[cxx-abi-dev] manglings for exception specifications in function types
John McCall
rjmccall at apple.com
Thu Oct 13 18:49:09 UTC 2016
> On Oct 13, 2016, at 11:29 AM, Richard Smith <richardsmith at google.com> wrote:
> On 13 October 2016 at 10:39, John McCall <rjmccall at apple.com <mailto:rjmccall at apple.com>> wrote:
>> On Oct 12, 2016, at 5:07 PM, Richard Smith <richardsmith at google.com <mailto:richardsmith at google.com>> wrote:
>> On 12 October 2016 at 16:34, John McCall <rjmccall at apple.com <mailto:rjmccall at apple.com>> wrote:
>>
>>> On Oct 12, 2016, at 2:09 PM, Richard Smith <richardsmith at google.com <mailto:richardsmith at google.com>> wrote:
>>>
>>> On 12 October 2016 at 13:51, John McCall <rjmccall at apple.com <mailto:rjmccall at apple.com>> wrote:
>>>> On Oct 12, 2016, at 11:58 AM, Richard Smith <richardsmith at google.com <mailto:richardsmith at google.com>> wrote:
>>>> On 11 October 2016 at 19:20, John McCall <rjmccall at apple.com <mailto:rjmccall at apple.com>> wrote:
>>>>> On Oct 11, 2016, at 4:20 PM, Richard Smith <richardsmith at google.com <mailto:richardsmith at google.com>> wrote:
>>>>> On 11 October 2016 at 15:17, John McCall <rjmccall at apple.com <mailto:rjmccall at apple.com>> wrote:
>>>>>> On Oct 11, 2016, at 2:11 PM, Richard Smith <richardsmith at google.com <mailto:richardsmith at google.com>> wrote:
>>>>>> Under
>>>>>> http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/p0012r1.html <http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/p0012r1.html>
>>>>>>
>>>>>> the noexceptness of a function type is now part of the type. As a result, we need manglings for exception-specifications on function pointer/reference types:
>>>>>>
>>>>>> void f(void()) {}
>>>>>> void f(void() noexcept) {} // ok, overload not redefinition
>>>>>>
>>>>>> (It's not clear to me whether or not this was also necessary prior to C++17 to handle dependent exception specifications that appear lexically within the parameter list of a function template, and actual implementation practice varies as to whether such exception specifications are SFINAEable.)
>>>>>>
>>>>>>
>>>>>> In order to handle overloading/SFINAE on exception specifications in dependent cases, we need to be able to mangle not only "noexcept", but also "noexcept(expression)" and "throw(<types>)". Suggestion for manglings:
>>>>>>
>>>>>> <exception-spec> ::=
>>>>>> nx -- non-throwing exception specification
>>>>>> nX <expression> E -- computed (value-dependent) noexcept
>>>>>> tw <type>* E -- throw (types)
>>>>>>
>>>>>> <function-type> ::= [<CV-qualifiers>] [<exception-spec>] [Dx] F [Y] <bare-function-type> [<ref-qualifier>] E
>>>>>>
>>>>>> In the case of throw(a, b, c), we could omit types that are neither instantiation-dependent nor pack expansions (if that omits all types, we can use the 'nx' mangling instead), since C++17 says you can't overload on the actual types in the dynamic exception specification, and we otherwise only need them to be present if they might result in a substitution failure.
>>>>>>
>>>>>> Thoughts?
>>>>>
>>>>> I think this is an amazingly late change to the language with pretty thin justification; does that count?
>>>>>
>>>>> This really is a major change which can reasonably be expected to cause substantial source and binary breakage. The proposal mentions transaction_safe as a feature that added similar complexity, but that analogy is weak because (1) TM is expected to be an optional TS, whereas noexcept is a mandatory core language feature, and (2) existing code does not use the transaction_safe attribute, whereas noexcept and throw() have seen widespread adoption, in the latter case for years.
>>>>>
>>>>> If it is a goal of this proposal to eliminate the underspecified fake type system around exception specifications, it is worth noting that it completely fails to do so, since the checking rules for direct function pointer assignments are still quite a bit stronger than those provided by the new type system.
>>>>>
>>>>> That was indeed a goal here. Can you expand on how it fails? Ignoring the (deprecated) dynamic exception specifications, this new approach seems stronger than the old type system, since it works for function types being arbitrarily nested within other types, not just one level deep within function types and pointers.
>>>>
>>>> Are there any implementations which actually plan to throw out the dynamic exception specification matching logic?
>>>>
>>>> *shrug* Maybe MSVC? Any conforming C++17 implementation will need to demote that side of their enforcement to a warning. And I think there are NB comments for C++17 proposing that we apply http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r4.html <http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r4.html> for C++17 rather than waiting for C++20.
>>>
>>> Not enforcing the old rules is also compatibility-breaking, of course, because of SFINAE.
>>>
>>>>> Hmm, I thought we had added a rule to allow B to be deduced in
>>>>>
>>>>> template<class R, class ...A, bool B> void f(R(A...) noexcept(B));
>>>>>
>>>>> but it looks like we actually didn't. =(
>>>>
>>>> Hmm, that would work pretty well for this case.
>>>>
>>>>> Yes, the above is a problem, if noexcept function types start to appear in existing code (for instance through use of decltype or by code that passes around noexcept function pointers).
>>>>
>>>> Well, recall that noexcept function types have always been writable; they just didn't necessarily get enforced reliably. Also, noexcept and throw() are pretty popular, and aren't there proposals to infer them in more cases?
>>>>
>>>> Proposals, yes, but nothing in C++17.
>>>
>>> I think it's reasonable to anticipate that when judging how often functions will be noexcept.
>>>
>>>> It's really hard to say abstractly how much impact this will have. There's a lot of potential for breakage, but it's also quite possible that there won't be many changes and that almost all of them will be lost in the great grey expanse of C++ binary compatibility.
>>>>
>>>> We'll have an implementation soon, and then we can find out whether this is a problem in practice.
>>>
>>> I'll admit that I don't attend committee meetings, but I thought that implementation experience was expected *prior* to standardization, not something that gets done months after voting the thing in concurrently with the committee finalizing the language in a draft for next year's release.
>>>
>>> Some of us try to push for that. So far we've not had much success.
>>
>> A pity.
>>
>> Okay. Doug Gregor has strong opinions about this, but I'll let him speak for himself if he wants; I'll drop my own objections to the feature pending implementation experience.
>>
>>>>> You will note that I have omitted the necessary specializations for "transaction_safe", as well as the incredibly common extension of specialized calling conventions.
>>>>>
>>>>> This also breaks source compatibility for template matching, and basically every function template in the standard library is going to change manglings (and become *much* larger) due to noexcept expressions now being mangled.
>>>>>
>>>>> It's a problem, but I don't think it's as bad as you claim. The mangling of a function still wouldn't include its exception specification; this would only affect mangling in cases where a parameter or return type or template argument involves a function type with an exception-specification -- a lot less common than every function template in the standard library, but this still does change manglings for existing code.
>>>>
>>>> Okay, so it only triggers SFINAE failures in nested function types, and you can't overload templates by it? I agree that that helps a lot.
>>>>> And the entire proposal seems to have forgotten about reference-to-function types.
>>>>>
>>>>> The change to [dcl.init.ref]p4 allows a reference to non-noexcept function to bind to a noexcept function, and this indirectly allows the same during overload resolution, casts, and so on. What additional considerations were missed?
>>>>
>>>> I hadn't realized that the expression logic was so consistent about defining e.g. the behavior of the conditional operator on l-values in terms of reference binding. I apologize.
>>>>
>>>> ...I see that this adds a new special case to exception handling.
>>>>
>>>> Yes; I'd forgotten to mention this side of the ABI change.
>>>>
>>>> We'll also need a new flag on type_info objects to model this. In line with the transaction_safe changes that Jason proposed, I suggest adding a __noexcept_mask = 0x40 to __pbase_type_info, and representing a pointer to noexcept function as a pointer with __noexcept_mask bit set to the corresponding *non-noexcept* function pointer type.
>>>
>>> I strongly disagree; we should take this opportunity to revisit that decision. The floodgates are open, and this set of function type attributes is clearly going to grow over time. (It's actually transaction_safe that really drives this point home; noexcept is at least a longstanding part of the core language in various forms.) We also have a lot of vendor-specific function type attributes that are part of the type but just aren't standardized and can't be represented in type_info. I don't think it makes sense to indefinitely keep hacking these things into the pointer type flags; we should just bite the bullet and create a new function_type_info subclass.
>>
>> Oh, for what it's worth, this is actually mandatory: typeid does have to be able to return a type_info for an arbitrary type, not just a pointer or member pointer for it. typeid does not perform function-to-pointer conversion on an expression operand, and it can also be used with an arbitrary type-id.
>>
>> We definitely need different type_info for the qualified and unqualified types, but I don't think that implies that the pointee type in the type_info for corresponding function pointers must be different. GCC's approach for transaction_safe is that the pointee type_info referenced by a pointer type_info is always the function type *without* the transaction_safe mangling, so the marking is present only on the pointer type_info. That's definitely not ideal, but does seem to work.
>
> Ah, I think I see. You're suggesting that the type_info for 'void(*)() noexcept' could just be an attributed pointer to the type_info for 'void()', but that the type_info for 'void() noexcept' would be some different sort of thing. I agree that this is possible, but it might paint us into a corner; e.g. if the committee ever standardizes a richer reflection system based on type_info, I would expect it to have some way to ask for the pointee type of a pointer as a type_info, which we would then be unable to implement correctly.
>
>> That said, I like the end result of this approach a lot more:
>>> OK. How about this:
>>>
>>> class __qualified_function_type_info : public __function_type_info {
>>> public:
>>> const __function_type_info *__base_type;
>>> unsigned int __qualifiers;
>>> enum __qualifiers_mask {
>>> __const_mask = 0x01,
>>> __volatile_mask = 0x02,
>>> __restrict_mask = 0x04,
>>> __lval_ref_mask = 0x08,
>>> __rval_ref_mask = 0x10,
>>> __noexcept_mask = 0x20,
>>> __transaction_safe_mask = 0x40
>>> };
>>> };
>>>
>>> ... where __base_type is the unqualified function type, included to avoid the need for string comparisons when checking for a matching exception handler. The base class __function_type_info would be used for types with no qualifiers.
>>
>> Representing the base type this way makes sense to me.
>>
>> Adding a new class does have backwards deployment problems: normally these type_infos are emitted by the ABI library, but it won't have this class on older targets. I don't think we want to lazily emit this class in every translation unit that uses it; that's a lot of code, including some that's intricately tied to the EH mechanism. On Darwin, I don't have any problem with saying that we just don't support the extended information unless the minimum deployment target is an OS that provides the class; after all, the exceptions machinery won't support it without updates either. Is a similar answer acceptable to other people, or do we need something more sophisticated?
>>
>> It's definitely a pain for Clang targeting GNU OSs, since we support using the installed version of libsupc++ as our ABI library. If the only fallout were that you couldn't throw a noexcept function pointer and catch it as a non-noexcept function pointer, that'd be fine, but link errors for the __qualified_function_type_info vtable seem problematic.
>>
>> We could potentially lazily emit that one symbol as a weak alias for the __function_type_info vtable, but we tried something like that with sized deallocation (which had largely similar issues) and found it to be more trouble than it was worth.
>
> I don't remember all the issues for sized deallocation, but at least some of them wouldn't apply here. IIRC, sized deallocation actually had to be a weak alias to a local implementation in order to satisfy the ABI / delegation rules, which wouldn't be true here. More importantly, sized deallocation required adding code to the majority of translation units, which, uh, I don't expect we'll see similar problems from here. Still, this is asking a lot of of the linker/loader.
>
> The large number of duplicate copies was a pain, but wasn't the reason we ended up turning that mechanism off. I don't exactly recall the details, but the gist was that we needed linker magic to force a user replacement version from the main binary to be exported so that DSOs would see it, but that mechanism had problematic interactions with weak definitions.
>
> We can avoid introducing the new class if we can find some other way to encode in the object that it has extra fields. Unfortunately, a __function_type_info only has a v-table pointer (inviolate) and a name pointer (just a const char*, i.e. 1-byte aligned). We can't put anything in the string itself because it has to be globally uniqued, and if our name "wins" and is used in a different type_info which doesn't provide the extra fields, we're in trouble. So I don't think this is possible.
>
> But lazily emitting the v-table also creates nasty problems, chiefly because it requires us to also emit the virtual function definitions lazily, and those are pretty complex.
>
> Can we emit a weak definition in the compiler runtime library, or does that have the same problems as a weak definition in every translation unit?
>
> In our case, for some targets there simply is no compiler runtime library that we control. We might not even be involved in the link step.
>
> Perhaps we could use an ifunc selecting between the vtable of __qualified_function_type_info (if it's defined) and that of __function_type_info (otherwise) as the vptr of the type_info object for a qualified function type.
If you're comfortable with that, that sounds reasonable to me. The ifunc will be run eagerly during load, but of course it's only necessary in translation units that actually use a qualified type_info.
>>> It might also be reasonable to reserve a bit for 'noreturn', since several compilers treat it as part of the function type in some way.
>>
>> I'm not sure this is the right representation for function type qualifiers. It seems to me that there are two kinds:
>> - those that create a (trivially-convertible) subtype of the unqualified type, like 'unwind', 'noexcept', and (for the implementations that make this decision) 'noreturn', and
>> - those that don't, like cvr-qualifiers, ref-qualifiers, and calling conventions.
>>
>> There's been some recent talk of permitting pointer-to-member-function conversions that remove cvr-qualifiers and add ref-qualifiers; those two may end up in the "trivially-convertible" camp for C++20.
>>
>> http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_closed.html#1555 <http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_closed.html#1555> suggests allowing implicit conversion between extern "C" function types and non-extern-"C" function types in cases where the two calling conventions are the same, as a way of resolving the issues leading to longstanding lack of implementation of extern "C" function types by most vendors.
>
> Okay, I accept that the standardized attributes should just be represented as specific bits and that baking subtyping into the representation is fraught. So maybe the representation should be:
>
> class __qualified_function_type_info : public __function_type_info {
> public:
> const __function_type_info *__base_type;
> unsigned int __qualifiers;
> enum __qualifiers_mask {
> __const_mask = 0x01,
> __volatile_mask = 0x02,
> __restrict_mask = 0x04,
> __lval_ref_mask = 0x08,
> __rval_ref_mask = 0x10,
> __noexcept_mask = 0x20,
> __transaction_safe_mask = 0x40
> };
> const char *__extended_qualifiers;
> };
>
> And the convertibility check requires the extended qualifiers to either both be null or string-compare equal.
>
> What does this buy us over keeping the extended qualifiers in the base type? Is the idea that a target-specific runtime could choose to allow more conversions based on extended qualifiers?
That's a potential possibility. Mostly we need *some* rule for what to use as the base type should be, and I was thinking that you wanted it to always be a totally-unqualified type. Is it basically the function type minus anything we can represent in flags?
John.
>
> John.
>
>>
>> But I would certainly grant that it doesn't make sense to use these flags to model, for instance, actually-different calling conventions.
>>
>> EH matching needs to verify that the subtyping qualifiers of the source type are a superset of the subtyping qualifiers of the target type, and it needs to verify that the other qualifiers match exactly.
>>
>> I don't think catch-matching on a qualified function pointer type is an operation we need to expend a lot of effort optimizing. I would rather have a more general representation that allows fairly painless vendor extension; I think that calls for at least the ability to have *some* string-based matching, even if maybe the standard ones get allocated to bit-fields.
>>
>> John.
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sourcerytools.com/pipermail/cxx-abi-dev/attachments/20161013/7c3c8a2a/attachment-0001.html>
More information about the cxx-abi-dev
mailing list