f32dbaf0b2
Former-commit-id: 10196d987d5fc5564b9d3b33b1fdf13190f4d0b5
842 lines
38 KiB
ReStructuredText
842 lines
38 KiB
ReStructuredText
==========================
|
|
Exception Handling in LLVM
|
|
==========================
|
|
|
|
.. contents::
|
|
:local:
|
|
|
|
Introduction
|
|
============
|
|
|
|
This document is the central repository for all information pertaining to
|
|
exception handling in LLVM. It describes the format that LLVM exception
|
|
handling information takes, which is useful for those interested in creating
|
|
front-ends or dealing directly with the information. Further, this document
|
|
provides specific examples of what exception handling information is used for in
|
|
C and C++.
|
|
|
|
Itanium ABI Zero-cost Exception Handling
|
|
----------------------------------------
|
|
|
|
Exception handling for most programming languages is designed to recover from
|
|
conditions that rarely occur during general use of an application. To that end,
|
|
exception handling should not interfere with the main flow of an application's
|
|
algorithm by performing checkpointing tasks, such as saving the current pc or
|
|
register state.
|
|
|
|
The Itanium ABI Exception Handling Specification defines a methodology for
|
|
providing outlying data in the form of exception tables without inlining
|
|
speculative exception handling code in the flow of an application's main
|
|
algorithm. Thus, the specification is said to add "zero-cost" to the normal
|
|
execution of an application.
|
|
|
|
A more complete description of the Itanium ABI exception handling runtime
|
|
support of can be found at `Itanium C++ ABI: Exception Handling
|
|
<http://itanium-cxx-abi.github.io/cxx-abi/abi-eh.html>`_. A description of the
|
|
exception frame format can be found at `Exception Frames
|
|
<http://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-Core-generic/LSB-Core-generic/ehframechpt.html>`_,
|
|
with details of the DWARF 4 specification at `DWARF 4 Standard
|
|
<http://dwarfstd.org/Dwarf4Std.php>`_. A description for the C++ exception
|
|
table formats can be found at `Exception Handling Tables
|
|
<http://itanium-cxx-abi.github.io/cxx-abi/exceptions.pdf>`_.
|
|
|
|
Setjmp/Longjmp Exception Handling
|
|
---------------------------------
|
|
|
|
Setjmp/Longjmp (SJLJ) based exception handling uses LLVM intrinsics
|
|
`llvm.eh.sjlj.setjmp`_ and `llvm.eh.sjlj.longjmp`_ to handle control flow for
|
|
exception handling.
|
|
|
|
For each function which does exception processing --- be it ``try``/``catch``
|
|
blocks or cleanups --- that function registers itself on a global frame
|
|
list. When exceptions are unwinding, the runtime uses this list to identify
|
|
which functions need processing.
|
|
|
|
Landing pad selection is encoded in the call site entry of the function
|
|
context. The runtime returns to the function via `llvm.eh.sjlj.longjmp`_, where
|
|
a switch table transfers control to the appropriate landing pad based on the
|
|
index stored in the function context.
|
|
|
|
In contrast to DWARF exception handling, which encodes exception regions and
|
|
frame information in out-of-line tables, SJLJ exception handling builds and
|
|
removes the unwind frame context at runtime. This results in faster exception
|
|
handling at the expense of slower execution when no exceptions are thrown. As
|
|
exceptions are, by their nature, intended for uncommon code paths, DWARF
|
|
exception handling is generally preferred to SJLJ.
|
|
|
|
Windows Runtime Exception Handling
|
|
-----------------------------------
|
|
|
|
LLVM supports handling exceptions produced by the Windows runtime, but it
|
|
requires a very different intermediate representation. It is not based on the
|
|
":ref:`landingpad <i_landingpad>`" instruction like the other two models, and is
|
|
described later in this document under :ref:`wineh`.
|
|
|
|
Overview
|
|
--------
|
|
|
|
When an exception is thrown in LLVM code, the runtime does its best to find a
|
|
handler suited to processing the circumstance.
|
|
|
|
The runtime first attempts to find an *exception frame* corresponding to the
|
|
function where the exception was thrown. If the programming language supports
|
|
exception handling (e.g. C++), the exception frame contains a reference to an
|
|
exception table describing how to process the exception. If the language does
|
|
not support exception handling (e.g. C), or if the exception needs to be
|
|
forwarded to a prior activation, the exception frame contains information about
|
|
how to unwind the current activation and restore the state of the prior
|
|
activation. This process is repeated until the exception is handled. If the
|
|
exception is not handled and no activations remain, then the application is
|
|
terminated with an appropriate error message.
|
|
|
|
Because different programming languages have different behaviors when handling
|
|
exceptions, the exception handling ABI provides a mechanism for
|
|
supplying *personalities*. An exception handling personality is defined by
|
|
way of a *personality function* (e.g. ``__gxx_personality_v0`` in C++),
|
|
which receives the context of the exception, an *exception structure*
|
|
containing the exception object type and value, and a reference to the exception
|
|
table for the current function. The personality function for the current
|
|
compile unit is specified in a *common exception frame*.
|
|
|
|
The organization of an exception table is language dependent. For C++, an
|
|
exception table is organized as a series of code ranges defining what to do if
|
|
an exception occurs in that range. Typically, the information associated with a
|
|
range defines which types of exception objects (using C++ *type info*) that are
|
|
handled in that range, and an associated action that should take place. Actions
|
|
typically pass control to a *landing pad*.
|
|
|
|
A landing pad corresponds roughly to the code found in the ``catch`` portion of
|
|
a ``try``/``catch`` sequence. When execution resumes at a landing pad, it
|
|
receives an *exception structure* and a *selector value* corresponding to the
|
|
*type* of exception thrown. The selector is then used to determine which *catch*
|
|
should actually process the exception.
|
|
|
|
LLVM Code Generation
|
|
====================
|
|
|
|
From a C++ developer's perspective, exceptions are defined in terms of the
|
|
``throw`` and ``try``/``catch`` statements. In this section we will describe the
|
|
implementation of LLVM exception handling in terms of C++ examples.
|
|
|
|
Throw
|
|
-----
|
|
|
|
Languages that support exception handling typically provide a ``throw``
|
|
operation to initiate the exception process. Internally, a ``throw`` operation
|
|
breaks down into two steps.
|
|
|
|
#. A request is made to allocate exception space for an exception structure.
|
|
This structure needs to survive beyond the current activation. This structure
|
|
will contain the type and value of the object being thrown.
|
|
|
|
#. A call is made to the runtime to raise the exception, passing the exception
|
|
structure as an argument.
|
|
|
|
In C++, the allocation of the exception structure is done by the
|
|
``__cxa_allocate_exception`` runtime function. The exception raising is handled
|
|
by ``__cxa_throw``. The type of the exception is represented using a C++ RTTI
|
|
structure.
|
|
|
|
Try/Catch
|
|
---------
|
|
|
|
A call within the scope of a *try* statement can potentially raise an
|
|
exception. In those circumstances, the LLVM C++ front-end replaces the call with
|
|
an ``invoke`` instruction. Unlike a call, the ``invoke`` has two potential
|
|
continuation points:
|
|
|
|
#. where to continue when the call succeeds as per normal, and
|
|
|
|
#. where to continue if the call raises an exception, either by a throw or the
|
|
unwinding of a throw
|
|
|
|
The term used to define the place where an ``invoke`` continues after an
|
|
exception is called a *landing pad*. LLVM landing pads are conceptually
|
|
alternative function entry points where an exception structure reference and a
|
|
type info index are passed in as arguments. The landing pad saves the exception
|
|
structure reference and then proceeds to select the catch block that corresponds
|
|
to the type info of the exception object.
|
|
|
|
The LLVM :ref:`i_landingpad` is used to convey information about the landing
|
|
pad to the back end. For C++, the ``landingpad`` instruction returns a pointer
|
|
and integer pair corresponding to the pointer to the *exception structure* and
|
|
the *selector value* respectively.
|
|
|
|
The ``landingpad`` instruction looks for a reference to the personality
|
|
function to be used for this ``try``/``catch`` sequence in the parent
|
|
function's attribute list. The instruction contains a list of *cleanup*,
|
|
*catch*, and *filter* clauses. The exception is tested against the clauses
|
|
sequentially from first to last. The clauses have the following meanings:
|
|
|
|
- ``catch <type> @ExcType``
|
|
|
|
- This clause means that the landingpad block should be entered if the
|
|
exception being thrown is of type ``@ExcType`` or a subtype of
|
|
``@ExcType``. For C++, ``@ExcType`` is a pointer to the ``std::type_info``
|
|
object (an RTTI object) representing the C++ exception type.
|
|
|
|
- If ``@ExcType`` is ``null``, any exception matches, so the landingpad
|
|
should always be entered. This is used for C++ catch-all blocks ("``catch
|
|
(...)``").
|
|
|
|
- When this clause is matched, the selector value will be equal to the value
|
|
returned by "``@llvm.eh.typeid.for(i8* @ExcType)``". This will always be a
|
|
positive value.
|
|
|
|
- ``filter <type> [<type> @ExcType1, ..., <type> @ExcTypeN]``
|
|
|
|
- This clause means that the landingpad should be entered if the exception
|
|
being thrown does *not* match any of the types in the list (which, for C++,
|
|
are again specified as ``std::type_info`` pointers).
|
|
|
|
- C++ front-ends use this to implement C++ exception specifications, such as
|
|
"``void foo() throw (ExcType1, ..., ExcTypeN) { ... }``".
|
|
|
|
- When this clause is matched, the selector value will be negative.
|
|
|
|
- The array argument to ``filter`` may be empty; for example, "``[0 x i8**]
|
|
undef``". This means that the landingpad should always be entered. (Note
|
|
that such a ``filter`` would not be equivalent to "``catch i8* null``",
|
|
because ``filter`` and ``catch`` produce negative and positive selector
|
|
values respectively.)
|
|
|
|
- ``cleanup``
|
|
|
|
- This clause means that the landingpad should always be entered.
|
|
|
|
- C++ front-ends use this for calling objects' destructors.
|
|
|
|
- When this clause is matched, the selector value will be zero.
|
|
|
|
- The runtime may treat "``cleanup``" differently from "``catch <type>
|
|
null``".
|
|
|
|
In C++, if an unhandled exception occurs, the language runtime will call
|
|
``std::terminate()``, but it is implementation-defined whether the runtime
|
|
unwinds the stack and calls object destructors first. For example, the GNU
|
|
C++ unwinder does not call object destructors when an unhandled exception
|
|
occurs. The reason for this is to improve debuggability: it ensures that
|
|
``std::terminate()`` is called from the context of the ``throw``, so that
|
|
this context is not lost by unwinding the stack. A runtime will typically
|
|
implement this by searching for a matching non-``cleanup`` clause, and
|
|
aborting if it does not find one, before entering any landingpad blocks.
|
|
|
|
Once the landing pad has the type info selector, the code branches to the code
|
|
for the first catch. The catch then checks the value of the type info selector
|
|
against the index of type info for that catch. Since the type info index is not
|
|
known until all the type infos have been gathered in the backend, the catch code
|
|
must call the `llvm.eh.typeid.for`_ intrinsic to determine the index for a given
|
|
type info. If the catch fails to match the selector then control is passed on to
|
|
the next catch.
|
|
|
|
Finally, the entry and exit of catch code is bracketed with calls to
|
|
``__cxa_begin_catch`` and ``__cxa_end_catch``.
|
|
|
|
* ``__cxa_begin_catch`` takes an exception structure reference as an argument
|
|
and returns the value of the exception object.
|
|
|
|
* ``__cxa_end_catch`` takes no arguments. This function:
|
|
|
|
#. Locates the most recently caught exception and decrements its handler
|
|
count,
|
|
|
|
#. Removes the exception from the *caught* stack if the handler count goes to
|
|
zero, and
|
|
|
|
#. Destroys the exception if the handler count goes to zero and the exception
|
|
was not re-thrown by throw.
|
|
|
|
.. note::
|
|
|
|
a rethrow from within the catch may replace this call with a
|
|
``__cxa_rethrow``.
|
|
|
|
Cleanups
|
|
--------
|
|
|
|
A cleanup is extra code which needs to be run as part of unwinding a scope. C++
|
|
destructors are a typical example, but other languages and language extensions
|
|
provide a variety of different kinds of cleanups. In general, a landing pad may
|
|
need to run arbitrary amounts of cleanup code before actually entering a catch
|
|
block. To indicate the presence of cleanups, a :ref:`i_landingpad` should have
|
|
a *cleanup* clause. Otherwise, the unwinder will not stop at the landing pad if
|
|
there are no catches or filters that require it to.
|
|
|
|
.. note::
|
|
|
|
Do not allow a new exception to propagate out of the execution of a
|
|
cleanup. This can corrupt the internal state of the unwinder. Different
|
|
languages describe different high-level semantics for these situations: for
|
|
example, C++ requires that the process be terminated, whereas Ada cancels both
|
|
exceptions and throws a third.
|
|
|
|
When all cleanups are finished, if the exception is not handled by the current
|
|
function, resume unwinding by calling the :ref:`resume instruction <i_resume>`,
|
|
passing in the result of the ``landingpad`` instruction for the original
|
|
landing pad.
|
|
|
|
Throw Filters
|
|
-------------
|
|
|
|
C++ allows the specification of which exception types may be thrown from a
|
|
function. To represent this, a top level landing pad may exist to filter out
|
|
invalid types. To express this in LLVM code the :ref:`i_landingpad` will have a
|
|
filter clause. The clause consists of an array of type infos.
|
|
``landingpad`` will return a negative value
|
|
if the exception does not match any of the type infos. If no match is found then
|
|
a call to ``__cxa_call_unexpected`` should be made, otherwise
|
|
``_Unwind_Resume``. Each of these functions requires a reference to the
|
|
exception structure. Note that the most general form of a ``landingpad``
|
|
instruction can have any number of catch, cleanup, and filter clauses (though
|
|
having more than one cleanup is pointless). The LLVM C++ front-end can generate
|
|
such ``landingpad`` instructions due to inlining creating nested exception
|
|
handling scopes.
|
|
|
|
.. _undefined:
|
|
|
|
Restrictions
|
|
------------
|
|
|
|
The unwinder delegates the decision of whether to stop in a call frame to that
|
|
call frame's language-specific personality function. Not all unwinders guarantee
|
|
that they will stop to perform cleanups. For example, the GNU C++ unwinder
|
|
doesn't do so unless the exception is actually caught somewhere further up the
|
|
stack.
|
|
|
|
In order for inlining to behave correctly, landing pads must be prepared to
|
|
handle selector results that they did not originally advertise. Suppose that a
|
|
function catches exceptions of type ``A``, and it's inlined into a function that
|
|
catches exceptions of type ``B``. The inliner will update the ``landingpad``
|
|
instruction for the inlined landing pad to include the fact that ``B`` is also
|
|
caught. If that landing pad assumes that it will only be entered to catch an
|
|
``A``, it's in for a rude awakening. Consequently, landing pads must test for
|
|
the selector results they understand and then resume exception propagation with
|
|
the `resume instruction <LangRef.html#i_resume>`_ if none of the conditions
|
|
match.
|
|
|
|
Exception Handling Intrinsics
|
|
=============================
|
|
|
|
In addition to the ``landingpad`` and ``resume`` instructions, LLVM uses several
|
|
intrinsic functions (name prefixed with ``llvm.eh``) to provide exception
|
|
handling information at various points in generated code.
|
|
|
|
.. _llvm.eh.typeid.for:
|
|
|
|
``llvm.eh.typeid.for``
|
|
----------------------
|
|
|
|
.. code-block:: llvm
|
|
|
|
i32 @llvm.eh.typeid.for(i8* %type_info)
|
|
|
|
|
|
This intrinsic returns the type info index in the exception table of the current
|
|
function. This value can be used to compare against the result of
|
|
``landingpad`` instruction. The single argument is a reference to a type info.
|
|
|
|
Uses of this intrinsic are generated by the C++ front-end.
|
|
|
|
.. _llvm.eh.begincatch:
|
|
|
|
``llvm.eh.begincatch``
|
|
----------------------
|
|
|
|
.. code-block:: llvm
|
|
|
|
void @llvm.eh.begincatch(i8* %ehptr, i8* %ehobj)
|
|
|
|
|
|
This intrinsic marks the beginning of catch handling code within the blocks
|
|
following a ``landingpad`` instruction. The exact behavior of this function
|
|
depends on the compilation target and the personality function associated
|
|
with the ``landingpad`` instruction.
|
|
|
|
The first argument to this intrinsic is a pointer that was previously extracted
|
|
from the aggregate return value of the ``landingpad`` instruction. The second
|
|
argument to the intrinsic is a pointer to stack space where the exception object
|
|
should be stored. The runtime handles the details of copying the exception
|
|
object into the slot. If the second parameter is null, no copy occurs.
|
|
|
|
Uses of this intrinsic are generated by the C++ front-end. Many targets will
|
|
use implementation-specific functions (such as ``__cxa_begin_catch``) instead
|
|
of this intrinsic. The intrinsic is provided for targets that require a more
|
|
abstract interface.
|
|
|
|
When used in the native Windows C++ exception handling implementation, this
|
|
intrinsic serves as a placeholder to delimit code before a catch handler is
|
|
outlined. When the handler is is outlined, this intrinsic will be replaced
|
|
by instructions that retrieve the exception object pointer from the frame
|
|
allocation block.
|
|
|
|
|
|
.. _llvm.eh.endcatch:
|
|
|
|
``llvm.eh.endcatch``
|
|
----------------------
|
|
|
|
.. code-block:: llvm
|
|
|
|
void @llvm.eh.endcatch()
|
|
|
|
|
|
This intrinsic marks the end of catch handling code within the current block,
|
|
which will be a successor of a block which called ``llvm.eh.begincatch''.
|
|
The exact behavior of this function depends on the compilation target and the
|
|
personality function associated with the corresponding ``landingpad``
|
|
instruction.
|
|
|
|
There may be more than one call to ``llvm.eh.endcatch`` for any given call to
|
|
``llvm.eh.begincatch`` with each ``llvm.eh.endcatch`` call corresponding to the
|
|
end of a different control path. All control paths following a call to
|
|
``llvm.eh.begincatch`` must reach a call to ``llvm.eh.endcatch``.
|
|
|
|
Uses of this intrinsic are generated by the C++ front-end. Many targets will
|
|
use implementation-specific functions (such as ``__cxa_begin_catch``) instead
|
|
of this intrinsic. The intrinsic is provided for targets that require a more
|
|
abstract interface.
|
|
|
|
When used in the native Windows C++ exception handling implementation, this
|
|
intrinsic serves as a placeholder to delimit code before a catch handler is
|
|
outlined. After the handler is outlined, this intrinsic is simply removed.
|
|
|
|
|
|
.. _llvm.eh.exceptionpointer:
|
|
|
|
``llvm.eh.exceptionpointer``
|
|
----------------------------
|
|
|
|
.. code-block:: text
|
|
|
|
i8 addrspace(N)* @llvm.eh.padparam.pNi8(token %catchpad)
|
|
|
|
|
|
This intrinsic retrieves a pointer to the exception caught by the given
|
|
``catchpad``.
|
|
|
|
|
|
SJLJ Intrinsics
|
|
---------------
|
|
|
|
The ``llvm.eh.sjlj`` intrinsics are used internally within LLVM's
|
|
backend. Uses of them are generated by the backend's
|
|
``SjLjEHPrepare`` pass.
|
|
|
|
.. _llvm.eh.sjlj.setjmp:
|
|
|
|
``llvm.eh.sjlj.setjmp``
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. code-block:: text
|
|
|
|
i32 @llvm.eh.sjlj.setjmp(i8* %setjmp_buf)
|
|
|
|
For SJLJ based exception handling, this intrinsic forces register saving for the
|
|
current function and stores the address of the following instruction for use as
|
|
a destination address by `llvm.eh.sjlj.longjmp`_. The buffer format and the
|
|
overall functioning of this intrinsic is compatible with the GCC
|
|
``__builtin_setjmp`` implementation allowing code built with the clang and GCC
|
|
to interoperate.
|
|
|
|
The single parameter is a pointer to a five word buffer in which the calling
|
|
context is saved. The front end places the frame pointer in the first word, and
|
|
the target implementation of this intrinsic should place the destination address
|
|
for a `llvm.eh.sjlj.longjmp`_ in the second word. The following three words are
|
|
available for use in a target-specific manner.
|
|
|
|
.. _llvm.eh.sjlj.longjmp:
|
|
|
|
``llvm.eh.sjlj.longjmp``
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. code-block:: llvm
|
|
|
|
void @llvm.eh.sjlj.longjmp(i8* %setjmp_buf)
|
|
|
|
For SJLJ based exception handling, the ``llvm.eh.sjlj.longjmp`` intrinsic is
|
|
used to implement ``__builtin_longjmp()``. The single parameter is a pointer to
|
|
a buffer populated by `llvm.eh.sjlj.setjmp`_. The frame pointer and stack
|
|
pointer are restored from the buffer, then control is transferred to the
|
|
destination address.
|
|
|
|
``llvm.eh.sjlj.lsda``
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. code-block:: llvm
|
|
|
|
i8* @llvm.eh.sjlj.lsda()
|
|
|
|
For SJLJ based exception handling, the ``llvm.eh.sjlj.lsda`` intrinsic returns
|
|
the address of the Language Specific Data Area (LSDA) for the current
|
|
function. The SJLJ front-end code stores this address in the exception handling
|
|
function context for use by the runtime.
|
|
|
|
``llvm.eh.sjlj.callsite``
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. code-block:: llvm
|
|
|
|
void @llvm.eh.sjlj.callsite(i32 %call_site_num)
|
|
|
|
For SJLJ based exception handling, the ``llvm.eh.sjlj.callsite`` intrinsic
|
|
identifies the callsite value associated with the following ``invoke``
|
|
instruction. This is used to ensure that landing pad entries in the LSDA are
|
|
generated in matching order.
|
|
|
|
Asm Table Formats
|
|
=================
|
|
|
|
There are two tables that are used by the exception handling runtime to
|
|
determine which actions should be taken when an exception is thrown.
|
|
|
|
Exception Handling Frame
|
|
------------------------
|
|
|
|
An exception handling frame ``eh_frame`` is very similar to the unwind frame
|
|
used by DWARF debug info. The frame contains all the information necessary to
|
|
tear down the current frame and restore the state of the prior frame. There is
|
|
an exception handling frame for each function in a compile unit, plus a common
|
|
exception handling frame that defines information common to all functions in the
|
|
unit.
|
|
|
|
The format of this call frame information (CFI) is often platform-dependent,
|
|
however. ARM, for example, defines their own format. Apple has their own compact
|
|
unwind info format. On Windows, another format is used for all architectures
|
|
since 32-bit x86. LLVM will emit whatever information is required by the
|
|
target.
|
|
|
|
Exception Tables
|
|
----------------
|
|
|
|
An exception table contains information about what actions to take when an
|
|
exception is thrown in a particular part of a function's code. This is typically
|
|
referred to as the language-specific data area (LSDA). The format of the LSDA
|
|
table is specific to the personality function, but the majority of personalities
|
|
out there use a variation of the tables consumed by ``__gxx_personality_v0``.
|
|
There is one exception table per function, except leaf functions and functions
|
|
that have calls only to non-throwing functions. They do not need an exception
|
|
table.
|
|
|
|
.. _wineh:
|
|
|
|
Exception Handling using the Windows Runtime
|
|
=================================================
|
|
|
|
Background on Windows exceptions
|
|
---------------------------------
|
|
|
|
Interacting with exceptions on Windows is significantly more complicated than
|
|
on Itanium C++ ABI platforms. The fundamental difference between the two models
|
|
is that Itanium EH is designed around the idea of "successive unwinding," while
|
|
Windows EH is not.
|
|
|
|
Under Itanium, throwing an exception typically involes allocating thread local
|
|
memory to hold the exception, and calling into the EH runtime. The runtime
|
|
identifies frames with appropriate exception handling actions, and successively
|
|
resets the register context of the current thread to the most recently active
|
|
frame with actions to run. In LLVM, execution resumes at a ``landingpad``
|
|
instruction, which produces register values provided by the runtime. If a
|
|
function is only cleaning up allocated resources, the function is responsible
|
|
for calling ``_Unwind_Resume`` to transition to the next most recently active
|
|
frame after it is finished cleaning up. Eventually, the frame responsible for
|
|
handling the exception calls ``__cxa_end_catch`` to destroy the exception,
|
|
release its memory, and resume normal control flow.
|
|
|
|
The Windows EH model does not use these successive register context resets.
|
|
Instead, the active exception is typically described by a frame on the stack.
|
|
In the case of C++ exceptions, the exception object is allocated in stack memory
|
|
and its address is passed to ``__CxxThrowException``. General purpose structured
|
|
exceptions (SEH) are more analogous to Linux signals, and they are dispatched by
|
|
userspace DLLs provided with Windows. Each frame on the stack has an assigned EH
|
|
personality routine, which decides what actions to take to handle the exception.
|
|
There are a few major personalities for C and C++ code: the C++ personality
|
|
(``__CxxFrameHandler3``) and the SEH personalities (``_except_handler3``,
|
|
``_except_handler4``, and ``__C_specific_handler``). All of them implement
|
|
cleanups by calling back into a "funclet" contained in the parent function.
|
|
|
|
Funclets, in this context, are regions of the parent function that can be called
|
|
as though they were a function pointer with a very special calling convention.
|
|
The frame pointer of the parent frame is passed into the funclet either using
|
|
the standard EBP register or as the first parameter register, depending on the
|
|
architecture. The funclet implements the EH action by accessing local variables
|
|
in memory through the frame pointer, and returning some appropriate value,
|
|
continuing the EH process. No variables live in to or out of the funclet can be
|
|
allocated in registers.
|
|
|
|
The C++ personality also uses funclets to contain the code for catch blocks
|
|
(i.e. all user code between the braces in ``catch (Type obj) { ... }``). The
|
|
runtime must use funclets for catch bodies because the C++ exception object is
|
|
allocated in a child stack frame of the function handling the exception. If the
|
|
runtime rewound the stack back to frame of the catch, the memory holding the
|
|
exception would be overwritten quickly by subsequent function calls. The use of
|
|
funclets also allows ``__CxxFrameHandler3`` to implement rethrow without
|
|
resorting to TLS. Instead, the runtime throws a special exception, and then uses
|
|
SEH (``__try / __except``) to resume execution with new information in the child
|
|
frame.
|
|
|
|
In other words, the successive unwinding approach is incompatible with Visual
|
|
C++ exceptions and general purpose Windows exception handling. Because the C++
|
|
exception object lives in stack memory, LLVM cannot provide a custom personality
|
|
function that uses landingpads. Similarly, SEH does not provide any mechanism
|
|
to rethrow an exception or continue unwinding. Therefore, LLVM must use the IR
|
|
constructs described later in this document to implement compatible exception
|
|
handling.
|
|
|
|
SEH filter expressions
|
|
-----------------------
|
|
|
|
The SEH personality functions also use funclets to implement filter expressions,
|
|
which allow executing arbitrary user code to decide which exceptions to catch.
|
|
Filter expressions should not be confused with the ``filter`` clause of the LLVM
|
|
``landingpad`` instruction. Typically filter expressions are used to determine
|
|
if the exception came from a particular DLL or code region, or if code faulted
|
|
while accessing a particular memory address range. LLVM does not currently have
|
|
IR to represent filter expressions because it is difficult to represent their
|
|
control dependencies. Filter expressions run during the first phase of EH,
|
|
before cleanups run, making it very difficult to build a faithful control flow
|
|
graph. For now, the new EH instructions cannot represent SEH filter
|
|
expressions, and frontends must outline them ahead of time. Local variables of
|
|
the parent function can be escaped and accessed using the ``llvm.localescape``
|
|
and ``llvm.localrecover`` intrinsics.
|
|
|
|
New exception handling instructions
|
|
------------------------------------
|
|
|
|
The primary design goal of the new EH instructions is to support funclet
|
|
generation while preserving information about the CFG so that SSA formation
|
|
still works. As a secondary goal, they are designed to be generic across MSVC
|
|
and Itanium C++ exceptions. They make very few assumptions about the data
|
|
required by the personality, so long as it uses the familiar core EH actions:
|
|
catch, cleanup, and terminate. However, the new instructions are hard to modify
|
|
without knowing details of the EH personality. While they can be used to
|
|
represent Itanium EH, the landingpad model is strictly better for optimization
|
|
purposes.
|
|
|
|
The following new instructions are considered "exception handling pads", in that
|
|
they must be the first non-phi instruction of a basic block that may be the
|
|
unwind destination of an EH flow edge:
|
|
``catchswitch``, ``catchpad``, and ``cleanuppad``.
|
|
As with landingpads, when entering a try scope, if the
|
|
frontend encounters a call site that may throw an exception, it should emit an
|
|
invoke that unwinds to a ``catchswitch`` block. Similarly, inside the scope of a
|
|
C++ object with a destructor, invokes should unwind to a ``cleanuppad``.
|
|
|
|
New instructions are also used to mark the points where control is transferred
|
|
out of a catch/cleanup handler (which will correspond to exits from the
|
|
generated funclet). A catch handler which reaches its end by normal execution
|
|
executes a ``catchret`` instruction, which is a terminator indicating where in
|
|
the function control is returned to. A cleanup handler which reaches its end
|
|
by normal execution executes a ``cleanupret`` instruction, which is a terminator
|
|
indicating where the active exception will unwind to next.
|
|
|
|
Each of these new EH pad instructions has a way to identify which action should
|
|
be considered after this action. The ``catchswitch`` instruction is a terminator
|
|
and has an unwind destination operand analogous to the unwind destination of an
|
|
invoke. The ``cleanuppad`` instruction is not
|
|
a terminator, so the unwind destination is stored on the ``cleanupret``
|
|
instruction instead. Successfully executing a catch handler should resume
|
|
normal control flow, so neither ``catchpad`` nor ``catchret`` instructions can
|
|
unwind. All of these "unwind edges" may refer to a basic block that contains an
|
|
EH pad instruction, or they may unwind to the caller. Unwinding to the caller
|
|
has roughly the same semantics as the ``resume`` instruction in the landingpad
|
|
model. When inlining through an invoke, instructions that unwind to the caller
|
|
are hooked up to unwind to the unwind destination of the call site.
|
|
|
|
Putting things together, here is a hypothetical lowering of some C++ that uses
|
|
all of the new IR instructions:
|
|
|
|
.. code-block:: c
|
|
|
|
struct Cleanup {
|
|
Cleanup();
|
|
~Cleanup();
|
|
int m;
|
|
};
|
|
void may_throw();
|
|
int f() noexcept {
|
|
try {
|
|
Cleanup obj;
|
|
may_throw();
|
|
} catch (int e) {
|
|
may_throw();
|
|
return e;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
.. code-block:: text
|
|
|
|
define i32 @f() nounwind personality i32 (...)* @__CxxFrameHandler3 {
|
|
entry:
|
|
%obj = alloca %struct.Cleanup, align 4
|
|
%e = alloca i32, align 4
|
|
%call = invoke %struct.Cleanup* @"\01??0Cleanup@@QEAA@XZ"(%struct.Cleanup* nonnull %obj)
|
|
to label %invoke.cont unwind label %lpad.catch
|
|
|
|
invoke.cont: ; preds = %entry
|
|
invoke void @"\01?may_throw@@YAXXZ"()
|
|
to label %invoke.cont.2 unwind label %lpad.cleanup
|
|
|
|
invoke.cont.2: ; preds = %invoke.cont
|
|
call void @"\01??_DCleanup@@QEAA@XZ"(%struct.Cleanup* nonnull %obj) nounwind
|
|
br label %return
|
|
|
|
return: ; preds = %invoke.cont.3, %invoke.cont.2
|
|
%retval.0 = phi i32 [ 0, %invoke.cont.2 ], [ %3, %invoke.cont.3 ]
|
|
ret i32 %retval.0
|
|
|
|
lpad.cleanup: ; preds = %invoke.cont.2
|
|
%0 = cleanuppad within none []
|
|
call void @"\01??1Cleanup@@QEAA@XZ"(%struct.Cleanup* nonnull %obj) nounwind
|
|
cleanupret %0 unwind label %lpad.catch
|
|
|
|
lpad.catch: ; preds = %lpad.cleanup, %entry
|
|
%1 = catchswitch within none [label %catch.body] unwind label %lpad.terminate
|
|
|
|
catch.body: ; preds = %lpad.catch
|
|
%catch = catchpad within %1 [%rtti.TypeDescriptor2* @"\01??_R0H@8", i32 0, i32* %e]
|
|
invoke void @"\01?may_throw@@YAXXZ"()
|
|
to label %invoke.cont.3 unwind label %lpad.terminate
|
|
|
|
invoke.cont.3: ; preds = %catch.body
|
|
%3 = load i32, i32* %e, align 4
|
|
catchret from %catch to label %return
|
|
|
|
lpad.terminate: ; preds = %catch.body, %lpad.catch
|
|
cleanuppad within none []
|
|
call void @"\01?terminate@@YAXXZ"
|
|
unreachable
|
|
}
|
|
|
|
Funclet parent tokens
|
|
-----------------------
|
|
|
|
In order to produce tables for EH personalities that use funclets, it is
|
|
necessary to recover the nesting that was present in the source. This funclet
|
|
parent relationship is encoded in the IR using tokens produced by the new "pad"
|
|
instructions. The token operand of a "pad" or "ret" instruction indicates which
|
|
funclet it is in, or "none" if it is not nested within another funclet.
|
|
|
|
The ``catchpad`` and ``cleanuppad`` instructions establish new funclets, and
|
|
their tokens are consumed by other "pad" instructions to establish membership.
|
|
The ``catchswitch`` instruction does not create a funclet, but it produces a
|
|
token that is always consumed by its immediate successor ``catchpad``
|
|
instructions. This ensures that every catch handler modelled by a ``catchpad``
|
|
belongs to exactly one ``catchswitch``, which models the dispatch point after a
|
|
C++ try.
|
|
|
|
Here is an example of what this nesting looks like using some hypothetical
|
|
C++ code:
|
|
|
|
.. code-block:: c
|
|
|
|
void f() {
|
|
try {
|
|
throw;
|
|
} catch (...) {
|
|
try {
|
|
throw;
|
|
} catch (...) {
|
|
}
|
|
}
|
|
}
|
|
|
|
.. code-block:: text
|
|
|
|
define void @f() #0 personality i8* bitcast (i32 (...)* @__CxxFrameHandler3 to i8*) {
|
|
entry:
|
|
invoke void @_CxxThrowException(i8* null, %eh.ThrowInfo* null) #1
|
|
to label %unreachable unwind label %catch.dispatch
|
|
|
|
catch.dispatch: ; preds = %entry
|
|
%0 = catchswitch within none [label %catch] unwind to caller
|
|
|
|
catch: ; preds = %catch.dispatch
|
|
%1 = catchpad within %0 [i8* null, i32 64, i8* null]
|
|
invoke void @_CxxThrowException(i8* null, %eh.ThrowInfo* null) #1
|
|
to label %unreachable unwind label %catch.dispatch2
|
|
|
|
catch.dispatch2: ; preds = %catch
|
|
%2 = catchswitch within %1 [label %catch3] unwind to caller
|
|
|
|
catch3: ; preds = %catch.dispatch2
|
|
%3 = catchpad within %2 [i8* null, i32 64, i8* null]
|
|
catchret from %3 to label %try.cont
|
|
|
|
try.cont: ; preds = %catch3
|
|
catchret from %1 to label %try.cont6
|
|
|
|
try.cont6: ; preds = %try.cont
|
|
ret void
|
|
|
|
unreachable: ; preds = %catch, %entry
|
|
unreachable
|
|
}
|
|
|
|
The "inner" ``catchswitch`` consumes ``%1`` which is produced by the outer
|
|
catchswitch.
|
|
|
|
.. _wineh-constraints:
|
|
|
|
Funclet transitions
|
|
-----------------------
|
|
|
|
The EH tables for personalities that use funclets make implicit use of the
|
|
funclet nesting relationship to encode unwind destinations, and so are
|
|
constrained in the set of funclet transitions they can represent. The related
|
|
LLVM IR instructions accordingly have constraints that ensure encodability of
|
|
the EH edges in the flow graph.
|
|
|
|
A ``catchswitch``, ``catchpad``, or ``cleanuppad`` is said to be "entered"
|
|
when it executes. It may subsequently be "exited" by any of the following
|
|
means:
|
|
|
|
* A ``catchswitch`` is immediately exited when none of its constituent
|
|
``catchpad``\ s are appropriate for the in-flight exception and it unwinds
|
|
to its unwind destination or the caller.
|
|
* A ``catchpad`` and its parent ``catchswitch`` are both exited when a
|
|
``catchret`` from the ``catchpad`` is executed.
|
|
* A ``cleanuppad`` is exited when a ``cleanupret`` from it is executed.
|
|
* Any of these pads is exited when control unwinds to the function's caller,
|
|
either by a ``call`` which unwinds all the way to the function's caller,
|
|
a nested ``catchswitch`` marked "``unwinds to caller``", or a nested
|
|
``cleanuppad``\ 's ``cleanupret`` marked "``unwinds to caller"``.
|
|
* Any of these pads is exited when an unwind edge (from an ``invoke``,
|
|
nested ``catchswitch``, or nested ``cleanuppad``\ 's ``cleanupret``)
|
|
unwinds to a destination pad that is not a descendant of the given pad.
|
|
|
|
Note that the ``ret`` instruction is *not* a valid way to exit a funclet pad;
|
|
it is undefined behavior to execute a ``ret`` when a pad has been entered but
|
|
not exited.
|
|
|
|
A single unwind edge may exit any number of pads (with the restrictions that
|
|
the edge from a ``catchswitch`` must exit at least itself, and the edge from
|
|
a ``cleanupret`` must exit at least its ``cleanuppad``), and then must enter
|
|
exactly one pad, which must be distinct from all the exited pads. The parent
|
|
of the pad that an unwind edge enters must be the most-recently-entered
|
|
not-yet-exited pad (after exiting from any pads that the unwind edge exits),
|
|
or "none" if there is no such pad. This ensures that the stack of executing
|
|
funclets at run-time always corresponds to some path in the funclet pad tree
|
|
that the parent tokens encode.
|
|
|
|
All unwind edges which exit any given funclet pad (including ``cleanupret``
|
|
edges exiting their ``cleanuppad`` and ``catchswitch`` edges exiting their
|
|
``catchswitch``) must share the same unwind destination. Similarly, any
|
|
funclet pad which may be exited by unwind to caller must not be exited by
|
|
any exception edges which unwind anywhere other than the caller. This
|
|
ensures that each funclet as a whole has only one unwind destination, which
|
|
EH tables for funclet personalities may require. Note that any unwind edge
|
|
which exits a ``catchpad`` also exits its parent ``catchswitch``, so this
|
|
implies that for any given ``catchswitch``, its unwind destination must also
|
|
be the unwind destination of any unwind edge that exits any of its constituent
|
|
``catchpad``\s. Because ``catchswitch`` has no ``nounwind`` variant, and
|
|
because IR producers are not *required* to annotate calls which will not
|
|
unwind as ``nounwind``, it is legal to nest a ``call`` or an "``unwind to
|
|
caller``\ " ``catchswitch`` within a funclet pad that has an unwind
|
|
destination other than caller; it is undefined behavior for such a ``call``
|
|
or ``catchswitch`` to unwind.
|
|
|
|
Finally, the funclet pads' unwind destinations cannot form a cycle. This
|
|
ensures that EH lowering can construct "try regions" with a tree-like
|
|
structure, which funclet-based personalities may require.
|