| blob | 6b490b7b3c238e6ccdfdb1f9d082cd4d6d4a7b55 |
1 // Copyright 2014 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 package runtime
8 "runtime/internal/atomic"
9 "unsafe"
10 )
12 // For gccgo, use go:linkname to rename compiler-called functions to
13 // themselves, so that the compiler will export them.
14 //
15 //go:linkname deferproc runtime.deferproc
16 //go:linkname deferreturn runtime.deferreturn
17 //go:linkname setdeferretaddr runtime.setdeferretaddr
18 //go:linkname checkdefer runtime.checkdefer
19 //go:linkname gopanic runtime.gopanic
20 //go:linkname canrecover runtime.canrecover
21 //go:linkname makefuncfficanrecover runtime.makefuncfficanrecover
22 //go:linkname makefuncreturning runtime.makefuncreturning
23 //go:linkname gorecover runtime.gorecover
24 //go:linkname deferredrecover runtime.deferredrecover
25 //go:linkname panicmem runtime.panicmem
26 // Temporary for C code to call:
27 //go:linkname throw runtime.throw
29 // Calling panic with one of the errors below will call errorString.Error
30 // which will call mallocgc to concatenate strings. That will fail if
31 // malloc is locked, causing a confusing error message. Throw a better
32 // error message instead.
37 }
38 }
45 }
52 }
59 }
66 }
73 }
80 }
84 }
86 // deferproc creates a new deferred function.
87 // The compiler turns a defer statement into a call to this.
88 // frame points into the stack frame; it is used to determine which
89 // deferred functions are for the current stack frame, and whether we
90 // have already deferred functions for this frame.
91 // pfn is a C function pointer.
92 // arg is a value to pass to pfn.
97 }
104 }
106 // Allocate a Defer, usually using per-P pool.
107 // Each defer must be released with freedefer.
120 }
122 })
123 }
128 }
132 })
133 }
136 return d
137 }
139 // Free the given defer.
140 // The defer cannot be used after this call.
141 //
142 // This must not grow the stack because there may be a frame without a
143 // stack map when this is called.
144 //
145 //go:nosplit
149 // Transfer half of local cache to the central cache.
150 //
151 // Take this slow path on the system stack so
152 // we don't grow freedefer's stack.
161 first = d
164 }
165 last = d
166 }
171 })
172 }
174 // These lines used to be simply `*d = _defer{}` but that
175 // started causing a nosplit stack overflow via typedmemmove.
186 }
188 // deferreturn is called to undefer the stack.
189 // The compiler inserts a call to this function as a finally clause
190 // wrapped around the body of any function that calls defer.
191 // The frame argument points to the stack frame of the function.
200 // This is rather awkward.
201 // The gc compiler does this using assembler
202 // code in jmpdefer.
206 }
208 // If we are returning from a Go function called by a
209 // C function running in a C thread, g may now be nil,
210 // in which case CgocallBackDone will have cleared _defer.
211 // In that case some other goroutine may already be using gp.
214 return
215 }
221 // Since we are executing a defer function now, we
222 // know that we are returning from the calling
223 // function. If the calling function, or one of its
224 // callees, panicked, then the defer functions would
225 // be executed by panic.
227 }
228 }
230 // __builtin_extract_return_addr is a GCC intrinsic that converts an
231 // address returned by __builtin_return_address(0) to a real address.
232 // On most architectures this is a nop.
233 //extern __builtin_extract_return_addr
236 // setdeferretaddr records the address to which the deferred function
237 // returns. This is check by canrecover. The frontend relies on this
238 // function returning false.
243 }
245 }
247 // checkdefer is called by exception handlers used when unwinding the
248 // stack after a recovered panic. The exception handler is simply
249 // checkdefer(frame)
250 // return;
251 // If we have not yet reached the frame we are looking for, we
252 // continue unwinding.
256 // We should never wind up here. Even if some other
257 // language throws an exception, the cgo code
258 // should ensure that g is set.
261 // Some other language has thrown an exception.
262 // We need to run the local defer handlers.
263 // If they call recover, we stop unwinding here.
264 var p _panic
271 break
272 }
284 // The recover function caught the panic
285 // thrown by some other language.
286 break
287 }
288 }
294 // Just return and continue executing Go code.
296 return
297 }
299 // We are panicking through this function.
302 // This is the defer function that called recover.
303 // Simply return to stop the stack unwind, and let the
304 // Go code continue to execute.
309 // We are returning from this function.
312 return
313 }
315 // This is some other defer function. It was already run by
316 // the call to panic, or just above. Rethrow the exception.
319 }
321 // unwindStack starts unwinding the stack for a panic. We unwind
322 // function calls until we reach the one which used a defer function
323 // which called recover. Each function which uses a defer statement
324 // will have an exception handler, as shown above for checkdefer.
326 // Allocate the exception type used by the unwind ABI.
327 // It would be nice to define it in runtime_sysinfo.go,
328 // but current definitions don't work because the required
329 // alignment is larger than can be represented in Go.
330 // The type never contains any Go pointers.
337 }
339 // Goexit terminates the goroutine that calls it. No other goroutine is affected.
340 // Goexit runs all deferred calls before terminating the goroutine. Because Goexit
341 // is not a panic, any recover calls in those deferred functions will return nil.
342 //
343 // Calling Goexit from the main goroutine terminates that goroutine
344 // without func main returning. Since func main has not returned,
345 // the program continues execution of other goroutines.
346 // If all other goroutines exit, the program crashes.
348 // Run all deferred functions for the current goroutine.
349 // This code is similar to gopanic, see that implementation
350 // for detailed comments.
355 break
356 }
363 }
366 continue
367 }
376 }
380 // Note: we ignore recovers here because Goexit isn't a panic
381 }
383 }
385 // Call all Error and String methods before freezing the world.
386 // Used when crashing with panicking.
391 }
392 }()
399 }
401 }
402 }
404 // Print all currently active panics. Used when crashing.
405 // Should only be called after preprintpanics.
410 }
415 }
417 }
419 // The implementation of the predeclared function panic.
427 }
434 }
443 }
449 }
451 // The gc compiler allocates this new _panic struct on the
452 // stack. We can't do that, because when a deferred function
453 // recovers the panic we unwind the stack. We unlink this
454 // entry before unwinding the stack, but that doesn't help in
455 // the case where we panic, a deferred function recovers and
456 // then panics itself, that panic is in turn recovered, and
457 // unwinds the stack past this stack frame.
462 }
470 break
471 }
475 // If defer was started by earlier panic or Goexit (and, since we're back here, that triggered a new panic),
476 // take defer off list. The earlier panic or Goexit will not continue running.
480 }
484 continue
485 }
488 // Record the panic that is running the defer.
489 // If there is a new panic during the deferred call, that panic
490 // will find d in the list and will mark d._panic (this panic) aborted.
499 }
507 // Aborted panics are marked but remain on the g.panic list.
508 // Remove them from the list.
511 }
514 }
516 // Unwind the stack by throwing an exception.
517 // The compiler has arranged to create
518 // exception handlers in each function
519 // that uses a defer statement. These
520 // exception handlers will check whether
521 // the entry on the top of the defer stack
522 // is from the current function. If it is,
523 // we have unwound the stack far enough.
527 }
529 // Because we executed that defer function by a panic,
530 // and it did not call recover, we know that we are
531 // not returning from the calling function--we are
532 // panicking through it.
535 // Deferred function did not panic. Remove d.
536 // In the p.recovered case, d will be removed by checkdefer.
540 }
542 // ran out of deferred calls - old-school panic now
543 // Because it is unsafe to call arbitrary user code after freezing
544 // the world, we call preprintpanics to invoke all necessary Error
545 // and String methods to prepare the panic strings before startpanic.
549 // startpanic set panicking, which will block main from exiting,
550 // so now OK to decrement runningPanicDefers.
556 }
558 // currentDefer returns the top of the defer stack if it can be recovered.
559 // Otherwise it returns nil.
565 }
567 // The panic that would be recovered is the one on the top of
568 // the panic stack. We do not want to recover it if that panic
569 // was on the top of the panic stack when this function was
570 // deferred.
573 }
575 // The deferred thunk will call setdeferretaddr. If this has
576 // not happened, then we have not been called via defer, and
577 // we can not recover.
580 }
582 return d
583 }
585 // canrecover is called by a thunk to see if the real function would
586 // be permitted to recover a panic value. Recovering a value is
587 // permitted if the thunk was called directly by defer. retaddr is the
588 // return address of the function that is calling canrecover--that is,
589 // the thunk.
594 }
600 }
602 // On some systems, in some cases, the return address does not
603 // work reliably. See http://gcc.gnu.org/PR60406. If we are
604 // permitted to call recover, the call stack will look like this:
605 // runtime.gopanic, runtime.deferreturn, etc.
606 // thunk to call deferred function (calls __go_set_defer_retaddr)
607 // function that calls __go_can_recover (passing return address)
608 // runtime.canrecover
609 // Calling callers will skip the thunks. So if our caller's
610 // caller starts with "runtime.", then we are permitted to
611 // call recover.
615 }
620 }
622 // If the function calling recover was created by reflect.MakeFunc,
623 // then makefuncfficanrecover will have set makefunccanrecover.
626 }
628 // We look up the stack, ignoring libffi functions and
629 // functions in the reflect package, until we find
630 // reflect.makeFuncStub or reflect.ffi_callback called by FFI
631 // functions. Then we check the caller of that function.
639 // No function name means this caller isn't Go code.
640 // Assume that this is libffi.
641 continue
642 }
644 // Ignore function in libffi.
646 continue
647 }
650 break
651 }
655 continue
656 }
658 // Ignore other functions in the reflect package.
660 continue
661 }
663 // We should now be looking at the real caller.
664 break
665 }
671 }
672 }
675 }
677 // This function is called when code is about to enter a function
678 // created by the libffi version of reflect.MakeFunc. This function is
679 // passed the names of the callers of the libffi code that called the
680 // stub. It uses them to decide whether it is permitted to call
681 // recover, and sets d.makefunccanrecover so that gorecover can make
682 // the same decision.
686 return
687 }
689 // If we are already in a call stack of MakeFunc functions,
690 // there is nothing we can usefully check here.
692 return
693 }
695 // loc starts with the caller of our caller. That will be a thunk.
696 // If its caller was a function function, then it was called
697 // directly by defer.
699 return
700 }
705 }
706 }
708 // makefuncreturning is called when code is about to exit a function
709 // created by reflect.MakeFunc. It is called by the function stub used
710 // by reflect.MakeFunc. It clears the makefunccanrecover field. It's
711 // OK to always clear this field, because canrecover will only be
712 // called by a stub created for a function that calls recover. That
713 // stub will not call a function created by reflect.MakeFunc, so by
714 // the time we get here any caller higher up on the call stack no
715 // longer needs the information.
720 }
721 }
723 // The implementation of the predeclared function recover.
730 }
732 }
734 // deferredrecover is called when a call to recover is deferred. That
735 // is, something like
736 // defer recover()
737 //
738 // We need to handle this specially. In gc, the recover function
739 // looks up the stack frame. In particular, that means that a deferred
740 // recover will not recover a panic thrown in the same function that
741 // defers the recover. It will only recover a panic thrown in a
742 // function that defers the deferred call to recover.
743 //
744 // In other words:
745 //
746 // func f1() {
747 // defer recover() // does not stop panic
748 // panic(0)
749 // }
750 //
751 // func f2() {
752 // defer func() {
753 // defer recover() // stops panic(0)
754 // }()
755 // panic(0)
756 // }
757 //
758 // func f3() {
759 // defer func() {
760 // defer recover() // does not stop panic
761 // panic(0)
762 // }()
763 // panic(1)
764 // }
765 //
766 // func f4() {
767 // defer func() {
768 // defer func() {
769 // defer recover() // stops panic(0)
770 // }()
771 // panic(0)
772 // }()
773 // panic(1)
774 // }
775 //
776 // The interesting case here is f3. As can be seen from f2, the
777 // deferred recover could pick up panic(1). However, this does not
778 // happen because it is blocked by the panic(0).
779 //
780 // When a function calls recover, then when we invoke it we pass a
781 // hidden parameter indicating whether it should recover something.
782 // This parameter is set based on whether the function is being
783 // invoked directly from defer. The parameter winds up determining
784 // whether __go_recover or __go_deferred_recover is called at all.
785 //
786 // In the case of a deferred recover, the hidden parameter that
787 // controls the call is actually the one set up for the function that
788 // runs the defer recover() statement. That is the right thing in all
789 // the cases above except for f3. In f3 the function is permitted to
790 // call recover, but the deferred recover call is not. We address that
791 // here by checking for that specific case before calling recover. If
792 // this function was deferred when there is already a panic on the
793 // panic stack, then we can only recover that panic, not any other.
795 // Note that we can get away with using a special function here
796 // because you are not permitted to take the address of a predeclared
797 // function like recover.
802 }
804 }
806 //go:linkname sync_throw sync.throw
809 }
811 //go:nosplit
817 }
821 }
823 // runningPanicDefers is non-zero while running deferred functions for panic.
824 // runningPanicDefers is incremented and decremented atomically.
825 // This is used to try hard to get a panic stack trace out when exiting.
828 // panicking is non-zero when crashing the program for an unrecovered panic.
829 // panicking is incremented and decremented atomically.
832 // paniclk is held while printing the panic information and stack trace,
833 // so that two concurrent panics don't overlap their output.
834 var paniclk mutex
836 // startpanic_m prepares for an unrecoverable panic.
837 //
838 // It can have write barriers because the write barrier explicitly
839 // ignores writes once dying > 0.
840 //
841 //go:yeswritebarrierrec
846 }
847 // Disallow malloc during an unrecoverable panic. A panic
848 // could happen in a signal handler, or in a throw, or inside
849 // malloc itself. We want to catch if an allocation ever does
850 // happen (even if we're not in one of these situations).
861 }
863 return
865 // Something failed while panicking, probably the print of the
866 // argument to panic(). Just print a stack trace and exit.
871 fallthrough
873 // This is a genuine bug in the runtime, we couldn't even
874 // print the stack trace successfully.
878 fallthrough
880 // Can't even print! Just exit.
882 }
883 }
886 var deadlock mutex
896 }
898 }
905 }
913 }
917 }
918 }
922 // Some other m is panicking too.
923 // Let it print what it needs to print.
924 // Wait forever without chewing up cpu.
925 // It will exit when it's done.
928 }
932 }
935 }
937 // canpanic returns false if a signal should throw instead of
938 // panicking.
939 //
940 //go:nosplit
942 // Note that g is m->gsignal, different from gp.
943 // Note also that g->m can change at preemption, so m can go stale
944 // if this function ever makes a function call.
948 // Is it okay for gp to panic instead of crashing the program?
949 // Yes, as long as it is running Go code, not runtime code,
950 // and not stuck in a system call.
953 }
954 if _m_.locks-_m_.softfloat != 0 || _m_.mallocing != 0 || _m_.throwing != 0 || _m_.preemptoff != "" || _m_.dying != 0 {
956 }
960 }
962 }