diff options
| author | David Chase <drchase@google.com> | 2021-04-06 18:39:15 -0400 |
|---|---|---|
| committer | David Chase <drchase@google.com> | 2021-04-07 03:42:11 +0000 |
| commit | 8462169b5a6c37e024ca5d49a823d4ce95e90e23 (patch) | |
| tree | 275e063afd1e3045998e7a38edc1bdf72ddc51e0 /test/abi | |
| parent | 8d77e45064fc808460843e741c46e3b6b737ae03 (diff) | |
| download | go-git-8462169b5a6c37e024ca5d49a823d4ce95e90e23.tar.gz | |
cmd/compile: pre-spill pointers in aggregate-typed register args
There's a problem in liveness, where liveness of any
part of an aggregate keeps the whole aggregate alive,
but the not-live parts don't get spilled. The GC
can observe those live-but-not-spilled slots, which
can contain junk.
A better fix is to change liveness to work
pointer-by-pointer, but that is also a riskier,
trickier fix.
To avoid this, in the case of
(1) an aggregate input parameter
(2) containing pointers
(3) passed in registers
pre-spill the pointers.
Updates #40724.
Change-Id: I6beb8e0a353b1ae3c68c16072f56698061922c04
Reviewed-on: https://go-review.googlesource.com/c/go/+/307909
Trust: David Chase <drchase@google.com>
Run-TryBot: David Chase <drchase@google.com>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
Diffstat (limited to 'test/abi')
| -rw-r--r-- | test/abi/part_live.go | 48 | ||||
| -rw-r--r-- | test/abi/part_live_2.go | 53 |
2 files changed, 101 insertions, 0 deletions
diff --git a/test/abi/part_live.go b/test/abi/part_live.go new file mode 100644 index 0000000000..592b6b3a07 --- /dev/null +++ b/test/abi/part_live.go @@ -0,0 +1,48 @@ +// run + +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// A test for partial liveness / partial spilling / compiler-induced GC failure + +package main + +import "runtime" +import "unsafe" + +//go:registerparams +func F(s []int) { + for i, x := range s { + G(i, x) + } + GC() + G(len(s), cap(s)) + GC() +} + +//go:noinline +//go:registerparams +func G(int, int) {} + +//go:registerparams +func GC() { runtime.GC(); runtime.GC() } + +func main() { + s := make([]int, 3) + escape(s) + p := int(uintptr(unsafe.Pointer(&s[2])) + 42) // likely point to unallocated memory + poison([3]int{p, p, p}) + F(s) +} + +//go:noinline +//go:registerparams +func poison([3]int) {} + +//go:noinline +//go:registerparams +func escape(s []int) { + g = s +} +var g []int diff --git a/test/abi/part_live_2.go b/test/abi/part_live_2.go new file mode 100644 index 0000000000..f9d7b01bce --- /dev/null +++ b/test/abi/part_live_2.go @@ -0,0 +1,53 @@ +// run + +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// A test for partial liveness / partial spilling / compiler-induced GC failure + +package main + +import "runtime" +import "unsafe" + +//go:registerparams +func F(s []int) { + for i, x := range s { + G(i, x) + } + GC() + H(&s[0]) // It's possible that this will make the spill redundant, but there's a bug in spill slot allocation. + G(len(s), cap(s)) + GC() +} + +//go:noinline +//go:registerparams +func G(int, int) {} + +//go:noinline +//go:registerparams +func H(*int) {} + +//go:registerparams +func GC() { runtime.GC(); runtime.GC() } + +func main() { + s := make([]int, 3) + escape(s) + p := int(uintptr(unsafe.Pointer(&s[2])) + 42) // likely point to unallocated memory + poison([3]int{p, p, p}) + F(s) +} + +//go:noinline +//go:registerparams +func poison([3]int) {} + +//go:noinline +//go:registerparams +func escape(s []int) { + g = s +} +var g []int |