[pull] master from golang:master#35
Merged
Merged
Conversation
Change-Id: I3e1b47e07d124fb739840ddc7bb56771fbde511e GitHub-Last-Rev: 2045696 GitHub-Pull-Request: #79364 Reviewed-on: https://go-review.googlesource.com/c/go/+/777200 Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Rob Pike <r@golang.org> Reviewed-by: Keith Randall <khr@golang.org> Auto-Submit: Keith Randall <khr@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Assuming the CPU recognize SBB RX, RX as a dependency break, this is a no-op however SET is much more canonical and easier to match for. Updates #76056 Change-Id: Icc590dbcc76a8ed2fca7b167cfb66a2d33d4d2d5 Reviewed-on: https://go-review.googlesource.com/c/go/+/778140 LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Keith Randall <khr@golang.org> Auto-Submit: Jorropo <jorropo.pgm@gmail.com>
Make use of the newly supported FENCE operands on riscv64 to replace overly conservative full memory barriers with more precise memory ordering instructions. Change-Id: I8e749eee4f2199cca218229e0cf51779fb6003b4 Reviewed-on: https://go-review.googlesource.com/c/go/+/758020 Reviewed-by: Meng Zhuo <mengzhuo1203@gmail.com> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
When returning errors, functions in the net/textproto package would include its input as part of the error, without any escaping. Note that said input is often controlled by external parties when using this package naturally. For example, a net/http client uses ReadMIMEHeader when parsing the headers it receive from a server. As a result, an attacker could inject arbitrary content into the error. Practically, this can result in an attacker injecting misleading content, terminal control bytes, etc. into a victim's output or logs. Fix this issue by making sure that ProtocolError usages within the package are properly escaped, and that Error.String will escape its Msg. Fixes #79346 Fixes CVE-2026-42507 Change-Id: Ide4c1005d8254f90d95d7a389b8ca3a26a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/777060 LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com>
…ysis
When a function variable is declared without an initializer and then
assigned exactly once, escape analysis cannot identify the callee:
var f func(*int)
f = func(p *int) {} // callee not visible to StaticValue
f(new(int)) // new(int) conservatively escapes
This pattern is common for recursive closures:
var visit func(*Node)
visit = func(n *Node) {
for _, child := range n.Children {
visit(child)
}
}
visit(root)
There is a trick we can use here: a nil func cannot be called, because
it panics, and a panic cannot cause anything to escape. So for
variables declared without an initializer and assigned exactly once, we
can treat that single assignment as the static value for escape
analysis purposes, since the only other possible value (nil) is a dead
end.
Add ir.FuncSingleAssignment to find such singly-assigned func variables,
and use it as a fallback in escape analysis when StaticCalleeName fails.
This is restricted to func-typed variables only: tracking all local
variables is too expensive, and only func-typed variables benefit from
callee resolution. A future CL will instead do this in the "oracle",
but I am splitting that up as I think it is wasteful to do that and
then not use it to replace StaticValue, but apparently that has its
own issues.
This optimization resolves callees 7 times in std, 100 times in cmd,
51 times in github.com/microsoft/typescript-go, 276 times in x/tools,
and 547 times in x/tools/gopls. Most resolutions improve parameter
escape precision; of those, 5 heap allocations are eliminated in
std/cmd, 6 in x/tools, 5 in x/tools/gopls, and 16 in typescript-go.
compilebench results (this CL vs parent):
│ sec/op │ sec/op vs base │
Template 157.8m ± 6% 157.9m ± 10% ~ (p=0.699 n=6)
Unicode 121.7m ± 12% 122.1m ± 4% ~ (p=0.589 n=6)
GoTypes 897.4m ± 5% 902.5m ± 3% ~ (p=0.937 n=6)
Compiler 163.1m ± 5% 162.4m ± 2% ~ (p=0.818 n=6)
SSA 7.269 ± 2% 7.177 ± 1% ~ (p=0.699 n=6)
Flate 167.6m ± 5% 167.7m ± 14% ~ (p=1.000 n=6)
GoParser 180.5m ± 5% 179.1m ± 5% ~ (p=1.000 n=6)
Reflect 399.5m ± 2% 411.2m ± 7% ~ (p=0.310 n=6)
Tar 172.2m ± 7% 180.0m ± 9% ~ (p=0.699 n=6)
XML 201.1m ± 6% 197.4m ± 4% ~ (p=0.699 n=6)
LinkCompiler 675.7m ± 2% 672.7m ± 2% ~ (p=0.485 n=6)
ExternalLinkCompiler 2.313 ± 2% 2.330 ± 1% ~ (p=0.394 n=6)
LinkWithoutDebugCompiler 430.5m ± 3% 430.9m ± 6% ~ (p=0.818 n=6)
StdCmd 30.43 ± 5% 30.31 ± 2% ~ (p=0.699 n=6)
geomean 539.1m 540.6m +0.28%
Updates #59708
Fixes #70171
Change-Id: I6b701748f05f62376a46bc811181698d8ef76d47
Reviewed-on: https://go-review.googlesource.com/c/go/+/771160
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Mateusz Poliwczak <mpoliwczak34@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Change the callee variable in escape analysis from a single fn *ir.Name to a slice fns []*ir.Name, in prep for a follow-up CL that starts resolving multiple callees. I replaced the mutable argumentParam func with some plain loops; it was getting unweildy to manage this state and the final result feels a lot more understandable (when read without a diff viewer anyway). No behavior change: fns still contains at most one element. Change-Id: Ie317b852d68413354ad2aefe426f745d033370af Reviewed-on: https://go-review.googlesource.com/c/go/+/775640 Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Keith Randall <khr@golang.org> LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )