runtime: pass correct size to malloc
In both cases we lie to malloc about the actual size that we need.
In panic we ask for less memory than we are going to use.
In slice we ask for more memory than we are going to use
(potentially asking for a fractional number of elements).
This breaks the new GC.
Hello golang-codereviews@googlegroups.com (cc: khr@golang.org, rsc@golang.org), I'd like you to review this change to https://dvyukov%40google.com@code.google.com/p/go/
10 years, 8 months ago
(2014-07-20 11:17:31 UTC)
#1
10 years, 8 months ago
(2014-07-21 21:00:03 UTC)
#5
https://codereview.appspot.com/116940043/diff/60001/src/pkg/runtime/slice.goc
File src/pkg/runtime/slice.goc (right):
https://codereview.appspot.com/116940043/diff/60001/src/pkg/runtime/slice.goc...
src/pkg/runtime/slice.goc:125: ret->len = x.len;
On 2014/07/21 19:44:52, khr wrote:
> I worry about setting len & cap before array is set. This means GC might see
a
> [nil, nonzero, nonzero] slice. Probably won't break the current gc, but it
> would be safer for future changes to set all 3 fields atomically with respect
to
> GC.
>
> Just moving them to after the mallocgc call should do it.
This problem is unsolvable with shuffling order. Consider that you have an
already initialized slice and want to assign a new value to it, whatever way you
assign new values you have an inconsistent slice during the operation. And with
concurrent GC you can't assume that you can look at 3 words atomically at all
(unless you protect all slice operations with a mutex, which is not a good
idea).
I think we need to leave it as is for now. If/when we change the GC, there will
be lots of work to do, and we know that the compiler, string.goc and slice.goc
are the places to check.
I realize we'll have to fix it for concurrent GC. That's still a ways away. ...
10 years, 8 months ago
(2014-07-21 21:14:41 UTC)
#6
I realize we'll have to fix it for concurrent GC. That's still a ways
away. Having a safe point halfway through initializing the slice is
dangerous with the current GC, i.e. the GC that will ship with 1.4. I'd
rather play it safe for the current release cycle.
On Mon, Jul 21, 2014 at 2:00 PM, <dvyukov@google.com> wrote:
>
> https://codereview.appspot.com/116940043/diff/60001/src/
> pkg/runtime/slice.goc
> File src/pkg/runtime/slice.goc (right):
>
> https://codereview.appspot.com/116940043/diff/60001/src/
> pkg/runtime/slice.goc#newcode125
> src/pkg/runtime/slice.goc:125: ret->len = x.len;
> On 2014/07/21 19:44:52, khr wrote:
>
>> I worry about setting len & cap before array is set. This means GC
>>
> might see a
>
>> [nil, nonzero, nonzero] slice. Probably won't break the current gc,
>>
> but it
>
>> would be safer for future changes to set all 3 fields atomically with
>>
> respect to
>
>> GC.
>>
>
> Just moving them to after the mallocgc call should do it.
>>
>
> This problem is unsolvable with shuffling order. Consider that you have
> an already initialized slice and want to assign a new value to it,
> whatever way you assign new values you have an inconsistent slice during
> the operation. And with concurrent GC you can't assume that you can look
> at 3 words atomically at all (unless you protect all slice operations
> with a mutex, which is not a good idea).
> I think we need to leave it as is for now. If/when we change the GC,
> there will be lots of work to do, and we know that the compiler,
> string.goc and slice.goc are the places to check.
>
> https://codereview.appspot.com/116940043/
>
As you wish PTAL On 2014/07/21 21:14:41, khr1 wrote: > I realize we'll have to ...
10 years, 8 months ago
(2014-07-21 21:44:09 UTC)
#7
As you wish
PTAL
On 2014/07/21 21:14:41, khr1 wrote:
> I realize we'll have to fix it for concurrent GC. That's still a ways
> away. Having a safe point halfway through initializing the slice is
> dangerous with the current GC, i.e. the GC that will ship with 1.4. I'd
> rather play it safe for the current release cycle.
>
>
> On Mon, Jul 21, 2014 at 2:00 PM, <mailto:dvyukov@google.com> wrote:
>
> >
> > https://codereview.appspot.com/116940043/diff/60001/src/
> > pkg/runtime/slice.goc
> > File src/pkg/runtime/slice.goc (right):
> >
> > https://codereview.appspot.com/116940043/diff/60001/src/
> > pkg/runtime/slice.goc#newcode125
> > src/pkg/runtime/slice.goc:125: ret->len = x.len;
> > On 2014/07/21 19:44:52, khr wrote:
> >
> >> I worry about setting len & cap before array is set. This means GC
> >>
> > might see a
> >
> >> [nil, nonzero, nonzero] slice. Probably won't break the current gc,
> >>
> > but it
> >
> >> would be safer for future changes to set all 3 fields atomically with
> >>
> > respect to
> >
> >> GC.
> >>
> >
> > Just moving them to after the mallocgc call should do it.
> >>
> >
> > This problem is unsolvable with shuffling order. Consider that you have
> > an already initialized slice and want to assign a new value to it,
> > whatever way you assign new values you have an inconsistent slice during
> > the operation. And with concurrent GC you can't assume that you can look
> > at 3 words atomically at all (unless you protect all slice operations
> > with a mutex, which is not a good idea).
> > I think we need to leave it as is for now. If/when we change the GC,
> > there will be lots of work to do, and we know that the compiler,
> > string.goc and slice.goc are the places to check.
> >
> > https://codereview.appspot.com/116940043/
On 2014/07/21 21:44:09, dvyukov wrote: > As you wish > PTAL > > On 2014/07/21 ...
10 years, 8 months ago
(2014-07-21 21:45:05 UTC)
#8
On 2014/07/21 21:44:09, dvyukov wrote:
> As you wish
> PTAL
>
> On 2014/07/21 21:14:41, khr1 wrote:
> > I realize we'll have to fix it for concurrent GC. That's still a ways
> > away. Having a safe point halfway through initializing the slice is
> > dangerous with the current GC, i.e. the GC that will ship with 1.4. I'd
> > rather play it safe for the current release cycle.
> >
> >
> > On Mon, Jul 21, 2014 at 2:00 PM, <mailto:dvyukov@google.com> wrote:
> >
> > >
> > > https://codereview.appspot.com/116940043/diff/60001/src/
> > > pkg/runtime/slice.goc
> > > File src/pkg/runtime/slice.goc (right):
> > >
> > > https://codereview.appspot.com/116940043/diff/60001/src/
> > > pkg/runtime/slice.goc#newcode125
> > > src/pkg/runtime/slice.goc:125: ret->len = x.len;
> > > On 2014/07/21 19:44:52, khr wrote:
> > >
> > >> I worry about setting len & cap before array is set. This means GC
> > >>
> > > might see a
> > >
> > >> [nil, nonzero, nonzero] slice. Probably won't break the current gc,
> > >>
> > > but it
> > >
> > >> would be safer for future changes to set all 3 fields atomically with
> > >>
> > > respect to
> > >
> > >> GC.
> > >>
> > >
> > > Just moving them to after the mallocgc call should do it.
> > >>
> > >
> > > This problem is unsolvable with shuffling order. Consider that you have
> > > an already initialized slice and want to assign a new value to it,
> > > whatever way you assign new values you have an inconsistent slice during
> > > the operation. And with concurrent GC you can't assume that you can look
> > > at 3 words atomically at all (unless you protect all slice operations
> > > with a mutex, which is not a good idea).
> > > I think we need to leave it as is for now. If/when we change the GC,
> > > there will be lots of work to do, and we know that the compiler,
> > > string.goc and slice.goc are the places to check.
> > >
> > > https://codereview.appspot.com/116940043/
LGTM
*** Submitted as https://code.google.com/p/go/source/detail?r=cc4f23ba86c7 *** runtime: pass correct size to malloc In both cases we ...
10 years, 8 months ago
(2014-07-21 21:56:24 UTC)
#9
*** Submitted as https://code.google.com/p/go/source/detail?r=cc4f23ba86c7 ***
runtime: pass correct size to malloc
In both cases we lie to malloc about the actual size that we need.
In panic we ask for less memory than we are going to use.
In slice we ask for more memory than we are going to use
(potentially asking for a fractional number of elements).
This breaks the new GC.
LGTM=khr
R=golang-codereviews, dave, khr
CC=golang-codereviews, rsc
https://codereview.appspot.com/116940043
Issue 116940043: code review 116940043: runtime: pass correct size to malloc
(Closed)
Created 10 years, 8 months ago by dvyukov
Modified 10 years, 8 months ago
Reviewers: rsc
Base URL:
Comments: 4
