runtime: disallow write barriers in handoffp and callees

handoffp by definition runs without a P, so it's not allowed to have write barriers. It doesn't have any right now, but mark it nowritebarrier to disallow any creeping in in the future. handoffp in turns calls startm, newm, and newosproc, all of which are "below Go" and make sense to run without a P, so disallow write barriers in these as well. For most functions, we've done this because they may race with stoptheworld() and hence must not have write barriers. For these functions, it's a little different: the world can't stop while we're in handoffp, so this race isn't present. But we implement this restriction with a somewhat broader rule that you can't have a write barrier without a P. We like this rule because it's simple and means that our write barriers can depend on there being a P, even though this rule is actually a little broader than necessary. Hence, even though there's no danger of the race in these functions, we want to adhere to the broader rule. Change-Id: Ie22319c30eea37d703eb52f5c7ca5da872030b88 Reviewed-on: https://go-review.googlesource.com/8130 Run-TryBot: Austin Clements <austin@google.com> Reviewed-by: Minux Ma <minux@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Rick Hudson <rlh@golang.org>

runtime: disallow write barriers in handoffp and callees
handoffp by definition runs without a P, so it's not allowed to have write barriers. It doesn't have any right now, but mark it nowritebarrier to disallow any creeping in in the future. handoffp in turns calls startm, newm, and newosproc, all of which are "below Go" and make sense to run without a P, so disallow write barriers in these as well. For most functions, we've done this because they may race with stoptheworld() and hence must not have write barriers. For these functions, it's a little different: the world can't stop while we're in handoffp, so this race isn't present. But we implement this restriction with a somewhat broader rule that you can't have a write barrier without a P. We like this rule because it's simple and means that our write barriers can depend on there being a P, even though this rule is actually a little broader than necessary. Hence, even though there's no danger of the race in these functions, we want to adhere to the broader rule. Change-Id: Ie22319c30eea37d703eb52f5c7ca5da872030b88 Reviewed-on: https://go-review.googlesource.com/8130 Run-TryBot: Austin Clements <austin@google.com> Reviewed-by: Minux Ma <minux@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Rick Hudson <rlh@golang.org>
392336f9 · Austin Clements · 400f58a0 · 392336f9 · 392336f9 · 392336f9
Commit 392336f9 authored Mar 26, 2015 by Austin Clements
11 changed files
--- a/src/runtime/os1_darwin.go
+++ b/src/runtime/os1_darwin.go
@@ -71,6 +71,8 @@ func goenvs() {
 	}
 }
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	mp.tls[0] = uintptr(mp.id) // so 386 asm can find it
 	if false {

--- a/src/runtime/os1_dragonfly.go
+++ b/src/runtime/os1_dragonfly.go
@@ -71,6 +71,8 @@ func futexwakeup(addr *uint32, cnt uint32) {
 func lwp_start(uintptr)
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	if false {
 		print("newosproc stk=", stk, " m=", mp, " g=", mp.g0, " lwp_start=", funcPC(lwp_start), " id=", mp.id, "/", mp.tls[0], " ostk=", &mp, "\n")

--- a/src/runtime/os1_freebsd.go
+++ b/src/runtime/os1_freebsd.go
@@ -67,6 +67,8 @@ func futexwakeup(addr *uint32, cnt uint32) {
 func thr_start()
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	if false {
 		print("newosproc stk=", stk, " m=", mp, " g=", mp.g0, " thr_start=", funcPC(thr_start), " id=", mp.id, "/", mp.tls[0], " ostk=", &mp, "\n")

--- a/src/runtime/os1_linux.go
+++ b/src/runtime/os1_linux.go
@@ -113,6 +113,8 @@ const (
 	_CLONE_NEWIPC         = 0x8000000
 )
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	/*
 	 * note: strace gets confused if we use CLONE_PTRACE here.

--- a/src/runtime/os1_nacl.go
+++ b/src/runtime/os1_nacl.go
@@ -67,6 +67,7 @@ func usleep(us uint32) {
 func mstart_nacl()
+// May run without a P, so write barriers are not allowed.
 //go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	mp.tls[0] = uintptr(unsafe.Pointer(mp.g0))

--- a/src/runtime/os1_netbsd.go
+++ b/src/runtime/os1_netbsd.go
@@ -89,6 +89,8 @@ func semawakeup(mp *m) {
 	}
 }
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	if false {
 		print("newosproc stk=", stk, " m=", mp, " g=", mp.g0, " id=", mp.id, "/", int32(mp.tls[0]), " ostk=", &mp, "\n")

--- a/src/runtime/os1_openbsd.go
+++ b/src/runtime/os1_openbsd.go
@@ -98,6 +98,8 @@ func semawakeup(mp *m) {
 	}
 }
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	if false {
 		print("newosproc stk=", stk, " m=", mp, " g=", mp.g0, " id=", mp.id, "/", int32(mp.tls[0]), " ostk=", &mp, "\n")

--- a/src/runtime/os1_plan9.go
+++ b/src/runtime/os1_plan9.go
@@ -183,6 +183,8 @@ func exit(e int) {
 	exits(&status[0])
 }
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	if false {
 		print("newosproc mp=", mp, " ostk=", &mp, "\n")

--- a/src/runtime/os1_windows.go
+++ b/src/runtime/os1_windows.go
@@ -282,6 +282,8 @@ func semacreate() uintptr {
 	return stdcall4(_CreateEventA, 0, 0, 0, 0)
 }
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, stk unsafe.Pointer) {
 	const _STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000
 	thandle := stdcall6(_CreateThread, 0, 0x20000,

--- a/src/runtime/os3_solaris.go
+++ b/src/runtime/os3_solaris.go
@@ -131,6 +131,8 @@ func osinit() {
 func tstart_sysvicall()
+// May run without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func newosproc(mp *m, _ unsafe.Pointer) {
 	var (
 		attr pthreadattr

--- a/src/runtime/proc1.go
+++ b/src/runtime/proc1.go
@@ -973,7 +973,7 @@ func unlockextra(mp *m) {
 // Create a new m.  It will start off with a call to fn, or else the scheduler.
 // fn needs to be static and not a heap allocated closure.
-// May run during STW, so write barriers are not allowed.
+// May run without a P, so write barriers are not allowed.
 //go:nowritebarrier
 func newm(fn func(), _p_ *p) {
 	mp := allocm(_p_)
@@ -1035,7 +1035,7 @@ func mspinning() {
 // Schedules some M to run the p (creates an M if necessary).
 // If p==nil, tries to get an idle P, if no idle P's does nothing.
-// May run during STW, so write barriers are not allowed.
+// May run without a P, so write barriers are not allowed.
 //go:nowritebarrier
 func startm(_p_ *p, spinning bool) {
 	lock(&sched.lock)
@@ -1072,6 +1072,8 @@ func startm(_p_ *p, spinning bool) {
 }
 // Hands off P from syscall or locked M.
+// Always runs without a P, so write barriers are not allowed.
+//go:nowritebarrier
 func handoffp(_p_ *p) {
 	// if it has local work, start it straight away
 	if _p_.runqhead != _p_.runqtail || sched.runqsize != 0 {