rustc: Fill out remaining parts of C-unwind ABI

This commit intends to fill out some of the remaining pieces of the
C-unwind ABI. This has a number of other changes with it though to move
this design space forward a bit. Notably contained within here is:

* On `panic=unwind`, the `extern "C"` ABI is now considered as "may
  unwind". This fixes a longstanding soundness issue where if you
  `panic!()` in an `extern "C"` function defined in Rust that's actually
  UB because the LLVM representation for the function has the `nounwind`
  attribute, but then you unwind.

* Whether or not a function unwinds now mainly considers the ABI of the
  function instead of first checking the panic strategy. This fixes a
  miscompile of `extern "C-unwind"` with `panic=abort` because that ABI
  can still unwind.

* The aborting stub for non-unwinding ABIs with `panic=unwind` has been
  reimplemented. Previously this was done as a small tweak during MIR
  generation, but this has been moved to a separate and dedicated MIR
  pass. This new pass will, for appropriate functions and function
  calls, insert a `cleanup` landing pad for any function call that may
  unwind within a function that is itself not allowed to unwind. Note
  that this subtly changes some behavior from before where previously on
  an unwind which was caught-to-abort it would run active destructors in
  the function, and now it simply immediately aborts the process.

* The `#[unwind]` attribute has been removed and all users in tests and
  such are now using `C-unwind` and `#![feature(c_unwind)]`.

I think this is largely the last piece of the RFC to implement.
Unfortunately I believe this is still not stabilizable as-is because
activating the feature gate changes the behavior of the existing `extern
"C"` ABI in a way that has no replacement. My thinking for how to enable
this is that we add support for the `C-unwind` ABI on stable Rust first,
and then after it hits stable we change the behavior of the `C` ABI.
That way anyone straddling stable/beta/nightly can switch to `C-unwind`
safely.

10 files changed, 90 insertions, 68 deletions

diff --git a/src/test/codegen/c-variadic.rs b/src/test/codegen/c-variadic.rs
index e038ed70451..668d023af96 100644
--- a/src/test/codegen/c-variadic.rs
+++ b/src/test/codegen/c-variadic.rs
@@ -4,7 +4,7 @@
 
 #![crate_type = "lib"]
 #![feature(c_variadic)]
-#![feature(unwind_attributes)]
+#![feature(c_unwind)]
 #![no_std]
 use core::ffi::VaList;
 
@@ -13,7 +13,6 @@ extern "C" {
     fn foreign_c_variadic_1(_: VaList, ...);
 }
 
-#[unwind(aborts)] // FIXME(#58794)
 pub unsafe extern "C" fn use_foreign_c_variadic_0() {
     // Ensure that we correctly call foreign C-variadic functions.
     // CHECK: call void (i32, ...) @foreign_c_variadic_0([[PARAM:i32( signext)?]] 0)
@@ -28,24 +27,20 @@ pub unsafe extern "C" fn use_foreign_c_variadic_0() {
 
 // Ensure that we do not remove the `va_list` passed to the foreign function when
 // removing the "spoofed" `VaListImpl` that is used by Rust defined C-variadics.
-#[unwind(aborts)] // FIXME(#58794)
 pub unsafe extern "C" fn use_foreign_c_variadic_1_0(ap: VaList) {
     // CHECK: call void ({{.*}}*, ...) @foreign_c_variadic_1({{.*}} %ap)
     foreign_c_variadic_1(ap);
 }
 
-#[unwind(aborts)] // FIXME(#58794)
 pub unsafe extern "C" fn use_foreign_c_variadic_1_1(ap: VaList) {
     // CHECK: call void ({{.*}}*, ...) @foreign_c_variadic_1({{.*}} %ap, [[PARAM]] 42)
     foreign_c_variadic_1(ap, 42i32);
 }
-#[unwind(aborts)] // FIXME(#58794)
 pub unsafe extern "C" fn use_foreign_c_variadic_1_2(ap: VaList) {
     // CHECK: call void ({{.*}}*, ...) @foreign_c_variadic_1({{.*}} %ap, [[PARAM]] 2, [[PARAM]] 42)
     foreign_c_variadic_1(ap, 2i32, 42i32);
 }
 
-#[unwind(aborts)] // FIXME(#58794)
 pub unsafe extern "C" fn use_foreign_c_variadic_1_3(ap: VaList) {
     // CHECK: call void ({{.*}}*, ...) @foreign_c_variadic_1({{.*}} %ap, [[PARAM]] 2, [[PARAM]] 42, [[PARAM]] 0)
     foreign_c_variadic_1(ap, 2i32, 42i32, 0i32);
diff --git a/src/test/codegen/catch-unwind.rs b/src/test/codegen/catch-unwind.rs
index 7ff9c0d15e0..b89c590add0 100644
--- a/src/test/codegen/catch-unwind.rs
+++ b/src/test/codegen/catch-unwind.rs
@@ -10,6 +10,7 @@
 // ignore-riscv64 FIXME
 
 #![crate_type = "lib"]
+#![feature(c_unwind)]
 
 extern "C" {
     fn bar();
diff --git a/src/test/codegen/try-panic-abort.rs b/src/test/codegen/try-panic-abort.rs
deleted file mode 100644
index 166d2bb9942..00000000000
--- a/src/test/codegen/try-panic-abort.rs
+++ /dev/null
@@ -1,20 +0,0 @@
-// compile-flags: -C panic=abort -O
-
-#![crate_type = "lib"]
-#![feature(unwind_attributes, core_intrinsics)]
-
-extern "C" {
-    #[unwind(allow)]
-    fn bar(data: *mut u8);
-}
-extern "Rust" {
-    fn catch(data: *mut u8, exception: *mut u8);
-}
-
-// CHECK-LABEL: @foo
-#[no_mangle]
-pub unsafe fn foo() -> i32 {
-    // CHECK: call void @bar
-    // CHECK: ret i32 0
-    std::intrinsics::r#try(|x| bar(x), 0 as *mut u8, |x, y| catch(x, y))
-}
diff --git a/src/test/codegen/unwind-abis/c-unwind-abi-panic-abort.rs b/src/test/codegen/unwind-abis/c-unwind-abi-panic-abort.rs
index afd65ff6741..398937a04c9 100644
--- a/src/test/codegen/unwind-abis/c-unwind-abi-panic-abort.rs
+++ b/src/test/codegen/unwind-abis/c-unwind-abi-panic-abort.rs
@@ -1,18 +1,22 @@
-// compile-flags: -C panic=abort -C opt-level=0
+// compile-flags: -C panic=abort
 
-// Test that `nounwind` atributes are applied to `C-unwind` extern functions when the
-// code is compiled with `panic=abort`.  We disable optimizations above to prevent LLVM from
-// inferring the attribute.
+// Test that `nounwind` atributes are not applied to `C-unwind` extern functions
+// even when the code is compiled with `panic=abort`.
 
 #![crate_type = "lib"]
 #![feature(c_unwind)]
 
-// CHECK: @rust_item_that_can_unwind() unnamed_addr #0 {
+extern "C-unwind" {
+    fn may_unwind();
+}
+
+// CHECK: @rust_item_that_can_unwind() unnamed_addr #0
 #[no_mangle]
-pub extern "C-unwind" fn rust_item_that_can_unwind() {
+pub unsafe extern "C-unwind" fn rust_item_that_can_unwind() {
+    may_unwind();
 }
 
 // Now, make sure that the LLVM attributes for this functions are correct.  First, make
 // sure that the first item is correctly marked with the `nounwind` attribute:
 //
-// CHECK: attributes #0 = { {{.*}}nounwind{{.*}} }
+// CHECK-NOT: attributes #0 = { {{.*}}nounwind{{.*}} }
diff --git a/src/test/codegen/unwind-abis/nounwind-on-stable-panic-abort.rs b/src/test/codegen/unwind-abis/nounwind-on-stable-panic-abort.rs
new file mode 100644
index 00000000000..9a4b3d3b484
--- /dev/null
+++ b/src/test/codegen/unwind-abis/nounwind-on-stable-panic-abort.rs
@@ -0,0 +1,16 @@
+// compile-flags: -C opt-level=0 -Cpanic=abort
+// ignore-wasm32-bare compiled with panic=abort by default
+
+#![crate_type = "lib"]
+
+// We disable optimizations to prevent LLVM from infering the attribute.
+
+// CHECK: Function Attrs:{{.*}}nounwind
+// CHECK-NEXT: @foo
+#[no_mangle]
+pub extern "C" fn foo() {}
+
+// CHECK: Function Attrs:{{.*}}nounwind
+// CHECK-NEXT: @bar
+#[no_mangle]
+pub fn bar() {}
diff --git a/src/test/codegen/unwind-abis/nounwind-on-stable-panic-unwind.rs b/src/test/codegen/unwind-abis/nounwind-on-stable-panic-unwind.rs
new file mode 100644
index 00000000000..2783c83d3ef
--- /dev/null
+++ b/src/test/codegen/unwind-abis/nounwind-on-stable-panic-unwind.rs
@@ -0,0 +1,17 @@
+// compile-flags: -C opt-level=0
+// ignore-wasm32-bare compiled with panic=abort by default
+
+#![crate_type = "lib"]
+
+// We disable optimizations to prevent LLVM from infering the attribute.
+
+extern "C" {
+    fn bar();
+}
+
+// CHECK-NOT: Function Attrs:{{.*}}nounwind
+pub unsafe extern "C" fn foo() {
+    bar();
+}
+
+// Note that this test will get removed when `C-unwind` is fully stabilized
diff --git a/src/test/codegen/unwind-abis/nounwind.rs b/src/test/codegen/unwind-abis/nounwind.rs
new file mode 100644
index 00000000000..cfc140361f6
--- /dev/null
+++ b/src/test/codegen/unwind-abis/nounwind.rs
@@ -0,0 +1,17 @@
+// compile-flags: -C opt-level=0 -Cpanic=abort
+// ignore-wasm32-bare compiled with panic=abort by default
+
+#![crate_type = "lib"]
+#![feature(c_unwind)]
+
+// We disable optimizations to prevent LLVM from infering the attribute.
+
+// CHECK: Function Attrs:{{.*}}nounwind
+// CHECK-NEXT: @foo
+#[no_mangle]
+pub extern "C" fn foo() {}
+
+// CHECK: Function Attrs:{{.*}}nounwind
+// CHECK-NEXT: @bar
+#[no_mangle]
+pub fn bar() {}
diff --git a/src/test/codegen/unwind-and-panic-abort.rs b/src/test/codegen/unwind-and-panic-abort.rs
new file mode 100644
index 00000000000..05d97f3256a
--- /dev/null
+++ b/src/test/codegen/unwind-and-panic-abort.rs
@@ -0,0 +1,16 @@
+// compile-flags: -C panic=abort
+
+#![crate_type = "lib"]
+#![feature(c_unwind)]
+
+extern "C-unwind" {
+    fn bar();
+}
+
+// CHECK: Function Attrs:{{.*}}nounwind
+// CHECK-NEXT: define{{.*}}void @foo
+// CHECK: call void @llvm.trap()
+#[no_mangle]
+pub unsafe extern "C" fn foo() {
+    bar();
+}
diff --git a/src/test/codegen/unwind-extern-exports.rs b/src/test/codegen/unwind-extern-exports.rs
index 487de20671a..c939235fb50 100644
--- a/src/test/codegen/unwind-extern-exports.rs
+++ b/src/test/codegen/unwind-extern-exports.rs
@@ -2,19 +2,15 @@
 // ignore-wasm32-bare compiled with panic=abort by default
 
 #![crate_type = "lib"]
-#![feature(unwind_attributes)]
+#![feature(c_unwind)]
 
 // Make sure these all do *not* get the attribute.
 // We disable optimizations to prevent LLVM from infering the attribute.
 // CHECK-NOT: nounwind
 
 // "C" ABI
-// pub extern fn foo() {} // FIXME right now we don't abort-on-panic but add `nounwind` nevertheless
-#[unwind(allowed)]
-pub extern "C" fn foo_allowed() {}
+pub extern "C-unwind" fn foo_unwind() {}
 
 // "Rust"
 // (`extern "Rust"` could be removed as all `fn` get it implicitly; we leave it in for clarity.)
-pub extern "Rust" fn bar() {}
-#[unwind(allowed)]
-pub extern "Rust" fn bar_allowed() {}
+pub fn bar() {}
diff --git a/src/test/codegen/unwind-extern-imports.rs b/src/test/codegen/unwind-extern-imports.rs
index e28397eb139..e33e3e80521 100644
--- a/src/test/codegen/unwind-extern-imports.rs
+++ b/src/test/codegen/unwind-extern-imports.rs
@@ -2,41 +2,21 @@
 // ignore-wasm32-bare compiled with panic=abort by default
 
 #![crate_type = "lib"]
-#![feature(unwind_attributes)]
+#![feature(c_unwind)]
 
 extern "C" {
-// CHECK: Function Attrs:{{.*}}nounwind
-// CHECK-NEXT: declare{{.*}}void @extern_fn
+    // CHECK: Function Attrs:{{.*}}nounwind
+    // CHECK-NEXT: declare{{.*}}void @extern_fn
     fn extern_fn();
-// CHECK-NOT: Function Attrs:{{.*}}nounwind
-// CHECK: declare{{.*}}void @unwinding_extern_fn
-    #[unwind(allowed)]
-    fn unwinding_extern_fn();
-// CHECK-NOT: nounwind
-// CHECK: declare{{.*}}void @aborting_extern_fn
-    #[unwind(aborts)]
-    fn aborting_extern_fn(); // FIXME: we want to have the attribute here
 }
 
-extern "Rust" {
-// CHECK-NOT: nounwind
-// CHECK: declare{{.*}}void @rust_extern_fn
-    fn rust_extern_fn();
-// CHECK-NOT: nounwind
-// CHECK: declare{{.*}}void @rust_unwinding_extern_fn
-    #[unwind(allowed)]
-    fn rust_unwinding_extern_fn();
-// CHECK-NOT: nounwind
-// CHECK: declare{{.*}}void @rust_aborting_extern_fn
-    #[unwind(aborts)]
-    fn rust_aborting_extern_fn(); // FIXME: we want to have the attribute here
+extern "C-unwind" {
+    // CHECK-NOT: nounwind
+    // CHECK: declare{{.*}}void @c_unwind_extern_fn
+    fn c_unwind_extern_fn();
 }
 
 pub unsafe fn force_declare() {
     extern_fn();
-    unwinding_extern_fn();
-    aborting_extern_fn();
-    rust_extern_fn();
-    rust_unwinding_extern_fn();
-    rust_aborting_extern_fn();
+    c_unwind_extern_fn();
 }