使用golang-unsafe包的注意事项及说明

基于golang 15.5

总结(详细的内容可以往下看)

1.不能使用unsafe包里的ArbitraryType类型

2.Pointer类型可以表示任意类型的指针,所以可以用Pointer类型作为中介进行两种不同类型指针的转换,为保证作为中介的Pointer类型数据有效,必须保证所有转换在同一个表达式中,如:

func Float64bits(f float64) uint64 {
	return *(*uint64)(unsafe.Pointer(&f))
}

3.Pointer类型可以安全有效的转换成uintptr,不能以任何形式(包含变量)保存转换后的uintptr值,转换后的uintptr值仅在转换所在的表达式中有效的。

4.因为uintptr只是内存地址值,并没有指针语义,所以uintptr转换成Pointer通常不会是有效的

下面列举有效的转换方式:

1:在同一个表达式内,对Pointer转换成的uintptr值进行算术运算(包括加减偏移量等,和c不同,指向初始分配内存的end边界点是无效的),然后在转换回Pointer

2:使用syscall.Syscall. syscall包的Syscall函数直接将uintptr传递给操作系统,根据调用的细节,会将他们中的一些重新转换为指针,系统调用将会隐式转换uintptr成pointer,如果一个指针作为函数的实参,而对应的形参是uintptr,那这个转换必须写在调用函数的表达式上,如

syscall.Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(n))

3:反射包的Value类型的方法Pointer()和UnsafeAddr()返回uintptr而不是unsafe.Pointer,以防止在没有导入unsafe包情况下,调用者将结果更改为任意类型。但是这意味着结果是不稳定的,必须在调用后立即在同一表达式中将其转换为Pointer,如:

p := (*int)(unsafe.Pointer(reflect.ValueOf(new(int)).Pointer()))

4:反射包的结构体SliceHeader和StringHeader将字段Data声明为uintptr,以防止调用者在不没有导入unsafe包的情况下将结果更改为任意类型。

但是,这意味着SliceHeader和StringHeader仅在解释实际切片或字符串值的内容时才有效。如:

var s string
hdr := (*reflect.StringHeader)(unsafe.Pointer(&s)) // case 1
hdr.Data = uintptr(unsafe.Pointer(p))              // case 6 (this case)
hdr.Len = n

详细内容

1.ArbitraryType类型在本文档里表示任意一种类型,但并非一个实际存在于unsafe包的类型。

2.Pointer类型用于表示任意类型的指针。有4个特殊的只能用于Pointer类型的操作:

  • 任意类型的指针可以转换为一个Pointer类型值
  • 一个Pointer类型值可以转换为任意类型的指针
  • 一个uintptr类型值可以转换为一个Pointer类型值
  • 一个Pointer类型值可以转换为一个uintptr类型值

因此,Pointer类型允许程序绕过类型系统读写任意内存。使用它时必须谨慎。

3.以下使用Pointer类型的示范操作都能确保所使用的Pointer是有效的,不遵循这些示范的操作在后续的golang版本的迭代中不保证操作包含的Pointer是有效的

Conversion of a *T1 to Pointer to *T2

Sizeof(T2)必须小于等于Sizeof(T1),下面是例子

func Float64bits(f float64) uint64 {
	return *(*uint64)(unsafe.Pointer(&f))
}

Conversion of a Pointer to a uintptr (but not back to Pointer)

将Pointer转换成uintptr会用Pointer产生一个不带指针语义的整数值并赋值给uintptr,这个整数值是一个内存地址值,尽管是内存地址值,但是当这个内存地址对应的对象被移动至其他内存区域或者对应的对象被回收时,gc并不会更新这个值,所以将一个uintptr转换成Pointer通常不会是有效的,下面列举了将uintptr转换成Pointer有效的几种方式

Conversion of a Pointer to a uintptr and back, with arithmetic.

这种方式通常用于获取结构体字段值或者数组元素值,下面是例子

p = unsafe.Pointer(uintptr(p) + offset)

// equivalent to f := unsafe.Pointer(&s.f)
f := unsafe.Pointer(uintptr(unsafe.Pointer(&s)) + unsafe.Offsetof(s.f))

// equivalent to e := unsafe.Pointer(&x[i])
e := unsafe.Pointer(uintptr(unsafe.Pointer(&x[0])) + i*unsafe.Sizeof(x[0]))

使用这种方式对指针进行加减偏移量(即±Offsetof)也是有效的,对指针进行&^操作也是有效的,通常用于对齐。

所有的方式,结果都必须指向最初被分配的对象。

和c不同,指向初始分配内存的end边界点是无效的,下面是例子

// INVALID: end points outside allocated space.
var s thing
end = unsafe.Pointer(uintptr(unsafe.Pointer(&s)) + unsafe.Sizeof(s))

// INVALID: end points outside allocated space.
b := make([]byte, n)
end = unsafe.Pointer(uintptr(unsafe.Pointer(&b[0])) + uintptr(n))

所有的转换都必须在相同的表达式内,他们之间也只能有算术操作,下面是无效的例子

// INVALID: uintptr cannot be stored in variable
// before conversion back to Pointer.
u := uintptr(p)
p = unsafe.Pointer(u + offset)

指针必须指向一个已分配的对象,这样才不会接触到nil指针,下面是无效的例子

// INVALID: conversion of nil pointer
u := unsafe.Pointer(nil)
p := unsafe.Pointer(uintptr(u) + offset)

Conversion of a Pointer to a uintptr when calling syscall.Syscall.

syscall包的Syscall函数直接将uintptr传递给操作系统,根据调用的细节,会将他们中的一些重新转换为指针,系统调用将会隐式转换uintptr成pointer,如果一个指针作为函数的实参,而对应的形参是uintptr,那这个转换必须写在调用函数的表达式上,下面是例子

syscall.Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(n))

编译器通过安排,保留所引用的分配对象(如果有的话),并且在调用完成之前不会移动分配的对象,在汇编中实现的函数调用的参数列表中将Pointer转换为uintptr,即使从类型本身来看,在调用过程中不再需要该对象。为了编译器能识别这种转换,转换表达式必须显式出现在实参列表中。下面是错误的例子:

// INVALID: uintptr cannot be stored in variable
// before implicit conversion back to Pointer during system call.
u := uintptr(unsafe.Pointer(p))
syscall.Syscall(SYS_READ, uintptr(fd), u, uintptr(n)

Conversion of the result of reflect.Value.Pointer or reflect.Value.UnsafeAddr from uintptr to Pointer.

反射包的Value类型的方法Pointer()和UnsafeAddr()返回uintptr而不是unsafe.Pointer,以防止在没有导入unsafe包情况下,调用者将结果更改为任意类型。

但是这意味着结果是不稳定的,必须在调用后立即在同一表达式中将其转换为Pointer,下面是正确的例子:

p := (*int)(unsafe.Pointer(reflect.ValueOf(new(int)).Pointer()))

与上面的例子相反,在转换前用变量保存结果(反射包的Value类型的方法Pointer()和UnsafeAddr()的返回值)是无效的,下面是例子:

// INVALID: uintptr cannot be stored in variable
// before conversion back to Pointer.
u := reflect.ValueOf(new(int)).Pointer()
p := (*int)(unsafe.Pointer(u))

Conversion of a reflect.SliceHeader or reflect.StringHeader Data field to or from Pointer.

与前面的情况一样,反射包的结构体SliceHeader和StringHeader将字段Data声明为uintptr,以防止调用者在不没有导入unsafe包的情况下将结果更改为任意类型。

但是,这意味着SliceHeader和StringHeader仅在解释实际切片或字符串值的内容时才有效。下面是例子:

var s string
hdr := (*reflect.StringHeader)(unsafe.Pointer(&s)) // case 1
hdr.Data = uintptr(unsafe.Pointer(p))              // case 6 (this case)
hdr.Len = n

在这种用法中,hdr.Data实际上是引用字符串基础指针的替代方法,而不是uintptr变量本身。

通常,reflect.SliceHeader和reflect.StringHeader只能用作*reflect.SliceHeader和*reflect.StringHeader指向实际的切片或字符串的情况,而不能用作普通结构体。

程序不应声明或分配这些结构体类型的变量。下面是无效的例子:

// INVALID: a directly-declared header will not hold Data as a reference.
var hdr reflect.StringHeader
hdr.Data = uintptr(unsafe.Pointer(p))
hdr.Len = n
s := *(*string)(unsafe.Pointer(&hdr)) // p possibly already lost

最后是unsafe包提供的几种方法的解释:

// Sizeof 返回类型v本身数据所占用的字节数。
// 返回值是“顶层”的数据占有的字节数。
// 例如,若v是一个切片,它会返回该切片描述符的大小,
// 而非该切片底层引用的内存的大小。
func Sizeof(x ArbitraryType) uintptr
// Offsetof 返回类型v所代表的结构体字段在结构体中的偏移量,
// 它必须为结构体类型的字段的形式。
// 换句话说,它返回该结构起始处与该字段起始处之间的字节数。
func Offsetof(x ArbitraryType) uintptr
// Alignof 返回类型v的对齐方式(即类型v在内存中占用的字节数);
// 若是结构体类型的字段的形式,它会返回字段f在该结构体中的对齐方式。
func Alignof(x ArbitraryType) uintptr

以下是unsafe.go的原内容

// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

/*
	Package unsafe contains operations that step around the type safety of Go programs.

	Packages that import unsafe may be non-portable and are not protected by the
	Go 1 compatibility guidelines.
*/
package unsafe

// ArbitraryType is here for the purposes of documentation only and is not actually
// part of the unsafe package. It represents the type of an arbitrary Go expression.
type ArbitraryType int

// Pointer represents a pointer to an arbitrary type. There are four special operations
// available for type Pointer that are not available for other types:
//	- A pointer value of any type can be converted to a Pointer.
//	- A Pointer can be converted to a pointer value of any type.
//	- A uintptr can be converted to a Pointer.
//	- A Pointer can be converted to a uintptr.
// Pointer therefore allows a program to defeat the type system and read and write
// arbitrary memory. It should be used with extreme care.
//
// The following patterns involving Pointer are valid.
// Code not using these patterns is likely to be invalid today
// or to become invalid in the future.
// Even the valid patterns below come with important caveats.
//
// Running "go vet" can help find uses of Pointer that do not conform to these patterns,
// but silence from "go vet" is not a guarantee that the code is valid.
//
// (1) Conversion of a *T1 to Pointer to *T2.
//
// Provided that T2 is no larger than T1 and that the two share an equivalent
// memory layout, this conversion allows reinterpreting data of one type as
// data of another type. An example is the implementation of
// math.Float64bits:
//
//	func Float64bits(f float64) uint64 {
//		return *(*uint64)(unsafe.Pointer(&f))
//	}
//
// (2) Conversion of a Pointer to a uintptr (but not back to Pointer).
//
// Converting a Pointer to a uintptr produces the memory address of the value
// pointed at, as an integer. The usual use for such a uintptr is to print it.
//
// Conversion of a uintptr back to Pointer is not valid in general.
//
// A uintptr is an integer, not a reference.
// Converting a Pointer to a uintptr creates an integer value
// with no pointer semantics.
// Even if a uintptr holds the address of some object,
// the garbage collector will not update that uintptr's value
// if the object moves, nor will that uintptr keep the object
// from being reclaimed.
//
// The remaining patterns enumerate the only valid conversions
// from uintptr to Pointer.
//
// (3) Conversion of a Pointer to a uintptr and back, with arithmetic.
//
// If p points into an allocated object, it can be advanced through the object
// by conversion to uintptr, addition of an offset, and conversion back to Pointer.
//
//	p = unsafe.Pointer(uintptr(p) + offset)
//
// The most common use of this pattern is to access fields in a struct
// or elements of an array:
//
//	// equivalent to f := unsafe.Pointer(&s.f)
//	f := unsafe.Pointer(uintptr(unsafe.Pointer(&s)) + unsafe.Offsetof(s.f))
//
//	// equivalent to e := unsafe.Pointer(&x[i])
//	e := unsafe.Pointer(uintptr(unsafe.Pointer(&x[0])) + i*unsafe.Sizeof(x[0]))
//
// It is valid both to add and to subtract offsets from a pointer in this way.
// It is also valid to use &^ to round pointers, usually for alignment.
// In all cases, the result must continue to point into the original allocated object.
//
// Unlike in C, it is not valid to advance a pointer just beyond the end of
// its original allocation:
//
//	// INVALID: end points outside allocated space.
//	var s thing
//	end = unsafe.Pointer(uintptr(unsafe.Pointer(&s)) + unsafe.Sizeof(s))
//
//	// INVALID: end points outside allocated space.
//	b := make([]byte, n)
//	end = unsafe.Pointer(uintptr(unsafe.Pointer(&b[0])) + uintptr(n))
//
// Note that both conversions must appear in the same expression, with only
// the intervening arithmetic between them:
//
//	// INVALID: uintptr cannot be stored in variable
//	// before conversion back to Pointer.
//	u := uintptr(p)
//	p = unsafe.Pointer(u + offset)
//
// Note that the pointer must point into an allocated object, so it may not be nil.
//
//	// INVALID: conversion of nil pointer
//	u := unsafe.Pointer(nil)
//	p := unsafe.Pointer(uintptr(u) + offset)
//
// (4) Conversion of a Pointer to a uintptr when calling syscall.Syscall.
//
// The Syscall functions in package syscall pass their uintptr arguments directly
// to the operating system, which then may, depending on the details of the call,
// reinterpret some of them as pointers.
// That is, the system call implementation is implicitly converting certain arguments
// back from uintptr to pointer.
//
// If a pointer argument must be converted to uintptr for use as an argument,
// that conversion must appear in the call expression itself:
//
//	syscall.Syscall(SYS_READ, uintptr(fd), uintptr(unsafe.Pointer(p)), uintptr(n))
//
// The compiler handles a Pointer converted to a uintptr in the argument list of
// a call to a function implemented in assembly by arranging that the referenced
// allocated object, if any, is retained and not moved until the call completes,
// even though from the types alone it would appear that the object is no longer
// needed during the call.
//
// For the compiler to recognize this pattern,
// the conversion must appear in the argument list:
//
//	// INVALID: uintptr cannot be stored in variable
//	// before implicit conversion back to Pointer during system call.
//	u := uintptr(unsafe.Pointer(p))
//	syscall.Syscall(SYS_READ, uintptr(fd), u, uintptr(n))
//
// (5) Conversion of the result of reflect.Value.Pointer or reflect.Value.UnsafeAddr
// from uintptr to Pointer.
//
// Package reflect's Value methods named Pointer and UnsafeAddr return type uintptr
// instead of unsafe.Pointer to keep callers from changing the result to an arbitrary
// type without first importing "unsafe". However, this means that the result is
// fragile and must be converted to Pointer immediately after making the call,
// in the same expression:
//
//	p := (*int)(unsafe.Pointer(reflect.ValueOf(new(int)).Pointer()))
//
// As in the cases above, it is invalid to store the result before the conversion:
//
//	// INVALID: uintptr cannot be stored in variable
//	// before conversion back to Pointer.
//	u := reflect.ValueOf(new(int)).Pointer()
//	p := (*int)(unsafe.Pointer(u))
//
// (6) Conversion of a reflect.SliceHeader or reflect.StringHeader Data field to or from Pointer.
//
// As in the previous case, the reflect data structures SliceHeader and StringHeader
// declare the field Data as a uintptr to keep callers from changing the result to
// an arbitrary type without first importing "unsafe". However, this means that
// SliceHeader and StringHeader are only valid when interpreting the content
// of an actual slice or string value.
//
//	var s string
//	hdr := (*reflect.StringHeader)(unsafe.Pointer(&s)) // case 1
//	hdr.Data = uintptr(unsafe.Pointer(p))              // case 6 (this case)
//	hdr.Len = n
//
// In this usage hdr.Data is really an alternate way to refer to the underlying
// pointer in the string header, not a uintptr variable itself.
//
// In general, reflect.SliceHeader and reflect.StringHeader should be used
// only as *reflect.SliceHeader and *reflect.StringHeader pointing at actual
// slices or strings, never as plain structs.
// A program should not declare or allocate variables of these struct types.
//
//	// INVALID: a directly-declared header will not hold Data as a reference.
//	var hdr reflect.StringHeader
//	hdr.Data = uintptr(unsafe.Pointer(p))
//	hdr.Len = n
//	s := *(*string)(unsafe.Pointer(&hdr)) // p possibly already lost
//
type Pointer *ArbitraryType

// Sizeof takes an expression x of any type and returns the size in bytes
// of a hypothetical variable v as if v was declared via var v = x.
// The size does not include any memory possibly referenced by x.
// For instance, if x is a slice, Sizeof returns the size of the slice
// descriptor, not the size of the memory referenced by the slice.
// The return value of Sizeof is a Go constant.
func Sizeof(x ArbitraryType) uintptr

// Offsetof returns the offset within the struct of the field represented by x,
// which must be of the form structValue.field. In other words, it returns the
// number of bytes between the start of the struct and the start of the field.
// The return value of Offsetof is a Go constant.
func Offsetof(x ArbitraryType) uintptr

// Alignof takes an expression x of any type and returns the required alignment
// of a hypothetical variable v as if v was declared via var v = x.
// It is the largest value m such that the address of v is always zero mod m.
// It is the same as the value returned by reflect.TypeOf(x).Align().
// As a special case, if a variable s is of struct type and f is a field
// within that struct, then Alignof(s.f) will return the required alignment
// of a field of that type within a struct. This case is the same as the
// value returned by reflect.TypeOf(s.f).FieldAlign().
// The return value of Alignof is a Go constant.
func Alignof(x ArbitraryType) uintptr

总结

以上为个人经验,希望能给大家一个参考,也希望大家多多支持脚本之家。

你可能感兴趣的:(使用golang-unsafe包的注意事项及说明)