1 //===-- WebAssemblyCFGStackify.cpp - CFG Stackification -------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 /// 9 /// \file 10 /// This file implements a CFG stacking pass. 11 /// 12 /// This pass inserts BLOCK, LOOP, and TRY markers to mark the start of scopes, 13 /// since scope boundaries serve as the labels for WebAssembly's control 14 /// transfers. 15 /// 16 /// This is sufficient to convert arbitrary CFGs into a form that works on 17 /// WebAssembly, provided that all loops are single-entry. 18 /// 19 /// In case we use exceptions, this pass also fixes mismatches in unwind 20 /// destinations created during transforming CFG into wasm structured format. 21 /// 22 //===----------------------------------------------------------------------===// 23 24 #include "WebAssembly.h" 25 #include "WebAssemblyExceptionInfo.h" 26 #include "WebAssemblyMachineFunctionInfo.h" 27 #include "WebAssemblySortRegion.h" 28 #include "WebAssemblySubtarget.h" 29 #include "WebAssemblyUtilities.h" 30 #include "llvm/ADT/Statistic.h" 31 #include "llvm/CodeGen/MachineDominators.h" 32 #include "llvm/CodeGen/MachineInstrBuilder.h" 33 #include "llvm/CodeGen/MachineLoopInfo.h" 34 #include "llvm/CodeGen/WasmEHFuncInfo.h" 35 #include "llvm/MC/MCAsmInfo.h" 36 #include "llvm/Target/TargetMachine.h" 37 using namespace llvm; 38 using WebAssembly::SortRegionInfo; 39 40 #define DEBUG_TYPE "wasm-cfg-stackify" 41 42 STATISTIC(NumCallUnwindMismatches, "Number of call unwind mismatches found"); 43 STATISTIC(NumCatchUnwindMismatches, "Number of catch unwind mismatches found"); 44 45 namespace { 46 class WebAssemblyCFGStackify final : public MachineFunctionPass { 47 StringRef getPassName() const override { return "WebAssembly CFG Stackify"; } 48 49 void getAnalysisUsage(AnalysisUsage &AU) const override { 50 AU.addRequired<MachineDominatorTree>(); 51 AU.addRequired<MachineLoopInfo>(); 52 AU.addRequired<WebAssemblyExceptionInfo>(); 53 MachineFunctionPass::getAnalysisUsage(AU); 54 } 55 56 bool runOnMachineFunction(MachineFunction &MF) override; 57 58 // For each block whose label represents the end of a scope, record the block 59 // which holds the beginning of the scope. This will allow us to quickly skip 60 // over scoped regions when walking blocks. 61 SmallVector<MachineBasicBlock *, 8> ScopeTops; 62 void updateScopeTops(MachineBasicBlock *Begin, MachineBasicBlock *End) { 63 int EndNo = End->getNumber(); 64 if (!ScopeTops[EndNo] || ScopeTops[EndNo]->getNumber() > Begin->getNumber()) 65 ScopeTops[EndNo] = Begin; 66 } 67 68 // Placing markers. 69 void placeMarkers(MachineFunction &MF); 70 void placeBlockMarker(MachineBasicBlock &MBB); 71 void placeLoopMarker(MachineBasicBlock &MBB); 72 void placeTryMarker(MachineBasicBlock &MBB); 73 74 // Exception handling related functions 75 bool fixCallUnwindMismatches(MachineFunction &MF); 76 bool fixCatchUnwindMismatches(MachineFunction &MF); 77 void addTryDelegate(MachineInstr *RangeBegin, MachineInstr *RangeEnd, 78 MachineBasicBlock *DelegateDest); 79 void recalculateScopeTops(MachineFunction &MF); 80 void removeUnnecessaryInstrs(MachineFunction &MF); 81 82 // Wrap-up 83 unsigned getDepth(const SmallVectorImpl<const MachineBasicBlock *> &Stack, 84 const MachineBasicBlock *MBB); 85 void rewriteDepthImmediates(MachineFunction &MF); 86 void fixEndsAtEndOfFunction(MachineFunction &MF); 87 void cleanupFunctionData(MachineFunction &MF); 88 89 // For each BLOCK|LOOP|TRY, the corresponding END_(BLOCK|LOOP|TRY) or DELEGATE 90 // (in case of TRY). 91 DenseMap<const MachineInstr *, MachineInstr *> BeginToEnd; 92 // For each END_(BLOCK|LOOP|TRY) or DELEGATE, the corresponding 93 // BLOCK|LOOP|TRY. 94 DenseMap<const MachineInstr *, MachineInstr *> EndToBegin; 95 // <TRY marker, EH pad> map 96 DenseMap<const MachineInstr *, MachineBasicBlock *> TryToEHPad; 97 // <EH pad, TRY marker> map 98 DenseMap<const MachineBasicBlock *, MachineInstr *> EHPadToTry; 99 100 // We need an appendix block to place 'end_loop' or 'end_try' marker when the 101 // loop / exception bottom block is the last block in a function 102 MachineBasicBlock *AppendixBB = nullptr; 103 MachineBasicBlock *getAppendixBlock(MachineFunction &MF) { 104 if (!AppendixBB) { 105 AppendixBB = MF.CreateMachineBasicBlock(); 106 // Give it a fake predecessor so that AsmPrinter prints its label. 107 AppendixBB->addSuccessor(AppendixBB); 108 MF.push_back(AppendixBB); 109 } 110 return AppendixBB; 111 } 112 113 // Before running rewriteDepthImmediates function, 'delegate' has a BB as its 114 // destination operand. getFakeCallerBlock() returns a fake BB that will be 115 // used for the operand when 'delegate' needs to rethrow to the caller. This 116 // will be rewritten as an immediate value that is the number of block depths 117 // + 1 in rewriteDepthImmediates, and this fake BB will be removed at the end 118 // of the pass. 119 MachineBasicBlock *FakeCallerBB = nullptr; 120 MachineBasicBlock *getFakeCallerBlock(MachineFunction &MF) { 121 if (!FakeCallerBB) 122 FakeCallerBB = MF.CreateMachineBasicBlock(); 123 return FakeCallerBB; 124 } 125 126 // Helper functions to register / unregister scope information created by 127 // marker instructions. 128 void registerScope(MachineInstr *Begin, MachineInstr *End); 129 void registerTryScope(MachineInstr *Begin, MachineInstr *End, 130 MachineBasicBlock *EHPad); 131 void unregisterScope(MachineInstr *Begin); 132 133 public: 134 static char ID; // Pass identification, replacement for typeid 135 WebAssemblyCFGStackify() : MachineFunctionPass(ID) {} 136 ~WebAssemblyCFGStackify() override { releaseMemory(); } 137 void releaseMemory() override; 138 }; 139 } // end anonymous namespace 140 141 char WebAssemblyCFGStackify::ID = 0; 142 INITIALIZE_PASS(WebAssemblyCFGStackify, DEBUG_TYPE, 143 "Insert BLOCK/LOOP/TRY markers for WebAssembly scopes", false, 144 false) 145 146 FunctionPass *llvm::createWebAssemblyCFGStackify() { 147 return new WebAssemblyCFGStackify(); 148 } 149 150 /// Test whether Pred has any terminators explicitly branching to MBB, as 151 /// opposed to falling through. Note that it's possible (eg. in unoptimized 152 /// code) for a branch instruction to both branch to a block and fallthrough 153 /// to it, so we check the actual branch operands to see if there are any 154 /// explicit mentions. 155 static bool explicitlyBranchesTo(MachineBasicBlock *Pred, 156 MachineBasicBlock *MBB) { 157 for (MachineInstr &MI : Pred->terminators()) 158 for (MachineOperand &MO : MI.explicit_operands()) 159 if (MO.isMBB() && MO.getMBB() == MBB) 160 return true; 161 return false; 162 } 163 164 // Returns an iterator to the earliest position possible within the MBB, 165 // satisfying the restrictions given by BeforeSet and AfterSet. BeforeSet 166 // contains instructions that should go before the marker, and AfterSet contains 167 // ones that should go after the marker. In this function, AfterSet is only 168 // used for sanity checking. 169 template <typename Container> 170 static MachineBasicBlock::iterator 171 getEarliestInsertPos(MachineBasicBlock *MBB, const Container &BeforeSet, 172 const Container &AfterSet) { 173 auto InsertPos = MBB->end(); 174 while (InsertPos != MBB->begin()) { 175 if (BeforeSet.count(&*std::prev(InsertPos))) { 176 #ifndef NDEBUG 177 // Sanity check 178 for (auto Pos = InsertPos, E = MBB->begin(); Pos != E; --Pos) 179 assert(!AfterSet.count(&*std::prev(Pos))); 180 #endif 181 break; 182 } 183 --InsertPos; 184 } 185 return InsertPos; 186 } 187 188 // Returns an iterator to the latest position possible within the MBB, 189 // satisfying the restrictions given by BeforeSet and AfterSet. BeforeSet 190 // contains instructions that should go before the marker, and AfterSet contains 191 // ones that should go after the marker. In this function, BeforeSet is only 192 // used for sanity checking. 193 template <typename Container> 194 static MachineBasicBlock::iterator 195 getLatestInsertPos(MachineBasicBlock *MBB, const Container &BeforeSet, 196 const Container &AfterSet) { 197 auto InsertPos = MBB->begin(); 198 while (InsertPos != MBB->end()) { 199 if (AfterSet.count(&*InsertPos)) { 200 #ifndef NDEBUG 201 // Sanity check 202 for (auto Pos = InsertPos, E = MBB->end(); Pos != E; ++Pos) 203 assert(!BeforeSet.count(&*Pos)); 204 #endif 205 break; 206 } 207 ++InsertPos; 208 } 209 return InsertPos; 210 } 211 212 void WebAssemblyCFGStackify::registerScope(MachineInstr *Begin, 213 MachineInstr *End) { 214 BeginToEnd[Begin] = End; 215 EndToBegin[End] = Begin; 216 } 217 218 // When 'End' is not an 'end_try' but 'delegate, EHPad is nullptr. 219 void WebAssemblyCFGStackify::registerTryScope(MachineInstr *Begin, 220 MachineInstr *End, 221 MachineBasicBlock *EHPad) { 222 registerScope(Begin, End); 223 TryToEHPad[Begin] = EHPad; 224 EHPadToTry[EHPad] = Begin; 225 } 226 227 void WebAssemblyCFGStackify::unregisterScope(MachineInstr *Begin) { 228 assert(BeginToEnd.count(Begin)); 229 MachineInstr *End = BeginToEnd[Begin]; 230 assert(EndToBegin.count(End)); 231 BeginToEnd.erase(Begin); 232 EndToBegin.erase(End); 233 MachineBasicBlock *EHPad = TryToEHPad.lookup(Begin); 234 if (EHPad) { 235 assert(EHPadToTry.count(EHPad)); 236 TryToEHPad.erase(Begin); 237 EHPadToTry.erase(EHPad); 238 } 239 } 240 241 /// Insert a BLOCK marker for branches to MBB (if needed). 242 // TODO Consider a more generalized way of handling block (and also loop and 243 // try) signatures when we implement the multi-value proposal later. 244 void WebAssemblyCFGStackify::placeBlockMarker(MachineBasicBlock &MBB) { 245 assert(!MBB.isEHPad()); 246 MachineFunction &MF = *MBB.getParent(); 247 auto &MDT = getAnalysis<MachineDominatorTree>(); 248 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 249 const auto &MFI = *MF.getInfo<WebAssemblyFunctionInfo>(); 250 251 // First compute the nearest common dominator of all forward non-fallthrough 252 // predecessors so that we minimize the time that the BLOCK is on the stack, 253 // which reduces overall stack height. 254 MachineBasicBlock *Header = nullptr; 255 bool IsBranchedTo = false; 256 int MBBNumber = MBB.getNumber(); 257 for (MachineBasicBlock *Pred : MBB.predecessors()) { 258 if (Pred->getNumber() < MBBNumber) { 259 Header = Header ? MDT.findNearestCommonDominator(Header, Pred) : Pred; 260 if (explicitlyBranchesTo(Pred, &MBB)) 261 IsBranchedTo = true; 262 } 263 } 264 if (!Header) 265 return; 266 if (!IsBranchedTo) 267 return; 268 269 assert(&MBB != &MF.front() && "Header blocks shouldn't have predecessors"); 270 MachineBasicBlock *LayoutPred = MBB.getPrevNode(); 271 272 // If the nearest common dominator is inside a more deeply nested context, 273 // walk out to the nearest scope which isn't more deeply nested. 274 for (MachineFunction::iterator I(LayoutPred), E(Header); I != E; --I) { 275 if (MachineBasicBlock *ScopeTop = ScopeTops[I->getNumber()]) { 276 if (ScopeTop->getNumber() > Header->getNumber()) { 277 // Skip over an intervening scope. 278 I = std::next(ScopeTop->getIterator()); 279 } else { 280 // We found a scope level at an appropriate depth. 281 Header = ScopeTop; 282 break; 283 } 284 } 285 } 286 287 // Decide where in Header to put the BLOCK. 288 289 // Instructions that should go before the BLOCK. 290 SmallPtrSet<const MachineInstr *, 4> BeforeSet; 291 // Instructions that should go after the BLOCK. 292 SmallPtrSet<const MachineInstr *, 4> AfterSet; 293 for (const auto &MI : *Header) { 294 // If there is a previously placed LOOP marker and the bottom block of the 295 // loop is above MBB, it should be after the BLOCK, because the loop is 296 // nested in this BLOCK. Otherwise it should be before the BLOCK. 297 if (MI.getOpcode() == WebAssembly::LOOP) { 298 auto *LoopBottom = BeginToEnd[&MI]->getParent()->getPrevNode(); 299 if (MBB.getNumber() > LoopBottom->getNumber()) 300 AfterSet.insert(&MI); 301 #ifndef NDEBUG 302 else 303 BeforeSet.insert(&MI); 304 #endif 305 } 306 307 // If there is a previously placed BLOCK/TRY marker and its corresponding 308 // END marker is before the current BLOCK's END marker, that should be 309 // placed after this BLOCK. Otherwise it should be placed before this BLOCK 310 // marker. 311 if (MI.getOpcode() == WebAssembly::BLOCK || 312 MI.getOpcode() == WebAssembly::TRY) { 313 if (BeginToEnd[&MI]->getParent()->getNumber() <= MBB.getNumber()) 314 AfterSet.insert(&MI); 315 #ifndef NDEBUG 316 else 317 BeforeSet.insert(&MI); 318 #endif 319 } 320 321 #ifndef NDEBUG 322 // All END_(BLOCK|LOOP|TRY) markers should be before the BLOCK. 323 if (MI.getOpcode() == WebAssembly::END_BLOCK || 324 MI.getOpcode() == WebAssembly::END_LOOP || 325 MI.getOpcode() == WebAssembly::END_TRY) 326 BeforeSet.insert(&MI); 327 #endif 328 329 // Terminators should go after the BLOCK. 330 if (MI.isTerminator()) 331 AfterSet.insert(&MI); 332 } 333 334 // Local expression tree should go after the BLOCK. 335 for (auto I = Header->getFirstTerminator(), E = Header->begin(); I != E; 336 --I) { 337 if (std::prev(I)->isDebugInstr() || std::prev(I)->isPosition()) 338 continue; 339 if (WebAssembly::isChild(*std::prev(I), MFI)) 340 AfterSet.insert(&*std::prev(I)); 341 else 342 break; 343 } 344 345 // Add the BLOCK. 346 WebAssembly::BlockType ReturnType = WebAssembly::BlockType::Void; 347 auto InsertPos = getLatestInsertPos(Header, BeforeSet, AfterSet); 348 MachineInstr *Begin = 349 BuildMI(*Header, InsertPos, Header->findDebugLoc(InsertPos), 350 TII.get(WebAssembly::BLOCK)) 351 .addImm(int64_t(ReturnType)); 352 353 // Decide where in Header to put the END_BLOCK. 354 BeforeSet.clear(); 355 AfterSet.clear(); 356 for (auto &MI : MBB) { 357 #ifndef NDEBUG 358 // END_BLOCK should precede existing LOOP and TRY markers. 359 if (MI.getOpcode() == WebAssembly::LOOP || 360 MI.getOpcode() == WebAssembly::TRY) 361 AfterSet.insert(&MI); 362 #endif 363 364 // If there is a previously placed END_LOOP marker and the header of the 365 // loop is above this block's header, the END_LOOP should be placed after 366 // the BLOCK, because the loop contains this block. Otherwise the END_LOOP 367 // should be placed before the BLOCK. The same for END_TRY. 368 if (MI.getOpcode() == WebAssembly::END_LOOP || 369 MI.getOpcode() == WebAssembly::END_TRY) { 370 if (EndToBegin[&MI]->getParent()->getNumber() >= Header->getNumber()) 371 BeforeSet.insert(&MI); 372 #ifndef NDEBUG 373 else 374 AfterSet.insert(&MI); 375 #endif 376 } 377 } 378 379 // Mark the end of the block. 380 InsertPos = getEarliestInsertPos(&MBB, BeforeSet, AfterSet); 381 MachineInstr *End = BuildMI(MBB, InsertPos, MBB.findPrevDebugLoc(InsertPos), 382 TII.get(WebAssembly::END_BLOCK)); 383 registerScope(Begin, End); 384 385 // Track the farthest-spanning scope that ends at this point. 386 updateScopeTops(Header, &MBB); 387 } 388 389 /// Insert a LOOP marker for a loop starting at MBB (if it's a loop header). 390 void WebAssemblyCFGStackify::placeLoopMarker(MachineBasicBlock &MBB) { 391 MachineFunction &MF = *MBB.getParent(); 392 const auto &MLI = getAnalysis<MachineLoopInfo>(); 393 const auto &WEI = getAnalysis<WebAssemblyExceptionInfo>(); 394 SortRegionInfo SRI(MLI, WEI); 395 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 396 397 MachineLoop *Loop = MLI.getLoopFor(&MBB); 398 if (!Loop || Loop->getHeader() != &MBB) 399 return; 400 401 // The operand of a LOOP is the first block after the loop. If the loop is the 402 // bottom of the function, insert a dummy block at the end. 403 MachineBasicBlock *Bottom = SRI.getBottom(Loop); 404 auto Iter = std::next(Bottom->getIterator()); 405 if (Iter == MF.end()) { 406 getAppendixBlock(MF); 407 Iter = std::next(Bottom->getIterator()); 408 } 409 MachineBasicBlock *AfterLoop = &*Iter; 410 411 // Decide where in Header to put the LOOP. 412 SmallPtrSet<const MachineInstr *, 4> BeforeSet; 413 SmallPtrSet<const MachineInstr *, 4> AfterSet; 414 for (const auto &MI : MBB) { 415 // LOOP marker should be after any existing loop that ends here. Otherwise 416 // we assume the instruction belongs to the loop. 417 if (MI.getOpcode() == WebAssembly::END_LOOP) 418 BeforeSet.insert(&MI); 419 #ifndef NDEBUG 420 else 421 AfterSet.insert(&MI); 422 #endif 423 } 424 425 // Mark the beginning of the loop. 426 auto InsertPos = getEarliestInsertPos(&MBB, BeforeSet, AfterSet); 427 MachineInstr *Begin = BuildMI(MBB, InsertPos, MBB.findDebugLoc(InsertPos), 428 TII.get(WebAssembly::LOOP)) 429 .addImm(int64_t(WebAssembly::BlockType::Void)); 430 431 // Decide where in Header to put the END_LOOP. 432 BeforeSet.clear(); 433 AfterSet.clear(); 434 #ifndef NDEBUG 435 for (const auto &MI : MBB) 436 // Existing END_LOOP markers belong to parent loops of this loop 437 if (MI.getOpcode() == WebAssembly::END_LOOP) 438 AfterSet.insert(&MI); 439 #endif 440 441 // Mark the end of the loop (using arbitrary debug location that branched to 442 // the loop end as its location). 443 InsertPos = getEarliestInsertPos(AfterLoop, BeforeSet, AfterSet); 444 DebugLoc EndDL = AfterLoop->pred_empty() 445 ? DebugLoc() 446 : (*AfterLoop->pred_rbegin())->findBranchDebugLoc(); 447 MachineInstr *End = 448 BuildMI(*AfterLoop, InsertPos, EndDL, TII.get(WebAssembly::END_LOOP)); 449 registerScope(Begin, End); 450 451 assert((!ScopeTops[AfterLoop->getNumber()] || 452 ScopeTops[AfterLoop->getNumber()]->getNumber() < MBB.getNumber()) && 453 "With block sorting the outermost loop for a block should be first."); 454 updateScopeTops(&MBB, AfterLoop); 455 } 456 457 void WebAssemblyCFGStackify::placeTryMarker(MachineBasicBlock &MBB) { 458 assert(MBB.isEHPad()); 459 MachineFunction &MF = *MBB.getParent(); 460 auto &MDT = getAnalysis<MachineDominatorTree>(); 461 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 462 const auto &MLI = getAnalysis<MachineLoopInfo>(); 463 const auto &WEI = getAnalysis<WebAssemblyExceptionInfo>(); 464 SortRegionInfo SRI(MLI, WEI); 465 const auto &MFI = *MF.getInfo<WebAssemblyFunctionInfo>(); 466 467 // Compute the nearest common dominator of all unwind predecessors 468 MachineBasicBlock *Header = nullptr; 469 int MBBNumber = MBB.getNumber(); 470 for (auto *Pred : MBB.predecessors()) { 471 if (Pred->getNumber() < MBBNumber) { 472 Header = Header ? MDT.findNearestCommonDominator(Header, Pred) : Pred; 473 assert(!explicitlyBranchesTo(Pred, &MBB) && 474 "Explicit branch to an EH pad!"); 475 } 476 } 477 if (!Header) 478 return; 479 480 // If this try is at the bottom of the function, insert a dummy block at the 481 // end. 482 WebAssemblyException *WE = WEI.getExceptionFor(&MBB); 483 assert(WE); 484 MachineBasicBlock *Bottom = SRI.getBottom(WE); 485 486 auto Iter = std::next(Bottom->getIterator()); 487 if (Iter == MF.end()) { 488 getAppendixBlock(MF); 489 Iter = std::next(Bottom->getIterator()); 490 } 491 MachineBasicBlock *Cont = &*Iter; 492 493 assert(Cont != &MF.front()); 494 MachineBasicBlock *LayoutPred = Cont->getPrevNode(); 495 496 // If the nearest common dominator is inside a more deeply nested context, 497 // walk out to the nearest scope which isn't more deeply nested. 498 for (MachineFunction::iterator I(LayoutPred), E(Header); I != E; --I) { 499 if (MachineBasicBlock *ScopeTop = ScopeTops[I->getNumber()]) { 500 if (ScopeTop->getNumber() > Header->getNumber()) { 501 // Skip over an intervening scope. 502 I = std::next(ScopeTop->getIterator()); 503 } else { 504 // We found a scope level at an appropriate depth. 505 Header = ScopeTop; 506 break; 507 } 508 } 509 } 510 511 // Decide where in Header to put the TRY. 512 513 // Instructions that should go before the TRY. 514 SmallPtrSet<const MachineInstr *, 4> BeforeSet; 515 // Instructions that should go after the TRY. 516 SmallPtrSet<const MachineInstr *, 4> AfterSet; 517 for (const auto &MI : *Header) { 518 // If there is a previously placed LOOP marker and the bottom block of the 519 // loop is above MBB, it should be after the TRY, because the loop is nested 520 // in this TRY. Otherwise it should be before the TRY. 521 if (MI.getOpcode() == WebAssembly::LOOP) { 522 auto *LoopBottom = BeginToEnd[&MI]->getParent()->getPrevNode(); 523 if (MBB.getNumber() > LoopBottom->getNumber()) 524 AfterSet.insert(&MI); 525 #ifndef NDEBUG 526 else 527 BeforeSet.insert(&MI); 528 #endif 529 } 530 531 // All previously inserted BLOCK/TRY markers should be after the TRY because 532 // they are all nested trys. 533 if (MI.getOpcode() == WebAssembly::BLOCK || 534 MI.getOpcode() == WebAssembly::TRY) 535 AfterSet.insert(&MI); 536 537 #ifndef NDEBUG 538 // All END_(BLOCK/LOOP/TRY) markers should be before the TRY. 539 if (MI.getOpcode() == WebAssembly::END_BLOCK || 540 MI.getOpcode() == WebAssembly::END_LOOP || 541 MI.getOpcode() == WebAssembly::END_TRY) 542 BeforeSet.insert(&MI); 543 #endif 544 545 // Terminators should go after the TRY. 546 if (MI.isTerminator()) 547 AfterSet.insert(&MI); 548 } 549 550 // If Header unwinds to MBB (= Header contains 'invoke'), the try block should 551 // contain the call within it. So the call should go after the TRY. The 552 // exception is when the header's terminator is a rethrow instruction, in 553 // which case that instruction, not a call instruction before it, is gonna 554 // throw. 555 MachineInstr *ThrowingCall = nullptr; 556 if (MBB.isPredecessor(Header)) { 557 auto TermPos = Header->getFirstTerminator(); 558 if (TermPos == Header->end() || 559 TermPos->getOpcode() != WebAssembly::RETHROW) { 560 for (auto &MI : reverse(*Header)) { 561 if (MI.isCall()) { 562 AfterSet.insert(&MI); 563 ThrowingCall = &MI; 564 // Possibly throwing calls are usually wrapped by EH_LABEL 565 // instructions. We don't want to split them and the call. 566 if (MI.getIterator() != Header->begin() && 567 std::prev(MI.getIterator())->isEHLabel()) { 568 AfterSet.insert(&*std::prev(MI.getIterator())); 569 ThrowingCall = &*std::prev(MI.getIterator()); 570 } 571 break; 572 } 573 } 574 } 575 } 576 577 // Local expression tree should go after the TRY. 578 // For BLOCK placement, we start the search from the previous instruction of a 579 // BB's terminator, but in TRY's case, we should start from the previous 580 // instruction of a call that can throw, or a EH_LABEL that precedes the call, 581 // because the return values of the call's previous instructions can be 582 // stackified and consumed by the throwing call. 583 auto SearchStartPt = ThrowingCall ? MachineBasicBlock::iterator(ThrowingCall) 584 : Header->getFirstTerminator(); 585 for (auto I = SearchStartPt, E = Header->begin(); I != E; --I) { 586 if (std::prev(I)->isDebugInstr() || std::prev(I)->isPosition()) 587 continue; 588 if (WebAssembly::isChild(*std::prev(I), MFI)) 589 AfterSet.insert(&*std::prev(I)); 590 else 591 break; 592 } 593 594 // Add the TRY. 595 auto InsertPos = getLatestInsertPos(Header, BeforeSet, AfterSet); 596 MachineInstr *Begin = 597 BuildMI(*Header, InsertPos, Header->findDebugLoc(InsertPos), 598 TII.get(WebAssembly::TRY)) 599 .addImm(int64_t(WebAssembly::BlockType::Void)); 600 601 // Decide where in Header to put the END_TRY. 602 BeforeSet.clear(); 603 AfterSet.clear(); 604 for (const auto &MI : *Cont) { 605 #ifndef NDEBUG 606 // END_TRY should precede existing LOOP and BLOCK markers. 607 if (MI.getOpcode() == WebAssembly::LOOP || 608 MI.getOpcode() == WebAssembly::BLOCK) 609 AfterSet.insert(&MI); 610 611 // All END_TRY markers placed earlier belong to exceptions that contains 612 // this one. 613 if (MI.getOpcode() == WebAssembly::END_TRY) 614 AfterSet.insert(&MI); 615 #endif 616 617 // If there is a previously placed END_LOOP marker and its header is after 618 // where TRY marker is, this loop is contained within the 'catch' part, so 619 // the END_TRY marker should go after that. Otherwise, the whole try-catch 620 // is contained within this loop, so the END_TRY should go before that. 621 if (MI.getOpcode() == WebAssembly::END_LOOP) { 622 // For a LOOP to be after TRY, LOOP's BB should be after TRY's BB; if they 623 // are in the same BB, LOOP is always before TRY. 624 if (EndToBegin[&MI]->getParent()->getNumber() > Header->getNumber()) 625 BeforeSet.insert(&MI); 626 #ifndef NDEBUG 627 else 628 AfterSet.insert(&MI); 629 #endif 630 } 631 632 // It is not possible for an END_BLOCK to be already in this block. 633 } 634 635 // Mark the end of the TRY. 636 InsertPos = getEarliestInsertPos(Cont, BeforeSet, AfterSet); 637 MachineInstr *End = 638 BuildMI(*Cont, InsertPos, Bottom->findBranchDebugLoc(), 639 TII.get(WebAssembly::END_TRY)); 640 registerTryScope(Begin, End, &MBB); 641 642 // Track the farthest-spanning scope that ends at this point. We create two 643 // mappings: (BB with 'end_try' -> BB with 'try') and (BB with 'catch' -> BB 644 // with 'try'). We need to create 'catch' -> 'try' mapping here too because 645 // markers should not span across 'catch'. For example, this should not 646 // happen: 647 // 648 // try 649 // block --| (X) 650 // catch | 651 // end_block --| 652 // end_try 653 for (auto *End : {&MBB, Cont}) 654 updateScopeTops(Header, End); 655 } 656 657 void WebAssemblyCFGStackify::removeUnnecessaryInstrs(MachineFunction &MF) { 658 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 659 660 // When there is an unconditional branch right before a catch instruction and 661 // it branches to the end of end_try marker, we don't need the branch, because 662 // it there is no exception, the control flow transfers to that point anyway. 663 // bb0: 664 // try 665 // ... 666 // br bb2 <- Not necessary 667 // bb1 (ehpad): 668 // catch 669 // ... 670 // bb2: <- Continuation BB 671 // end 672 // 673 // A more involved case: When the BB where 'end' is located is an another EH 674 // pad, the Cont (= continuation) BB is that EH pad's 'end' BB. For example, 675 // bb0: 676 // try 677 // try 678 // ... 679 // br bb3 <- Not necessary 680 // bb1 (ehpad): 681 // catch 682 // bb2 (ehpad): 683 // end 684 // catch 685 // ... 686 // bb3: <- Continuation BB 687 // end 688 // 689 // When the EH pad at hand is bb1, its matching end_try is in bb2. But it is 690 // another EH pad, so bb0's continuation BB becomes bb3. So 'br bb3' in the 691 // code can be deleted. This is why we run 'while' until 'Cont' is not an EH 692 // pad. 693 for (auto &MBB : MF) { 694 if (!MBB.isEHPad()) 695 continue; 696 697 MachineBasicBlock *TBB = nullptr, *FBB = nullptr; 698 SmallVector<MachineOperand, 4> Cond; 699 MachineBasicBlock *EHPadLayoutPred = MBB.getPrevNode(); 700 701 MachineBasicBlock *Cont = &MBB; 702 while (Cont->isEHPad()) { 703 MachineInstr *Try = EHPadToTry[Cont]; 704 MachineInstr *EndTry = BeginToEnd[Try]; 705 // We started from an EH pad, so the end marker cannot be a delegate 706 assert(EndTry->getOpcode() != WebAssembly::DELEGATE); 707 Cont = EndTry->getParent(); 708 } 709 710 bool Analyzable = !TII.analyzeBranch(*EHPadLayoutPred, TBB, FBB, Cond); 711 // This condition means either 712 // 1. This BB ends with a single unconditional branch whose destinaion is 713 // Cont. 714 // 2. This BB ends with a conditional branch followed by an unconditional 715 // branch, and the unconditional branch's destination is Cont. 716 // In both cases, we want to remove the last (= unconditional) branch. 717 if (Analyzable && ((Cond.empty() && TBB && TBB == Cont) || 718 (!Cond.empty() && FBB && FBB == Cont))) { 719 bool ErasedUncondBr = false; 720 (void)ErasedUncondBr; 721 for (auto I = EHPadLayoutPred->end(), E = EHPadLayoutPred->begin(); 722 I != E; --I) { 723 auto PrevI = std::prev(I); 724 if (PrevI->isTerminator()) { 725 assert(PrevI->getOpcode() == WebAssembly::BR); 726 PrevI->eraseFromParent(); 727 ErasedUncondBr = true; 728 break; 729 } 730 } 731 assert(ErasedUncondBr && "Unconditional branch not erased!"); 732 } 733 } 734 735 // When there are block / end_block markers that overlap with try / end_try 736 // markers, and the block and try markers' return types are the same, the 737 // block /end_block markers are not necessary, because try / end_try markers 738 // also can serve as boundaries for branches. 739 // block <- Not necessary 740 // try 741 // ... 742 // catch 743 // ... 744 // end 745 // end <- Not necessary 746 SmallVector<MachineInstr *, 32> ToDelete; 747 for (auto &MBB : MF) { 748 for (auto &MI : MBB) { 749 if (MI.getOpcode() != WebAssembly::TRY) 750 continue; 751 MachineInstr *Try = &MI, *EndTry = BeginToEnd[Try]; 752 if (EndTry->getOpcode() == WebAssembly::DELEGATE) 753 continue; 754 755 MachineBasicBlock *TryBB = Try->getParent(); 756 MachineBasicBlock *Cont = EndTry->getParent(); 757 int64_t RetType = Try->getOperand(0).getImm(); 758 for (auto B = Try->getIterator(), E = std::next(EndTry->getIterator()); 759 B != TryBB->begin() && E != Cont->end() && 760 std::prev(B)->getOpcode() == WebAssembly::BLOCK && 761 E->getOpcode() == WebAssembly::END_BLOCK && 762 std::prev(B)->getOperand(0).getImm() == RetType; 763 --B, ++E) { 764 ToDelete.push_back(&*std::prev(B)); 765 ToDelete.push_back(&*E); 766 } 767 } 768 } 769 for (auto *MI : ToDelete) { 770 if (MI->getOpcode() == WebAssembly::BLOCK) 771 unregisterScope(MI); 772 MI->eraseFromParent(); 773 } 774 } 775 776 // Get the appropriate copy opcode for the given register class. 777 static unsigned getCopyOpcode(const TargetRegisterClass *RC) { 778 if (RC == &WebAssembly::I32RegClass) 779 return WebAssembly::COPY_I32; 780 if (RC == &WebAssembly::I64RegClass) 781 return WebAssembly::COPY_I64; 782 if (RC == &WebAssembly::F32RegClass) 783 return WebAssembly::COPY_F32; 784 if (RC == &WebAssembly::F64RegClass) 785 return WebAssembly::COPY_F64; 786 if (RC == &WebAssembly::V128RegClass) 787 return WebAssembly::COPY_V128; 788 if (RC == &WebAssembly::FUNCREFRegClass) 789 return WebAssembly::COPY_FUNCREF; 790 if (RC == &WebAssembly::EXTERNREFRegClass) 791 return WebAssembly::COPY_EXTERNREF; 792 llvm_unreachable("Unexpected register class"); 793 } 794 795 // When MBB is split into MBB and Split, we should unstackify defs in MBB that 796 // have their uses in Split. 797 static void unstackifyVRegsUsedInSplitBB(MachineBasicBlock &MBB, 798 MachineBasicBlock &Split) { 799 MachineFunction &MF = *MBB.getParent(); 800 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 801 auto &MFI = *MF.getInfo<WebAssemblyFunctionInfo>(); 802 auto &MRI = MF.getRegInfo(); 803 804 for (auto &MI : Split) { 805 for (auto &MO : MI.explicit_uses()) { 806 if (!MO.isReg() || Register::isPhysicalRegister(MO.getReg())) 807 continue; 808 if (MachineInstr *Def = MRI.getUniqueVRegDef(MO.getReg())) 809 if (Def->getParent() == &MBB) 810 MFI.unstackifyVReg(MO.getReg()); 811 } 812 } 813 814 // In RegStackify, when a register definition is used multiple times, 815 // Reg = INST ... 816 // INST ..., Reg, ... 817 // INST ..., Reg, ... 818 // INST ..., Reg, ... 819 // 820 // we introduce a TEE, which has the following form: 821 // DefReg = INST ... 822 // TeeReg, Reg = TEE_... DefReg 823 // INST ..., TeeReg, ... 824 // INST ..., Reg, ... 825 // INST ..., Reg, ... 826 // with DefReg and TeeReg stackified but Reg not stackified. 827 // 828 // But the invariant that TeeReg should be stackified can be violated while we 829 // unstackify registers in the split BB above. In this case, we convert TEEs 830 // into two COPYs. This COPY will be eventually eliminated in ExplicitLocals. 831 // DefReg = INST ... 832 // TeeReg = COPY DefReg 833 // Reg = COPY DefReg 834 // INST ..., TeeReg, ... 835 // INST ..., Reg, ... 836 // INST ..., Reg, ... 837 for (auto I = MBB.begin(), E = MBB.end(); I != E;) { 838 MachineInstr &MI = *I++; 839 if (!WebAssembly::isTee(MI.getOpcode())) 840 continue; 841 Register TeeReg = MI.getOperand(0).getReg(); 842 Register Reg = MI.getOperand(1).getReg(); 843 Register DefReg = MI.getOperand(2).getReg(); 844 if (!MFI.isVRegStackified(TeeReg)) { 845 // Now we are not using TEE anymore, so unstackify DefReg too 846 MFI.unstackifyVReg(DefReg); 847 unsigned CopyOpc = getCopyOpcode(MRI.getRegClass(DefReg)); 848 BuildMI(MBB, &MI, MI.getDebugLoc(), TII.get(CopyOpc), TeeReg) 849 .addReg(DefReg); 850 BuildMI(MBB, &MI, MI.getDebugLoc(), TII.get(CopyOpc), Reg).addReg(DefReg); 851 MI.eraseFromParent(); 852 } 853 } 854 } 855 856 // Wrap the given range of instruction with try-delegate. RangeBegin and 857 // RangeEnd are inclusive. 858 void WebAssemblyCFGStackify::addTryDelegate(MachineInstr *RangeBegin, 859 MachineInstr *RangeEnd, 860 MachineBasicBlock *DelegateDest) { 861 auto *BeginBB = RangeBegin->getParent(); 862 auto *EndBB = RangeEnd->getParent(); 863 MachineFunction &MF = *BeginBB->getParent(); 864 const auto &MFI = *MF.getInfo<WebAssemblyFunctionInfo>(); 865 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 866 867 // Local expression tree before the first call of this range should go 868 // after the nested TRY. 869 SmallPtrSet<const MachineInstr *, 4> AfterSet; 870 AfterSet.insert(RangeBegin); 871 for (auto I = MachineBasicBlock::iterator(RangeBegin), E = BeginBB->begin(); 872 I != E; --I) { 873 if (std::prev(I)->isDebugInstr() || std::prev(I)->isPosition()) 874 continue; 875 if (WebAssembly::isChild(*std::prev(I), MFI)) 876 AfterSet.insert(&*std::prev(I)); 877 else 878 break; 879 } 880 881 // Create the nested try instruction. 882 auto TryPos = getLatestInsertPos( 883 BeginBB, SmallPtrSet<const MachineInstr *, 4>(), AfterSet); 884 MachineInstr *Try = BuildMI(*BeginBB, TryPos, RangeBegin->getDebugLoc(), 885 TII.get(WebAssembly::TRY)) 886 .addImm(int64_t(WebAssembly::BlockType::Void)); 887 888 // Create a BB to insert the 'delegate' instruction. 889 MachineBasicBlock *DelegateBB = MF.CreateMachineBasicBlock(); 890 // If the destination of 'delegate' is not the caller, adds the destination to 891 // the BB's successors. 892 if (DelegateDest != FakeCallerBB) 893 DelegateBB->addSuccessor(DelegateDest); 894 895 auto SplitPos = std::next(RangeEnd->getIterator()); 896 if (SplitPos == EndBB->end()) { 897 // If the range's end instruction is at the end of the BB, insert the new 898 // delegate BB after the current BB. 899 MF.insert(std::next(EndBB->getIterator()), DelegateBB); 900 EndBB->addSuccessor(DelegateBB); 901 902 } else { 903 // When the split pos is in the middle of a BB, we split the BB into two and 904 // put the 'delegate' BB in between. We normally create a split BB and make 905 // it a successor of the original BB (PostSplit == true), but in case the BB 906 // is an EH pad and the split pos is before 'catch', we should preserve the 907 // BB's property, including that it is an EH pad, in the later part of the 908 // BB, where 'catch' is. In this case we set PostSplit to false. 909 bool PostSplit = true; 910 if (EndBB->isEHPad()) { 911 for (auto I = MachineBasicBlock::iterator(SplitPos), E = EndBB->end(); 912 I != E; ++I) { 913 if (WebAssembly::isCatch(I->getOpcode())) { 914 PostSplit = false; 915 break; 916 } 917 } 918 } 919 920 MachineBasicBlock *PreBB = nullptr, *PostBB = nullptr; 921 if (PostSplit) { 922 // If the range's end instruction is in the middle of the BB, we split the 923 // BB into two and insert the delegate BB in between. 924 // - Before: 925 // bb: 926 // range_end 927 // other_insts 928 // 929 // - After: 930 // pre_bb: (previous 'bb') 931 // range_end 932 // delegate_bb: (new) 933 // delegate 934 // post_bb: (new) 935 // other_insts 936 PreBB = EndBB; 937 PostBB = MF.CreateMachineBasicBlock(); 938 MF.insert(std::next(PreBB->getIterator()), PostBB); 939 MF.insert(std::next(PreBB->getIterator()), DelegateBB); 940 PostBB->splice(PostBB->end(), PreBB, SplitPos, PreBB->end()); 941 PostBB->transferSuccessors(PreBB); 942 } else { 943 // - Before: 944 // ehpad: 945 // range_end 946 // catch 947 // ... 948 // 949 // - After: 950 // pre_bb: (new) 951 // range_end 952 // delegate_bb: (new) 953 // delegate 954 // post_bb: (previous 'ehpad') 955 // catch 956 // ... 957 assert(EndBB->isEHPad()); 958 PreBB = MF.CreateMachineBasicBlock(); 959 PostBB = EndBB; 960 MF.insert(PostBB->getIterator(), PreBB); 961 MF.insert(PostBB->getIterator(), DelegateBB); 962 PreBB->splice(PreBB->end(), PostBB, PostBB->begin(), SplitPos); 963 // We don't need to transfer predecessors of the EH pad to 'PreBB', 964 // because an EH pad's predecessors are all through unwind edges and they 965 // should still unwind to the EH pad, not PreBB. 966 } 967 unstackifyVRegsUsedInSplitBB(*PreBB, *PostBB); 968 PreBB->addSuccessor(DelegateBB); 969 PreBB->addSuccessor(PostBB); 970 } 971 972 // Add 'delegate' instruction in the delegate BB created above. 973 MachineInstr *Delegate = BuildMI(DelegateBB, RangeEnd->getDebugLoc(), 974 TII.get(WebAssembly::DELEGATE)) 975 .addMBB(DelegateDest); 976 registerTryScope(Try, Delegate, nullptr); 977 } 978 979 bool WebAssemblyCFGStackify::fixCallUnwindMismatches(MachineFunction &MF) { 980 // Linearizing the control flow by placing TRY / END_TRY markers can create 981 // mismatches in unwind destinations for throwing instructions, such as calls. 982 // 983 // We use the 'delegate' instruction to fix the unwind mismatches. 'delegate' 984 // instruction delegates an exception to an outer 'catch'. It can target not 985 // only 'catch' but all block-like structures including another 'delegate', 986 // but with slightly different semantics than branches. When it targets a 987 // 'catch', it will delegate the exception to that catch. It is being 988 // discussed how to define the semantics when 'delegate''s target is a non-try 989 // block: it will either be a validation failure or it will target the next 990 // outer try-catch. But anyway our LLVM backend currently does not generate 991 // such code. The example below illustrates where the 'delegate' instruction 992 // in the middle will delegate the exception to, depending on the value of N. 993 // try 994 // try 995 // block 996 // try 997 // try 998 // call @foo 999 // delegate N ;; Where will this delegate to? 1000 // catch ;; N == 0 1001 // end 1002 // end ;; N == 1 (invalid; will not be generated) 1003 // delegate ;; N == 2 1004 // catch ;; N == 3 1005 // end 1006 // ;; N == 4 (to caller) 1007 1008 // 1. When an instruction may throw, but the EH pad it will unwind to can be 1009 // different from the original CFG. 1010 // 1011 // Example: we have the following CFG: 1012 // bb0: 1013 // call @foo ; if it throws, unwind to bb2 1014 // bb1: 1015 // call @bar ; if it throws, unwind to bb3 1016 // bb2 (ehpad): 1017 // catch 1018 // ... 1019 // bb3 (ehpad) 1020 // catch 1021 // ... 1022 // 1023 // And the CFG is sorted in this order. Then after placing TRY markers, it 1024 // will look like: (BB markers are omitted) 1025 // try 1026 // try 1027 // call @foo 1028 // call @bar ;; if it throws, unwind to bb3 1029 // catch ;; ehpad (bb2) 1030 // ... 1031 // end_try 1032 // catch ;; ehpad (bb3) 1033 // ... 1034 // end_try 1035 // 1036 // Now if bar() throws, it is going to end up ip in bb2, not bb3, where it 1037 // is supposed to end up. We solve this problem by wrapping the mismatching 1038 // call with an inner try-delegate that rethrows the exception to the right 1039 // 'catch'. 1040 // 1041 // try 1042 // try 1043 // call @foo 1044 // try ;; (new) 1045 // call @bar 1046 // delegate 1 (bb3) ;; (new) 1047 // catch ;; ehpad (bb2) 1048 // ... 1049 // end_try 1050 // catch ;; ehpad (bb3) 1051 // ... 1052 // end_try 1053 // 1054 // --- 1055 // 2. The same as 1, but in this case an instruction unwinds to a caller 1056 // function and not another EH pad. 1057 // 1058 // Example: we have the following CFG: 1059 // bb0: 1060 // call @foo ; if it throws, unwind to bb2 1061 // bb1: 1062 // call @bar ; if it throws, unwind to caller 1063 // bb2 (ehpad): 1064 // catch 1065 // ... 1066 // 1067 // And the CFG is sorted in this order. Then after placing TRY markers, it 1068 // will look like: 1069 // try 1070 // call @foo 1071 // call @bar ;; if it throws, unwind to caller 1072 // catch ;; ehpad (bb2) 1073 // ... 1074 // end_try 1075 // 1076 // Now if bar() throws, it is going to end up ip in bb2, when it is supposed 1077 // throw up to the caller. We solve this problem in the same way, but in this 1078 // case 'delegate's immediate argument is the number of block depths + 1, 1079 // which means it rethrows to the caller. 1080 // try 1081 // call @foo 1082 // try ;; (new) 1083 // call @bar 1084 // delegate 1 (caller) ;; (new) 1085 // catch ;; ehpad (bb2) 1086 // ... 1087 // end_try 1088 // 1089 // Before rewriteDepthImmediates, delegate's argument is a BB. In case of the 1090 // caller, it will take a fake BB generated by getFakeCallerBlock(), which 1091 // will be converted to a correct immediate argument later. 1092 // 1093 // In case there are multiple calls in a BB that may throw to the caller, they 1094 // can be wrapped together in one nested try-delegate scope. (In 1, this 1095 // couldn't happen, because may-throwing instruction there had an unwind 1096 // destination, i.e., it was an invoke before, and there could be only one 1097 // invoke within a BB.) 1098 1099 SmallVector<const MachineBasicBlock *, 8> EHPadStack; 1100 // Range of intructions to be wrapped in a new nested try/catch. A range 1101 // exists in a single BB and does not span multiple BBs. 1102 using TryRange = std::pair<MachineInstr *, MachineInstr *>; 1103 // In original CFG, <unwind destination BB, a vector of try ranges> 1104 DenseMap<MachineBasicBlock *, SmallVector<TryRange, 4>> UnwindDestToTryRanges; 1105 1106 // Gather possibly throwing calls (i.e., previously invokes) whose current 1107 // unwind destination is not the same as the original CFG. (Case 1) 1108 1109 for (auto &MBB : reverse(MF)) { 1110 bool SeenThrowableInstInBB = false; 1111 for (auto &MI : reverse(MBB)) { 1112 if (MI.getOpcode() == WebAssembly::TRY) 1113 EHPadStack.pop_back(); 1114 else if (WebAssembly::isCatch(MI.getOpcode())) 1115 EHPadStack.push_back(MI.getParent()); 1116 1117 // In this loop we only gather calls that have an EH pad to unwind. So 1118 // there will be at most 1 such call (= invoke) in a BB, so after we've 1119 // seen one, we can skip the rest of BB. Also if MBB has no EH pad 1120 // successor or MI does not throw, this is not an invoke. 1121 if (SeenThrowableInstInBB || !MBB.hasEHPadSuccessor() || 1122 !WebAssembly::mayThrow(MI)) 1123 continue; 1124 SeenThrowableInstInBB = true; 1125 1126 // If the EH pad on the stack top is where this instruction should unwind 1127 // next, we're good. 1128 MachineBasicBlock *UnwindDest = getFakeCallerBlock(MF); 1129 for (auto *Succ : MBB.successors()) { 1130 // Even though semantically a BB can have multiple successors in case an 1131 // exception is not caught by a catchpad, in our backend implementation 1132 // it is guaranteed that a BB can have at most one EH pad successor. For 1133 // details, refer to comments in findWasmUnwindDestinations function in 1134 // SelectionDAGBuilder.cpp. 1135 if (Succ->isEHPad()) { 1136 UnwindDest = Succ; 1137 break; 1138 } 1139 } 1140 if (EHPadStack.back() == UnwindDest) 1141 continue; 1142 1143 // Include EH_LABELs in the range before and afer the invoke 1144 MachineInstr *RangeBegin = &MI, *RangeEnd = &MI; 1145 if (RangeBegin->getIterator() != MBB.begin() && 1146 std::prev(RangeBegin->getIterator())->isEHLabel()) 1147 RangeBegin = &*std::prev(RangeBegin->getIterator()); 1148 if (std::next(RangeEnd->getIterator()) != MBB.end() && 1149 std::next(RangeEnd->getIterator())->isEHLabel()) 1150 RangeEnd = &*std::next(RangeEnd->getIterator()); 1151 1152 // If not, record the range. 1153 UnwindDestToTryRanges[UnwindDest].push_back( 1154 TryRange(RangeBegin, RangeEnd)); 1155 LLVM_DEBUG(dbgs() << "- Call unwind mismatch: MBB = " << MBB.getName() 1156 << "\nCall = " << MI 1157 << "\nOriginal dest = " << UnwindDest->getName() 1158 << " Current dest = " << EHPadStack.back()->getName() 1159 << "\n\n"); 1160 } 1161 } 1162 1163 assert(EHPadStack.empty()); 1164 1165 // Gather possibly throwing calls that are supposed to unwind up to the caller 1166 // if they throw, but currently unwind to an incorrect destination. Unlike the 1167 // loop above, there can be multiple calls within a BB that unwind to the 1168 // caller, which we should group together in a range. (Case 2) 1169 1170 MachineInstr *RangeBegin = nullptr, *RangeEnd = nullptr; // inclusive 1171 1172 // Record the range. 1173 auto RecordCallerMismatchRange = [&](const MachineBasicBlock *CurrentDest) { 1174 UnwindDestToTryRanges[getFakeCallerBlock(MF)].push_back( 1175 TryRange(RangeBegin, RangeEnd)); 1176 LLVM_DEBUG(dbgs() << "- Call unwind mismatch: MBB = " 1177 << RangeBegin->getParent()->getName() 1178 << "\nRange begin = " << *RangeBegin 1179 << "Range end = " << *RangeEnd 1180 << "\nOriginal dest = caller Current dest = " 1181 << CurrentDest->getName() << "\n\n"); 1182 RangeBegin = RangeEnd = nullptr; // Reset range pointers 1183 }; 1184 1185 for (auto &MBB : reverse(MF)) { 1186 bool SeenThrowableInstInBB = false; 1187 for (auto &MI : reverse(MBB)) { 1188 if (MI.getOpcode() == WebAssembly::TRY) 1189 EHPadStack.pop_back(); 1190 else if (WebAssembly::isCatch(MI.getOpcode())) 1191 EHPadStack.push_back(MI.getParent()); 1192 bool MayThrow = WebAssembly::mayThrow(MI); 1193 1194 // If MBB has an EH pad successor and this is the last instruction that 1195 // may throw, this instruction unwinds to the EH pad and not to the 1196 // caller. 1197 if (MBB.hasEHPadSuccessor() && MayThrow && !SeenThrowableInstInBB) { 1198 SeenThrowableInstInBB = true; 1199 continue; 1200 } 1201 1202 // We wrap up the current range when we see a marker even if we haven't 1203 // finished a BB. 1204 if (RangeEnd && WebAssembly::isMarker(MI.getOpcode())) { 1205 RecordCallerMismatchRange(EHPadStack.back()); 1206 continue; 1207 } 1208 1209 // If EHPadStack is empty, that means it correctly unwinds to the caller 1210 // if it throws, so we're good. If MI does not throw, we're good too. 1211 if (EHPadStack.empty() || !MayThrow) 1212 continue; 1213 1214 // We found an instruction that unwinds to the caller but currently has an 1215 // incorrect unwind destination. Create a new range or increment the 1216 // currently existing range. 1217 if (!RangeEnd) 1218 RangeBegin = RangeEnd = &MI; 1219 else 1220 RangeBegin = &MI; 1221 } 1222 1223 if (RangeEnd) 1224 RecordCallerMismatchRange(EHPadStack.back()); 1225 } 1226 1227 assert(EHPadStack.empty()); 1228 1229 // We don't have any unwind destination mismatches to resolve. 1230 if (UnwindDestToTryRanges.empty()) 1231 return false; 1232 1233 // Now we fix the mismatches by wrapping calls with inner try-delegates. 1234 for (auto &P : UnwindDestToTryRanges) { 1235 NumCallUnwindMismatches += P.second.size(); 1236 MachineBasicBlock *UnwindDest = P.first; 1237 auto &TryRanges = P.second; 1238 1239 for (auto Range : TryRanges) { 1240 MachineInstr *RangeBegin = nullptr, *RangeEnd = nullptr; 1241 std::tie(RangeBegin, RangeEnd) = Range; 1242 auto *MBB = RangeBegin->getParent(); 1243 1244 // If this BB has an EH pad successor, i.e., ends with an 'invoke', now we 1245 // are going to wrap the invoke with try-delegate, making the 'delegate' 1246 // BB the new successor instead, so remove the EH pad succesor here. The 1247 // BB may not have an EH pad successor if calls in this BB throw to the 1248 // caller. 1249 MachineBasicBlock *EHPad = nullptr; 1250 for (auto *Succ : MBB->successors()) { 1251 if (Succ->isEHPad()) { 1252 EHPad = Succ; 1253 break; 1254 } 1255 } 1256 if (EHPad) 1257 MBB->removeSuccessor(EHPad); 1258 1259 addTryDelegate(RangeBegin, RangeEnd, UnwindDest); 1260 } 1261 } 1262 1263 return true; 1264 } 1265 1266 bool WebAssemblyCFGStackify::fixCatchUnwindMismatches(MachineFunction &MF) { 1267 // There is another kind of unwind destination mismatches besides call unwind 1268 // mismatches, which we will call "catch unwind mismatches". See this example 1269 // after the marker placement: 1270 // try 1271 // try 1272 // call @foo 1273 // catch __cpp_exception ;; ehpad A (next unwind dest: caller) 1274 // ... 1275 // end_try 1276 // catch_all ;; ehpad B 1277 // ... 1278 // end_try 1279 // 1280 // 'call @foo's unwind destination is the ehpad A. But suppose 'call @foo' 1281 // throws a foreign exception that is not caught by ehpad A, and its next 1282 // destination should be the caller. But after control flow linearization, 1283 // another EH pad can be placed in between (e.g. ehpad B here), making the 1284 // next unwind destination incorrect. In this case, the foreign exception 1285 // will instead go to ehpad B and will be caught there instead. In this 1286 // example the correct next unwind destination is the caller, but it can be 1287 // another outer catch in other cases. 1288 // 1289 // There is no specific 'call' or 'throw' instruction to wrap with a 1290 // try-delegate, so we wrap the whole try-catch-end with a try-delegate and 1291 // make it rethrow to the right destination, as in the example below: 1292 // try 1293 // try ;; (new) 1294 // try 1295 // call @foo 1296 // catch __cpp_exception ;; ehpad A (next unwind dest: caller) 1297 // ... 1298 // end_try 1299 // delegate 1 (caller) ;; (new) 1300 // catch_all ;; ehpad B 1301 // ... 1302 // end_try 1303 1304 const auto *EHInfo = MF.getWasmEHFuncInfo(); 1305 SmallVector<const MachineBasicBlock *, 8> EHPadStack; 1306 // For EH pads that have catch unwind mismatches, a map of <EH pad, its 1307 // correct unwind destination>. 1308 DenseMap<MachineBasicBlock *, MachineBasicBlock *> EHPadToUnwindDest; 1309 1310 for (auto &MBB : reverse(MF)) { 1311 for (auto &MI : reverse(MBB)) { 1312 if (MI.getOpcode() == WebAssembly::TRY) 1313 EHPadStack.pop_back(); 1314 else if (MI.getOpcode() == WebAssembly::DELEGATE) 1315 EHPadStack.push_back(&MBB); 1316 else if (WebAssembly::isCatch(MI.getOpcode())) { 1317 auto *EHPad = &MBB; 1318 1319 // catch_all always catches an exception, so we don't need to do 1320 // anything 1321 if (MI.getOpcode() == WebAssembly::CATCH_ALL) { 1322 } 1323 1324 // This can happen when the unwind dest was removed during the 1325 // optimization, e.g. because it was unreachable. 1326 else if (EHPadStack.empty() && EHInfo->hasEHPadUnwindDest(EHPad)) { 1327 LLVM_DEBUG(dbgs() << "EHPad (" << EHPad->getName() 1328 << "'s unwind destination does not exist anymore" 1329 << "\n\n"); 1330 } 1331 1332 // The EHPad's next unwind destination is the caller, but we incorrectly 1333 // unwind to another EH pad. 1334 else if (!EHPadStack.empty() && !EHInfo->hasEHPadUnwindDest(EHPad)) { 1335 EHPadToUnwindDest[EHPad] = getFakeCallerBlock(MF); 1336 LLVM_DEBUG(dbgs() 1337 << "- Catch unwind mismatch:\nEHPad = " << EHPad->getName() 1338 << " Original dest = caller Current dest = " 1339 << EHPadStack.back()->getName() << "\n\n"); 1340 } 1341 1342 // The EHPad's next unwind destination is an EH pad, whereas we 1343 // incorrectly unwind to another EH pad. 1344 else if (!EHPadStack.empty() && EHInfo->hasEHPadUnwindDest(EHPad)) { 1345 auto *UnwindDest = EHInfo->getEHPadUnwindDest(EHPad); 1346 if (EHPadStack.back() != UnwindDest) { 1347 EHPadToUnwindDest[EHPad] = UnwindDest; 1348 LLVM_DEBUG(dbgs() << "- Catch unwind mismatch:\nEHPad = " 1349 << EHPad->getName() << " Original dest = " 1350 << UnwindDest->getName() << " Current dest = " 1351 << EHPadStack.back()->getName() << "\n\n"); 1352 } 1353 } 1354 1355 EHPadStack.push_back(EHPad); 1356 } 1357 } 1358 } 1359 1360 assert(EHPadStack.empty()); 1361 if (EHPadToUnwindDest.empty()) 1362 return false; 1363 NumCatchUnwindMismatches += EHPadToUnwindDest.size(); 1364 1365 for (auto &P : EHPadToUnwindDest) { 1366 MachineBasicBlock *EHPad = P.first; 1367 MachineBasicBlock *UnwindDest = P.second; 1368 MachineInstr *Try = EHPadToTry[EHPad]; 1369 MachineInstr *EndTry = BeginToEnd[Try]; 1370 addTryDelegate(Try, EndTry, UnwindDest); 1371 } 1372 1373 return true; 1374 } 1375 1376 void WebAssemblyCFGStackify::recalculateScopeTops(MachineFunction &MF) { 1377 // Renumber BBs and recalculate ScopeTop info because new BBs might have been 1378 // created and inserted during fixing unwind mismatches. 1379 MF.RenumberBlocks(); 1380 ScopeTops.clear(); 1381 ScopeTops.resize(MF.getNumBlockIDs()); 1382 for (auto &MBB : reverse(MF)) { 1383 for (auto &MI : reverse(MBB)) { 1384 if (ScopeTops[MBB.getNumber()]) 1385 break; 1386 switch (MI.getOpcode()) { 1387 case WebAssembly::END_BLOCK: 1388 case WebAssembly::END_LOOP: 1389 case WebAssembly::END_TRY: 1390 case WebAssembly::DELEGATE: 1391 updateScopeTops(EndToBegin[&MI]->getParent(), &MBB); 1392 break; 1393 case WebAssembly::CATCH: 1394 case WebAssembly::CATCH_ALL: 1395 updateScopeTops(EHPadToTry[&MBB]->getParent(), &MBB); 1396 break; 1397 } 1398 } 1399 } 1400 } 1401 1402 unsigned WebAssemblyCFGStackify::getDepth( 1403 const SmallVectorImpl<const MachineBasicBlock *> &Stack, 1404 const MachineBasicBlock *MBB) { 1405 if (MBB == FakeCallerBB) 1406 return Stack.size(); 1407 unsigned Depth = 0; 1408 for (auto X : reverse(Stack)) { 1409 if (X == MBB) 1410 break; 1411 ++Depth; 1412 } 1413 assert(Depth < Stack.size() && "Branch destination should be in scope"); 1414 return Depth; 1415 } 1416 1417 /// In normal assembly languages, when the end of a function is unreachable, 1418 /// because the function ends in an infinite loop or a noreturn call or similar, 1419 /// it isn't necessary to worry about the function return type at the end of 1420 /// the function, because it's never reached. However, in WebAssembly, blocks 1421 /// that end at the function end need to have a return type signature that 1422 /// matches the function signature, even though it's unreachable. This function 1423 /// checks for such cases and fixes up the signatures. 1424 void WebAssemblyCFGStackify::fixEndsAtEndOfFunction(MachineFunction &MF) { 1425 const auto &MFI = *MF.getInfo<WebAssemblyFunctionInfo>(); 1426 1427 if (MFI.getResults().empty()) 1428 return; 1429 1430 // MCInstLower will add the proper types to multivalue signatures based on the 1431 // function return type 1432 WebAssembly::BlockType RetType = 1433 MFI.getResults().size() > 1 1434 ? WebAssembly::BlockType::Multivalue 1435 : WebAssembly::BlockType( 1436 WebAssembly::toValType(MFI.getResults().front())); 1437 1438 SmallVector<MachineBasicBlock::reverse_iterator, 4> Worklist; 1439 Worklist.push_back(MF.rbegin()->rbegin()); 1440 1441 auto Process = [&](MachineBasicBlock::reverse_iterator It) { 1442 auto *MBB = It->getParent(); 1443 while (It != MBB->rend()) { 1444 MachineInstr &MI = *It++; 1445 if (MI.isPosition() || MI.isDebugInstr()) 1446 continue; 1447 switch (MI.getOpcode()) { 1448 case WebAssembly::END_TRY: { 1449 // If a 'try''s return type is fixed, both its try body and catch body 1450 // should satisfy the return type, so we need to search 'end' 1451 // instructions before its corresponding 'catch' too. 1452 auto *EHPad = TryToEHPad.lookup(EndToBegin[&MI]); 1453 assert(EHPad); 1454 auto NextIt = 1455 std::next(WebAssembly::findCatch(EHPad)->getReverseIterator()); 1456 if (NextIt != EHPad->rend()) 1457 Worklist.push_back(NextIt); 1458 LLVM_FALLTHROUGH; 1459 } 1460 case WebAssembly::END_BLOCK: 1461 case WebAssembly::END_LOOP: 1462 EndToBegin[&MI]->getOperand(0).setImm(int32_t(RetType)); 1463 continue; 1464 default: 1465 // Something other than an `end`. We're done for this BB. 1466 return; 1467 } 1468 } 1469 // We've reached the beginning of a BB. Continue the search in the previous 1470 // BB. 1471 Worklist.push_back(MBB->getPrevNode()->rbegin()); 1472 }; 1473 1474 while (!Worklist.empty()) 1475 Process(Worklist.pop_back_val()); 1476 } 1477 1478 // WebAssembly functions end with an end instruction, as if the function body 1479 // were a block. 1480 static void appendEndToFunction(MachineFunction &MF, 1481 const WebAssemblyInstrInfo &TII) { 1482 BuildMI(MF.back(), MF.back().end(), 1483 MF.back().findPrevDebugLoc(MF.back().end()), 1484 TII.get(WebAssembly::END_FUNCTION)); 1485 } 1486 1487 /// Insert LOOP/TRY/BLOCK markers at appropriate places. 1488 void WebAssemblyCFGStackify::placeMarkers(MachineFunction &MF) { 1489 // We allocate one more than the number of blocks in the function to 1490 // accommodate for the possible fake block we may insert at the end. 1491 ScopeTops.resize(MF.getNumBlockIDs() + 1); 1492 // Place the LOOP for MBB if MBB is the header of a loop. 1493 for (auto &MBB : MF) 1494 placeLoopMarker(MBB); 1495 1496 const MCAsmInfo *MCAI = MF.getTarget().getMCAsmInfo(); 1497 for (auto &MBB : MF) { 1498 if (MBB.isEHPad()) { 1499 // Place the TRY for MBB if MBB is the EH pad of an exception. 1500 if (MCAI->getExceptionHandlingType() == ExceptionHandling::Wasm && 1501 MF.getFunction().hasPersonalityFn()) 1502 placeTryMarker(MBB); 1503 } else { 1504 // Place the BLOCK for MBB if MBB is branched to from above. 1505 placeBlockMarker(MBB); 1506 } 1507 } 1508 // Fix mismatches in unwind destinations induced by linearizing the code. 1509 if (MCAI->getExceptionHandlingType() == ExceptionHandling::Wasm && 1510 MF.getFunction().hasPersonalityFn()) { 1511 bool Changed = fixCallUnwindMismatches(MF); 1512 Changed |= fixCatchUnwindMismatches(MF); 1513 if (Changed) 1514 recalculateScopeTops(MF); 1515 } 1516 } 1517 1518 void WebAssemblyCFGStackify::rewriteDepthImmediates(MachineFunction &MF) { 1519 // Now rewrite references to basic blocks to be depth immediates. 1520 SmallVector<const MachineBasicBlock *, 8> Stack; 1521 SmallVector<const MachineBasicBlock *, 8> DelegateStack; 1522 for (auto &MBB : reverse(MF)) { 1523 for (auto I = MBB.rbegin(), E = MBB.rend(); I != E; ++I) { 1524 MachineInstr &MI = *I; 1525 switch (MI.getOpcode()) { 1526 case WebAssembly::BLOCK: 1527 case WebAssembly::TRY: 1528 assert(ScopeTops[Stack.back()->getNumber()]->getNumber() <= 1529 MBB.getNumber() && 1530 "Block/try marker should be balanced"); 1531 Stack.pop_back(); 1532 DelegateStack.pop_back(); 1533 break; 1534 1535 case WebAssembly::LOOP: 1536 assert(Stack.back() == &MBB && "Loop top should be balanced"); 1537 Stack.pop_back(); 1538 DelegateStack.pop_back(); 1539 break; 1540 1541 case WebAssembly::END_BLOCK: 1542 Stack.push_back(&MBB); 1543 DelegateStack.push_back(&MBB); 1544 break; 1545 1546 case WebAssembly::END_TRY: 1547 // We handle DELEGATE in the default level, because DELEGATE has 1548 // immediate operands to rewirte. 1549 Stack.push_back(&MBB); 1550 break; 1551 1552 case WebAssembly::END_LOOP: 1553 Stack.push_back(EndToBegin[&MI]->getParent()); 1554 DelegateStack.push_back(EndToBegin[&MI]->getParent()); 1555 break; 1556 1557 case WebAssembly::CATCH: 1558 case WebAssembly::CATCH_ALL: 1559 DelegateStack.push_back(&MBB); 1560 break; 1561 1562 default: 1563 if (MI.isTerminator()) { 1564 // Rewrite MBB operands to be depth immediates. 1565 SmallVector<MachineOperand, 4> Ops(MI.operands()); 1566 while (MI.getNumOperands() > 0) 1567 MI.RemoveOperand(MI.getNumOperands() - 1); 1568 for (auto MO : Ops) { 1569 if (MO.isMBB()) { 1570 if (MI.getOpcode() == WebAssembly::DELEGATE) 1571 MO = MachineOperand::CreateImm( 1572 getDepth(DelegateStack, MO.getMBB())); 1573 else 1574 MO = MachineOperand::CreateImm(getDepth(Stack, MO.getMBB())); 1575 } 1576 MI.addOperand(MF, MO); 1577 } 1578 } 1579 1580 if (MI.getOpcode() == WebAssembly::DELEGATE) { 1581 Stack.push_back(&MBB); 1582 DelegateStack.push_back(&MBB); 1583 } 1584 break; 1585 } 1586 } 1587 } 1588 assert(Stack.empty() && "Control flow should be balanced"); 1589 } 1590 1591 void WebAssemblyCFGStackify::cleanupFunctionData(MachineFunction &MF) { 1592 if (FakeCallerBB) 1593 MF.DeleteMachineBasicBlock(FakeCallerBB); 1594 AppendixBB = FakeCallerBB = nullptr; 1595 } 1596 1597 void WebAssemblyCFGStackify::releaseMemory() { 1598 ScopeTops.clear(); 1599 BeginToEnd.clear(); 1600 EndToBegin.clear(); 1601 TryToEHPad.clear(); 1602 EHPadToTry.clear(); 1603 } 1604 1605 bool WebAssemblyCFGStackify::runOnMachineFunction(MachineFunction &MF) { 1606 LLVM_DEBUG(dbgs() << "********** CFG Stackifying **********\n" 1607 "********** Function: " 1608 << MF.getName() << '\n'); 1609 const MCAsmInfo *MCAI = MF.getTarget().getMCAsmInfo(); 1610 1611 releaseMemory(); 1612 1613 // Liveness is not tracked for VALUE_STACK physreg. 1614 MF.getRegInfo().invalidateLiveness(); 1615 1616 // Place the BLOCK/LOOP/TRY markers to indicate the beginnings of scopes. 1617 placeMarkers(MF); 1618 1619 // Remove unnecessary instructions possibly introduced by try/end_trys. 1620 if (MCAI->getExceptionHandlingType() == ExceptionHandling::Wasm && 1621 MF.getFunction().hasPersonalityFn()) 1622 removeUnnecessaryInstrs(MF); 1623 1624 // Convert MBB operands in terminators to relative depth immediates. 1625 rewriteDepthImmediates(MF); 1626 1627 // Fix up block/loop/try signatures at the end of the function to conform to 1628 // WebAssembly's rules. 1629 fixEndsAtEndOfFunction(MF); 1630 1631 // Add an end instruction at the end of the function body. 1632 const auto &TII = *MF.getSubtarget<WebAssemblySubtarget>().getInstrInfo(); 1633 if (!MF.getSubtarget<WebAssemblySubtarget>() 1634 .getTargetTriple() 1635 .isOSBinFormatELF()) 1636 appendEndToFunction(MF, TII); 1637 1638 cleanupFunctionData(MF); 1639 1640 MF.getInfo<WebAssemblyFunctionInfo>()->setCFGStackified(); 1641 return true; 1642 } 1643