[EH] Make std::terminate() work with EH

aheejin · aheejin · commit 24cf33f73442 · 2022-05-09T17:23:21.000-07:00
`noexcept` function shouldn't throw, so `noexcept` function code generation is to `invoke` every function call in those functions and in case they throw, call `std::terminate`. This codegen comes from clang and native platforms do this too. So in wasm, they become something like ```wasm try function body catch_all call std::terminate end ``` `std::terminate` calls `std::__terminate`. Both of `std::terminate` and `std::__terminate` are `noexcept` now. So that means their code is structured like that, which sounds like self-calling, but normally no function calls in those functions should ever throw, so that's fine. But in our case, `abort` ends up throwing, which is a problem. The function body of `__terminate` eventually calls JS `abort`, and ends up here: https://github.com/emscripten-core/emscripten/blob/970998b2670a9bcf39d31e2b01db571089955add/src/preamble.js#L605-L623 This ends up throwing a JS exception. This is basically just a foreign exception from the wasm perspective, and is caught by `catch_all`, and calls `std::terminate` again. And the whole process continues until the call stack is exhausted. What emscripten-core#9730 tried to do was throwing a trap, because Wasm `catch`/`catch_all` don't catch traps. Traps become `RuntimeError`s after they hit a JS frame. To be consistent, we decided `catch`/`catch_all` shouldn't catch them after they become `RuntimeError`s. That's the reason emscripten-core#9730 changed the code to throw not just any random thing but `RuntimeError`. But somehow we decided that we make that trap distinction not based on `RuntimeError` class but some hidden field (WebAssembly/exception-handling#89 (comment)). This PR removes `noexcept` from `std::terminate` and `std::__terminate`'s signatures so that the cleanup that contains `catch_all` is not generated for those two functions. So now the JS exception thrown by `abort()` will unwind the stack, which is different from native, but that can be considered OK because I don't think users expect `abort` to preserve the stack intact? Fixes emscripten-core#16407.
diff --git a/system/lib/libcxx/include/exception b/system/lib/libcxx/include/exception
@@ -45,7 +45,11 @@ unexpected_handler get_unexpected() noexcept;
 typedef void (*terminate_handler)();
 terminate_handler set_terminate(terminate_handler  f ) noexcept;
 terminate_handler get_terminate() noexcept;
+#ifdef __USING_WASM_EXCEPTIONS__
+[[noreturn]] void terminate();
+#else
 [[noreturn]] void terminate() noexcept;
+#endif
 
 bool uncaught_exception()  noexcept;
 int  uncaught_exceptions() noexcept;  // C++17
@@ -128,7 +132,11 @@ _LIBCPP_NORETURN _LIBCPP_FUNC_VIS void unexpected();
 typedef void (*terminate_handler)();
 _LIBCPP_FUNC_VIS terminate_handler set_terminate(terminate_handler) _NOEXCEPT;
 _LIBCPP_FUNC_VIS terminate_handler get_terminate() _NOEXCEPT;
+#ifdef __USING_WASM_EXCEPTIONS__
+_LIBCPP_NORETURN _LIBCPP_FUNC_VIS void terminate();
+#else
 _LIBCPP_NORETURN _LIBCPP_FUNC_VIS void terminate() _NOEXCEPT;
+#endif
 
 _LIBCPP_FUNC_VIS bool uncaught_exception() _NOEXCEPT;
 _LIBCPP_FUNC_VIS _LIBCPP_AVAILABILITY_UNCAUGHT_EXCEPTIONS int uncaught_exceptions() _NOEXCEPT;
diff --git a/system/lib/libcxxabi/src/cxa_handlers.cpp b/system/lib/libcxxabi/src/cxa_handlers.cpp
@@ -50,7 +50,13 @@ get_terminate() noexcept
 }
 
 void
+#ifdef __USING_WASM_EXCEPTIONS__
+// In Wasm EH, a JS exception thrown by abort() is caught by 'noexcept' cleanup
+// from which std::__terminate is called again, causing an infinite loop
+__terminate(terminate_handler func)
+#else
 __terminate(terminate_handler func) noexcept
+#endif
 {
 #ifndef _LIBCXXABI_NO_EXCEPTIONS
     try
@@ -71,7 +77,13 @@ __terminate(terminate_handler func) noexcept
 
 __attribute__((noreturn))
 void
+#ifdef __USING_WASM_EXCEPTIONS__
+// In Wasm EH, a JS exception thrown by abort() is caught by 'noexcept' cleanup
+// from which std::terminate is called again, causing an infinite loop
+terminate()
+#else
 terminate() noexcept
+#endif
 {
 #if !defined(_LIBCXXABI_NO_EXCEPTIONS) && !defined(__USING_EMSCRIPTEN_EXCEPTIONS__)
     // If there might be an uncaught exception
diff --git a/system/lib/libcxxabi/src/cxa_handlers.h b/system/lib/libcxxabi/src/cxa_handlers.h
@@ -25,7 +25,7 @@ __unexpected(unexpected_handler func);
 
 _LIBCXXABI_HIDDEN _LIBCXXABI_NORETURN
 void
-__terminate(terminate_handler func) noexcept;
+__terminate(terminate_handler func);
 
 }  // std
 
diff --git a/tests/test_core.py b/tests/test_core.py
@@ -1639,6 +1639,24 @@ class Polymorphic {virtual void member(){}};
 }
 ''', 'exception caught: std::bad_typeid')
 
+  @with_both_eh_sjlj
+  def test_std_terminate(self):
+    # std::terminate eventually calls abort(), which is implemented with
+    # throwing a JS exception, which used to cause an infinite loop that
+    # exhausted the call stack. The reason is std::terminate is marked
+    # 'noexcept' in the upstream LLVM, which generates cleanuppads that call
+    # std::terminate in case of an unexpected second exception happens while
+    # aborting, and our abort() was considered as that second exception. We
+    # removed 'noexcept' from std::terminate signature when Wasm EH is enabled
+    # to avoid this issue.
+    err = self.do_run(r'''
+#include <exception>
+int main() {
+  std::terminate();
+}
+''', assert_returncode=NON_ZERO)
+    self.assertNotContained('Maximum call stack size exceeded', err)
+
   def test_iostream_ctors(self):
     # iostream stuff must be globally constructed before user global
     # constructors, so iostream works in global constructors
