(get_doc_string_buffer_size): Now ptrdiff_t, not int.
(get_doc_string): Check for size calculation overflow.
Don't update size until allocation succeeds.
(get_doc_string, Fsubstitute_command_keys): Use ptrdiff_t, not
EMACS_INT, where ptrdiff_t will do.
(Fsubstitute_command_keys): Check for string overflow.
This prepares for a future patch that will prefer 64-bit EMACS_INT if
available. That patch can be tried now, by compiling with -DWIDE_EMACS_INT,
but it is temporarily not the default so that it can be further tested.
Also, install some other fixes for problems discovered by the static
checking of GCC 4.6.0.
Fixes: debbugs:8545 debbugs:8601 debbugs:8600 debbugs:8602
This removes an assumption that EMACS_INT and long are the same
width as pointers. The assumption is true for Emacs porting targets
now, but we want to make other targets possible.
* lisp.h: Include <inttypes.h>, for INTPTR_MAX, UINTPTR_MAX.
(EMACS_INTPTR, EMACS_UINTPTR): New macros.
In the rest of the code, change types of integers that hold casted
pointers to EMACS_INTPTR and EMACS_UINTPTR, systematically
replacing EMACS_INT, long, EMACS_UINT, and unsigned long.
(XTYPE): Don't cast arg to EMACS_UINT; normally is not needed.
(XSET): Cast type of XTYPE arg to EMACS_INTPTR; it is needed here.
No need to cast type when ORing.
(XPNTR): Return a value of type EMACS_INTPTR or EMACS_UINTPTR.
* alloc.c (lisp_align_malloc): Remove a no-longer-needed cast.
* doc.c (store_function_docstring): Use EMACS_INTPTR, so as not to
assume EMACS_INT is the same width as char *.
* gtkutil.c (xg_gtk_scroll_destroy, xg_tool_bar_button_cb):
(xg_tool_bar_callback, xg_tool_bar_help_callback, xg_make_tool_item):
Remove no-longer-needed casts.
(xg_create_scroll_bar, xg_tool_bar_button_cb, xg_tool_bar_callback):
(xg_tool_bar_help_callback, xg_make_tool_item):
Use EMACS_INTPTR to hold an integer
that will be cast to void *; this can avoid a GCC warning
if EMACS_INT is not the same width as void *.
* menu.c (find_and_call_menu_selection): Remove no-longer-needed cast.
* xdisp.c (display_echo_area_1, resize_mini_window_1):
(current_message_1, set_message_1):
Use a local to convert to proper width without a cast.
* xmenu.c (dialog_selection_callback): Likewise.
GCC 4.6.0 optimizes based on type-based alias analysis. For
example, if b is of type struct buffer * and v of type struct
Lisp_Vector *, then gcc -O2 was incorrectly assuming that &b->size
!= &v->size, and therefore "v->size = 1; b->size = 2; return
v->size;" must therefore return 1. This assumption is incorrect
for Emacs, since it type-puns struct Lisp_Vector * with many other
types. To fix this problem, this patch adds a new type struct
vector_header that documents the constraints on layout of vectors
and pseudovectors, and helps optimizing compilers not get fooled
by Emacs's type punning. It also adds the macros XSETTYPED_PVECTYPE
XSETTYPED_PSEUDOVECTOR, TYPED_PSEUDOVECTORP, for similar reasons.
* lisp.h (XVECTOR_SIZE): New convenience macro. All previous uses of
XVECTOR (foo)->size replaced to use this macro, to avoid the hassle
of writing XVECTOR (foo)->header.size.
(XVECTOR_HEADER_SIZE): New macro, for use in XSETPSEUDOVECTOR.
(XSETTYPED_PVECTYPE): New macro, specifying the name of the size
member.
(XSETPVECTYPE): Rewrite in terms of new macro.
(XSETPVECTYPESIZE): New macro, specifying both type and size.
This is a bit clearer, and further avoids the possibility of
undesirable aliasing.
(XSETTYPED_PSEUDOVECTOR): New macro, specifying the size.
(XSETPSEUDOVECTOR): Rewrite in terms of XSETTYPED_PSEUDOVECTOR
and XVECTOR_HEADER_SIZE.
(XSETSUBR): Rewrite in terms of XSETTYPED_PSEUDOVECTOR and XSIZE,
since Lisp_Subr is a special case (no "next" field).
(ASIZE): Rewrite in terms of XVECTOR_SIZE.
(struct vector_header): New type.
(TYPED_PSEUDOVECTORP): New macro, also specifying the C type of the
object, to help avoid aliasing.
(PSEUDOVECTORP): Rewrite in terms of TYPED_PSEUDOVECTORP.
(SUBRP): Likewise, since Lisp_Subr is a special case.
* lisp.h (struct Lisp_Vector, struct Lisp_Char_Table):
(struct Lisp_Sub_Char_Table, struct Lisp_Bool_Vector):
(struct Lisp_Hash_Table): Combine first two members into a single
struct vector_header member. All uses of "size" and "next" members
changed to be "header.size" and "header.next".
* buffer.h (struct buffer): Likewise.
* font.h (struct font_spec, struct font_entity, struct font): Likewise.
* frame.h (struct frame): Likewise.
* process.h (struct Lisp_Process): Likewise.
* termhooks.h (struct terminal): Likewise.
* window.c (struct save_window_data, struct saved_window): Likewise.
* window.h (struct window): Likewise.
* alloc.c (allocate_buffer, Fmake_bool_vector, allocate_pseudovector):
Use XSETPVECTYPESIZE, not XSETPVECTYPE, to avoid aliasing problems.
* buffer.c (init_buffer_once): Likewise.
* lread.c (defsubr): Use XSETTYPED_PVECTYPE, since Lisp_Subr is a
special case.
* process.c (Fformat_network_address): Use local var for size,
for brevity.
src/doc.c (get_doc_string): Improve the format passed to `error'.
src/doprnt.c (doprnt): Improve commentary.
src/term.c (init_tty) [MSDOS]: Fix 1st argument to maybe_fatal.
src/Makefile.in (TAGS): Depend on $(M_FILE) and $(S_FILE), and scan
them with etags.
src/makefile.w32-in (TAGS): Depend on $(CURDIR)/m/intel386.h and
$(CURDIR)/s/ms-w32.h.
(TAGS-gmake): Scan $(CURDIR)/m/intel386.h and $(CURDIR)/s/ms-w32.h.
* lisp.h (pI): New macro, generalizing old pEd macro to other
conversion specifiers. For example, use "...%"pI"d..." rather
than "...%"pEd"...".
(pEd): Remove. All uses replaced with similar uses of pI.
* src/m/amdx86-64.h, src/m/ia64.h, src/m/ibms390x.h: Likewise.
* alloc.c (check_pure_size): Don't overflow by converting size to int.
* bidi.c (bidi_dump_cached_states): Use pI to avoid cast.
* data.c (Fnumber_to_string): Use pI instead of if-then-else-abort.
* dbusbind.c (xd_append_arg): Use pI to avoid cast.
(Fdbus_method_return_internal, Fdbus_method_error_internal): Likewise.
* font.c (font_unparse_xlfd): Avoid potential buffer overrun on
64-bit hosts.
(font_unparse_xlfd, font_unparse_fcname): Use pI to avoid casts.
* keyboard.c (record_char, modify_event_symbol): Use pI to avoid casts.
* print.c (safe_debug_print, print_object): Likewise.
(print_object): Don't overflow by converting EMACS_INT or EMACS_UINT
to int.
Use pI instead of if-then-else-abort. Use %p to avoid casts.
* process.c (Fmake_network_process): Use pI to avoid cast.
* region-cache.c (pp_cache): Likewise.
* xdisp.c (decode_mode_spec): Likewise.
* xrdb.c (x_load_resources) [USE_MOTIF]: Use pI to avoid undefined
behavior on 64-bit hosts with printf arg.
* xselect.c (x_queue_event): Use %p to avoid casts.
(x_stop_queuing_selection_requests): Likewise.
(x_get_window_property): Don't truncate byte count to an 'int'
when tracing.
This makes it easier for human readers (and static analyzers)
to see whether these functions can be called from other modules.
DEFUN now defines a static function. To make the function external
so that it can be used in other C modules, use the new macro DEFUE.
* lisp.h (DEFINE_FUNC): New macro, with the old contents of DEFUN.
(DEFUN): Rewrite in terms of DEFINE_FUNC. It now generates a
static function definition. Use DEFUE if you want an extern one.
(DEFUE, INFUN): New macros.
(Funibyte_char_to_multibyte, Fsyntax_table_p, Finit_image_library):
(Feval_region, Fbacktrace, Ffetch_bytecode, Fswitch_to_buffer):
(Ffile_executable_p, Fmake_symbolic_link, Fcommand_execute):
(Fget_process, Fdocumentation_property, Fbyte_code, Ffile_attributes):
Remove decls, since these functions are now static.
(Funintern, Fget_internal_run_time): New decls, since these functions
were already external.
* alloc.c, buffer.c, callint.c, callproc.c, casefiddle.c, casetab.c:
* ccl.c, character.c, chartab.c, cmds.c, coding.c, data.c, dispnew.c:
* doc.c, editfns.c, emacs.c, eval.c, fileio.c, filelock.c, floatfns.c:
* fns.c, font.c, fontset.c, frame.c, image.c, indent.c:
* keyboard.c, keymap.c, lread.c:
* macros.c, marker.c, menu.c, minibuf.c, print.c, process.c, search.c:
* syntax.c, term.c, terminal.c, textprop.c, undo.c:
* window.c, xdisp.c, xfaces.c, xfns.c, xmenu.c, xsettings.c:
Mark functions with DEFUE instead of DEFUN,
if they are used in other modules.
* buffer.c (Fset_buffer_major_mode, Fdelete_overlay): New forward
decls for now-static functions.
* buffer.h (Fdelete_overlay): Remove decl.
* callproc.c (Fgetenv_internal): Mark as internal.
* composite.c (Fremove_list_of_text_properties): Remove decl.
(Fcomposition_get_gstring): New forward static decl.
* composite.h (Fcomposite_get_gstring): Remove decl.
* dired.c (Ffile_attributes): New forward static decl.
* doc.c (Fdocumntation_property): New forward static decl.
* eval.c (Ffetch_bytecode): New forward static decl.
(Funintern): Remove extern decl; now in .h file where it belongs.
* fileio.c (Fmake_symbolic_link): New forward static decl.
* image.c (Finit_image_library): New forward static decl.
* insdel.c (Fcombine_after_change_execute): Make forward decl static.
* intervals.h (Fprevious_property_change):
(Fremove_list_of_text_properties): Remove decls.
* keyboard.c (Fthis_command_keys): Remove decl.
(Fcommand_execute): New forward static decl.
* keymap.c (Flookup_key): New forward static decl.
(Fcopy_keymap): Now static.
* keymap.h (Flookup_key): Remove decl.
* process.c (Fget_process): New forward static decl.
(Fprocess_datagram_address): Mark as internal.
* syntax.c (Fsyntax_table_p): New forward static decl.
(skip_chars): Remove duplicate decl.
* textprop.c (Fprevious_property_change): New forward static decl.
* window.c (Fset_window_fringes, Fset_window_scroll_bars):
Now internal.
(Fset_window_margins, Fset_window_vscroll): New forward static decls.
* window.h (Fset_window_vscroll, Fset_window_margins): Remove decls.
Without this change, on typical 64-bit hosts error ("...%d...", N)
was used to print both 32- and 64-bit integers N, which relied on
undefined behavior.
* lisp.h, src/m/amdx86-64.h, src/m/ia64.h, src/m/ibms390x.h (pEd):
New macro.
* lisp.h (error, verror): Mark as printf-like functions.
* eval.c (verror): Use vsnprintf, not doprnt, to do the real work.
Report overflow in size calculations when allocating printf buffer.
Do not truncate output string at its first null byte.
* xdisp.c (vmessage): Use vsnprintf, not doprnt, to do the real work.
Truncate the output at a character boundary, since vsnprintf does not
do that.
* charset.c (check_iso_charset_parameter): Convert internal
character to string before calling 'error', since %c now has the
printf meaning.
* coding.c (Fdecode_sjis_char, Fdecode_big5_char): Avoid int
overflow when computing char to be passed to 'error'. Do not
pass Lisp_Object to 'error'; pass the integer instead.
* nsfns.m (Fns_do_applescript): Use int, not long, since it's
formatted with plain %d.
* lisp/emacs-lisp/bytecomp.el (byte-compile-lapcode): Handle new form of
`byte-constant'.
(byte-compile-close-variables, displaying-byte-compile-warnings):
Add edebug spec.
(byte-compile-toplevel-file-form): New fun, split out of
byte-compile-file-form.
(byte-compile-from-buffer): Use it to avoid applying cconv
multiple times.
(byte-compile): Only strip `function' if it's present.
(byte-compile-lambda): Add `reserved-csts' argument.
Use new lexenv arg of byte-compile-top-level.
(byte-compile-reserved-constants): New var.
(byte-compile-constants-vector): Obey it.
(byte-compile-constants-vector): Handle new `byte-constant' form.
(byte-compile-top-level): Add args `lexenv' and `reserved-csts'.
(byte-compile-form): Don't check callargs here.
(byte-compile-normal-call): Do it here instead.
(byte-compile-push-unknown-constant)
(byte-compile-resolve-unknown-constant): Remove, unused.
(byte-compile-make-closure): Use `make-byte-code' rather than `curry',
putting the environment into the "constant" pool.
(byte-compile-get-closed-var): Use special byte-constant.
* lisp/emacs-lisp/byte-opt.el (byte-optimize-form-code-walker): Handle new
intermediate special form `internal-make-vector'.
(byte-optimize-lapcode): Handle new form of `byte-constant'.
* lisp/help-fns.el (describe-function-1): Don't handle funvecs.
* lisp/emacs-lisp/macroexp.el (macroexpand-all-1): Only convert quote to
function if the content is a lambda expression, not if it's a closure.
* emacs-lisp/eieio-come.el: Remove.
* lisp/emacs-lisp/eieio.el: Don't require eieio-comp.
(defmethod): Do a bit more work to find the body and wrap it into
a function before passing it to eieio-defmethod.
(eieio-defmethod): New arg `code' for it.
* lisp/emacs-lisp/debug.el (debugger-setup-buffer): Don't hide things in
debugger backtrace.
* lisp/emacs-lisp/cl-extra.el (cl-macroexpand-all): Use backquotes, and be
more careful when quoting a function value.
* lisp/emacs-lisp/cconv.el (cconv-freevars): Accept defvar/defconst.
(cconv-closure-convert-rec): Catch stray `internal-make-closure'.
* lisp/Makefile.in (COMPILE_FIRST): Compile pcase and cconv early.
* src/eval.c (Qcurry): Remove.
(funcall_funvec): Remove.
(funcall_lambda): Move new byte-code handling to reduce impact.
Treat all args as lexical in the case of lexbind.
(Fcurry): Remove.
* src/data.c (Qfunction_vector): Remove.
(Ffunvecp): Remove.
* src/lread.c (read1): Revert to calling make_byte_code here.
(read_vector): Don't call make_byte_code any more.
* src/lisp.h (enum pvec_type): Rename back to PVEC_COMPILED.
(XSETCOMPILED): Rename back from XSETFUNVEC.
(FUNVEC_SIZE): Remove.
(FUNVEC_COMPILED_TAG_P, FUNVEC_COMPILED_P): Remove.
(COMPILEDP): Rename back from FUNVECP.
* src/fns.c (Felt): Remove unexplained FUNVEC check.
* src/doc.c (Fdocumentation): Don't handle funvec.
* src/alloc.c (make_funvec, Ffunvec): Remove.
* doc/lispref/vol2.texi (Top):
* doc/lispref/vol1.texi (Top):
* doc/lispref/objects.texi (Programming Types, Funvec Type, Type Predicates):
* doc/lispref/functions.texi (Functions, What Is a Function, FunctionCurrying):
* doc/lispref/elisp.texi (Top): Remove mentions of funvec and curry.
(get_doc_string, Fsnarf_documentation, Fsubstitute_command_keys):
Change types between char * and unsigned char *, to satisfy C89
rules about pointer type compatibility.
