/* emacs-module.c - Module loading and runtime implementation Copyright (C) 2015-2017 Free Software Foundation, Inc. This file is part of GNU Emacs. GNU Emacs is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. GNU Emacs is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Emacs. If not, see . */ #include #include "emacs-module.h" #include #include #include #include #include "lisp.h" #include "dynlib.h" #include "coding.h" #include "keyboard.h" #include "syssignal.h" #include "thread.h" #include #include /* We use different strategies for allocating the user-visible objects (struct emacs_runtime, emacs_env, emacs_value), depending on whether the user supplied the -module-assertions flag. If assertions are disabled, all objects are allocated from the stack. If assertions are enabled, all objects are allocated from the free store, and objects are never freed; this guarantees that they all have different addresses. We use that for checking which objects are live. Without unique addresses, we might consider some dead objects live because their addresses would have been reused in the meantime. */ /* Feature tests. */ #ifdef WINDOWSNT #include #include "w32term.h" #endif /* True if Lisp_Object and emacs_value have the same representation. This is typically true unless WIDE_EMACS_INT. In practice, having the same sizes and alignments and maximums should be a good enough proxy for equality of representation. */ enum { plain_values = (sizeof (Lisp_Object) == sizeof (emacs_value) && alignof (Lisp_Object) == alignof (emacs_value) && INTPTR_MAX == EMACS_INT_MAX) }; /* Function prototype for the module init function. */ typedef int (*emacs_init_function) (struct emacs_runtime *); /* Function prototype for module user-pointer finalizers. These should not throw C++ exceptions, so emacs-module.h declares the corresponding interfaces with EMACS_NOEXCEPT. There is only C code in this module, though, so this constraint is not enforced here. */ typedef void (*emacs_finalizer_function) (void *); /* Private runtime and environment members. */ /* The private part of an environment stores the current non local exit state and holds the `emacs_value' objects allocated during the lifetime of the environment. */ struct emacs_env_private { enum emacs_funcall_exit pending_non_local_exit; /* Dedicated storage for non-local exit symbol and data so that storage is always available for them, even in an out-of-memory situation. */ Lisp_Object non_local_exit_symbol, non_local_exit_data; /* List of values allocated from this environment. The code uses this only if the user gave the -module-assertions command-line option. */ Lisp_Object values; }; /* The private parts of an `emacs_runtime' object contain the initial environment. */ struct emacs_runtime_private { emacs_env *env; }; /* Forward declarations. */ static Lisp_Object value_to_lisp (emacs_value); static emacs_value lisp_to_value (emacs_env *, Lisp_Object); static enum emacs_funcall_exit module_non_local_exit_check (emacs_env *); static void module_assert_thread (void); static void module_assert_runtime (struct emacs_runtime *); static void module_assert_env (emacs_env *); static _Noreturn void module_abort (const char *format, ...) ATTRIBUTE_FORMAT_PRINTF(1, 2); static emacs_env *initialize_environment (emacs_env *, struct emacs_env_private *); static void finalize_environment (emacs_env *); static void finalize_environment_unwind (void *); static void finalize_runtime_unwind (void *); static void module_handle_signal (emacs_env *, Lisp_Object); static void module_handle_throw (emacs_env *, Lisp_Object); static void module_non_local_exit_signal_1 (emacs_env *, Lisp_Object, Lisp_Object); static void module_non_local_exit_throw_1 (emacs_env *, Lisp_Object, Lisp_Object); static void module_out_of_memory (emacs_env *); static void module_reset_handlerlist (struct handler *const *); /* We used to return NULL when emacs_value was a different type from Lisp_Object, but nowadays we just use Qnil instead. Although they happen to be the same thing in the current implementation, module code should not assume this. */ verify (NIL_IS_ZERO); static emacs_value const module_nil = 0; static bool module_assertions = false; static emacs_env *global_env; static struct emacs_env_private global_env_private; /* Convenience macros for non-local exit handling. */ /* FIXME: The following implementation for non-local exit handling does not support recovery from stack overflow, see sysdep.c. */ /* Emacs uses setjmp and longjmp for non-local exits, but module frames cannot be skipped because they are in general not prepared for long jumps (e.g., the behavior in C++ is undefined if objects with nontrivial destructors would be skipped). Therefore, catch all non-local exits. There are two kinds of non-local exits: `signal' and `throw'. The macros in this section can be used to catch both. Use macros to avoid additional variants of `internal_condition_case' etc., and to avoid worrying about passing information to the handler functions. */ /* Place this macro at the beginning of a function returning a number or a pointer to handle non-local exits. The function must have an ENV parameter. The function will return the specified value if a signal or throw is caught. */ /* TODO: Have Fsignal check for CATCHER_ALL so we only have to install one handler. */ #define MODULE_HANDLE_NONLOCAL_EXIT(retval) \ MODULE_SETJMP (CONDITION_CASE, module_handle_signal, retval); \ MODULE_SETJMP (CATCHER_ALL, module_handle_throw, retval) #define MODULE_SETJMP(handlertype, handlerfunc, retval) \ MODULE_SETJMP_1 (handlertype, handlerfunc, retval, \ internal_handler_##handlertype, \ internal_cleanup_##handlertype) /* It is very important that pushing the handler doesn't itself raise a signal. Install the cleanup only after the handler has been pushed. Use __attribute__ ((cleanup)) to avoid non-local-exit-prone manual cleanup. The do-while forces uses of the macro to be followed by a semicolon. This macro cannot enclose its entire body inside a do-while, as the code after the macro may longjmp back into the macro, which means its local variable C must stay live in later code. */ /* TODO: Make backtraces work if this macros is used. */ #define MODULE_SETJMP_1(handlertype, handlerfunc, retval, c0, c) \ if (module_non_local_exit_check (env) != emacs_funcall_exit_return) \ return retval; \ struct handler *c0 = push_handler_nosignal (Qt, handlertype); \ if (!c0) \ { \ module_out_of_memory (env); \ return retval; \ } \ verify (__has_attribute (cleanup)); \ struct handler *c __attribute__ ((cleanup (module_reset_handlerlist))) \ = c0; \ if (sys_setjmp (c->jmp)) \ { \ (handlerfunc) (env, c->val); \ return retval; \ } \ do { } while (false) /* Implementation of runtime and environment functions. These should abide by the following rules: 1. The first argument should always be a pointer to emacs_env. 2. Each function should first call check_thread. Note that this function is a no-op unless Emacs was built with --enable-checking. 3. The very next thing each function should do is check that the emacs_env object does not have a non-local exit indication set, by calling module_non_local_exit_check. If that returns anything but emacs_funcall_exit_return, the function should do nothing and return immediately with an error indication, without clobbering the existing error indication in emacs_env. This is needed for correct reporting of Lisp errors to the Emacs Lisp interpreter. 4. Any function that needs to call Emacs facilities, such as encoding or decoding functions, or 'intern', or 'make_string', should protect itself from signals and 'throw' in the called Emacs functions, by placing the macro MODULE_HANDLE_NONLOCAL_EXIT right after the above 2 tests. 5. Do NOT use 'eassert' for checking validity of user code in the module. Instead, make those checks part of the code, and if the check fails, call 'module_non_local_exit_signal_1' or 'module_non_local_exit_throw_1' to report the error. This is because using 'eassert' in these situations will abort Emacs instead of reporting the error back to Lisp, and also because 'eassert' is compiled to nothing in the release version. */ /* Use MODULE_FUNCTION_BEGIN_NO_CATCH to implement steps 2 and 3 for environment functions that are known to never exit non-locally. On error it will return its argument, which can be a sentinel value. */ #define MODULE_FUNCTION_BEGIN_NO_CATCH(error_retval) \ do { \ module_assert_thread (); \ module_assert_env (env); \ if (module_non_local_exit_check (env) != emacs_funcall_exit_return) \ return error_retval; \ } while (false) /* Use MODULE_FUNCTION_BEGIN to implement steps 2 through 4 for most environment functions. On error it will return its argument, which can be a sentinel value. */ #define MODULE_FUNCTION_BEGIN(error_retval) \ MODULE_FUNCTION_BEGIN_NO_CATCH (error_retval); \ MODULE_HANDLE_NONLOCAL_EXIT (error_retval) static void CHECK_USER_PTR (Lisp_Object obj) { CHECK_TYPE (USER_PTRP (obj), Quser_ptrp, obj); } /* Catch signals and throws only if the code can actually signal or throw. If checking is enabled, abort if the current thread is not the Emacs main thread. */ static emacs_env * module_get_environment (struct emacs_runtime *ert) { module_assert_thread (); module_assert_runtime (ert); return ert->private_members->env; } /* To make global refs (GC-protected global values) keep a hash that maps global Lisp objects to reference counts. */ static emacs_value module_make_global_ref (emacs_env *env, emacs_value ref) { MODULE_FUNCTION_BEGIN (module_nil); struct Lisp_Hash_Table *h = XHASH_TABLE (Vmodule_refs_hash); Lisp_Object new_obj = value_to_lisp (ref); EMACS_UINT hashcode; ptrdiff_t i = hash_lookup (h, new_obj, &hashcode); if (i >= 0) { Lisp_Object value = HASH_VALUE (h, i); EMACS_INT refcount = XFASTINT (value) + 1; if (MOST_POSITIVE_FIXNUM < refcount) xsignal0 (Qoverflow_error); value = make_natnum (refcount); set_hash_value_slot (h, i, value); } else { hash_put (h, new_obj, make_natnum (1), hashcode); } return lisp_to_value (module_assertions ? global_env : env, new_obj); } static void module_free_global_ref (emacs_env *env, emacs_value ref) { /* TODO: This probably never signals. */ /* FIXME: Wait a minute. Shouldn't this function report an error if the hash lookup fails? */ MODULE_FUNCTION_BEGIN (); struct Lisp_Hash_Table *h = XHASH_TABLE (Vmodule_refs_hash); Lisp_Object obj = value_to_lisp (ref); EMACS_UINT hashcode; ptrdiff_t i = hash_lookup (h, obj, &hashcode); if (i >= 0) { Lisp_Object value = HASH_VALUE (h, i); EMACS_INT refcount = XFASTINT (value) - 1; if (refcount > 0) { value = make_natnum (refcount); set_hash_value_slot (h, i, value); } else hash_remove_from_table (h, value); } if (module_assertions) { Lisp_Object globals = global_env_private.values; Lisp_Object prev = Qnil; ptrdiff_t count = 0; for (Lisp_Object tail = global_env_private.values; CONSP (tail); tail = XCDR (tail)) { emacs_value global = XSAVE_POINTER (XCAR (globals), 0); if (global == ref) { if (NILP (prev)) global_env_private.values = XCDR (globals); else XSETCDR (prev, XCDR (globals)); return; } ++count; prev = globals; } module_abort ("Global value was not found in list of %"pD"d globals", count); } } static enum emacs_funcall_exit module_non_local_exit_check (emacs_env *env) { module_assert_thread (); module_assert_env (env); return env->private_members->pending_non_local_exit; } static void module_non_local_exit_clear (emacs_env *env) { module_assert_thread (); module_assert_env (env); env->private_members->pending_non_local_exit = emacs_funcall_exit_return; } static enum emacs_funcall_exit module_non_local_exit_get (emacs_env *env, emacs_value *sym, emacs_value *data) { module_assert_thread (); module_assert_env (env); struct emacs_env_private *p = env->private_members; if (p->pending_non_local_exit != emacs_funcall_exit_return) { /* FIXME: lisp_to_value can exit non-locally. */ *sym = lisp_to_value (env, p->non_local_exit_symbol); *data = lisp_to_value (env, p->non_local_exit_data); } return p->pending_non_local_exit; } /* Like for `signal', DATA must be a list. */ static void module_non_local_exit_signal (emacs_env *env, emacs_value sym, emacs_value data) { module_assert_thread (); module_assert_env (env); if (module_non_local_exit_check (env) == emacs_funcall_exit_return) module_non_local_exit_signal_1 (env, value_to_lisp (sym), value_to_lisp (data)); } static void module_non_local_exit_throw (emacs_env *env, emacs_value tag, emacs_value value) { module_assert_thread (); module_assert_env (env); if (module_non_local_exit_check (env) == emacs_funcall_exit_return) module_non_local_exit_throw_1 (env, value_to_lisp (tag), value_to_lisp (value)); } static struct Lisp_Module_Function * allocate_module_function (void) { return ALLOCATE_PSEUDOVECTOR (struct Lisp_Module_Function, min_arity, PVEC_MODULE_FUNCTION); } #define XSET_MODULE_FUNCTION(var, ptr) \ XSETPSEUDOVECTOR (var, ptr, PVEC_MODULE_FUNCTION) /* A module function is a pseudovector of subtype PVEC_MODULE_FUNCTION; see lisp.h for the definition. */ static emacs_value module_make_function (emacs_env *env, ptrdiff_t min_arity, ptrdiff_t max_arity, emacs_subr subr, const char *documentation, void *data) { MODULE_FUNCTION_BEGIN (module_nil); if (! (0 <= min_arity && (max_arity < 0 ? (min_arity <= MOST_POSITIVE_FIXNUM && max_arity == emacs_variadic_function) : min_arity <= max_arity && max_arity <= MOST_POSITIVE_FIXNUM))) xsignal2 (Qinvalid_arity, make_number (min_arity), make_number (max_arity)); struct Lisp_Module_Function *function = allocate_module_function (); function->min_arity = min_arity; function->max_arity = max_arity; function->subr = subr; function->data = data; if (documentation) { AUTO_STRING (unibyte_doc, documentation); function->documentation = code_convert_string_norecord (unibyte_doc, Qutf_8, false); } Lisp_Object result; XSET_MODULE_FUNCTION (result, function); eassert (MODULE_FUNCTIONP (result)); return lisp_to_value (env, result); } static emacs_value module_funcall (emacs_env *env, emacs_value fun, ptrdiff_t nargs, emacs_value args[]) { MODULE_FUNCTION_BEGIN (module_nil); /* Make a new Lisp_Object array starting with the function as the first arg, because that's what Ffuncall takes. */ Lisp_Object *newargs; USE_SAFE_ALLOCA; ptrdiff_t nargs1; if (INT_ADD_WRAPV (nargs, 1, &nargs1)) xsignal0 (Qoverflow_error); SAFE_ALLOCA_LISP (newargs, nargs1); newargs[0] = value_to_lisp (fun); for (ptrdiff_t i = 0; i < nargs; i++) newargs[1 + i] = value_to_lisp (args[i]); emacs_value result = lisp_to_value (env, Ffuncall (nargs1, newargs)); SAFE_FREE (); return result; } static emacs_value module_intern (emacs_env *env, const char *name) { MODULE_FUNCTION_BEGIN (module_nil); return lisp_to_value (env, intern (name)); } static emacs_value module_type_of (emacs_env *env, emacs_value value) { MODULE_FUNCTION_BEGIN (module_nil); return lisp_to_value (env, Ftype_of (value_to_lisp (value))); } static bool module_is_not_nil (emacs_env *env, emacs_value value) { MODULE_FUNCTION_BEGIN_NO_CATCH (false); return ! NILP (value_to_lisp (value)); } static bool module_eq (emacs_env *env, emacs_value a, emacs_value b) { MODULE_FUNCTION_BEGIN_NO_CATCH (false); return EQ (value_to_lisp (a), value_to_lisp (b)); } static intmax_t module_extract_integer (emacs_env *env, emacs_value n) { MODULE_FUNCTION_BEGIN (0); Lisp_Object l = value_to_lisp (n); CHECK_NUMBER (l); return XINT (l); } static emacs_value module_make_integer (emacs_env *env, intmax_t n) { MODULE_FUNCTION_BEGIN (module_nil); if (FIXNUM_OVERFLOW_P (n)) xsignal0 (Qoverflow_error); return lisp_to_value (env, make_number (n)); } static double module_extract_float (emacs_env *env, emacs_value f) { MODULE_FUNCTION_BEGIN (0); Lisp_Object lisp = value_to_lisp (f); CHECK_TYPE (FLOATP (lisp), Qfloatp, lisp); return XFLOAT_DATA (lisp); } static emacs_value module_make_float (emacs_env *env, double d) { MODULE_FUNCTION_BEGIN (module_nil); return lisp_to_value (env, make_float (d)); } static bool module_copy_string_contents (emacs_env *env, emacs_value value, char *buffer, ptrdiff_t *length) { MODULE_FUNCTION_BEGIN (false); Lisp_Object lisp_str = value_to_lisp (value); CHECK_STRING (lisp_str); Lisp_Object lisp_str_utf8 = ENCODE_UTF_8 (lisp_str); ptrdiff_t raw_size = SBYTES (lisp_str_utf8); ptrdiff_t required_buf_size = raw_size + 1; if (buffer == NULL) { *length = required_buf_size; return true; } if (*length < required_buf_size) { *length = required_buf_size; xsignal0 (Qargs_out_of_range); } *length = required_buf_size; memcpy (buffer, SDATA (lisp_str_utf8), raw_size + 1); return true; } static emacs_value module_make_string (emacs_env *env, const char *str, ptrdiff_t length) { MODULE_FUNCTION_BEGIN (module_nil); if (! (0 <= length && length <= STRING_BYTES_BOUND)) xsignal0 (Qoverflow_error); AUTO_STRING_WITH_LEN (lstr, str, length); return lisp_to_value (env, code_convert_string_norecord (lstr, Qutf_8, false)); } static emacs_value module_make_user_ptr (emacs_env *env, emacs_finalizer_function fin, void *ptr) { MODULE_FUNCTION_BEGIN (module_nil); return lisp_to_value (env, make_user_ptr (fin, ptr)); } static void * module_get_user_ptr (emacs_env *env, emacs_value uptr) { MODULE_FUNCTION_BEGIN (NULL); Lisp_Object lisp = value_to_lisp (uptr); CHECK_USER_PTR (lisp); return XUSER_PTR (lisp)->p; } static void module_set_user_ptr (emacs_env *env, emacs_value uptr, void *ptr) { /* FIXME: This function should return bool because it can fail. */ MODULE_FUNCTION_BEGIN (); Lisp_Object lisp = value_to_lisp (uptr); CHECK_USER_PTR (lisp); XUSER_PTR (lisp)->p = ptr; } static emacs_finalizer_function module_get_user_finalizer (emacs_env *env, emacs_value uptr) { MODULE_FUNCTION_BEGIN (NULL); Lisp_Object lisp = value_to_lisp (uptr); CHECK_USER_PTR (lisp); return XUSER_PTR (lisp)->finalizer; } static void module_set_user_finalizer (emacs_env *env, emacs_value uptr, emacs_finalizer_function fin) { /* FIXME: This function should return bool because it can fail. */ MODULE_FUNCTION_BEGIN (); Lisp_Object lisp = value_to_lisp (uptr); CHECK_USER_PTR (lisp); XUSER_PTR (lisp)->finalizer = fin; } static void check_vec_index (Lisp_Object lvec, ptrdiff_t i) { CHECK_VECTOR (lvec); if (! (0 <= i && i < ASIZE (lvec))) args_out_of_range_3 (make_fixnum_or_float (i), make_number (0), make_number (ASIZE (lvec) - 1)); } static void module_vec_set (emacs_env *env, emacs_value vec, ptrdiff_t i, emacs_value val) { /* FIXME: This function should return bool because it can fail. */ MODULE_FUNCTION_BEGIN (); Lisp_Object lvec = value_to_lisp (vec); check_vec_index (lvec, i); ASET (lvec, i, value_to_lisp (val)); } static emacs_value module_vec_get (emacs_env *env, emacs_value vec, ptrdiff_t i) { MODULE_FUNCTION_BEGIN (module_nil); Lisp_Object lvec = value_to_lisp (vec); check_vec_index (lvec, i); return lisp_to_value (env, AREF (lvec, i)); } static ptrdiff_t module_vec_size (emacs_env *env, emacs_value vec) { /* FIXME: Return a sentinel value (e.g., -1) on error. */ MODULE_FUNCTION_BEGIN (0); Lisp_Object lvec = value_to_lisp (vec); CHECK_VECTOR (lvec); return ASIZE (lvec); } /* This function should return true if and only if maybe_quit would do anything. */ static bool module_should_quit (emacs_env *env) { MODULE_FUNCTION_BEGIN_NO_CATCH (false); return (! NILP (Vquit_flag) && NILP (Vinhibit_quit)) || pending_signals; } /* Subroutines. */ static void module_signal_or_throw (struct emacs_env_private *env) { switch (env->pending_non_local_exit) { case emacs_funcall_exit_return: return; case emacs_funcall_exit_signal: xsignal (env->non_local_exit_symbol, env->non_local_exit_data); case emacs_funcall_exit_throw: Fthrow (env->non_local_exit_symbol, env->non_local_exit_data); default: eassume (false); } } DEFUN ("module-load", Fmodule_load, Smodule_load, 1, 1, 0, doc: /* Load module FILE. */) (Lisp_Object file) { dynlib_handle_ptr handle; emacs_init_function module_init; void *gpl_sym; CHECK_STRING (file); handle = dynlib_open (SSDATA (file)); if (!handle) xsignal2 (Qmodule_open_failed, file, build_string (dynlib_error ())); gpl_sym = dynlib_sym (handle, "plugin_is_GPL_compatible"); if (!gpl_sym) xsignal1 (Qmodule_not_gpl_compatible, file); module_init = (emacs_init_function) dynlib_func (handle, "emacs_module_init"); if (!module_init) xsignal1 (Qmissing_module_init_function, file); struct emacs_runtime rt_pub; struct emacs_runtime_private rt_priv; emacs_env env_pub; struct emacs_env_private env_priv; rt_priv.env = initialize_environment (&env_pub, &env_priv); /* If we should use module assertions, reallocate the runtime object from the free store, but never free it. That way the addresses for two different runtime objects are guaranteed to be distinct, which we can use for checking the liveness of runtime pointers. */ struct emacs_runtime *rt = module_assertions ? xmalloc (sizeof *rt) : &rt_pub; rt->size = sizeof *rt; rt->private_members = &rt_priv; rt->get_environment = module_get_environment; Vmodule_runtimes = Fcons (make_save_ptr (rt), Vmodule_runtimes); ptrdiff_t count = SPECPDL_INDEX (); record_unwind_protect_ptr (finalize_runtime_unwind, rt); int r = module_init (rt); /* Process the quit flag first, so that quitting doesn't get overridden by other non-local exits. */ maybe_quit (); if (r != 0) { if (FIXNUM_OVERFLOW_P (r)) xsignal0 (Qoverflow_error); xsignal2 (Qmodule_init_failed, file, make_number (r)); } module_signal_or_throw (&env_priv); return unbind_to (count, Qt); } Lisp_Object funcall_module (Lisp_Object function, ptrdiff_t nargs, Lisp_Object *arglist) { const struct Lisp_Module_Function *func = XMODULE_FUNCTION (function); eassume (0 <= func->min_arity); if (! (func->min_arity <= nargs && (func->max_arity < 0 || nargs <= func->max_arity))) xsignal2 (Qwrong_number_of_arguments, function, make_number (nargs)); emacs_env pub; struct emacs_env_private priv; emacs_env *env = initialize_environment (&pub, &priv); ptrdiff_t count = SPECPDL_INDEX (); record_unwind_protect_ptr (finalize_environment_unwind, env); USE_SAFE_ALLOCA; ATTRIBUTE_MAY_ALIAS emacs_value *args; if (plain_values && ! module_assertions) args = (emacs_value *) arglist; else { args = SAFE_ALLOCA (nargs * sizeof *args); for (ptrdiff_t i = 0; i < nargs; i++) args[i] = lisp_to_value (env, arglist[i]); } emacs_value ret = func->subr (env, nargs, args, func->data); SAFE_FREE (); eassert (&priv == env->private_members); /* Process the quit flag first, so that quitting doesn't get overridden by other non-local exits. */ maybe_quit (); module_signal_or_throw (&priv); return unbind_to (count, value_to_lisp (ret)); } Lisp_Object module_function_arity (const struct Lisp_Module_Function *const function) { ptrdiff_t minargs = function->min_arity; ptrdiff_t maxargs = function->max_arity; return Fcons (make_number (minargs), maxargs == MANY ? Qmany : make_number (maxargs)); } /* Helper functions. */ static bool in_current_thread (void) { if (current_thread == NULL) return false; #ifdef HAVE_PTHREAD return pthread_equal (pthread_self (), current_thread->thread_id); #elif defined WINDOWSNT return GetCurrentThreadId () == current_thread->thread_id; #endif } static void module_assert_thread (void) { if (! module_assertions || in_current_thread ()) return; module_abort ("Module function called from outside the current Lisp thread"); } static void module_assert_runtime (struct emacs_runtime *ert) { if (! module_assertions) return; ptrdiff_t count = 0; for (Lisp_Object tail = Vmodule_runtimes; CONSP (tail); tail = XCDR (tail)) { if (XSAVE_POINTER (XCAR (tail), 0) == ert) return; ++count; } module_abort ("Runtime pointer not found in list of %"pD"d runtimes", count); } static void module_assert_env (emacs_env *env) { if (! module_assertions) return; ptrdiff_t count = 0; for (Lisp_Object tail = Vmodule_environments; CONSP (tail); tail = XCDR (tail)) { if (XSAVE_POINTER (XCAR (tail), 0) == env) return; ++count; } module_abort ("Environment pointer not found in list of %"pD"d environments", count); } static void module_non_local_exit_signal_1 (emacs_env *env, Lisp_Object sym, Lisp_Object data) { struct emacs_env_private *p = env->private_members; if (p->pending_non_local_exit == emacs_funcall_exit_return) { p->pending_non_local_exit = emacs_funcall_exit_signal; p->non_local_exit_symbol = sym; p->non_local_exit_data = data; } } static void module_non_local_exit_throw_1 (emacs_env *env, Lisp_Object tag, Lisp_Object value) { struct emacs_env_private *p = env->private_members; if (p->pending_non_local_exit == emacs_funcall_exit_return) { p->pending_non_local_exit = emacs_funcall_exit_throw; p->non_local_exit_symbol = tag; p->non_local_exit_data = value; } } /* Signal an out-of-memory condition to the caller. */ static void module_out_of_memory (emacs_env *env) { /* TODO: Reimplement this so it works even if memory-signal-data has been modified. */ module_non_local_exit_signal_1 (env, XCAR (Vmemory_signal_data), XCDR (Vmemory_signal_data)); } /* Value conversion. */ /* We represent Lisp objects differently depending on whether the user gave -module-assertions. If assertions are disabled, emacs_value objects are Lisp_Objects cast to emacs_value. If assertions are enabled, emacs_value objects are pointers to Lisp_Object objects allocated from the free store; they are never freed, which ensures that their addresses are unique and can be used for liveness checking. */ /* Unique Lisp_Object used to mark those emacs_values which are really just containers holding a Lisp_Object that does not fit as an emacs_value, either because it is an integer out of range, or is not properly aligned. Used only if !plain_values. */ static Lisp_Object ltv_mark; /* Convert V to the corresponding internal object O, such that V == lisp_to_value_bits (O). Never fails. */ static Lisp_Object value_to_lisp_bits (emacs_value v) { intptr_t i = (intptr_t) v; if (plain_values || USE_LSB_TAG) return XIL (i); /* With wide EMACS_INT and when tag bits are the most significant, reassembling integers differs from reassembling pointers in two ways. First, save and restore the least-significant bits of the integer, not the most-significant bits. Second, sign-extend the integer when restoring, but zero-extend pointers because that makes TAG_PTR faster. */ EMACS_UINT tag = i & (GCALIGNMENT - 1); EMACS_UINT untagged = i - tag; switch (tag) { case_Lisp_Int: { bool negative = tag & 1; EMACS_UINT sign_extension = negative ? VALMASK & ~(INTPTR_MAX >> INTTYPEBITS): 0; uintptr_t u = i; intptr_t all_but_sign = u >> GCTYPEBITS; untagged = sign_extension + all_but_sign; break; } } return XIL ((tag << VALBITS) + untagged); } /* If V was computed from lisp_to_value (O), then return O. Exits non-locally only if the stack overflows. */ static Lisp_Object value_to_lisp (emacs_value v) { if (module_assertions) { /* Check the liveness of the value by iterating over all live environments. */ void *vptr = v; ATTRIBUTE_MAY_ALIAS Lisp_Object *optr = vptr; ptrdiff_t num_environments = 0; ptrdiff_t num_values = 0; for (Lisp_Object environments = Vmodule_environments; CONSP (environments); environments = XCDR (environments)) { emacs_env *env = XSAVE_POINTER (XCAR (environments), 0); for (Lisp_Object values = env->private_members->values; CONSP (values); values = XCDR (values)) { Lisp_Object *p = XSAVE_POINTER (XCAR (values), 0); if (p == optr) return *p; ++num_values; } ++num_environments; } module_abort (("Emacs value not found in %"pD"d values " "of %"pD"d environments"), num_values, num_environments); } Lisp_Object o = value_to_lisp_bits (v); if (! plain_values && CONSP (o) && EQ (XCDR (o), ltv_mark)) o = XCAR (o); return o; } /* Attempt to convert O to an emacs_value. Do not do any checking or or allocate any storage; the caller should prevent or detect any resulting bit pattern that is not a valid emacs_value. */ static emacs_value lisp_to_value_bits (Lisp_Object o) { EMACS_UINT u = XLI (o); /* Compress U into the space of a pointer, possibly losing information. */ uintptr_t p = (plain_values || USE_LSB_TAG ? u : (INTEGERP (o) ? u << VALBITS : u & VALMASK) + XTYPE (o)); return (emacs_value) p; } #ifndef HAVE_STRUCT_ATTRIBUTE_ALIGNED enum { HAVE_STRUCT_ATTRIBUTE_ALIGNED = 0 }; #endif /* Convert O to an emacs_value. Allocate storage if needed; this can signal if memory is exhausted. Must be an injective function. */ static emacs_value lisp_to_value (emacs_env *env, Lisp_Object o) { if (module_assertions) { /* Add the new value to the list of values allocated from this environment. The value is actually a pointer to the Lisp_Object cast to emacs_value. We make a copy of the object on the free store to guarantee unique addresses. */ ATTRIBUTE_MAY_ALIAS Lisp_Object *optr = xmalloc (sizeof o); *optr = o; void *vptr = optr; ATTRIBUTE_MAY_ALIAS emacs_value ret = vptr; struct emacs_env_private *priv = env->private_members; priv->values = Fcons (make_save_ptr (ret), priv->values); return ret; } emacs_value v = lisp_to_value_bits (o); if (! EQ (o, value_to_lisp_bits (v))) { /* Package the incompressible object pointer inside a pair that is compressible. */ Lisp_Object pair = Fcons (o, ltv_mark); if (! HAVE_STRUCT_ATTRIBUTE_ALIGNED) { /* Keep calling Fcons until it returns a compressible pair. This shouldn't take long. */ while ((intptr_t) XCONS (pair) & (GCALIGNMENT - 1)) pair = Fcons (o, pair); /* Plant the mark. The garbage collector will eventually reclaim any just-allocated incompressible pairs. */ XSETCDR (pair, ltv_mark); } v = (emacs_value) ((intptr_t) XCONS (pair) + Lisp_Cons); } eassert (EQ (o, value_to_lisp (v))); return v; } /* Environment lifetime management. */ /* Must be called before the environment can be used. Returns another pointer that callers should use instead of the ENV argument. If module assertions are disabled, the return value is ENV. If module assertions are enabled, the return value points to a heap-allocated object. That object is never freed to guarantee unique addresses. */ static emacs_env * initialize_environment (emacs_env *env, struct emacs_env_private *priv) { if (module_assertions) env = xmalloc (sizeof *env); priv->pending_non_local_exit = emacs_funcall_exit_return; priv->values = priv->non_local_exit_symbol = priv->non_local_exit_data = Qnil; env->size = sizeof *env; env->private_members = priv; env->make_global_ref = module_make_global_ref; env->free_global_ref = module_free_global_ref; env->non_local_exit_check = module_non_local_exit_check; env->non_local_exit_clear = module_non_local_exit_clear; env->non_local_exit_get = module_non_local_exit_get; env->non_local_exit_signal = module_non_local_exit_signal; env->non_local_exit_throw = module_non_local_exit_throw; env->make_function = module_make_function; env->funcall = module_funcall; env->intern = module_intern; env->type_of = module_type_of; env->is_not_nil = module_is_not_nil; env->eq = module_eq; env->extract_integer = module_extract_integer; env->make_integer = module_make_integer; env->extract_float = module_extract_float; env->make_float = module_make_float; env->copy_string_contents = module_copy_string_contents; env->make_string = module_make_string; env->make_user_ptr = module_make_user_ptr; env->get_user_ptr = module_get_user_ptr; env->set_user_ptr = module_set_user_ptr; env->get_user_finalizer = module_get_user_finalizer; env->set_user_finalizer = module_set_user_finalizer; env->vec_set = module_vec_set; env->vec_get = module_vec_get; env->vec_size = module_vec_size; env->should_quit = module_should_quit; Vmodule_environments = Fcons (make_save_ptr (env), Vmodule_environments); return env; } /* Must be called before the lifetime of the environment object ends. */ static void finalize_environment (emacs_env *env) { eassert (XSAVE_POINTER (XCAR (Vmodule_environments), 0) == env); Vmodule_environments = XCDR (Vmodule_environments); if (module_assertions) /* There is always at least the global environment. */ eassert (CONSP (Vmodule_environments)); } static void finalize_environment_unwind (void *env) { finalize_environment (env); } static void finalize_runtime_unwind (void* raw_ert) { struct emacs_runtime *ert = raw_ert; eassert (XSAVE_POINTER (XCAR (Vmodule_runtimes), 0) == ert); Vmodule_runtimes = XCDR (Vmodule_runtimes); finalize_environment (ert->private_members->env); } void mark_modules (void) { for (Lisp_Object tail = Vmodule_environments; CONSP (tail); tail = XCDR (tail)) { emacs_env *env = XSAVE_POINTER (XCAR (tail), 0); struct emacs_env_private *priv = env->private_members; mark_object (priv->non_local_exit_symbol); mark_object (priv->non_local_exit_data); mark_object (priv->values); } } /* Non-local exit handling. */ /* Must be called after setting up a handler immediately before returning from the function. See the comments in lisp.h and the code in eval.c for details. The macros below arrange for this function to be called automatically. PHANDLERLIST points to a word containing the handler list, for sanity checking. */ static void module_reset_handlerlist (struct handler *const *phandlerlist) { eassert (handlerlist == *phandlerlist); handlerlist = handlerlist->next; } /* Called on `signal'. ERR is a pair (SYMBOL . DATA), which gets stored in the environment. Set the pending non-local exit flag. */ static void module_handle_signal (emacs_env *env, Lisp_Object err) { module_non_local_exit_signal_1 (env, XCAR (err), XCDR (err)); } /* Called on `throw'. TAG_VAL is a pair (TAG . VALUE), which gets stored in the environment. Set the pending non-local exit flag. */ static void module_handle_throw (emacs_env *env, Lisp_Object tag_val) { module_non_local_exit_throw_1 (env, XCAR (tag_val), XCDR (tag_val)); } /* Support for assertions. */ void init_module_assertions (bool enable) { module_assertions = enable; if (enable) { /* We use a hidden environment for storing the globals. This environment is never freed. */ emacs_env env; global_env = initialize_environment (&env, &global_env_private); eassert (global_env != &env); } } static _Noreturn void ATTRIBUTE_FORMAT_PRINTF(1, 2) module_abort (const char *format, ...) { fputs ("Emacs module assertion: ", stderr); va_list args; va_start (args, format); vfprintf (stderr, format, args); va_end (args); putc ('\n', stderr); fflush (NULL); emacs_abort (); } /* Segment initializer. */ void syms_of_module (void) { if (!plain_values) ltv_mark = Fcons (Qnil, Qnil); eassert (NILP (value_to_lisp (module_nil))); DEFSYM (Qmodule_refs_hash, "module-refs-hash"); DEFVAR_LISP ("module-refs-hash", Vmodule_refs_hash, doc: /* Module global reference table. */); Vmodule_refs_hash = make_hash_table (hashtest_eq, DEFAULT_HASH_SIZE, DEFAULT_REHASH_SIZE, DEFAULT_REHASH_THRESHOLD, Qnil, false); Funintern (Qmodule_refs_hash, Qnil); DEFSYM (Qmodule_runtimes, "module-runtimes"); DEFVAR_LISP ("module-runtimes", Vmodule_runtimes, doc: /* List of active module runtimes. */); Vmodule_runtimes = Qnil; /* Unintern `module-runtimes' because it is only used internally. */ Funintern (Qmodule_runtimes, Qnil); DEFSYM (Qmodule_environments, "module-environments"); DEFVAR_LISP ("module-environments", Vmodule_environments, doc: /* List of active module environments. */); Vmodule_environments = Qnil; /* Unintern `module-environments' because it is only used internally. */ Funintern (Qmodule_environments, Qnil); DEFSYM (Qmodule_load_failed, "module-load-failed"); Fput (Qmodule_load_failed, Qerror_conditions, listn (CONSTYPE_PURE, 2, Qmodule_load_failed, Qerror)); Fput (Qmodule_load_failed, Qerror_message, build_pure_c_string ("Module load failed")); DEFSYM (Qmodule_open_failed, "module-open-failed"); Fput (Qmodule_open_failed, Qerror_conditions, listn (CONSTYPE_PURE, 3, Qmodule_open_failed, Qmodule_load_failed, Qerror)); Fput (Qmodule_open_failed, Qerror_message, build_pure_c_string ("Module could not be opened")); DEFSYM (Qmodule_not_gpl_compatible, "module-not-gpl-compatible"); Fput (Qmodule_not_gpl_compatible, Qerror_conditions, listn (CONSTYPE_PURE, 3, Qmodule_not_gpl_compatible, Qmodule_load_failed, Qerror)); Fput (Qmodule_not_gpl_compatible, Qerror_message, build_pure_c_string ("Module is not GPL compatible")); DEFSYM (Qmissing_module_init_function, "missing-module-init-function"); Fput (Qmissing_module_init_function, Qerror_conditions, listn (CONSTYPE_PURE, 3, Qmissing_module_init_function, Qmodule_load_failed, Qerror)); Fput (Qmissing_module_init_function, Qerror_message, build_pure_c_string ("Module does not export an " "initialization function")); DEFSYM (Qmodule_init_failed, "module-init-failed"); Fput (Qmodule_init_failed, Qerror_conditions, listn (CONSTYPE_PURE, 3, Qmodule_init_failed, Qmodule_load_failed, Qerror)); Fput (Qmodule_init_failed, Qerror_message, build_pure_c_string ("Module initialization failed")); DEFSYM (Qinvalid_arity, "invalid-arity"); Fput (Qinvalid_arity, Qerror_conditions, listn (CONSTYPE_PURE, 2, Qinvalid_arity, Qerror)); Fput (Qinvalid_arity, Qerror_message, build_pure_c_string ("Invalid function arity")); /* Unintern `module-refs-hash' because it is internal-only and Lisp code or modules should not access it. */ Funintern (Qmodule_refs_hash, Qnil); DEFSYM (Qmodule_function_p, "module-function-p"); defsubr (&Smodule_load); }