This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
lib/Target/WebAssembly/
-
Target/
-
WebAssembly/
-
WebAssemblyLowerEmscriptenEHSjLj.cpp
-
test/CodeGen/WebAssembly/
-
CodeGen/
-
WebAssembly/
-
lower-em-exceptions.ll

Differential D102795

[WebAssembly] Ignore filters in Emscripten EH landingpads
ClosedPublic

Authored by aheejin on May 19 2021, 11:56 AM.

Download Raw Diff

Details

Reviewers

dschuff
kripken

Commits

rG412a3381f721: [WebAssembly] Ignore filters in Emscripten EH landingpads

Summary

We have been handling filters and landingpads incorrectly all along. We
pass clauses' (catches') types to __cxa_find_matching_catch in JS glue
code, which returns the thrown pointer and sets the selector using
setTempRet0().

We apparently have been doing the same for filters' (exception specs')
types; we pass them to __cxa_find_matching_catch just the same way as
clauses. And __cxa_find_matching_catch treats all given types as
clauses. So it is a little surprising; maybe we intended to do something
from the JS side and didn't end up doing?

So anyway, I don't think supporting exception specs in Emscripten EH is
a priority, but this can actually cause incorrect results for normal
catches when functions are inlined and the inlined spec type has a
parent-child relationship with the catch's type.

The below is an example of a bug that can happen when inlining and class
hierarchy is mixed. If you are busy you can skip this part:

struct A {};
struct B : A {};

void bar() throw (B) { throw B(); }

void foo() {
  try {
    bar();
  } catch (A &) {
    fputs ("Expected result\n", stdout);
  }
}

In the unoptimized code, bar's landingpad will have a filter for B
and foo's landingpad will have a clause for A. But when bar is
inlined into foo, foo's landingpad has both a filter for B and a
clause for A, and it passes the both types to
__cxa_find_matching_catch:

__cxa_find_matching_catch(typeinfo for B, typeinfo for A)

__cxa_find_matching_catch thinks both are clauses, and looks at the
first type B, which belongs to a filter. And the thrown type is B,
so it thinks the first type B is caught. But this makes it return an
incorrect selector, because it is supposed to catch the exception using
the second type A, which is a parent of B. As a result, the foo in
the example program above does not print "Expected result" but just
throws the exception to the caller. (This wouldn't have happened if A
and B are completely disjoint types, such as float and int)

Fixes https://bugs.llvm.org/show_bug.cgi?id=50357.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

aheejin created this revision.May 19 2021, 11:56 AM

Herald added subscribers: wingo, ecnelises, sunfish and 3 others. · View Herald TranscriptMay 19 2021, 11:56 AM

aheejin requested review of this revision.May 19 2021, 11:56 AM

Herald added a project: Restricted Project. · View Herald TranscriptMay 19 2021, 11:56 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

aheejin edited the summary of this revision. (Show Details)May 19 2021, 11:58 AM

Harbormaster completed remote builds in B105283: Diff 346527.May 19 2021, 12:39 PM

Nice find!

And interesting how subtle a bug that is... I guess that's how it went unnoticed for so long.

This revision is now accepted and ready to land.May 19 2021, 12:40 PM

dschuff accepted this revision.May 19 2021, 3:42 PM

Closed by commit rG412a3381f721: [WebAssembly] Ignore filters in Emscripten EH landingpads (authored by aheejin). · Explain WhyMay 20 2021, 1:28 AM

This revision was automatically updated to reflect the committed changes.

aheejin added a commit: rG412a3381f721: [WebAssembly] Ignore filters in Emscripten EH landingpads.

Revision Contents

Path

Size

llvm/

lib/

Target/

WebAssembly/

WebAssemblyLowerEmscriptenEHSjLj.cpp

13 lines

test/

CodeGen/

WebAssembly/

lower-em-exceptions.ll

12 lines

Diff 346655

llvm/lib/Target/WebAssembly/WebAssemblyLowerEmscriptenEHSjLj.cpp

Show First 20 Lines • Show All 890 Lines • ▼ Show 20 Lines	bool WebAssemblyLowerEmscriptenEHSjLj::runEHOnFunction(Function &F) {

// Handle all the landingpad for this function together, as multiple invokes		// Handle all the landingpad for this function together, as multiple invokes
// may share a single lp		// may share a single lp
for (LandingPadInst *LPI : LandingPads) {		for (LandingPadInst *LPI : LandingPads) {
IRB.SetInsertPoint(LPI);		IRB.SetInsertPoint(LPI);
SmallVector<Value *, 16> FMCArgs;		SmallVector<Value *, 16> FMCArgs;
for (unsigned I = 0, E = LPI->getNumClauses(); I < E; ++I) {		for (unsigned I = 0, E = LPI->getNumClauses(); I < E; ++I) {
Constant *Clause = LPI->getClause(I);		Constant *Clause = LPI->getClause(I);
// As a temporary workaround for the lack of aggregate varargs support		// TODO Handle filters (= exception specifications).
// in the interface between JS and wasm, break out filter operands into		// https://bugs.llvm.org/show_bug.cgi?id=50396
// their component elements.		if (LPI->isCatch(I))
if (LPI->isFilter(I)) {
auto *ATy = cast<ArrayType>(Clause->getType());
for (unsigned J = 0, E = ATy->getNumElements(); J < E; ++J) {
Value *EV = IRB.CreateExtractValue(Clause, makeArrayRef(J), "filter");
FMCArgs.push_back(EV);
}
} else
FMCArgs.push_back(Clause);		FMCArgs.push_back(Clause);
}		}

// Create a call to __cxa_find_matching_catch_N function		// Create a call to __cxa_find_matching_catch_N function
Function *FMCF = getFindMatchingCatch(M, FMCArgs.size());		Function *FMCF = getFindMatchingCatch(M, FMCArgs.size());
CallInst *FMCI = IRB.CreateCall(FMCF, FMCArgs, "fmc");		CallInst *FMCI = IRB.CreateCall(FMCF, FMCArgs, "fmc");
Value *Undef = UndefValue::get(LPI->getType());		Value *Undef = UndefValue::get(LPI->getType());
Value *Pair0 = IRB.CreateInsertValue(Undef, FMCI, 0, "pair0");		Value *Pair0 = IRB.CreateInsertValue(Undef, FMCI, 0, "pair0");
▲ Show 20 Lines • Show All 296 Lines • Show Last 20 Lines

llvm/test/CodeGen/WebAssembly/lower-em-exceptions.ll

	Show First 20 Lines • Show All 63 Lines • ▼ Show 20 Lines

	catch: ; preds = %catch.dispatch			catch: ; preds = %catch.dispatch
	%7 = call i8* @__cxa_begin_catch(i8* %1)			%7 = call i8* @__cxa_begin_catch(i8* %1)
	call void @__cxa_end_catch()			call void @__cxa_end_catch()
	br label %try.cont			br label %try.cont
	}			}

	; Test invoke instruction with filters (functions with throw(...) declaration)			; Test invoke instruction with filters (functions with throw(...) declaration)
				; Currently we don't support exception specifications correctly in JS glue code,
				; so we ignore all filters here.
				; See https://bugs.llvm.org/show_bug.cgi?id=50396.
	define void @filter() personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {			define void @filter() personality i8* bitcast (i32 (...)* @__gxx_personality_v0 to i8*) {
	; CHECK-LABEL: @filter(			; CHECK-LABEL: @filter(
	entry:			entry:
	invoke void @foo(i32 3)			invoke void @foo(i32 3)
	to label %invoke.cont unwind label %lpad			to label %invoke.cont unwind label %lpad
	; CHECK: entry:			; CHECK: entry:
	; CHECK-NEXT: store [[PTR]] 0, [[PTR]]* @__THREW__			; CHECK-NEXT: store [[PTR]] 0, [[PTR]]* @__THREW__
	; CHECK-NEXT: call cc{{.}} void @__invoke_void_i32(void (i32) @foo, i32 3)			; CHECK-NEXT: call cc{{.}} void @__invoke_void_i32(void (i32) @foo, i32 3)
	; CHECK-NEXT: %[[__THREW__VAL:.]] = load [[PTR]], [[PTR]] @__THREW__			; CHECK-NEXT: %[[__THREW__VAL:.]] = load [[PTR]], [[PTR]] @__THREW__
	; CHECK-NEXT: store [[PTR]] 0, [[PTR]]* @__THREW__			; CHECK-NEXT: store [[PTR]] 0, [[PTR]]* @__THREW__
	; CHECK-NEXT: %cmp = icmp eq [[PTR]] %[[__THREW__VAL]], 1			; CHECK-NEXT: %cmp = icmp eq [[PTR]] %[[__THREW__VAL]], 1
	; CHECK-NEXT: br i1 %cmp, label %lpad, label %invoke.cont			; CHECK-NEXT: br i1 %cmp, label %lpad, label %invoke.cont

	invoke.cont: ; preds = %entry			invoke.cont: ; preds = %entry
	ret void			ret void

	lpad: ; preds = %entry			lpad: ; preds = %entry
	%0 = landingpad { i8*, i32 }			%0 = landingpad { i8*, i32 }
	filter [2 x i8] [i8 bitcast (i8** @_ZTIi to i8), i8 bitcast (i8** @_ZTIc to i8*)]			filter [2 x i8] [i8 bitcast (i8** @_ZTIi to i8), i8 bitcast (i8** @_ZTIc to i8*)]
	%1 = extractvalue { i8*, i32 } %0, 0			%1 = extractvalue { i8*, i32 } %0, 0
	%2 = extractvalue { i8*, i32 } %0, 1			%2 = extractvalue { i8*, i32 } %0, 1
	br label %filter.dispatch			br label %filter.dispatch
	; CHECK: lpad:			; CHECK: lpad:
	; CHECK-NEXT: %[[FMC:.]] = call i8 @__cxa_find_matching_catch_4(i8* bitcast (i8** @_ZTIi to i8), i8 bitcast (i8** @_ZTIc to i8*))			; We now temporarily ignore filters because of the bug, so we pass nothing to
	; CHECK-NEXT: %[[IVI1:.]] = insertvalue { i8, i32 } undef, i8* %[[FMC]], 0			; __cxa_find_matching_catch
	; CHECK-NEXT: %[[TEMPRET0_VAL:.*]] = call i32 @getTempRet0()			; CHECK-NEXT: %[[FMC:.]] = call i8 @__cxa_find_matching_catch_2()
	; CHECK-NEXT: %[[IVI2:.]] = insertvalue { i8, i32 } %[[IVI1]], i32 %[[TEMPRET0_VAL]], 1
	; CHECK-NEXT: extractvalue { i8*, i32 } %[[IVI2]], 0
	; CHECK-NEXT: extractvalue { i8*, i32 } %[[IVI2]], 1

	filter.dispatch: ; preds = %lpad			filter.dispatch: ; preds = %lpad
	%ehspec.fails = icmp slt i32 %2, 0			%ehspec.fails = icmp slt i32 %2, 0
	br i1 %ehspec.fails, label %ehspec.unexpected, label %eh.resume			br i1 %ehspec.fails, label %ehspec.unexpected, label %eh.resume

	ehspec.unexpected: ; preds = %filter.dispatch			ehspec.unexpected: ; preds = %filter.dispatch
	call void @__cxa_call_unexpected(i8* %1) #4			call void @__cxa_call_unexpected(i8* %1) #4
	unreachable			unreachable
	▲ Show 20 Lines • Show All 70 Lines • Show Last 20 Lines