This was part of the original design of the module
API (https://lists.gnu.org/archive/html/emacs-devel/2015-02/msg00960.html),
but I didn't take it into account when adding the should_quit
function.
Instead of duplicating the environment fields or using the C
preprocessor, use configure to build emacs-module.h.
* configure.ac: Expand emacs-module.h template.
Add a new command 'replace-buffer-contents' that uses the Myers diff
algorithm to non-destructively replace the accessible portion of the
current buffer. The Myers algorithm is implemented in Gnulib.
* src/editfns.c (Freplace_buffer_contents): New command.
(set_bit, bit_is_set, buffer_chars_equal): New helper functions.
(syms_of_editfns): Define new command.
* test/src/editfns-tests.el (replace-buffer-contents-1)
(replace-buffer-contents-2): New unit tests.
* src/buffer.h (BUF_FETCH_CHAR_AS_MULTIBYTE): New helper macro.
* admin/merge-gnulib (GNULIB_MODULES): Add diffseq.h and minmax.h.
* configure.ac (WARN_CFLAGS): With Clang, use
-Wno-tautological-compare regardless of --enable-gcc-warnings.
(WERROR_CFLAGS): Simplify assignments, and guarantee it’s always set.
* lib/strftime.c: Copy from gnulib, reverting Clang-specific
change which I hope is no longer needed.
* src/emacs.c (main): Revert rlim_t change, as rlim_t is signed on
some older non-POSIX hosts.
* src/emacs-module.h: Remove __STDC_VERSION__ check. In the past
we’ve found that some compilers do not define this symbol even
when they work well enough. If necessary features like stdbool.h
are missing the compiler will complain eventually anyway.
* src/image.c (x_create_x_image_and_pixmap) [HAVE_NTGUI]: Avoid
compilation warning under -Warray-bounds by temporarily disabling
the -Warray-bounds option.
* INSTALL (--with-modules): List cleanup attribute as prereq.
* src/conf_post.h (__has_attribute_cleanup): Remove; no longer needed.
* src/emacs-module.c (MODULE_SETJMP_1): Don’t attempt to verify
(__has_attribute (cleanup)), as Oracle Studio 12.5 supports
__has_attribute only inside preprocessor expressions. The C
compiler should check the cleanup attribute in the next line anyway.
(module_reset_handlerlist): Remove an unnecessary ‘const’
that causes Oracle Studio 12.5 to refuse to compile.
* src/nsfns.m (ns_frame_parm_handlers): Add x_set_no_focus_on_map.
(x-create-frame): Check for no-focus-on-map.
* src/nsterm.h (x_set_no_focus_on_map): New function.
* src/nsterm.m (x_set_no_focus_on_map): New function.
(ns_raise_frame): Add parameter for specifying whether to focus the
frame.
(ns_frame_raise_lower):
(x_make_frame_visible): Handle new parameter for ns_raise_frame.
* src/emacs-module.c (module_free_global_ref)
(module_assert_runtime, module_assert_env, value_to_lisp): Use 'pD'
instead of C99 't' format descriptor.
Maybe the stdout buffer still contains something interesting that
should be flushed.
* src/emacs-module.c (module_abort): Flush all output streams before
aborting.
Add a new command-line option '-module-assertions' that users can
enable developing or debugging a module. If this option is present,
Emacs performs additional checks to verify that modules fulfill their
requirements. These checks are expensive and crash Emacs if modules
are invalid, so disable them by default.
This is a command-line option instead of an ordinary variable because
changing it while Emacs is running would cause data structure
imbalances.
* src/emacs.c (main): New command line option '-module-assertions'.
* src/emacs-module.c (module_assert_main_thread)
(module_assert_runtime, module_assert_env, module_assert_value):
New functions to assert module requirements.
(syms_of_module): New uninterned variable 'module-runtimes'.
(init_module_assertions, in_main_thread, module_abort): New helper
functions.
(initialize_environment): Initialize value list. If assertions are
enabled, use a heap-allocated environment object.
(finalize_environment): Add assertion that environment list is never
empty.
(finalize_runtime_unwind): Pop module runtime object stack.
(value_to_lisp): Assert that the value is valid.
(lisp_to_value): Record new value if assertions are enabled.
(mark_modules): Mark allocated object list.
(MODULE_FUNCTION_BEGIN_NO_CATCH)
(module_non_local_exit_check, module_non_local_exit_clear)
(module_non_local_exit_get, module_non_local_exit_signal)
(module_non_local_exit_throw): Assert thread and environment.
(module_get_environment): Assert thread and runtime.
(module_make_function, module_funcall, module_intern)
(module_funcall, module_make_integer, module_make_float)
(module_make_string, module_make_user_ptr, module_vec_get)
(funcall_module, Fmodule_load): Adapt callers.
(module_make_global_ref): If assertions are enabled, use the global
environment to store global values.
(module_free_global_ref): Remove value from global value list.
* test/Makefile.in (EMACSOPT): Enable module assertions when testing
modules.
* test/data/emacs-module/mod-test.c (Fmod_test_invalid_store)
(Fmod_test_invalid_load): New functions to test module assertions.
(emacs_module_init): Bind the new functions.
* test/src/emacs-module-tests.el (mod-test-emacs): New constant for
the Emacs binary file.
(mod-test-file): New constant for the test module file name.
(module--test-assertions): New unit test.
* src/data.c (Ftype_of): Do not worry about Lisp_Misc_Float.
* src/lisp.h (Lisp_Misc_Float): Remove. This placeholder has been
unused for two decades; if we ever want to change floats to be a
misc type we can bring it back then.
Rather than checking for the main thread, check for the current
thread.
* emacs-module.c (check_thread): New function.
(MODULE_FUNCTION_BEGIN_NO_CATCH, module_get_environment)
(module_non_local_exit_check, module_non_local_exit_clear)
(module_non_local_exit_get, module_non_local_exit_signal)
(module_non_local_exit_throw, module_is_not_nil, module_eq): Use it.
Previously signals, throws, and quits from module initialization
functions were ignored. These function aren't special, and better
errors can be reported using signals than with the initialization
return code, so allow non-local exits.
* src/emacs-module.c (module_signal_or_throw): New helper function.
(Fmodule_load, funcall_module): Use it.
(Fmodule_load): Also allow quitting.
menu_position_func did not properly use the current monitor's
resolution. Also see commit '2016-02-06 22:12:53 +0100'.
* lisp/frame.el (frame-monitor-attribute, frame-monitor-geometry)
(frame-monitor-workarea): New functions.
* src/xmenu.c (menu_position_func): Take into account the workarea of
the monitor that contains the mouse. (Bug#23568)
* src/print.c (print_vectorlike): Make sure module function's
address prints with a leading "0x". This fixes emacs-module-tests
on MS-Windows. Fix whitespace.
* src/dynlib.c (dynlib_addr): Remove unused variable. Update
commentary.
Reuse existing functionality and simplify the code a bit.
* src/emacs-module.c (Fmodule_load): Use unwind protection to clean up
runtime object.
(funcall_module): Use unwind protection to clean up environment
object.
(finalize_environment): Simplify signature.
(finalize_environment_unwind, finalize_runtime_unwind): New functions.
Most of these seem to run afoul of the comment "Do NOT use
'eassert' for checking validity of user code in the module."
* src/emacs-module.c (MODULE_FUNCTION_BEGIN_NO_CATCH)
(module_non_local_exit_check, module_non_local_exit_clear)
(module_non_local_exit_get, module_non_local_exit_signal)
(module_non_local_exit_throw, module_make_string):
Remove unnecessary easserts that pointers are nonnull.
Hardware checks this for us nowadays, and the checks
just clutter up the code.
(module_extract_integer): Remove unnecessary verify that
a C signed integer is in the range INTMAX_MIN..INTMAX_MAX.
The C standard guarantees this.
(module_copy_string_contents): Remove unnecessary eassert
that Lisp strings are null-terminated.
(module_function_arity): Remove unnecessary easserts that
function arities are in range.
* src/emacs-module.c (module_copy_string_contents):
Remove checking, as string lengths are always nonnegative and less
than STRING_BYTES_BOUND, and this is checked elsewhere.
(module_make_string): Check length against STRING_BYTES_BOUND, a
tighter bound than MOST_POSITIVE_FIXNUM. (funcall_module): Don't
assume that an out-of-range integer is nonnegative.
Tell the compiler that SCHARS and STRING_BYTES are nonnegative, in
the hopes that this will optimize a bit better. Also, check this
at runtime if ENABLE_CHECKING.
* src/lisp.h (SCHARS, STRING_BYTES):
eassume that these functions return nonnegative values.
(STRING_SET_CHARS) [ENABLE_CHECKING]:
eassert that newsize is nonnegative.
The idea is that modules should call env->should_quit from time to
time and return as quickly as possible if it returns true.
* src/emacs-module.c (module_should_quit): New module function.
(initialize_environment): Use it.
(funcall_module): Process potential pending quit.
* src/eval.c (maybe_quit): Add reference to module_should_quit.
In particular, alias violations are likely for the return values of
dlsym(3), which get cast around arbitrarily.
* src/emacs-module.c (Fmodule_load): Use ATTRIBUTE_MAY_ALIAS.
