New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
runtime: write barrier incorrect on wasm [1.12 backport] #30873
Comments
Change https://golang.org/cl/167745 mentions this issue: |
@aclements Can you provide context about why this should be backported per the Minor Release documentation? Is this a serious problem with no workaround? |
@katiehockman, this bug can cause arbitrary memory corruption and there is no workaround. |
Thanks, I'll approve these two backports then. |
Closed by merging 92e78f7 to release-branch.go1.12. |
The current wasm write barrier implementation incorrectly implements the "deletion" part of the barrier. It correctly greys the new value of the pointer, but rather than also greying the old value of the pointer, it greys the object containing the slot (which, since the old value was just overwritten, is not going to contain the old value). This can lead to unmarked, reachable objects. Often, this is masked by other marking activity, but one specific sequence that can lead to an unmarked object because of this bug is: 1. Initially, GC is off, object A is reachable from just one pointer in the heap. 2. GC starts and scans the stack of goroutine G. 3. G copies the pointer to A on to its stack and overwrites the pointer to A in the heap. (Now A is reachable only from G's stack.) 4. GC finishes while A is still reachable from G's stack. With a functioning deletion barrier, step 3 causes A to be greyed. Without a functioning deletion barrier, nothing causes A to be greyed, so A will be freed even though it's still reachable from G's stack. This CL fixes the wasm write barrier. Fixes #30873. Change-Id: I8a74ee517facd3aa9ad606e5424bcf8f0d78e754 Reviewed-on: https://go-review.googlesource.com/c/go/+/167743 Run-TryBot: Austin Clements <austin@google.com> Reviewed-by: Cherry Zhang <cherryyz@google.com> (cherry picked from commit d9db9e3) Reviewed-on: https://go-review.googlesource.com/c/go/+/167745 Reviewed-by: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
@aclements requested issue #30871 to be considered for backport to the next 1.12 minor release.
The text was updated successfully, but these errors were encountered: