Typecheck for range variables before typechecking for range body.
Body can refer to new vars declared in for range,
so it is preferable to typecheck them before the body.
Makes typecheck order consistent between ORANGE and OFOR.

This come up during another change that computes some predicates
on variables during typechecking.

Change-Id: Ic975db61b1fd5b7f9ee78896d4cc7d93c593c532
Reviewed-on: https://go-review.googlesource.com/3284Reviewed-by: Russ Cox <rsc@golang.org>

Half of tests currently crash with GODEBUG=wbshadow.
_PageSize is set to 8192. So data can be extended outside
of actually mapped region during rounding. Which leads to crash
during initial copying to shadow.
Use _PhysPageSize instead.

Change-Id: Iaa89992bd57f86dafa16b092b53fdc0606213acb
Reviewed-on: https://go-review.googlesource.com/3286Reviewed-by: Russ Cox <rsc@golang.org>

Currently we scan maps even if k/v does not contain pointers.
This is required because overflow buckets are hanging off the main table.
This change introduces a separate array that contains pointers to all
overflow buckets and keeps them alive. Buckets themselves are marked
as containing no pointers and are not scanned by GC (if k/v does not
contain pointers).

This brings maps in line with slices and chans -- GC does not scan
their contents if elements do not contain pointers.

Currently scanning of a map[int]int with 2e8 entries (~8GB heap)
takes ~8 seconds. With this change scanning takes negligible time.

Update #9477.

Change-Id: Id8a04066a53d2f743474cad406afb9f30f00eaae
Reviewed-on: https://go-review.googlesource.com/3288Reviewed-by: Keith Randall <khr@golang.org>

runtime/debug test crashes with GOMAXPROCS>1:

fatal error: unexpected signal during runtime execution
[signal 0xb code=0x1 addr=0x0 pc=0x80521b8]
runtime stack:
runtime.throw(0x8195028, 0x2a)
	src/runtime/panic.go:508 +0x71 fp=0x18427f24 sp=0x18427f18
runtime.sigpanic()
	src/runtime/sigpanic_unix.go:12 +0x53 fp=0x18427f4c sp=0x18427f24
runtime.finq_callback(0x0, 0x0, 0x0, 0x8129140, 0x0)
	src/runtime/heapdump.go:410 +0x58 fp=0x18427f58 sp=0x18427f4c
runtime.iterate_finq(0x81a6860)
	src/runtime/mfinal.go:89 +0x73 fp=0x18427f78 sp=0x18427f58
runtime.dumproots()
	src/runtime/heapdump.go:448 +0x17a fp=0x18427fa4 sp=0x18427f78
runtime.mdump()
	src/runtime/heapdump.go:652 +0xbc fp=0x18427fb4 sp=0x18427fa4
runtime.writeheapdump_m(0x3)

This happens because runfinq goroutine nils some elements in allfin after
execution of finalizers:

	// drop finalizer queue references to finalized object
	f.fn = nil
	f.arg = nil
	f.ot = nil

Then heapdump crashes trying to dereference fn.fn here:

func finq_callback(fn *funcval, obj unsafe.Pointer, nret uintptr, fint *_type, ot *ptrtype) {
	dumpint(tagQueuedFinalizer)
	dumpint(uint64(uintptr(obj)))
	dumpint(uint64(uintptr(unsafe.Pointer(fn))))
	dumpint(uint64(uintptr(unsafe.Pointer(fn.fn))))
	dumpint(uint64(uintptr(unsafe.Pointer(fint))))
	dumpint(uint64(uintptr(unsafe.Pointer(ot))))
}

Change-Id: I372433c964180d782967be63d4355e568666980d
Reviewed-on: https://go-review.googlesource.com/3287Reviewed-by: Keith Randall <khr@golang.org>

This reverts commit 8d7bf229.

Change-Id: Iad2c74a504d64bcf7ca707b00bda29bc796a2ae9
Reviewed-on: https://go-review.googlesource.com/3320Reviewed-by: Adam Langley <agl@golang.org>

ECDSA is unsafe to use if an entropy source produces predictable
output for the ephemeral nonces. E.g., [Nguyen]. A simple
countermeasure is to hash the secret key, the message, and
entropy together to seed a CSPRNG, from which the ephemeral key
is derived.

--

This is a minimalist (in terms of patch size) solution, though
not the most parsimonious in its use of primitives:

   - csprng_key = ChopMD-256(SHA2-512(priv.D||entropy||hash))
   - reader = AES-256-CTR(k=csprng_key)

This, however, provides at most 128-bit collision-resistance,
so that Adv will have a term related to the number of messages
signed that is significantly worse than plain ECDSA. This does
not seem to be of any practical importance.

ChopMD-256(SHA2-512(x)) is used, rather than SHA2-256(x), for
two sets of reasons:

*Practical:* SHA2-512 has a larger state and 16 more rounds; it
is likely non-generically stronger than SHA2-256. And, AFAIK,
cryptanalysis backs this up. (E.g., [Biryukov] gives a
distinguisher on 47-round SHA2-256 with cost < 2^85.) This is
well below a reasonable security-strength target.

*Theoretical:* [Coron] and [Chang] show that Chop-MD(F(x)) is
indifferentiable from a random oracle for slightly beyond the
birthday barrier. It seems likely that this makes a generic
security proof that this construction remains UF-CMA is
possible in the indifferentiability framework.

--

Many thanks to Payman Mohassel for reviewing this construction;
any mistakes are mine, however. And, as he notes, reusing the
private key in this way means that the generic-group (non-RO)
proof of ECDSA's security given in [Brown] no longer directly
applies.

--

[Brown]: http://www.cacr.math.uwaterloo.ca/techreports/2000/corr2000-54.ps
"Brown. The exact security of ECDSA. 2000"

[Coron]: https://www.cs.nyu.edu/~puniya/papers/merkle.pdf
"Coron et al. Merkle-Damgard revisited. 2005"

[Chang]: https://www.iacr.org/archive/fse2008/50860436/50860436.pdf
"Chang and Nandi. Improved indifferentiability security analysis
of chopMD hash function. 2008"

[Biryukov]: http://www.iacr.org/archive/asiacrypt2011/70730269/70730269.pdf
"Biryukov et al. Second-order differential collisions for reduced
SHA-256. 2011"

[Nguyen]: ftp://ftp.di.ens.fr/pub/users/pnguyen/PubECDSA.ps
"Nguyen and Shparlinski. The insecurity of the elliptic curve
digital signature algorithm with partially known nonces. 2003"

Fixes #9452

Tests:

  TestNonceSafety: Check that signatures are safe even with a
    broken entropy source.

  TestINDCCA: Check that signatures remain non-deterministic
    with a functional entropy source.

Change-Id: Ie7e04057a3a26e6becb80e845ecb5004bb482745
Reviewed-on: https://go-review.googlesource.com/2422Reviewed-by: Adam Langley <agl@golang.org>

The argument is unused in the C code but will be used in the Go translation,
because the Prog holds information needed to invoke the right meaning
of %A in the ctxt->diag calls in vaddr.

Change-Id: I501830f8ea0e909aafd8ec9ef5d7338e109d9548
Reviewed-on: https://go-review.googlesource.com/3041Reviewed-by: Ian Lance Taylor <iant@golang.org>
Reviewed-on: https://go-review.googlesource.com/3310Reviewed-by: Russ Cox <rsc@golang.org>

Change-Id: I10b781927245a3e9822f9cffe254f226a5b93213
Reviewed-on: https://go-review.googlesource.com/3279Reviewed-by: Russ Cox <rsc@golang.org>

- Remove more ? : expressions.
- Use uint32 **hash instead of uint32 *hash[] in function argument.
- Change array.c API to use int, not int32, to match Go's slices.
- Rename strlit to newstrlit, to avoid case-insensitive collision with Strlit.
- Fix a few incorrect printf formats.
- Rename a few variables from 'len' to n or length.
- Eliminate direct string editing building up names like convI2T.

Change-Id: I754cf553402ccdd4963e51b7039f589286219c29
Reviewed-on: https://go-review.googlesource.com/3278Reviewed-by: Rob Pike <r@golang.org>

cmd/gc contains symbol references into the back end dirs like 6g.
It also contains a few files that include the back end header files and
are compiled separately for each back end, despite being in cmd/gc.
cmd/gc also defines main, which makes at least one reverse symbol
reference unavoidable. (Otherwise you can't get into back-end code.)

This was all expedient, but it's too tightly coupled, especially for a
program written Go.

Make cmd/gc into a true library, letting the back end define main and
call into cmd/gc after making the necessary references available.
cmd/gc being a real library will ease the transition to Go.

Change-Id: I4fb9a0e2b11a32f1d024b3c56fc3bd9ee458842c
Reviewed-on: https://go-review.googlesource.com/3277Reviewed-by: Rob Pike <r@golang.org>

- Change forward reference to struct Node* to void* in liblink.
- Use explicit (Node*) casts in cmd/gc to get at that field.
- Define struct Array in go.h instead of hiding it in array.c.
- Remove some sizeof(uint32), sizeof(uint64) uses.
- Remove some ? : expressions.
- Rewrite some problematic mid-expression assignments.

Change-Id: I308c70140238a0cfffd90e133f86f442cd0e17d4
Reviewed-on: https://go-review.googlesource.com/3276Reviewed-by: Rob Pike <r@golang.org>

This change is a recreation of the CL written
by Nick Owens on http://golang.org/cl/150730043.

If the stat buffer is too short, the kernel
informs us by putting the 2-byte size in the
buffer, so we read that and try again.

This follows the same algorithm as /sys/src/libc/9sys/dirfstat.c.

Fixes #8781.

Change-Id: I01b4ad3a5e705dd4cab6673c7a119f8bef9bbd7c
Reviewed-on: https://go-review.googlesource.com/3281Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

Change-Id: I06035d949272157bbb7255563b37ac93cbf07f15
Reviewed-on: https://go-review.googlesource.com/3272Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

Creating a tar containing files with 0000 permission bits is
not going to be useful.

Change-Id: Ie489c2891c335d32270b18f37b0e32ecdca536a6
Reviewed-on: https://go-review.googlesource.com/3271Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

Change-Id: Ie7031ae37f52ea1f229bfb769daf306d537b3d3e
Reviewed-on: https://go-review.googlesource.com/3300Reviewed-by: Minux Ma <minux@golang.org>

Previouslly, Stmt.connStmt calls DB.connIfFree on each Stmt.css.
Since Stmt.connStmt locks Stmt.mu, a concurrent use of Stmt causes lock
contention on Stmt.mu.
Additionally, DB.connIfFree locks DB.mu which is shared by DB.addDep and
DB.removeDep.

This change removes DB.connIfFree and makes use of a first unused
connection in idle connection pool to reduce lock contention
without making it complicated.

Fixes #9484

On EC2 c3.8xlarge (E5-2680 v2 @ 2.80GHz * 32 vCPU):

benchmark                           old ns/op     new ns/op     delta
BenchmarkManyConcurrentQuery-8      40249         34721         -13.73%
BenchmarkManyConcurrentQuery-16     45610         40176         -11.91%
BenchmarkManyConcurrentQuery-32     109831        43179         -60.69%

benchmark                           old allocs     new allocs     delta
BenchmarkManyConcurrentQuery-8      25             25             +0.00%
BenchmarkManyConcurrentQuery-16     25             25             +0.00%
BenchmarkManyConcurrentQuery-32     25             25             +0.00%

benchmark                           old bytes     new bytes     delta
BenchmarkManyConcurrentQuery-8      3980          3969          -0.28%
BenchmarkManyConcurrentQuery-16     3980          3982          +0.05%
BenchmarkManyConcurrentQuery-32     3993          3990          -0.08%

Change-Id: Ic96296922c465bac38a260018c58324dae1531d9
Reviewed-on: https://go-review.googlesource.com/2207Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>

TBR: adonovan

Change-Id: I59757b5b46a2c533fc5f888423c99d550d3c7648
Reviewed-on: https://go-review.googlesource.com/3264Reviewed-by: Robert Griesemer <gri@golang.org>

Implemented:
- +, -, *, /, and some unary ops
- all rounding modes
- basic conversions
- string to float conversion
- tests

Missing:
- float to string conversion, formatting
- handling of +/-0 and +/-inf (under- and overflow)
- various TODOs and cleanups

With precision set to 24 or 53, the results match
float32 or float64 operations exactly (excluding
NaNs and denormalized numbers which will not be
supported).

Change-Id: I3121e90fc4b1528e40bb6ff526008da18b3c6520
Reviewed-on: https://go-review.googlesource.com/1218Reviewed-by: Alan Donovan <adonovan@google.com>

Fixes #9248.

Change-Id: Id1c50af5eb35d7720b8f0a4d4881414baf061d56
Reviewed-on: https://go-review.googlesource.com/3241Reviewed-by: Alan Donovan <adonovan@google.com>

Change-Id: I897a09a1c54f6d68c5dc68e189cb25dc72bb7590
Reviewed-on: https://go-review.googlesource.com/3240Reviewed-by: Alan Donovan <adonovan@google.com>

Fixes #9644.

Change-Id: Ia2e42befa20233107ac5409e79f9dce794983a3f
Reviewed-on: https://go-review.googlesource.com/3200Reviewed-by: Alan Donovan <adonovan@google.com>

Fixes #9639.

Change-Id: I311045d3df26b29b9380c159ef4727e85650d13b
Reviewed-on: https://go-review.googlesource.com/3211Reviewed-by: Alan Donovan <adonovan@google.com>

Change-Id: I9d0b1bb68604c5a153bd5c05c7008db045c38d2a
Reviewed-on: https://go-review.googlesource.com/3180Reviewed-by: Ian Lance Taylor <iant@golang.org>

Fixes #9659.

Change-Id: If364d5984a0c9a48858ae524b1560f633e621826
Reviewed-on: https://go-review.googlesource.com/3181Reviewed-by: Rob Pike <r@golang.org>

Rename itod to uitoa to have consistent naming with other itoa functions.
Reduce redundant code by calling uitoa from itoa.
Reduce buffer to maximally needed size for conversion of 64bit integers.
Adjust calls to itoa functions in package net to use new name for itod.
Avoid calls to itoa if uitoa suffices.

Change-Id: I79deaede4d4b0c076a99a4f4dd6f644ba1daec53
Reviewed-on: https://go-review.googlesource.com/2212Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com>

Change-Id: I849b8046daaec97ae631d59f1870cd5f1cd72f22
Reviewed-on: https://go-review.googlesource.com/3176Reviewed-by: Minux Ma <minux@golang.org>

The compiler has a phase ordering problem.  Escape analysis runs
before wrapper generation.  When a generated wrapper calls a method
defined in a different package, if that call is inlined, there will be
no escape information for the variables defined in the inlined call.
Those variables will be placed on the stack, which fails if they
actually do escape.

There are probably various complex ways to fix this.  This is a simple
way to avoid it: when a generated wrapper calls a method defined in a
different package, treat all local variables as escaping.

Fixes #9537.

Change-Id: I530f39346de16ad173371c6c3f69cc189351a4e9
Reviewed-on: https://go-review.googlesource.com/3092Reviewed-by: Russ Cox <rsc@golang.org>

The build was broken on Plan 9 after the
CL 2994, because of the use of getfields
in src/liblink/go.c.

This happened when building 8l, because
getfield was part of lib9 and tokenize
was part of the Plan 9 libc. However,
both getfields and tokenize depend on
utfrune, causing an incompatibility.

This change enables the build of tokenize
as part of lib9, so it doesn't use
tokenize from the Plan 9 libc anymore.

Change-Id: I2a76903b508bd92771c4754cd53dfc64df350892
Reviewed-on: https://go-review.googlesource.com/3121Reviewed-by: Minux Ma <minux@golang.org>

Adjust triggergc so that we trigger when we have used 7/8
of the available heap memory. Do first collection when we
exceed 4Mbytes.

Change-Id: I467b4335e16dc9cd1521d687fc1f99a51cc7e54b
Reviewed-on: https://go-review.googlesource.com/3149Reviewed-by: Austin Clements <austin@google.com>

Signer is an interface to support opaque private keys.
These keys typically result from being kept in special hardware
(i.e. a TPM) although sometimes operating systems provide a
similar interface using process isolation for security rather
than hardware boundaries.

This changes provides updates implements crypto.Signer in
CreateCRL and CreateCertificate so that they can be used with
opaque keys.

This CL has been discussed at: http://golang.org/cl/145910043

Change-Id: Id7857fb9a3b4c957c7050b519552ef1c8e55461e
Reviewed-on: https://go-review.googlesource.com/3126Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

Generated from a modified go vet.

Change-Id: Ibe82941283da9bd4dbc7fa624a33ffb12424daa2
Reviewed-on: https://go-review.googlesource.com/2817Reviewed-by: Ian Lance Taylor <iant@golang.org>

Generated from go vet.

Change-Id: I8fee4095e43034b868bfd2b07e21ac13d5beabbb
Reviewed-on: https://go-review.googlesource.com/2816Reviewed-by: Ian Lance Taylor <iant@golang.org>

This reverts commit 44529d93.

Change-Id: I7671e2cd6f6a476efffa16e8110500a98258c0c1
Reviewed-on: https://go-review.googlesource.com/3130Reviewed-by: Austin Clements <austin@google.com>

Adujst triggergc so that we trigger when we have used 7/8
of the available memory.

Change-Id: I7ca02546d3084e6a04d60b09479e04a9a9837ae2
Reviewed-on: https://go-review.googlesource.com/3061Reviewed-by: Russ Cox <rsc@golang.org>

Change-Id: I04c1b8f2a9ac4efba227d6c0a20459420cd3dc05
Reviewed-on: https://go-review.googlesource.com/3014Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

Fixes #9651

Change-Id: I987833b6263482a402e58fcd9eeb0e42401599b5
Reviewed-on: https://go-review.googlesource.com/3073Reviewed-by: Robert Griesemer <gri@golang.org>

Change-Id: Ida20bf95e8f0fdadb459c2daa6d22edae9c3ad16
Reviewed-on: https://go-review.googlesource.com/3091Reviewed-by: Alan Donovan <adonovan@google.com>

For Austin's framepointer experiment.

Change-Id: I81b6f414943b3578924f853300b9193684f79bf4
Reviewed-on: https://go-review.googlesource.com/2994Reviewed-by: Austin Clements <austin@google.com>

This reverts commit cef15faa.

Change-Id: I6df3e9ea48cd58893892587dd5cd28c1eb759c48
Reviewed-on: https://go-review.googlesource.com/3090Reviewed-by: Adam Langley <agl@golang.org>

According to RFC5280 the authority key identifier extension MUST included in all
CRLs issued. This patch includes the authority key identifier extension when the
Subject Key Identifier is present in the signing certificate.

RFC5280 states:

"The authority key identifier extension provides a means of identifying the
public key corresponding to the private key used to sign a CRL.  The
identification can be based on either the key identifier (the subject key
identifier in the CRL signer's certificate) or the issuer name and serial
number.  This extension is especially useful where an issuer has more than one
signing key, either due to multiple concurrent key pairs or due to changeover."

Conforming CRL issuers MUST use the key identifier method, and MUST include this
extension in all CRLs issued."

This CL has been discussed at: http://golang.org/cl/177760043

Change-Id: I9bf50521908bfe777ea2398f154c13e8c90d14ad
Reviewed-on: https://go-review.googlesource.com/2258Reviewed-by: Adam Langley <agl@golang.org>