mbitmap.go

     1  // Copyright 2009 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Garbage collector: type and heap bitmaps.
     6  //
     7  // Stack, data, and bss bitmaps
     8  //
     9  // Stack frames and global variables in the data and bss sections are
    10  // described by bitmaps with 1 bit per pointer-sized word. A "1" bit
    11  // means the word is a live pointer to be visited by the GC (referred to
    12  // as "pointer"). A "0" bit means the word should be ignored by GC
    13  // (referred to as "scalar", though it could be a dead pointer value).
    14  //
    15  // Heap bitmaps
    16  //
    17  // The heap bitmap comprises 1 bit for each pointer-sized word in the heap,
    18  // recording whether a pointer is stored in that word or not. This bitmap
    19  // is stored at the end of a span for small objects and is unrolled at
    20  // runtime from type metadata for all larger objects. Objects without
    21  // pointers have neither a bitmap nor associated type metadata.
    22  //
    23  // Bits in all cases correspond to words in little-endian order.
    24  //
    25  // For small objects, if s is the mspan for the span starting at "start",
    26  // then s.heapBits() returns a slice containing the bitmap for the whole span.
    27  // That is, s.heapBits()[0] holds the goarch.PtrSize*8 bits for the first
    28  // goarch.PtrSize*8 words from "start" through "start+63*ptrSize" in the span.
    29  // On a related note, small objects are always small enough that their bitmap
    30  // fits in goarch.PtrSize*8 bits, so writing out bitmap data takes two bitmap
    31  // writes at most (because object boundaries don't generally lie on
    32  // s.heapBits()[i] boundaries).
    33  //
    34  // For larger objects, if t is the type for the object starting at "start",
    35  // within some span whose mspan is s, then the bitmap at t.GCData is "tiled"
    36  // from "start" through "start+s.elemsize".
    37  // Specifically, the first bit of t.GCData corresponds to the word at "start",
    38  // the second to the word after "start", and so on up to t.PtrBytes. At t.PtrBytes,
    39  // we skip to "start+t.Size_" and begin again from there. This process is
    40  // repeated until we hit "start+s.elemsize".
    41  // This tiling algorithm supports array data, since the type always refers to
    42  // the element type of the array. Single objects are considered the same as
    43  // single-element arrays.
    44  // The tiling algorithm may scan data past the end of the compiler-recognized
    45  // object, but any unused data within the allocation slot (i.e. within s.elemsize)
    46  // is zeroed, so the GC just observes nil pointers.
    47  // Note that this "tiled" bitmap isn't stored anywhere; it is generated on-the-fly.
    48  //
    49  // For objects without their own span, the type metadata is stored in the first
    50  // word before the object at the beginning of the allocation slot. For objects
    51  // with their own span, the type metadata is stored in the mspan.
    52  //
    53  // The bitmap for small unallocated objects in scannable spans is not maintained
    54  // (can be junk).
    55  
    56  package runtime
    57  
    58  import (
    59  	"internal/abi"
    60  	"internal/goarch"
    61  	"internal/goexperiment"
    62  	"internal/runtime/atomic"
    63  	"internal/runtime/gc"
    64  	"internal/runtime/sys"
    65  	"unsafe"
    66  )
    67  
    68  // heapBitsInSpan returns true if the size of an object implies its ptr/scalar
    69  // data is stored at the end of the span, and is accessible via span.heapBits.
    70  //
    71  // Note: this works for both rounded-up sizes (span.elemsize) and unrounded
    72  // type sizes because gc.MinSizeForMallocHeader is guaranteed to be at a size
    73  // class boundary.
    74  //
    75  //go:nosplit
    76  func heapBitsInSpan(userSize uintptr) bool {
    77  	// N.B. gc.MinSizeForMallocHeader is an exclusive minimum so that this function is
    78  	// invariant under size-class rounding on its input.
    79  	return userSize <= gc.MinSizeForMallocHeader
    80  }
    81  
    82  // typePointers is an iterator over the pointers in a heap object.
    83  //
    84  // Iteration through this type implements the tiling algorithm described at the
    85  // top of this file.
    86  type typePointers struct {
    87  	// elem is the address of the current array element of type typ being iterated over.
    88  	// Objects that are not arrays are treated as single-element arrays, in which case
    89  	// this value does not change.
    90  	elem uintptr
    91  
    92  	// addr is the address the iterator is currently working from and describes
    93  	// the address of the first word referenced by mask.
    94  	addr uintptr
    95  
    96  	// mask is a bitmask where each bit corresponds to pointer-words after addr.
    97  	// Bit 0 is the pointer-word at addr, Bit 1 is the next word, and so on.
    98  	// If a bit is 1, then there is a pointer at that word.
    99  	// nextFast and next mask out bits in this mask as their pointers are processed.
   100  	mask uintptr
   101  
   102  	// typ is a pointer to the type information for the heap object's type.
   103  	// This may be nil if the object is in a span where heapBitsInSpan(span.elemsize) is true.
   104  	typ *_type
   105  }
   106  
   107  // typePointersOf returns an iterator over all heap pointers in the range [addr, addr+size).
   108  //
   109  // addr and addr+size must be in the range [span.base(), span.limit).
   110  //
   111  // Note: addr+size must be passed as the limit argument to the iterator's next method on
   112  // each iteration. This slightly awkward API is to allow typePointers to be destructured
   113  // by the compiler.
   114  //
   115  // nosplit because it is used during write barriers and must not be preempted.
   116  //
   117  //go:nosplit
   118  func (span *mspan) typePointersOf(addr, size uintptr) typePointers {
   119  	base := span.objBase(addr)
   120  	tp := span.typePointersOfUnchecked(base)
   121  	if base == addr && size == span.elemsize {
   122  		return tp
   123  	}
   124  	return tp.fastForward(addr-tp.addr, addr+size)
   125  }
   126  
   127  // typePointersOfUnchecked is like typePointersOf, but assumes addr is the base
   128  // of an allocation slot in a span (the start of the object if no header, the
   129  // header otherwise). It returns an iterator that generates all pointers
   130  // in the range [addr, addr+span.elemsize).
   131  //
   132  // nosplit because it is used during write barriers and must not be preempted.
   133  //
   134  //go:nosplit
   135  func (span *mspan) typePointersOfUnchecked(addr uintptr) typePointers {
   136  	const doubleCheck = false
   137  	if doubleCheck && span.objBase(addr) != addr {
   138  		print("runtime: addr=", addr, " base=", span.objBase(addr), "\n")
   139  		throw("typePointersOfUnchecked consisting of non-base-address for object")
   140  	}
   141  
   142  	spc := span.spanclass
   143  	if spc.noscan() {
   144  		return typePointers{}
   145  	}
   146  	if heapBitsInSpan(span.elemsize) {
   147  		// Handle header-less objects.
   148  		return typePointers{elem: addr, addr: addr, mask: span.heapBitsSmallForAddr(addr)}
   149  	}
   150  
   151  	// All of these objects have a header.
   152  	var typ *_type
   153  	if spc.sizeclass() != 0 {
   154  		// Pull the allocation header from the first word of the object.
   155  		typ = *(**_type)(unsafe.Pointer(addr))
   156  		addr += gc.MallocHeaderSize
   157  	} else {
   158  		// Synchronize with allocator, in case this came from the conservative scanner.
   159  		// See heapSetTypeLarge for more details.
   160  		typ = (*_type)(atomic.Loadp(unsafe.Pointer(&span.largeType)))
   161  		if typ == nil {
   162  			// Allow a nil type here for delayed zeroing. See mallocgc.
   163  			return typePointers{}
   164  		}
   165  	}
   166  	gcmask := getGCMask(typ)
   167  	return typePointers{elem: addr, addr: addr, mask: readUintptr(gcmask), typ: typ}
   168  }
   169  
   170  // typePointersOfType is like typePointersOf, but assumes addr points to one or more
   171  // contiguous instances of the provided type. The provided type must not be nil.
   172  //
   173  // It returns an iterator that tiles typ's gcmask starting from addr. It's the caller's
   174  // responsibility to limit iteration.
   175  //
   176  // nosplit because its callers are nosplit and require all their callees to be nosplit.
   177  //
   178  //go:nosplit
   179  func (span *mspan) typePointersOfType(typ *abi.Type, addr uintptr) typePointers {
   180  	const doubleCheck = false
   181  	if doubleCheck && typ == nil {
   182  		throw("bad type passed to typePointersOfType")
   183  	}
   184  	if span.spanclass.noscan() {
   185  		return typePointers{}
   186  	}
   187  	// Since we have the type, pretend we have a header.
   188  	gcmask := getGCMask(typ)
   189  	return typePointers{elem: addr, addr: addr, mask: readUintptr(gcmask), typ: typ}
   190  }
   191  
   192  // nextFast is the fast path of next. nextFast is written to be inlineable and,
   193  // as the name implies, fast.
   194  //
   195  // Callers that are performance-critical should iterate using the following
   196  // pattern:
   197  //
   198  //	for {
   199  //		var addr uintptr
   200  //		if tp, addr = tp.nextFast(); addr == 0 {
   201  //			if tp, addr = tp.next(limit); addr == 0 {
   202  //				break
   203  //			}
   204  //		}
   205  //		// Use addr.
   206  //		...
   207  //	}
   208  //
   209  // nosplit because it is used during write barriers and must not be preempted.
   210  //
   211  //go:nosplit
   212  func (tp typePointers) nextFast() (typePointers, uintptr) {
   213  	// TESTQ/JEQ
   214  	if tp.mask == 0 {
   215  		return tp, 0
   216  	}
   217  	// BSFQ
   218  	var i int
   219  	if goarch.PtrSize == 8 {
   220  		i = sys.TrailingZeros64(uint64(tp.mask))
   221  	} else {
   222  		i = sys.TrailingZeros32(uint32(tp.mask))
   223  	}
   224  	if GOARCH == "amd64" {
   225  		// BTCQ
   226  		tp.mask ^= uintptr(1) << (i & (ptrBits - 1))
   227  	} else {
   228  		// SUB, AND
   229  		tp.mask &= tp.mask - 1
   230  	}
   231  	// LEAQ (XX)(XX*8)
   232  	return tp, tp.addr + uintptr(i)*goarch.PtrSize
   233  }
   234  
   235  // next advances the pointers iterator, returning the updated iterator and
   236  // the address of the next pointer.
   237  //
   238  // limit must be the same each time it is passed to next.
   239  //
   240  // nosplit because it is used during write barriers and must not be preempted.
   241  //
   242  //go:nosplit
   243  func (tp typePointers) next(limit uintptr) (typePointers, uintptr) {
   244  	for {
   245  		if tp.mask != 0 {
   246  			return tp.nextFast()
   247  		}
   248  
   249  		// Stop if we don't actually have type information.
   250  		if tp.typ == nil {
   251  			return typePointers{}, 0
   252  		}
   253  
   254  		// Advance to the next element if necessary.
   255  		if tp.addr+goarch.PtrSize*ptrBits >= tp.elem+tp.typ.PtrBytes {
   256  			tp.elem += tp.typ.Size_
   257  			tp.addr = tp.elem
   258  		} else {
   259  			tp.addr += ptrBits * goarch.PtrSize
   260  		}
   261  
   262  		// Check if we've exceeded the limit with the last update.
   263  		if tp.addr >= limit {
   264  			return typePointers{}, 0
   265  		}
   266  
   267  		// Grab more bits and try again.
   268  		tp.mask = readUintptr(addb(getGCMask(tp.typ), (tp.addr-tp.elem)/goarch.PtrSize/8))
   269  		if tp.addr+goarch.PtrSize*ptrBits > limit {
   270  			bits := (tp.addr + goarch.PtrSize*ptrBits - limit) / goarch.PtrSize
   271  			tp.mask &^= ((1 << (bits)) - 1) << (ptrBits - bits)
   272  		}
   273  	}
   274  }
   275  
   276  // fastForward moves the iterator forward by n bytes. n must be a multiple
   277  // of goarch.PtrSize. limit must be the same limit passed to next for this
   278  // iterator.
   279  //
   280  // nosplit because it is used during write barriers and must not be preempted.
   281  //
   282  //go:nosplit
   283  func (tp typePointers) fastForward(n, limit uintptr) typePointers {
   284  	// Basic bounds check.
   285  	target := tp.addr + n
   286  	if target >= limit {
   287  		return typePointers{}
   288  	}
   289  	if tp.typ == nil {
   290  		// Handle small objects.
   291  		// Clear any bits before the target address.
   292  		tp.mask &^= (1 << ((target - tp.addr) / goarch.PtrSize)) - 1
   293  		// Clear any bits past the limit.
   294  		if tp.addr+goarch.PtrSize*ptrBits > limit {
   295  			bits := (tp.addr + goarch.PtrSize*ptrBits - limit) / goarch.PtrSize
   296  			tp.mask &^= ((1 << (bits)) - 1) << (ptrBits - bits)
   297  		}
   298  		return tp
   299  	}
   300  
   301  	// Move up elem and addr.
   302  	// Offsets within an element are always at a ptrBits*goarch.PtrSize boundary.
   303  	if n >= tp.typ.Size_ {
   304  		// elem needs to be moved to the element containing
   305  		// tp.addr + n.
   306  		oldelem := tp.elem
   307  		tp.elem += (tp.addr - tp.elem + n) / tp.typ.Size_ * tp.typ.Size_
   308  		tp.addr = tp.elem + alignDown(n-(tp.elem-oldelem), ptrBits*goarch.PtrSize)
   309  	} else {
   310  		tp.addr += alignDown(n, ptrBits*goarch.PtrSize)
   311  	}
   312  
   313  	if tp.addr-tp.elem >= tp.typ.PtrBytes {
   314  		// We're starting in the non-pointer area of an array.
   315  		// Move up to the next element.
   316  		tp.elem += tp.typ.Size_
   317  		tp.addr = tp.elem
   318  		tp.mask = readUintptr(getGCMask(tp.typ))
   319  
   320  		// We may have exceeded the limit after this. Bail just like next does.
   321  		if tp.addr >= limit {
   322  			return typePointers{}
   323  		}
   324  	} else {
   325  		// Grab the mask, but then clear any bits before the target address and any
   326  		// bits over the limit.
   327  		tp.mask = readUintptr(addb(getGCMask(tp.typ), (tp.addr-tp.elem)/goarch.PtrSize/8))
   328  		tp.mask &^= (1 << ((target - tp.addr) / goarch.PtrSize)) - 1
   329  	}
   330  	if tp.addr+goarch.PtrSize*ptrBits > limit {
   331  		bits := (tp.addr + goarch.PtrSize*ptrBits - limit) / goarch.PtrSize
   332  		tp.mask &^= ((1 << (bits)) - 1) << (ptrBits - bits)
   333  	}
   334  	return tp
   335  }
   336  
   337  // objBase returns the base pointer for the object containing addr in span.
   338  //
   339  // Assumes that addr points into a valid part of span (span.base() <= addr < span.limit).
   340  //
   341  //go:nosplit
   342  func (span *mspan) objBase(addr uintptr) uintptr {
   343  	return span.base() + span.objIndex(addr)*span.elemsize
   344  }
   345  
   346  // bulkBarrierPreWrite executes a write barrier
   347  // for every pointer slot in the memory range [src, src+size),
   348  // using pointer/scalar information from [dst, dst+size).
   349  // This executes the write barriers necessary before a memmove.
   350  // src, dst, and size must be pointer-aligned.
   351  // The range [dst, dst+size) must lie within a single object.
   352  // It does not perform the actual writes.
   353  //
   354  // As a special case, src == 0 indicates that this is being used for a
   355  // memclr. bulkBarrierPreWrite will pass 0 for the src of each write
   356  // barrier.
   357  //
   358  // Callers should call bulkBarrierPreWrite immediately before
   359  // calling memmove(dst, src, size). This function is marked nosplit
   360  // to avoid being preempted; the GC must not stop the goroutine
   361  // between the memmove and the execution of the barriers.
   362  // The caller is also responsible for cgo pointer checks if this
   363  // may be writing Go pointers into non-Go memory.
   364  //
   365  // Pointer data is not maintained for allocations containing
   366  // no pointers at all; any caller of bulkBarrierPreWrite must first
   367  // make sure the underlying allocation contains pointers, usually
   368  // by checking typ.PtrBytes.
   369  //
   370  // The typ argument is the type of the space at src and dst (and the
   371  // element type if src and dst refer to arrays) and it is optional.
   372  // If typ is nil, the barrier will still behave as expected and typ
   373  // is used purely as an optimization. However, it must be used with
   374  // care.
   375  //
   376  // If typ is not nil, then src and dst must point to one or more values
   377  // of type typ. The caller must ensure that the ranges [src, src+size)
   378  // and [dst, dst+size) refer to one or more whole values of type src and
   379  // dst (leaving off the pointerless tail of the space is OK). If this
   380  // precondition is not followed, this function will fail to scan the
   381  // right pointers.
   382  //
   383  // When in doubt, pass nil for typ. That is safe and will always work.
   384  //
   385  // Callers must perform cgo checks if goexperiment.CgoCheck2.
   386  //
   387  //go:nosplit
   388  func bulkBarrierPreWrite(dst, src, size uintptr, typ *abi.Type) {
   389  	if (dst|src|size)&(goarch.PtrSize-1) != 0 {
   390  		throw("bulkBarrierPreWrite: unaligned arguments")
   391  	}
   392  	if !writeBarrier.enabled {
   393  		return
   394  	}
   395  	s := spanOf(dst)
   396  	if s == nil {
   397  		// If dst is a global, use the data or BSS bitmaps to
   398  		// execute write barriers.
   399  		for _, datap := range activeModules() {
   400  			if datap.data <= dst && dst < datap.edata {
   401  				bulkBarrierBitmap(dst, src, size, dst-datap.data, datap.gcdatamask.bytedata)
   402  				return
   403  			}
   404  		}
   405  		for _, datap := range activeModules() {
   406  			if datap.bss <= dst && dst < datap.ebss {
   407  				bulkBarrierBitmap(dst, src, size, dst-datap.bss, datap.gcbssmask.bytedata)
   408  				return
   409  			}
   410  		}
   411  		return
   412  	} else if s.state.get() != mSpanInUse || dst < s.base() || s.limit <= dst {
   413  		// dst was heap memory at some point, but isn't now.
   414  		// It can't be a global. It must be either our stack,
   415  		// or in the case of direct channel sends, it could be
   416  		// another stack. Either way, no need for barriers.
   417  		// This will also catch if dst is in a freed span,
   418  		// though that should never have.
   419  		return
   420  	}
   421  	buf := &getg().m.p.ptr().wbBuf
   422  
   423  	// Double-check that the bitmaps generated in the two possible paths match.
   424  	const doubleCheck = false
   425  	if doubleCheck {
   426  		doubleCheckTypePointersOfType(s, typ, dst, size)
   427  	}
   428  
   429  	var tp typePointers
   430  	if typ != nil {
   431  		tp = s.typePointersOfType(typ, dst)
   432  	} else {
   433  		tp = s.typePointersOf(dst, size)
   434  	}
   435  	if src == 0 {
   436  		for {
   437  			var addr uintptr
   438  			if tp, addr = tp.next(dst + size); addr == 0 {
   439  				break
   440  			}
   441  			dstx := (*uintptr)(unsafe.Pointer(addr))
   442  			p := buf.get1()
   443  			p[0] = *dstx
   444  		}
   445  	} else {
   446  		for {
   447  			var addr uintptr
   448  			if tp, addr = tp.next(dst + size); addr == 0 {
   449  				break
   450  			}
   451  			dstx := (*uintptr)(unsafe.Pointer(addr))
   452  			srcx := (*uintptr)(unsafe.Pointer(src + (addr - dst)))
   453  			p := buf.get2()
   454  			p[0] = *dstx
   455  			p[1] = *srcx
   456  		}
   457  	}
   458  }
   459  
   460  // bulkBarrierPreWriteSrcOnly is like bulkBarrierPreWrite but
   461  // does not execute write barriers for [dst, dst+size).
   462  //
   463  // In addition to the requirements of bulkBarrierPreWrite
   464  // callers need to ensure [dst, dst+size) is zeroed.
   465  //
   466  // This is used for special cases where e.g. dst was just
   467  // created and zeroed with malloc.
   468  //
   469  // The type of the space can be provided purely as an optimization.
   470  // See bulkBarrierPreWrite's comment for more details -- use this
   471  // optimization with great care.
   472  //
   473  //go:nosplit
   474  func bulkBarrierPreWriteSrcOnly(dst, src, size uintptr, typ *abi.Type) {
   475  	if (dst|src|size)&(goarch.PtrSize-1) != 0 {
   476  		throw("bulkBarrierPreWrite: unaligned arguments")
   477  	}
   478  	if !writeBarrier.enabled {
   479  		return
   480  	}
   481  	buf := &getg().m.p.ptr().wbBuf
   482  	s := spanOf(dst)
   483  
   484  	// Double-check that the bitmaps generated in the two possible paths match.
   485  	const doubleCheck = false
   486  	if doubleCheck {
   487  		doubleCheckTypePointersOfType(s, typ, dst, size)
   488  	}
   489  
   490  	var tp typePointers
   491  	if typ != nil {
   492  		tp = s.typePointersOfType(typ, dst)
   493  	} else {
   494  		tp = s.typePointersOf(dst, size)
   495  	}
   496  	for {
   497  		var addr uintptr
   498  		if tp, addr = tp.next(dst + size); addr == 0 {
   499  			break
   500  		}
   501  		srcx := (*uintptr)(unsafe.Pointer(addr - dst + src))
   502  		p := buf.get1()
   503  		p[0] = *srcx
   504  	}
   505  }
   506  
   507  // initHeapBits initializes the heap bitmap for a span.
   508  func (s *mspan) initHeapBits() {
   509  	if goarch.PtrSize == 8 && !s.spanclass.noscan() && s.spanclass.sizeclass() == 1 {
   510  		b := s.heapBits()
   511  		for i := range b {
   512  			b[i] = ^uintptr(0)
   513  		}
   514  	} else if (!s.spanclass.noscan() && heapBitsInSpan(s.elemsize)) || s.isUserArenaChunk {
   515  		b := s.heapBits()
   516  		clear(b)
   517  	}
   518  	if goexperiment.GreenTeaGC && gcUsesSpanInlineMarkBits(s.elemsize) {
   519  		s.initInlineMarkBits()
   520  	}
   521  }
   522  
   523  // heapBits returns the heap ptr/scalar bits stored at the end of the span for
   524  // small object spans and heap arena spans.
   525  //
   526  // Note that the uintptr of each element means something different for small object
   527  // spans and for heap arena spans. Small object spans are easy: they're never interpreted
   528  // as anything but uintptr, so they're immune to differences in endianness. However, the
   529  // heapBits for user arena spans is exposed through a dummy type descriptor, so the byte
   530  // ordering needs to match the same byte ordering the compiler would emit. The compiler always
   531  // emits the bitmap data in little endian byte ordering, so on big endian platforms these
   532  // uintptrs will have their byte orders swapped from what they normally would be.
   533  //
   534  // heapBitsInSpan(span.elemsize) or span.isUserArenaChunk must be true.
   535  //
   536  //go:nosplit
   537  func (span *mspan) heapBits() []uintptr {
   538  	const doubleCheck = false
   539  
   540  	if doubleCheck && !span.isUserArenaChunk {
   541  		if span.spanclass.noscan() {
   542  			throw("heapBits called for noscan")
   543  		}
   544  		if span.elemsize > gc.MinSizeForMallocHeader {
   545  			throw("heapBits called for span class that should have a malloc header")
   546  		}
   547  	}
   548  	// Find the bitmap at the end of the span.
   549  	//
   550  	// Nearly every span with heap bits is exactly one page in size. Arenas are the only exception.
   551  	if span.npages == 1 {
   552  		// This will be inlined and constant-folded down.
   553  		return heapBitsSlice(span.base(), pageSize, span.elemsize)
   554  	}
   555  	return heapBitsSlice(span.base(), span.npages*pageSize, span.elemsize)
   556  }
   557  
   558  // Helper for constructing a slice for the span's heap bits.
   559  //
   560  //go:nosplit
   561  func heapBitsSlice(spanBase, spanSize, elemsize uintptr) []uintptr {
   562  	base, bitmapSize := spanHeapBitsRange(spanBase, spanSize, elemsize)
   563  	elems := int(bitmapSize / goarch.PtrSize)
   564  	var sl notInHeapSlice
   565  	sl = notInHeapSlice{(*notInHeap)(unsafe.Pointer(base)), elems, elems}
   566  	return *(*[]uintptr)(unsafe.Pointer(&sl))
   567  }
   568  
   569  //go:nosplit
   570  func spanHeapBitsRange(spanBase, spanSize, elemsize uintptr) (base, size uintptr) {
   571  	size = spanSize / goarch.PtrSize / 8
   572  	base = spanBase + spanSize - size
   573  	if goexperiment.GreenTeaGC && gcUsesSpanInlineMarkBits(elemsize) {
   574  		base -= unsafe.Sizeof(spanInlineMarkBits{})
   575  	}
   576  	return
   577  }
   578  
   579  // heapBitsSmallForAddr loads the heap bits for the object stored at addr from span.heapBits.
   580  //
   581  // addr must be the base pointer of an object in the span. heapBitsInSpan(span.elemsize)
   582  // must be true.
   583  //
   584  //go:nosplit
   585  func (span *mspan) heapBitsSmallForAddr(addr uintptr) uintptr {
   586  	hbitsBase, _ := spanHeapBitsRange(span.base(), span.npages*pageSize, span.elemsize)
   587  	hbits := (*byte)(unsafe.Pointer(hbitsBase))
   588  
   589  	// These objects are always small enough that their bitmaps
   590  	// fit in a single word, so just load the word or two we need.
   591  	//
   592  	// Mirrors mspan.writeHeapBitsSmall.
   593  	//
   594  	// We should be using heapBits(), but unfortunately it introduces
   595  	// both bounds checks panics and throw which causes us to exceed
   596  	// the nosplit limit in quite a few cases.
   597  	i := (addr - span.base()) / goarch.PtrSize / ptrBits
   598  	j := (addr - span.base()) / goarch.PtrSize % ptrBits
   599  	bits := span.elemsize / goarch.PtrSize
   600  	word0 := (*uintptr)(unsafe.Pointer(addb(hbits, goarch.PtrSize*(i+0))))
   601  	word1 := (*uintptr)(unsafe.Pointer(addb(hbits, goarch.PtrSize*(i+1))))
   602  
   603  	var read uintptr
   604  	if j+bits > ptrBits {
   605  		// Two reads.
   606  		bits0 := ptrBits - j
   607  		bits1 := bits - bits0
   608  		read = *word0 >> j
   609  		read |= (*word1 & ((1 << bits1) - 1)) << bits0
   610  	} else {
   611  		// One read.
   612  		read = (*word0 >> j) & ((1 << bits) - 1)
   613  	}
   614  	return read
   615  }
   616  
   617  // writeHeapBitsSmall writes the heap bits for small objects whose ptr/scalar data is
   618  // stored as a bitmap at the end of the span.
   619  //
   620  // Assumes dataSize is <= ptrBits*goarch.PtrSize. x must be a pointer into the span.
   621  // heapBitsInSpan(dataSize) must be true. dataSize must be >= typ.Size_.
   622  //
   623  //go:nosplit
   624  func (span *mspan) writeHeapBitsSmall(x, dataSize uintptr, typ *_type) (scanSize uintptr) {
   625  	// The objects here are always really small, so a single load is sufficient.
   626  	src0 := readUintptr(getGCMask(typ))
   627  
   628  	// Create repetitions of the bitmap if we have a small slice backing store.
   629  	src := src0
   630  	if typ.Size_ == goarch.PtrSize {
   631  		src = (1 << (dataSize / goarch.PtrSize)) - 1
   632  		// This object is all pointers, so scanSize is just dataSize.
   633  		scanSize = dataSize
   634  	} else {
   635  		// N.B. We rely on dataSize being an exact multiple of the type size.
   636  		// The alternative is to be defensive and mask out src to the length
   637  		// of dataSize. The purpose is to save on one additional masking operation.
   638  		if doubleCheckHeapSetType && !asanenabled && dataSize%typ.Size_ != 0 {
   639  			throw("runtime: (*mspan).writeHeapBitsSmall: dataSize is not a multiple of typ.Size_")
   640  		}
   641  		scanSize = typ.PtrBytes
   642  		for i := typ.Size_; i < dataSize; i += typ.Size_ {
   643  			src |= src0 << (i / goarch.PtrSize)
   644  			scanSize += typ.Size_
   645  		}
   646  		if asanenabled {
   647  			// Mask src down to dataSize. dataSize is going to be a strange size because of
   648  			// the redzone required for allocations when asan is enabled.
   649  			src &= (1 << (dataSize / goarch.PtrSize)) - 1
   650  		}
   651  	}
   652  
   653  	// Since we're never writing more than one uintptr's worth of bits, we're either going
   654  	// to do one or two writes.
   655  	dstBase, _ := spanHeapBitsRange(span.base(), pageSize, span.elemsize)
   656  	dst := unsafe.Pointer(dstBase)
   657  	o := (x - span.base()) / goarch.PtrSize
   658  	i := o / ptrBits
   659  	j := o % ptrBits
   660  	bits := span.elemsize / goarch.PtrSize
   661  	if j+bits > ptrBits {
   662  		// Two writes.
   663  		bits0 := ptrBits - j
   664  		bits1 := bits - bits0
   665  		dst0 := (*uintptr)(add(dst, (i+0)*goarch.PtrSize))
   666  		dst1 := (*uintptr)(add(dst, (i+1)*goarch.PtrSize))
   667  		*dst0 = (*dst0)&(^uintptr(0)>>bits0) | (src << j)
   668  		*dst1 = (*dst1)&^((1<<bits1)-1) | (src >> bits0)
   669  	} else {
   670  		// One write.
   671  		dst := (*uintptr)(add(dst, i*goarch.PtrSize))
   672  		*dst = (*dst)&^(((1<<bits)-1)<<j) | (src << j)
   673  	}
   674  
   675  	const doubleCheck = false
   676  	if doubleCheck {
   677  		srcRead := span.heapBitsSmallForAddr(x)
   678  		if srcRead != src {
   679  			print("runtime: x=", hex(x), " i=", i, " j=", j, " bits=", bits, "\n")
   680  			print("runtime: dataSize=", dataSize, " typ.Size_=", typ.Size_, " typ.PtrBytes=", typ.PtrBytes, "\n")
   681  			print("runtime: src0=", hex(src0), " src=", hex(src), " srcRead=", hex(srcRead), "\n")
   682  			throw("bad pointer bits written for small object")
   683  		}
   684  	}
   685  	return
   686  }
   687  
   688  // heapSetType* functions record that the new allocation [x, x+size)
   689  // holds in [x, x+dataSize) one or more values of type typ.
   690  // (The number of values is given by dataSize / typ.Size.)
   691  // If dataSize < size, the fragment [x+dataSize, x+size) is
   692  // recorded as non-pointer data.
   693  // It is known that the type has pointers somewhere;
   694  // malloc does not call heapSetType* when there are no pointers.
   695  //
   696  // There can be read-write races between heapSetType* and things
   697  // that read the heap metadata like scanObject. However, since
   698  // heapSetType* is only used for objects that have not yet been
   699  // made reachable, readers will ignore bits being modified by this
   700  // function. This does mean this function cannot transiently modify
   701  // shared memory that belongs to neighboring objects. Also, on weakly-ordered
   702  // machines, callers must execute a store/store (publication) barrier
   703  // between calling this function and making the object reachable.
   704  
   705  const doubleCheckHeapSetType = doubleCheckMalloc
   706  
   707  func heapSetTypeNoHeader(x, dataSize uintptr, typ *_type, span *mspan) uintptr {
   708  	if doubleCheckHeapSetType && (!heapBitsInSpan(dataSize) || !heapBitsInSpan(span.elemsize)) {
   709  		throw("tried to write heap bits, but no heap bits in span")
   710  	}
   711  	scanSize := span.writeHeapBitsSmall(x, dataSize, typ)
   712  	if doubleCheckHeapSetType {
   713  		doubleCheckHeapType(x, dataSize, typ, nil, span)
   714  	}
   715  	return scanSize
   716  }
   717  
   718  func heapSetTypeSmallHeader(x, dataSize uintptr, typ *_type, header **_type, span *mspan) uintptr {
   719  	if header == nil {
   720  		// This nil check and throw is almost pointless. Normally we would
   721  		// expect header to never be nil. However, this is called on potentially
   722  		// freshly-allocated virtual memory. As of 2025, the compiler-inserted
   723  		// nil check is not a branch but a memory read that we expect to fault
   724  		// if the pointer really is nil.
   725  		//
   726  		// However, this causes a read of the page, and operating systems may
   727  		// take it as a hint to back the accessed memory with a read-only zero
   728  		// page. However, we immediately write to this memory, which can then
   729  		// force operating systems to have to update the page table and flush
   730  		// the TLB.
   731  		//
   732  		// This nil check is thus an explicit branch instead of what the compiler
   733  		// would insert circa 2025, which is a memory read instruction.
   734  		//
   735  		// See go.dev/issue/74375 for details of a similar issue in
   736  		// spanInlineMarkBits.
   737  		throw("runtime: pointer to heap type header nil?")
   738  	}
   739  	*header = typ
   740  	if doubleCheckHeapSetType {
   741  		doubleCheckHeapType(x, dataSize, typ, header, span)
   742  	}
   743  	return span.elemsize
   744  }
   745  
   746  func heapSetTypeLarge(x, dataSize uintptr, typ *_type, span *mspan) uintptr {
   747  	gctyp := typ
   748  	// Write out the header atomically to synchronize with the garbage collector.
   749  	//
   750  	// This atomic store is paired with an atomic load in typePointersOfUnchecked.
   751  	// This store ensures that initializing x's memory cannot be reordered after
   752  	// this store. Meanwhile the load in typePointersOfUnchecked ensures that
   753  	// reading x's memory cannot be reordered before largeType is loaded. Together,
   754  	// these two operations guarantee that the garbage collector can only see
   755  	// initialized memory if largeType is non-nil.
   756  	//
   757  	// Gory details below...
   758  	//
   759  	// Ignoring conservative scanning for a moment, this store need not be atomic
   760  	// if we have a publication barrier on our side. This is because the garbage
   761  	// collector cannot observe x unless:
   762  	//   1. It stops this goroutine and scans its stack, or
   763  	//   2. We return from mallocgc and publish the pointer somewhere.
   764  	// Either case requires a write on our side, followed by some synchronization
   765  	// followed by a read by the garbage collector.
   766  	//
   767  	// In case (1), the garbage collector can only observe a nil largeType, since it
   768  	// had to stop our goroutine when it was preemptible during zeroing. For the
   769  	// duration of the zeroing, largeType is nil and the object has nothing interesting
   770  	// for the garbage collector to look at, so the garbage collector will not access
   771  	// the object at all.
   772  	//
   773  	// In case (2), the garbage collector can also observe a nil largeType. This
   774  	// might happen if the object was newly allocated, and a new GC cycle didn't start
   775  	// (that would require a global barrier, STW). In this case, the garbage collector
   776  	// will once again ignore the object, and that's safe because objects are
   777  	// allocate-black.
   778  	//
   779  	// However, the garbage collector can also observe a non-nil largeType in case (2).
   780  	// This is still okay, since to access the object's memory, it must have first
   781  	// loaded the object's pointer from somewhere. This makes the access of the object's
   782  	// memory a data-dependent load, and our publication barrier in the allocator
   783  	// guarantees that a data-dependent load must observe a version of the object's
   784  	// data from after the publication barrier executed.
   785  	//
   786  	// Unfortunately conservative scanning is a problem. There's no guarantee of a
   787  	// data dependency as in case (2) because conservative scanning can produce pointers
   788  	// 'out of thin air' in that it need not have been written somewhere by the allocating
   789  	// thread first. It might not even be a pointer, or it could be a pointer written to
   790  	// some stack location long ago. This is the fundamental reason why we need
   791  	// explicit synchronization somewhere in this whole mess. We choose to put that
   792  	// synchronization on largeType.
   793  	//
   794  	// As described at the very top, the treating largeType as an atomic variable, on
   795  	// both the reader and writer side, is sufficient to ensure that only initialized
   796  	// memory at x will be observed if largeType is non-nil.
   797  	atomic.StorepNoWB(unsafe.Pointer(&span.largeType), unsafe.Pointer(gctyp))
   798  	if doubleCheckHeapSetType {
   799  		doubleCheckHeapType(x, dataSize, typ, &span.largeType, span)
   800  	}
   801  	return span.elemsize
   802  }
   803  
   804  func doubleCheckHeapType(x, dataSize uintptr, gctyp *_type, header **_type, span *mspan) {
   805  	doubleCheckHeapPointers(x, dataSize, gctyp, header, span)
   806  
   807  	// To exercise the less common path more often, generate
   808  	// a random interior pointer and make sure iterating from
   809  	// that point works correctly too.
   810  	maxIterBytes := span.elemsize
   811  	if header == nil {
   812  		maxIterBytes = dataSize
   813  	}
   814  	off := alignUp(uintptr(cheaprand())%dataSize, goarch.PtrSize)
   815  	size := dataSize - off
   816  	if size == 0 {
   817  		off -= goarch.PtrSize
   818  		size += goarch.PtrSize
   819  	}
   820  	interior := x + off
   821  	size -= alignDown(uintptr(cheaprand())%size, goarch.PtrSize)
   822  	if size == 0 {
   823  		size = goarch.PtrSize
   824  	}
   825  	// Round up the type to the size of the type.
   826  	size = (size + gctyp.Size_ - 1) / gctyp.Size_ * gctyp.Size_
   827  	if interior+size > x+maxIterBytes {
   828  		size = x + maxIterBytes - interior
   829  	}
   830  	doubleCheckHeapPointersInterior(x, interior, size, dataSize, gctyp, header, span)
   831  }
   832  
   833  func doubleCheckHeapPointers(x, dataSize uintptr, typ *_type, header **_type, span *mspan) {
   834  	// Check that scanning the full object works.
   835  	tp := span.typePointersOfUnchecked(span.objBase(x))
   836  	maxIterBytes := span.elemsize
   837  	if header == nil {
   838  		maxIterBytes = dataSize
   839  	}
   840  	bad := false
   841  	for i := uintptr(0); i < maxIterBytes; i += goarch.PtrSize {
   842  		// Compute the pointer bit we want at offset i.
   843  		want := false
   844  		if i < span.elemsize {
   845  			off := i % typ.Size_
   846  			if off < typ.PtrBytes {
   847  				j := off / goarch.PtrSize
   848  				want = *addb(getGCMask(typ), j/8)>>(j%8)&1 != 0
   849  			}
   850  		}
   851  		if want {
   852  			var addr uintptr
   853  			tp, addr = tp.next(x + span.elemsize)
   854  			if addr == 0 {
   855  				println("runtime: found bad iterator")
   856  			}
   857  			if addr != x+i {
   858  				print("runtime: addr=", hex(addr), " x+i=", hex(x+i), "\n")
   859  				bad = true
   860  			}
   861  		}
   862  	}
   863  	if !bad {
   864  		var addr uintptr
   865  		tp, addr = tp.next(x + span.elemsize)
   866  		if addr == 0 {
   867  			return
   868  		}
   869  		println("runtime: extra pointer:", hex(addr))
   870  	}
   871  	print("runtime: hasHeader=", header != nil, " typ.Size_=", typ.Size_, " TFlagGCMaskOnDemaind=", typ.TFlag&abi.TFlagGCMaskOnDemand != 0, "\n")
   872  	print("runtime: x=", hex(x), " dataSize=", dataSize, " elemsize=", span.elemsize, "\n")
   873  	print("runtime: typ=", unsafe.Pointer(typ), " typ.PtrBytes=", typ.PtrBytes, "\n")
   874  	print("runtime: limit=", hex(x+span.elemsize), "\n")
   875  	tp = span.typePointersOfUnchecked(x)
   876  	dumpTypePointers(tp)
   877  	for {
   878  		var addr uintptr
   879  		if tp, addr = tp.next(x + span.elemsize); addr == 0 {
   880  			println("runtime: would've stopped here")
   881  			dumpTypePointers(tp)
   882  			break
   883  		}
   884  		print("runtime: addr=", hex(addr), "\n")
   885  		dumpTypePointers(tp)
   886  	}
   887  	throw("heapSetType: pointer entry not correct")
   888  }
   889  
   890  func doubleCheckHeapPointersInterior(x, interior, size, dataSize uintptr, typ *_type, header **_type, span *mspan) {
   891  	bad := false
   892  	if interior < x {
   893  		print("runtime: interior=", hex(interior), " x=", hex(x), "\n")
   894  		throw("found bad interior pointer")
   895  	}
   896  	off := interior - x
   897  	tp := span.typePointersOf(interior, size)
   898  	for i := off; i < off+size; i += goarch.PtrSize {
   899  		// Compute the pointer bit we want at offset i.
   900  		want := false
   901  		if i < span.elemsize {
   902  			off := i % typ.Size_
   903  			if off < typ.PtrBytes {
   904  				j := off / goarch.PtrSize
   905  				want = *addb(getGCMask(typ), j/8)>>(j%8)&1 != 0
   906  			}
   907  		}
   908  		if want {
   909  			var addr uintptr
   910  			tp, addr = tp.next(interior + size)
   911  			if addr == 0 {
   912  				println("runtime: found bad iterator")
   913  				bad = true
   914  			}
   915  			if addr != x+i {
   916  				print("runtime: addr=", hex(addr), " x+i=", hex(x+i), "\n")
   917  				bad = true
   918  			}
   919  		}
   920  	}
   921  	if !bad {
   922  		var addr uintptr
   923  		tp, addr = tp.next(interior + size)
   924  		if addr == 0 {
   925  			return
   926  		}
   927  		println("runtime: extra pointer:", hex(addr))
   928  	}
   929  	print("runtime: hasHeader=", header != nil, " typ.Size_=", typ.Size_, "\n")
   930  	print("runtime: x=", hex(x), " dataSize=", dataSize, " elemsize=", span.elemsize, " interior=", hex(interior), " size=", size, "\n")
   931  	print("runtime: limit=", hex(interior+size), "\n")
   932  	tp = span.typePointersOf(interior, size)
   933  	dumpTypePointers(tp)
   934  	for {
   935  		var addr uintptr
   936  		if tp, addr = tp.next(interior + size); addr == 0 {
   937  			println("runtime: would've stopped here")
   938  			dumpTypePointers(tp)
   939  			break
   940  		}
   941  		print("runtime: addr=", hex(addr), "\n")
   942  		dumpTypePointers(tp)
   943  	}
   944  
   945  	print("runtime: want: ")
   946  	for i := off; i < off+size; i += goarch.PtrSize {
   947  		// Compute the pointer bit we want at offset i.
   948  		want := false
   949  		if i < dataSize {
   950  			off := i % typ.Size_
   951  			if off < typ.PtrBytes {
   952  				j := off / goarch.PtrSize
   953  				want = *addb(getGCMask(typ), j/8)>>(j%8)&1 != 0
   954  			}
   955  		}
   956  		if want {
   957  			print("1")
   958  		} else {
   959  			print("0")
   960  		}
   961  	}
   962  	println()
   963  
   964  	throw("heapSetType: pointer entry not correct")
   965  }
   966  
   967  //go:nosplit
   968  func doubleCheckTypePointersOfType(s *mspan, typ *_type, addr, size uintptr) {
   969  	if typ == nil {
   970  		return
   971  	}
   972  	if typ.Kind() == abi.Interface {
   973  		// Interfaces are unfortunately inconsistently handled
   974  		// when it comes to the type pointer, so it's easy to
   975  		// produce a lot of false positives here.
   976  		return
   977  	}
   978  	tp0 := s.typePointersOfType(typ, addr)
   979  	tp1 := s.typePointersOf(addr, size)
   980  	failed := false
   981  	for {
   982  		var addr0, addr1 uintptr
   983  		tp0, addr0 = tp0.next(addr + size)
   984  		tp1, addr1 = tp1.next(addr + size)
   985  		if addr0 != addr1 {
   986  			failed = true
   987  			break
   988  		}
   989  		if addr0 == 0 {
   990  			break
   991  		}
   992  	}
   993  	if failed {
   994  		tp0 := s.typePointersOfType(typ, addr)
   995  		tp1 := s.typePointersOf(addr, size)
   996  		print("runtime: addr=", hex(addr), " size=", size, "\n")
   997  		print("runtime: type=", toRType(typ).string(), "\n")
   998  		dumpTypePointers(tp0)
   999  		dumpTypePointers(tp1)
  1000  		for {
  1001  			var addr0, addr1 uintptr
  1002  			tp0, addr0 = tp0.next(addr + size)
  1003  			tp1, addr1 = tp1.next(addr + size)
  1004  			print("runtime: ", hex(addr0), " ", hex(addr1), "\n")
  1005  			if addr0 == 0 && addr1 == 0 {
  1006  				break
  1007  			}
  1008  		}
  1009  		throw("mismatch between typePointersOfType and typePointersOf")
  1010  	}
  1011  }
  1012  
  1013  func dumpTypePointers(tp typePointers) {
  1014  	print("runtime: tp.elem=", hex(tp.elem), " tp.typ=", unsafe.Pointer(tp.typ), "\n")
  1015  	print("runtime: tp.addr=", hex(tp.addr), " tp.mask=")
  1016  	for i := uintptr(0); i < ptrBits; i++ {
  1017  		if tp.mask&(uintptr(1)<<i) != 0 {
  1018  			print("1")
  1019  		} else {
  1020  			print("0")
  1021  		}
  1022  	}
  1023  	println()
  1024  }
  1025  
  1026  // addb returns the byte pointer p+n.
  1027  //
  1028  //go:nowritebarrier
  1029  //go:nosplit
  1030  func addb(p *byte, n uintptr) *byte {
  1031  	// Note: wrote out full expression instead of calling add(p, n)
  1032  	// to reduce the number of temporaries generated by the
  1033  	// compiler for this trivial expression during inlining.
  1034  	return (*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + n))
  1035  }
  1036  
  1037  // subtractb returns the byte pointer p-n.
  1038  //
  1039  //go:nowritebarrier
  1040  //go:nosplit
  1041  func subtractb(p *byte, n uintptr) *byte {
  1042  	// Note: wrote out full expression instead of calling add(p, -n)
  1043  	// to reduce the number of temporaries generated by the
  1044  	// compiler for this trivial expression during inlining.
  1045  	return (*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) - n))
  1046  }
  1047  
  1048  // add1 returns the byte pointer p+1.
  1049  //
  1050  //go:nowritebarrier
  1051  //go:nosplit
  1052  func add1(p *byte) *byte {
  1053  	// Note: wrote out full expression instead of calling addb(p, 1)
  1054  	// to reduce the number of temporaries generated by the
  1055  	// compiler for this trivial expression during inlining.
  1056  	return (*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) + 1))
  1057  }
  1058  
  1059  // subtract1 returns the byte pointer p-1.
  1060  //
  1061  // nosplit because it is used during write barriers and must not be preempted.
  1062  //
  1063  //go:nowritebarrier
  1064  //go:nosplit
  1065  func subtract1(p *byte) *byte {
  1066  	// Note: wrote out full expression instead of calling subtractb(p, 1)
  1067  	// to reduce the number of temporaries generated by the
  1068  	// compiler for this trivial expression during inlining.
  1069  	return (*byte)(unsafe.Pointer(uintptr(unsafe.Pointer(p)) - 1))
  1070  }
  1071  
  1072  // markBits provides access to the mark bit for an object in the heap.
  1073  // bytep points to the byte holding the mark bit.
  1074  // mask is a byte with a single bit set that can be &ed with *bytep
  1075  // to see if the bit has been set.
  1076  // *m.byte&m.mask != 0 indicates the mark bit is set.
  1077  // index can be used along with span information to generate
  1078  // the address of the object in the heap.
  1079  // We maintain one set of mark bits for allocation and one for
  1080  // marking purposes.
  1081  type markBits struct {
  1082  	bytep *uint8
  1083  	mask  uint8
  1084  	index uintptr
  1085  }
  1086  
  1087  //go:nosplit
  1088  func (s *mspan) allocBitsForIndex(allocBitIndex uintptr) markBits {
  1089  	bytep, mask := s.allocBits.bitp(allocBitIndex)
  1090  	return markBits{bytep, mask, allocBitIndex}
  1091  }
  1092  
  1093  // refillAllocCache takes 8 bytes s.allocBits starting at whichByte
  1094  // and negates them so that ctz (count trailing zeros) instructions
  1095  // can be used. It then places these 8 bytes into the cached 64 bit
  1096  // s.allocCache.
  1097  func (s *mspan) refillAllocCache(whichByte uint16) {
  1098  	bytes := (*[8]uint8)(unsafe.Pointer(s.allocBits.bytep(uintptr(whichByte))))
  1099  	aCache := uint64(0)
  1100  	aCache |= uint64(bytes[0])
  1101  	aCache |= uint64(bytes[1]) << (1 * 8)
  1102  	aCache |= uint64(bytes[2]) << (2 * 8)
  1103  	aCache |= uint64(bytes[3]) << (3 * 8)
  1104  	aCache |= uint64(bytes[4]) << (4 * 8)
  1105  	aCache |= uint64(bytes[5]) << (5 * 8)
  1106  	aCache |= uint64(bytes[6]) << (6 * 8)
  1107  	aCache |= uint64(bytes[7]) << (7 * 8)
  1108  	s.allocCache = ^aCache
  1109  }
  1110  
  1111  // nextFreeIndex returns the index of the next free object in s at
  1112  // or after s.freeindex.
  1113  // There are hardware instructions that can be used to make this
  1114  // faster if profiling warrants it.
  1115  func (s *mspan) nextFreeIndex() uint16 {
  1116  	sfreeindex := s.freeindex
  1117  	snelems := s.nelems
  1118  	if sfreeindex == snelems {
  1119  		return sfreeindex
  1120  	}
  1121  	if sfreeindex > snelems {
  1122  		throw("s.freeindex > s.nelems")
  1123  	}
  1124  
  1125  	aCache := s.allocCache
  1126  
  1127  	bitIndex := sys.TrailingZeros64(aCache)
  1128  	for bitIndex == 64 {
  1129  		// Move index to start of next cached bits.
  1130  		sfreeindex = (sfreeindex + 64) &^ (64 - 1)
  1131  		if sfreeindex >= snelems {
  1132  			s.freeindex = snelems
  1133  			return snelems
  1134  		}
  1135  		whichByte := sfreeindex / 8
  1136  		// Refill s.allocCache with the next 64 alloc bits.
  1137  		s.refillAllocCache(whichByte)
  1138  		aCache = s.allocCache
  1139  		bitIndex = sys.TrailingZeros64(aCache)
  1140  		// nothing available in cached bits
  1141  		// grab the next 8 bytes and try again.
  1142  	}
  1143  	result := sfreeindex + uint16(bitIndex)
  1144  	if result >= snelems {
  1145  		s.freeindex = snelems
  1146  		return snelems
  1147  	}
  1148  
  1149  	s.allocCache >>= uint(bitIndex + 1)
  1150  	sfreeindex = result + 1
  1151  
  1152  	if sfreeindex%64 == 0 && sfreeindex != snelems {
  1153  		// We just incremented s.freeindex so it isn't 0.
  1154  		// As each 1 in s.allocCache was encountered and used for allocation
  1155  		// it was shifted away. At this point s.allocCache contains all 0s.
  1156  		// Refill s.allocCache so that it corresponds
  1157  		// to the bits at s.allocBits starting at s.freeindex.
  1158  		whichByte := sfreeindex / 8
  1159  		s.refillAllocCache(whichByte)
  1160  	}
  1161  	s.freeindex = sfreeindex
  1162  	return result
  1163  }
  1164  
  1165  // isFree reports whether the index'th object in s is unallocated.
  1166  //
  1167  // The caller must ensure s.state is mSpanInUse, and there must have
  1168  // been no preemption points since ensuring this (which could allow a
  1169  // GC transition, which would allow the state to change).
  1170  //
  1171  // Callers must ensure that the index passed here must not have been
  1172  // produced from a pointer that came from 'thin air', as might happen
  1173  // with conservative scanning.
  1174  func (s *mspan) isFree(index uintptr) bool {
  1175  	if index < uintptr(s.freeindex) {
  1176  		return false
  1177  	}
  1178  	bytep, mask := s.allocBits.bitp(index)
  1179  	return *bytep&mask == 0
  1180  }
  1181  
  1182  // isFreeOrNewlyAllocated reports whether the index'th object in s is
  1183  // either unallocated or has been allocated since the beginning of the
  1184  // last mark phase.
  1185  //
  1186  // The caller must ensure s.state is mSpanInUse, and there must have
  1187  // been no preemption points since ensuring this (which could allow a
  1188  // GC transition, which would allow the state to change).
  1189  //
  1190  // Callers must ensure that the index passed here must not have been
  1191  // produced from a pointer that came from 'thin air', as might happen
  1192  // with conservative scanning, unless the GC is currently in the mark
  1193  // phase. If the GC is currently in the mark phase, this function is
  1194  // safe to call for out-of-thin-air pointers.
  1195  func (s *mspan) isFreeOrNewlyAllocated(index uintptr) bool {
  1196  	if index < uintptr(s.freeIndexForScan) {
  1197  		return false
  1198  	}
  1199  	bytep, mask := s.allocBits.bitp(index)
  1200  	return *bytep&mask == 0
  1201  }
  1202  
  1203  // divideByElemSize returns n/s.elemsize.
  1204  // n must be within [0, s.npages*_PageSize),
  1205  // or may be exactly s.npages*_PageSize
  1206  // if s.elemsize is from sizeclasses.go.
  1207  //
  1208  // nosplit, because it is called by objIndex, which is nosplit
  1209  //
  1210  //go:nosplit
  1211  func (s *mspan) divideByElemSize(n uintptr) uintptr {
  1212  	const doubleCheck = false
  1213  
  1214  	// See explanation in mksizeclasses.go's computeDivMagic.
  1215  	q := uintptr((uint64(n) * uint64(s.divMul)) >> 32)
  1216  
  1217  	if doubleCheck && q != n/s.elemsize {
  1218  		println(n, "/", s.elemsize, "should be", n/s.elemsize, "but got", q)
  1219  		throw("bad magic division")
  1220  	}
  1221  	return q
  1222  }
  1223  
  1224  // nosplit, because it is called by other nosplit code like findObject
  1225  //
  1226  //go:nosplit
  1227  func (s *mspan) objIndex(p uintptr) uintptr {
  1228  	return s.divideByElemSize(p - s.base())
  1229  }
  1230  
  1231  func markBitsForAddr(p uintptr) markBits {
  1232  	s := spanOf(p)
  1233  	objIndex := s.objIndex(p)
  1234  	return s.markBitsForIndex(objIndex)
  1235  }
  1236  
  1237  // isMarked reports whether mark bit m is set.
  1238  func (m markBits) isMarked() bool {
  1239  	return *m.bytep&m.mask != 0
  1240  }
  1241  
  1242  // setMarked sets the marked bit in the markbits, atomically.
  1243  func (m markBits) setMarked() {
  1244  	// Might be racing with other updates, so use atomic update always.
  1245  	// We used to be clever here and use a non-atomic update in certain
  1246  	// cases, but it's not worth the risk.
  1247  	atomic.Or8(m.bytep, m.mask)
  1248  }
  1249  
  1250  // setMarkedNonAtomic sets the marked bit in the markbits, non-atomically.
  1251  func (m markBits) setMarkedNonAtomic() {
  1252  	*m.bytep |= m.mask
  1253  }
  1254  
  1255  // clearMarked clears the marked bit in the markbits, atomically.
  1256  func (m markBits) clearMarked() {
  1257  	// Might be racing with other updates, so use atomic update always.
  1258  	// We used to be clever here and use a non-atomic update in certain
  1259  	// cases, but it's not worth the risk.
  1260  	atomic.And8(m.bytep, ^m.mask)
  1261  }
  1262  
  1263  // markBitsForSpan returns the markBits for the span base address base.
  1264  func markBitsForSpan(base uintptr) (mbits markBits) {
  1265  	mbits = markBitsForAddr(base)
  1266  	if mbits.mask != 1 {
  1267  		throw("markBitsForSpan: unaligned start")
  1268  	}
  1269  	return mbits
  1270  }
  1271  
  1272  // isMarkedOrNotInHeap returns true if a pointer is in the heap and marked,
  1273  // or if the pointer is not in the heap. Used by goroutine leak detection
  1274  // to determine if concurrency resources are reachable in memory.
  1275  func isMarkedOrNotInHeap(p unsafe.Pointer) bool {
  1276  	obj, span, objIndex := findObject(uintptr(p), 0, 0)
  1277  	if obj != 0 {
  1278  		mbits := span.markBitsForIndex(objIndex)
  1279  		return mbits.isMarked()
  1280  	}
  1281  
  1282  	// If we fall through to get here, the object is not in the heap.
  1283  	// In this case, it is either a pointer to a stack object or a global resource.
  1284  	// Treat it as reachable in memory by default, to be safe.
  1285  	//
  1286  	// TODO(vsaioc): we could be more precise by checking against the stacks
  1287  	// of runnable goroutines. I don't think this is necessary, based on what we've seen, but
  1288  	// let's keep the option open in case the runtime evolves.
  1289  	// This will (naively) lead to quadratic blow-up for goroutine leak detection,
  1290  	// but if it is only run on demand, maybe the extra cost is not a show-stopper.
  1291  	return true
  1292  }
  1293  
  1294  // advance advances the markBits to the next object in the span.
  1295  func (m *markBits) advance() {
  1296  	if m.mask == 1<<7 {
  1297  		m.bytep = (*uint8)(unsafe.Pointer(uintptr(unsafe.Pointer(m.bytep)) + 1))
  1298  		m.mask = 1
  1299  	} else {
  1300  		m.mask = m.mask << 1
  1301  	}
  1302  	m.index++
  1303  }
  1304  
  1305  // clobberdeadPtr is a special value that is used by the compiler to
  1306  // clobber dead stack slots, when -clobberdead flag is set.
  1307  const clobberdeadPtr = uintptr(0xdeaddead | 0xdeaddead<<((^uintptr(0)>>63)*32))
  1308  
  1309  // badPointer throws bad pointer in heap panic.
  1310  func badPointer(s *mspan, p, refBase, refOff uintptr) {
  1311  	// Typically this indicates an incorrect use
  1312  	// of unsafe or cgo to store a bad pointer in
  1313  	// the Go heap. It may also indicate a runtime
  1314  	// bug.
  1315  	//
  1316  	// TODO(austin): We could be more aggressive
  1317  	// and detect pointers to unallocated objects
  1318  	// in allocated spans.
  1319  	printlock()
  1320  	print("runtime: pointer ", hex(p))
  1321  	if s != nil {
  1322  		state := s.state.get()
  1323  		if state != mSpanInUse {
  1324  			print(" to unallocated span")
  1325  		} else {
  1326  			print(" to unused region of span")
  1327  		}
  1328  		print(" span.base()=", hex(s.base()), " span.limit=", hex(s.limit), " span.state=", state)
  1329  	}
  1330  	print("\n")
  1331  	if refBase != 0 {
  1332  		print("runtime: found in object at *(", hex(refBase), "+", hex(refOff), ")\n")
  1333  		gcDumpObject("object", refBase, refOff)
  1334  	}
  1335  	getg().m.traceback = 2
  1336  	throw("found bad pointer in Go heap (incorrect use of unsafe or cgo?)")
  1337  }
  1338  
  1339  // findObject returns the base address for the heap object containing
  1340  // the address p, the object's span, and the index of the object in s.
  1341  // If p does not point into a heap object, it returns base == 0.
  1342  //
  1343  // If p points is an invalid heap pointer and debug.invalidptr != 0,
  1344  // findObject panics.
  1345  //
  1346  // refBase and refOff optionally give the base address of the object
  1347  // in which the pointer p was found and the byte offset at which it
  1348  // was found. These are used for error reporting.
  1349  //
  1350  // It is nosplit so it is safe for p to be a pointer to the current goroutine's stack.
  1351  // Since p is a uintptr, it would not be adjusted if the stack were to move.
  1352  //
  1353  // findObject should be an internal detail,
  1354  // but widely used packages access it using linkname.
  1355  // Notable members of the hall of shame include:
  1356  //   - github.com/bytedance/sonic
  1357  //
  1358  // Do not remove or change the type signature.
  1359  // See go.dev/issue/67401.
  1360  //
  1361  //go:linkname findObject
  1362  //go:nosplit
  1363  func findObject(p, refBase, refOff uintptr) (base uintptr, s *mspan, objIndex uintptr) {
  1364  	s = spanOf(p)
  1365  	// If s is nil, the virtual address has never been part of the heap.
  1366  	// This pointer may be to some mmap'd region, so we allow it.
  1367  	if s == nil {
  1368  		if (GOARCH == "amd64" || GOARCH == "arm64") && p == clobberdeadPtr && debug.invalidptr != 0 {
  1369  			// Crash if clobberdeadPtr is seen. Only on AMD64 and ARM64 for now,
  1370  			// as they are the only platform where compiler's clobberdead mode is
  1371  			// implemented. On these platforms clobberdeadPtr cannot be a valid address.
  1372  			badPointer(s, p, refBase, refOff)
  1373  		}
  1374  		return
  1375  	}
  1376  	// If p is a bad pointer, it may not be in s's bounds.
  1377  	//
  1378  	// Check s.state to synchronize with span initialization
  1379  	// before checking other fields. See also spanOfHeap.
  1380  	if state := s.state.get(); state != mSpanInUse || p < s.base() || p >= s.limit {
  1381  		// Pointers into stacks are also ok, the runtime manages these explicitly.
  1382  		if state == mSpanManual {
  1383  			return
  1384  		}
  1385  		// The following ensures that we are rigorous about what data
  1386  		// structures hold valid pointers.
  1387  		if debug.invalidptr != 0 {
  1388  			badPointer(s, p, refBase, refOff)
  1389  		}
  1390  		return
  1391  	}
  1392  
  1393  	objIndex = s.objIndex(p)
  1394  	base = s.base() + objIndex*s.elemsize
  1395  	return
  1396  }
  1397  
  1398  // reflect_verifyNotInHeapPtr reports whether converting the not-in-heap pointer into a unsafe.Pointer is ok.
  1399  //
  1400  //go:linkname reflect_verifyNotInHeapPtr reflect.verifyNotInHeapPtr
  1401  func reflect_verifyNotInHeapPtr(p uintptr) bool {
  1402  	// Conversion to a pointer is ok as long as findObject above does not call badPointer.
  1403  	// Since we're already promised that p doesn't point into the heap, just disallow heap
  1404  	// pointers and the special clobbered pointer.
  1405  	return spanOf(p) == nil && p != clobberdeadPtr
  1406  }
  1407  
  1408  const ptrBits = 8 * goarch.PtrSize
  1409  
  1410  // bulkBarrierBitmap executes write barriers for copying from [src,
  1411  // src+size) to [dst, dst+size) using a 1-bit pointer bitmap. src is
  1412  // assumed to start maskOffset bytes into the data covered by the
  1413  // bitmap in bits (which may not be a multiple of 8).
  1414  //
  1415  // This is used by bulkBarrierPreWrite for writes to data and BSS.
  1416  //
  1417  //go:nosplit
  1418  func bulkBarrierBitmap(dst, src, size, maskOffset uintptr, bits *uint8) {
  1419  	word := maskOffset / goarch.PtrSize
  1420  	bits = addb(bits, word/8)
  1421  	mask := uint8(1) << (word % 8)
  1422  
  1423  	buf := &getg().m.p.ptr().wbBuf
  1424  	for i := uintptr(0); i < size; i += goarch.PtrSize {
  1425  		if mask == 0 {
  1426  			bits = addb(bits, 1)
  1427  			if *bits == 0 {
  1428  				// Skip 8 words.
  1429  				i += 7 * goarch.PtrSize
  1430  				continue
  1431  			}
  1432  			mask = 1
  1433  		}
  1434  		if *bits&mask != 0 {
  1435  			dstx := (*uintptr)(unsafe.Pointer(dst + i))
  1436  			if src == 0 {
  1437  				p := buf.get1()
  1438  				p[0] = *dstx
  1439  			} else {
  1440  				srcx := (*uintptr)(unsafe.Pointer(src + i))
  1441  				p := buf.get2()
  1442  				p[0] = *dstx
  1443  				p[1] = *srcx
  1444  			}
  1445  		}
  1446  		mask <<= 1
  1447  	}
  1448  }
  1449  
  1450  // typeBitsBulkBarrier executes a write barrier for every
  1451  // pointer that would be copied from [src, src+size) to [dst,
  1452  // dst+size) by a memmove using the type bitmap to locate those
  1453  // pointer slots.
  1454  //
  1455  // The type typ must correspond exactly to [src, src+size) and [dst, dst+size).
  1456  // dst, src, and size must be pointer-aligned.
  1457  //
  1458  // Must not be preempted because it typically runs right before memmove,
  1459  // and the GC must observe them as an atomic action.
  1460  //
  1461  // Callers must perform cgo checks if goexperiment.CgoCheck2.
  1462  //
  1463  //go:nosplit
  1464  func typeBitsBulkBarrier(typ *_type, dst, src, size uintptr) {
  1465  	if typ == nil {
  1466  		throw("runtime: typeBitsBulkBarrier without type")
  1467  	}
  1468  	if typ.Size_ != size {
  1469  		println("runtime: typeBitsBulkBarrier with type ", toRType(typ).string(), " of size ", typ.Size_, " but memory size", size)
  1470  		throw("runtime: invalid typeBitsBulkBarrier")
  1471  	}
  1472  	if !writeBarrier.enabled {
  1473  		return
  1474  	}
  1475  	ptrmask := getGCMask(typ)
  1476  	buf := &getg().m.p.ptr().wbBuf
  1477  	var bits uint32
  1478  	for i := uintptr(0); i < typ.PtrBytes; i += goarch.PtrSize {
  1479  		if i&(goarch.PtrSize*8-1) == 0 {
  1480  			bits = uint32(*ptrmask)
  1481  			ptrmask = addb(ptrmask, 1)
  1482  		} else {
  1483  			bits = bits >> 1
  1484  		}
  1485  		if bits&1 != 0 {
  1486  			dstx := (*uintptr)(unsafe.Pointer(dst + i))
  1487  			srcx := (*uintptr)(unsafe.Pointer(src + i))
  1488  			p := buf.get2()
  1489  			p[0] = *dstx
  1490  			p[1] = *srcx
  1491  		}
  1492  	}
  1493  }
  1494  
  1495  // countAlloc returns the number of objects allocated in span s by
  1496  // scanning the mark bitmap.
  1497  func (s *mspan) countAlloc() int {
  1498  	count := 0
  1499  	bytes := divRoundUp(uintptr(s.nelems), 8)
  1500  	// Iterate over each 8-byte chunk and count allocations
  1501  	// with an intrinsic. Note that newMarkBits guarantees that
  1502  	// gcmarkBits will be 8-byte aligned, so we don't have to
  1503  	// worry about edge cases, irrelevant bits will simply be zero.
  1504  	for i := uintptr(0); i < bytes; i += 8 {
  1505  		// Extract 64 bits from the byte pointer and get a OnesCount.
  1506  		// Note that the unsafe cast here doesn't preserve endianness,
  1507  		// but that's OK. We only care about how many bits are 1, not
  1508  		// about the order we discover them in.
  1509  		mrkBits := *(*uint64)(unsafe.Pointer(s.gcmarkBits.bytep(i)))
  1510  		count += sys.OnesCount64(mrkBits)
  1511  	}
  1512  	return count
  1513  }
  1514  
  1515  // Read the bytes starting at the aligned pointer p into a uintptr.
  1516  // Read is little-endian.
  1517  func readUintptr(p *byte) uintptr {
  1518  	x := *(*uintptr)(unsafe.Pointer(p))
  1519  	if goarch.BigEndian {
  1520  		if goarch.PtrSize == 8 {
  1521  			return uintptr(sys.Bswap64(uint64(x)))
  1522  		}
  1523  		return uintptr(sys.Bswap32(uint32(x)))
  1524  	}
  1525  	return x
  1526  }
  1527  
  1528  var debugPtrmask struct {
  1529  	lock mutex
  1530  	data *byte
  1531  }
  1532  
  1533  // progToPointerMask returns the 1-bit pointer mask output by the GC program prog.
  1534  // size the size of the region described by prog, in bytes.
  1535  // The resulting bitvector will have no more than size/goarch.PtrSize bits.
  1536  func progToPointerMask(prog *byte, size uintptr) bitvector {
  1537  	n := (size/goarch.PtrSize + 7) / 8
  1538  	x := (*[1 << 30]byte)(persistentalloc(n+1, 1, &memstats.buckhash_sys))[:n+1]
  1539  	x[len(x)-1] = 0xa1 // overflow check sentinel
  1540  	n = runGCProg(prog, &x[0])
  1541  	if x[len(x)-1] != 0xa1 {
  1542  		throw("progToPointerMask: overflow")
  1543  	}
  1544  	return bitvector{int32(n), &x[0]}
  1545  }
  1546  
  1547  // Packed GC pointer bitmaps, aka GC programs.
  1548  //
  1549  // For large types containing arrays, the type information has a
  1550  // natural repetition that can be encoded to save space in the
  1551  // binary and in the memory representation of the type information.
  1552  //
  1553  // The encoding is a simple Lempel-Ziv style bytecode machine
  1554  // with the following instructions:
  1555  //
  1556  //	00000000: stop
  1557  //	0nnnnnnn: emit n bits copied from the next (n+7)/8 bytes
  1558  //	10000000 n c: repeat the previous n bits c times; n, c are varints
  1559  //	1nnnnnnn c: repeat the previous n bits c times; c is a varint
  1560  //
  1561  // Currently, gc programs are only used for describing data and bss
  1562  // sections of the binary.
  1563  
  1564  // runGCProg returns the number of 1-bit entries written to memory.
  1565  func runGCProg(prog, dst *byte) uintptr {
  1566  	dstStart := dst
  1567  
  1568  	// Bits waiting to be written to memory.
  1569  	var bits uintptr
  1570  	var nbits uintptr
  1571  
  1572  	p := prog
  1573  Run:
  1574  	for {
  1575  		// Flush accumulated full bytes.
  1576  		// The rest of the loop assumes that nbits <= 7.
  1577  		for ; nbits >= 8; nbits -= 8 {
  1578  			*dst = uint8(bits)
  1579  			dst = add1(dst)
  1580  			bits >>= 8
  1581  		}
  1582  
  1583  		// Process one instruction.
  1584  		inst := uintptr(*p)
  1585  		p = add1(p)
  1586  		n := inst & 0x7F
  1587  		if inst&0x80 == 0 {
  1588  			// Literal bits; n == 0 means end of program.
  1589  			if n == 0 {
  1590  				// Program is over.
  1591  				break Run
  1592  			}
  1593  			nbyte := n / 8
  1594  			for i := uintptr(0); i < nbyte; i++ {
  1595  				bits |= uintptr(*p) << nbits
  1596  				p = add1(p)
  1597  				*dst = uint8(bits)
  1598  				dst = add1(dst)
  1599  				bits >>= 8
  1600  			}
  1601  			if n %= 8; n > 0 {
  1602  				bits |= uintptr(*p) << nbits
  1603  				p = add1(p)
  1604  				nbits += n
  1605  			}
  1606  			continue Run
  1607  		}
  1608  
  1609  		// Repeat. If n == 0, it is encoded in a varint in the next bytes.
  1610  		if n == 0 {
  1611  			for off := uint(0); ; off += 7 {
  1612  				x := uintptr(*p)
  1613  				p = add1(p)
  1614  				n |= (x & 0x7F) << off
  1615  				if x&0x80 == 0 {
  1616  					break
  1617  				}
  1618  			}
  1619  		}
  1620  
  1621  		// Count is encoded in a varint in the next bytes.
  1622  		c := uintptr(0)
  1623  		for off := uint(0); ; off += 7 {
  1624  			x := uintptr(*p)
  1625  			p = add1(p)
  1626  			c |= (x & 0x7F) << off
  1627  			if x&0x80 == 0 {
  1628  				break
  1629  			}
  1630  		}
  1631  		c *= n // now total number of bits to copy
  1632  
  1633  		// If the number of bits being repeated is small, load them
  1634  		// into a register and use that register for the entire loop
  1635  		// instead of repeatedly reading from memory.
  1636  		// Handling fewer than 8 bits here makes the general loop simpler.
  1637  		// The cutoff is goarch.PtrSize*8 - 7 to guarantee that when we add
  1638  		// the pattern to a bit buffer holding at most 7 bits (a partial byte)
  1639  		// it will not overflow.
  1640  		src := dst
  1641  		const maxBits = goarch.PtrSize*8 - 7
  1642  		if n <= maxBits {
  1643  			// Start with bits in output buffer.
  1644  			pattern := bits
  1645  			npattern := nbits
  1646  
  1647  			// If we need more bits, fetch them from memory.
  1648  			src = subtract1(src)
  1649  			for npattern < n {
  1650  				pattern <<= 8
  1651  				pattern |= uintptr(*src)
  1652  				src = subtract1(src)
  1653  				npattern += 8
  1654  			}
  1655  
  1656  			// We started with the whole bit output buffer,
  1657  			// and then we loaded bits from whole bytes.
  1658  			// Either way, we might now have too many instead of too few.
  1659  			// Discard the extra.
  1660  			if npattern > n {
  1661  				pattern >>= npattern - n
  1662  				npattern = n
  1663  			}
  1664  
  1665  			// Replicate pattern to at most maxBits.
  1666  			if npattern == 1 {
  1667  				// One bit being repeated.
  1668  				// If the bit is 1, make the pattern all 1s.
  1669  				// If the bit is 0, the pattern is already all 0s,
  1670  				// but we can claim that the number of bits
  1671  				// in the word is equal to the number we need (c),
  1672  				// because right shift of bits will zero fill.
  1673  				if pattern == 1 {
  1674  					pattern = 1<<maxBits - 1
  1675  					npattern = maxBits
  1676  				} else {
  1677  					npattern = c
  1678  				}
  1679  			} else {
  1680  				b := pattern
  1681  				nb := npattern
  1682  				if nb+nb <= maxBits {
  1683  					// Double pattern until the whole uintptr is filled.
  1684  					for nb <= goarch.PtrSize*8 {
  1685  						b |= b << nb
  1686  						nb += nb
  1687  					}
  1688  					// Trim away incomplete copy of original pattern in high bits.
  1689  					// TODO(rsc): Replace with table lookup or loop on systems without divide?
  1690  					nb = maxBits / npattern * npattern
  1691  					b &= 1<<nb - 1
  1692  					pattern = b
  1693  					npattern = nb
  1694  				}
  1695  			}
  1696  
  1697  			// Add pattern to bit buffer and flush bit buffer, c/npattern times.
  1698  			// Since pattern contains >8 bits, there will be full bytes to flush
  1699  			// on each iteration.
  1700  			for ; c >= npattern; c -= npattern {
  1701  				bits |= pattern << nbits
  1702  				nbits += npattern
  1703  				for nbits >= 8 {
  1704  					*dst = uint8(bits)
  1705  					dst = add1(dst)
  1706  					bits >>= 8
  1707  					nbits -= 8
  1708  				}
  1709  			}
  1710  
  1711  			// Add final fragment to bit buffer.
  1712  			if c > 0 {
  1713  				pattern &= 1<<c - 1
  1714  				bits |= pattern << nbits
  1715  				nbits += c
  1716  			}
  1717  			continue Run
  1718  		}
  1719  
  1720  		// Repeat; n too large to fit in a register.
  1721  		// Since nbits <= 7, we know the first few bytes of repeated data
  1722  		// are already written to memory.
  1723  		off := n - nbits // n > nbits because n > maxBits and nbits <= 7
  1724  		// Leading src fragment.
  1725  		src = subtractb(src, (off+7)/8)
  1726  		if frag := off & 7; frag != 0 {
  1727  			bits |= uintptr(*src) >> (8 - frag) << nbits
  1728  			src = add1(src)
  1729  			nbits += frag
  1730  			c -= frag
  1731  		}
  1732  		// Main loop: load one byte, write another.
  1733  		// The bits are rotating through the bit buffer.
  1734  		for i := c / 8; i > 0; i-- {
  1735  			bits |= uintptr(*src) << nbits
  1736  			src = add1(src)
  1737  			*dst = uint8(bits)
  1738  			dst = add1(dst)
  1739  			bits >>= 8
  1740  		}
  1741  		// Final src fragment.
  1742  		if c %= 8; c > 0 {
  1743  			bits |= (uintptr(*src) & (1<<c - 1)) << nbits
  1744  			nbits += c
  1745  		}
  1746  	}
  1747  
  1748  	// Write any final bits out, using full-byte writes, even for the final byte.
  1749  	totalBits := (uintptr(unsafe.Pointer(dst))-uintptr(unsafe.Pointer(dstStart)))*8 + nbits
  1750  	nbits += -nbits & 7
  1751  	for ; nbits > 0; nbits -= 8 {
  1752  		*dst = uint8(bits)
  1753  		dst = add1(dst)
  1754  		bits >>= 8
  1755  	}
  1756  	return totalBits
  1757  }
  1758  
  1759  func dumpGCProg(p *byte) {
  1760  	nptr := 0
  1761  	for {
  1762  		x := *p
  1763  		p = add1(p)
  1764  		if x == 0 {
  1765  			print("\t", nptr, " end\n")
  1766  			break
  1767  		}
  1768  		if x&0x80 == 0 {
  1769  			print("\t", nptr, " lit ", x, ":")
  1770  			n := int(x+7) / 8
  1771  			for i := 0; i < n; i++ {
  1772  				print(" ", hex(*p))
  1773  				p = add1(p)
  1774  			}
  1775  			print("\n")
  1776  			nptr += int(x)
  1777  		} else {
  1778  			nbit := int(x &^ 0x80)
  1779  			if nbit == 0 {
  1780  				for nb := uint(0); ; nb += 7 {
  1781  					x := *p
  1782  					p = add1(p)
  1783  					nbit |= int(x&0x7f) << nb
  1784  					if x&0x80 == 0 {
  1785  						break
  1786  					}
  1787  				}
  1788  			}
  1789  			count := 0
  1790  			for nb := uint(0); ; nb += 7 {
  1791  				x := *p
  1792  				p = add1(p)
  1793  				count |= int(x&0x7f) << nb
  1794  				if x&0x80 == 0 {
  1795  					break
  1796  				}
  1797  			}
  1798  			print("\t", nptr, " repeat ", nbit, " × ", count, "\n")
  1799  			nptr += nbit * count
  1800  		}
  1801  	}
  1802  }
  1803  
  1804  // Testing.
  1805  
  1806  // reflect_gcbits returns the GC type info for x, for testing.
  1807  // The result is the bitmap entries (0 or 1), one entry per byte.
  1808  //
  1809  //go:linkname reflect_gcbits reflect.gcbits
  1810  func reflect_gcbits(x any) []byte {
  1811  	return pointerMask(x)
  1812  }
  1813  
  1814  // Returns GC type info for the pointer stored in ep for testing.
  1815  // If ep points to the stack, only static live information will be returned
  1816  // (i.e. not for objects which are only dynamically live stack objects).
  1817  func pointerMask(ep any) (mask []byte) {
  1818  	e := *efaceOf(&ep)
  1819  	p := e.data
  1820  	t := e._type
  1821  
  1822  	var et *_type
  1823  	if t.Kind() != abi.Pointer {
  1824  		throw("bad argument to getgcmask: expected type to be a pointer to the value type whose mask is being queried")
  1825  	}
  1826  	et = (*ptrtype)(unsafe.Pointer(t)).Elem
  1827  
  1828  	// data or bss
  1829  	for _, datap := range activeModules() {
  1830  		// data
  1831  		if datap.data <= uintptr(p) && uintptr(p) < datap.edata {
  1832  			bitmap := datap.gcdatamask.bytedata
  1833  			n := et.Size_
  1834  			mask = make([]byte, n/goarch.PtrSize)
  1835  			for i := uintptr(0); i < n; i += goarch.PtrSize {
  1836  				off := (uintptr(p) + i - datap.data) / goarch.PtrSize
  1837  				mask[i/goarch.PtrSize] = (*addb(bitmap, off/8) >> (off % 8)) & 1
  1838  			}
  1839  			return
  1840  		}
  1841  
  1842  		// bss
  1843  		if datap.bss <= uintptr(p) && uintptr(p) < datap.ebss {
  1844  			bitmap := datap.gcbssmask.bytedata
  1845  			n := et.Size_
  1846  			mask = make([]byte, n/goarch.PtrSize)
  1847  			for i := uintptr(0); i < n; i += goarch.PtrSize {
  1848  				off := (uintptr(p) + i - datap.bss) / goarch.PtrSize
  1849  				mask[i/goarch.PtrSize] = (*addb(bitmap, off/8) >> (off % 8)) & 1
  1850  			}
  1851  			return
  1852  		}
  1853  	}
  1854  
  1855  	// heap
  1856  	if base, s, _ := findObject(uintptr(p), 0, 0); base != 0 {
  1857  		if s.spanclass.noscan() {
  1858  			return nil
  1859  		}
  1860  		limit := base + s.elemsize
  1861  
  1862  		// Move the base up to the iterator's start, because
  1863  		// we want to hide evidence of a malloc header from the
  1864  		// caller.
  1865  		tp := s.typePointersOfUnchecked(base)
  1866  		base = tp.addr
  1867  
  1868  		// Unroll the full bitmap the GC would actually observe.
  1869  		maskFromHeap := make([]byte, (limit-base)/goarch.PtrSize)
  1870  		for {
  1871  			var addr uintptr
  1872  			if tp, addr = tp.next(limit); addr == 0 {
  1873  				break
  1874  			}
  1875  			maskFromHeap[(addr-base)/goarch.PtrSize] = 1
  1876  		}
  1877  
  1878  		// Double-check that every part of the ptr/scalar we're not
  1879  		// showing the caller is zeroed. This keeps us honest that
  1880  		// that information is actually irrelevant.
  1881  		for i := limit; i < s.elemsize; i++ {
  1882  			if *(*byte)(unsafe.Pointer(i)) != 0 {
  1883  				throw("found non-zeroed tail of allocation")
  1884  			}
  1885  		}
  1886  
  1887  		// Callers (and a check we're about to run) expects this mask
  1888  		// to end at the last pointer.
  1889  		for len(maskFromHeap) > 0 && maskFromHeap[len(maskFromHeap)-1] == 0 {
  1890  			maskFromHeap = maskFromHeap[:len(maskFromHeap)-1]
  1891  		}
  1892  
  1893  		// Unroll again, but this time from the type information.
  1894  		maskFromType := make([]byte, (limit-base)/goarch.PtrSize)
  1895  		tp = s.typePointersOfType(et, base)
  1896  		for {
  1897  			var addr uintptr
  1898  			if tp, addr = tp.next(limit); addr == 0 {
  1899  				break
  1900  			}
  1901  			maskFromType[(addr-base)/goarch.PtrSize] = 1
  1902  		}
  1903  
  1904  		// Validate that the prefix of maskFromType is equal to
  1905  		// maskFromHeap. maskFromType may contain more pointers than
  1906  		// maskFromHeap produces because maskFromHeap may be able to
  1907  		// get exact type information for certain classes of objects.
  1908  		// With maskFromType, we're always just tiling the type bitmap
  1909  		// through to the elemsize.
  1910  		//
  1911  		// It's OK if maskFromType has pointers in elemsize that extend
  1912  		// past the actual populated space; we checked above that all
  1913  		// that space is zeroed, so just the GC will just see nil pointers.
  1914  		differs := false
  1915  		for i := range maskFromHeap {
  1916  			if maskFromHeap[i] != maskFromType[i] {
  1917  				differs = true
  1918  				break
  1919  			}
  1920  		}
  1921  
  1922  		if differs {
  1923  			print("runtime: heap mask=")
  1924  			for _, b := range maskFromHeap {
  1925  				print(b)
  1926  			}
  1927  			println()
  1928  			print("runtime: type mask=")
  1929  			for _, b := range maskFromType {
  1930  				print(b)
  1931  			}
  1932  			println()
  1933  			print("runtime: type=", toRType(et).string(), "\n")
  1934  			throw("found two different masks from two different methods")
  1935  		}
  1936  
  1937  		// Select the heap mask to return. We may not have a type mask.
  1938  		mask = maskFromHeap
  1939  
  1940  		// Make sure we keep ep alive. We may have stopped referencing
  1941  		// ep's data pointer sometime before this point and it's possible
  1942  		// for that memory to get freed.
  1943  		KeepAlive(ep)
  1944  		return
  1945  	}
  1946  
  1947  	// stack
  1948  	if gp := getg(); gp.m.curg.stack.lo <= uintptr(p) && uintptr(p) < gp.m.curg.stack.hi {
  1949  		found := false
  1950  		var u unwinder
  1951  		for u.initAt(gp.m.curg.sched.pc, gp.m.curg.sched.sp, 0, gp.m.curg, 0); u.valid(); u.next() {
  1952  			if u.frame.sp <= uintptr(p) && uintptr(p) < u.frame.varp {
  1953  				found = true
  1954  				break
  1955  			}
  1956  		}
  1957  		if found {
  1958  			locals, _, _ := u.frame.getStackMap(false)
  1959  			if locals.n == 0 {
  1960  				return
  1961  			}
  1962  			size := uintptr(locals.n) * goarch.PtrSize
  1963  			n := (*ptrtype)(unsafe.Pointer(t)).Elem.Size_
  1964  			mask = make([]byte, n/goarch.PtrSize)
  1965  			for i := uintptr(0); i < n; i += goarch.PtrSize {
  1966  				off := (uintptr(p) + i - u.frame.varp + size) / goarch.PtrSize
  1967  				mask[i/goarch.PtrSize] = locals.ptrbit(off)
  1968  			}
  1969  		}
  1970  		return
  1971  	}
  1972  
  1973  	// otherwise, not something the GC knows about.
  1974  	// possibly read-only data, like malloc(0).
  1975  	// must not have pointers
  1976  	return
  1977  }
  1978
View as plain text