Hacker News new | past | comments | ask | show | jobs | submit login
Crash the GC with Random Values in Unsafe.Pointers (philpearl.github.io)
27 points by todsacerdoti 15 days ago | hide | past | favorite | 7 comments



> Only store memory addresses in unsafe.Pointer.

> Perhaps only memory addresses allocated outside of the Go runtime (e.g. by direct calls to the mmap syscall).

> And even in that case Go’s not guaranteed not to change underneath you.

Note though, that runtime.Pinner, added in Go 1.21.0, can be used to safely rely on Go memory not moving (including passing pinned pointers to C code, which are then stored for no longer than the pointer remains pinned. Although, if the C code may copy nested pointers, I believe you also need to explicitly pin those, too.)


>Don’t use unsafe.Pointer unless you really have to.

Yeah, the part that said "unsafe" already told me that. On the other hand it is good to know how safe "unsafe" is. The GC stopping the program when it detects a possible use after free situation is nice, better than a memory leak anyway. Probably ought to be better documented though.


Somewhat related: Here's Go code to circumvent Go's memory safety without importing unsafe. This is from BUGFIX 66 ("Hack This Site"):

  func racer() {
      var (
          ptr1 *uintptr
          ptr2 *byte
          race any
          done = make(chan struct{})
      )
      put := func(x any) {
          for {
              select {
              case <-done:
                  return
              default:
                  race = x
              }
          }
      }
      go put(ptr1)
      go put(&ptr2)
      for {
          var ok bool
          ptr1, ok = race.(*uintptr)
          if ok && ptr1 != nil {
              close(done)
              break
          }
      }
      get := func(addr uintptr) byte {
          *ptr1 = addr
          return *ptr2
      }
      set := func(addr uintptr, to byte) {
          *ptr1 = addr
          *ptr2 = to
      }
      if get(0xdeadbeef) == 111 {
          set(0xbaaaaaad, 222)
      }
  }


>conclusions are as follows: Don’t use unsafe.Pointer

is it sort of an odd coincidence—or not a coincidence at all—that the generation we are told was raised by "helicopter parents" are also deathly afraid of pointers? It's like cats and cucumbers. https://www.youtube.com/watch?v=RBrZsgy4-SQ

a pointer points, a knife cuts, it's you who determines… safe or nuts.

"...yes, your revulsion is palpatine. let your Hate flow through you, downvote the cucumber before it tells everybody how scared you are"


`unsafe.Pointer` isn't really a pointer, it's more like a uintptr; Go actually flat-out has safe pointers to begin with. They can do most things you'd care to do with pointers, including being passed around, dereferenced and storing addresses to non-Go memory. The only reason to use `unsafe.Pointer` is to do unsafe things with the addresses stored in pointers, like passing pointers across programming language boundaries, performing pointer arithmetic, reinterpreting memory, or serializing/deserializing pointers.

The real fear you should have is wasting your time by using unsafe mechanisms when you could use much more robust safe mechanisms instead, by reframing your problems. Pointers themselves, obviously, are nothing more than memory addresses with possibly a type attached to them.


>The real fear you should have is wasting your time by using unsafe mechanisms

I had a long career already, I have nothing to fear left, I have depleted all the megafauna. You're telling a hunter-gatherer that you know better because your .22 has a safety, and you only eat blueberries wrapped in cellophane.

>The only reason to use `unsafe.Pointer` is to do unsafe things with the addresses stored in pointers, like passing pointers across programming language boundaries

you're explaining how to use pointers to a C veteran? the only reason to use a pointer unsafely is, you don't know what you are doing and are sloppy. otherwise, use pointers safely and you won't need to worry. (I quoted the text unsafe.Pointer from somebody else, that was the exact amount of understanding I needed and wished to convey, not a call for help to an LLM)


> the only reason to use a pointer unsafely is, you don't know what you are doing and are sloppy. otherwise, use pointers safely and you won't need to worry.

Yes of course, just simply never make mistakes! The secret to writing good software was in front of us the whole time. If only someone had told me sooner that all I had to do was be literally perfect!

OK, I apologize for the sarcasm, but at this point, it's hard to take this line of thinking very seriously. I'm sure you do not make (m)any mistakes, but most of the humans around you make mistakes often enough, and we need more than one programmer on Earth. I think you will have to cope with the fact that many of us are interested in improving the programming experience for the plebians who are not ~100% perfect.

And while I'm at it, the whole appeal-to-experience line of argument just doesn't have the same impact on me as it did when I was younger. Now, really, I'd prefer an honest intellectual discussion over trying to see who has the most "credentials", but if we're going to talk about credentials, you may as well go for quality over quantity. I'm sure you know people who have a very successful and long programming career and yet write pretty awful code. That's no surprise; programming jobs have surprisingly little to do with programming.

Either way, "safety" in programming language design is not just about people making mistakes, but also about consistency. Two changes that are safe can occur concurrently and, when combined, create a bug. Humans can't really do much to catch that, but software checks sometimes can. When the cost of a bug or worse, vulnerability, is relatively high, it's not hard to see why there's a lot of hoopla over "safety".

> you're explaining how to use pointers to a C veteran?

I didn't explain how to use pointers, I was explaining that Go has pointers, and counter-intuitively, `unsafe.Pointer` isn't actually a pointer. You said that people are "deathly afraid of pointers", when quoting "Don’t use unsafe.Pointer". That's very different from telling people to not use pointers!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: