw@google.com>
The additions were machine-generated.
The change for x * 7 avoids a reg-reg move,
reducing the number of instructions from 3 to 2.
Change-Id: Ib002e39f29ca5e46cfdb8daaf87ddc7ba50a17e5
Reviewed-on: https://go-review.googlesource.com/102395
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
If the character after $ cannot be detected as a valid
variable declaration, do not gobble the $.
Fixes#24345
Change-Id: Iec47be1f2e4f8147b8ceb64c30778eae8045b58f
Reviewed-on: https://go-review.googlesource.com/103055
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This change reduces the time to run this test on my machine from
real 0m2.491s
user 0m3.020s
sys 0m0.331s
to
real 0m0.237s
user 0m0.180s
sys 0m0.173s
This will make it reasonable to add more constants to the test.
I am also hopeful that it might help a bit with intermittent
cmd/compile/internal/gc test timeouts on the build dashboard
on the slower builders.
The time savings are entirely in compilation time,
by avoiding generating one giant func main.
Instead, generate tables of tests to be run,
which are translated into static data,
and then loop over those tests.
While we're here, do some minor cleanup:
* Remove the _ssa suffix on function names,
as that was only needed during ssa bootstrapping.
* Clean up error handling during test generation.
* Make functions single-line, to reduce future diff sizes.
Diffing giant files is slow.
Change-Id: Ic5fccdb71679169bea756c7d33c07d05e4801860
Reviewed-on: https://go-review.googlesource.com/102956
Run-TryBot: Josh Bleecher Snyder <josharian@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: David Chase <drchase@google.com>
This change makes `-m -m` print a better explanation for the case
where a slice is marked as escaping and heap-allocated because it
has a non-constant len/cap.
Fixes#24578
Change-Id: I0ebafb77c758a99857d72b365817bdba7b446cc0
Reviewed-on: https://go-review.googlesource.com/102895
Reviewed-by: David Chase <drchase@google.com>
Reviewed-by: Ilya Tocar <ilya.tocar@intel.com>
When parsing an ECDSA certificate, improve the error message upon
failing to parse the curve as a named curve, rather than returning
the original ASN1 error.
Fixes#21502
Change-Id: I7ae7b3ea7a9dcbd78a9607f46f5883d3193b8367
Reviewed-on: https://go-review.googlesource.com/57050
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Don't compile the runtime packages with coverage when using the race
detector. The user can, perhaps accidentally, request coverage for the
runtime by using -coverpkg=all. If using the race detector, the
runtime package coverage will call into the race detector before it
has been initialized. This will cause the program to crash
mysteriously on startup.
Fixes#23882
Change-Id: I9a63867a9138797d8b8afb0856ae21079accdb27
Reviewed-on: https://go-review.googlesource.com/94898
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>
parsePrivateKey can't return useful error messages because it does trial
decoding of multiple formats. Try ParseCertificate first in case it
offers a useful error message.
Fixes#23591
Change-Id: I380490a5850bee593a7d2f584a27b2a14153d768
Reviewed-on: https://go-review.googlesource.com/90435
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
1. STPW stores the lower 32-bit words of a pair of registers to memory.
2. LDPW loads two 32-bit words from memory, zero extends them to 64-bit,
and then copies to a pair of registers.
3. LDPSW does the same as LDPW, except a sign extension.
This CL implements those 3 instructions and adds test cases.
Change-Id: Ied9834d8240240d23ce00e086b4ea456e1611f1a
Reviewed-on: https://go-review.googlesource.com/99956
Run-TryBot: Cherry Zhang <cherryyz@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Spans are represented using Async Event types of chrome trace viewer.
According to the doc, the 'id' should be unique within category, scope.
https://docs.google.com/document/d/1CvAClvFfyA5R-PhYUmn5OOQtYMH4h6I0nSsKchNAySU/preview#heading=h.jh64i9l3vwa1
Use the index in the task's span slice as the slice id, so it
can be unique within the task. The scope is the task id which
is unique.
This fixes a visualization bug that caused incorrect or missing
presentation of nested spans.
Change-Id: If1537ee00247f71fa967abfe45569a9e7dbcdce7
Reviewed-on: https://go-review.googlesource.com/102697
Reviewed-by: Heschi Kreinick <heschi@google.com>
No need to sign extend input to Neg8 and Neg16.
Change-Id: I7896c83c9cdf84a34098582351a4aabf61cd6fdd
Reviewed-on: https://go-review.googlesource.com/102675
Run-TryBot: Michael Munday <mike.munday@ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
In expandmeth, we call expand1/expand0 to build a list of all
candidate methods to promote, and then we use dotpath to prune down
which names actually resolve to a promoted method and how.
However, previously we still computed "followsptr" based on the
expand1/expand0 traversal (which is depth-first), rather than
dotpath (which is breadth-first). The result is that we could
sometimes end up miscomputing whether a particular promoted method
involves a pointer traversal, which could result in bad code
generation for method trampolines.
Fixes#24547.
Change-Id: I57dc014466d81c165b05d78b98610dc3765b7a90
Reviewed-on: https://go-review.googlesource.com/102618
Reviewed-by: Robert Griesemer <gri@golang.org>
Prevent queries from starting a goroutine if the context is
not able to be canceled.
Fixes#23879
Change-Id: I392047bd53d7f796219dd12ee11b07303658fdaf
Reviewed-on: https://go-review.googlesource.com/102478
Run-TryBot: Daniel Theophanes <kardianos@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Yasuhiro MATSUMOTO <mattn.jp@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Decode AT_PAGESZ to determine physPageSize on netbsd.
Also rename vdso_none.go to auxv_none.go which matches its purpose more
closely.
Akin to CL 99780 which did the same for freebsd.
Change-Id: Iea4322f861ff0f3515e9051585dbb442f024326b
Reviewed-on: https://go-review.googlesource.com/102677
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This change prevents import errors from being printed multiple times.
Creating a bare-bones package 'p' with only one file importing itself
and running 'go build p', the current implementation gives this error
message:
can't load package: import cycle not allowed
package p
imports p
import cycle not allowed
package p
imports p
With this change we will show the message only once.
Updates #23295
Change-Id: I653b34c1c06c279f3df514f12ec0b89745a7e64a
Reviewed-on: https://go-review.googlesource.com/86535
Reviewed-by: Harald Nordgren <haraldnordgren@gmail.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Use the __vdso_clock_gettime fast path via the vDSO on linux/arm64 to
speed up nanotime and walltime. This results in the following
performance improvement for time.Now on Cavium ThunderX:
name old time/op new time/op delta
TimeNow 442ns ± 0% 163ns ± 0% -63.16% (p=0.000 n=10+10)
And benchmarks on VDSO
BenchmarkClockVDSOAndFallbackPaths/vDSO 10000000 166 ns/op
BenchmarkClockVDSOAndFallbackPaths/Fallback 3000000 456 ns/op
Change-Id: I326118c6dff865eaa0569fc45d1fc1ff95cb74f6
Reviewed-on: https://go-review.googlesource.com/99855
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
No changes in the actual generated compiler code.
Change-Id: I206a7bf7b60f70a73640119fc92974f79ed95a6b
Reviewed-on: https://go-review.googlesource.com/102416
Run-TryBot: Alberto Donizetti <alb.donizetti@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
CL 102457 added TestDevNullFile. However, this
test is failing on Plan 9, because it checks
that /dev/null is a character device while there
are no special files on Plan 9.
We fix this issue by changing Stat to consider
all files served by the console device (#c)
as character devices.
Fixes#24534.
Change-Id: I1c60cdf25770358b908790b3fb71910fa914dec0
Reviewed-on: https://go-review.googlesource.com/102424
Run-TryBot: David du Colombier <0intro@gmail.com>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Rob Pike <r@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Fixes#24546
Change-Id: I99ebd5bc18e5c5e42eee4689644a7a8b02405f31
Reviewed-on: https://go-review.googlesource.com/102616
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
I grepped for "bytes.Buffer" and "buf.String" and mostly ignored test
files. I skipped a few on purpose and probably missed a few others,
but otherwise I think this should be most of them.
Updates #18990
Change-Id: I5a6ae4296b87b416d8da02d7bfaf981d8cc14774
Reviewed-on: https://go-review.googlesource.com/102479
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
The documentation was unclear here and I misremembered the behaviour and
changed it in 1.10: it used to be that matching any EKU was enough but
1.10 requires that all EKUs match.
Restore 1.9 behaviour and clarify the documentation to make it official.
Fixes#24162.
Change-Id: Ic9466cd0799cb27ec3a3a7e6c96f10c2aacc7020
Reviewed-on: https://go-review.googlesource.com/97720
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
The way Value.AuxInt represents unsigned numbers is currently
documented in genericOps.go, which is not the most obvious place for
it. Move that documentation to Value.AuxInt. Furthermore, to make it
harder to use incorrectly, introduce a Value.AuxUnsigned accessor that
returns the zero-extended value of Value.AuxInt.
Change-Id: I85030c3c68761404058a430e0b1c7464591b2f42
Reviewed-on: https://go-review.googlesource.com/102597
Run-TryBot: Austin Clements <austin@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Even though GOARCH=sparc64 is not supported by gc (yet), it is easy to
make cgo already support it.
This e.g. allows to generate Go type definitions for linux/sparc64 in
the golang.org/x/sys/unix package without using gccgo.
Change-Id: I8886c81e7c895a0d93e350d81ed653fb59d95dd8
Reviewed-on: https://go-review.googlesource.com/102555
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Gdb can be sensitive to contents of .gdbinit, and to run
this test properly needs to have runtime/runtime-gdb.py
on the auto load safe path. Therefore, turn off .gdbinit
loading and explicitly add $GOROOT/runtime to the safe
load path.
This should make ssa/debug_test.go run more consistently.
Updates #24464.
Change-Id: I63ed17c032cb3773048713ce51fca3a3f86e79b6
Reviewed-on: https://go-review.googlesource.com/102598
Run-TryBot: David Chase <drchase@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
We already replaced most loops with PutOpBytesLit where possible,
do this in a last few places.
Change-Id: I8c90de017810145a12394fa6b887755e9111b22a
Reviewed-on: https://go-review.googlesource.com/102276
Run-TryBot: Ilya Tocar <ilya.tocar@intel.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
A newish check for branch-likely on single-successor blocks
caught a case where the preemption-check inserter was
setting "likely" on an unconditional branch.
Fixed by checking for that case before setting likely.
Also removed an overconservative restriction on parallel
compilation for GOEXPERIMENT=preemptibleloops; it works
fine, it is just another control-flow transformation.
Change-Id: I8e786e6281e0631cac8d80cff67bfb6402b4d225
Reviewed-on: https://go-review.googlesource.com/102317
Run-TryBot: David Chase <drchase@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Austin Clements <austin@google.com>
We use 32-bit operations for 8- and 16-bit arithmetic, so use them
for comparisons too. This won't change performance but it is more
consistent and makes testing 8- and 16-bit comparison codegen
slightly more straightforward (for follow up CL).
Also fix a typo and add some additional double sign and zero
extension rules to remove the operations inserted by the comparison
rules.
Change-Id: I89ec1b0e09cb8be8090cf007be283ad88bba75a4
Reviewed-on: https://go-review.googlesource.com/102556
Run-TryBot: Michael Munday <mike.munday@ibm.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This was a typo mistake according to if cond and runtime/mheap.go:323
Change-Id: Id046d4afbfe0ea43cb29e1a9f400e1f130de221d
Reviewed-on: https://go-review.googlesource.com/102575
Reviewed-by: Austin Clements <austin@google.com>
This change makes errors in the example code a bit better, as it's no use to show the root dir when an error occurs walking a subdirectory or file.
Change-Id: I546276e9b151fabba5357258f03bfbd47a508201
GitHub-Last-Rev: 398c1eeb61
GitHub-Pull-Request: golang/go#24536
Reviewed-on: https://go-review.googlesource.com/102535
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Add a note that if an error is returned after having read
at least the minimum no. of bytes, the error is set to nil.
Fixes#20477
Change-Id: I75ba5ee967be3ff80249e40d459da4afeeb53463
Reviewed-on: https://go-review.googlesource.com/102459
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Move part of UserSpan event processing from cmd/trace.analyzeAnnotations
to internal/trace.GoroutineStats that returns analyzed per-goroutine
execution information. Now the execution information includes list of
spans and their execution information.
cmd/trace.analyzeAnnotations utilizes the span execution information
from internal/trace.GoroutineStats and connects them with task
information.
Change-Id: Ib7f79a3ba652a4ae55cd81ea17565bcc7e241c5c
Reviewed-on: https://go-review.googlesource.com/101917
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
Reviewed-by: Peter Weinberger <pjw@google.com>
- Summary: also includes links to pprof data.
- Sortable table: sorting is done on server-side. The intention is
that later, I want to add pagination feature and limit the page
size the browser has to handle.
- Stacked horizontal bar graph to present total time breakdown.
- Human-friendly time representation.
- No dependency on external fancy javascript libraries to allow
it to function without an internet connection.
Change-Id: I91e5c26746e59ad0329dfb61e096e11f768c7b73
Reviewed-on: https://go-review.googlesource.com/102156
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>