simpler, more robust bypass

We make the bypass implementation a little simpler by inferring the flag field position from available reflect information and more robust by checking that the flags that are set actually match the semantics we expect. We can restrict the use of unsafe to a single function: flagField.
2018-01-29 09:57:49 +00:00 · 2018-01-29 09:57:49 +00:00 · 87df7c60d5
parent db69d09d2c
commit 87df7c60d5
3 changed files with 96 additions and 104 deletions
--- a/spew/bypass.go
+++ b/spew/bypass.go
@ -16,7 +16,9 @@
 // when the code is not running on Google App Engine, compiled by GopherJS, and
 // "-tags safe" is not added to the go build command line.  The "disableunsafe"
 // tag is deprecated and thus should not be used.
-// +build !js,!appengine,!safe,!disableunsafe
+// Go versions prior to 1.4 are disabled because they use a different layout
 // for interfaces which make the implementation of unsafeReflectValue more complex.
 // +build !js,!appengine,!safe,!disableunsafe,go1.4
 package spew
@ -34,80 +36,49 @@ const (
 	ptrSize = unsafe.Sizeof((*byte)(nil))
 )
-var (
+type flag uintptr
 	// offsetPtr, offsetScalar, and offsetFlag are the offsets for the
 	// internal reflect.Value fields.  These values are valid before golang
 	// commit ecccf07e7f9d which changed the format.  The are also valid
 	// after commit 82f48826c6c7 which changed the format again to mirror
 	// the original format.  Code in the init function updates these offsets
 	// as necessary.
 	offsetPtr    = ptrSize
 	offsetScalar = uintptr(0)
 	offsetFlag   = ptrSize * 2
-	// flagKindWidth and flagKindShift indicate various bits that the
+var (
-	// reflect package uses internally to track kind information.
+	// flagRO indicates whether the value field of a reflect.Value
-	//
+	// is read-only.
-	// flagRO indicates whether or not the value field of a reflect.Value is
+	flagRO flag
-	// read-only.
+
-	//
+	// flagAddr indicates whether the address of the reflect.Value's
-	// flagIndir indicates whether the value field of a reflect.Value is
+	// value may be taken.
-	// the actual data or a pointer to the data.
+	flagAddr flag
 	//
 	// These values are valid before golang commit 90a7c3c86944 which
 	// changed their positions.  Code in the init function updates these
 	// flags as necessary.
 	flagKindWidth = uintptr(5)
 	flagKindShift = flagKindWidth - 1
 	flagRO        = uintptr(1 << 0)
 	flagIndir     = uintptr(1 << 1)
 )
-func init() {
+// flagKindMask holds the bits that make up the kind
-	// Older versions of reflect.Value stored small integers directly in the
+// part of the flags field. In all the supported versions,
-	// ptr field (which is named val in the older versions).  Versions
+// it is in the lower 5 bits.
-	// between commits ecccf07e7f9d and 82f48826c6c7 added a new field named
+const flagKindMask = flag(0x1f)
 	// scalar for this purpose which unfortunately came before the flag
 	// field, so the offset of the flag field is different for those
 	// versions.
 	//
 	// This code constructs a new reflect.Value from a known small integer
 	// and checks if the size of the reflect.Value struct indicates it has
 	// the scalar field. When it does, the offsets are updated accordingly.
 	vv := reflect.ValueOf(0xf00)
 	if unsafe.Sizeof(vv) == (ptrSize * 4) {
 		offsetScalar = ptrSize * 2
 		offsetFlag = ptrSize * 3
 	}
-	// Commit 90a7c3c86944 changed the flag positions such that the low
+// Different versions of Go have used different
-	// order bits are the kind.  This code extracts the kind from the flags
+// bit layouts for the flags type. This table
-	// field and ensures it's the correct type.  When it's not, the flag
+// records the known combinations.
-	// order has been changed to the newer format, so the flags are updated
+var okFlags = []struct {
-	// accordingly.
+	ro, addr flag
-	upf := unsafe.Pointer(uintptr(unsafe.Pointer(&vv)) + offsetFlag)
+}{{
-	upfv := *(*uintptr)(upf)
+	// From Go 1.4 to 1.5
-	flagKindMask := uintptr((1<<flagKindWidth - 1) << flagKindShift)
+	ro:   1 << 5,
-	if (upfv&flagKindMask)>>flagKindShift != uintptr(reflect.Int) {
+	addr: 1 << 7,
-		flagKindShift = 0
+}, {
-		flagRO = 1 << 5
+	// Up to Go tip.
-		flagIndir = 1 << 6
+	ro:   1<<5 | 1<<6,
 	addr: 1 << 8,
 }}
-		// Commit adf9b30e5594 modified the flags to separate the
+var flagValOffset = func() uintptr {
-		// flagRO flag into two bits which specifies whether or not the
+	field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag")
-		// field is embedded.  This causes flagIndir to move over a bit
+	if !ok {
-		// and means that flagRO is the combination of either of the
+		panic("reflect.Value has no flag field")
 		// original flagRO bit and the new bit.
 		//
 		// This code detects the change by extracting what used to be
 		// the indirect bit to ensure it's set.  When it's not, the flag
 		// order has been changed to the newer format, so the flags are
 		// updated accordingly.
 		if upfv&flagIndir == 0 {
 			flagRO = 3 << 5
 			flagIndir = 1 << 7
 		}
 	}
 	return field.Offset
 }()
 // flagField returns a pointer to the flag field of a reflect.Value.
 func flagField(v *reflect.Value) *flag {
 	return (*flag)(unsafe.Pointer(uintptr(unsafe.Pointer(v)) + flagValOffset))
 }
 // unsafeReflectValue converts the passed reflect.Value into a one that bypasses
@ -119,34 +90,56 @@ func init() {
 // This allows us to check for implementations of the Stringer and error
 // interfaces to be used for pretty printing ordinarily unaddressable and
 // inaccessible values such as unexported struct fields.
-func unsafeReflectValue(v reflect.Value) (rv reflect.Value) {
+func unsafeReflectValue(v reflect.Value) reflect.Value {
-	indirects := 1
+	if !v.IsValid() || (v.CanInterface() && v.CanAddr()) {
-	vt := v.Type()
+		return v
 	upv := unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetPtr)
 	rvf := *(*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(&v)) + offsetFlag))
 	if rvf&flagIndir != 0 {
 		vt = reflect.PtrTo(v.Type())
 		indirects++
 	} else if offsetScalar != 0 {
 		// The value is in the scalar field when it's not one of the
 		// reference types.
 		switch vt.Kind() {
 		case reflect.Uintptr:
 		case reflect.Chan:
 		case reflect.Func:
 		case reflect.Map:
 		case reflect.Ptr:
 		case reflect.UnsafePointer:
 		default:
 			upv = unsafe.Pointer(uintptr(unsafe.Pointer(&v)) +
 				offsetScalar)
 	}
-	}
+	flagFieldPtr := flagField(&v)
-
+	*flagFieldPtr &^= flagRO
-	pv := reflect.NewAt(vt, upv)
+	*flagFieldPtr |= flagAddr
-	rv = pv
+	return v
-	for i := 0; i < indirects; i++ {
+}
-		rv = rv.Elem()
+
-	}
+// Sanity checks against future reflect package changes
-	return rv
+// to the type or semantics of the Value.flag field.
 func init() {
 	field, ok := reflect.TypeOf(reflect.Value{}).FieldByName("flag")
 	if !ok {
 		panic("reflect.Value has no flag field")
 	}
 	if field.Type.Kind() != reflect.TypeOf(flag(0)).Kind() {
 		panic("reflect.Value flag field has changed kind")
 	}
 	type t0 int
 	var t struct {
 		A t0
 		// t0 will have flagEmbedRO set.
 		t0
 		// a will have flagStickyRO set
 		a t0
 	}
 	vA := reflect.ValueOf(t).FieldByName("A")
 	va := reflect.ValueOf(t).FieldByName("a")
 	vt0 := reflect.ValueOf(t).FieldByName("t0")
 	// Infer flagRO from the difference between the flags
 	// for the (otherwise identical) fields in t.
 	flagPublic := *flagField(&vA)
 	flagWithRO := *flagField(&va) | *flagField(&vt0)
 	flagRO = flagPublic ^ flagWithRO
 	// Infer flagAddr from the difference between a value
 	// taken from a pointer and not.
 	vPtrA := reflect.ValueOf(&t).Elem().FieldByName("A")
 	flagNoPtr := *flagField(&vA)
 	flagPtr := *flagField(&vPtrA)
 	flagAddr = flagNoPtr ^ flagPtr
 	// Check that the inferred flags tally with one of the known versions.
 	for _, f := range okFlags {
 		if flagRO == f.ro && flagAddr == f.addr {
 			return
 		}
 	}
 	panic("reflect.Value read-only flag has changed semantics")
 }
--- a/spew/bypasssafe.go
+++ b/spew/bypasssafe.go
@ -16,7 +16,7 @@
 // when the code is running on Google App Engine, compiled by GopherJS, or
 // "-tags safe" is added to the go build command line.  The "disableunsafe"
 // tag is deprecated and thus should not be used.
-// +build js appengine safe disableunsafe
+// +build js appengine safe disableunsafe !go1.4
 package spew
--- a/spew/internalunsafe_test.go
+++ b/spew/internalunsafe_test.go
@ -16,7 +16,7 @@
 // when the code is not running on Google App Engine, compiled by GopherJS, and
 // "-tags safe" is not added to the go build command line.  The "disableunsafe"
 // tag is deprecated and thus should not be used.
-// +build !js,!appengine,!safe,!disableunsafe
+// +build !js,!appengine,!safe,!disableunsafe,go1.4
 /*
 This test file is part of the spew package rather than than the spew_test
@ -30,7 +30,6 @@ import (
 	"bytes"
 	"reflect"
 	"testing"
 	"unsafe"
 )
 // changeKind uses unsafe to intentionally change the kind of a reflect.Value to
@ -38,13 +37,13 @@ import (
 // fallback code which punts to the standard fmt library for new types that
 // might get added to the language.
 func changeKind(v *reflect.Value, readOnly bool) {
-	rvf := (*uintptr)(unsafe.Pointer(uintptr(unsafe.Pointer(v)) + offsetFlag))
+	flags := flagField(v)
 	*rvf = *rvf | ((1<<flagKindWidth - 1) << flagKindShift)
 	if readOnly {
-		*rvf |= flagRO
+		*flags |= flagRO
 	} else {
-		*rvf &= ^uintptr(flagRO)
+		*flags &^= flagRO
 	}
 	*flags |= flagKindMask
 }
 // TestAddedReflectValue tests functionaly of the dump and formatter code which