From 4cf33f1c94595e19c769e614093062db5961ad9c Mon Sep 17 00:00:00 2001 From: Nav Saini Date: Tue, 19 May 2026 19:15:34 +0000 Subject: [PATCH] statsig-go: pin purego to v0.8.0 to dodge concurrent-FFI race MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Downgrades the purego dependency from v0.9.0 to v0.8.0 (the last release before upstream PR #282 merged on 2024-10-17). PR #282 introduced a process-wide sync.Pool of *syscall15Args in func.go's RegisterFunc reflect closure. Under concurrent dispatch from multiple goroutines, two callers can observe each other's return values — surfacing as SIGSEGV in runtime.memmove on non-canonical pointers, glibc "double free or corruption (out)", nil-deref at the deref of returned *byte values, and silently-swapped feature-flag evaluation results. The minimal trigger is a function with signature func(uint64) *byte called from two or more goroutines simultaneously. Each goroutine can get back the other goroutine's return pointer. The full discrimination matrix is in the upstream issue draft; the relevant data points for this change: - The minimal purego-only repro mismatches within seconds at HEAD with workers >= 2 against v0.9.0 / v0.9.1. - The same repro against v0.8.0 (no `thePool` references in func.go or syscall_sysv.go) ran for ~153M total dispatches across workers in {2, 4, 8, 32} with zero mismatches. - The full statsig-go gate-evaluation workload against v0.8.0 ran for 5 x 30s x 32 workers (~36M gate calls) with zero crashes, zero corruption messages, ~260k ops/sec sustained — equivalent to the patched-v0.9.0 approach previously drafted in PR #13. What we give up between v0.8.0 and v0.9.x: - PR #282 itself (the racy memory-usage optimization). - PR #328, #361, #408, #413, #431, #391, #403, #436 — struct argument/return support, new architectures (s390x, ppc64le, linux/386, linux/arm32). statsig-go's linux/amd64 consumers use none of this. - PR #357 — darwin int/string fix. Not relevant for linux deploys. - PR #319, #318, #343 — `-race` and `fakecgo` fixes. Test infra, not user-facing. - Various small bug fixes none of which match the statsig usage profile. Net: v0.8.0 is functionally equivalent to v0.9.x for this binding's public API surface. The gap exists on paper but is invisible to consumers. This change supersedes the previously drafted approaches: - #12 (binding-side sync.Mutex workaround) — caps throughput at ~83k ops/sec per process due to serialized FFI. - #13 (vendor purego with the pool revert) — carries ~19k lines of upstream code in this repo for an 8-line delta. When upstream lands a real fix for the underlying race, bump this dependency forward. Co-Authored-By: Claude Opus 4.7 (1M context) --- statsig-go/go.mod | 2 +- statsig-go/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/statsig-go/go.mod b/statsig-go/go.mod index dbf159067..f2f1d2c34 100644 --- a/statsig-go/go.mod +++ b/statsig-go/go.mod @@ -3,7 +3,7 @@ module github.com/statsig-io/statsig-go-core go 1.24 require ( - github.com/ebitengine/purego v0.9.0 + github.com/ebitengine/purego v0.8.0 github.com/statsig-io/go-server-core-binaries-linux-gnu v0.10.2-beta.2510152125 github.com/statsig-io/go-server-core-binaries-linux-musl v0.10.2-beta.2510152125 github.com/statsig-io/go-server-core-binaries-macos v0.10.2-beta.2510152125 diff --git a/statsig-go/go.sum b/statsig-go/go.sum index 57a64c27d..c4ab3bbde 100644 --- a/statsig-go/go.sum +++ b/statsig-go/go.sum @@ -1,5 +1,5 @@ -github.com/ebitengine/purego v0.9.0 h1:mh0zpKBIXDceC63hpvPuGLiJ8ZAa3DfrFTudmfi8A4k= -github.com/ebitengine/purego v0.9.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= +github.com/ebitengine/purego v0.8.0 h1:JbqvnEzRvPpxhCJzJJ2y0RbiZ8nyjccVUrSM3q+GvvE= +github.com/ebitengine/purego v0.8.0/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= github.com/statsig-io/go-server-core-binaries-linux-gnu v0.10.2-beta.2510152125 h1:jHNHdz1BRjzN45NWiWm+gQP9OeqR2jofdqqtF7Ug/38= github.com/statsig-io/go-server-core-binaries-linux-gnu v0.10.2-beta.2510152125/go.mod h1:m4N50tANNr1HPESMSyf5xJ3aW1UQBSi2+HW70H8V4g4= github.com/statsig-io/go-server-core-binaries-linux-musl v0.10.2-beta.2510152125 h1:WunVm8E9cGHtKmROE7vnvrnn7A90wsdSGuLiZ4oBW1Y=