runtime: expand comments on runtime panic checks

This adds comments explaining why it's important that some panics are
allowed in the runtime (even though this isn't ideal).

Change-Id: I04c6fc4f792f3793f951619ccaea6bfef2f1763c
Reviewed-on: https://go-review.googlesource.com/c/go/+/181737Reviewed-by: Keith Randall <khr@golang.org>

src/runtime/panic.go

@@ -29,13 +29,24 @@ func panicCheck1(pc uintptr, msg string) {
 }
 
 // Same as above, but calling from the runtime is allowed.
+//
+// Using this function is necessary for any panic that may be
+// generated by runtime.sigpanic, since those are always called by the
+// runtime.
 func panicCheck2(err string) {
+	// panic allocates, so to avoid recursive malloc, turn panics
+	// during malloc into throws.
 	gp := getg()
 	if gp != nil && gp.m != nil && gp.m.mallocing != 0 {
 		throw(err)
 	}
 }
 
+// Many of the following panic entry-points turn into throws when they
+// happen in various runtime contexts. These should never happen in
+// the runtime, and if they do, they indicate a serious issue and
+// should not be caught by user code.
+//
 // The panic{Index,Slice,divide,shift} functions are called by
 // code generated by the compiler for out of bounds index expressions,
 // out of bounds slice expressions, division by zero, and shift by negative.
@@ -49,6 +60,11 @@ func panicCheck2(err string) {
 // runtime package we turn the panic into a throw. That will dump the
 // entire runtime stack for easier debugging.
 //
+// The entry points called by the signal handler will be called from
+// runtime.sigpanic, so we can't disallow calls from the runtime to
+// these (they always look like they're called from the runtime).
+// Hence, for these, we just check for clearly bad runtime conditions.
+//
 // The panic{Index,Slice} functions are implemented in assembly and tail call
 // to the goPanic{Index,Slice} functions below. This is done so we can use
 // a space-minimal register calling convention.