[PATCH] D17778: TypedError for recoverable error handling

Lang Hames via llvm-commits llvm-commits at lists.llvm.org
Wed Mar 2 13:59:24 PST 2016 

Hi Owen, Dave,

I want to ask what I feel is an important high-level question here:  how
> does this approach differ, fundamentally, from exceptions, and why should
> we go down the route of building our own error handling scheme rather than
> “just” adopting exceptions?


> To answer my own question, my impression is that your proposed scheme is
> functionally similar to exceptions, with the major deviation of being
> opt-in rather than opt-out...


I think that's a good one-line summary of the difference between the two
schemes.

In particular, an opt-in scheme will require threading the error-handling
> type system through many layers of generic and/or boilerplate code in order
> to allow various callbacks in target backends to report errors properly.


Agreed. For the purposes of this discussion I'm going to take it as given
that we *should* be handling these errors, and currently can't because we
haven't turned on exceptions or threaded anything through.

If we turned exceptions on we wouldn't need any API changes, but we would
pay the overhead for exceptions and RTTI everywhere in LLVM except where we
explicitly opt out via noexcept specifiers. To get an upper bound on this I
did a Release (non-LTO) build of LLVM with and without exceptions+RTTI
turned on. I didn't get past looking at the binary size differences: clang
got >9% bigger. Other tools got between 2% and 25% bigger, with most
clustered around a 10-15% increase. Those are some scary size regressions.

If we use TypedError to solve this we would have to thread errors through
many layers of the stack to get to ISel (pass managers, passes, etc).
However, I believe that only a very small percentage of all LLVM functions
would need to change, and I expect the space and performance overhead of
TypedError to be correspondingly small. So we end up trading some
engineering effort (explicitly threading TypedError) for (I expect) better
performance.

It may be that other approaches, more like the diagnostic handling options
> discussed in the original thread (& that we have plumbed through for the
> "remarks" support). But maybe you need a hard stop on these errors, in
> which case you do need some implicit or explicit control flow to get you
> out.


As I mentioned in the RFC thread I'm not opposed to diagnostic handlers,
but I think they're a solution for a fairly specific problem. Since the
primary aim here is to return cleanly (without taking down whatever program
called the failing operation), we need some sort of error return. With
TypedError, the error value is sufficient to hold the error message and the
question becomes: What value would be added by threading a diagnostic
handler through as well? Some libraries, particularly those that need to
produce non-trivial source diagnostics like in clang and LLVM's IR parser,
will actually want a diagnostic handler, whereas something like ISel can
probably get away with an error-return alone.

I can speak only to my own use case here:  if my frontend provided me with
> contract-violating IR, I want to propagate an error all the way out to the
> the client (non-LLVM code) such that (1) they can log/report the error as
> appropriate for the platform, to aid in future debug, and (2) to give them
> a chance to recover via higher-order mechanisms such as falling back to a
> lower tier JIT, to an interpreter, or simply to an unoptimized
> compilation.  My impression is that #2 tends to get overlooked here, but
> many online and JIT compilation use cases have reasonable fallbacks options
> to continue program execution even if LLVM fails in a nominally
> unrecoverable manner.


Yep. I think this need is satisfied equally well by my scheme or
exceptions.

- Lang.

On Tue, Mar 1, 2016 at 2:02 PM, David Blaikie <dblaikie at gmail.com> wrote:

>
>
> On Tue, Mar 1, 2016 at 1:55 PM, Owen Anderson <resistor at mac.com> wrote:
>
>>
>> On Mar 1, 2016, at 1:43 PM, David Blaikie <dblaikie at gmail.com> wrote:
>>
>> It may be that other approaches, more like the diagnostic handling
>> options discussed in the original thread (& that we have plumbed through
>> for the "remarks" support). But maybe you need a hard stop on these errors,
>> in which case you do need some implicit or explicit control flow to get you
>> out. There was a bit of discussion about how to do this for lld recently -
>> returning stub results that are "sufficient" maybe with a flag saying "this
>> isn't a real result" - more like Clang's Parser/Sema: we don't have error
>> results everywhere. We return erroneous stubs and the like which allow a
>> lot of Clang to continue on without worrying about whether something
>> failed. Only handling the failures in relatively few places.
>>
>> This is also useful for providing error recovery/multiple errors (eg:
>> this instruction /and/ thin instruction were both wrong - so the user
>> doesn't have to edit/compile loop again just to find out the two lines they
>> wrote both needed changes).
>>
>>
>> I can speak only to my own use case here:  if my frontend provided me
>> with contract-violating IR, I want to propagate an error all the way out to
>> the the client (non-LLVM code) such that (1) they can log/report the error
>> as appropriate for the platform, to aid in future debug, and (2) to give
>> them a chance to recover via higher-order mechanisms such as falling back
>> to a lower tier JIT, to an interpreter, or simply to an unoptimized
>> compilation.  My impression is that #2 tends to get overlooked here, but
>> many online and JIT compilation use cases have reasonable fallbacks options
>> to continue program execution even if LLVM fails in a nominally
>> unrecoverable manner.
>>
>
> Fair point - a callback mechanism could still be used to achieve that goal
> (or hybrid mechanisms involving the kind of "stub result" sort of stuff
> Clang does - you could register a null diagnostic handler and still expect
> the system to fail and in (2) I imagine you don't differentiate the
> specific failures much just "LLVM JIT didn't work, try the other thing").
> Possibly not the best tool for the job, but one path that could be
> considered.
>
> But yeah, good to keep that scenario in mind to be sure - thanks for
> articulating/clarifying it (& if my responses aren't making sense in that
> context, sorry about that - happy to try to clarify/explain differently)
>
> - Dave
>
>
>>
>> —Owen
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160302/c4153436/attachment.html>

More information about the llvm-commits mailing list