Merge pull request #4126 from harfbuzz/cff2-instancer

CFF2 instancer make ots-sanitize happy
diff --git a/src/hb-common.cc b/src/hb-common.cc
index e9f9cfe..c9a4029 100644
--- a/src/hb-common.cc
+++ b/src/hb-common.cc
@@ -29,32 +29,6 @@
 #include "hb.hh"
 #include "hb-machinery.hh"
 
-#if !defined(HB_NO_SETLOCALE) && (!defined(HAVE_NEWLOCALE) || !defined(HAVE_USELOCALE))
-#define HB_NO_SETLOCALE 1
-#endif
-
-#ifndef HB_NO_SETLOCALE
-
-#include <locale.h>
-#ifdef HAVE_XLOCALE_H
-#include <xlocale.h> // Needed on BSD/OS X for uselocale
-#endif
-
-#ifdef WIN32
-#define hb_locale_t _locale_t
-#else
-#define hb_locale_t locale_t
-#endif
-#define hb_setlocale setlocale
-#define hb_uselocale uselocale
-
-#else
-
-#define hb_locale_t void *
-#define hb_setlocale(Category, Locale) "C"
-#define hb_uselocale(Locale) ((hb_locale_t) 0)
-
-#endif
 
 /**
  * SECTION:hb-common
diff --git a/src/hb-serialize.hh b/src/hb-serialize.hh
index 0c2f64c..61ec025 100644
--- a/src/hb-serialize.hh
+++ b/src/hb-serialize.hh
@@ -629,6 +629,13 @@
   template <typename Type>
   Type *embed (const Type &obj)
   { return embed (std::addressof (obj)); }
+  char *embed (const char *obj, unsigned size)
+  {
+    char *ret = this->allocate_size<char> (size, false);
+    if (unlikely (!ret)) return nullptr;
+    hb_memcpy (ret, obj, size);
+    return ret;
+  }
 
   template <typename Type, typename ...Ts> auto
   _copy (const Type &src, hb_priority<1>, Ts&&... ds) HB_RETURN
diff --git a/src/hb-subset-cff-common.hh b/src/hb-subset-cff-common.hh
index 684ac5f..ff50b0e 100644
--- a/src/hb-subset-cff-common.hh
+++ b/src/hb-subset-cff-common.hh
@@ -81,7 +81,8 @@
     }
   }
 
-  void encode_num (const number_t& n)
+  // Encode number for CharString
+  void encode_num_cs (const number_t& n)
   {
     if (n.in_int_range ())
     {
@@ -98,6 +99,91 @@
     }
   }
 
+  // Encode number for TopDict / Private
+  void encode_num_tp (const number_t& n)
+  {
+    if (n.in_int_range ())
+    {
+      // TODO longint
+      encode_int (n.to_int ());
+    }
+    else
+    {
+      // Sigh. BCD
+      // https://learn.microsoft.com/en-us/typography/opentype/spec/cff2#table-5-nibble-definitions
+      double v = n.to_real ();
+      encode_byte (OpCode_BCD);
+
+      // Based on:
+      // https://github.com/fonttools/fonttools/blob/97ed3a61cde03e17b8be36f866192fbd56f1d1a7/Lib/fontTools/misc/psCharStrings.py#L265-L294
+
+      char buf[16];
+      /* FontTools has the following comment:
+       *
+       * # Note: 14 decimal digits seems to be the limitation for CFF real numbers
+       * # in macOS. However, we use 8 here to match the implementation of AFDKO.
+       *
+       * We use 8 here to match FontTools X-).
+       */
+
+      hb_locale_t clocale HB_UNUSED;
+      hb_locale_t oldlocale HB_UNUSED;
+      oldlocale = hb_uselocale (clocale = newlocale (LC_ALL_MASK, "C", NULL));
+      snprintf (buf, sizeof (buf), "%.8G", v);
+      (void) hb_uselocale (((void) freelocale (clocale), oldlocale));
+
+      char *s = buf;
+      if (s[0] == '0' && s[1] == '.')
+	s++;
+      else if (s[0] == '-' && s[1] == '0' && s[2] == '.')
+      {
+	s[1] = '-';
+	s++;
+      }
+      hb_vector_t<char> nibbles;
+      while (*s)
+      {
+	char c = s[0];
+	s++;
+
+	switch (c)
+	{
+	  case 'E':
+	  {
+	    char c2 = *s;
+	    if (c2 == '-')
+	    {
+	      s++;
+	      nibbles.push (0x0C); // E-
+	      continue;
+	    }
+	    if (c2 == '+')
+	      s++;
+	    nibbles.push (0x0B); // E
+	    continue;
+	  }
+
+	  case '.': case ',': // Comma for some European locales in case no uselocale available.
+	    nibbles.push (0x0A); // .
+	    continue;
+
+	  case '-':
+	    nibbles.push (0x0E); // .
+	    continue;
+	}
+
+	nibbles.push (c - '0');
+      }
+      nibbles.push (0x0F);
+      if (nibbles.length % 2)
+	nibbles.push (0x0F);
+
+      unsigned count = nibbles.length;
+      for (unsigned i = 0; i < count; i += 2)
+        encode_byte ((nibbles[i] << 4) | nibbles[i+1]);
+    }
+  }
+
   void encode_op (op_code_t op)
   {
     if (Is_OpCode_ESC (op))
@@ -190,35 +276,6 @@
   }
 };
 
-struct cff_private_dict_op_serializer_t : op_serializer_t
-{
-  cff_private_dict_op_serializer_t (bool desubroutinize_, bool drop_hints_)
-    : desubroutinize (desubroutinize_), drop_hints (drop_hints_) {}
-
-  bool serialize (hb_serialize_context_t *c,
-		  const op_str_t &opstr,
-		  objidx_t subrs_link) const
-  {
-    TRACE_SERIALIZE (this);
-
-    if (drop_hints && dict_opset_t::is_hint_op (opstr.op))
-      return true;
-    if (opstr.op == OpCode_Subrs)
-    {
-      if (desubroutinize || !subrs_link)
-	return_trace (true);
-      else
-	return_trace (FontDict::serialize_link2_op (c, opstr.op, subrs_link));
-    }
-    else
-      return_trace (copy_opstr (c, opstr));
-  }
-
-  protected:
-  const bool  desubroutinize;
-  const bool  drop_hints;
-};
-
 struct flatten_param_t
 {
   str_buff_t     &flatStr;
@@ -738,7 +795,7 @@
     return true;
   }
 
-  bool encode_charstrings (str_buff_vec_t &buffArray) const
+  bool encode_charstrings (str_buff_vec_t &buffArray, bool encode_prefix = true) const
   {
     if (unlikely (!buffArray.resize_exact (plan->num_output_glyphs ())))
       return false;
@@ -754,7 +811,7 @@
       unsigned int  fd = acc.fdSelect->get_fd (glyph);
       if (unlikely (fd >= acc.fdCount))
 	return false;
-      if (unlikely (!encode_str (get_parsed_charstring (i), fd, buffArray.arrayZ[i])))
+      if (unlikely (!encode_str (get_parsed_charstring (i), fd, buffArray.arrayZ[i], encode_prefix)))
 	return false;
     }
     return true;
@@ -984,16 +1041,16 @@
     }
   }
 
-  bool encode_str (const parsed_cs_str_t &str, const unsigned int fd, str_buff_t &buff) const
+  bool encode_str (const parsed_cs_str_t &str, const unsigned int fd, str_buff_t &buff, bool encode_prefix = true) const
   {
     str_encoder_t  encoder (buff);
     encoder.reset ();
     bool hinting = !(plan->flags & HB_SUBSET_FLAGS_NO_HINTING);
     /* if a prefix (CFF1 width or CFF2 vsindex) has been removed along with hints,
      * re-insert it at the beginning of charstreing */
-    if (str.has_prefix () && !hinting && str.is_hint_dropped ())
+    if (encode_prefix && str.has_prefix () && !hinting && str.is_hint_dropped ())
     {
-      encoder.encode_num (str.prefix_num ());
+      encoder.encode_num_cs (str.prefix_num ());
       if (str.prefix_op () != OpCode_Invalid)
 	encoder.encode_op (str.prefix_op ());
     }
diff --git a/src/hb-subset-cff1.cc b/src/hb-subset-cff1.cc
index 538f28f..1d7ed64 100644
--- a/src/hb-subset-cff1.cc
+++ b/src/hb-subset-cff1.cc
@@ -234,7 +234,7 @@
   {
     str_encoder_t  encoder (param.flatStr);
     for (unsigned int i = env.arg_start; i < env.argStack.get_count (); i++)
-      encoder.encode_num (env.eval_arg (i));
+      encoder.encode_num_cs (env.eval_arg (i));
     SUPER::flush_args (env, param);
   }
 
@@ -248,7 +248,7 @@
   {
     assert (env.has_width);
     str_encoder_t  encoder (param.flatStr);
-    encoder.encode_num (env.width);
+    encoder.encode_num_cs (env.width);
   }
 
   static void flush_hintmask (op_code_t op, cff1_cs_interp_env_t &env, flatten_param_t& param)
@@ -335,6 +335,36 @@
   typedef cff1_cs_opset_t<cff1_cs_opset_subr_subset_t, subr_subset_param_t> SUPER;
 };
 
+struct cff1_private_dict_op_serializer_t : op_serializer_t
+{
+  cff1_private_dict_op_serializer_t (bool desubroutinize_, bool drop_hints_)
+    : desubroutinize (desubroutinize_), drop_hints (drop_hints_) {}
+
+  bool serialize (hb_serialize_context_t *c,
+		  const op_str_t &opstr,
+		  objidx_t subrs_link) const
+  {
+    TRACE_SERIALIZE (this);
+
+    if (drop_hints && dict_opset_t::is_hint_op (opstr.op))
+      return_trace (true);
+
+    if (opstr.op == OpCode_Subrs)
+    {
+      if (desubroutinize || !subrs_link)
+	return_trace (true);
+      else
+	return_trace (FontDict::serialize_link2_op (c, opstr.op, subrs_link));
+    }
+
+    return_trace (copy_opstr (c, opstr));
+  }
+
+  protected:
+  const bool desubroutinize;
+  const bool drop_hints;
+};
+
 struct cff1_subr_subsetter_t : subr_subsetter_t<cff1_subr_subsetter_t, CFF1Subrs, const OT::cff1::accelerator_subset_t, cff1_cs_interp_env_t, cff1_cs_opset_subr_subset_t, OpCode_endchar>
 {
   cff1_subr_subsetter_t (const OT::cff1::accelerator_subset_t &acc_, const hb_subset_plan_t *plan_)
@@ -721,7 +751,7 @@
       PrivateDict *pd = c->start_embed<PrivateDict> ();
       if (unlikely (!pd)) return false;
       c->push ();
-      cff_private_dict_op_serializer_t privSzr (plan.desubroutinize, plan.drop_hints);
+      cff1_private_dict_op_serializer_t privSzr (plan.desubroutinize, plan.drop_hints);
       /* N.B. local subrs immediately follows its corresponding private dict. i.e., subr offset == private dict size */
       if (likely (pd->serialize (c, acc.privateDicts[i], privSzr, subrs_link)))
       {
diff --git a/src/hb-subset-cff2.cc b/src/hb-subset-cff2.cc
index d2fcdce..8ab4620 100644
--- a/src/hb-subset-cff2.cc
+++ b/src/hb-subset-cff2.cc
@@ -59,7 +59,10 @@
     switch (opstr.op)
     {
       case OpCode_vstore:
-	return_trace (FontDict::serialize_link4_op(c, opstr.op, info.var_store_link));
+        if (info.var_store_link)
+	  return_trace (FontDict::serialize_link4_op(c, opstr.op, info.var_store_link));
+	else
+	  return_trace (true);
 
       default:
 	return_trace (cff_top_dict_op_serializer_t<>::serialize (c, opstr, info));
@@ -115,7 +118,7 @@
       else
       {
 	str_encoder_t  encoder (param.flatStr);
-	encoder.encode_num (arg);
+	encoder.encode_num_cs (arg);
 	i++;
       }
     }
@@ -135,14 +138,14 @@
 	env.set_error ();
 	return;
       }
-      encoder.encode_num (arg1);
+      encoder.encode_num_cs (arg1);
     }
     /* flatten deltas for each value */
     for (unsigned int j = 0; j < arg.numValues; j++)
     {
       const blend_arg_t &arg1 = env.argStack[i + j];
       for (unsigned int k = 0; k < arg1.deltas.length; k++)
-	encoder.encode_num (arg1.deltas[k]);
+	encoder.encode_num_cs (arg1.deltas[k]);
     }
     /* flatten the number of values followed by blend operator */
     encoder.encode_int (arg.numValues);
@@ -243,16 +246,193 @@
   }
 };
 
-struct cff2_subset_plan {
+struct cff2_private_blend_encoder_param_t
+{
+  cff2_private_blend_encoder_param_t (hb_serialize_context_t *c,
+				      const CFF2VariationStore *varStore,
+				      hb_array_t<int> normalized_coords) :
+    c (c), varStore (varStore), normalized_coords (normalized_coords) {}
 
+  void init () {}
+
+  void process_blend ()
+  {
+    if (!seen_blend)
+    {
+      region_count = varStore->varStore.get_region_index_count (ivs);
+      scalars.resize_exact (region_count);
+      varStore->varStore.get_region_scalars (ivs, normalized_coords.arrayZ, normalized_coords.length,
+					     &scalars[0], region_count);
+      seen_blend = true;
+    }
+  }
+
+  double blend_deltas (hb_array_t<const number_t> deltas) const
+  {
+    double v = 0;
+    if (likely (scalars.length == deltas.length))
+    {
+      unsigned count = scalars.length;
+      for (unsigned i = 0; i < count; i++)
+	v += (double) scalars.arrayZ[i] * deltas.arrayZ[i].to_real ();
+    }
+    return v;
+  }
+
+
+  hb_serialize_context_t *c = nullptr;
+  bool seen_blend = false;
+  unsigned ivs = 0;
+  unsigned region_count = 0;
+  hb_vector_t<float> scalars;
+  const	 CFF2VariationStore *varStore = nullptr;
+  hb_array_t<int> normalized_coords;
+};
+
+struct cff2_private_dict_blend_opset_t : dict_opset_t
+{
+  static void process_arg_blend (cff2_private_blend_encoder_param_t& param,
+				 number_t &arg,
+				 const hb_array_t<const number_t> blends,
+				 unsigned n, unsigned i)
+  {
+    arg.set_int (round (arg.to_real () + param.blend_deltas (blends)));
+  }
+
+  static void process_blend (cff2_priv_dict_interp_env_t& env, cff2_private_blend_encoder_param_t& param)
+  {
+    unsigned int n, k;
+
+    param.process_blend ();
+    k = param.region_count;
+    n = env.argStack.pop_uint ();
+    /* copy the blend values into blend array of the default values */
+    unsigned int start = env.argStack.get_count () - ((k+1) * n);
+    /* let an obvious error case fail, but note CFF2 spec doesn't forbid n==0 */
+    if (unlikely (start > env.argStack.get_count ()))
+    {
+      env.set_error ();
+      return;
+    }
+    for (unsigned int i = 0; i < n; i++)
+    {
+      const hb_array_t<const number_t> blends = env.argStack.sub_array (start + n + (i * k), k);
+      process_arg_blend (param, env.argStack[start + i], blends, n, i);
+    }
+
+    /* pop off blend values leaving default values now adorned with blend values */
+    env.argStack.pop (k * n);
+  }
+
+  static void process_op (op_code_t op, cff2_priv_dict_interp_env_t& env, cff2_private_blend_encoder_param_t& param)
+  {
+    switch (op) {
+      case OpCode_StdHW:
+      case OpCode_StdVW:
+      case OpCode_BlueScale:
+      case OpCode_BlueShift:
+      case OpCode_BlueFuzz:
+      case OpCode_ExpansionFactor:
+      case OpCode_LanguageGroup:
+      case OpCode_BlueValues:
+      case OpCode_OtherBlues:
+      case OpCode_FamilyBlues:
+      case OpCode_FamilyOtherBlues:
+      case OpCode_StemSnapH:
+      case OpCode_StemSnapV:
+	break;
+      case OpCode_vsindexdict:
+	env.process_vsindex ();
+	param.ivs = env.get_ivs ();
+	env.clear_args ();
+	return;
+      case OpCode_blenddict:
+	process_blend (env, param);
+	return;
+
+      default:
+	dict_opset_t::process_op (op, env);
+	if (!env.argStack.is_empty ()) return;
+	break;
+    }
+
+    if (unlikely (env.in_error ())) return;
+
+    // Write args then op
+
+    str_buff_t str;
+    str_encoder_t encoder (str);
+
+    unsigned count = env.argStack.get_count ();
+    for (unsigned i = 0; i < count; i++)
+      encoder.encode_num_tp (env.argStack[i]);
+
+    encoder.encode_op (op);
+
+    auto bytes = str.as_bytes ();
+    param.c->embed (&bytes, bytes.length);
+
+    env.clear_args ();
+  }
+};
+
+struct cff2_private_dict_op_serializer_t : op_serializer_t
+{
+  cff2_private_dict_op_serializer_t (bool desubroutinize_, bool drop_hints_, bool pinned_,
+				     const CFF::CFF2VariationStore* varStore_,
+				     hb_array_t<int> normalized_coords_)
+    : desubroutinize (desubroutinize_), drop_hints (drop_hints_), pinned (pinned_),
+      varStore (varStore_), normalized_coords (normalized_coords_) {}
+
+  bool serialize (hb_serialize_context_t *c,
+		  const op_str_t &opstr,
+		  objidx_t subrs_link) const
+  {
+    TRACE_SERIALIZE (this);
+
+    if (drop_hints && dict_opset_t::is_hint_op (opstr.op))
+      return_trace (true);
+
+    if (opstr.op == OpCode_Subrs)
+    {
+      if (desubroutinize || !subrs_link)
+	return_trace (true);
+      else
+	return_trace (FontDict::serialize_link2_op (c, opstr.op, subrs_link));
+    }
+
+    if (pinned)
+    {
+      // Reinterpret opstr and process blends.
+      cff2_priv_dict_interp_env_t env {hb_ubytes_t (opstr.ptr, opstr.length)};
+      cff2_private_blend_encoder_param_t param (c, varStore, normalized_coords);
+      dict_interpreter_t<cff2_private_dict_blend_opset_t, cff2_private_blend_encoder_param_t, cff2_priv_dict_interp_env_t> interp (env);
+      return_trace (interp.interpret (param));
+    }
+
+    return_trace (copy_opstr (c, opstr));
+  }
+
+  protected:
+  const bool desubroutinize;
+  const bool drop_hints;
+  const bool pinned;
+  const CFF::CFF2VariationStore* varStore;
+  hb_array_t<int> normalized_coords;
+};
+
+
+struct cff2_subset_plan
+{
   bool create (const OT::cff2::accelerator_subset_t &acc,
 	      hb_subset_plan_t *plan)
   {
     orig_fdcount = acc.fdArray->count;
 
     drop_hints = plan->flags & HB_SUBSET_FLAGS_NO_HINTING;
+    pinned = (bool) plan->normalized_coords;
     desubroutinize = plan->flags & HB_SUBSET_FLAGS_DESUBROUTINIZE ||
-		     plan->normalized_coords; // For instancing we need this path
+		     pinned; // For instancing we need this path
 
     if (desubroutinize)
     {
@@ -271,7 +451,7 @@
 	return false;
 
       /* encode charstrings, global subrs, local subrs with new subroutine numbers */
-      if (!subr_subsetter.encode_charstrings (subset_charstrings))
+      if (!subr_subsetter.encode_charstrings (subset_charstrings, !pinned))
 	return false;
 
       if (!subr_subsetter.encode_globalsubrs (subset_globalsubrs))
@@ -311,8 +491,9 @@
 
   unsigned int    orig_fdcount = 0;
   unsigned int    subset_fdcount = 1;
-  unsigned int	  subset_fdselect_size = 0;
+  unsigned int    subset_fdselect_size = 0;
   unsigned int    subset_fdselect_format = 0;
+  bool            pinned = false;
   hb_vector_t<code_pair_t>   subset_fdselect_ranges;
 
   hb_inc_bimap_t   fdmap;
@@ -328,7 +509,8 @@
 static bool _serialize_cff2 (hb_serialize_context_t *c,
 			     cff2_subset_plan &plan,
 			     const OT::cff2::accelerator_subset_t  &acc,
-			     unsigned int num_glyphs)
+			     unsigned int num_glyphs,
+			     hb_array_t<int> normalized_coords)
 {
   /* private dicts & local subrs */
   hb_vector_t<table_info_t>  private_dict_infos;
@@ -356,7 +538,8 @@
       PrivateDict *pd = c->start_embed<PrivateDict> ();
       if (unlikely (!pd)) return false;
       c->push ();
-      cff_private_dict_op_serializer_t privSzr (plan.desubroutinize, plan.drop_hints);
+      cff2_private_dict_op_serializer_t privSzr (plan.desubroutinize, plan.drop_hints, plan.pinned,
+						 acc.varStore, normalized_coords);
       if (likely (pd->serialize (c, acc.privateDicts[i], privSzr, subrs_link)))
       {
 	unsigned fd = plan.fdmap[i];
@@ -424,7 +607,8 @@
   }
 
   /* variation store */
-  if (acc.varStore != &Null (CFF2VariationStore))
+  if (acc.varStore != &Null (CFF2VariationStore) &&
+      !plan.pinned)
   {
     c->push ();
     CFF2VariationStore *dest = c->start_embed<CFF2VariationStore> ();
@@ -463,7 +647,8 @@
   cff2_subset_plan cff2_plan;
 
   if (unlikely (!cff2_plan.create (acc, c->plan))) return false;
-  return _serialize_cff2 (c->serializer, cff2_plan, acc, c->plan->num_output_glyphs ());
+  return _serialize_cff2 (c->serializer, cff2_plan, acc, c->plan->num_output_glyphs (),
+			  c->plan->normalized_coords.as_array ());
 }
 
 bool
diff --git a/src/hb.hh b/src/hb.hh
index aac43a2..857571b 100644
--- a/src/hb.hh
+++ b/src/hb.hh
@@ -463,6 +463,37 @@
 #endif
 #endif
 
+
+// Locale business
+
+#if !defined(HB_NO_SETLOCALE) && (!defined(HAVE_NEWLOCALE) || !defined(HAVE_USELOCALE))
+#define HB_NO_SETLOCALE 1
+#endif
+
+#ifndef HB_NO_SETLOCALE
+
+#include <locale.h>
+#ifdef HAVE_XLOCALE_H
+#include <xlocale.h> // Needed on BSD/OS X for uselocale
+#endif
+
+#ifdef WIN32
+#define hb_locale_t _locale_t
+#else
+#define hb_locale_t locale_t
+#endif
+#define hb_setlocale setlocale
+#define hb_uselocale uselocale
+
+#else
+
+#define hb_locale_t void *
+#define hb_setlocale(Category, Locale) "C"
+#define hb_uselocale(Locale) ((hb_locale_t) 0)
+
+#endif
+
+
 /* Lets assert int types.  Saves trouble down the road. */
 static_assert ((sizeof (hb_codepoint_t) == 4), "");
 static_assert ((sizeof (hb_position_t) == 4), "");
diff --git a/test/api/fonts/AdobeVFPrototype.abc.static.otf b/test/api/fonts/AdobeVFPrototype.abc.static.otf
index dde2c9b..c5774cc 100644
--- a/test/api/fonts/AdobeVFPrototype.abc.static.otf
+++ b/test/api/fonts/AdobeVFPrototype.abc.static.otf
Binary files differ