From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#75322: SAFE_ALLOCA assumed to root Lisp_Objects/SSDATA(string) Date: Mon, 06 Jan 2025 17:12:53 +0200 Message-ID: <86h66c562y.fsf@gnu.org> References: <87jzbbke6u.fsf@protonmail.com> <87msg7iq0o.fsf@protonmail.com> <86ed1jf1tp.fsf@gnu.org> <865xmugawr.fsf@gnu.org> <8634hx8k1u.fsf@gnu.org> <86msg56to8.fsf@gnu.org> <86h66d6pw1.fsf@gnu.org> <4B76EB57-AA29-40BC-8361-0906E00A3578@dancol.org> <867c786quc.fsf@gnu.org> <87wmf8t2vq.fsf@dancol.org> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33056"; mail-complaints-to="usenet@ciao.gmane.io" Cc: gerd.moellmann@gmail.com, pipcet@protonmail.com, 75322@debbugs.gnu.org To: Daniel Colascione Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Jan 06 16:14:17 2025 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tUoo4-0008TX-NR for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 06 Jan 2025 16:14:17 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tUony-0001Na-JO; Mon, 06 Jan 2025 10:14:10 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tUonq-0001Mz-7j for bug-gnu-emacs@gnu.org; Mon, 06 Jan 2025 10:14:03 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tUonp-0003K8-Vm for bug-gnu-emacs@gnu.org; Mon, 06 Jan 2025 10:14:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=References:In-Reply-To:From:Date:To:Subject; bh=NGQ4xJ2MP8vShfuPNlShMVKondQZggQqhHiyMtt36Qw=; b=AaK27qIlJn1t0+3x5XMlxJUPT88QimuyY5LhR01hGHC1Hemq8i//v74kXiaQtlZpzqnVZdaQ27A9mlEHRP6AD23EeKpxBnpxUL7DHDGpbh4jvN+JPnG3+pKQJtiW9/Zz2DhanW7yRzGe0NJbgRpXGZzD429ppJar9SVpmkPpg0QvTXFKBTmy3QU0DbZUB1k4FUDHNywAhUeXCm4QDjrg0MGKe2r9RfLYE6f5z6NS/VKqwxGdX/DPePfYxwkss0ZJjLsqjDgvs6Io5yiEkeK3pGdfUWdlhyPEwQjGwXg1C4c/QYN/x9D5rUkCCgB6FgH4+UPcfblLOegc/74TLcvG4Q==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tUonp-0001ly-QY for bug-gnu-emacs@gnu.org; Mon, 06 Jan 2025 10:14:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 06 Jan 2025 15:14:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75322 X-GNU-PR-Package: emacs Original-Received: via spool by 75322-submit@debbugs.gnu.org id=B75322.17361763906719 (code B ref 75322); Mon, 06 Jan 2025 15:14:01 +0000 Original-Received: (at 75322) by debbugs.gnu.org; 6 Jan 2025 15:13:10 +0000 Original-Received: from localhost ([127.0.0.1]:39654 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tUomz-0001kJ-U8 for submit@debbugs.gnu.org; Mon, 06 Jan 2025 10:13:10 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:47026) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tUoms-0001jk-RV for 75322@debbugs.gnu.org; Mon, 06 Jan 2025 10:13:08 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tUomn-0003HF-Ij; Mon, 06 Jan 2025 10:12:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=NGQ4xJ2MP8vShfuPNlShMVKondQZggQqhHiyMtt36Qw=; b=kJYDyWkjuzlP ZSvAc4cu8R+y7ZLaP5KyNiBH7Nfz+EXv/Jc8iVcPgl0wck61l47Bdc8GlJwXdLNSz8xSAQAAA3e0C Npxf55U4xpzgSm3zIRHw6eGvvFIbtlVO+cmCbIVNKuYa8hHOmy/2jNR0cUGejeZNlLe3QXePIkyKq JX3V05SdinibnnOJeWPs9Kje7HsUprXT+afm9T2MLBCDqJOg9ZXyMsFWm0+Fm9SBz3UwyqYaSyqDR WliCnYenI1S4FkjlhUNkGFhWNvjJ5ThEhBeAVOKpwnyuxgEpywkt8erosNf1fPxBoIF8fF1okhT1V WNm/08bzn6B8cuVkCUTOqA==; In-Reply-To: <87wmf8t2vq.fsf@dancol.org> (message from Daniel Colascione on Mon, 06 Jan 2025 09:48:09 -0500) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:298673 Archived-At: > From: Daniel Colascione > Cc: gerd.moellmann@gmail.com, pipcet@protonmail.com, 75322@debbugs.gnu.org > Date: Mon, 06 Jan 2025 09:48:09 -0500 > > I wouldn't call it a "rewrite". If auditing the codebase for memory > safety is a "rewrite", I'm a "duck". We're talking about a few hundred > lines of changes at the most. Most of the work is just auditing the > code for problems. We should be grateful Gerd has done this work > already, not "run away from MPS, fast". I _am_ grateful to Gerd (and Helmut, and Pip, and others who work on this). I also invested a significant, albeit smaller, effort on my part into this branch. However, the potential amount of changes still bothers me. I understand it doesn't bother you, so I guess we disagree in our estimations. > > SAFE_NALLOCA (args2, 1, nargs + 1); > > args2[0] = Qcall_process; > > for (i = 0; i < nargs; i++) args2[i + 1] = args[i]; > > coding_systems = Ffind_operation_coding_system (nargs + 1, args2); > > val = CONSP (coding_systems) ? XCDR (coding_systems) : Qnil; > > > > "Look, ma: no pointers!" > > Lisp_Object val, *args2; > > In the C programming language, "*" means "pointer". Are we going to argue about pointers and arrays? > > So this code needs to be changed. > > The snippet you quoted above can be fixed with a one-liner --- replace > SAFE_NALLOCA with SAFE_ALLOCA_LISP. It's just one example, and there are many like it. So that one-liner is multiplied many times. And then we have variations, where args[] gets text of strings or some other similar stuff. Etc. etc. > > And if you look around, we have quite a lot of these in many places. > > Sounds like Gerd's spent some time hunting them down. Sure, but I'm afraid there are many more. > > We have almost 200 static > > Lisp_Object variables, probably not all of them staticpro'd (8 of them > > inside functions, like the above example, so definitely not > > staticpro'd). So now we need to examine the uses of all of them and > > either staticpro them or do something else (like move the assignment > > to 'last_coding' to after call_some_function). > > Changing eight variables from function statics to file statics hardly > seems like a monumental effort. After you found them, and after you know they should be changed, yes. It's easy to account for the knowns; the problem is always the unknowns. That's why most effort estimations are inaccurate. I wonder what are our unknowns here, and how many of them are there. > The static-storage global-scope > Lisp_Object variables are probably almost all gcproed already. Maybe. But someone needs to verify that, right?