1 // Copyright 2014 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package unsafeptr defines an Analyzer that checks for invalid
6 // conversions of uintptr to unsafe.Pointer.
14 "golang.org/x/tools/go/analysis"
15 "golang.org/x/tools/go/analysis/passes/inspect"
16 "golang.org/x/tools/go/analysis/passes/internal/analysisutil"
17 "golang.org/x/tools/go/ast/inspector"
20 const Doc = `check for invalid conversions of uintptr to unsafe.Pointer
22 The unsafeptr analyzer reports likely incorrect uses of unsafe.Pointer
23 to convert integers to pointers. A conversion from uintptr to
24 unsafe.Pointer is invalid if it implies that there is a uintptr-typed
25 word in memory that holds a pointer value, because that word will be
26 invisible to stack copying and to the garbage collector.`
28 var Analyzer = &analysis.Analyzer{
31 Requires: []*analysis.Analyzer{inspect.Analyzer},
35 func run(pass *analysis.Pass) (interface{}, error) {
36 inspect := pass.ResultOf[inspect.Analyzer].(*inspector.Inspector)
38 nodeFilter := []ast.Node{
41 (*ast.UnaryExpr)(nil),
43 inspect.Preorder(nodeFilter, func(n ast.Node) {
44 switch x := n.(type) {
46 if len(x.Args) == 1 &&
47 hasBasicType(pass.TypesInfo, x.Fun, types.UnsafePointer) &&
48 hasBasicType(pass.TypesInfo, x.Args[0], types.Uintptr) &&
49 !isSafeUintptr(pass.TypesInfo, x.Args[0]) {
50 pass.ReportRangef(x, "possible misuse of unsafe.Pointer")
53 if t := pass.TypesInfo.Types[x].Type; isReflectHeader(t) {
54 pass.ReportRangef(x, "possible misuse of %s", t)
57 if x.Op != token.AND {
60 if t := pass.TypesInfo.Types[x.X].Type; isReflectHeader(t) {
61 pass.ReportRangef(x, "possible misuse of %s", t)
68 // isSafeUintptr reports whether x - already known to be a uintptr -
69 // is safe to convert to unsafe.Pointer.
70 func isSafeUintptr(info *types.Info, x ast.Expr) bool {
71 // Check unsafe.Pointer safety rules according to
72 // https://golang.org/pkg/unsafe/#Pointer.
74 switch x := analysisutil.Unparen(x).(type) {
75 case *ast.SelectorExpr:
76 // "(6) Conversion of a reflect.SliceHeader or
77 // reflect.StringHeader Data field to or from Pointer."
78 if x.Sel.Name != "Data" {
81 // reflect.SliceHeader and reflect.StringHeader are okay,
82 // but only if they are pointing at a real slice or string.
83 // It's not okay to do:
85 // x.Data = uintptr(unsafe.Pointer(...))
87 // p := unsafe.Pointer(x.Data)
88 // because in the middle the garbage collector doesn't
89 // see x.Data as a pointer and so x.Data may be dangling
90 // by the time we get to the conversion at the end.
91 // For now approximate by saying that *Header is okay
93 pt, ok := info.Types[x.X].Type.(*types.Pointer)
94 if ok && isReflectHeader(pt.Elem()) {
99 // "(5) Conversion of the result of reflect.Value.Pointer or
100 // reflect.Value.UnsafeAddr from uintptr to Pointer."
101 if len(x.Args) != 0 {
104 sel, ok := x.Fun.(*ast.SelectorExpr)
108 switch sel.Sel.Name {
109 case "Pointer", "UnsafeAddr":
110 t, ok := info.Types[sel.X].Type.(*types.Named)
111 if ok && t.Obj().Pkg().Path() == "reflect" && t.Obj().Name() == "Value" {
117 // "(3) Conversion of a Pointer to a uintptr and back, with arithmetic."
118 return isSafeArith(info, x)
121 // isSafeArith reports whether x is a pointer arithmetic expression that is safe
122 // to convert to unsafe.Pointer.
123 func isSafeArith(info *types.Info, x ast.Expr) bool {
124 switch x := analysisutil.Unparen(x).(type) {
126 // Base case: initial conversion from unsafe.Pointer to uintptr.
127 return len(x.Args) == 1 &&
128 hasBasicType(info, x.Fun, types.Uintptr) &&
129 hasBasicType(info, x.Args[0], types.UnsafePointer)
131 case *ast.BinaryExpr:
132 // "It is valid both to add and to subtract offsets from a
133 // pointer in this way. It is also valid to use &^ to round
134 // pointers, usually for alignment."
136 case token.ADD, token.SUB, token.AND_NOT:
137 // TODO(mdempsky): Match compiler
138 // semantics. ADD allows a pointer on either
139 // side; SUB and AND_NOT don't care about RHS.
140 return isSafeArith(info, x.X) && !isSafeArith(info, x.Y)
147 // hasBasicType reports whether x's type is a types.Basic with the given kind.
148 func hasBasicType(info *types.Info, x ast.Expr, kind types.BasicKind) bool {
149 t := info.Types[x].Type
153 b, ok := t.(*types.Basic)
154 return ok && b.Kind() == kind
157 // isReflectHeader reports whether t is reflect.SliceHeader or reflect.StringHeader.
158 func isReflectHeader(t types.Type) bool {
159 if named, ok := t.(*types.Named); ok {
160 if obj := named.Obj(); obj.Pkg() != nil && obj.Pkg().Path() == "reflect" {
162 case "SliceHeader", "StringHeader":