diff options
| author | Matthew Dempsky <mdempsky@google.com> | 2019-02-12 19:40:42 -0800 |
|---|---|---|
| committer | Matthew Dempsky <mdempsky@google.com> | 2019-10-17 00:40:21 +0000 |
| commit | 80a6fedea05dbdab2e55b2ba922faeaf4155a981 (patch) | |
| tree | 2bf6dc699a1f356e4a3ac0320e521d61ae631539 /src/reflect | |
| parent | 3b003c3edb013786caeea6c0913b2e21fc4ad66b (diff) | |
| download | go-80a6fedea05dbdab2e55b2ba922faeaf4155a981.tar.gz go-80a6fedea05dbdab2e55b2ba922faeaf4155a981.zip | |
cmd/compile: add -d=checkptr to validate unsafe.Pointer rules
This CL adds -d=checkptr as a compile-time option for adding
instrumentation to check that Go code is following unsafe.Pointer
safety rules dynamically. In particular, it currently checks two
things:
1. When converting unsafe.Pointer to *T, make sure the resulting
pointer is aligned appropriately for T.
2. When performing pointer arithmetic, if the result points to a Go
heap object, make sure we can find an unsafe.Pointer-typed operand
that pointed into the same object.
These checks are currently disabled for the runtime, and can also be
disabled through a new //go:nocheckptr annotation. The latter is
necessary for functions like strings.noescape, which intentionally
violate safety rules to workaround escape analysis limitations.
Fixes #22218.
Change-Id: If5a51273881d93048f74bcff10a3275c9c91da6a
Reviewed-on: https://go-review.googlesource.com/c/go/+/162237
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Keith Randall <khr@golang.org>
Diffstat (limited to 'src/reflect')
| -rw-r--r-- | src/reflect/value.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/reflect/value.go b/src/reflect/value.go index ffcb204cda..ab3b9643ee 100644 --- a/src/reflect/value.go +++ b/src/reflect/value.go @@ -1407,6 +1407,11 @@ func (v Value) OverflowUint(x uint64) bool { panic(&ValueError{"reflect.Value.OverflowUint", v.kind()}) } +//go:nocheckptr +// This prevents inlining Value.Pointer when -d=checkptr is enabled, +// which ensures cmd/compile can recognize unsafe.Pointer(v.Pointer()) +// and make an exception. + // Pointer returns v's value as a uintptr. // It returns uintptr instead of unsafe.Pointer so that // code using reflect cannot obtain unsafe.Pointers @@ -1914,6 +1919,11 @@ func (v Value) Uint() uint64 { panic(&ValueError{"reflect.Value.Uint", v.kind()}) } +//go:nocheckptr +// This prevents inlining Value.UnsafeAddr when -d=checkptr is enabled, +// which ensures cmd/compile can recognize unsafe.Pointer(v.UnsafeAddr()) +// and make an exception. + // UnsafeAddr returns a pointer to v's data. // It is for advanced clients that also import the "unsafe" package. // It panics if v is not addressable. |