calling convention for MSP430 interrupts by japaric · Pull Request #38465 · rust-lang/rust (original) (raw)

…ention, r=nagisa

Add support for the x86-interrupt calling convention

This calling convention can be used for definining interrupt handlers on 32-bit and 64-bit x86 targets. The compiler then uses iret instead of ret for returning and ensures that all registers are restored to their original values.

Usage:

extern "x86-interrupt" fn handler(stack_frame: &ExceptionStackFrame) {…}

for interrupts and exceptions without error code and

extern "x86-interrupt" fn handler_with_err_code(stack_frame: &ExceptionStackFrame,
                                                error_code: u64) {…}

for exceptions that push an error code (e.g., page faults or general protection faults). The programmer must ensure that the correct version is used for each interrupt.

For more details see the LLVM PR and the corresponding proposal.

It is also possible to implement interrupt handlers on x86 through naked functions. In fact, almost all existing Rust OS projects for x86 use naked functions for this, including Redox, IntermezzOS, and blog_os. So support for the x86-interrupt calling convention isn't absolutely needed.

However, it has a number of benefits to naked functions:

• No inline assembly needed: Inline assembly is highly unstable and dangerous. It's pretty easy to mess things up. Also, it uses an arcane syntax and requires that the programmer knows x86 assembly.
• Higher performance: A naked wrapper function always saves all registers before calling the Rust function. This isn't needed for a compiler supported calling convention, since the compiler knows which registers are clobbered by the interrupt handler. Thus, only these registers need to be saved and restored.
• Safer interfaces: We can write a set_handler function that takes a extern "x86-interrupt" fn(&ExceptionStackFrame) and the compiler ensures that we always use the right function type for all handler functions. This isn't possible with the #[naked] attribute.
• More convenient: Instead of writing tons of assembly boilerplate and desperately trying to improve things through macros, we can just write code like this.
• Naked functions are unreliable: It is allowed to use Rust code inside a naked function, which sometimes works and sometimes not. For example, calling a function through Rust code seems to work fine without function prologue, but code declaring a variable silently adds a prologue even though the function is naked (look at the generated assembly, there is a movl instruction before the nop).

Edit: See the tracking issue for an updated list of issues.

Unfortunately, the implementation of the x86-interrupt calling convention in LLVM has some issues that make it unsuitable for 64-bit kernels at the moment:

• LLVM always tries to backup the xmm registers on 64-bit platforms even if the target doesn't support SSE. This leads to invalid opcode exceptions whenever an interrupt handler is invoked. I submitted a fix to LLVM in D29959. The fix is really small (<10 lines), so maybe we could backport it to Rust's LLVM fork?. Edit: The fix was merged to LLVM trunk in rL295347. Backported in rust-lang/llvm#63.

• On targets with SSE support, LLVM uses the movaps instruction for saving the xmm registers, which requires an alignment of 16. For handlers with error codes, however, the stack alignment is only 8, so a alignment exception occurs. This issue is tracked in bug 26413. Unfortunately, I don't know enough about LLVM to fix this. Edit: Fix submitted in D30049.

This PR adds experimental support for this calling convention under the abi_x86_interrupt feature gate. The implementation is very similar to rust-lang#38465 and was surprisingly simple :).

There is no accepted RFC for this change. In fact, the RFC for interrupt calling convention from 2015 was closed in favor of naked functions. However, the reactions to the recent PR for a MSP430 interrupt calling convention were [in favor of experimental interrupt ABIs](rust-lang#38465 (comment)).

• Add compile-fail tests for the feature gate.
• Create tracking issue for the abi_x86_interrupt feature (and link it in code). Edit: Tracking issue: rust-lang#40180
• Backport rL295347 to Rust's LLVM fork. Edit: Done in rust-lang/llvm#63

@tari @steveklabnik @jackpot51 @ticki @hawkw @thepowersgang, you might be interested in this.