mirror of
https://github.com/golang/go
synced 2024-09-25 13:30:12 -06:00
The Go programming language
7b9c5ec24b
I came across this while debugging a GC problem in gccgo. There is code in assignTo and cvtT2I that handles assignment to all interface values. It allocates an empty interface even if the real type is a non-empty interface. The fields are then set for a non-empty interface, but the memory is recorded as holding an empty interface. This means that the GC has incorrect information. This is extremely unlikely to fail, because the code in the GC that handles empty interfaces looks like this: obj = nil; typ = eface->type; if(typ != nil) { if(!(typ->kind&KindDirectIface) || !(typ->kind&KindNoPointers)) obj = eface->data; In the current runtime the condition is always true--if KindDirectIface is set, then KindNoPointers is clear--and we always want to set obj = eface->data. So the question is what happens when we incorrectly store a non-empty interface value in memory marked as an empty interface. In that case eface->type will not be a *rtype as we expect, but will instead be a pointer to an Itab. We are going to use this pointer to look at a *rtype kind field. The *rtype struct starts out like this: type rtype struct { size uintptr hash uint32 // hash of type; avoids computation in hash tables _ uint8 // unused/padding align uint8 // alignment of variable with this type fieldAlign uint8 // alignment of struct field with this type kind uint8 // enumeration for C An Itab always has at least two pointers, so on a little-endian 64-bit system the kind field will be the high byte of the second pointer. This will normally be zero, so the test of typ->kind will succeed, which is what we want. On a 32-bit system it might be possible to construct a failing case by somehow getting the Itab for an interface with one method to be immediately followed by a word that is all ones. The effect would be that the test would sometimes fail and the GC would not mark obj, leading to an invalid dangling pointer. I have not tried to construct this test. I noticed this in gccgo, where this error is much more likely to cause trouble for a rather random reason: gccgo uses a different layout of rtype, and in gccgo the kind field happens to be the low byte of a pointer, not the high byte. LGTM=rsc R=rsc CC=golang-codereviews https://golang.org/cl/155450044 |
||
---|---|---|
api | ||
doc | ||
include | ||
lib | ||
misc | ||
src | ||
test | ||
.hgignore | ||
.hgtags | ||
AUTHORS | ||
CONTRIBUTORS | ||
favicon.ico | ||
LICENSE | ||
PATENTS | ||
README | ||
robots.txt |
This is the source code repository for the Go programming language. For documentation about how to install and use Go, visit http://golang.org/ or load doc/install-source.html in your web browser. After installing Go, you can view a nicely formatted doc/install-source.html by running godoc --http=:6060 and then visiting http://localhost:6060/doc/install/source. Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file. -- Binary Distribution Notes If you have just untarred a binary Go distribution, you need to set the environment variable $GOROOT to the full path of the go directory (the one containing this README). You can omit the variable if you unpack it into /usr/local/go, or if you rebuild from sources by running all.bash (see doc/install.html). You should also add the Go binary directory $GOROOT/bin to your shell's path. For example, if you extracted the tar file into $HOME/go, you might put the following in your .profile: export GOROOT=$HOME/go export PATH=$PATH:$GOROOT/bin See doc/install.html for more details.