unsafeptr.go

Documentation: golang.org/x/tools/go/analysis/passes/unsafeptr

     1  // Copyright 2014 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package unsafeptr defines an Analyzer that checks for invalid
     6  // conversions of uintptr to unsafe.Pointer.
     7  package unsafeptr
     8  
     9  import (
    10  	"go/ast"
    11  	"go/token"
    12  	"go/types"
    13  
    14  	"golang.org/x/tools/go/analysis"
    15  	"golang.org/x/tools/go/analysis/passes/inspect"
    16  	"golang.org/x/tools/go/analysis/passes/internal/analysisutil"
    17  	"golang.org/x/tools/go/ast/inspector"
    18  )
    19  
    20  const Doc = `check for invalid conversions of uintptr to unsafe.Pointer
    21  
    22  The unsafeptr analyzer reports likely incorrect uses of unsafe.Pointer
    23  to convert integers to pointers. A conversion from uintptr to
    24  unsafe.Pointer is invalid if it implies that there is a uintptr-typed
    25  word in memory that holds a pointer value, because that word will be
    26  invisible to stack copying and to the garbage collector.`
    27  
    28  var Analyzer = &analysis.Analyzer{
    29  	Name:     "unsafeptr",
    30  	Doc:      Doc,
    31  	Requires: []*analysis.Analyzer{inspect.Analyzer},
    32  	Run:      run,
    33  }
    34  
    35  func run(pass *analysis.Pass) (interface{}, error) {
    36  	inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
    37  
    38  	nodeFilter := []ast.Node{
    39  		(*ast.CallExpr)(nil),
    40  		(*ast.StarExpr)(nil),
    41  		(*ast.UnaryExpr)(nil),
    42  	}
    43  	inspect.Preorder(nodeFilter, func(n ast.Node) {
    44  		switch x := n.(type) {
    45  		case *ast.CallExpr:
    46  			if len(x.Args) == 1 &&
    47  				hasBasicType(pass.TypesInfo, x.Fun, types.UnsafePointer) &&
    48  				hasBasicType(pass.TypesInfo, x.Args[0], types.Uintptr) &&
    49  				!isSafeUintptr(pass.TypesInfo, x.Args[0]) {
    50  				pass.ReportRangef(x, "possible misuse of unsafe.Pointer")
    51  			}
    52  		case *ast.StarExpr:
    53  			if t := pass.TypesInfo.Types[x].Type; isReflectHeader(t) {
    54  				pass.ReportRangef(x, "possible misuse of %s", t)
    55  			}
    56  		case *ast.UnaryExpr:
    57  			if x.Op != token.AND {
    58  				return
    59  			}
    60  			if t := pass.TypesInfo.Types[x.X].Type; isReflectHeader(t) {
    61  				pass.ReportRangef(x, "possible misuse of %s", t)
    62  			}
    63  		}
    64  	})
    65  	return nil, nil
    66  }
    67  
    68  // isSafeUintptr reports whether x - already known to be a uintptr -
    69  // is safe to convert to unsafe.Pointer.
    70  func isSafeUintptr(info *types.Info, x ast.Expr) bool {
    71  	// Check unsafe.Pointer safety rules according to
    72  	// https://golang.org/pkg/unsafe/#Pointer.
    73  
    74  	switch x := analysisutil.Unparen(x).(type) {
    75  	case *ast.SelectorExpr:
    76  		// "(6) Conversion of a reflect.SliceHeader or
    77  		// reflect.StringHeader Data field to or from Pointer."
    78  		if x.Sel.Name != "Data" {
    79  			break
    80  		}
    81  		// reflect.SliceHeader and reflect.StringHeader are okay,
    82  		// but only if they are pointing at a real slice or string.
    83  		// It's not okay to do:
    84  		//	var x SliceHeader
    85  		//	x.Data = uintptr(unsafe.Pointer(...))
    86  		//	... use x ...
    87  		//	p := unsafe.Pointer(x.Data)
    88  		// because in the middle the garbage collector doesn't
    89  		// see x.Data as a pointer and so x.Data may be dangling
    90  		// by the time we get to the conversion at the end.
    91  		// For now approximate by saying that *Header is okay
    92  		// but Header is not.
    93  		pt, ok := info.Types[x.X].Type.(*types.Pointer)
    94  		if ok && isReflectHeader(pt.Elem()) {
    95  			return true
    96  		}
    97  
    98  	case *ast.CallExpr:
    99  		// "(5) Conversion of the result of reflect.Value.Pointer or
   100  		// reflect.Value.UnsafeAddr from uintptr to Pointer."
   101  		if len(x.Args) != 0 {
   102  			break
   103  		}
   104  		sel, ok := x.Fun.(*ast.SelectorExpr)
   105  		if !ok {
   106  			break
   107  		}
   108  		switch sel.Sel.Name {
   109  		case "Pointer", "UnsafeAddr":
   110  			t, ok := info.Types[sel.X].Type.(*types.Named)
   111  			if ok && t.Obj().Pkg().Path() == "reflect" && t.Obj().Name() == "Value" {
   112  				return true
   113  			}
   114  		}
   115  	}
   116  
   117  	// "(3) Conversion of a Pointer to a uintptr and back, with arithmetic."
   118  	return isSafeArith(info, x)
   119  }
   120  
   121  // isSafeArith reports whether x is a pointer arithmetic expression that is safe
   122  // to convert to unsafe.Pointer.
   123  func isSafeArith(info *types.Info, x ast.Expr) bool {
   124  	switch x := analysisutil.Unparen(x).(type) {
   125  	case *ast.CallExpr:
   126  		// Base case: initial conversion from unsafe.Pointer to uintptr.
   127  		return len(x.Args) == 1 &&
   128  			hasBasicType(info, x.Fun, types.Uintptr) &&
   129  			hasBasicType(info, x.Args[0], types.UnsafePointer)
   130  
   131  	case *ast.BinaryExpr:
   132  		// "It is valid both to add and to subtract offsets from a
   133  		// pointer in this way. It is also valid to use &^ to round
   134  		// pointers, usually for alignment."
   135  		switch x.Op {
   136  		case token.ADD, token.SUB, token.AND_NOT:
   137  			// TODO(mdempsky): Match compiler
   138  			// semantics. ADD allows a pointer on either
   139  			// side; SUB and AND_NOT don't care about RHS.
   140  			return isSafeArith(info, x.X) && !isSafeArith(info, x.Y)
   141  		}
   142  	}
   143  
   144  	return false
   145  }
   146  
   147  // hasBasicType reports whether x's type is a types.Basic with the given kind.
   148  func hasBasicType(info *types.Info, x ast.Expr, kind types.BasicKind) bool {
   149  	t := info.Types[x].Type
   150  	if t != nil {
   151  		t = t.Underlying()
   152  	}
   153  	b, ok := t.(*types.Basic)
   154  	return ok && b.Kind() == kind
   155  }
   156  
   157  // isReflectHeader reports whether t is reflect.SliceHeader or reflect.StringHeader.
   158  func isReflectHeader(t types.Type) bool {
   159  	if named, ok := t.(*types.Named); ok {
   160  		if obj := named.Obj(); obj.Pkg() != nil && obj.Pkg().Path() == "reflect" {
   161  			switch obj.Name() {
   162  			case "SliceHeader", "StringHeader":
   163  				return true
   164  			}
   165  		}
   166  	}
   167  	return false
   168  }
   169
View as plain text