mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-05-01 15:16:07 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/lib/CodeGen/EHScopeStack.h
Ten Tzen 797ad70152 [Windows SEH]: HARDWARE EXCEPTION HANDLING (MSVC -EHa) - Part 1 
This patch is the Part-1 (FE Clang) implementation of HW Exception handling.

This new feature adds the support of Hardware Exception for Microsoft Windows
SEH (Structured Exception Handling).
This is the first step of this project; only X86_64 target is enabled in this patch.

Compiler options:
For clang-cl.exe, the option is -EHa, the same as MSVC.
For clang.exe, the extra option is -fasync-exceptions,
plus -triple x86_64-windows -fexceptions and -fcxx-exceptions as usual.

NOTE:: Without the -EHa or -fasync-exceptions, this patch is a NO-DIFF change.

The rules for C code:
For C-code, one way (MSVC approach) to achieve SEH -EHa semantic is to follow
three rules:
* First, no exception can move in or out of _try region., i.e., no "potential
  faulty instruction can be moved across _try boundary.
* Second, the order of exceptions for instructions 'directly' under a _try
  must be preserved (not applied to those in callees).
* Finally, global states (local/global/heap variables) that can be read
  outside of _try region must be updated in memory (not just in register)
  before the subsequent exception occurs.

The impact to C++ code:
Although SEH is a feature for C code, -EHa does have a profound effect on C++
side. When a C++ function (in the same compilation unit with option -EHa ) is
called by a SEH C function, a hardware exception occurs in C++ code can also
be handled properly by an upstream SEH _try-handler or a C++ catch(...).
As such, when that happens in the middle of an object's life scope, the dtor
must be invoked the same way as C++ Synchronous Exception during unwinding
process.

Design:
A natural way to achieve the rules above in LLVM today is to allow an EH edge
added on memory/computation instruction (previous iload/istore idea) so that
exception path is modeled in Flow graph preciously. However, tracking every
single memory instruction and potential faulty instruction can create many
Invokes, complicate flow graph and possibly result in negative performance
impact for downstream optimization and code generation. Making all
optimizations be aware of the new semantic is also substantial.

This design does not intend to model exception path at instruction level.
Instead, the proposed design tracks and reports EH state at BLOCK-level to
reduce the complexity of flow graph and minimize the performance-impact on CPP
code under -EHa option.

One key element of this design is the ability to compute State number at
block-level. Our algorithm is based on the following rationales:

A _try scope is always a SEME (Single Entry Multiple Exits) region as jumping
into a _try is not allowed. The single entry must start with a seh_try_begin()
invoke with a correct State number that is the initial state of the SEME.
Through control-flow, state number is propagated into all blocks. Side exits
marked by seh_try_end() will unwind to parent state based on existing
SEHUnwindMap[].
Note side exits can ONLY jump into parent scopes (lower state number).
Thus, when a block succeeds various states from its predecessors, the lowest
State triumphs others.  If some exits flow to unreachable, propagation on those
paths terminate, not affecting remaining blocks.
For CPP code, object lifetime region is usually a SEME as SEH _try.
However there is one rare exception: jumping into a lifetime that has Dtor but
has no Ctor is warned, but allowed:

Warning: jump bypasses variable with a non-trivial destructor

In that case, the region is actually a MEME (multiple entry multiple exits).
Our solution is to inject a eha_scope_begin() invoke in the side entry block to
ensure a correct State.

Implementation:
Part-1: Clang implementation described below.

Two intrinsic are created to track CPP object scopes; eha_scope_begin() and eha_scope_end().
_scope_begin() is immediately added after ctor() is called and EHStack is pushed.
So it must be an invoke, not a call. With that it's also guaranteed an
EH-cleanup-pad is created regardless whether there exists a call in this scope.
_scope_end is added before dtor(). These two intrinsics make the computation of
Block-State possible in downstream code gen pass, even in the presence of
ctor/dtor inlining.

Two intrinsic, seh_try_begin() and seh_try_end(), are added for C-code to mark
_try boundary and to prevent from exceptions being moved across _try boundary.
All memory instructions inside a _try are considered as 'volatile' to assure
2nd and 3rd rules for C-code above. This is a little sub-optimized. But it's
acceptable as the amount of code directly under _try is very small.

Part-2 (will be in Part-2 patch): LLVM implementation described below.

For both C++ & C-code, the state of each block is computed at the same place in
BE (WinEHPreparing pass) where all other EH tables/maps are calculated.
In addition to _scope_begin & _scope_end, the computation of block state also
rely on the existing State tracking code (UnwindMap and InvokeStateMap).

For both C++ & C-code, the state of each block with potential trap instruction
is marked and reported in DAG Instruction Selection pass, the same place where
the state for -EHsc (synchronous exceptions) is done.
If the first instruction in a reported block scope can trap, a Nop is injected
before this instruction. This nop is needed to accommodate LLVM Windows EH
implementation, in which the address in IPToState table is offset by +1.
(note the purpose of that is to ensure the return address of a call is in the
same scope as the call address.

The handler for catch(...) for -EHa must handle HW exception. So it is
'adjective' flag is reset (it cannot be IsStdDotDot (0x40) that only catches
C++ exceptions).
Suppress push/popTerminate() scope (from noexcept/noTHrow) so that HW
exceptions can be passed through.

Original llvm-dev [RFC] discussions can be found in these two threads below:
https://lists.llvm.org/pipermail/llvm-dev/2020-March/140541.html
https://lists.llvm.org/pipermail/llvm-dev/2020-April/141338.html

Differential Revision: https://reviews.llvm.org/D80344/new/
2021-05-17 22:42:17 -07:00

427 lines
14 KiB
C++
Raw Blame History

//===-- EHScopeStack.h - Stack for cleanup IR generation --------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// These classes should be the minimum interface required for other parts of
// CodeGen to emit cleanups. The implementation is in CGCleanup.cpp and other
// implemenentation details that are not widely needed are in CGCleanup.h.
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_LIB_CODEGEN_EHSCOPESTACK_H
#define LLVM_CLANG_LIB_CODEGEN_EHSCOPESTACK_H
#include "clang/Basic/LLVM.h"
#include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Instructions.h"
#include "llvm/IR/Value.h"
namespace clang {
namespace CodeGen {
class CodeGenFunction;
/// A branch fixup. These are required when emitting a goto to a
/// label which hasn't been emitted yet. The goto is optimistically
/// emitted as a branch to the basic block for the label, and (if it
/// occurs in a scope with non-trivial cleanups) a fixup is added to
/// the innermost cleanup. When a (normal) cleanup is popped, any
/// unresolved fixups in that scope are threaded through the cleanup.
struct BranchFixup {
/// The block containing the terminator which needs to be modified
/// into a switch if this fixup is resolved into the current scope.
/// If null, LatestBranch points directly to the destination.
llvm::BasicBlock *OptimisticBranchBlock;
/// The ultimate destination of the branch.
///
/// This can be set to null to indicate that this fixup was
/// successfully resolved.
llvm::BasicBlock *Destination;
/// The destination index value.
unsigned DestinationIndex;
/// The initial branch of the fixup.
llvm::BranchInst *InitialBranch;
};
template <class T> struct InvariantValue {
typedef T type;
typedef T saved_type;
static bool needsSaving(type value) { return false; }
static saved_type save(CodeGenFunction &CGF, type value) { return value; }
static type restore(CodeGenFunction &CGF, saved_type value) { return value; }
};
/// A metaprogramming class for ensuring that a value will dominate an
/// arbitrary position in a function.
template <class T> struct DominatingValue : InvariantValue<T> {};
template <class T, bool mightBeInstruction =
std::is_base_of<llvm::Value, T>::value &&
!std::is_base_of<llvm::Constant, T>::value &&
!std::is_base_of<llvm::BasicBlock, T>::value>
struct DominatingPointer;
template <class T> struct DominatingPointer<T,false> : InvariantValue<T*> {};
// template <class T> struct DominatingPointer<T,true> at end of file
template <class T> struct DominatingValue<T*> : DominatingPointer<T> {};
enum CleanupKind : unsigned {
/// Denotes a cleanup that should run when a scope is exited using exceptional
/// control flow (a throw statement leading to stack unwinding, ).
EHCleanup = 0x1,
/// Denotes a cleanup that should run when a scope is exited using normal
/// control flow (falling off the end of the scope, return, goto, ...).
NormalCleanup = 0x2,
NormalAndEHCleanup = EHCleanup | NormalCleanup,
LifetimeMarker = 0x8,
NormalEHLifetimeMarker = LifetimeMarker | NormalAndEHCleanup,
};
/// A stack of scopes which respond to exceptions, including cleanups
/// and catch blocks.
class EHScopeStack {
public:
/* Should switch to alignof(uint64_t) instead of 8, when EHCleanupScope can */
enum { ScopeStackAlignment = 8 };
/// A saved depth on the scope stack. This is necessary because
/// pushing scopes onto the stack invalidates iterators.
class stable_iterator {
friend class EHScopeStack;
/// Offset from StartOfData to EndOfBuffer.
ptrdiff_t Size;
stable_iterator(ptrdiff_t Size) : Size(Size) {}
public:
static stable_iterator invalid() { return stable_iterator(-1); }
stable_iterator() : Size(-1) {}
bool isValid() const { return Size >= 0; }
/// Returns true if this scope encloses I.
/// Returns false if I is invalid.
/// This scope must be valid.
bool encloses(stable_iterator I) const { return Size <= I.Size; }
/// Returns true if this scope strictly encloses I: that is,
/// if it encloses I and is not I.
/// Returns false is I is invalid.
/// This scope must be valid.
bool strictlyEncloses(stable_iterator I) const { return Size < I.Size; }
friend bool operator==(stable_iterator A, stable_iterator B) {
return A.Size == B.Size;
}
friend bool operator!=(stable_iterator A, stable_iterator B) {
return A.Size != B.Size;
}
};
/// Information for lazily generating a cleanup. Subclasses must be
/// POD-like: cleanups will not be destructed, and they will be
/// allocated on the cleanup stack and freely copied and moved
/// around.
///
/// Cleanup implementations should generally be declared in an
/// anonymous namespace.
class Cleanup {
// Anchor the construction vtable.
virtual void anchor();
protected:
~Cleanup() = default;
public:
Cleanup(const Cleanup &) = default;
Cleanup(Cleanup &&) {}
Cleanup() = default;
virtual bool isRedundantBeforeReturn() { return false; }
/// Generation flags.
class Flags {
enum {
F_IsForEH = 0x1,
F_IsNormalCleanupKind = 0x2,
F_IsEHCleanupKind = 0x4,
F_HasExitSwitch = 0x8,
};
unsigned flags;
public:
Flags() : flags(0) {}
/// isForEH - true if the current emission is for an EH cleanup.
bool isForEHCleanup() const { return flags & F_IsForEH; }
bool isForNormalCleanup() const { return !isForEHCleanup(); }
void setIsForEHCleanup() { flags |= F_IsForEH; }
bool isNormalCleanupKind() const { return flags & F_IsNormalCleanupKind; }
void setIsNormalCleanupKind() { flags |= F_IsNormalCleanupKind; }
/// isEHCleanupKind - true if the cleanup was pushed as an EH
/// cleanup.
bool isEHCleanupKind() const { return flags & F_IsEHCleanupKind; }
void setIsEHCleanupKind() { flags |= F_IsEHCleanupKind; }
bool hasExitSwitch() const { return flags & F_HasExitSwitch; }
void setHasExitSwitch() { flags |= F_HasExitSwitch; }
};
/// Emit the cleanup. For normal cleanups, this is run in the
/// same EH context as when the cleanup was pushed, i.e. the
/// immediately-enclosing context of the cleanup scope. For
/// EH cleanups, this is run in a terminate context.
///
// \param flags cleanup kind.
virtual void Emit(CodeGenFunction &CGF, Flags flags) = 0;
};
/// ConditionalCleanup stores the saved form of its parameters,
/// then restores them and performs the cleanup.
template <class T, class... As>
class ConditionalCleanup final : public Cleanup {
typedef std::tuple<typename DominatingValue<As>::saved_type...> SavedTuple;
SavedTuple Saved;
template <std::size_t... Is>
T restore(CodeGenFunction &CGF, std::index_sequence<Is...>) {
// It's important that the restores are emitted in order. The braced init
// list guarantees that.
return T{DominatingValue<As>::restore(CGF, std::get<Is>(Saved))...};
}
void Emit(CodeGenFunction &CGF, Flags flags) override {
restore(CGF, std::index_sequence_for<As...>()).Emit(CGF, flags);
}
public:
ConditionalCleanup(typename DominatingValue<As>::saved_type... A)
: Saved(A...) {}
ConditionalCleanup(SavedTuple Tuple) : Saved(std::move(Tuple)) {}
};
private:
// The implementation for this class is in CGException.h and
// CGException.cpp; the definition is here because it's used as a
// member of CodeGenFunction.
/// The start of the scope-stack buffer, i.e. the allocated pointer
/// for the buffer. All of these pointers are either simultaneously
/// null or simultaneously valid.
char *StartOfBuffer;
/// The end of the buffer.
char *EndOfBuffer;
/// The first valid entry in the buffer.
char *StartOfData;
/// The innermost normal cleanup on the stack.
stable_iterator InnermostNormalCleanup;
/// The innermost EH scope on the stack.
stable_iterator InnermostEHScope;
/// The CGF this Stack belong to
CodeGenFunction* CGF;
/// The current set of branch fixups. A branch fixup is a jump to
/// an as-yet unemitted label, i.e. a label for which we don't yet
/// know the EH stack depth. Whenever we pop a cleanup, we have
/// to thread all the current branch fixups through it.
///
/// Fixups are recorded as the Use of the respective branch or
/// switch statement. The use points to the final destination.
/// When popping out of a cleanup, these uses are threaded through
/// the cleanup and adjusted to point to the new cleanup.
///
/// Note that branches are allowed to jump into protected scopes
/// in certain situations; e.g. the following code is legal:
/// struct A { ~A(); }; // trivial ctor, non-trivial dtor
/// goto foo;
/// A a;
/// foo:
/// bar();
SmallVector<BranchFixup, 8> BranchFixups;
char *allocate(size_t Size);
void deallocate(size_t Size);
void *pushCleanup(CleanupKind K, size_t DataSize);
public:
EHScopeStack()
: StartOfBuffer(nullptr), EndOfBuffer(nullptr), StartOfData(nullptr),
InnermostNormalCleanup(stable_end()), InnermostEHScope(stable_end()),
CGF(nullptr) {}
~EHScopeStack() { delete[] StartOfBuffer; }
/// Push a lazily-created cleanup on the stack.
template <class T, class... As> void pushCleanup(CleanupKind Kind, As... A) {
static_assert(alignof(T) <= ScopeStackAlignment,
"Cleanup's alignment is too large.");
void *Buffer = pushCleanup(Kind, sizeof(T));
Cleanup *Obj = new (Buffer) T(A...);
(void) Obj;
}
/// Push a lazily-created cleanup on the stack. Tuple version.
template <class T, class... As>
void pushCleanupTuple(CleanupKind Kind, std::tuple<As...> A) {
static_assert(alignof(T) <= ScopeStackAlignment,
"Cleanup's alignment is too large.");
void *Buffer = pushCleanup(Kind, sizeof(T));
Cleanup *Obj = new (Buffer) T(std::move(A));
(void) Obj;
}
// Feel free to add more variants of the following:
/// Push a cleanup with non-constant storage requirements on the
/// stack. The cleanup type must provide an additional static method:
/// static size_t getExtraSize(size_t);
/// The argument to this method will be the value N, which will also
/// be passed as the first argument to the constructor.
///
/// The data stored in the extra storage must obey the same
/// restrictions as normal cleanup member data.
///
/// The pointer returned from this method is valid until the cleanup
/// stack is modified.
template <class T, class... As>
T *pushCleanupWithExtra(CleanupKind Kind, size_t N, As... A) {
static_assert(alignof(T) <= ScopeStackAlignment,
"Cleanup's alignment is too large.");
void *Buffer = pushCleanup(Kind, sizeof(T) + T::getExtraSize(N));
return new (Buffer) T(N, A...);
}
void pushCopyOfCleanup(CleanupKind Kind, const void *Cleanup, size_t Size) {
void *Buffer = pushCleanup(Kind, Size);
std::memcpy(Buffer, Cleanup, Size);
}
void setCGF(CodeGenFunction *inCGF) { CGF = inCGF; }
/// Pops a cleanup scope off the stack. This is private to CGCleanup.cpp.
void popCleanup();
/// Push a set of catch handlers on the stack. The catch is
/// uninitialized and will need to have the given number of handlers
/// set on it.
class EHCatchScope *pushCatch(unsigned NumHandlers);
/// Pops a catch scope off the stack. This is private to CGException.cpp.
void popCatch();
/// Push an exceptions filter on the stack.
class EHFilterScope *pushFilter(unsigned NumFilters);
/// Pops an exceptions filter off the stack.
void popFilter();
/// Push a terminate handler on the stack.
void pushTerminate();
/// Pops a terminate handler off the stack.
void popTerminate();
// Returns true iff the current scope is either empty or contains only
// lifetime markers, i.e. no real cleanup code
bool containsOnlyLifetimeMarkers(stable_iterator Old) const;
/// Determines whether the exception-scopes stack is empty.
bool empty() const { return StartOfData == EndOfBuffer; }
bool requiresLandingPad() const;
/// Determines whether there are any normal cleanups on the stack.
bool hasNormalCleanups() const {
return InnermostNormalCleanup != stable_end();
}
/// Returns the innermost normal cleanup on the stack, or
/// stable_end() if there are no normal cleanups.
stable_iterator getInnermostNormalCleanup() const {
return InnermostNormalCleanup;
}
stable_iterator getInnermostActiveNormalCleanup() const;
stable_iterator getInnermostEHScope() const {
return InnermostEHScope;
}
/// An unstable reference to a scope-stack depth. Invalidated by
/// pushes but not pops.
class iterator;
/// Returns an iterator pointing to the innermost EH scope.
iterator begin() const;
/// Returns an iterator pointing to the outermost EH scope.
iterator end() const;
/// Create a stable reference to the top of the EH stack. The
/// returned reference is valid until that scope is popped off the
/// stack.
stable_iterator stable_begin() const {
return stable_iterator(EndOfBuffer - StartOfData);
}
/// Create a stable reference to the bottom of the EH stack.
static stable_iterator stable_end() {
return stable_iterator(0);
}
/// Translates an iterator into a stable_iterator.
stable_iterator stabilize(iterator it) const;
/// Turn a stable reference to a scope depth into a unstable pointer
/// to the EH stack.
iterator find(stable_iterator save) const;
/// Add a branch fixup to the current cleanup scope.
BranchFixup &addBranchFixup() {
assert(hasNormalCleanups() && "adding fixup in scope without cleanups");
BranchFixups.push_back(BranchFixup());
return BranchFixups.back();
}
unsigned getNumBranchFixups() const { return BranchFixups.size(); }
BranchFixup &getBranchFixup(unsigned I) {
assert(I < getNumBranchFixups());
return BranchFixups[I];
}
/// Pops lazily-removed fixups from the end of the list. This
/// should only be called by procedures which have just popped a
/// cleanup or resolved one or more fixups.
void popNullFixups();
/// Clears the branch-fixups list. This should only be called by
/// ResolveAllBranchFixups.
void clearFixups() { BranchFixups.clear(); }
};
} // namespace CodeGen
} // namespace clang
#endif
Reference in New Issue View Git Blame Copy Permalink