[llvm-dev] [RFC] [Windows SEH] Local_Unwind (Jumping out of a _finally) and -EHa (Hardware Exception Handling)

Ten Tzen via llvm-dev llvm-dev at lists.llvm.org
Wed Apr 1 15:54:15 PDT 2020 


  *   For goto in finally, why are you inventing a completely new mechanism for handling this sort of construct?  What makes this different from our existing handling of goto out of catch blocks?  Maybe there's something obvious here I'm missing, but it looks like essentially the same problem, and I don't see any reason why we can't use the existing solution.

No, no new mechanism is invented.  The design employs the existing mechanism to model the third exception path caused by _local_unwind (in addition to normal execution and exception handling flow).  In earlier discussion with Joseph, adding second EH edge to InvokeInst was briefly discussed, but was quickly dropped as it's clearly a long shot.
The extended model intends to solve the third control-flow that doesn't seem representable today.
Take case #2 of the first example in wiki page as an example,
the control flowing from normal execution of inner _finlly, passing through outer _finally, and landing in $t10 cannot be represented by LLVM IR.
Or could you elaborate how to achieve it?  (Bear with me as I'm new in Clang&LLVM world).


  *   ..In general, UB means the program can do anything.

Sorry, what is UB?

Right we are not modeling HW exception in control-flow as it's not necessary.
For C++ code, we don't care about the value in register, local variable, SSA and so on.  All we need is that "live local-objects got dtored properly when HW exception is unwound and handled".

For C code, only those code under _try construct is affected.  Agree that making memory accesses there volatile is sub-optimal. But it should not have correctness issue.
In MSVC, there is one less restricted "write-through" concept for memory access inside a _try.  But I think the benefit of it is minor and it's not worth it as the amount of code directly under _try is very small, and usually is not performance critical code.


  *   ..I don't want to add another way for unmodeled control flow to break code.

I would really love to hear (and find a way to improve) if there is any place in this design & implementation which is not sound or robust.

Thanks,

--Ten

From: Eli Friedman <efriedma at quicinc.com>
Sent: Wednesday, April 1, 2020 1:20 PM
To: Ten Tzen <tentzen at microsoft.com>; llvm-dev <llvm-dev at lists.llvm.org>
Cc: Aaron Smith <aaron.smith at microsoft.com>
Subject: [EXTERNAL] RE: [llvm-dev] [RFC] [Windows SEH] Local_Unwind (Jumping out of a _finally) and -EHa (Hardware Exception Handling)

Resending; I accidentally dropped llvm-dev.

-Eli

From: Eli Friedman
Sent: Wednesday, April 1, 2020 1:01 PM
To: Ten Tzen <tentzen at microsoft.com<mailto:tentzen at microsoft.com>>
Cc: aaron.smith at microsoft.com<mailto:aaron.smith at microsoft.com>
Subject: RE: [EXT] [llvm-dev] [RFC] [Windows SEH] Local_Unwind (Jumping out of a _finally) and -EHa (Hardware Exception Handling)

This looks like it outlines the implementation pretty well.

For goto in finally, why are you inventing a completely new mechanism for handling this sort of construct?  What makes this different from our existing handling of goto out of catch blocks?  Maybe there's something obvious here I'm missing, but it looks like essentially the same problem, and I don't see any reason why we can't use the existing solution.

For hardware exceptions, the proposal seems to have big fundamental problems.  I see two basic problems:

How do you actually generate an exception?  In general, UB means the program can do anything.  So unless you define some rule that says otherwise, the only defined way to trigger an exception is using Windows API calls.  If you want something else, we need to define new rules.  At the C level, we need to redefine some specific constructs to trigger an exception instead of UB.  And at the IR level, we need to annotate specific IR instructions in a way that passes can reasonably check, and add new LangRef rules describing those semantics.  I mean, you can try to sort of hand-wave this and say it should "just work" if code happens to trigger a hardware exception.  But if there aren't actually any rules, I'm afraid we'll end up with an infinitely long tail of "optimization X breaks some customer's code, so add a hack to disable it in EHa mode".

If we're not modeling the control flow implied by an exception, how do we ensure that local variables and SSA registers have the right values when the exception is caught?  Sure, invoke is clunky, but it's at least makes control flow well-defined.  Adding "volatile" to every IR load and store instruction, including accesses to local variables, seems terrible for both optimization and correctness.  Our handling of setjmp is already a complete mess; I don't want to add another way for unmodeled control flow to break code.  (See also http://nondot.org/sabre/LLVMNotes/ExceptionHandlingChanges.txt<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fnondot.org%2Fsabre%2FLLVMNotes%2FExceptionHandlingChanges.txt&data=02%7C01%7Ctentzen%40microsoft.com%7C74401eb45f3f4482e7ee08d7d67a0cb6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213692003044004&sdata=KfCWpmd6xCSNfsfp24DHefEWO9%2FFOnElOJoHnSWBWMI%3D&reserved=0>, for a proposal to make invoke less messy.)

-Eli

From: llvm-dev <llvm-dev-bounces at lists.llvm.org<mailto:llvm-dev-bounces at lists.llvm.org>> On Behalf Of Ten Tzen via llvm-dev
Sent: Tuesday, March 31, 2020 9:13 PM
To: llvm-dev at lists.llvm.org<mailto:llvm-dev at lists.llvm.org>
Cc: aaron.smith at microsoft.com<mailto:aaron.smith at microsoft.com>
Subject: [EXT] [llvm-dev] [RFC] [Windows SEH] Local_Unwind (Jumping out of a _finally) and -EHa (Hardware Exception Handling)

Hi, all,

The intend of this thread is to complete the support for Windows SEH.
Currently there are two major missing features:  Jumping out of a _finally and Hardware exception handling.

The document below is my proposed design and implementation to fully support SEH on LLVM.
I have completely implemented this design on a branch in repo:  https://github.com/tentzen/llvm-project<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftentzen%2Fllvm-project&data=02%7C01%7Ctentzen%40microsoft.com%7C74401eb45f3f4482e7ee08d7d67a0cb6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213692003044004&sdata=CGeaT8XHKEmodzMnBtgJSZN3JbQF6hFn09ZepiyTUEQ%3D&reserved=0>.
It now passes MSVC's in-house SEH suite.

Sorry for this long write-up.  For better readability, please read it on https://github.com/tentzen/llvm-project/wiki<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftentzen%2Fllvm-project%2Fwiki&data=02%7C01%7Ctentzen%40microsoft.com%7C74401eb45f3f4482e7ee08d7d67a0cb6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637213692003053963&sdata=bZHlFbA6jGIhD%2FDd9LOvBgi73kF9FKkVbIiQlE1pnBY%3D&reserved=0>

Special thanks to Joseph Tremoulet for his earlier comments and suggestions.

Note: I just subscribed llvm-dev, probably not in the list yet.  So please reply with my email address (tentzen at microsoft.com<mailto:tentzen at microsoft.com>) explicitly in To-list.
Thanks,

--Ten

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200401/ce93fd03/attachment.html>

More information about the llvm-dev mailing list