emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: master d582356: * src/fns.c (Frandom): Handle bignum `limit`s

From: Pip Cet
Subject: Re: master d582356: * src/fns.c (Frandom): Handle bignum `limit`s
Date: Sun, 7 Mar 2021 14:21:51 +0000 
On Sun, Mar 7, 2021 at 2:04 PM Eli Zaretskii <eliz@gnu.org> wrote:
> > From: Pip Cet <pipcet@gmail.com>
> > Date: Sun, 7 Mar 2021 13:27:01 +0000
> > Cc: Stefan Monnier <monnier@iro.umontreal.ca>, emacs-devel@gnu.org
> >
> > > > 1. Have FUNCTION_MAY_GC etc. translate into a GCC attribute in debug
> > > > builds so we can statically check that a function that says it never
> > > > calls GC doesn't call a function that says it may call GC.
> > > > 2. Have a statement at the beginning of non-GCing functions which sets
> > > > a flag that is then checked by garbage-collecting functions, so that
> > > > we may dynamically check this.
> > > >
> > > > (1) seems easy to implement, but has a high rate of false negatives as
> >
> > "Seems". If you have a computer fast enough and enough RAM to actually
> > compile emacs with -flto -fanalyzer -fdump-analyzer-json. I don't.
> >
> > > > many functions are safe to call from non-GCing functions as long as
> > > > the arguments are correct.
> > > > (2) is difficult to implement, and would only trigger at runtime.
> > > >
> > > > So I say we should do (1) in preference to (2), but maybe we should do 
> > > > both.
> > >
> > > I don't think I understand how will we know which function says it
> > > never calls GC.
> >
> > By tagging it in the source code?
>
> How do you know which functions to tag?

That's the part I wasn't volunteering for :-) We'd have to do that
manually, but we wouldn't have to do it all at once.

> > > For the same reasons, I don't see how (2) can be done in practice.
> >
> > Sorry, I don't understand.  We'd have
> >
> > void
> > f (void)
> > {
> >   DONT_CALL_GC ();
> >   g();
> > }
> >
> > void
> > g (void)
> > {
> >   maybe_gc ();
> > }
> >
> > and that would throw a runtime error because maybe_gc checks the flag
> > set by DONT_CALL_GC.
>
> How do you know in which functions to add DONT_CALL_GC ?

That's not something we can decide automatically, is it?

But usually there will already be a comment in those functions
explaining that they must not call GC, right? I think a runtime check
is better than a comment, and either is much better than not
documenting the assumption at all.

> Or did you intend to add that to all the functions one by one, then
> removing them as needed, until you stop getting runtime exceptions?

No. That sounds painful.

Pip
reply via email to
[Prev in Thread] Current Thread [Next in Thread]