1 // Copyright 2014 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
8 "runtime/internal/atomic"
12 // For gccgo, use go:linkname to rename compiler-called functions to
13 // themselves, so that the compiler will export them.
15 //go:linkname deferproc runtime.deferproc
16 //go:linkname deferreturn runtime.deferreturn
17 //go:linkname setdeferretaddr runtime.setdeferretaddr
18 //go:linkname checkdefer runtime.checkdefer
19 //go:linkname gopanic runtime.gopanic
20 //go:linkname canrecover runtime.canrecover
21 //go:linkname makefuncfficanrecover runtime.makefuncfficanrecover
22 //go:linkname makefuncreturning runtime.makefuncreturning
23 //go:linkname gorecover runtime.gorecover
24 //go:linkname deferredrecover runtime.deferredrecover
25 //go:linkname panicmem runtime.panicmem
26 // Temporary for C code to call:
27 //go:linkname throw runtime.throw
29 // Calling panic with one of the errors below will call errorString.Error
30 // which will call mallocgc to concatenate strings. That will fail if
31 // malloc is locked, causing a confusing error message. Throw a better
32 // error message instead.
33 func panicCheckMalloc(err error
) {
35 if gp
!= nil && gp
.m
!= nil && gp
.m
.mallocing
!= 0 {
36 throw(string(err
.(errorString
)))
40 var indexError
= error(errorString("index out of range"))
43 panicCheckMalloc(indexError
)
47 var sliceError
= error(errorString("slice bounds out of range"))
50 panicCheckMalloc(sliceError
)
54 var divideError
= error(errorString("integer divide by zero"))
57 panicCheckMalloc(divideError
)
61 var overflowError
= error(errorString("integer overflow"))
63 func panicoverflow() {
64 panicCheckMalloc(overflowError
)
68 var floatError
= error(errorString("floating point error"))
71 panicCheckMalloc(floatError
)
75 var memoryError
= error(errorString("invalid memory address or nil pointer dereference"))
78 panicCheckMalloc(memoryError
)
83 throw("recursive call during initialization - linker skew")
86 // deferproc creates a new deferred function.
87 // The compiler turns a defer statement into a call to this.
88 // frame points into the stack frame; it is used to determine which
89 // deferred functions are for the current stack frame, and whether we
90 // have already deferred functions for this frame.
91 // pfn is a C function pointer.
92 // arg is a value to pass to pfn.
93 func deferproc(frame
*bool, pfn
uintptr, arg unsafe
.Pointer
) {
96 throw("deferproc: d.panic != nil after newdefer")
99 d
.panicStack
= getg()._panic
103 d
.makefunccanrecover
= false
106 // Allocate a Defer, usually using per-P pool.
107 // Each defer must be released with freedefer.
108 func newdefer() *_defer
{
112 if len(pp
.deferpool
) == 0 && sched
.deferpool
!= nil {
114 lock(&sched
.deferlock
)
115 for len(pp
.deferpool
) < cap(pp
.deferpool
)/2 && sched
.deferpool
!= nil {
117 sched
.deferpool
= d
.link
119 pp
.deferpool
= append(pp
.deferpool
, d
)
121 unlock(&sched
.deferlock
)
124 if n
:= len(pp
.deferpool
); n
> 0 {
125 d
= pp
.deferpool
[n
-1]
126 pp
.deferpool
[n
-1] = nil
127 pp
.deferpool
= pp
.deferpool
[:n
-1]
139 // Free the given defer.
140 // The defer cannot be used after this call.
142 // This must not grow the stack because there may be a frame without a
143 // stack map when this is called.
146 func freedefer(d
*_defer
) {
147 pp
:= getg().m
.p
.ptr()
148 if len(pp
.deferpool
) == cap(pp
.deferpool
) {
149 // Transfer half of local cache to the central cache.
151 // Take this slow path on the system stack so
152 // we don't grow freedefer's stack.
154 var first
, last
*_defer
155 for len(pp
.deferpool
) > cap(pp
.deferpool
)/2 {
156 n
:= len(pp
.deferpool
)
157 d
:= pp
.deferpool
[n
-1]
158 pp
.deferpool
[n
-1] = nil
159 pp
.deferpool
= pp
.deferpool
[:n
-1]
167 lock(&sched
.deferlock
)
168 last
.link
= sched
.deferpool
169 sched
.deferpool
= first
170 unlock(&sched
.deferlock
)
174 // These lines used to be simply `*d = _defer{}` but that
175 // started causing a nosplit stack overflow via typedmemmove.
183 d
.makefunccanrecover
= false
185 pp
.deferpool
= append(pp
.deferpool
, d
)
188 // deferreturn is called to undefer the stack.
189 // The compiler inserts a call to this function as a finally clause
190 // wrapped around the body of any function that calls defer.
191 // The frame argument points to the stack frame of the function.
192 func deferreturn(frame
*bool) {
194 for gp
._defer
!= nil && gp
._defer
.frame
== frame
{
200 // This is rather awkward.
201 // The gc compiler does this using assembler
203 var fn
func(unsafe
.Pointer
)
204 *(*uintptr)(unsafe
.Pointer(&fn
)) = uintptr(noescape(unsafe
.Pointer(&pfn
)))
208 // If we are returning from a Go function called by a
209 // C function running in a C thread, g may now be nil,
210 // in which case CgocallBackDone will have cleared _defer.
211 // In that case some other goroutine may already be using gp.
221 // Since we are executing a defer function now, we
222 // know that we are returning from the calling
223 // function. If the calling function, or one of its
224 // callees, panicked, then the defer functions would
225 // be executed by panic.
230 // __builtin_extract_return_addr is a GCC intrinsic that converts an
231 // address returned by __builtin_return_address(0) to a real address.
232 // On most architectures this is a nop.
233 //extern __builtin_extract_return_addr
234 func __builtin_extract_return_addr(uintptr) uintptr
236 // setdeferretaddr records the address to which the deferred function
237 // returns. This is check by canrecover. The frontend relies on this
238 // function returning false.
239 func setdeferretaddr(retaddr
uintptr) bool {
241 if gp
._defer
!= nil {
242 gp
._defer
.retaddr
= __builtin_extract_return_addr(retaddr
)
247 // checkdefer is called by exception handlers used when unwinding the
248 // stack after a recovered panic. The exception handler is simply
251 // If we have not yet reached the frame we are looking for, we
252 // continue unwinding.
253 func checkdefer(frame
*bool) {
256 // We should never wind up here. Even if some other
257 // language throws an exception, the cgo code
258 // should ensure that g is set.
259 throw("no g in checkdefer")
260 } else if gp
.isforeign
{
261 // Some other language has thrown an exception.
262 // We need to run the local defer handlers.
263 // If they call recover, we stop unwinding here.
267 gp
._panic
= (*_panic
)(noescape(unsafe
.Pointer(&p
)))
270 if d
== nil || d
.frame
!= frame || d
.pfn
== 0 {
277 var fn
func(unsafe
.Pointer
)
278 *(*uintptr)(unsafe
.Pointer(&fn
)) = uintptr(noescape(unsafe
.Pointer(&pfn
)))
284 // The recover function caught the panic
285 // thrown by some other language.
290 recovered
:= p
.recovered
294 // Just return and continue executing Go code.
299 // We are panicking through this function.
301 } else if gp
._defer
!= nil && gp
._defer
.pfn
== 0 && gp
._defer
.frame
== frame
{
302 // This is the defer function that called recover.
303 // Simply return to stop the stack unwind, and let the
304 // Go code continue to execute.
309 // We are returning from this function.
315 // This is some other defer function. It was already run by
316 // the call to panic, or just above. Rethrow the exception.
318 throw("rethrowException returned")
321 // unwindStack starts unwinding the stack for a panic. We unwind
322 // function calls until we reach the one which used a defer function
323 // which called recover. Each function which uses a defer statement
324 // will have an exception handler, as shown above for checkdefer.
326 // Allocate the exception type used by the unwind ABI.
327 // It would be nice to define it in runtime_sysinfo.go,
328 // but current definitions don't work because the required
329 // alignment is larger than can be represented in Go.
330 // The type never contains any Go pointers.
331 size
:= unwindExceptionSize()
332 usize
:= uintptr(unsafe
.Sizeof(uintptr(0)))
333 c
:= (size
+ usize
- 1) / usize
334 s
:= make([]uintptr, c
)
335 getg().exception
= unsafe
.Pointer(&s
[0])
339 // Goexit terminates the goroutine that calls it. No other goroutine is affected.
340 // Goexit runs all deferred calls before terminating the goroutine. Because Goexit
341 // is not a panic, any recover calls in those deferred functions will return nil.
343 // Calling Goexit from the main goroutine terminates that goroutine
344 // without func main returning. Since func main has not returned,
345 // the program continues execution of other goroutines.
346 // If all other goroutines exit, the program crashes.
348 // Run all deferred functions for the current goroutine.
349 // This code is similar to gopanic, see that implementation
350 // for detailed comments.
361 d
._panic
.aborted
= true
370 var fn
func(unsafe
.Pointer
)
371 *(*uintptr)(unsafe
.Pointer(&fn
)) = uintptr(noescape(unsafe
.Pointer(&pfn
)))
375 throw("bad defer entry in Goexit")
380 // Note: we ignore recovers here because Goexit isn't a panic
385 // Call all Error and String methods before freezing the world.
386 // Used when crashing with panicking.
387 func preprintpanics(p
*_panic
) {
389 if recover() != nil {
390 throw("panic while printing panic value")
394 switch v
:= p
.arg
.(type) {
404 // Print all currently active panics. Used when crashing.
405 // Should only be called after preprintpanics.
406 func printpanics(p
*_panic
) {
414 print(" [recovered]")
419 // The implementation of the predeclared function panic.
420 func gopanic(e
interface{}) {
426 throw("panic on system stack")
429 if gp
.m
.mallocing
!= 0 {
433 throw("panic during malloc")
435 if gp
.m
.preemptoff
!= "" {
439 print("preempt off reason: ")
440 print(gp
.m
.preemptoff
)
442 throw("panic during preemptoff")
448 throw("panic holding locks")
451 // The gc compiler allocates this new _panic struct on the
452 // stack. We can't do that, because when a deferred function
453 // recovers the panic we unwind the stack. We unlink this
454 // entry before unwinding the stack, but that doesn't help in
455 // the case where we panic, a deferred function recovers and
456 // then panics itself, that panic is in turn recovered, and
457 // unwinds the stack past this stack frame.
465 atomic
.Xadd(&runningPanicDefers
, 1)
475 // If defer was started by earlier panic or Goexit (and, since we're back here, that triggered a new panic),
476 // take defer off list. The earlier panic or Goexit will not continue running.
479 d
._panic
.aborted
= true
488 // Record the panic that is running the defer.
489 // If there is a new panic during the deferred call, that panic
490 // will find d in the list and will mark d._panic (this panic) aborted.
493 var fn
func(unsafe
.Pointer
)
494 *(*uintptr)(unsafe
.Pointer(&fn
)) = uintptr(noescape(unsafe
.Pointer(&pfn
)))
498 throw("bad defer entry in panic")
503 atomic
.Xadd(&runningPanicDefers
, -1)
507 // Aborted panics are marked but remain on the g.panic list.
508 // Remove them from the list.
509 for gp
._panic
!= nil && gp
._panic
.aborted
{
510 gp
._panic
= gp
._panic
.link
512 if gp
._panic
== nil { // must be done with signal
516 // Unwind the stack by throwing an exception.
517 // The compiler has arranged to create
518 // exception handlers in each function
519 // that uses a defer statement. These
520 // exception handlers will check whether
521 // the entry on the top of the defer stack
522 // is from the current function. If it is,
523 // we have unwound the stack far enough.
526 throw("unwindStack returned")
529 // Because we executed that defer function by a panic,
530 // and it did not call recover, we know that we are
531 // not returning from the calling function--we are
532 // panicking through it.
535 // Deferred function did not panic. Remove d.
536 // In the p.recovered case, d will be removed by checkdefer.
542 // ran out of deferred calls - old-school panic now
543 // Because it is unsafe to call arbitrary user code after freezing
544 // the world, we call preprintpanics to invoke all necessary Error
545 // and String methods to prepare the panic strings before startpanic.
546 preprintpanics(gp
._panic
)
549 // startpanic set panicking, which will block main from exiting,
550 // so now OK to decrement runningPanicDefers.
551 atomic
.Xadd(&runningPanicDefers
, -1)
553 printpanics(gp
._panic
)
554 dopanic(0) // should not return
555 *(*int)(nil) = 0 // not reached
558 // currentDefer returns the top of the defer stack if it can be recovered.
559 // Otherwise it returns nil.
560 func currentDefer() *_defer
{
567 // The panic that would be recovered is the one on the top of
568 // the panic stack. We do not want to recover it if that panic
569 // was on the top of the panic stack when this function was
571 if d
.panicStack
== gp
._panic
{
575 // The deferred thunk will call setdeferretaddr. If this has
576 // not happened, then we have not been called via defer, and
577 // we can not recover.
585 // canrecover is called by a thunk to see if the real function would
586 // be permitted to recover a panic value. Recovering a value is
587 // permitted if the thunk was called directly by defer. retaddr is the
588 // return address of the function that is calling canrecover--that is,
590 func canrecover(retaddr
uintptr) bool {
596 ret
:= __builtin_extract_return_addr(retaddr
)
598 if ret
<= dret
&& ret
+16 >= dret
{
602 // On some systems, in some cases, the return address does not
603 // work reliably. See http://gcc.gnu.org/PR60406. If we are
604 // permitted to call recover, the call stack will look like this:
605 // runtime.gopanic, runtime.deferreturn, etc.
606 // thunk to call deferred function (calls __go_set_defer_retaddr)
607 // function that calls __go_can_recover (passing return address)
608 // runtime.canrecover
609 // Calling callers will skip the thunks. So if our caller's
610 // caller starts with "runtime.", then we are permitted to
612 var locs
[16]location
613 if callers(1, locs
[:2]) < 2 {
617 name
:= locs
[1].function
618 if hasprefix(name
, "runtime.") {
622 // If the function calling recover was created by reflect.MakeFunc,
623 // then makefuncfficanrecover will have set makefunccanrecover.
624 if !d
.makefunccanrecover
{
628 // We look up the stack, ignoring libffi functions and
629 // functions in the reflect package, until we find
630 // reflect.makeFuncStub or reflect.ffi_callback called by FFI
631 // functions. Then we check the caller of that function.
633 n
:= callers(2, locs
[:])
634 foundFFICallback
:= false
637 name
= locs
[i
].function
639 // No function name means this caller isn't Go code.
640 // Assume that this is libffi.
644 // Ignore function in libffi.
645 if hasprefix(name
, "ffi_") {
649 if foundFFICallback
{
653 if name
== "reflect.ffi_callback" {
654 foundFFICallback
= true
658 // Ignore other functions in the reflect package.
659 if hasprefix(name
, "reflect.") ||
hasprefix(name
, ".1reflect.") {
663 // We should now be looking at the real caller.
668 name
= locs
[i
].function
669 if hasprefix(name
, "runtime.") {
677 // This function is called when code is about to enter a function
678 // created by the libffi version of reflect.MakeFunc. This function is
679 // passed the names of the callers of the libffi code that called the
680 // stub. It uses them to decide whether it is permitted to call
681 // recover, and sets d.makefunccanrecover so that gorecover can make
682 // the same decision.
683 func makefuncfficanrecover(loc
[]location
) {
689 // If we are already in a call stack of MakeFunc functions,
690 // there is nothing we can usefully check here.
691 if d
.makefunccanrecover
{
695 // loc starts with the caller of our caller. That will be a thunk.
696 // If its caller was a function function, then it was called
697 // directly by defer.
702 name
:= loc
[1].function
703 if hasprefix(name
, "runtime.") {
704 d
.makefunccanrecover
= true
708 // makefuncreturning is called when code is about to exit a function
709 // created by reflect.MakeFunc. It is called by the function stub used
710 // by reflect.MakeFunc. It clears the makefunccanrecover field. It's
711 // OK to always clear this field, because canrecover will only be
712 // called by a stub created for a function that calls recover. That
713 // stub will not call a function created by reflect.MakeFunc, so by
714 // the time we get here any caller higher up on the call stack no
715 // longer needs the information.
716 func makefuncreturning() {
719 d
.makefunccanrecover
= false
723 // The implementation of the predeclared function recover.
724 func gorecover() interface{} {
727 if p
!= nil && !p
.recovered
{
734 // deferredrecover is called when a call to recover is deferred. That
735 // is, something like
738 // We need to handle this specially. In gc, the recover function
739 // looks up the stack frame. In particular, that means that a deferred
740 // recover will not recover a panic thrown in the same function that
741 // defers the recover. It will only recover a panic thrown in a
742 // function that defers the deferred call to recover.
747 // defer recover() // does not stop panic
753 // defer recover() // stops panic(0)
760 // defer recover() // does not stop panic
769 // defer recover() // stops panic(0)
776 // The interesting case here is f3. As can be seen from f2, the
777 // deferred recover could pick up panic(1). However, this does not
778 // happen because it is blocked by the panic(0).
780 // When a function calls recover, then when we invoke it we pass a
781 // hidden parameter indicating whether it should recover something.
782 // This parameter is set based on whether the function is being
783 // invoked directly from defer. The parameter winds up determining
784 // whether __go_recover or __go_deferred_recover is called at all.
786 // In the case of a deferred recover, the hidden parameter that
787 // controls the call is actually the one set up for the function that
788 // runs the defer recover() statement. That is the right thing in all
789 // the cases above except for f3. In f3 the function is permitted to
790 // call recover, but the deferred recover call is not. We address that
791 // here by checking for that specific case before calling recover. If
792 // this function was deferred when there is already a panic on the
793 // panic stack, then we can only recover that panic, not any other.
795 // Note that we can get away with using a special function here
796 // because you are not permitted to take the address of a predeclared
797 // function like recover.
798 func deferredrecover() interface{} {
800 if gp
._defer
== nil || gp
._defer
.panicStack
!= gp
._panic
{
806 //go:linkname sync_throw sync.throw
807 func sync_throw(s
string) {
812 func throw(s
string) {
813 print("fatal error: ", s
, "\n")
815 if gp
.m
.throwing
== 0 {
820 *(*int)(nil) = 0 // not reached
823 // runningPanicDefers is non-zero while running deferred functions for panic.
824 // runningPanicDefers is incremented and decremented atomically.
825 // This is used to try hard to get a panic stack trace out when exiting.
826 var runningPanicDefers
uint32
828 // panicking is non-zero when crashing the program for an unrecovered panic.
829 // panicking is incremented and decremented atomically.
832 // paniclk is held while printing the panic information and stack trace,
833 // so that two concurrent panics don't overlap their output.
836 // startpanic_m prepares for an unrecoverable panic.
838 // It can have write barriers because the write barrier explicitly
839 // ignores writes once dying > 0.
841 //go:yeswritebarrierrec
844 if mheap_
.cachealloc
.size
== 0 { // very early
845 print("runtime: panic before malloc heap initialized\n")
847 // Disallow malloc during an unrecoverable panic. A panic
848 // could happen in a signal handler, or in a throw, or inside
849 // malloc itself. We want to catch if an allocation ever does
850 // happen (even if we're not in one of these situations).
857 atomic
.Xadd(&panicking
, 1)
859 if debug
.schedtrace
> 0 || debug
.scheddetail
> 0 {
865 // Something failed while panicking, probably the print of the
866 // argument to panic(). Just print a stack trace and exit.
868 print("panic during panic\n")
873 // This is a genuine bug in the runtime, we couldn't even
874 // print the stack trace successfully.
876 print("stack trace unavailable\n")
880 // Can't even print! Just exit.
888 func dopanic(unused
int) {
891 signame
:= signame(gp
.sig
)
893 print("[signal ", signame
)
895 print("[signal ", hex(gp
.sig
))
897 print(" code=", hex(gp
.sigcode0
), " addr=", hex(gp
.sigcode1
), " pc=", hex(gp
.sigpc
), "]\n")
900 level
, all
, docrash
:= gotraceback()
910 } else if level
>= 2 || _g_
.m
.throwing
> 0 {
911 print("\nruntime stack:\n")
914 if !didothers
&& all
{
921 if atomic
.Xadd(&panicking
, -1) != 0 {
922 // Some other m is panicking too.
923 // Let it print what it needs to print.
924 // Wait forever without chewing up cpu.
925 // It will exit when it's done.
937 // canpanic returns false if a signal should throw instead of
941 func canpanic(gp
*g
) bool {
942 // Note that g is m->gsignal, different from gp.
943 // Note also that g->m can change at preemption, so m can go stale
944 // if this function ever makes a function call.
948 // Is it okay for gp to panic instead of crashing the program?
949 // Yes, as long as it is running Go code, not runtime code,
950 // and not stuck in a system call.
951 if gp
== nil || gp
!= _m_
.curg
{
954 if _m_
.locks
-_m_
.softfloat
!= 0 || _m_
.mallocing
!= 0 || _m_
.throwing
!= 0 || _m_
.preemptoff
!= "" || _m_
.dying
!= 0 {
957 status
:= readgstatus(gp
)
958 if status
&^_Gscan
!= _Grunning || gp
.syscallsp
!= 0 {