runtime: explain and enforce that _panic values live on the stack

It's a bit mysterious that _defer.sp is a uintptr that gets stack-adjusted explicitly while _panic.argp is an unsafe.Pointer that doesn't, but turns out to be critically important when a deferred function grows the stack before doing a recover. Add a comment explaining that this works because _panic values live on the stack. Enforce this by marking _panic go:notinheap. Change-Id: I9ca49e84ee1f86d881552c55dccd0662b530836b Reviewed-on: https://go-review.googlesource.com/99735 Run-TryBot: Austin Clements <austin@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Matthew Dempsky <mdempsky@google.com>
2025-12-08 06:10:04 +00:00 · 2018-03-08 17:48:22 -05:00 · 2018-03-08 17:48:22 -05:00 · 5d22cebb12
commit 5d22cebb12
parent 60a9e5d613
1 changed files with 11 additions and 1 deletions
--- a/src/runtime/runtime2.go
+++ b/src/runtime/runtime2.go
@ -710,7 +710,17 @@ type _defer struct {
 	link    *_defer
 }

-// panics
+// A _panic holds information about an active panic.
+//
+// This is marked go:notinheap because _panic values must only ever
+// live on the stack.
+//
+// The argp and link fields are stack pointers, but don't need special
+// handling during stack growth: because they are pointer-typed and
+// _panic values only live on the stack, regular stack pointer
+// adjustment takes care of them.
+//
+//go:notinheap
 type _panic struct {
 	argp      unsafe.Pointer // pointer to arguments of deferred call run during panic; cannot move - known to liblink
 	arg       interface{}    // argument to panic