[cfe-dev] RFC: Support x86 interrupt and exception handlers

John Criswell via cfe-dev cfe-dev at lists.llvm.org
Mon Sep 21 11:52:31 PDT 2015


On 9/21/15 12:27 PM, H.J. Lu via cfe-dev wrote:
> On Thu, Sep 17, 2015 at 12:26 PM, H.J. Lu <hjl.tools at gmail.com> wrote:
>> On Tue, Sep 15, 2015 at 1:11 PM, H.J. Lu <hjl.tools at gmail.com> wrote:
>>>> To implement interrupt and exception handlers for x86 processors, a
>>>> compiler should support:
>>>>
>>>> 1. void * __builtin_ia32_interrupt_data (void)
>>> I got a feedback on the name of this builtin function.  Since
>>> it also works for 64-bit,  we should avoid ia32 in its name.
>>> We'd like to change it to
>>>
>>> void * __builtin_interrupt_data (void)
>>>
>> Here is the updated spec.
>>
> This updated spec adds
>
>     unsigned int __builtin_exception_error (void)
>     unsigned long long int __builtin_exception_error (void)
>
> This function returns the exception error code pushed onto the stack by
> processor.  Its return value is 64 bits in 64-bit mode and 32 bits in
> 32-bit mode.  This function can only be used in exception handler.

Exception handlers can, in general, call regular functions which, in 
turn, might want to access the error code.  Given that operating system 
kernels are always entered via an interrupt, trap, or system call, there 
should always be an error code available (on x86, non-error-code 
interrupts can just make up an error code).

>
> It also changes the definition of
>
> void * __builtin_interrupt_data (void)
>
> so that it returns a pointer to the data layout pushed onto stack
> by processor for both interrupt and exception handlers.
>
>

You might want to have a look at Secure Virtual Architecture (SVA). One 
of the things we discovered is that commodity operating systems access 
the most recently used interrupt data (which SVA calls an "interrupt 
context").  Over the years, we figured out that it's better to provide 
intrinsics (i.e., builtins) that implicitly access the top-most 
interrupt context.  We also found that we could limit the operations 
performed on interrupt contexts so that we could safely implement signal 
handlers and exception recovery without letting the operating system 
kernel have pointers to the interrupt context which would need to be 
checked.  In short, despite common belief, the OS does not need to do 
whatever it wants with interrupted program state.

I recommend you take a look at Appendix A of my dissertation 
(https://www.ideals.illinois.edu/handle/2142/50547).  It describes the 
SVA-OS instructions used to abstract away the hardware details. You'll 
also notice that the design is pretty processor transparent (MMU 
notwithstanding), so designing your builtins based on SVA may make them 
more portable if you decide to use another processor later on.  Chapter 
2 describes some of the rationale behind the design, though it's for the 
first version of SVA (Appendix A is the final instruction set after 4 
papers).

If the implementation is useful, SVA is publicly available at 
https://github.com/jtcriswell/SVA.

Finally, to echo Joerg's concerns, it's not clear that having 
exception/interrupt handlers declared as a special type is really 
helpful.  It's not immediately obvious that you get a benefit from doing 
that vs. doing what most system software does (having assembly code that 
saves processor state and calls a C function).  I think you should do 
some experiments to demonstrate the benefit that one can get with your 
method to see if it is worth adding complexity to the compiler.

Regards,

John Criswell

-- 
John Criswell
Assistant Professor
Department of Computer Science, University of Rochester
http://www.cs.rochester.edu/u/criswell




More information about the cfe-dev mailing list