diff options
| author | Dan Scales <danscales@google.com> | 2019-10-09 12:18:26 -0700 |
|---|---|---|
| committer | Dan Scales <danscales@google.com> | 2019-11-04 16:32:38 +0000 |
| commit | 7dcd343ed641d3b70c09153d3b041ca3fe83b25e (patch) | |
| tree | 78f84bf2886ea89ea9a292630fff54bcefdbd985 /src/runtime/runtime2.go | |
| parent | a8fc82f77abff99a3f55b015b017cb4342cd9c08 (diff) | |
| download | go-7dcd343ed641d3b70c09153d3b041ca3fe83b25e.tar.xz | |
runtime: ensure that Goexit cannot be aborted by a recursive panic/recover
When we do a successful recover of a panic, we resume normal execution by
returning from the frame that had the deferred call that did the recover (after
executing any remaining deferred calls in that frame).
However, suppose we have called runtime.Goexit and there is a panic during one of the
deferred calls run by the Goexit. Further assume that there is a deferred call in
the frame of the Goexit or a parent frame that does a recover. Then the recovery
process will actually resume normal execution above the Goexit frame and hence
abort the Goexit. We will not terminate the thread as expected, but continue
running in the frame above the Goexit.
To fix this, we explicitly create a _panic object for a Goexit call. We then
change the "abort" behavior for Goexits, but not panics. After a recovery, if the
top-level panic is actually a Goexit that is marked to be aborted, then we return
to the Goexit defer-processing loop, so that the Goexit is not actually aborted.
Actual code changes are just panic.go, runtime2.go, and funcid.go. Adjusted the
test related to the new Goexit behavior (TestRecoverBeforePanicAfterGoexit) and
added several new tests of aborted panics (whose behavior has not changed).
Fixes #29226
Change-Id: Ib13cb0074f5acc2567a28db7ca6912cfc47eecb5
Reviewed-on: https://go-review.googlesource.com/c/go/+/200081
Run-TryBot: Dan Scales <danscales@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
Diffstat (limited to 'src/runtime/runtime2.go')
| -rw-r--r-- | src/runtime/runtime2.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/runtime/runtime2.go b/src/runtime/runtime2.go index 4ee075a36a..a5471ff765 100644 --- a/src/runtime/runtime2.go +++ b/src/runtime/runtime2.go @@ -872,8 +872,11 @@ type _panic struct { argp unsafe.Pointer // pointer to arguments of deferred call run during panic; cannot move - known to liblink arg interface{} // argument to panic link *_panic // link to earlier panic + pc uintptr // where to return to in runtime if this panic is bypassed + sp unsafe.Pointer // where to return to in runtime if this panic is bypassed recovered bool // whether this panic is over aborted bool // the panic was aborted + goexit bool } // stack traces |