From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#75322: SAFE_ALLOCA assumed to root Lisp_Objects/SSDATA(string)
Date: Sat, 04 Jan 2025 19:35:04 +0100
Message-ID: <m2jzbajulj.fsf@gmail.com>
References: <87jzbbke6u.fsf@protonmail.com> <m2sepzfzah.fsf@gmail.com>
 <m2o70nfxhc.fsf@gmail.com> <86sepzf4h3.fsf@gnu.org>
 <87a5c6j0qn.fsf@protonmail.com> <86jzbad735.fsf@gnu.org>
 <877c7aha9n.fsf@protonmail.com> <m2r05ik2yw.fsf@gmail.com>
 <86ttaebfwq.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="22243"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: pipcet@protonmail.com, 75322@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Jan 04 19:36:16 2025
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1tU90P-0005cY-RS
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 04 Jan 2025 19:36:13 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1tU90G-0007j0-P0; Sat, 04 Jan 2025 13:36:04 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tU90F-0007ij-Ih
 for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 13:36:03 -0500
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tU90F-0001B0-3Q
 for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 13:36:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:Date:References:In-Reply-To:From:To:Subject;
 bh=gMzBRWPq8OsdfqSUg/XE3GNWh3XhWiuB1ji8GGyD1DM=; 
 b=saFsT2QSrdD70E/ZRwx0gLFzSdT3Us0S6DidFtSnntwvvyyv4w3tLtfHNp+RspJtjEOJRpE0W6k4jq8tmnqstTKPTm13Zq3+MBaFm4XuBMtxAvDGin1z/gGBf1T5PPWgU3pBCDDs6Fl99QC5c87226x177M5QDgGSSxa2UdR1XGb4UuV6HiSMO/IxEz3JhVOHi9zJg4vUYiGXaCQyy4KjXFOZU7kz/otbx6NC+LLZLSaqzISI+PeQzMMvlf3brXqXqNbW4i7Z/5v8+tXmIqUzVVr4MfDi6Fh627KaIBYWSQFF6oSJBoSVq+/ZnnxnXvNCerENmF7PflJhrc8hV9oyw==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tU90E-0006XF-LN
 for bug-gnu-emacs@gnu.org; Sat, 04 Jan 2025 13:36:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= <gerd.moellmann@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 04 Jan 2025 18:36:02 +0000
Resent-Message-ID: <handler.75322.B75322.173601571725044@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 75322
X-GNU-PR-Package: emacs
Original-Received: via spool by 75322-submit@debbugs.gnu.org id=B75322.173601571725044
 (code B ref 75322); Sat, 04 Jan 2025 18:36:02 +0000
Original-Received: (at 75322) by debbugs.gnu.org; 4 Jan 2025 18:35:17 +0000
Original-Received: from localhost ([127.0.0.1]:57329 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tU8zV-0006VW-4F
 for submit@debbugs.gnu.org; Sat, 04 Jan 2025 13:35:17 -0500
Original-Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]:54552)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <gerd.moellmann@gmail.com>)
 id 1tU8zM-0006QE-R8
 for 75322@debbugs.gnu.org; Sat, 04 Jan 2025 13:35:14 -0500
Original-Received: by mail-wm1-x333.google.com with SMTP id
 5b1f17b1804b1-4361815b96cso87195535e9.1
 for <75322@debbugs.gnu.org>; Sat, 04 Jan 2025 10:35:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1736015707; x=1736620507; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=gMzBRWPq8OsdfqSUg/XE3GNWh3XhWiuB1ji8GGyD1DM=;
 b=N+ylbhuwyYK9i/lvvLuxuRD0DNfAGC/Cv+RGByku5jhGO+KKUW6gmQATxgivVntjcn
 0RY6x1wrh8lSXIeJ/ukQ4itdGD9gS5wVxeNmYk2DK0oC8RHjBAH4j6QmqgOH3WfDJf6Z
 bJpCVoYMBh2j/WZz8cJ7ymSP9rH7qHXX4eeLw8SnT11zoBC5Voa7w4O49u+FHEpu6VVU
 VGYTabUOyHXNx1lsQ2saAMSZt+2q9DX75wG+lfT/DoTKUhptGe3kbdCjTY1hw/zvVPut
 5w+7DbVshXtaojXz4+v64rFCEul7b6+XSp4u7oebc9K4ufhiaayJ0UR0Ldu1IpCFHcDS
 v1PQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1736015707; x=1736620507;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=gMzBRWPq8OsdfqSUg/XE3GNWh3XhWiuB1ji8GGyD1DM=;
 b=Z/Xifv4d6ZiJlXs93sjeEmHHWGFUAm1vxbe5avgzNRw4/+Xdt078UI7LC9lTDeqF95
 GG3iO4FNg94ITm0ZEtwaKw+QhYCnGwiFnVOvOACIQuJfDQycBeBeYsYVvzOyoaDYD3mq
 lEEc6uZoJnsvnf8p6JKCJRMFZ+kMTYkoDDL+X5sXRfTM8z77r35B+tl/nEjJqGKz2AeV
 a+PBmNihn/6+BOicT8ayWiyfQd0hbEAYvXOiOqiytXQJZRAH3gYIxBr3R33YexsimzNw
 IUETaH/sLlCkUhf7L8b0bMBJcUp/wq9ZxNxDudw6gxCbEWvzEo4l+fYawAZmJBBgb1nZ
 kWRg==
X-Forwarded-Encrypted: i=1;
 AJvYcCVdb2eUdcHZHYSRoz0IGenf9iX9MEK1mhr/1iv6GJEwmPJd5F3FbZJl/8owKuukBm4w9Taqow==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YwhDl2qcHAvMV/eelVzRZQr2X4guSxBQxtF+u2uveqUD1xYTjUb
 OR+vmOfrVCsyZS36UT4YpfloXgJwk1qjLcK2roBK51xTP0rImS3MSWvgww==
X-Gm-Gg: ASbGnctDOPxLpH8kQZt21BYCnXc45KqMhjGuqOgeFovv6QgJZ16k+IOBs4pyfCxv/52
 1wU62DZGC1HL3JWpM1oKUQTJw5RozmTSV0UviM4lSoUGMB3qmCQZcKW18l4+h0mZwsLs74SEB8q
 wU0mKBCOItqv5jEZ4UlVZi6Uyvgc1UQEbTvNU/iVKghr8jnPLobYCuYyeTpdP66NvnH+9i+D+OJ
 qeg7CsHYbY8waKzaYRlhrUmWx0CU4Y5G+Lj3Zvk2m3ERb3zxkFhEMaVT+rlHKFarsj2P9+tBXOU
 8o51NRvKS9lXtkpuFXaF/AARK+TWZoAw3tn5O1mdYDiinvQMfbs9i5ROqZKmJQY5kA==
X-Google-Smtp-Source: AGHT+IFmFjISTmI32pOIVkilFEzSgCT2+oqUtELqRxUyRqobAaajbWB3lt/cXpjcjbrz/3YjZyebug==
X-Received: by 2002:a05:600c:3c98:b0:431:6083:cd38 with SMTP id
 5b1f17b1804b1-4366854889amr424030725e9.6.1736015706420; 
 Sat, 04 Jan 2025 10:35:06 -0800 (PST)
Original-Received: from pro2 (p200300e0b73c9f00c50ae305bf989514.dip0.t-ipconnect.de.
 [2003:e0:b73c:9f00:c50a:e305:bf98:9514])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-38a1c8acb17sm43124620f8f.97.2025.01.04.10.35.04
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 04 Jan 2025 10:35:06 -0800 (PST)
In-Reply-To: <86ttaebfwq.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 04 Jan
 2025 20:19:33 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:298447
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/298447>

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Gerd M=C3=B6llmann <gerd.moellmann@gmail.com>
>> Cc: Eli Zaretskii <eliz@gnu.org>,  75322@debbugs.gnu.org
>> Date: Sat, 04 Jan 2025 16:34:15 +0100
>>=20
>> I'm entering a state of confusion again, as usual in this discussion.
>> Can we _pretty please_ just do the xstrdup thing, and forget about it?
>
> We could do that, but what does this mean for our protocol of using
> data from Lisp objects in libc and system calls?  Does it mean we
> cannot use SAFE_ALLOCA?  Does it mean we must always xstrdup every
> string and xmalloc every other object before calling some system API?
> Are Lisp strings safe when GC can strike, or aren't they?  What about
> Lisp vectors?  Etc. etc.
>
> We must figure out what are the safe and sound rules for doing this
> with MPS, like we had with the old GC.  Otherwise, we will be unable
> to write correct and sound code, and we'll be unable to audit code
> written by others.
>
> Right now, it doesn't seem to me like we have a clear idea of what's
> permitted and what's unsafe.=20=20

I'd say I have a clear idea.

> We are still arguing whether GC moves Lisp strings and what exactly
> does that mean. We still don't understand well enough what, if
> anything, are the problems with SAFE_ALLOCA and its ilk.=20

I can't believe you say that. We talked about why xmalloc'd memory
has to be a root if it contains references. SAFE_NALLOCA uses xnmalloc.
Safe_ALLOCA_LISP does things differently.

> We just established that ENCODE_FILE and ENCODE_SYSTEM can trigger GC,
> and didn't yet review the affected code. And there are many more
> places and calls to consider (e.g., do you know that redisplay could
> trigger GC when it calls character composition?).
>
> If we don't consider this stuff, if we just "do the xstrdup thing and
> forget about it", how can we continue cleaning up the igc branch and
> making its code more stable and reliable?  It doesn't sound wise to
> me.

I'll bow out of this discussion, sorry. This time for real :-).