The inputs to a function are marked live at all times in the
liveness bitmaps, so that the garbage collector will not free
the things they point at and reuse the pointers, so that the
pointers shown in stack traces are guaranteed not to have
been recycled.
Unfortunately, no one told the register optimizer that the
inputs need to be preserved at all call sites. If a function
is done with a particular input value, the optimizer will stop
preserving it across calls. For single-word values this just
means that the value recorded might be stale. For multi-word
values like slices, the value recorded could be only partially stale:
it can happen that, say, the cap was updated but not the len,
or that the len was updated but not the base pointer.
Either of these possibilities (and others) would make the
garbage collector misinterpret memory, leading to memory
corruption.
This came up in a real program, in which the garbage collector's
'slice len ≤ slice cap' check caught the inconsistency.
Fixes #7944.
LGTM=iant
R=golang-codereviews, iant
CC=golang-codereviews, khr
https://golang.org/cl/
100370045
EXTERN Bits params;
EXTERN Bits consts;
EXTERN Bits addrs;
+EXTERN Bits ivar;
EXTERN Bits ovar;
EXTERN int change;
EXTERN int32 maxnr;
}
static void
-setoutvar(void)
+setvar(Bits *dst, Type **args)
{
Type *t;
Node *n;
Bits bit;
int z;
- t = structfirst(&save, getoutarg(curfn->type));
+ t = structfirst(&save, args);
while(t != T) {
n = nodarg(t, 1);
a = zprog.from;
naddr(n, &a, 0);
bit = mkvar(R, &a);
for(z=0; z<BITS; z++)
- ovar.b[z] |= bit.b[z];
+ dst->b[z] |= bit.b[z];
t = structnext(&save);
}
-//if(bany(&ovar))
-//print("ovar = %Q\n", ovar);
}
void
params.b[z] = 0;
consts.b[z] = 0;
addrs.b[z] = 0;
+ ivar.b[z] = 0;
ovar.b[z] = 0;
}
- // build list of return variables
- setoutvar();
+ // build lists of parameters and results
+ setvar(&ivar, getthis(curfn->type));
+ setvar(&ivar, getinarg(curfn->type));
+ setvar(&ovar, getoutarg(curfn->type));
/*
* pass 1
case ABL:
if(noreturn(r1->f.prog))
break;
+
+ // Mark all input variables (ivar) as used, because that's what the
+ // liveness bitmaps say. The liveness bitmaps say that so that a
+ // panic will not show stale values in the parameter dump.
for(z=0; z<BITS; z++) {
- cal.b[z] |= ref.b[z] | externs.b[z];
+ cal.b[z] |= ref.b[z] | externs.b[z] | ivar.b[z];
ref.b[z] = 0;
}
EXTERN Bits params;
EXTERN Bits consts;
EXTERN Bits addrs;
+EXTERN Bits ivar;
EXTERN Bits ovar;
EXTERN int change;
EXTERN int32 maxnr;
}
static void
-setoutvar(void)
+setvar(Bits *dst, Type **args)
{
Type *t;
Node *n;
Bits bit;
int z;
- t = structfirst(&save, getoutarg(curfn->type));
+ t = structfirst(&save, args);
while(t != T) {
n = nodarg(t, 1);
a = zprog.from;
naddr(n, &a, 0);
bit = mkvar(R, &a);
for(z=0; z<BITS; z++)
- ovar.b[z] |= bit.b[z];
+ dst->b[z] |= bit.b[z];
t = structnext(&save);
}
-//if(bany(&ovar))
-//print("ovars = %Q\n", ovar);
}
static void
params.b[z] = 0;
consts.b[z] = 0;
addrs.b[z] = 0;
+ ivar.b[z] = 0;
ovar.b[z] = 0;
}
- // build list of return variables
- setoutvar();
+ // build lists of parameters and results
+ setvar(&ivar, getthis(curfn->type));
+ setvar(&ivar, getinarg(curfn->type));
+ setvar(&ovar, getoutarg(curfn->type));
/*
* pass 1
case ACALL:
if(noreturn(r1->f.prog))
break;
+
+ // Mark all input variables (ivar) as used, because that's what the
+ // liveness bitmaps say. The liveness bitmaps say that so that a
+ // panic will not show stale values in the parameter dump.
for(z=0; z<BITS; z++) {
- cal.b[z] |= ref.b[z] | externs.b[z];
+ cal.b[z] |= ref.b[z] | externs.b[z] | ivar.b[z];
ref.b[z] = 0;
}
EXTERN Bits params;
EXTERN Bits consts;
EXTERN Bits addrs;
+EXTERN Bits ivar;
EXTERN Bits ovar;
EXTERN int change;
EXTERN int32 maxnr;
}
static void
-setoutvar(void)
+setvar(Bits *dst, Type **args)
{
Type *t;
Node *n;
Bits bit;
int z;
- t = structfirst(&save, getoutarg(curfn->type));
+ t = structfirst(&save, args);
while(t != T) {
n = nodarg(t, 1);
a = zprog.from;
naddr(n, &a, 0);
bit = mkvar(R, &a);
for(z=0; z<BITS; z++)
- ovar.b[z] |= bit.b[z];
+ dst->b[z] |= bit.b[z];
t = structnext(&save);
}
-//if(bany(ovar))
-//print("ovars = %Q\n", ovar);
}
static void
params.b[z] = 0;
consts.b[z] = 0;
addrs.b[z] = 0;
+ ivar.b[z] = 0;
ovar.b[z] = 0;
}
- // build list of return variables
- setoutvar();
+ // build lists of parameters and results
+ setvar(&ivar, getthis(curfn->type));
+ setvar(&ivar, getinarg(curfn->type));
+ setvar(&ovar, getoutarg(curfn->type));
/*
* pass 1
case ACALL:
if(noreturn(r1->f.prog))
break;
+
+ // Mark all input variables (ivar) as used, because that's what the
+ // liveness bitmaps say. The liveness bitmaps say that so that a
+ // panic will not show stale values in the parameter dump.
for(z=0; z<BITS; z++) {
- cal.b[z] |= ref.b[z] | externs.b[z];
+ cal.b[z] |= ref.b[z] | externs.b[z] | ivar.b[z];
ref.b[z] = 0;
}
--- /dev/null
+// run
+
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Issue 7944:
+// Liveness bitmaps said b was live at call to g,
+// but no one told the register optimizer.
+
+package main
+
+import "runtime"
+
+func f(b []byte) {
+ for len(b) > 0 {
+ n := len(b)
+ n = f1(n)
+ f2(b[n:])
+ b = b[n:]
+ }
+ g()
+}
+
+func f1(n int) int {
+ runtime.GC()
+ return n
+}
+
+func f2(b []byte) {
+ runtime.GC()
+}
+
+func g() {
+ runtime.GC()
+}
+
+func main() {
+ f(make([]byte, 100))
+}