From c45ebef05edcb217be8f9bf1d7649763132727cc Mon Sep 17 00:00:00 2001
From: Michael Pratt <mpratt@google.com>
Date: Mon, 17 Oct 2022 15:57:48 -0400
Subject: runtime: avoid unsafe.{Slice,String} in debuglog

CL 428157 and CL 428759 switched debuglog to using unsafe.String and
unsafe.Slice, which broke the build with -tags=debuglog because this is
a no write barrier context, but runtime.unsafeString and unsafeSlice can
panic, which includes write barriers.

We could add a panicCheck1 path to these functions to reallow write
barriers, but it is a big mess to pass around the caller PC,
particularly since the compiler generates calls. It is much simpler to
just avoid unsafe.String and Slice.

Also add a basic test to build the runtime with -tags=debuglog to help
avoid future regressions.

For #54854.

Change-Id: I702418b986fbf189664e9aa4f40bc7de4d9e7781
Reviewed-on: https://go-review.googlesource.com/c/go/+/443380
Run-TryBot: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
---
 src/runtime/debuglog.go | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'src/runtime/debuglog.go')

diff --git a/src/runtime/debuglog.go b/src/runtime/debuglog.go
index 1fc7dd5555..b18774e6c0 100644
--- a/src/runtime/debuglog.go
+++ b/src/runtime/debuglog.go
@@ -304,7 +304,12 @@ func (l *dlogger) s(x string) *dlogger {
 		l.w.uvarint(uint64(uintptr(unsafe.Pointer(strData)) - datap.etext))
 	} else {
 		l.w.byte(debugLogString)
-		b := unsafe.Slice(strData, len(x))
+		// We can't use unsafe.Slice as it may panic, which isn't safe
+		// in this (potentially) nowritebarrier context.
+		var b []byte
+		bb := (*slice)(unsafe.Pointer(&b))
+		bb.array = unsafe.Pointer(strData)
+		bb.len, bb.cap = len(x), len(x)
 		if len(b) > debugLogStringLimit {
 			b = b[:debugLogStringLimit]
 		}
@@ -655,7 +660,13 @@ func (r *debugLogReader) printVal() bool {
 	case debugLogConstString:
 		len, ptr := int(r.uvarint()), uintptr(r.uvarint())
 		ptr += firstmoduledata.etext
-		s := unsafe.String((*byte)(unsafe.Pointer(ptr)), len)
+		// We can't use unsafe.String as it may panic, which isn't safe
+		// in this (potentially) nowritebarrier context.
+		str := stringStruct{
+			str: unsafe.Pointer(ptr),
+			len: len,
+		}
+		s := *(*string)(unsafe.Pointer(&str))
 		print(s)
 
 	case debugLogStringOverflow:
-- 
cgit v1.3