This follows up on the recent thread in emacs-devel on alloca; see:
http://lists.gnu.org/archive/html/emacs-devel/2014-09/msg00042.html
This patch also cleans up alloca-related glitches noted while
examining the code looking for unbounded alloca.
* alloc.c (listn):
* callproc.c (init_callproc):
Rewrite to avoid need for alloca.
* buffer.c (mouse_face_overlay_overlaps)
(report_overlay_modification):
* buffer.h (GET_OVERLAYS_AT):
* coding.c (make_subsidiaries):
* doc.c (Fsnarf_documentation):
* editfns.c (Fuser_full_name):
* fileio.c (Ffile_name_directory, Fexpand_file_name)
(search_embedded_absfilename, Fsubstitute_in_file_name):
* fns.c (Fmake_hash_table):
* font.c (font_vconcat_entity_vectors, font_update_drivers):
* fontset.c (fontset_pattern_regexp, Ffontset_info):
* frame.c (Fmake_terminal_frame, x_set_frame_parameters)
(xrdb_get_resource, x_get_resource_string):
* ftfont.c (ftfont_get_charset, ftfont_check_otf, ftfont_drive_otf):
* ftxfont.c (ftxfont_draw):
* image.c (xbm_load, xpm_load, jpeg_load_body):
* keyboard.c (echo_add_key, menu_bar_items, tool_bar_items):
* keymap.c (Fdescribe_buffer_bindings, describe_map):
* lread.c (openp):
* menu.c (digest_single_submenu, find_and_call_menu_selection)
(find_and_return_menu_selection):
* print.c (PRINTFINISH):
* process.c (Fformat_network_address):
* scroll.c (do_scrolling, do_direct_scrolling, scrolling_1):
* search.c (search_buffer, Fmatch_data, Fregexp_quote):
* sound.c (wav_play, au_play):
* syntax.c (skip_chars):
* term.c (tty_menu_activate, tty_menu_show):
* textprop.c (get_char_property_and_overlay):
* window.c (Fset_window_configuration):
* xdisp.c (safe__call, next_overlay_change, vmessage)
(compute_overhangs_and_x, draw_glyphs, note_mouse_highlight):
* xfaces.c (face_at_buffer_position):
* xmenu.c (x_menu_show):
Use SAFE_ALLOCA etc. instead of plain alloca, since the
allocation size isn't bounded.
* callint.c (Fcall_interactively): Redo memory_full check
so that it can be done at compile-time on some platforms.
* coding.c (MAX_LOOKUP_MAX): New constant.
(get_translation_table): Use it.
* callproc.c (call_process): Use SAFE_NALLOCA instead of
SAFE_ALLOCA, to catch integer overflows on size calculation.
(exec_failed) [!DOS_NT]: New function.
(child_setup) [!DOS_NT]: Use it.
* editfns.c (Ftranspose_regions):
Hoist USE_SAFE_ALLOC + SAFE_FREE out of 'if'.
* editfns.c (check_translation):
Allocate larger buffers on the heap.
* eval.c (internal_lisp_condition_case):
Check for MAX_ALLOCA overflow.
* fns.c (sort_vector): Use SAFE_ALLOCA_LISP rather than Fmake_vector.
(Fbase64_encode_region, Fbase64_decode_region):
Avoid unnecessary calls to SAFE_FREE before 'error'.
* buffer.c (mouse_face_overlay_overlaps):
* editfns.c (Fget_pos_property, check_translation):
* eval.c (Ffuncall):
* font.c (font_unparse_xlfd, font_find_for_lface):
* ftfont.c (ftfont_drive_otf):
* keyboard.c (echo_add_key, read_decoded_event_from_main_queue)
(menu_bar_items, tool_bar_items):
* sound.c (Fplay_sound_internal):
* xdisp.c (load_overlay_strings, dump_glyph_row):
Use an ordinary auto buffer rather than alloca, since the
allocation size is fixed and small.
* ftfont.c: Include <c-strcase.h>.
(matching_prefix): New function.
(get_adstyle_property): Use it, to avoid need for alloca.
* keyboard.c (echo_add_key):
* keymap.c (describe_map): Use ptrdiff_t, not int.
* keyboard.c (echo_add_key): Prefer sizeof to strlen.
* keymap.c (Fdescribe_buffer_bindings): Use SBYTES, not SCHARS,
when counting bytes.
* lisp.h (xlispstrdupa): Remove, replacing with ...
(SAFE_ALLOCA_STRING): ... new macro with different API.
This fixes a portability problem, namely, alloca result
passed to another function. All uses changed.
(SAFE_ALLOCA, SAFE_ALLOCA_LISP): Check for MAX_ALLOCA,
not MAX_ALLOCA - 1.
* regex.c (REGEX_USE_SAFE_ALLOCA, REGEX_SAFE_FREE)
(REGEX_ALLOCATE): New macros.
(REGEX_REALLOCATE, REGEX_ALLOCATE_STACK, REGEX_REALLOCATE_STACK)
(REGEX_FREE_STACK, FREE_VARIABLES, re_match_2_internal):
Use them.
* xdisp.c (message3): Use SAFE_ALLOCA_STRING rather than doing it
by hand.
(decode_mode_spec_coding): Store directly into buf rather than
into an alloca temporary and copying the temporary to the buf.
Fixes: debbugs:18410
if !open_paren_in_column_0_is_defun_start.
(back_comment): If find_defun_start was pessimistic, use the
scan_sexps_forward result to improve the cache.
Fixes: debbugs:16526
syntax.h defined an extern inline function SYNTAX_ENTRY that was
conditionally compiled one way in some modules, and a different
way in others. This doesn't work with extern inline functions,
which must have the same definition in all modules, because the
defining code might be shared across modules, depending on the
implementation. Symptoms reported by Martin Rudalics in:
http://lists.gnu.org/archive/html/emacs-devel/2013-09/msg00414.html
* regex.c, syntax.c (SYNTAX_ENTRY_VIA_PROPERTY): Remove.
(SYNTAX, SYNTAX_ENTRY, SYNTAX_WITH_FLAGS): New macros,
overriding the corresponding functions in syntax.h.
* syntax.h (syntax_property_entry, syntax_property_with_flags)
(syntax_property): New inline functions.
(SYNTAX_ENTRY, SYNTAX_WITH_FLAGS, SYNTAX):
Rewrite in terms of these new functions.
This removes the need for the syntax_temp hack.
* search.c: Include syntax.h after buffer.h, since syntax.h uses BVAR.
* syntax.c (SYNTAX_INLINE): New macro.
(SYNTAX_FLAGS_COMSTART_FIRST, SYNTAX_FLAGS_COMSTART_SECOND)
(SYNTAX_FLAGS_COMEND_FIRST, SYNTAX_FLAGS_COMEND_SECOND)
(SYNTAX_FLAGS_PREFIX, SYNTAX_FLAGS_COMMENT_STYLEB)
(SYNTAX_FLAGS_COMMENT_STYLEC, SYNTAX_FLAGS_COMMENT_STYLEC2)
(SYNTAX_FLAGS_COMMENT_NESTED, SYNTAX_FLAGS_COMMENT_STYLE)
(SYNTAX_COMEND_FIRST): Now functions, not macros.
(ST_COMMENT_STYLE, ST_STRING_STYLE, INTERVALS_AT_ONCE):
Now constants, not macros.
(syntax_temp) [!__GNUC__]: Remove.
(SYNTAX_PREFIX): Remove; all uses replaced by syntax_prefix_flag_p.
(syntax_prefix_flag_p): Move implementation of SYNTAX_PREFIX here.
(SET_RAW_SYNTAX_ENTRY, SET_RAW_SYNTAX_ENTRY_RANGE, SYNTAX_MATCH)
(SETUP_SYNTAX_TABLE, SETUP_SYNTAX_TABLE_FOR_OBJECT):
Move here from syntax.h; now functions, not macros. Except for the
last function, these are static since only syntax.c uses them.
(syntax_multibyte): Rename from SYNTAX_WITH_MULTIBYTE_CHECK.
All uses changed. Now a function, not a macro; use this fact
to simplify the code.
(scan_lists, scan_sexps_forward): Remove workarounds for ancient
compiler bugs; no longer relevant.
* syntax.h: Use INLINE_HEADER_BEGIN, INLINE_HEADER_END.
(SYNTAX_INLINE): New macro.
(struct gl_state_s, gl_state): Move earlier, so that it's in scope
for the new functions. Use bool for boolean member.
(SYNTAX_ENTRY, SYNTAX, SYNTAX_WITH_FLAGS, SYNTAX_MATCH)
(SYNTAX_TABLE_BYTE_TO_CHAR, UPDATE_SYNTAX_TABLE_FORWARD)
(UPDATE_SYNTAX_TABLE_BACKWARD, UPDATE_SYNTAX_TABLE)
(SETUP_BUFFER_SYNTAX_TABLE):
Now extern inline functions, not macros.
(CURRENT_SYNTAX_TABLE, SYNTAX_ENTRY_INT):
Remove; all uses replaced by implementation.
(syntax_temp) [!__GNUC__]: Remove decl.
(SETUP_SYNTAX_TABLE_FOR_OBJECT): New decl.
(SYNTAX_FLAGS_COMMENT_STYLEC): Return a boolean, not 0-or-2.
All uses that need 0-or-2 changed to:
(SYNTAX_FLAGS_COMMENT_STYLEC2): New macro, with the same semantics
as the old SYNTAX_FLAGS_COMMENT_STYLEC.
(struct lisp_parse_state, syntax_prefix_flag_p, update_syntax_table)
(char_quoted, prev_char_comend_first, back_comment)
(Finternal_describe_syntax_value, skip_chars, skip_syntaxes)
(in_classes, forw_comment, scan_lists, scan_sexps_forward):
Use bool for boolean.
(update_syntax_table, skip_chars, skip_syntaxes):
Prefer int to unsigned when either will do.
(back_comment): Return boolean success flag, like forw_comment,
instead of positive-or-minus-1 (which might have overflowed int anyway).
Don't stuff ptrdiff_t into int.
(syntax_spec_code, syntax_code_spec): Now const.
(Fmatching_paren, scan_lists, scan_sexps_forward):
Use enum syntaxcode for syntax code.
(Fmatching_paren): Check that arg is a character, not just an integer.
(Fstring_to_syntax): Don't assume 0377 fits in enum syntaxcode.
(Finternal_describe_syntax_value): Omit no-longer-needed
comparison to 0.
(skip_chars): Use char, not unsigned char, when the distinction
doesn't matter.
(forw_comment, scan_lists): Prefer A |= B to A = A || B when B's cheap.
* bytecode.c (exec_byte_code):
* syntax.c (syntax_spec_code, Fchar_syntax)
(Finternal_describe_syntax_value, skip_chars, skip_syntaxes)
(init_syntax_once):
* syntax.h (SYNTAX_WITH_FLAGS):
Omit unnecessary casts.
(scan_newline): Do not recalculate start_byte.
(search_command): Use eassert.
* syntax.c (struct lisp_parse_state): New member location_byte.
(scan_sexps_forward): Record from_byte and avoid redundant
character to byte position calculation ...
(Fparse_partial_sexp): ... here. Break too long line.
* configure.ac (HAVE__SETJMP, HAVE_SIGSETJMP): New symbols.
(_setjmp, _longjmp): Remove.
* src/lisp.h: Include <setjmp.h> here, since we use its symbols here.
All instances of '#include <setjmp.h>' removed, if the
only reason for the instance was because "lisp.h" was included.
(sys_jmp_buf, sys_setjmp, sys_longjmp): New symbols.
Unless otherwise specified, replace all uses of jmp_buf, _setjmp,
and _longjmp with the new symbols. Emacs already uses _setjmp if
available, so this change affects only POSIXish hosts that have
sigsetjmp but not _setjmp, such as some versions of Solaris and
Unixware. (Also, POSIX-2008 marks _setjmp as obsolescent.)
* src/image.c (_setjmp, _longjmp) [HAVE_PNG && !HAVE__SETJMP]: New macros.
(png_load_body) [HAVE_PNG]:
(PNG_LONGJMP) [HAVE_PNG && PNG_LIBPNG_VER < 10500]:
(PNG_JMPBUF) [HAVE_PNG && PNG_LIBPNG_VER >= 10500]:
Use _setjmp and _longjmp rather than sys_setjmp and sys_longjmp,
since PNG requires jmp_buf. This is the only exception to the
general rule that we now use sys_setjmp and sys_longjmp.
This exception is OK since this code does not change the signal
mask or longjmp out of a signal handler.
Fixes: debbugs:12446
(set_char_table_ascii, set_char_table_defalt, set_char_table_parent)
(set_char_table_purpose): New functions,
replacing CSET. All uses changed. For example, replace
"CSET (XCHAR_TABLE (char_table), parent, parent);" with
"char_table_set_parent (char_table, parent);".
The old version was confusing because it used the same name
'parent' for two different things.
Fixes: debbugs:12215
src/lisp.h (enum constype): Use CONSTYPE_HEAP and CONSTYPE_PURE for
enumeration constants, as PURE and HEAP are too general, and clash
with other headers and sources, such as gmalloc.c and the
MS-Windows system headers. All users changed.
* lisp.h (make_pure_string): Fix prototype.
(build_pure_c_string): New function, defined as static inline. This
provides a better opportunity to optimize away calls to strlen when
the function is called with compile-time constant argument.
* alloc.c (make_pure_c_string): Fix comment. Change to add nchars
argument, adjust users accordingly. Use build_pure_c_string where
appropriate.
* buffer.c, coding.c, data.c, dbusbind.c, fileio.c, fontset.c, frame.c,
* keyboard.c, keymap.c, lread.c, search.c, syntax.c, w32fns.c, xdisp.c,
* xfaces.c, xfns.c, xterm.c: Use build_pure_c_string where appropriate.
* font.c, image.c, keyboard.c, lread.c, menu.c, minibuf.c, msdos.c:
* print.c, syntax.c, window.c, xmenu.c, xselect.c: Replace direct
access to `contents' member of Lisp_Vector objects with AREF and ASET
where appropriate.
