embed.fnc: Add EPTRQ hints

Generally, a pointer to a string upper bound actually to one beyond the
actual final byte in the string.  This is sanctioned by the C Standard,
and allows you to just subtract the lower bound from it to get its
length, without having to add 1.

But some function we have tolerate the upper bound pointer being set to
the actual final byte.  The EPTRQ hint in embed.fnc is used for those;
the assertion becomes 'l <= u' instead of strictly less-than.

This commit is the first to use this type of hint, and it applies it
only to those functions whose documentation and behavior clearly
indicate this is expected.

There's a dozen-ish ones where that isn't true.  And they need to be
investigated further before deciding their disposition.

Author: khwilliamson

embed.fnc

@@ -1074,17 +1074,17 @@ Rp	|SV *	|defelem_target |NN SV *sv				\
 				|NULLOK MAGIC *mg
 : Used in op.c, perl.c
 px	|void	|delete_eval_scope
-ATdp	|char * |delimcpy	|NN char *to				\
-				|NN const char *to_end			\
-				|NN const char *from			\
-				|NN const char *from_end		\
+ATdp	|char * |delimcpy	|SPTR char *to				\
+				|EPTRQ const char *to_end		\
+				|SPTR const char *from			\
+				|EPTRQ const char *from_end		\
 				|const int delim			\
 				|NN I32 *retlen
 ETXdp	|char * |delimcpy_no_escape					\
-				|NN char *to				\
-				|NN const char *to_end			\
-				|NN const char *from			\
-				|NN const char *from_end		\
+				|SPTR char *to				\
+				|EPTRQ const char *to_end		\
+				|SPTR const char *from			\
+				|EPTRQ const char *from_end		\
 				|const int delim			\
 				|NN I32 *retlen
 Cp	|void	|despatch_signals
@@ -1270,8 +1270,8 @@ Adfp	|void	|fatal_warner	|U32 err				\
 				|...
 Adp	|void	|fbm_compile	|NN SV *sv				\
 				|U32 flags
-ARdp	|char * |fbm_instr	|NN unsigned char *big			\
-				|NN unsigned char *bigend		\
+ARdp	|char * |fbm_instr	|SPTR unsigned char *big		\
+				|EPTRQ unsigned char *bigend		\
 				|NN SV *littlestr			\
 				|U32 flags
 Adhp	|SV *	|filter_add	|NULLOK filter_t funcp			\
@@ -1335,8 +1335,8 @@ Adfp	|char * |form		|NN const char *pat			\
 p	|void	|free_tied_hv_pool
 Cp	|void	|free_tmps
 ERXp	|SV *	|get_and_check_backslash_N_name 			\
-				|NN const char *s			\
-				|NN const char *e			\
+				|SPTR const char *s			\
+				|EPTRQ const char *e			\
 				|const bool is_utf8			\
 				|NN const char **error_msg
 AOdp	|AV *	|get_av 	|NN const char *name			\
@@ -1733,8 +1733,8 @@ p	|bool	|io_close	|NN IO *io				\
 				|bool is_explicit			\
 				|bool warn_on_fail
 ARTdip	|Size_t |isC9_STRICT_UTF8_CHAR					\
-				|NN const U8 * const s0 		\
-				|NN const U8 * const e
+				|SPTR const U8 * const s0		\
+				|EPTRQ const U8 * const e
 ARTdmp	|bool	|is_c9strict_utf8_string				\
 				|NN const U8 *s 			\
 				|STRLEN len
@@ -1760,8 +1760,8 @@ ARdip	|bool	|is_safe_syscall|NN const char *pv			\
 				|NN const char *what			\
 				|NN const char *op_name
 ARTdip	|Size_t |isSTRICT_UTF8_CHAR					\
-				|NN const U8 * const s0 		\
-				|NN const U8 * const e
+				|SPTR const U8 * const s0		\
+				|EPTRQ const U8 * const e
 ARTdmp	|bool	|is_strict_utf8_string					\
 				|NN const U8 *s 			\
 				|STRLEN len
@@ -1780,14 +1780,14 @@ CRp	|bool	|is_uni_perl_idcont_					\
 				|UV c
 CRp	|bool	|is_uni_perl_idstart_					\
 				|UV c
-ARTdip	|Size_t |isUTF8_CHAR	|NN const U8 * const s0 		\
-				|NN const U8 * const e
+ARTdip	|Size_t |isUTF8_CHAR	|SPTR const U8 * const s0		\
+				|EPTRQ const U8 * const e
 ATdmp	|STRLEN |is_utf8_char_buf					\
 				|SPTR const U8 *buf			\
 				|EPTR const U8 *buf_end
 ARTdip	|Size_t |isUTF8_CHAR_flags					\
-				|NN const U8 * const s0 		\
-				|NN const U8 * const e			\
+				|SPTR const U8 * const s0		\
+				|EPTRQ const U8 * const e		\
 				|const U32 flags
 CPRTp	|STRLEN |is_utf8_char_helper_					\
 				|SPTR const U8 * const s		\
@@ -2905,10 +2905,10 @@ Admp	|void	|resume_compcv_and_save 				\
 				|NN struct suspended_compcv *buffer
 Admp	|void	|resume_compcv_final					\
 				|NN struct suspended_compcv *buffer
-APTdp	|char * |rninstr	|NN const char *big			\
-				|NN const char *bigend			\
-				|NN const char *little			\
-				|NN const char *lend
+APTdp	|char * |rninstr	|SPTR const char *big			\
+				|EPTRQ const char *bigend		\
+				|SPTR const char *little		\
+				|EPTRQ const char *lend
 p	|void	|rpeep		|NULLOK OP *o
 Adipx	|void	|rpp_context	|NN SV **mark				\
 				|U8 gimme				\
@@ -3808,14 +3808,14 @@ ARTdip	|U8 *	|utf8_hop_overshoot					\
 				|MPTR const U8 *s			\
 				|SSize_t off				\
 				|SPTR const U8 * const start		\
-				|NN const U8 * const end		\
+				|EPTRQ const U8 * const end		\
 				|NULLOK SSize_t *remaining
 ARTdmp	|U8 *	|utf8_hop_safe	|MPTR const U8 *s			\
 				|SSize_t off				\
 				|SPTR const U8 * const start		\
-				|NN const U8 * const end
-ARdp	|STRLEN |utf8_length	|NN const U8 *s0			\
-				|NN const U8 *e
+				|EPTRQ const U8 * const end
+ARdp	|STRLEN |utf8_length	|SPTR const U8 *s0			\
+				|EPTRQ const U8 *e
 ATdmp	|UV	|utf8n_to_uvchr |NN const U8 *s 			\
 				|STRLEN curlen				\
 				|NULLOK STRLEN *retlen			\
@@ -5803,20 +5803,20 @@ EWi	|void	|capture_clear	|NN regexp *rex 			\
 				|NN const char *str
 ERS	|char * |find_byclass	|NN regexp *prog			\
 				|NN const regnode *c			\
-				|NN char *s				\
-				|NN const char *strend			\
+				|SPTR char *s				\
+				|EPTRQ const char *strend		\
 				|NULLOK regmatch_info *reginfo
 ERST	|U8 *	|find_next_masked					\
-				|NN U8 *s				\
-				|NN const U8 *send			\
+				|SPTR U8 *s				\
+				|EPTRQ const U8 *send			\
 				|const U8 byte				\
 				|const U8 mask
 ERST	|U8 *	|find_span_end	|SPTR U8 *s				\
 				|EPTR const U8 *send			\
 				|const U8 span_byte
 ERST	|U8 *	|find_span_end_mask					\
-				|NN U8 *s				\
-				|NN const U8 *send			\
+				|SPTR U8 *s				\
+				|EPTRQ const U8 *send			\
 				|const U8 span_byte			\
 				|const U8 mask
 Ei	|I32	|foldEQ_latin1_s2_folded				\
@@ -6125,10 +6125,10 @@ S	|char * |force_word	|NN char *start 			\
 				|int check_keyword			\
 				|int allow_pack
 RS	|SV *	|get_and_check_backslash_N_name_wrapper 		\
-				|NN const char *s			\
-				|NN const char * const e
-S	|void	|incline	|NN const char *s			\
-				|NN const char *end
+				|SPTR const char *s			\
+				|EPTRQ const char * const e
+S	|void	|incline	|SPTR const char *s			\
+				|EPTRQ const char *end
 S	|int	|intuit_method	|NN char *start 			\
 				|NULLOK SV *ioname			\
 				|NULLOK NOCHECK CV *cv

inline.h

@@ -2329,6 +2329,7 @@ Perl_is_utf8_string_loclen(const U8 *s, STRLEN len, const U8 **ep, STRLEN *el)
  * But we don't know this for non-core calls, so have to retain the check for
  * them. */
 #ifdef PERL_CORE
+//XXX see where uses this, the non-core can be removed,
 #  define PERL_NON_CORE_CHECK_EMPTY(s,e)  assert((e) > (s))
 #else
 #  define PERL_NON_CORE_CHECK_EMPTY(s,e)  if ((e) <= (s)) return FALSE
@@ -3008,8 +3009,6 @@ Perl_utf8_hop_overshoot(const U8 *s, SSize_t off,
 {
     PERL_ARGS_ASSERT_UTF8_HOP_OVERSHOOT;
 
-    assert(s <= end);
-
     if (off >= 0) {
         return utf8_hop_forward_overshoot(s, off, end, remaining);
     }

proto.h

@@ -626,14 +626,12 @@ S_isFOO_utf8_lc(pTHX_ const U8 classnum, const U8* character, const U8* e)
 STATIC U8 *
 S_find_span_end(U8 * s, const U8 * send, const U8 span_byte)
 {
+    PERL_ARGS_ASSERT_FIND_SPAN_END;
+
     /* Returns the position of the first byte in the sequence between 's' and
      * 'send-1' inclusive that isn't 'span_byte'; returns 'send' if none found.
      * */
 
-    PERL_ARGS_ASSERT_FIND_SPAN_END;
-
-    assert(send >= s);
-
     if ((STRLEN) (send - s) >= PERL_WORDSIZE
                           + PERL_WORDSIZE * PERL_IS_SUBWORD_ADDR(s)
                           - (PTR2nat(s) & PERL_WORD_BOUNDARY_MASK))
@@ -700,16 +698,14 @@ S_find_span_end(U8 * s, const U8 * send, const U8 span_byte)
 STATIC U8 *
 S_find_next_masked(U8 * s, const U8 * send, const U8 byte, const U8 mask)
 {
+    PERL_ARGS_ASSERT_FIND_NEXT_MASKED;
+    assert((byte & mask) == byte);
+
     /* Returns the position of the first byte in the sequence between 's'
      * and 'send-1' inclusive that when ANDed with 'mask' yields 'byte';
      * returns 'send' if none found.  It uses word-level operations instead of
      * byte to speed up the process */
 
-    PERL_ARGS_ASSERT_FIND_NEXT_MASKED;
-
-    assert(send >= s);
-    assert((byte & mask) == byte);
-
 #ifndef EBCDIC
 
     if ((STRLEN) (send - s) >= PERL_WORDSIZE
@@ -778,15 +774,14 @@ S_find_next_masked(U8 * s, const U8 * send, const U8 byte, const U8 mask)
 STATIC U8 *
 S_find_span_end_mask(U8 * s, const U8 * send, const U8 span_byte, const U8 mask)
 {
+    PERL_ARGS_ASSERT_FIND_SPAN_END_MASK;
+
     /* Returns the position of the first byte in the sequence between 's' and
      * 'send-1' inclusive that when ANDed with 'mask' isn't 'span_byte'.
      * 'span_byte' should have been ANDed with 'mask' in the call of this
      * function.  Returns 'send' if none found.  Works like find_span_end(),
      * except for the AND */
 
-    PERL_ARGS_ASSERT_FIND_SPAN_END_MASK;
-
-    assert(send >= s);
     assert((span_byte & mask) == span_byte);
 
     if ((STRLEN) (send - s) >= PERL_WORDSIZE
@@ -2272,6 +2267,7 @@ STATIC char *
 S_find_byclass(pTHX_ regexp * prog, const regnode *c, char *s,
     const char *strend, regmatch_info *reginfo)
 {
+    PERL_ARGS_ASSERT_FIND_BYCLASS;
 
     /* true if x+ need not match at just the 1st pos of run of x's */
     const I32 doevery = (prog->intflags & PREGf_SKIP) == 0;
@@ -2304,8 +2300,6 @@ S_find_byclass(pTHX_ regexp * prog, const regnode *c, char *s,
 
     RXi_GET_DECL(prog,progi);
 
-    PERL_ARGS_ASSERT_FIND_BYCLASS;
-
     /* We know what class it must start with. The case statements below have
      * encoded the OP, and the UTF8ness of the target ('t8' for is UTF-8; 'tb'
      * for it isn't; 'b' stands for byte), and the UTF8ness of the pattern