3 files changed, 62 insertions, 40 deletions
diff --git a/src/emacs.c b/src/emacs.c
index ae29e9ad29b..28b395c4fb4 100644
--- a/src/emacs.c
+++ b/src/emacs.c
@@ -831,14 +831,16 @@ main (int argc, char **argv)
      rlim_t lim = rlim.rlim_cur;
      /* Approximate the amount regex.c needs per unit of
-         re_max_failures, then add 33% to cover the size of the
+         emacs_re_max_failures, then add 33% to cover the size of the
         smaller stacks that regex.c successively allocates and
         discards on its way to the maximum.  */
-      int ratio = 20 * sizeof (char *);
+      int min_ratio = 20 * sizeof (char *);
-      ratio += ratio / 3;
+      int ratio = min_ratio + min_ratio / 3;
-      /* Extra space to cover what we're likely to use for other reasons.  */
+      /* Extra space to cover what we're likely to use for other
-      int extra = 200000;
+         reasons.  For example, a typical GC might take 30K stack
+         frames.  */
+      int extra = (30 * 1000) * 50;
      bool try_to_grow_stack = true;
 #ifndef CANNOT_DUMP
@@ -847,7 +849,7 @@ main (int argc, char **argv)
      if (try_to_grow_stack)
        {
-          rlim_t newlim = re_max_failures * ratio + extra;
+          rlim_t newlim = emacs_re_max_failures * ratio + extra;
          /* Round the new limit to a page boundary; this is needed
             for Darwin kernel 15.4.0 (see Bug#23622) and perhaps
@@ -869,9 +871,11 @@ main (int argc, char **argv)
                lim = newlim;
            }
        }
+      /* If the stack is big enough, let regex.c more of it before
-      /* Don't let regex.c overflow the stack.  */
+         falling back to heap allocation.  */
-      re_max_failures = lim < extra ? 0 : min (lim - extra, SIZE_MAX) / ratio;
+      emacs_re_safe_alloca = max
+        (min (lim - extra, SIZE_MAX) * (min_ratio / ratio),
+         MAX_ALLOCA);
    }
 #endif /* HAVE_SETRLIMIT and RLIMIT_STACK and not CYGWIN */
diff --git a/src/regex.c b/src/regex.c
index 8aa54331fc7..db3f0c16a2d 100644
--- a/src/regex.c
+++ b/src/regex.c
@@ -431,9 +431,12 @@ init_syntax_once (void)
 /* Should we use malloc or alloca?  If REGEX_MALLOC is not defined, we
   use `alloca' instead of `malloc'.  This is because using malloc in
-   re_search* or re_match* could cause memory leaks when C-g is used in
+   re_search* or re_match* could cause memory leaks when C-g is used
-   Emacs; also, malloc is slower and causes storage fragmentation.  On
+   in Emacs (note that SAFE_ALLOCA could also call malloc, but does so
-   the other hand, malloc is more portable, and easier to debug.
+   via `record_xmalloc' which uses `unwind_protect' to ensure the
+   memory is freed even in case of non-local exits); also, malloc is
+   slower and causes storage fragmentation.  On the other hand, malloc
+   is more portable, and easier to debug.
   Because we sometimes use alloca, some routines have to be macros,
   not functions -- `alloca'-allocated space disappears at the end of the
@@ -448,7 +451,13 @@ init_syntax_once (void)
 #else /* not REGEX_MALLOC  */
 # ifdef emacs
-#  define REGEX_USE_SAFE_ALLOCA USE_SAFE_ALLOCA
+/* This may be adjusted in main(), if the stack is successfully grown.  */
+ptrdiff_t emacs_re_safe_alloca = MAX_ALLOCA;
+/* Like USE_SAFE_ALLOCA, but use emacs_re_safe_alloca.  */
+#  define REGEX_USE_SAFE_ALLOCA                                        \
+  ptrdiff_t sa_avail = emacs_re_safe_alloca;                           \
+  ptrdiff_t sa_count = SPECPDL_INDEX (); bool sa_must_free = false
 #  define REGEX_SAFE_FREE() SAFE_FREE ()
 #  define REGEX_ALLOCATE SAFE_ALLOCA
 # else
@@ -1196,24 +1205,28 @@ static const char *re_error_msgid[] =
    gettext_noop ("Range striding over charsets") /* REG_ERANGEX  */
  };
-/* Avoiding alloca during matching, to placate r_alloc.  */
+/* Whether to allocate memory during matching.  */
-/* Define MATCH_MAY_ALLOCATE unless we need to make sure that the
+/* Define MATCH_MAY_ALLOCATE to allow the searching and matching
-   searching and matching functions should not call alloca.  On some
+   functions allocate memory for the failure stack and registers.
-   systems, alloca is implemented in terms of malloc, and if we're
+   Normally should be defined, because otherwise searching and
-   using the relocating allocator routines, then malloc could cause a
+   matching routines will have much smaller memory resources at their
-   relocation, which might (if the strings being searched are in the
+   disposal, and therefore might fail to handle complex regexps.
-   ralloc heap) shift the data out from underneath the regexp
+   Therefore undefine MATCH_MAY_ALLOCATE only in the following
-   routines.
+   exceptional situations:
-   Here's another reason to avoid allocation: Emacs
+   . When running on a system where memory is at premium.
-   processes input from X in a signal handler; processing X input may
+   . When alloca cannot be used at all, perhaps due to bugs in
-   call malloc; if input arrives while a matching routine is calling
+     its implementation, or its being unavailable, or due to a
-   malloc, then we're scrod.  But Emacs can't just block input while
+     very small stack size.  This requires to define REGEX_MALLOC
-   calling matching routines; then we don't notice interrupts when
+     to use malloc instead, which in turn could lead to memory
-   they come in.  So, Emacs blocks input around all regexp calls
+     leaks if search is interrupted by a signal.  (For these
-   except the matching calls, which it leaves unprotected, in the
+     reasons, defining REGEX_MALLOC when building Emacs
-   faith that they will not malloc.  */
+     automatically undefines MATCH_MAY_ALLOCATE, but outside
+     Emacs you may not care about memory leaks.)  If you want to
+     prevent the memory leaks, undefine MATCH_MAY_ALLOCATE.
+   . When code that calls the searching and matching functions
+     cannot allow memory allocation, for whatever reasons.  */
 /* Normally, this is fine.  */
 #define MATCH_MAY_ALLOCATE
@@ -1250,9 +1263,9 @@ static const char *re_error_msgid[] =
   whose default stack limit is 2mb.  In order for a larger
   value to work reliably, you have to try to make it accord
   with the process stack limit.  */
-size_t re_max_failures = 40000;
+size_t emacs_re_max_failures = 40000;
 # else
-size_t re_max_failures = 4000;
+size_t emacs_re_max_failures = 4000;
 # endif
 union fail_stack_elt
@@ -1305,7 +1318,7 @@ typedef struct
 /* Double the size of FAIL_STACK, up to a limit
-   which allows approximately `re_max_failures' items.
+   which allows approximately `emacs_re_max_failures' items.
   Return 1 if succeeds, and 0 if either ran out of memory
   allocating space for it or it was already too large.
@@ -1320,19 +1333,19 @@ typedef struct
 #define FAIL_STACK_GROWTH_FACTOR 4
 #define GROW_FAIL_STACK(fail_stack)                                     \
-  (((fail_stack).size >= re_max_failures * TYPICAL_FAILURE_SIZE)        \
+  (((fail_stack).size >= emacs_re_max_failures * TYPICAL_FAILURE_SIZE)        \
   ? 0                                                                  \
   : ((fail_stack).stack                                                \
      = REGEX_REALLOCATE_STACK ((fail_stack).stack,                     \
          (fail_stack).size * sizeof (fail_stack_elt_t),                \
-          min (re_max_failures * TYPICAL_FAILURE_SIZE,                  \
+          min (emacs_re_max_failures * TYPICAL_FAILURE_SIZE,                  \
               ((fail_stack).size * FAIL_STACK_GROWTH_FACTOR))          \
          * sizeof (fail_stack_elt_t)),                                 \
                                                                        \
      (fail_stack).stack == NULL                                        \
      ? 0                                                               \
      : ((fail_stack).size                                              \
-         = (min (re_max_failures * TYPICAL_FAILURE_SIZE,                \
+         = (min (emacs_re_max_failures * TYPICAL_FAILURE_SIZE,                \
                 ((fail_stack).size * FAIL_STACK_GROWTH_FACTOR))),      \
         1)))
@@ -3641,9 +3654,9 @@ regex_compile (const_re_char *pattern, size_t size,
  {
    int num_regs = bufp->re_nsub + 1;
-    if (fail_stack.size < re_max_failures * TYPICAL_FAILURE_SIZE)
+    if (fail_stack.size < emacs_re_max_failures * TYPICAL_FAILURE_SIZE)
      {
-        fail_stack.size = re_max_failures * TYPICAL_FAILURE_SIZE;
+        fail_stack.size = emacs_re_max_failures * TYPICAL_FAILURE_SIZE;
        falk_stack.stack = realloc (fail_stack.stack,
                                    fail_stack.size * sizeof *falk_stack.stack);
      }
diff --git a/src/regex.h b/src/regex.h
index 34c9929f93d..1d439de259c 100644
--- a/src/regex.h
+++ b/src/regex.h
@@ -186,7 +186,12 @@ typedef unsigned long reg_syntax_t;
 #endif
 /* Roughly the maximum number of failure points on the stack.  */
-extern size_t re_max_failures;
+extern size_t emacs_re_max_failures;
+#ifdef emacs
+/* Amount of memory that we can safely stack allocate.  */
+extern ptrdiff_t emacs_re_safe_alloca;
+#endif
 /* Define combinations of the above bits for the standard possibilities.

diff --git a/src/emacs.c b/src/emacs.c index ae29e9ad29b..28b395c4fb4 100644 --- a/src/emacs.c +++ b/src/emacs.c
@@ -831,14 +831,16 @@ main (int argc, char **argv)
831	rlim_t lim = rlim.rlim_cur;	831	rlim_t lim = rlim.rlim_cur;
832		832
833	/* Approximate the amount regex.c needs per unit of	833	/* Approximate the amount regex.c needs per unit of
834	re_max_failures, then add 33% to cover the size of the	834	emacs_re_max_failures, then add 33% to cover the size of the
835	smaller stacks that regex.c successively allocates and	835	smaller stacks that regex.c successively allocates and
836	discards on its way to the maximum. */	836	discards on its way to the maximum. */
837	int ratio = 20 * sizeof (char *);	837	int min_ratio = 20 * sizeof (char *);
838	ratio += ratio / 3;	838	int ratio = min_ratio + min_ratio / 3;
839		839
840	/* Extra space to cover what we're likely to use for other reasons. */	840	/* Extra space to cover what we're likely to use for other
841	int extra = 200000;	841	reasons. For example, a typical GC might take 30K stack
		842	frames. */
		843	int extra = (30 * 1000) * 50;
842		844
843	bool try_to_grow_stack = true;	845	bool try_to_grow_stack = true;
844	#ifndef CANNOT_DUMP	846	#ifndef CANNOT_DUMP
@@ -847,7 +849,7 @@ main (int argc, char **argv)
847		849
848	if (try_to_grow_stack)	850	if (try_to_grow_stack)
849	{	851	{
850	rlim_t newlim = re_max_failures * ratio + extra;	852	rlim_t newlim = emacs_re_max_failures * ratio + extra;
851		853
852	/* Round the new limit to a page boundary; this is needed	854	/* Round the new limit to a page boundary; this is needed
853	for Darwin kernel 15.4.0 (see Bug#23622) and perhaps	855	for Darwin kernel 15.4.0 (see Bug#23622) and perhaps
@@ -869,9 +871,11 @@ main (int argc, char **argv)
869	lim = newlim;	871	lim = newlim;
870	}	872	}
871	}	873	}
872		874	/* If the stack is big enough, let regex.c more of it before
873	/* Don't let regex.c overflow the stack. */	875	falling back to heap allocation. */
874	re_max_failures = lim < extra ? 0 : min (lim - extra, SIZE_MAX) / ratio;	876	emacs_re_safe_alloca = max
		877	(min (lim - extra, SIZE_MAX) * (min_ratio / ratio),
		878	MAX_ALLOCA);
875	}	879	}
876	#endif /* HAVE_SETRLIMIT and RLIMIT_STACK and not CYGWIN */	880	#endif /* HAVE_SETRLIMIT and RLIMIT_STACK and not CYGWIN */
877		881


diff --git a/src/regex.c b/src/regex.c index 8aa54331fc7..db3f0c16a2d 100644 --- a/src/regex.c +++ b/src/regex.c
@@ -431,9 +431,12 @@ init_syntax_once (void)
431		431
432	/* Should we use malloc or alloca? If REGEX_MALLOC is not defined, we	432	/* Should we use malloc or alloca? If REGEX_MALLOC is not defined, we
433	use `alloca' instead of `malloc'. This is because using malloc in	433	use `alloca' instead of `malloc'. This is because using malloc in
434	re_search* or re_match* could cause memory leaks when C-g is used in	434	re_search* or re_match* could cause memory leaks when C-g is used
435	Emacs; also, malloc is slower and causes storage fragmentation. On	435	in Emacs (note that SAFE_ALLOCA could also call malloc, but does so
436	the other hand, malloc is more portable, and easier to debug.	436	via `record_xmalloc' which uses `unwind_protect' to ensure the
		437	memory is freed even in case of non-local exits); also, malloc is
		438	slower and causes storage fragmentation. On the other hand, malloc
		439	is more portable, and easier to debug.
437		440
438	Because we sometimes use alloca, some routines have to be macros,	441	Because we sometimes use alloca, some routines have to be macros,
439	not functions -- `alloca'-allocated space disappears at the end of the	442	not functions -- `alloca'-allocated space disappears at the end of the
@@ -448,7 +451,13 @@ init_syntax_once (void)
448	#else /* not REGEX_MALLOC */	451	#else /* not REGEX_MALLOC */
449		452
450	# ifdef emacs	453	# ifdef emacs
451	# define REGEX_USE_SAFE_ALLOCA USE_SAFE_ALLOCA	454	/* This may be adjusted in main(), if the stack is successfully grown. */
		455	ptrdiff_t emacs_re_safe_alloca = MAX_ALLOCA;
		456	/* Like USE_SAFE_ALLOCA, but use emacs_re_safe_alloca. */
		457	# define REGEX_USE_SAFE_ALLOCA \
		458	ptrdiff_t sa_avail = emacs_re_safe_alloca; \
		459	ptrdiff_t sa_count = SPECPDL_INDEX (); bool sa_must_free = false
		460
452	# define REGEX_SAFE_FREE() SAFE_FREE ()	461	# define REGEX_SAFE_FREE() SAFE_FREE ()
453	# define REGEX_ALLOCATE SAFE_ALLOCA	462	# define REGEX_ALLOCATE SAFE_ALLOCA
454	# else	463	# else
@@ -1196,24 +1205,28 @@ static const char *re_error_msgid[] =
1196	gettext_noop ("Range striding over charsets") /* REG_ERANGEX */	1205	gettext_noop ("Range striding over charsets") /* REG_ERANGEX */
1197	};	1206	};
1198		1207
1199	/* Avoiding alloca during matching, to placate r_alloc. */	1208	/* Whether to allocate memory during matching. */
1200		1209
1201	/* Define MATCH_MAY_ALLOCATE unless we need to make sure that the	1210	/* Define MATCH_MAY_ALLOCATE to allow the searching and matching
1202	searching and matching functions should not call alloca. On some	1211	functions allocate memory for the failure stack and registers.
1203	systems, alloca is implemented in terms of malloc, and if we're	1212	Normally should be defined, because otherwise searching and
1204	using the relocating allocator routines, then malloc could cause a	1213	matching routines will have much smaller memory resources at their
1205	relocation, which might (if the strings being searched are in the	1214	disposal, and therefore might fail to handle complex regexps.
1206	ralloc heap) shift the data out from underneath the regexp	1215	Therefore undefine MATCH_MAY_ALLOCATE only in the following
1207	routines.	1216	exceptional situations:
1208		1217
1209	Here's another reason to avoid allocation: Emacs	1218	. When running on a system where memory is at premium.
1210	processes input from X in a signal handler; processing X input may	1219	. When alloca cannot be used at all, perhaps due to bugs in
1211	call malloc; if input arrives while a matching routine is calling	1220	its implementation, or its being unavailable, or due to a
1212	malloc, then we're scrod. But Emacs can't just block input while	1221	very small stack size. This requires to define REGEX_MALLOC
1213	calling matching routines; then we don't notice interrupts when	1222	to use malloc instead, which in turn could lead to memory
1214	they come in. So, Emacs blocks input around all regexp calls	1223	leaks if search is interrupted by a signal. (For these
1215	except the matching calls, which it leaves unprotected, in the	1224	reasons, defining REGEX_MALLOC when building Emacs
1216	faith that they will not malloc. */	1225	automatically undefines MATCH_MAY_ALLOCATE, but outside
		1226	Emacs you may not care about memory leaks.) If you want to
		1227	prevent the memory leaks, undefine MATCH_MAY_ALLOCATE.
		1228	. When code that calls the searching and matching functions
		1229	cannot allow memory allocation, for whatever reasons. */
1217		1230
1218	/* Normally, this is fine. */	1231	/* Normally, this is fine. */
1219	#define MATCH_MAY_ALLOCATE	1232	#define MATCH_MAY_ALLOCATE
@@ -1250,9 +1263,9 @@ static const char *re_error_msgid[] =
1250	whose default stack limit is 2mb. In order for a larger	1263	whose default stack limit is 2mb. In order for a larger
1251	value to work reliably, you have to try to make it accord	1264	value to work reliably, you have to try to make it accord
1252	with the process stack limit. */	1265	with the process stack limit. */
1253	size_t re_max_failures = 40000;	1266	size_t emacs_re_max_failures = 40000;
1254	# else	1267	# else
1255	size_t re_max_failures = 4000;	1268	size_t emacs_re_max_failures = 4000;
1256	# endif	1269	# endif
1257		1270
1258	union fail_stack_elt	1271	union fail_stack_elt
@@ -1305,7 +1318,7 @@ typedef struct
1305		1318
1306		1319
1307	/* Double the size of FAIL_STACK, up to a limit	1320	/* Double the size of FAIL_STACK, up to a limit
1308	which allows approximately `re_max_failures' items.	1321	which allows approximately `emacs_re_max_failures' items.
1309		1322
1310	Return 1 if succeeds, and 0 if either ran out of memory	1323	Return 1 if succeeds, and 0 if either ran out of memory
1311	allocating space for it or it was already too large.	1324	allocating space for it or it was already too large.
@@ -1320,19 +1333,19 @@ typedef struct
1320	#define FAIL_STACK_GROWTH_FACTOR 4	1333	#define FAIL_STACK_GROWTH_FACTOR 4
1321		1334
1322	#define GROW_FAIL_STACK(fail_stack) \	1335	#define GROW_FAIL_STACK(fail_stack) \
1323	(((fail_stack).size >= re_max_failures * TYPICAL_FAILURE_SIZE) \	1336	(((fail_stack).size >= emacs_re_max_failures * TYPICAL_FAILURE_SIZE) \
1324	? 0 \	1337	? 0 \
1325	: ((fail_stack).stack \	1338	: ((fail_stack).stack \
1326	= REGEX_REALLOCATE_STACK ((fail_stack).stack, \	1339	= REGEX_REALLOCATE_STACK ((fail_stack).stack, \
1327	(fail_stack).size * sizeof (fail_stack_elt_t), \	1340	(fail_stack).size * sizeof (fail_stack_elt_t), \
1328	min (re_max_failures * TYPICAL_FAILURE_SIZE, \	1341	min (emacs_re_max_failures * TYPICAL_FAILURE_SIZE, \
1329	((fail_stack).size * FAIL_STACK_GROWTH_FACTOR)) \	1342	((fail_stack).size * FAIL_STACK_GROWTH_FACTOR)) \
1330	* sizeof (fail_stack_elt_t)), \	1343	* sizeof (fail_stack_elt_t)), \
1331	\	1344	\
1332	(fail_stack).stack == NULL \	1345	(fail_stack).stack == NULL \
1333	? 0 \	1346	? 0 \
1334	: ((fail_stack).size \	1347	: ((fail_stack).size \
1335	= (min (re_max_failures * TYPICAL_FAILURE_SIZE, \	1348	= (min (emacs_re_max_failures * TYPICAL_FAILURE_SIZE, \
1336	((fail_stack).size * FAIL_STACK_GROWTH_FACTOR))), \	1349	((fail_stack).size * FAIL_STACK_GROWTH_FACTOR))), \
1337	1)))	1350	1)))
1338		1351
@@ -3641,9 +3654,9 @@ regex_compile (const_re_char *pattern, size_t size,
3641	{	3654	{
3642	int num_regs = bufp->re_nsub + 1;	3655	int num_regs = bufp->re_nsub + 1;
3643		3656
3644	if (fail_stack.size < re_max_failures * TYPICAL_FAILURE_SIZE)	3657	if (fail_stack.size < emacs_re_max_failures * TYPICAL_FAILURE_SIZE)
3645	{	3658	{
3646	fail_stack.size = re_max_failures * TYPICAL_FAILURE_SIZE;	3659	fail_stack.size = emacs_re_max_failures * TYPICAL_FAILURE_SIZE;
3647	falk_stack.stack = realloc (fail_stack.stack,	3660	falk_stack.stack = realloc (fail_stack.stack,
3648	fail_stack.size * sizeof *falk_stack.stack);	3661	fail_stack.size * sizeof *falk_stack.stack);
3649	}	3662	}


diff --git a/src/regex.h b/src/regex.h index 34c9929f93d..1d439de259c 100644 --- a/src/regex.h +++ b/src/regex.h
@@ -186,7 +186,12 @@ typedef unsigned long reg_syntax_t;
186	#endif	186	#endif
187		187
188	/* Roughly the maximum number of failure points on the stack. */	188	/* Roughly the maximum number of failure points on the stack. */
189	extern size_t re_max_failures;	189	extern size_t emacs_re_max_failures;
		190
		191	#ifdef emacs
		192	/* Amount of memory that we can safely stack allocate. */
		193	extern ptrdiff_t emacs_re_safe_alloca;
		194	#endif
190		195
191		196
192	/* Define combinations of the above bits for the standard possibilities.	197	/* Define combinations of the above bits for the standard possibilities.