src/doprnt.c (doprnt): Make sure `format' is never accessed beyond
`format_end'. Remove support for %l as a conversion specifier.
Don't use xrealloc. Improve diagnostics when the %l size modifier
is used. Update the commentary.
src/eval.c (verror): Simplify calculation of size_t.
src/coding.c (Ffind_operation_coding_system): Fix diagnostic error
messages.
GCC 4.6.0 optimizes based on type-based alias analysis. For
example, if b is of type struct buffer * and v of type struct
Lisp_Vector *, then gcc -O2 was incorrectly assuming that &b->size
!= &v->size, and therefore "v->size = 1; b->size = 2; return
v->size;" must therefore return 1. This assumption is incorrect
for Emacs, since it type-puns struct Lisp_Vector * with many other
types. To fix this problem, this patch adds a new type struct
vector_header that documents the constraints on layout of vectors
and pseudovectors, and helps optimizing compilers not get fooled
by Emacs's type punning. It also adds the macros XSETTYPED_PVECTYPE
XSETTYPED_PSEUDOVECTOR, TYPED_PSEUDOVECTORP, for similar reasons.
* lisp.h (XVECTOR_SIZE): New convenience macro. All previous uses of
XVECTOR (foo)->size replaced to use this macro, to avoid the hassle
of writing XVECTOR (foo)->header.size.
(XVECTOR_HEADER_SIZE): New macro, for use in XSETPSEUDOVECTOR.
(XSETTYPED_PVECTYPE): New macro, specifying the name of the size
member.
(XSETPVECTYPE): Rewrite in terms of new macro.
(XSETPVECTYPESIZE): New macro, specifying both type and size.
This is a bit clearer, and further avoids the possibility of
undesirable aliasing.
(XSETTYPED_PSEUDOVECTOR): New macro, specifying the size.
(XSETPSEUDOVECTOR): Rewrite in terms of XSETTYPED_PSEUDOVECTOR
and XVECTOR_HEADER_SIZE.
(XSETSUBR): Rewrite in terms of XSETTYPED_PSEUDOVECTOR and XSIZE,
since Lisp_Subr is a special case (no "next" field).
(ASIZE): Rewrite in terms of XVECTOR_SIZE.
(struct vector_header): New type.
(TYPED_PSEUDOVECTORP): New macro, also specifying the C type of the
object, to help avoid aliasing.
(PSEUDOVECTORP): Rewrite in terms of TYPED_PSEUDOVECTORP.
(SUBRP): Likewise, since Lisp_Subr is a special case.
* lisp.h (struct Lisp_Vector, struct Lisp_Char_Table):
(struct Lisp_Sub_Char_Table, struct Lisp_Bool_Vector):
(struct Lisp_Hash_Table): Combine first two members into a single
struct vector_header member. All uses of "size" and "next" members
changed to be "header.size" and "header.next".
* buffer.h (struct buffer): Likewise.
* font.h (struct font_spec, struct font_entity, struct font): Likewise.
* frame.h (struct frame): Likewise.
* process.h (struct Lisp_Process): Likewise.
* termhooks.h (struct terminal): Likewise.
* window.c (struct save_window_data, struct saved_window): Likewise.
* window.h (struct window): Likewise.
* alloc.c (allocate_buffer, Fmake_bool_vector, allocate_pseudovector):
Use XSETPVECTYPESIZE, not XSETPVECTYPE, to avoid aliasing problems.
* buffer.c (init_buffer_once): Likewise.
* lread.c (defsubr): Use XSETTYPED_PVECTYPE, since Lisp_Subr is a
special case.
* process.c (Fformat_network_address): Use local var for size,
for brevity.
src/doprnt.c: Include limits.h.
(SIZE_MAX): New macro.
(doprnt): Return a size_t value. 2nd arg is now size_t. Many
local variables are now size_t instead of int or unsigned.
Improve overflow protection. Support `l' modifier for integer
conversions. Support %l conversion. Don't assume an EMACS_INT
argument for integer conversions and for %c.
src/lisp.h (doprnt): Restore prototype.
src/makefile.w32-in ($(BLD)/callint.$(O)): Depend on
$(SRC)/character.h.
src/Makefile.in (base_obj): Add back doprnt.o.
src/deps.mk (doprnt.o): Add back prerequisites.
(callint.o): Depend on character.h.
src/eval.c (internal_lisp_condition_case): Include the handler
representation in the error message.
(verror): Call doprnt instead of vsnprintf. Fix an off-by-one bug
when breaking from the loop.
src/xdisp.c (vmessage): Call doprnt instead of vsnprintf.
src/callint.c (Fcall_interactively): When displaying error message
about invalid control letter, pass the character's codepoint, not
a pointer to its multibyte form. Improve display of the character
in octal and display also its hex code.
src/character.c (char_string): Use %x to display the (unsigned)
codepoint of an invalid character, to avoid displaying a bogus
negative value.
src/font.c (check_otf_features): Pass SDATA of SYMBOL_NAME to
`error', not SYMBOL_NAME itself.
src/coding.c (Fencode_sjis_char, Fencode_big5_char): Use %c for
character arguments to `error'.
src/charset.c (check_iso_charset_parameter): Fix incorrect argument
to `error' in error message about FINAL_CHAR argument. Make sure
FINAL_CHAR is a character, and use %c when it is passed as
argument to `error'.
* lisp.h (pI): New macro, generalizing old pEd macro to other
conversion specifiers. For example, use "...%"pI"d..." rather
than "...%"pEd"...".
(pEd): Remove. All uses replaced with similar uses of pI.
* src/m/amdx86-64.h, src/m/ia64.h, src/m/ibms390x.h: Likewise.
* alloc.c (check_pure_size): Don't overflow by converting size to int.
* bidi.c (bidi_dump_cached_states): Use pI to avoid cast.
* data.c (Fnumber_to_string): Use pI instead of if-then-else-abort.
* dbusbind.c (xd_append_arg): Use pI to avoid cast.
(Fdbus_method_return_internal, Fdbus_method_error_internal): Likewise.
* font.c (font_unparse_xlfd): Avoid potential buffer overrun on
64-bit hosts.
(font_unparse_xlfd, font_unparse_fcname): Use pI to avoid casts.
* keyboard.c (record_char, modify_event_symbol): Use pI to avoid casts.
* print.c (safe_debug_print, print_object): Likewise.
(print_object): Don't overflow by converting EMACS_INT or EMACS_UINT
to int.
Use pI instead of if-then-else-abort. Use %p to avoid casts.
* process.c (Fmake_network_process): Use pI to avoid cast.
* region-cache.c (pp_cache): Likewise.
* xdisp.c (decode_mode_spec): Likewise.
* xrdb.c (x_load_resources) [USE_MOTIF]: Use pI to avoid undefined
behavior on 64-bit hosts with printf arg.
* xselect.c (x_queue_event): Use %p to avoid casts.
(x_stop_queuing_selection_requests): Likewise.
(x_get_window_property): Don't truncate byte count to an 'int'
when tracing.
This makes it easier for human readers (and static analyzers)
to see whether these variables are used from other modules.
* alloc.c, buffer.c, bytecode.c, callint.c, casetab.c, category.c:
* ccl.c, character.c, charset.c, cmds.c, coding.c, composite.c:
* data.c, dbusbind.c, dired.c, editfns.c, eval.c, fileio.c, fns.c:
* font.c, frame.c, fringe.c, ftfont.c, image.c, keyboard.c, keymap.c:
* lread.c, macros.c, minibuf.c, print.c, process.c, search.c:
* sound.c, syntax.c, textprop.c, window.c, xdisp.c, xfaces.c, xfns.c:
* xmenu.c, xselect.c:
Declare Q* vars static if they are not used in other modules.
* ccl.h, character.h, charset.h, coding.h, composite.h, font.h:
* frame.h, intervals.h, keyboard.h, lisp.h, process.h, syntax.h:
Remove decls of unexported vars.
* keyboard.h (EVENT_HEAD_UNMODIFIED): Remove now-unused macro.
This makes it easier for human readers (and static analyzers)
to see whether these functions can be called from other modules.
DEFUN now defines a static function. To make the function external
so that it can be used in other C modules, use the new macro DEFUE.
* lisp.h (DEFINE_FUNC): New macro, with the old contents of DEFUN.
(DEFUN): Rewrite in terms of DEFINE_FUNC. It now generates a
static function definition. Use DEFUE if you want an extern one.
(DEFUE, INFUN): New macros.
(Funibyte_char_to_multibyte, Fsyntax_table_p, Finit_image_library):
(Feval_region, Fbacktrace, Ffetch_bytecode, Fswitch_to_buffer):
(Ffile_executable_p, Fmake_symbolic_link, Fcommand_execute):
(Fget_process, Fdocumentation_property, Fbyte_code, Ffile_attributes):
Remove decls, since these functions are now static.
(Funintern, Fget_internal_run_time): New decls, since these functions
were already external.
* alloc.c, buffer.c, callint.c, callproc.c, casefiddle.c, casetab.c:
* ccl.c, character.c, chartab.c, cmds.c, coding.c, data.c, dispnew.c:
* doc.c, editfns.c, emacs.c, eval.c, fileio.c, filelock.c, floatfns.c:
* fns.c, font.c, fontset.c, frame.c, image.c, indent.c:
* keyboard.c, keymap.c, lread.c:
* macros.c, marker.c, menu.c, minibuf.c, print.c, process.c, search.c:
* syntax.c, term.c, terminal.c, textprop.c, undo.c:
* window.c, xdisp.c, xfaces.c, xfns.c, xmenu.c, xsettings.c:
Mark functions with DEFUE instead of DEFUN,
if they are used in other modules.
* buffer.c (Fset_buffer_major_mode, Fdelete_overlay): New forward
decls for now-static functions.
* buffer.h (Fdelete_overlay): Remove decl.
* callproc.c (Fgetenv_internal): Mark as internal.
* composite.c (Fremove_list_of_text_properties): Remove decl.
(Fcomposition_get_gstring): New forward static decl.
* composite.h (Fcomposite_get_gstring): Remove decl.
* dired.c (Ffile_attributes): New forward static decl.
* doc.c (Fdocumntation_property): New forward static decl.
* eval.c (Ffetch_bytecode): New forward static decl.
(Funintern): Remove extern decl; now in .h file where it belongs.
* fileio.c (Fmake_symbolic_link): New forward static decl.
* image.c (Finit_image_library): New forward static decl.
* insdel.c (Fcombine_after_change_execute): Make forward decl static.
* intervals.h (Fprevious_property_change):
(Fremove_list_of_text_properties): Remove decls.
* keyboard.c (Fthis_command_keys): Remove decl.
(Fcommand_execute): New forward static decl.
* keymap.c (Flookup_key): New forward static decl.
(Fcopy_keymap): Now static.
* keymap.h (Flookup_key): Remove decl.
* process.c (Fget_process): New forward static decl.
(Fprocess_datagram_address): Mark as internal.
* syntax.c (Fsyntax_table_p): New forward static decl.
(skip_chars): Remove duplicate decl.
* textprop.c (Fprevious_property_change): New forward static decl.
* window.c (Fset_window_fringes, Fset_window_scroll_bars):
Now internal.
(Fset_window_margins, Fset_window_vscroll): New forward static decls.
* window.h (Fset_window_vscroll, Fset_window_margins): Remove decls.
Without this change, on typical 64-bit hosts error ("...%d...", N)
was used to print both 32- and 64-bit integers N, which relied on
undefined behavior.
* lisp.h, src/m/amdx86-64.h, src/m/ia64.h, src/m/ibms390x.h (pEd):
New macro.
* lisp.h (error, verror): Mark as printf-like functions.
* eval.c (verror): Use vsnprintf, not doprnt, to do the real work.
Report overflow in size calculations when allocating printf buffer.
Do not truncate output string at its first null byte.
* xdisp.c (vmessage): Use vsnprintf, not doprnt, to do the real work.
Truncate the output at a character boundary, since vsnprintf does not
do that.
* charset.c (check_iso_charset_parameter): Convert internal
character to string before calling 'error', since %c now has the
printf meaning.
* coding.c (Fdecode_sjis_char, Fdecode_big5_char): Avoid int
overflow when computing char to be passed to 'error'. Do not
pass Lisp_Object to 'error'; pass the integer instead.
* nsfns.m (Fns_do_applescript): Use int, not long, since it's
formatted with plain %d.
directly, rather than having caller test rule sign. This avoids
some unnecessary tests.
* composite.h (COMPOSITION_ENCODE_RULE_VALID): New macro.
(COMPOSITION_ENCODE_RULE): Arguments now must be valid. This
affects only one use, in DECODE_COMPOSITION_RULE, which is changed.
(DECODE_COMPOSITION_RULE): Remove 2nd arg, which is unused.
All callers changed.
(decode_coding_utf_8, decode_coding_utf_16 decode_coding_emacs_mule):
(decode_coding_iso_2022, encode_coding_sjis, encode_coding_big5):
(decode_coding_charset): Remove vars that are set but not used.
