Fix windows AOT hw bound check (#2475)

When AOT out of bound linear memory access or stack overflow occurs, the call stack of
AOT functions cannot be unwound currently, so from the exception handler, runtime
cannot jump back into the place that calls the AOT function.
We temporarily skip the current instruction and let AOT code continue to run and return
to caller as soon as possible. And use the zydis library the decode the current instruction
to get its size.

And remove using RtlAddFunctionTable to register the AOT functions since it doesn't work
currently.

core/iwasm/aot/aot_loader.c

@@ -1644,27 +1644,6 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, AOTModule *module,
     const uint8 *p = buf, *p_end = buf_end;
     uint32 i;
     uint64 size, text_offset;
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    RUNTIME_FUNCTION *rtl_func_table;
-    AOTUnwindInfo *unwind_info;
-    uint32 unwind_info_offset = module->code_size - sizeof(AOTUnwindInfo);
-    uint32 unwind_code_offset = unwind_info_offset - PLT_ITEM_SIZE;
-#endif
-
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    unwind_info = (AOTUnwindInfo *)((uint8 *)module->code + module->code_size
-                                    - sizeof(AOTUnwindInfo));
-    unwind_info->Version = 1;
-    unwind_info->Flags = UNW_FLAG_NHANDLER;
-    *(uint32 *)&unwind_info->UnwindCode[0] = unwind_code_offset;
-
-    size = sizeof(RUNTIME_FUNCTION) * (uint64)module->func_count;
-    if (size > 0
-        && !(rtl_func_table = module->rtl_func_table =
-                 loader_malloc(size, error_buf, error_buf_size))) {
-        return false;
-    }
-#endif
 
     size = sizeof(void *) * (uint64)module->func_count;
     if (size > 0
@@ -1691,33 +1670,9 @@ load_function_section(const uint8 *buf, const uint8 *buf_end, AOTModule *module,
 #if defined(BUILD_TARGET_THUMB) || defined(BUILD_TARGET_THUMB_VFP)
         /* bits[0] of thumb function address must be 1 */
         module->func_ptrs[i] = (void *)((uintptr_t)module->func_ptrs[i] | 1);
-#endif
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-        rtl_func_table[i].BeginAddress = (DWORD)text_offset;
-        if (i > 0) {
-            rtl_func_table[i - 1].EndAddress = rtl_func_table[i].BeginAddress;
-        }
-        rtl_func_table[i].UnwindInfoAddress = (DWORD)unwind_info_offset;
 #endif
     }
 
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    if (module->func_count > 0) {
-        uint32 plt_table_size =
-            module->is_indirect_mode ? 0 : get_plt_table_size();
-        rtl_func_table[module->func_count - 1].EndAddress =
-            (DWORD)(module->code_size - plt_table_size);
-
-        if (!RtlAddFunctionTable(rtl_func_table, module->func_count,
-                                 (DWORD64)(uintptr_t)module->code)) {
-            set_error_buf(error_buf, error_buf_size,
-                          "add dynamic function table failed");
-            return false;
-        }
-        module->rtl_func_table_registered = true;
-    }
-#endif
-
     /* Set start function when function pointers are resolved */
     if (module->start_func_index != (uint32)-1) {
         if (module->start_func_index >= module->import_func_count)
@@ -3261,14 +3216,6 @@ aot_unload(AOTModule *module)
     }
 #endif
 
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    if (module->rtl_func_table) {
-        if (module->rtl_func_table_registered)
-            RtlDeleteFunctionTable(module->rtl_func_table);
-        wasm_runtime_free(module->rtl_func_table);
-    }
-#endif
-
 #if (defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)) \
     && !defined(BH_PLATFORM_WINDOWS)
     {

core/iwasm/aot/aot_runtime.h

@@ -92,30 +92,6 @@ typedef struct AOTModuleInstanceExtra {
     WASMModuleInstanceExtraCommon common;
 } AOTModuleInstanceExtra;
 
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-/* clang-format off */
-typedef struct AOTUnwindInfo {
-    uint8 Version       : 3;
-    uint8 Flags         : 5;
-    uint8 SizeOfProlog;
-    uint8 CountOfCodes;
-    uint8 FrameRegister : 4;
-    uint8 FrameOffset   : 4;
-    struct {
-        struct {
-            uint8 CodeOffset;
-            uint8 UnwindOp : 4;
-            uint8 OpInfo   : 4;
-        };
-        uint16 FrameOffset;
-    } UnwindCode[1];
-} AOTUnwindInfo;
-/* clang-format on */
-
-/* size of mov instruction and jmp instruction */
-#define PLT_ITEM_SIZE 12
-#endif
-
 #if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
 typedef struct GOTItem {
     uint32 func_idx;
@@ -211,14 +187,6 @@ typedef struct AOTModule {
     uint32 float_plt_count;
 #endif
 
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    /* dynamic function table to be added by RtlAddFunctionTable(),
-       used to unwind the call stack and register exception handler
-       for AOT functions */
-    RUNTIME_FUNCTION *rtl_func_table;
-    bool rtl_func_table_registered;
-#endif
-
 #if defined(BUILD_TARGET_X86_64) || defined(BUILD_TARGET_AMD_64)
     uint32 got_item_count;
     GOTItemList got_item_list;

core/iwasm/aot/arch/aot_reloc_x86_64.c

@@ -69,9 +69,6 @@ get_plt_table_size()
 {
     uint32 size =
         get_plt_item_size() * (sizeof(target_sym_map) / sizeof(SymbolMap));
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    size += get_plt_item_size() + sizeof(AOTUnwindInfo);
-#endif
     return size;
 }
 
@@ -93,18 +90,6 @@ init_plt_table(uint8 *plt)
         *p++ = 0xE0;
         plt += get_plt_item_size();
     }
-
-#if defined(OS_ENABLE_HW_BOUND_CHECK) && defined(BH_PLATFORM_WINDOWS)
-    p = plt;
-    /* mov exception_handler, rax */
-    *p++ = 0x48;
-    *p++ = 0xB8;
-    *(uint64 *)p = 0; /*(uint64)(uintptr_t)aot_exception_handler;*/
-    p += sizeof(uint64);
-    /* jmp rax */
-    *p++ = 0xFF;
-    *p++ = 0xE0;
-#endif
 }
 
 static bool

core/iwasm/aot/iwasm_aot.cmake

@@ -36,5 +36,49 @@ if (WAMR_BUILD_DEBUG_AOT EQUAL 1)
   file(GLOB debug_source ${IWASM_AOT_DIR}/debug/*.c)
 endif()
 
-set (IWASM_AOT_SOURCE ${c_source_all} ${arch_source} ${debug_source})
+if ((WAMR_BUILD_TARGET STREQUAL "X86_64" OR WAMR_BUILD_TARGET STREQUAL "AMD_64")
+    AND (WAMR_BUILD_PLATFORM STREQUAL "windows")
+    AND (NOT WAMR_DISABLE_HW_BOUND_CHECK EQUAL 1))
+  include(FetchContent)
 
+  FetchContent_Declare(
+    zycore
+    GIT_REPOSITORY https://github.com/zyantific/zycore-c.git
+  )
+  FetchContent_GetProperties(zycore)
+  if (NOT zycore_POPULATED)
+    message ("-- Fetching zycore ..")
+    FetchContent_Populate(zycore)
+    include_directories("${zycore_SOURCE_DIR}/include")
+    include_directories("${zycore_BINARY_DIR}")
+    add_definitions(-DZYCORE_STATIC_BUILD=1)
+    add_subdirectory(${zycore_SOURCE_DIR} ${zycore_BINARY_DIR} EXCLUDE_FROM_ALL)
+    file (GLOB_RECURSE c_source_zycore ${zycore_SOURCE_DIR}/src/*.c)
+  endif ()
+
+  FetchContent_Declare(
+    zydis
+    GIT_REPOSITORY https://github.com/zyantific/zydis.git
+    GIT_TAG e14a07895136182a5b53e181eec3b1c6e0b434de
+  )
+  FetchContent_GetProperties(zydis)
+  if (NOT zydis_POPULATED)
+    message ("-- Fetching zydis ..")
+    FetchContent_Populate(zydis)
+    option(ZYDIS_FEATURE_ENCODER "" OFF)
+    option(ZYDIS_BUILD_TOOLS "" OFF)
+    option(ZYDIS_BUILD_EXAMPLES "" OFF)
+    option(ZYDIS_BUILD_MAN "" OFF)
+    option(ZYDIS_BUILD_DOXYGEN "" OFF)
+    include_directories("${zydis_BINARY_DIR}")
+    include_directories("${zydis_SOURCE_DIR}/include")
+    include_directories("${zydis_SOURCE_DIR}/src")
+    add_definitions(-DZYDIS_STATIC_BUILD=1)
+    add_subdirectory(${zydis_SOURCE_DIR} ${zydis_BINARY_DIR} EXCLUDE_FROM_ALL)
+    file (GLOB_RECURSE c_source_zydis ${zydis_SOURCE_DIR}/src/*.c)
+  endif ()
+endif ()
+
+
+set (IWASM_AOT_SOURCE ${c_source_all} ${arch_source} ${debug_source}
+	              ${c_source_zycore} ${c_source_zydis})

core/iwasm/common/wasm_runtime_common.c

@@ -199,7 +199,90 @@ runtime_signal_handler(void *sig_addr)
         }
     }
 }
-#else
+#else /* else of BH_PLATFORM_WINDOWS */
+
+#if WASM_ENABLE_AOT != 0
+#include <Zydis/Zydis.h>
+
+static uint32
+decode_insn(uint8 *insn)
+{
+    uint8 *data = (uint8 *)insn;
+    uint32 length = 32; /* reserve enough size */
+
+    /* Initialize decoder context */
+    ZydisDecoder decoder;
+    ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64,
+                     ZYDIS_STACK_WIDTH_64);
+
+    /* Initialize formatter */
+    ZydisFormatter formatter;
+    ZydisFormatterInit(&formatter, ZYDIS_FORMATTER_STYLE_INTEL);
+
+    /* Loop over the instructions in our buffer */
+    ZyanU64 runtime_address = (ZyanU64)(uintptr_t)data;
+    ZyanUSize offset = 0;
+    ZydisDecodedInstruction instruction;
+    ZydisDecodedOperand operands[ZYDIS_MAX_OPERAND_COUNT_VISIBLE];
+    char buffer[256];
+
+    if (ZYAN_SUCCESS(ZydisDecoderDecodeFull(
+            &decoder, data + offset, length - offset, &instruction, operands,
+            ZYDIS_MAX_OPERAND_COUNT_VISIBLE,
+            ZYDIS_DFLAG_VISIBLE_OPERANDS_ONLY))) {
+
+        /* Format & print the binary instruction structure to
+           human readable format */
+        ZydisFormatterFormatInstruction(&formatter, &instruction, operands,
+                                        instruction.operand_count_visible,
+                                        buffer, sizeof(buffer),
+                                        runtime_address);
+
+        /* Print current instruction */
+        /*
+        os_printf("%012" PRIX64 "  ", runtime_address);
+        puts(buffer);
+        */
+
+        return instruction.length;
+    }
+
+    /* Decode failed */
+    return 0;
+}
+#endif /* end of WASM_ENABLE_AOT != 0 */
+
+static LONG
+next_action(WASMModuleInstance *module_inst, EXCEPTION_POINTERS *exce_info)
+{
+#if WASM_ENABLE_AOT != 0
+    uint32 insn_size;
+#endif
+
+    if (module_inst->module_type == Wasm_Module_Bytecode
+        && module_inst->e->running_mode == Mode_Interp) {
+        /* Continue to search next exception handler for
+           interpreter mode as it can be caught by
+           `__try { .. } __except { .. }` sentences in
+           wasm_runtime.c */
+        return EXCEPTION_CONTINUE_SEARCH;
+    }
+
+#if WASM_ENABLE_AOT != 0
+    /* Skip current instruction and continue to run for AOT/JIT mode.
+       TODO: implement unwind support for AOT/JIT code in Windows platform */
+    insn_size = decode_insn((uint8 *)exce_info->ContextRecord->Rip);
+    if (insn_size > 0) {
+        exce_info->ContextRecord->Rip += insn_size;
+        return EXCEPTION_CONTINUE_EXECUTION;
+    }
+#endif
+
+    /* return different value from EXCEPTION_CONTINUE_SEARCH (= 0)
+       and EXCEPTION_CONTINUE_EXECUTION (= -1) */
+    return -2;
+}
+
 static LONG
 runtime_exception_handler(EXCEPTION_POINTERS *exce_info)
 {
@@ -211,6 +294,7 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info)
     uint8 *mapped_mem_start_addr = NULL;
     uint8 *mapped_mem_end_addr = NULL;
     uint32 page_size = os_getpagesize();
+    LONG ret;
 
     if (exec_env_tls && exec_env_tls->handle == os_self_thread()
         && (jmpbuf_node = exec_env_tls->jmpbuf_stack_top)) {
@@ -232,32 +316,19 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info)
                    the wasm func returns, the caller will check whether the
                    exception is thrown and return to runtime. */
                 wasm_set_exception(module_inst, "out of bounds memory access");
-                if (module_inst->module_type == Wasm_Module_Bytecode) {
-                    /* Continue to search next exception handler for
-                       interpreter mode as it can be caught by
-                       `__try { .. } __except { .. }` sentences in
-                       wasm_runtime.c */
-                    return EXCEPTION_CONTINUE_SEARCH;
-                }
-                else {
-                    /* Skip current instruction and continue to run for
-                       AOT mode. TODO: implement unwind support for AOT
-                       code in Windows platform */
-                    exce_info->ContextRecord->Rip++;
-                    return EXCEPTION_CONTINUE_EXECUTION;
-                }
+                ret = next_action(module_inst, exce_info);
+                if (ret == EXCEPTION_CONTINUE_SEARCH
+                    || ret == EXCEPTION_CONTINUE_EXECUTION)
+                    return ret;
             }
             else if (exec_env_tls->exce_check_guard_page <= (uint8 *)sig_addr
                      && (uint8 *)sig_addr
                             < exec_env_tls->exce_check_guard_page + page_size) {
                 bh_assert(wasm_copy_exception(module_inst, NULL));
-                if (module_inst->module_type == Wasm_Module_Bytecode) {
-                    return EXCEPTION_CONTINUE_SEARCH;
-                }
-                else {
-                    exce_info->ContextRecord->Rip++;
-                    return EXCEPTION_CONTINUE_EXECUTION;
-                }
+                ret = next_action(module_inst, exce_info);
+                if (ret == EXCEPTION_CONTINUE_SEARCH
+                    || ret == EXCEPTION_CONTINUE_EXECUTION)
+                    return ret;
             }
         }
 #if WASM_DISABLE_STACK_HW_BOUND_CHECK == 0
@@ -267,12 +338,10 @@ runtime_exception_handler(EXCEPTION_POINTERS *exce_info)
                whether the exception is thrown and return to runtime, and
                the damaged stack will be recovered by _resetstkoflw(). */
             wasm_set_exception(module_inst, "native stack overflow");
-            if (module_inst->module_type == Wasm_Module_Bytecode) {
-                return EXCEPTION_CONTINUE_SEARCH;
-            }
-            else {
-                return EXCEPTION_CONTINUE_EXECUTION;
-            }
+            ret = next_action(module_inst, exce_info);
+            if (ret == EXCEPTION_CONTINUE_SEARCH
+                || ret == EXCEPTION_CONTINUE_EXECUTION)
+                return ret;
         }
 #endif
     }

core/iwasm/compilation/aot_emit_function.c

@@ -18,6 +18,17 @@
         }                                                                     \
     } while (0)
 
+static bool
+is_win_platform(AOTCompContext *comp_ctx)
+{
+    char *triple = LLVMGetTargetMachineTriple(comp_ctx->target_machine);
+
+    bh_assert(trip);
+    if (strstr(triple, "win32") || strstr(triple, "win"))
+        return true;
+    return false;
+}
+
 static bool
 create_func_return_block(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx)
 {
@@ -458,7 +469,7 @@ check_app_addr_and_convert(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
     }
 
     /* Check whether exception was thrown when executing the function */
-    if (comp_ctx->enable_bound_check
+    if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx))
         && !check_call_return(comp_ctx, func_ctx, res)) {
         return false;
     }
@@ -696,7 +707,7 @@ aot_compile_op_call(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
                 goto fail;
             /* Check whether there was exception thrown when executing
                the function */
-            if (comp_ctx->enable_bound_check
+            if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx))
                 && !check_call_return(comp_ctx, func_ctx, res))
                 goto fail;
         }
@@ -849,7 +860,8 @@ aot_compile_op_call(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
 
         /* Check whether there was exception thrown when executing
            the function */
-        if (!tail_call && comp_ctx->enable_bound_check
+        if (!tail_call
+            && (comp_ctx->enable_bound_check || is_win_platform(comp_ctx))
             && !check_exception_thrown(comp_ctx, func_ctx))
             goto fail;
     }
@@ -1431,7 +1443,7 @@ aot_compile_op_call_indirect(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         goto fail;
 
     /* Check whether exception was thrown when executing the function */
-    if (comp_ctx->enable_bound_check
+    if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx))
         && !check_call_return(comp_ctx, func_ctx, res))
         goto fail;
 
@@ -1483,7 +1495,7 @@ aot_compile_op_call_indirect(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
     }
 
     /* Check whether exception was thrown when executing the function */
-    if (comp_ctx->enable_bound_check
+    if ((comp_ctx->enable_bound_check || is_win_platform(comp_ctx))
         && !check_exception_thrown(comp_ctx, func_ctx))
         goto fail;