Skip to content
Browse files

reflect: use correct write barrier operations for method funcs

Fix the code to use write barriers on heap memory, and no
write barriers on stack memory.

These errors were discoverd as part of fixing golang#27695. They may
have something to do with that issue, but hard to be sure.
The core cause is different, so this fix is a separate CL.

Update golang#27695

Change-Id: Ib005f6b3308de340be83c3d07d049d5e316b1e3c
Reviewed-by: Austin Clements <>
  • Loading branch information...
randall77 committed Sep 25, 2018
1 parent ebdc0b8 commit e35a41261b19589f40d32bd66274c23ab4b9b32e
Showing with 41 additions and 13 deletions.
  1. +2 −0 src/reflect/type.go
  2. +26 −13 src/reflect/value.go
  3. +13 −0 src/runtime/mbarrier.go
@@ -3066,6 +3066,8 @@ func funcLayout(t *rtype, rcvr *rtype) (frametype *rtype, argSize, retOffset uin
// space no matter how big they actually are.
if ifaceIndir(rcvr) || rcvr.pointers() {
} else {
offset += ptrSize
@@ -453,15 +453,14 @@ func (v Value) call(op string, in []Value) []Value {

var ret []Value
if nout == 0 {
// This is untyped because the frame is really a
// stack, even though it's a heap object.
memclrNoHeapPointers(args, frametype.size)
typedmemclr(frametype, args)
} else {
// Zero the now unused input area of args,
// because the Values returned by this function contain pointers to the args object,
// and will thus keep the args object alive indefinitely.
memclrNoHeapPointers(args, retOffset)
typedmemclrpartial(frametype, args, 0, retOffset)

// Wrap Values around return values in args.
ret = make([]Value, nout)
off = retOffset
@@ -472,6 +471,10 @@ func (v Value) call(op string, in []Value) []Value {
if tv.Size() != 0 {
fl := flagIndir | flag(tv.Kind())
ret[i] = Value{tv.common(), add(args, off, "tv.Size() != 0"), fl}
// Note: this does introduce false sharing between results -
// if any result is live, they are all live.
// (And the space for the args is live as well, but as we've
// cleared that space it isn't as big a deal.)
} else {
// For zero-sized return value, args+off may point to the next object.
// In this case, return the zero value instead.
@@ -660,6 +663,8 @@ func callMethod(ctxt *methodValue, frame unsafe.Pointer) {

// Call.
// Call copies the arguments from args to the stack, calls fn,
// and then copies the results back into args.
call(frametype, fn, args, uint32(frametype.size), uint32(retOffset))

// Copy return values. On amd64p32, the beginning of return values
@@ -673,16 +678,14 @@ func callMethod(ctxt *methodValue, frame unsafe.Pointer) {
if runtime.GOARCH == "amd64p32" {
callerRetOffset = align(argSize-ptrSize, 8)
add(frame, callerRetOffset, "frametype.size > retOffset"),
// This copies to the stack. Write barriers are not needed.
memmove(add(frame, callerRetOffset, "frametype.size > retOffset"),
add(args, retOffset, "frametype.size > retOffset"),

// This is untyped because the frame is really a stack, even
// though it's a heap object.
memclrNoHeapPointers(args, frametype.size)
// Put the args scratch space back in the pool.
typedmemclr(frametype, args)

// See the comment in callReflect.
@@ -2641,6 +2644,10 @@ func call(argtype *rtype, fn, arg unsafe.Pointer, n uint32, retoffset uint32)

func ifaceE2I(t *rtype, src interface{}, dst unsafe.Pointer)

// memmove copies size bytes to dst from src. No write barriers are used.
func memmove(dst, src unsafe.Pointer, size uintptr)

// typedmemmove copies a value of type t to dst from src.
func typedmemmove(t *rtype, dst, src unsafe.Pointer)
@@ -2650,14 +2657,20 @@ func typedmemmove(t *rtype, dst, src unsafe.Pointer)
func typedmemmovepartial(t *rtype, dst, src unsafe.Pointer, off, size uintptr)

// typedmemclr zeros the value at ptr of type t.
func typedmemclr(t *rtype, ptr unsafe.Pointer)

// typedmemclrpartial is like typedmemclr but assumes that
// dst points off bytes into the value and only clears size bytes.
func typedmemclrpartial(t *rtype, ptr unsafe.Pointer, off, size uintptr)

// typedslicecopy copies a slice of elemType values from src to dst,
// returning the number of elements copied.
func typedslicecopy(elemType *rtype, dst, src sliceHeader) int

func memclrNoHeapPointers(ptr unsafe.Pointer, n uintptr)

// Dummy annotation marking that the value x escapes,
// for use in cases where the reflect code is so clever that
// the compiler cannot follow.
@@ -318,6 +318,19 @@ func typedmemclr(typ *_type, ptr unsafe.Pointer) {
memclrNoHeapPointers(ptr, typ.size)

//go:linkname reflect_typedmemclr reflect.typedmemclr
func reflect_typedmemclr(typ *_type, ptr unsafe.Pointer) {
typedmemclr(typ, ptr)

//go:linkname reflect_typedmemclrpartial reflect.typedmemclrpartial
func reflect_typedmemclrpartial(typ *_type, ptr unsafe.Pointer, off, size uintptr) {
if typ.kind&kindNoPointers == 0 {
bulkBarrierPreWrite(uintptr(ptr), 0, size)
memclrNoHeapPointers(ptr, size)

// memclrHasPointers clears n bytes of typed memory starting at ptr.
// The caller must ensure that the type of the object at ptr has
// pointers, usually by checking typ.kind&kindNoPointers. However, ptr

0 comments on commit e35a412

Please sign in to comment.
You can’t perform that action at this time.