Open aclements opened 8 years ago
We could also change fixalloc to take a _type* rather than a size, and then perhaps we could somehow ensure that the type had the new annotation.
This doesn't need the formality of the proposal process. Anything that works and that you are willing to implement is fine.
CL https://golang.org/cl/30939 mentions this issue.
Change https://golang.org/cl/249917 mentions this issue: cmd/compile: don't allow go:notinheap on the heap or stack
Change https://golang.org/cl/255320 mentions this issue: cmd/compile: don't allow go:notinheap on the heap or stack
@randall77 recently found some subtle issues related to write barriers on fields that point from runtime structures allocated from non-GCed (and hence non-scanned) memory to GCed heap memory. I manually audited all non-GCed structures to find any other such pointers, but obviously manual auditing can get out of date.
One possible way to help automate this is to add an annotation on types that are allocated from non-GCed memory. This annotation would disallow pointers to types that do not have this annotation and would disallow calling new on this type (implicit heap allocations are already disallowed in the runtime). It should probably also disallow unsafe.Pointer in annotated types (effectively requiring uintptr instead).
/cc @randall77 @ianlancetaylor @rsc @RLH