bug#43725: 28.0.50; Include feature/native-comp into master

[Andrea Corallo]

Addressing some easy part of the review to close the day.

Eli Zaretskii <eliz@gnu.org> writes:

[...]

> This is unsafe, because a fixnum can be larger than PTRDIFF_MAX:
>
>   +static gcc_jit_lvalue *
>   +emit_mvar_lval (Lisp_Object mvar)
>   +{
>   +  Lisp_Object mvar_slot = CALL1I (comp-mvar-slot, mvar);
>   +
>   +  if (EQ (mvar_slot, Qscratch))
>   +    {
>   +      if (!comp.scratch)
>   +       comp.scratch = gcc_jit_function_new_local (comp.func,
>   +                                                  NULL,
>   +                                                  comp.lisp_obj_type,
>   +                                                  "scratch");
>   +      return comp.scratch;
>   +    }
>   +
>   +  return comp.frame[XFIXNUM (mvar_slot)];  <<<<<<<<<<<<<<<<<<<<
>   +}

Fixed by 543e6e664c

> Likewise, this is unsafe because a fixnum can be larger than INT_MAX:
>
>   +  if (!FIXNUMP (idx))
>   +    xsignal1 (Qnative_ice,
>   +             build_string ("inconsistent data relocation container"));
>   +  reloc.idx = gcc_jit_context_new_rvalue_from_int (comp.ctxt,
>   +                                                  comp.ptrdiff_type,
>   +                                                  XFIXNUM (idx)); <<<<<<<<
>
> (There are several more calls with the same problem.)

Should we never trust in C a value coming from a Lisp_Object even if is
supposed to be constructed on purpose?

> Several comparisons like this one:
>
>   +  if (val != (long) val)
>
> are IMO better written as
>
>   if (val > LONG_MAX || val < LONG_MIN)

Fixed by 72e4a22391

> Here, wouldn't it be better to have an assertion that there are no
> more than 6 elements in the list:
>
>   +  Lisp_Object arg[6];
>   +
>   +  Lisp_Object p = XCDR (insn);
>   +  ptrdiff_t i = 0;
>   +  FOR_EACH_TAIL (p)
>   +    {
>   +      if (i == sizeof (arg) / sizeof (Lisp_Object))
>   +       break;
>   +      arg[i++] = XCAR (p);
>   +    }

This way we can have insns longer than 6 operands but we don't load
them.  These are tipically comment insn we use as a debug note therefore
not relevant here (code generation).

> This is nonportable:
>
>   +  if (!noninteractive)
>   +    {
>   +      sigset_t blocked;
>   +      /* Gcc doesn't like being interrupted at all.  */
>   +      block_input ();
>   +      sigemptyset (&blocked);
>   +      sigaddset (&blocked, SIGALRM);
>   +      sigaddset (&blocked, SIGINT);
>   +#ifdef USABLE_SIGIO
>   +      sigaddset (&blocked, SIGIO);
>   +#endif
>   +      pthread_sigmask (SIG_BLOCK, &blocked, &saved_sigset); <<<<<<<<<<<
>   +      count = SPECPDL_INDEX ();
>   +      record_unwind_protect_void (restore_sigmask);
>   +    }
>
> We shouldn't use pthread_sigmask unconditionally, we should use it
> only on Posix platforms.  Can you explain why the signals here should
> be blocked?  What happens if they aren't, and a signal arrives while
> the compilation runs?  I'm asking because on MS-Windows blocking
> signals with sigaddset/sigmask doesn't really work, so the question is
> what if anything should be done here on Windows.

IIRC the compilation was crashing.  Actually we should be able to get
rid of this piece of code.  ATM we always run in a non interactive
(typically child) process compilations so this code is not exercised
anymore.

Removed by 21858596f0

> Here, 'i' could be ptrdiff_t, no need to use EMACS_INT:
>
>   +  EMACS_INT d_vec_len = XFIXNUM (Flength (comp_u->data_vec));
>   +  for (EMACS_INT i = 0; i < d_vec_len; i++)
>   +    if (!EQ (data_relocs[i],  AREF (comp_u->data_vec, i)))
>   +      return false;
>   +
>   +  d_vec_len = XFIXNUM (Flength (comp_u->data_impure_vec));
>   +  for (EMACS_INT i = 0; i < d_vec_len; i++)

Fixed by 7b676861dd

Thanks

  Andrea