1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
|
// Copyright 2022 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ld
import (
"cmd/internal/obj"
"cmd/internal/objabi"
"cmd/link/internal/loader"
"fmt"
"internal/buildcfg"
"sort"
"strings"
)
type stackCheck struct {
ctxt *Link
ldr *loader.Loader
morestack loader.Sym
callSize int // The number of bytes added by a CALL
// height records the maximum number of bytes a function and
// its callees can add to the stack without a split check.
height map[loader.Sym]int16
// graph records the out-edges from each symbol. This is only
// populated on a second pass if the first pass reveals an
// over-limit function.
graph map[loader.Sym][]stackCheckEdge
}
type stackCheckEdge struct {
growth int // Stack growth in bytes at call to target
target loader.Sym // 0 for stack growth without a call
}
// stackCheckCycle is a sentinel stored in the height map to detect if
// we've found a cycle. This is effectively an "infinite" stack
// height, so we use the closest value to infinity that we can.
const stackCheckCycle int16 = 1<<15 - 1
// stackCheckIndirect is a sentinel Sym value used to represent the
// target of an indirect/closure call.
const stackCheckIndirect loader.Sym = -1
// doStackCheck walks the call tree to check that there is always
// enough stack space for call frames, especially for a chain of
// nosplit functions.
//
// It walks all functions to accumulate the number of bytes they can
// grow the stack by without a split check and checks this against the
// limit.
func (ctxt *Link) doStackCheck() {
sc := newStackCheck(ctxt, false)
// limit is number of bytes a splittable function ensures are
// available on the stack. If any call chain exceeds this
// depth, the stack check test fails.
//
// The call to morestack in every splittable function ensures
// that there are at least StackLimit bytes available below SP
// when morestack returns.
limit := objabi.StackLimit - sc.callSize
if buildcfg.GOARCH == "arm64" {
// Need an extra 8 bytes below SP to save FP.
limit -= 8
}
// Compute stack heights without any back-tracking information.
// This will almost certainly succeed and we can simply
// return. If it fails, we do a second pass with back-tracking
// to produce a good error message.
//
// This accumulates stack heights bottom-up so it only has to
// visit every function once.
var failed []loader.Sym
for _, s := range ctxt.Textp {
if sc.check(s) > limit {
failed = append(failed, s)
}
}
if len(failed) > 0 {
// Something was over-limit, so now we do the more
// expensive work to report a good error. First, for
// the over-limit functions, redo the stack check but
// record the graph this time.
sc = newStackCheck(ctxt, true)
for _, s := range failed {
sc.check(s)
}
// Find the roots of the graph (functions that are not
// called by any other function).
roots := sc.findRoots()
// Find and report all paths that go over the limit.
// This accumulates stack depths top-down. This is
// much less efficient because we may have to visit
// the same function multiple times at different
// depths, but lets us find all paths.
for _, root := range roots {
ctxt.Errorf(root, "nosplit stack over %d byte limit", limit)
chain := []stackCheckChain{{stackCheckEdge{0, root}, false}}
sc.report(root, limit, &chain)
}
}
}
func newStackCheck(ctxt *Link, graph bool) *stackCheck {
sc := &stackCheck{
ctxt: ctxt,
ldr: ctxt.loader,
morestack: ctxt.loader.Lookup("runtime.morestack", 0),
height: make(map[loader.Sym]int16, len(ctxt.Textp)),
}
// Compute stack effect of a CALL operation. 0 on LR machines.
// 1 register pushed on non-LR machines.
if !ctxt.Arch.HasLR {
sc.callSize = ctxt.Arch.RegSize
}
if graph {
// We're going to record the call graph.
sc.graph = make(map[loader.Sym][]stackCheckEdge)
}
return sc
}
func (sc *stackCheck) symName(sym loader.Sym) string {
switch sym {
case stackCheckIndirect:
return "indirect"
case 0:
return "leaf"
}
return fmt.Sprintf("%s<%d>", sc.ldr.SymName(sym), sc.ldr.SymVersion(sym))
}
// check returns the stack height of sym. It populates sc.height and
// sc.graph for sym and every function in its call tree.
func (sc *stackCheck) check(sym loader.Sym) int {
if h, ok := sc.height[sym]; ok {
// We've already visited this symbol or we're in a cycle.
return int(h)
}
// Store the sentinel so we can detect cycles.
sc.height[sym] = stackCheckCycle
// Compute and record the height and optionally edges.
h, edges := sc.computeHeight(sym, *flagDebugNosplit || sc.graph != nil)
if h > int(stackCheckCycle) { // Prevent integer overflow
h = int(stackCheckCycle)
}
sc.height[sym] = int16(h)
if sc.graph != nil {
sc.graph[sym] = edges
}
if *flagDebugNosplit {
for _, edge := range edges {
fmt.Printf("nosplit: %s +%d", sc.symName(sym), edge.growth)
if edge.target == 0 {
// Local stack growth or leaf function.
fmt.Printf("\n")
} else {
fmt.Printf(" -> %s\n", sc.symName(edge.target))
}
}
}
return h
}
// computeHeight returns the stack height of sym. If graph is true, it
// also returns the out-edges of sym.
//
// Caching is applied to this in check. Call check instead of calling
// this directly.
func (sc *stackCheck) computeHeight(sym loader.Sym, graph bool) (int, []stackCheckEdge) {
ldr := sc.ldr
// Check special cases.
if sym == sc.morestack {
// morestack looks like it calls functions, but they
// either happen only when already on the system stack
// (where there is ~infinite space), or after
// switching to the system stack. Hence, its stack
// height on the user stack is 0.
return 0, nil
}
if sym == stackCheckIndirect {
// Assume that indirect/closure calls are always to
// splittable functions, so they just need enough room
// to call morestack.
return sc.callSize, []stackCheckEdge{{sc.callSize, sc.morestack}}
}
// Ignore calls to external functions. Assume that these calls
// are only ever happening on the system stack, where there's
// plenty of room.
if ldr.AttrExternal(sym) {
return 0, nil
}
if info := ldr.FuncInfo(sym); !info.Valid() { // also external
return 0, nil
}
// Track the maximum height of this function and, if we're
// recording the graph, its out-edges.
var edges []stackCheckEdge
maxHeight := 0
ctxt := sc.ctxt
// addEdge adds a stack growth out of this function to
// function "target" or, if target == 0, a local stack growth
// within the function.
addEdge := func(growth int, target loader.Sym) {
if graph {
edges = append(edges, stackCheckEdge{growth, target})
}
height := growth
if target != 0 { // Don't walk into the leaf "edge"
height += sc.check(target)
}
if height > maxHeight {
maxHeight = height
}
}
if !ldr.IsNoSplit(sym) {
// Splittable functions start with a call to
// morestack, after which their height is 0. Account
// for the height of the call to morestack.
addEdge(sc.callSize, sc.morestack)
return maxHeight, edges
}
// This function is nosplit, so it adjusts SP without a split
// check.
//
// Walk through SP adjustments in function, consuming relocs
// and following calls.
maxLocalHeight := 0
relocs, ri := ldr.Relocs(sym), 0
pcsp := obj.NewPCIter(uint32(ctxt.Arch.MinLC))
for pcsp.Init(ldr.Data(ldr.Pcsp(sym))); !pcsp.Done; pcsp.Next() {
// pcsp.value is in effect for [pcsp.pc, pcsp.nextpc).
height := int(pcsp.Value)
if height > maxLocalHeight {
maxLocalHeight = height
}
// Process calls in this span.
for ; ri < relocs.Count(); ri++ {
r := relocs.At(ri)
if uint32(r.Off()) >= pcsp.NextPC {
break
}
t := r.Type()
if t.IsDirectCall() || t == objabi.R_CALLIND {
growth := height + sc.callSize
var target loader.Sym
if t == objabi.R_CALLIND {
target = stackCheckIndirect
} else {
target = r.Sym()
}
addEdge(growth, target)
}
}
}
if maxLocalHeight > maxHeight {
// This is either a leaf function, or the function
// grew its stack to larger than the maximum call
// height between calls. Either way, record that local
// stack growth.
addEdge(maxLocalHeight, 0)
}
return maxHeight, edges
}
func (sc *stackCheck) findRoots() []loader.Sym {
// Collect all nodes.
nodes := make(map[loader.Sym]struct{})
for k := range sc.graph {
nodes[k] = struct{}{}
}
// Start a DFS from each node and delete all reachable
// children. If we encounter an unrooted cycle, this will
// delete everything in that cycle, so we detect this case and
// track the lowest-numbered node encountered in the cycle and
// put that node back as a root.
var walk func(origin, sym loader.Sym) (cycle bool, lowest loader.Sym)
walk = func(origin, sym loader.Sym) (cycle bool, lowest loader.Sym) {
if _, ok := nodes[sym]; !ok {
// We already deleted this node.
return false, 0
}
delete(nodes, sym)
if origin == sym {
// We found an unrooted cycle. We already
// deleted all children of this node. Walk
// back up, tracking the lowest numbered
// symbol in this cycle.
return true, sym
}
// Delete children of this node.
for _, out := range sc.graph[sym] {
if c, l := walk(origin, out.target); c {
cycle = true
if lowest == 0 {
// On first cycle detection,
// add sym to the set of
// lowest-numbered candidates.
lowest = sym
}
if l < lowest {
lowest = l
}
}
}
return
}
for k := range nodes {
// Delete all children of k.
for _, out := range sc.graph[k] {
if cycle, lowest := walk(k, out.target); cycle {
// This is an unrooted cycle so we
// just deleted everything. Put back
// the lowest-numbered symbol.
nodes[lowest] = struct{}{}
}
}
}
// Sort roots by height. This makes the result deterministic
// and also improves the error reporting.
var roots []loader.Sym
for k := range nodes {
roots = append(roots, k)
}
sort.Slice(roots, func(i, j int) bool {
h1, h2 := sc.height[roots[i]], sc.height[roots[j]]
if h1 != h2 {
return h1 > h2
}
// Secondary sort by Sym.
return roots[i] < roots[j]
})
return roots
}
type stackCheckChain struct {
stackCheckEdge
printed bool
}
func (sc *stackCheck) report(sym loader.Sym, depth int, chain *[]stackCheckChain) {
// Walk the out-edges of sym. We temporarily pull the edges
// out of the graph to detect cycles and prevent infinite
// recursion.
edges, ok := sc.graph[sym]
isCycle := !(ok || sym == 0)
delete(sc.graph, sym)
for _, out := range edges {
*chain = append(*chain, stackCheckChain{out, false})
sc.report(out.target, depth-out.growth, chain)
*chain = (*chain)[:len(*chain)-1]
}
sc.graph[sym] = edges
// If we've reached the end of a chain and it went over the
// stack limit or was a cycle that would eventually go over,
// print the whole chain.
//
// We should either be in morestack (which has no out-edges)
// or the sentinel 0 Sym "called" from a leaf function (which
// has no out-edges), or we came back around a cycle (possibly
// to ourselves) and edges was temporarily nil'd.
if len(edges) == 0 && (depth < 0 || isCycle) {
var indent string
for i := range *chain {
ent := &(*chain)[i]
if ent.printed {
// Already printed on an earlier part
// of this call tree.
continue
}
ent.printed = true
if i == 0 {
// chain[0] is just the root function,
// not a stack growth.
fmt.Printf("%s\n", sc.symName(ent.target))
continue
}
indent = strings.Repeat(" ", i)
fmt.Print(indent)
// Grows the stack X bytes and (maybe) calls Y.
fmt.Printf("grows %d bytes", ent.growth)
if ent.target == 0 {
// Not a call, just a leaf. Print nothing.
} else {
fmt.Printf(", calls %s", sc.symName(ent.target))
}
fmt.Printf("\n")
}
// Print how far over this chain went.
if isCycle {
fmt.Printf("%sinfinite cycle\n", indent)
} else {
fmt.Printf("%s%d bytes over limit\n", indent, -depth)
}
}
}
|
