github.com/cockroachdb/tools@v0.0.0-20230222021103-a6d27438930d/go/analysis/passes/unsafeptr/unsafeptr.go (about) 1 // Copyright 2014 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package unsafeptr defines an Analyzer that checks for invalid 6 // conversions of uintptr to unsafe.Pointer. 7 package unsafeptr 8 9 import ( 10 "go/ast" 11 "go/token" 12 "go/types" 13 14 "golang.org/x/tools/go/analysis" 15 "golang.org/x/tools/go/analysis/passes/inspect" 16 "golang.org/x/tools/go/analysis/passes/internal/analysisutil" 17 "golang.org/x/tools/go/ast/inspector" 18 ) 19 20 const Doc = `check for invalid conversions of uintptr to unsafe.Pointer 21 22 The unsafeptr analyzer reports likely incorrect uses of unsafe.Pointer 23 to convert integers to pointers. A conversion from uintptr to 24 unsafe.Pointer is invalid if it implies that there is a uintptr-typed 25 word in memory that holds a pointer value, because that word will be 26 invisible to stack copying and to the garbage collector.` 27 28 var Analyzer = &analysis.Analyzer{ 29 Name: "unsafeptr", 30 Doc: Doc, 31 Requires: []*analysis.Analyzer{inspect.Analyzer}, 32 Run: run, 33 } 34 35 func run(pass *analysis.Pass) (interface{}, error) { 36 inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector) 37 38 nodeFilter := []ast.Node{ 39 (*ast.CallExpr)(nil), 40 (*ast.StarExpr)(nil), 41 (*ast.UnaryExpr)(nil), 42 } 43 inspect.Preorder(nodeFilter, func(n ast.Node) { 44 switch x := n.(type) { 45 case *ast.CallExpr: 46 if len(x.Args) == 1 && 47 hasBasicType(pass.TypesInfo, x.Fun, types.UnsafePointer) && 48 hasBasicType(pass.TypesInfo, x.Args[0], types.Uintptr) && 49 !isSafeUintptr(pass.TypesInfo, x.Args[0]) { 50 pass.ReportRangef(x, "possible misuse of unsafe.Pointer") 51 } 52 case *ast.StarExpr: 53 if t := pass.TypesInfo.Types[x].Type; isReflectHeader(t) { 54 pass.ReportRangef(x, "possible misuse of %s", t) 55 } 56 case *ast.UnaryExpr: 57 if x.Op != token.AND { 58 return 59 } 60 if t := pass.TypesInfo.Types[x.X].Type; isReflectHeader(t) { 61 pass.ReportRangef(x, "possible misuse of %s", t) 62 } 63 } 64 }) 65 return nil, nil 66 } 67 68 // isSafeUintptr reports whether x - already known to be a uintptr - 69 // is safe to convert to unsafe.Pointer. 70 func isSafeUintptr(info *types.Info, x ast.Expr) bool { 71 // Check unsafe.Pointer safety rules according to 72 // https://golang.org/pkg/unsafe/#Pointer. 73 74 switch x := analysisutil.Unparen(x).(type) { 75 case *ast.SelectorExpr: 76 // "(6) Conversion of a reflect.SliceHeader or 77 // reflect.StringHeader Data field to or from Pointer." 78 if x.Sel.Name != "Data" { 79 break 80 } 81 // reflect.SliceHeader and reflect.StringHeader are okay, 82 // but only if they are pointing at a real slice or string. 83 // It's not okay to do: 84 // var x SliceHeader 85 // x.Data = uintptr(unsafe.Pointer(...)) 86 // ... use x ... 87 // p := unsafe.Pointer(x.Data) 88 // because in the middle the garbage collector doesn't 89 // see x.Data as a pointer and so x.Data may be dangling 90 // by the time we get to the conversion at the end. 91 // For now approximate by saying that *Header is okay 92 // but Header is not. 93 pt, ok := info.Types[x.X].Type.(*types.Pointer) 94 if ok && isReflectHeader(pt.Elem()) { 95 return true 96 } 97 98 case *ast.CallExpr: 99 // "(5) Conversion of the result of reflect.Value.Pointer or 100 // reflect.Value.UnsafeAddr from uintptr to Pointer." 101 if len(x.Args) != 0 { 102 break 103 } 104 sel, ok := x.Fun.(*ast.SelectorExpr) 105 if !ok { 106 break 107 } 108 switch sel.Sel.Name { 109 case "Pointer", "UnsafeAddr": 110 t, ok := info.Types[sel.X].Type.(*types.Named) 111 if ok && t.Obj().Pkg().Path() == "reflect" && t.Obj().Name() == "Value" { 112 return true 113 } 114 } 115 } 116 117 // "(3) Conversion of a Pointer to a uintptr and back, with arithmetic." 118 return isSafeArith(info, x) 119 } 120 121 // isSafeArith reports whether x is a pointer arithmetic expression that is safe 122 // to convert to unsafe.Pointer. 123 func isSafeArith(info *types.Info, x ast.Expr) bool { 124 switch x := analysisutil.Unparen(x).(type) { 125 case *ast.CallExpr: 126 // Base case: initial conversion from unsafe.Pointer to uintptr. 127 return len(x.Args) == 1 && 128 hasBasicType(info, x.Fun, types.Uintptr) && 129 hasBasicType(info, x.Args[0], types.UnsafePointer) 130 131 case *ast.BinaryExpr: 132 // "It is valid both to add and to subtract offsets from a 133 // pointer in this way. It is also valid to use &^ to round 134 // pointers, usually for alignment." 135 switch x.Op { 136 case token.ADD, token.SUB, token.AND_NOT: 137 // TODO(mdempsky): Match compiler 138 // semantics. ADD allows a pointer on either 139 // side; SUB and AND_NOT don't care about RHS. 140 return isSafeArith(info, x.X) && !isSafeArith(info, x.Y) 141 } 142 } 143 144 return false 145 } 146 147 // hasBasicType reports whether x's type is a types.Basic with the given kind. 148 func hasBasicType(info *types.Info, x ast.Expr, kind types.BasicKind) bool { 149 t := info.Types[x].Type 150 if t != nil { 151 t = t.Underlying() 152 } 153 b, ok := t.(*types.Basic) 154 return ok && b.Kind() == kind 155 } 156 157 // isReflectHeader reports whether t is reflect.SliceHeader or reflect.StringHeader. 158 func isReflectHeader(t types.Type) bool { 159 if named, ok := t.(*types.Named); ok { 160 if obj := named.Obj(); obj.Pkg() != nil && obj.Pkg().Path() == "reflect" { 161 switch obj.Name() { 162 case "SliceHeader", "StringHeader": 163 return true 164 } 165 } 166 } 167 return false 168 }