bug#56108: 29.0.50; ASAN use-after-free in re_match_2_internal

[Eli Zaretskii]

> Date: Thu, 23 Jun 2022 10:24:31 +0200
> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: 56108@debbugs.gnu.org
> 
>  Another side question, if I may: Have you perhaps heard of someone producing 
> a static call graph for
>  Emacs, or better yet, specific functions in Emacs? Maybe using objdump -D or 
> something
>  similar?
> 
>  Does this make sense in a dynamic program such as Emacs? We call into
>  Lisp quite a lot from C, and from there you can arrive anywhere, no?
>  And objdump cannot capture Lisp levels.
> 
> True, but for GC at least, I think it would make it easier to tell if it can 
> potentially happen. One would see a
> call to GC in the static call graph. Not for arbitrary lines, of course, you 
> know what I mean...

Fair enough.  But for that purpose, we need to consider each call into
Lisp, either directly or via a hook, as potentially triggering GC.

Moreover, if some code can signal an error or throw to a higher level,
that could cause GC via the handlers installed by the various
unwind-protect forms.  So signaling/throwing are also GC triggers, at
least in some situations, and I'm not sure how relevant that is to
what you had in mind.

(People also tend to forget that GC doesn't only deletes "garbage"
objects, it also has other potentially "surprising" effects: it can
compact strings, relocate string data and buffer text, shrink regexp
pattern cache and font caches, etc.)