Adam Langley [Sat, 27 Jun 2015 21:50:39 +0000 (14:50 -0700)]
crypto/rsa: check for primes ≤ 1 in Validate
Change 7c7126cfeb82894229b9c3d5109e4b04e6cfde0c removed the primality
checking in Validate to save CPU time. That check happened to be
filtering out private keys with primes that were zero or one. Without
that filtering, such primes cause a panic when trying to use such a
private key.
This change specifically checks for and rejects primes ≤ 1 in Validate.
Russ Cox [Mon, 29 Jun 2015 02:26:35 +0000 (22:26 -0400)]
cmd/link: record missing pcdata tables correctly
The old code was recording the current table output offset,
so the table from the next function would be used instead of
the runtime realizing that there was no table at all.
Add debug constant in runtime to check this for every function
at startup. It's too expensive to do that by default, but we can
do the last five functions. The end of the table is usually where
the C symbols end up, so that's where the problems typically are.
Austin Clements [Fri, 26 Jun 2015 17:56:58 +0000 (13:56 -0400)]
runtime: reset mark state before checkmark and gctrace=2 mark
Currently we fail to reset the live heap accounting state before the
checkmark mark and before the gctrace=2 extra mark. As a result, if
either are enabled, at the end of GC it thinks there are 0 bytes of
live heap, which causes the GC controller to initiate a new GC
immediately, regardless of the true heap size.
Fix this by factoring this state reset into a function and calling it
before all three possible marks.
This function should be merged with gcResetGState, but doing so
requires some additional cleanup, so it will wait for after the
freeze. Filed #11427 for this cleanup.
Austin Clements [Mon, 22 Jun 2015 14:24:50 +0000 (10:24 -0400)]
runtime: don't free stack spans during GC
Memory for stacks is manually managed by the runtime and, currently
(with one exception) we free stack spans immediately when the last
stack on a span is freed. However, the garbage collector assumes that
spans can never transition from non-free to free during scan or mark.
This disagreement makes it possible for the garbage collector to mark
uninitialized objects and is blocking us from re-enabling the bad
pointer test in the garbage collector (issue #9880).
For example, the following sequence will result in marking an
uninitialized object:
1. scanobject loads a pointer slot out of the object it's scanning.
This happens to be one of the special pointers from the heap into a
stack. Call the pointer p and suppose it points into X's stack.
2. X, running on another thread, grows its stack and frees its old
stack.
3. The old stack happens to be large or was the last stack in its
span, so X frees this span, setting it to state _MSpanFree.
4. The span gets reused as a heap span.
5. scanobject calls heapBitsForObject, which loads the span containing
p, which is now in state _MSpanInUse, but doesn't necessarily have
an object at p. The not-object at p gets marked, and at this point
all sorts of things can go wrong.
We already have a partial solution to this. When shrinking a stack, we
put the old stack on a queue to be freed at the end of garbage
collection. This was done to address exactly this problem, but wasn't
a complete solution.
This commit generalizes this solution to both shrinking and growing
stacks. For stacks that fit in the stack pool, we simply don't free
the span, even if its reference count reaches zero. It's fine to reuse
the span for other stacks, and this enables that. At the end of GC, we
sweep for cached stack spans with a zero reference count and free
them. For larger stacks, we simply queue the stack span to be freed at
the end of GC. Ideally, we would reuse these large stack spans the way
we can small stack spans, but that's a more invasive change that will
have to wait until after the freeze.
Austin Clements [Thu, 25 Jun 2015 16:24:44 +0000 (12:24 -0400)]
runtime: remove unused _GCsweep state
We don't use this state. _GCoff means we're sweeping in the
background. This makes it clear in the next commit that _GCoff and
only _GCoff means sweeping.
Russ Cox [Mon, 29 Jun 2015 03:04:05 +0000 (23:04 -0400)]
cmd/cgo: fix a problem with 'go build -compiler gccgo'
Port of https://golang.org/cl/154360045 to Git.
Original author is Xia Bin <snyh@snyh.org> (already a contributor).
Fixes #8945.
Change-Id: I28bcaf3348794202ca59fbc3466bd7b9670030e4
Reviewed-on: https://go-review.googlesource.com/11658 Reviewed-by: Ian Lance Taylor <iant@golang.org>
Austin Clements [Wed, 24 Jun 2015 21:13:24 +0000 (17:13 -0400)]
runtime: always clear stack barriers on G exit
Currently the runtime fails to clear a G's stack barriers in gfput if
the G's stack allocation is _FixedStack bytes. This causes the runtime
to panic if the following sequence of events happens:
1) The runtime installs stack barriers on a G.
2) The G exits by calling runtime.Goexit. Since this does not
necessarily return through the stack barriers installed on the G,
there may still be untriggered stack barriers left on the G's stack
in recorded in g.stkbar.
3) The runtime calls gfput to add the exiting G to the free pool. If
the G's stack allocation is _FixedStack bytes, we fail to clear
g.stkbar.
4) A new G starts and allocates the G that was just added to the free
pool.
5) The new G begins to execute and overwrites the stack slots that had
stack barriers in them.
6) The garbage collector enters mark termination, attempts to remove
stack barriers from the new G, and finds that they've been
overwritten.
Fix this by clearing the stack barriers in gfput in the case where it
reuses the stack.
Rob Pike [Sat, 27 Jun 2015 01:07:30 +0000 (11:07 +1000)]
fmt: restore padding for %x on byte slices and strings
Also improve the documentation. A prior fix in this release
changed the properties for empty strings and slices, incorrectly.
Previous behavior is now restored and better documented.
Add lots of tests.
The behavior is that when using a string-like format (%s %q %x %X)
a byte slice is equivalent to a string, and printed as a unit. The padding
applies to the entire object. (The space and sharp flags apply
elementwise.)
Brad Fitzpatrick [Sat, 27 Jun 2015 03:51:13 +0000 (20:51 -0700)]
net/http: fix now-flaky TransportAndServerSharedBodyRace test
TestTransportAndServerSharedBodyRace got flaky after
issue #9662 was fixed by https://golang.org/cl/11412, which made
servers hang up on clients when a Handler stopped reading its body
early.
This test was affected by a race between the the two goroutines in the
test both only reading part of the request, which was an unnecessary
detail for what the test was trying to test (concurrent Read/Close
races on an *http.body)
Also remove an unused remnant from an old test from which this one was
derived. And make the test not deadlock when it fails. (which was why
the test was showing up as 2m timeouts on the dashboard)
Keith Randall [Sat, 27 Jun 2015 19:57:06 +0000 (12:57 -0700)]
cmd/link/internal/ld: exclude only real container symbols from symtab
It looks like the test for whether symbols contain subsymbols is wrong.
In particular, symbols in C libraries are mistakenly considered container
symbols.
Fix the test so only symbols which actually have a subsymbol
are excluded from the symtab. When linking cgo programs the list
of containers is small, something like:
Adam Langley [Sun, 14 Jun 2015 17:48:13 +0000 (10:48 -0700)]
encoding/asn1: be stricter by reserialising parsed times.
The time package does normalisation of times: for example day zero is
converted to the last day of the previous month and the 31st of February
is moved into March etc. This makes the ASN.1 parsing a little
worryingly lax.
This change causes the parser to reserialise parsed times to ensure that
they round-trip correctly and thus were not normalised.
Alex Brainman [Fri, 22 May 2015 00:58:57 +0000 (10:58 +1000)]
runtime: store syscall parameters in m not on stack
Stack can move during callback, so libcall struct cannot be stored on stack.
asmstdcall updates return values and errno in libcall struct parameter, but
these could be at different location when callback returns.
Store these in m, so they are not affected by GC.
Todd Neal [Thu, 18 Jun 2015 12:26:39 +0000 (07:26 -0500)]
net/http: fix race on postPendingDial test hook
The race occurs rarely, but by putting some delays and more reads/writes
of prePendingDial/postPendingDial in the handlePendingDial function I
could reproduce it.
Didier Spezia [Mon, 8 Jun 2015 20:04:14 +0000 (20:04 +0000)]
html/template: prevent panic while escaping pipelines
AFAIK, the documentation does not explicitly state whether
variables can store a callable entity or not. I believe the
current implementation in text/template assumes they cannot
though. The call builtin function is supposed to be used for
this purpose.
Template "{{0|$}}" should generate an error at runtime,
instead of a panic.
Similarly, template "{{0|(nil)}}" should not generate
a panic.
This CL aborts the sanitization process for a given pipeline
when no identifier can be derived from the selected node.
It happens with malformed pipelines.
We now have the following errors:
{{ 0 | $ }}
template: foo:1:10: executing "foo" at <$>: can't give argument to non-function $
{{ 0 | (nil) }}
template: foo:1:11: executing "foo" at <nil>: nil is not a command
Fixes #11118
Fixes #11356
Change-Id: Idae52f806849f4c9ab7aca1b4bb4b59a74723d0e
Reviewed-on: https://go-review.googlesource.com/10823 Reviewed-by: Rob Pike <r@golang.org>
c9s [Fri, 29 May 2015 17:12:35 +0000 (01:12 +0800)]
cmd/go: handle error when git remote origin doesn't exist
- Let runOutput return the error message
- When `git config ...` returns empty buffer, it means the config key is
correct, but there is no corresponding value.
- Return the correct error when the url of remote origin is not found.
- Update error message
Mikio Hara [Tue, 23 Jun 2015 12:40:33 +0000 (21:40 +0900)]
net: relax IP interface address determination on linux
Linux allows to have a peer IP address on IP interface over ethernet
link encapsulation, though it only installs a static route with the peer
address as an on-link nexthop.
Austin Clements [Fri, 26 Jun 2015 21:24:12 +0000 (17:24 -0400)]
runtime: repeat bitmap for slice of GCprog n-1 times, not n times
Currently, to write out the bitmap of a slice of a type with a GCprog,
we construct a new GCprog that executes the underlying type's GCprog
to write out the bitmap once and then repeats those bits n more times.
This results in n+1 repetitions of the bitmap, which is one more
repetition than it should be. This corrupts the bitmap of the heap
following the slice and may write past the mapped bitmap memory and
segfault.
Fix this by repeating the bitmap only n-1 more times.
Dmitry Vyukov [Sun, 8 Feb 2015 15:11:35 +0000 (18:11 +0300)]
sync: simplify WaitGroup
A comment in waitgroup.go describes the following scenario
as the reason to have dynamically created semaphores:
// G1: Add(1)
// G1: go G2()
// G1: Wait() // Context switch after Unlock() and before Semacquire().
// G2: Done() // Release semaphore: sema == 1, waiters == 0. G1 doesn't run yet.
// G3: Wait() // Finds counter == 0, waiters == 0, doesn't block.
// G3: Add(1) // Makes counter == 1, waiters == 0.
// G3: go G4()
// G3: Wait() // G1 still hasn't run, G3 finds sema == 1, unblocked! Bug.
However, the scenario is incorrect:
G3: Add(1) happens concurrently with G1: Wait(),
and so there is no reasonable behavior of the program
(G1: Wait() may or may not wait for G3: Add(1) which
can't be the intended behavior).
With this conclusion we can:
1. Remove dynamic allocation of semaphores.
2. Remove the mutex entirely and instead pack counter and waiters
into single uint64.
This makes the logic significantly simpler, both Add and Wait
do only a single atomic RMW to update the state.
Matt T. Proud [Sat, 20 Jun 2015 04:29:18 +0000 (06:29 +0200)]
testing/quick: improve function signature error.
This commit fixes a cosmetic defect whereby quick.Check reports that
the provided function returns too many values when it may, in fact,
return too few:
func f() {}
func TestFoo(t *testing.T) {
if err := quick.Check(f, nil); err != nil {
t.Fatal(err)
}
}
// yields
// $ go test -v foo_test.go
// === RUN TestFoo
// --- FAIL: TestFoo (0.00s)
// foo_test.go:76: function returns more than one value.
Marcel van Lohuizen [Sun, 21 Jun 2015 18:21:04 +0000 (20:21 +0200)]
unicode: upgrade to 8.0.0
Not sure if I'm on time for 1.5; Unicode 8 just got released.
Straighforward upgrade. Only changed maketables.go to prevent it from adding
the Cherokee upper and lower case mappings. This change causes the caseOrbit
table to NOT change. Added tests to verify that the relevant functions still
produce the correct result, even for Cherokee.
Russ Cox [Thu, 25 Jun 2015 23:27:20 +0000 (19:27 -0400)]
runtime: reduce slice growth during append to 2x
The new inlined code for append assumed that it could pass the
desired new cap to growslice, not the number of new elements.
But growslice still interpreted the argument as the number of new elements,
making it always grow by >2x (more precisely, 2x+1 rounded up
to the next malloc block size). At the time, I had intended to change
the other callers to use the new cap as well, but it's too late for that.
Instead, introduce growslice_n for the old callers and keep growslice
for the inlined (common case) caller.
Matt Layher [Sat, 13 Jun 2015 15:25:17 +0000 (11:25 -0400)]
net/http: add comment to exported ErrNoCookie and ErrNoLocation values
All other exported errors in net/http are commented. This change adds
documentation to ErrNoCookie and ErrNoLocation to explain where they are
returned, and why.
Austin Clements [Wed, 24 Jun 2015 15:43:40 +0000 (11:43 -0400)]
reflect: test repeats with large scalar tails
This adds a GC bitmap test of a type with many pointer bits and a
large scalar tail, such as the one in issue #11286. This test would
have failed prior to the fix in a8ae93f. This test is a more direct
version of the test introduced in that commit (which was distilled
from the failing test in the issue).
Austin Clements [Wed, 24 Jun 2015 15:25:28 +0000 (11:25 -0400)]
reflect: test GC bits for slices
Currently we test bitmap repetitions constructed by the compiler (for
small arrays) and repetitions performed by GC programs (large arrays
and reflect-constructed arrays), but we don't test dynamic repetitions
performed by the runtime for slice backing stores. Add tests that
parallel the array tests using slices.
Todd Neal [Wed, 17 Jun 2015 14:31:08 +0000 (09:31 -0500)]
net/http: Fix test that occasionally fails
The consecutive calls to Head would sometimes get different
connections depending on if the readLoop had finished executing
and placed its connection on the idle list or not. This change
ensures that readLoop completes before we make our second connection.
Ian Lance Taylor [Thu, 18 Jun 2015 01:28:50 +0000 (18:28 -0700)]
debug/elf: change R_ARM_REL32 to R_ARM_ABS32 in applyRelocationsARM
The original version of applyRelocationsARM was added in
http://golang.org/cl/7266. It was added to fix the ARM build, which
had been broken by http://golang.org/cl/6780.
Before CL 6780, there was no relocation processing for ARM. CL 6780
changed the code to require relocation processing for every supported
target. CL 7266 fixed the ARM build by adding a relocation processing
function, but in fact no actual processing was done. The code only
looked for REL32 relocations, but ARM debug info has no such
relocations. The test case added in CL 7266 doesn't have any either.
This didn't matter because no relocation processing was required on
ARM, at least not for GCC-generated debug info. GCC generates ABS32
relocations, but only against section symbols which have the value 0.
Therefore, the addition done by correct handling of ABS32 doesn't
change anything.
Clang, however, generates ABS32 relocations against local symbols,
some of which have non-zero values. For those, we need to handle
ABS32 relocations.
This patch corrects the CL 7266 to look for ABS32 relocations instead
of REL32 relocations. The code was already written to correctly
handle ABS32 relocations, it just mistakenly said REL32.
This is the ARM equivalent of https://golang.org/cl/96680045, which
fixed the same problem in the same way for clang on 386.
With this patch, clang-3.5 can be used to build Go on ARM GNU/Linux.
Fixes #8980.
Change-Id: I0c2d72eadfe6373bde99cd03eee40de6a582dda1
Reviewed-on: https://go-review.googlesource.com/11222 Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Adam Langley [Sun, 14 Jun 2015 23:41:31 +0000 (16:41 -0700)]
crypto/x509: don't panic when decrypting invalid PEM data.
If an encrypted PEM block contained ciphertext that was not a multiple
of the block size then the code would panic. This change tests for that
case and returns an error.
Todd Neal [Tue, 23 Jun 2015 23:59:52 +0000 (18:59 -0500)]
cmd/compile: fix half multiply issue
In walkdiv, an OMUL node was created and passed to typecheck,
before the op was changed back to OHMUL. In some instances,
the node that came back was an evaluated literal constant that
occurred with a full multiply. The end result was a literal node
with a non-shifted value and an OHMUL op. This change causes code
to be generated for the OHMUL.
Dmitry Vyukov [Wed, 24 Jun 2015 17:25:51 +0000 (19:25 +0200)]
cmd/compile: add instrumentation of OKEY
Instrument operands of OKEY.
Also instrument OSLICESTR. Previously it was not needed
because of preceeding bounds checks (which were instrumented).
But the preceeding bounds checks have disappeared.
Vincent Batts [Wed, 4 Mar 2015 17:29:16 +0000 (12:29 -0500)]
archive/tar: fix round-trip attributes
The issue was identified while
working with round trip FileInfo of the headers of hardlinks. Also,
additional test cases for hard link handling.
(review carried over from http://golang.org/cl/165860043)
Brad Fitzpatrick [Wed, 24 Jun 2015 09:53:24 +0000 (11:53 +0200)]
net/http: bound the number of bytes read seeking EOF in Handler's Body.Close
If a client sent a POST with a huge request body, calling
req.Body.Close in the handler (which is implicit at the end of a
request) would end up consuming it all.
Put a cap on that, using the same threshold used elsewhere for similar
cases.
Fixes #9662
Change-Id: I26628413aa5f623a96ef7c2609a8d03c746669e5
Reviewed-on: https://go-review.googlesource.com/11412 Reviewed-by: Andrew Gerrand <adg@golang.org>
Todd Neal [Wed, 24 Jun 2015 12:48:35 +0000 (07:48 -0500)]
fmt: handle negative width/prec when supplied as an argument
Negative width arguments now left align the way a minus-width in the
format string aligns. The minus in the format string overrides the sign
of the argument as in C.
Precision behavior is modified to include an error if the argument is
negative. This differs from a negative precision in a format string
which just terminates the format.
Additional checks for large magnitude widths and precisions are added to
make the runtime behavior (failure, but with different error messages),
more consistent between format string specified width/precision and
argument specified width/precision.
Fixes #11376
Change-Id: I8c7ed21088e9c18128a45d4c487c5ab9fafd13ef
Reviewed-on: https://go-review.googlesource.com/11405 Reviewed-by: Rob Pike <r@golang.org>
Run-TryBot: Rob Pike <r@golang.org>
Matthew Dempsky [Tue, 23 Jun 2015 18:36:57 +0000 (11:36 -0700)]
net/http: sync Get and Head's documentation
Instead of ambiguously referring to "the Client's CheckRedirect
function" in Head, describe the default behavior like for Get as users
aren't expected to change DefaultClient.CheckRedirect.
While here, use consistent punctuation for the Get and Head Client
method documentation.
Brad Fitzpatrick [Wed, 24 Jun 2015 11:57:33 +0000 (13:57 +0200)]
net/http: don't always require certFile, keyFile in Server.ListenAndServerTLS
The ListenAndServerTLS function still requires the certFile and
keyFile, but the Server.ListenAndServerTLS method doesn't need to
require the certFile and keyFile if the Server.TLSConfig.Certificates
are already populated.
Fixes #8599
Change-Id: Id2e3433732f93e2619bfd78891f775d89f1d651e
Reviewed-on: https://go-review.googlesource.com/11413 Reviewed-by: Andrew Gerrand <adg@golang.org>
Didier Spezia [Sat, 20 Jun 2015 11:25:59 +0000 (11:25 +0000)]
go/format: fix //line corner case when formatting statements
The code formatting mechanism can be applied to partial Go code,
such as a list of statements. The statements are wrapped into a
function definition (to be parsed fine), and unwrapped after formatting.
When the statements contain //line annotations, it may fail,
because not all comments are flushed by the printer before the final '}'.
Formatting "\ta()\n//line :1" results in "\ta() }\n\n//line", which
is wrong.
Tweaked the wrapping/unwrapping code to make sure comments are flushed
before the '}'.
Fixes #11276
Change-Id: Id15c80279b0382ee9ed939cca1647f525c4929f5
Reviewed-on: https://go-review.googlesource.com/11282
Run-TryBot: Robert Griesemer <gri@golang.org> Reviewed-by: Robert Griesemer <gri@golang.org>
Dmitry Vyukov [Thu, 7 May 2015 09:33:45 +0000 (12:33 +0300)]
runtime/race: make test more robust
The test is flaky on builders lately. I don't see any issues other than
usage of very small sleeps. So increase the sleeps. Also take opportunity
to refactor the code.
On my machine this change significantly reduces failure rate with GOMAXPROCS=2.
I can't reproduce the failure with GOMAXPROCS=1.
Russ Cox [Wed, 24 Jun 2015 12:39:44 +0000 (08:39 -0400)]
net: make LookupIP("1.2.3.4") behavior consistent
To date, the behavior has depended on whether we're using cgo and
in turn what the host resolver does. Most host resolvers will "resolve"
IP addresses, but the non-cgo pure Go path has not.
This CL makes resolution of IP addresses always work, even if we're not using cgo
and even if the host resolver does not "resolve" IP addresses.
Austin Clements [Tue, 23 Jun 2015 15:35:21 +0000 (11:35 -0400)]
runtime: fix heap bitmap repeating with large scalar tails
When heapBitsSetType repeats a source bitmap with a scalar tail
(typ.ptrdata < typ.size), it lays out the tail upon reaching the end
of the source bitmap by simply increasing the number of bits claimed
to be in the incoming bit buffer. This causes later iterations to read
the appropriate number of zeros out of the bit buffer before starting
on the next repeat of the source bitmap.
Currently, however, later iterations of the loop continue to read bits
from the source bitmap *regardless of the number of bits currently in
the bit buffer*. The bit buffer can only hold 32 or 64 bits, so if the
scalar tail is large and the padding bits exceed the size of the bit
buffer, the read from the source bitmap on the next iteration will
shift the incoming bits into oblivion when it attempts to put them in
the bit buffer. When the buffer does eventually shift down to where
these bits were supposed to be, it will contain zeros. As a result,
words that should be marked as pointers on later repetitions are
marked as scalars, so the garbage collector does not trace them. If
this is the only reference to an object, it will be incorrectly freed.
Fix this by adding logic to drain the bit buffer down if it is large
instead of reading more bits from the source bitmap.
Austin Clements [Tue, 23 Jun 2015 18:04:09 +0000 (14:04 -0400)]
runtime: document memory ordering for h_spans
h_spans can be accessed concurrently without synchronization from
other threads, which means it needs the appropriate memory barriers on
weakly ordered machines. It happens to already have the necessary
memory barriers because all accesses to h_spans are currently
protected by the heap lock and the unlocks happen in exactly the
places where release barriers are needed, but it's easy to imagine
that this could change in the future. Document the fact that we're
depending on the barrier implied by the unlock.
Rob Pike [Mon, 22 Jun 2015 22:40:40 +0000 (08:40 +1000)]
cmd/asm: fix shifts again, this time for sure
There are two conditions to worry about:
1) The shift count cannot be negative. Since the evaluator uses unsigned
arithmetic throughout, this means checking that the high bit of
the shift count is always off, which is done by converting to int64
and seeing if the result is negative.
2) For right shifts, the value cannot be negative. We don't want a
high bit in the value because right shifting a value depends on the
sign, and for clarity we always want unsigned shifts.
Next step is to build some testing infrastructure for the parser.
Rob Pike [Mon, 22 Jun 2015 20:23:04 +0000 (06:23 +1000)]
cmd/asm: fix handling of negative shifts.
The change that "fixed" LSH was incorrect, and the fix for RSH was poor.
Make both use a correct, simple test: if the 64-bit value as a signed
integer is negative, it's an error.
Really fixes #11278.
Change-Id: I72cca03d7ad0d64fd649fa33a9ead2f31bd2977b
Reviewed-on: https://go-review.googlesource.com/11325 Reviewed-by: Andrew Gerrand <adg@golang.org>