* alloc.c (POINTERS_MIGHT_HIDE_IN_OBJECTS): New macro.
(mark_memory): Mark Lisp_Objects only if pointers might hide in
objects, as mark_maybe_pointer will catch them otherwise.
(GC_LISP_OBJECT_ALIGNMENT): Remove; no longer needed.
* s/gnu-linux.h (GC_LISP_OBJECT_ALIGNMENT) [__mc68000__]: Likewise.
Suggested by Stefan Monnier in
<http://lists.gnu.org/archive/html/emacs-devel/2012-02/msg00692.html>.
* alloc.c (widen_to_Lisp_Object): New static function.
(mark_memory): Also mark Lisp_Objects by fetching pointer words
and widening them to Lisp_Objects. This would work even if
USE_LSB_TAG is defined and wide integers are used, which might
happen in a future version of Emacs.
does not work on some platforms. Problem reported by Andreas Schwab in
<http://lists.gnu.org/archive/html/emacs-devel/2011-11/msg00081.html>.
* puresize.h (pure, PURE_P): Always behave as if VIRT_ADDR_VARIES
is set, removing the need for VIRT_ADDRESS_VARIES.
(PURE_P): Use a more-efficient implementation that needs just one
comparison, not two: on x86-64 with GCC 4.6.2, this cut down the
number of instructions from 6 (xorl, cmpq, jge, xorl, cmpq, setge)
to 4 (xorl, subq, cmpq, setbe).
* alloc.c (pure): Always extern now, since that's the
VIRT_ADDR_VARIES behavior.
(PURE_POINTER_P): Use a single comparison, not two, for
consistency with the new puresize.h.
* lisp.h (PNTR_COMPARISON_TYPE): Remove; no longer needed.
* m/ibms390.h, m/intel386.h, m/template.h, s/cygwin.h, s/hpux10-20.h:
Remove VIRT_ADDR_VARIES no longer needed.
src/.gdbinit (xprintbytestr): New command.
(xwhichsymbols): Renamed from `which'; all callers changed.
(xbytecode): Print the byte-code string as well.
src/alloc.c (which_symbols): New function.
* configure.in (GC_LISP_OBJECT_ALIGNMENT): Remove.
This is now done by src/alloc.c.
* src/alloc.c (GC_LISP_OBJECT_ALIGNMENT): Use offsetof, not __alignof__
or sizeof. __alignof__ gives the wrong answer on Fedora x86-64
with GCC 4.6.1 when configured with CC='gcc -m32' --with-wide-int;
this makes Emacs dump core during garbage collection on rare
occasions. sizeof is obviously inferior to offsetof here, so
stick with offsetof.
(GC_POINTER_ALIGNMENT): New macro.
(mark_memory): Omit 3rd (offset) arg; caller changed.
Don't assume EMACS_INT alignment is the same as pointer alignment.
* alloc.c (XMALLOC_OVERRUN_CHECK_OVERHEAD, XMALLOC_OVERRUN_CHECK_SIZE):
Move back here from lisp.h, but with their new implementations.
(XMALLOC_BASE_ALIGNMENT, COMMON_MULTIPLE, XMALLOC_HEADER_ALIGNMENT)
(XMALLOC_OVERRUN_SIZE_SIZE): Move these new lisp.h macros here.
* charset.c (charset_table_init): New static var.
(syms_of_charset): Use it instead of xmalloc. This removes a
dependency on glibc malloc internals. See Eli Zaretskii's comment in
<http://lists.gnu.org/archive/html/emacs-devel/2011-09/msg00815.html>.
* lisp.h (XMALLOC_OVERRUN_CHECK_OVERHEAD, XMALLOC_OVERRUN_CHECK_SIZE):
Move back to alloc.c.
(XMALLOC_BASE_ALIGNMENT, COMMON_MULTIPLE, XMALLOC_HEADER_ALIGNMENT)
(XMALLOC_OVERRUN_SIZE_SIZE): Move to alloc.c.
* alloc.c (XMALLOC_OVERRUN_CHECK_OVERHEAD, XMALLOC_OVERRUN_CHECK_SIZE):
Move to lisp.h.
(xmalloc_put_size, xmalloc_get_size, overrun_check_malloc)
(overrun_check_realloc, overrun_check_free):
Use XMALLOC_OVERRUN_SIZE_SIZE, not sizeof (size_t).
That way, xmalloc returns a properly-aligned pointer even if
XMALLOC_OVERRUN_CHECK is defined. The old debugging code happened
to align OK on typical 64-bit hosts, but not on Fedora 14 x86.
* charset.c (syms_of_charset): Take XMALLOC_OVERRUN_CHECK_OVERHEAD
into account when calculating the initial malloc maximum.
* lisp.h (XMALLOC_OVERRUN_CHECK_OVERHEAD, XMALLOC_OVERRUN_CHECK_SIZE):
Move here from alloc.c, so that charset.c can use it too.
Properly align; the old code wasn't right for common 32-bit hosts
when configured with --enable-checking=all.
(XMALLOC_BASE_ALIGNMENT, COMMON_MULTIPLE, XMALLOC_HEADER_ALIGNMENT)
(XMALLOC_OVERRUN_SIZE_SIZE): New macros.
Do not impose an arbitrary 32-bit limit on malloc sizes when debugging.
(__malloc_size_t): Default to size_t, not to int.
(pure_size, pure_bytes_used_before_overflow, stack_copy_size)
(Fgarbage_collect, mark_object_loop_halt, mark_object):
Prefer ptrdiff_t to size_t when either would do, as we prefer
signed integers.
(XMALLOC_OVERRUN_CHECK_OVERHEAD): New macro.
(xmalloc_overrun_check_header, xmalloc_overrun_check_trailer):
Now const. Initialize with values that are in range even if char
is signed.
(XMALLOC_PUT_SIZE, XMALLOC_GET_SIZE): Remove, replacing with ...
(xmalloc_put_size, xmalloc_get_size): New functions. All uses changed.
These functions do the right thing with sizes > 2**32.
(check_depth): Now ptrdiff_t, not int.
(overrun_check_malloc, overrun_check_realloc, overrun_check_free):
Adjust to new way of storing sizes. Check for size overflow bugs
in rest of code.
(STRING_BYTES_MAX): Adjust to new overheads. The old code was
slightly wrong anyway, as it missed one instance of
XMALLOC_OVERRUN_CHECK_OVERHEAD.
(refill_memory_reserve): Omit needless cast to size_t.
(mark_object_loop_halt): Mark as externally visible.
(header_size, word_size): New constants.
(allocate_vectorlike): Don't check size overflow here.
(allocate_vector): Check it here instead, since this is the only
caller of allocate_vectorlike that could cause overflow.
Check that the new vector's length is representable as a fixnum.
This partly undoes my 2011-03-30 change, which replaced int with size_t.
Back then I didn't know that the Emacs coding style prefers signed int.
Also, in the meantime I found a few more instances where arguments
were being counted with int, which may truncate counts on 64-bit
machines, or EMACS_INT, which may be unnecessarily wide.
* lisp.h (struct Lisp_Subr.function.aMANY)
(DEFUN_ARGS_MANY, internal_condition_case_n, safe_call):
Arg counts are now ptrdiff_t, not size_t.
All variadic functions and their callers changed accordingly.
(struct gcpro.nvars): Now size_t, not size_t. All uses changed.
* bytecode.c (exec_byte_code): Check maxdepth for overflow,
to avoid potential buffer overrun. Don't assume arg counts fit in 'int'.
* callint.c (Fcall_interactively): Check arg count for overflow,
to avoid potential buffer overrun. Use signed char, not 'int',
for 'varies' array, so that we needn't bother to check its size
calculation for overflow.
* editfns.c (Fformat): Use ptrdiff_t, not EMACS_INT, to count args.
* eval.c (apply_lambda):
* fns.c (Fmapconcat): Use XFASTINT, not XINT, to get args length.
(struct textprop_rec.argnum): Now ptrdiff_t, not int. All uses changed.
(mapconcat): Use ptrdiff_t, not int and EMACS_INT, to count args.
(struct Lisp_Save_Value): Use ptrdiff_t, not int, for 'integer' member.
* alloc.c (make_save_value): Integer argument is now of type
ptrdiff_t, not int.
(mark_object): Use ptrdiff_t, not int.
* lisp.h (pD): New macro.
* print.c (print_object): Use it.
(n_vectors, n_symbol_blocks, n_marker_blocks): Remove.
These were 'int' variables that could overflow on 64-bit hosts;
they were never used, so remove them instead of repairing them.
(total_conses, total_markers, total_symbols, total_vector_size)
(total_free_conses, total_free_markers, total_free_symbols)
(total_free_floats, total_floats, total_free_intervals, total_intervals)
(total_strings, total_free_strings):
Now EMACS_INT, not int. All uses changed.
(Fgarbage_collect): Compute overall total using a double, so that
integer overflow is less likely to be a problem. Check for overflow
when converting back to an integer.
(XMALLOC_OVERRUN_CHECK_SIZE) [!XMALLOC_OVERRUN_CHECK]: Define to 0,
for convenience in STRING_BYTES_MAX.
(STRING_BYTES_MAX): New macro, superseding the old one in lisp.h.
The definition here is exact; the one in lisp.h was approximate.
(allocate_string_data): Check for string overflow. This catches
some instances we weren't catching before. Also, it catches
size_t overflow on (unusual) hosts where SIZE_MAX <= min
(PTRDIFF_MAX, MOST_POSITIVE_FIXNUM), e.g., when size_t is 32 bits
and ptrdiff_t and EMACS_INT are both 64 bits.
* character.c, coding.c, doprnt.c, editfns.c, eval.c:
All uses of STRING_BYTES_MAX replaced by STRING_BYTES_BOUND.
* lisp.h (STRING_BYTES_BOUND): Renamed from STRING_BYTES_MAX.
