Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

runtime: write barrier incorrect on wasm [1.12 backport] #30873

Closed
gopherbot opened this issue Mar 15, 2019 · 5 comments
Closed

runtime: write barrier incorrect on wasm [1.12 backport] #30873

gopherbot opened this issue Mar 15, 2019 · 5 comments
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Milestone
Go1.12.3

Comments

@gopherbot
Copy link

@aclements requested issue #30871 to be considered for backport to the next 1.12 minor release.

@gopherbot, please backport to Go 1.12 and Go 1.11.
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Mar 15, 2019
@gopherbot gopherbot mentioned this issue Mar 15, 2019
Closed
@gopherbot gopherbot added this to the Go1.12.2 milestone Mar 15, 2019
@gopherbot
Copy link
Author

Change https://golang.org/cl/167745 mentions this issue: [release-branch.go1.12] runtime: fix write barrier on wasm

@katiehockman
Copy link
Contributor

@aclements Can you provide context about why this should be backported per the Minor Release documentation? Is this a serious problem with no workaround?

@aclements
Copy link
Member

@katiehockman, this bug can cause arbitrary memory corruption and there is no workaround.

@katiehockman
Copy link
Contributor

Thanks, I'll approve these two backports then.

@katiehockman katiehockman added CherryPickApproved Used during the release process for point releases and removed CherryPickCandidate Used during the release process for point releases labels Mar 19, 2019
@katiehockman katiehockman mentioned this issue Mar 19, 2019
Closed
@andybons andybons modified the milestones: Go1.12.2, Go1.12.3 Apr 5, 2019
@gopherbot
Copy link
Author

Closed by merging 92e78f7 to release-branch.go1.12.

gopherbot pushed a commit that referenced this issue Apr 5, 2019
@aclements @bradfitz
[release-branch.go1.12] runtime: fix write barrier on wasm
92e78f7 
The current wasm write barrier implementation incorrectly implements
the "deletion" part of the barrier. It correctly greys the new value
of the pointer, but rather than also greying the old value of the
pointer, it greys the object containing the slot (which, since the old
value was just overwritten, is not going to contain the old value).

This can lead to unmarked, reachable objects.

Often, this is masked by other marking activity, but one specific
sequence that can lead to an unmarked object because of this bug is:

1. Initially, GC is off, object A is reachable from just one pointer
in the heap.

2. GC starts and scans the stack of goroutine G.

3. G copies the pointer to A on to its stack and overwrites the
pointer to A in the heap. (Now A is reachable only from G's stack.)

4. GC finishes while A is still reachable from G's stack.

With a functioning deletion barrier, step 3 causes A to be greyed.
Without a functioning deletion barrier, nothing causes A to be greyed,
so A will be freed even though it's still reachable from G's stack.

This CL fixes the wasm write barrier.

Fixes #30873.

Change-Id: I8a74ee517facd3aa9ad606e5424bcf8f0d78e754
Reviewed-on: https://go-review.googlesource.com/c/go/+/167743
Run-TryBot: Austin Clements <austin@google.com>
Reviewed-by: Cherry Zhang <cherryyz@google.com>
(cherry picked from commit d9db9e3)
Reviewed-on: https://go-review.googlesource.com/c/go/+/167745
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
CherryPickApproved Used during the release process for point releases FrozenDueToAge
Projects
None yet
Milestone
Go1.12.3
Development

No branches or pull requests
4 participants
@andybons @aclements @gopherbot @katiehockman