diff options
| author | Cherry Zhang <cherryyz@google.com> | 2019-01-31 20:29:21 -0500 |
|---|---|---|
| committer | Cherry Zhang <cherryyz@google.com> | 2019-02-01 19:23:02 +0000 |
| commit | 7e987b7b332fb21b56418351ce942d892f07481b (patch) | |
| tree | 972f6d4a9110f2c30f068430a7648ea6117e0791 | |
| parent | 03a9f5a192149dc6f443eb0e1cee48cb4dd7e26f (diff) | |
| download | go-7e987b7b332fb21b56418351ce942d892f07481b.tar.gz go-7e987b7b332fb21b56418351ce942d892f07481b.zip | |
reflect: eliminate write barrier for copying result in callReflect
We are copying the results to uninitialized stack space. Write
barrier is not needed.
Fixes #30041.
Change-Id: Ia91d74dbafd96dc2bd92de0cb479808991dda03e
Reviewed-on: https://go-review.googlesource.com/c/160737
Run-TryBot: Cherry Zhang <cherryyz@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
| -rw-r--r-- | src/reflect/value.go | 5 | ||||
| -rw-r--r-- | test/fixedbugs/issue30041.go | 63 |
2 files changed, 66 insertions, 2 deletions
diff --git a/src/reflect/value.go b/src/reflect/value.go index 7ae2dd8d10..372b7a6dc8 100644 --- a/src/reflect/value.go +++ b/src/reflect/value.go @@ -561,10 +561,11 @@ func callReflect(ctxt *makeFuncImpl, frame unsafe.Pointer, retValid *bool) { continue } addr := add(ptr, off, "typ.size > 0") + // We are writing to stack. No write barrier. if v.flag&flagIndir != 0 { - typedmemmove(typ, addr, v.ptr) + memmove(addr, v.ptr, typ.size) } else { - *(*unsafe.Pointer)(addr) = v.ptr + *(*uintptr)(addr) = uintptr(v.ptr) } off += typ.size } diff --git a/test/fixedbugs/issue30041.go b/test/fixedbugs/issue30041.go new file mode 100644 index 0000000000..7d8a1698cb --- /dev/null +++ b/test/fixedbugs/issue30041.go @@ -0,0 +1,63 @@ +// run + +// Copyright 2019 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Issue 30041: copying results of a reflect-generated +// call on stack should not have write barrier. + +package main + +import ( + "reflect" + "runtime" + "unsafe" +) + +var badPtr uintptr + +var sink []byte + +func init() { + // Allocate large enough to use largeAlloc. + b := make([]byte, 1<<16-1) + sink = b // force heap allocation + // Any space between the object and the end of page is invalid to point to. + badPtr = uintptr(unsafe.Pointer(&b[len(b)-1])) + 1 +} + +type ft func() *int + +var fn ft + +func rf([]reflect.Value) []reflect.Value { + a := reflect.ValueOf((*int)(nil)) + return []reflect.Value{a} +} + +const N = 1000 + +func main() { + fn = reflect.MakeFunc(reflect.TypeOf(fn), rf).Interface().(ft) + + // Keep running GC so the write barrier is on. + go func() { + for i := 0; i < N; i++ { + runtime.GC() + } + }() + + var x [10]uintptr + for i := range x { + x[i] = badPtr + } + for i := 0; i < N; i++ { + runtime.Gosched() + use(x) // prepare bad pointers on stack + fn() + } +} + +//go:noinline +func use([10]uintptr) {} |