How to cast from a Go pointer to uintptr and back without a memory corruption?

Question

Conversion between pointers should be made using unsafe.Pointer() and uintptr. I am writing an interpreter using Go. This is very simple fragment using an EID struct to carry pairs (type,values) between different sections of native code. This code is surprising because the same print statement gets two different values (see the Foo() method). The object is "encapsulated" into an EID and transformed back to an object.
The code compiles but the result is deeply broken.

If you run this you get:

~/go%  go run testBug.go
create object 0xc000068e28 with class 0xc00000c060
here is y:0xc000068e28, y.Isa: 0xc00000c060"
here is y:0xc000068e28, y.Isa: 0x2c

---

package main

import (
    "fmt"
    "unsafe"
)

type EID struct {
    SORT *Class
    VAL  uintptr
}

// access to VAL
func OBJ(x EID) *Anything { return (*Anything)(unsafe.Pointer(x.VAL)) }
func INT(x EID) int       { return (int)((uintptr)(unsafe.Pointer(x.VAL))) }

// useful utility get the pointer as a uintptr
func (x *Anything) Uip() uintptr { return uintptr(unsafe.Pointer(x)) }

type Anything struct {
    Isa *Class
}

func (x *Anything) Id() *Anything { return x }

type Object struct {
    Anything
    name string
}

type Class struct {
    Object
    Super *Class
}

type Integer struct {
    Anything
    Value int
}

func MakeObject(c *Class) *Anything {
    o := new(Object)
    o.Isa = c
    return o.Id()
}

// this is the surprising example - EID is passed but the content is damaged
func (c *Class) Foo() EID {
    x := c.Bar()
    y := OBJ(x)
    z := y.Isa
    fmt.Printf("here is y:%p, y.Isa: %p\n", y, z)
    fmt.Printf("here is y:%p, y.Isa: %p\n", y, y.Isa)  // this produces a different value !
    return x
}

func (c *Class) Bar() EID {
    UU := EID{c, MakeObject(c).Uip()}
    fmt.Printf("create object %p with class %p\n", OBJ(UU), OBJ(UU).Isa)
    return UU
}

var aClass *Class
var aInteger *Class

func main() {
    aClass := new(Class)
    aClass.Isa = aClass
    aClass.Foo()
}

---

Clearly the uintptr to pointer has to be local and cannot happen in two different places (Foo() and Bar() here). I have found a workaround but I curious about this strange behavior.

Answer 1

When you store a pointer (of any concrete type or even of type unsafe.Pointer) into a uintptr, this hides the pointer-ness from Go's garbage collector. Go is therefore free to GC the underlying object if there is no other pointer to it.

When you convert a uintptr to unsafe.Pointer, the object, a pointer to which the value stored in the uintptr converts, needs to exist. If it's been GC'ed, it no longer exists. Hence the "safe" way to take some pointer value p of any type *T and store it in a uintptr is to store it instead in unsafe.Pointer. The unsafe.Pointer object is visible to Go's garbage collector, as a pointer, so this keeps the actual object alive.

You'll see this pattern in some of the Go internal software:

// need to keep the pointer alive while we make a syscall
p := unsafe.Pointer(foo)
ret := syscall.SyscallN(..., uintptr(foo), ...)

The apparently pointless creation of local variable p serves to protect the underlying object from being GC'ed while the OS system call reads its bytes. (Note that this is being overly chummy with the compiler since the assignment to p appears to be dead code here. Perhaps the internal software is fancier than this, and/or they're using //go:... comments as well.)

This same pattern works in the Go playground if I take your not-quite-minimal reproducible example and make the obvious minimal changes to it. Whether that's sufficient (and precisely how you'd like to use this same concept in your interpreter) is another question entirely, but see playground copy. Note: I had to add one closing brace to your program but after that it exhibited the same behavior you saw; here's that version. It draws two warnings from go vet about misuse of unsafe.Pointer, which my updated version doesn't.