[CIR] Handle throwing calls inside EH cleanup (llvm#188341)

This implements handling for throwing calls inside an EH cleanup
handler. When such a call occurs, the CFG flattening pass replaces it
with a cir.try_call op that unwinds to a terminate block.

A new CIR operation, cir.eh.terminate, is added to facilitate this
handling, and the design document is updated to describe the new
behavior.

Assisted-by: Cursor / claude-4.6-opus-high

Author: andykaylor

clang/docs/ClangIRCleanupAndEHDesign.md

@@ -732,9 +732,9 @@ CIR operations. The operations that were used in the ClangIR incubator
 project were closely matched to the Itanium exception handling ABI. In
 order to achieve a representation that also works well for other ABIs,
 the following new operations are being proposed: `cir.eh.initiate`,
-`cir.eh.dispatch`, `cir.begin_cleanup`, and `cir.end_cleanup`. The
-`cir.begin_catch` and `cir.end_catch` operations, described above,
-are also used in the flattened form.
+`cir.eh.dispatch`, `cir.eh.terminate`, `cir.begin_cleanup`, and
+`cir.end_cleanup`. The `cir.begin_catch` and `cir.end_catch` operations,
+described above, are also used in the flattened form.
 
 Any time a cir.call operation that may throw and exception appears
 within the try region of a `cir.try` operation or within the body region
@@ -953,6 +953,91 @@ the EH cleanup block (`^bb2`), which branches to `^bb3` to perform the
 cleanup, but because we have no catch handler, we execute `cir.resume`
 after the cleanup to unwind to the function that called `someFunc()`.
 
+#### Throwing Calls in Cleanup Regions
+
+When a call in an EH cleanup region may throw an exception, it requires
+special handling. The C++ standard requires that if an exception is
+thrown during exception cleanup (i.e., while unwinding a previous
+exception), the program must call `std::terminate()`. In the flattened
+CIR, such calls are replaced with `cir.try_call` operations whose
+unwind destination contains a `cir.eh.initiate` followed by a
+`cir.eh.terminate` operation.
+
+The `cir.eh.terminate` operation is a terminator that signals the need
+for program termination due to an exception thrown during cleanup. It
+takes the `!cir.eh_token` returned by `cir.eh.initiate` and is further
+processed during EH ABI lowering, where it is replaced with target-specific
+termination code.
+
+#### Example: Cleanup with throwing destructor
+
+**C++**
+
+``` c++
+struct ThrowingDtor {
+  ~ThrowingDtor() noexcept(false);
+};
+
+void someFunc() {
+  ThrowingDtor c;
+  c.doSomething();
+}
+```
+
+**CIR**
+
+```
+cir.func @someFunc(){
+  %0 = cir.alloca !rec_ThrowingDtor, !cir.ptr<!rec_ThrowingDtor>, ["c", init]
+  cir.call @_ZN12ThrowingDtorC1Ev(%0) : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+  cir.cleanup.scope {
+    cir.call @_ZN12ThrowingDtor11doSomethingEv(%0) : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+    cir.yield
+  } cleanup all {
+    cir.call @_ZN12ThrowingDtorD1Ev(%0) : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+    cir.yield
+  }
+  cir.return
+}
+```
+
+**Flattened CIR**
+
+```
+cir.func @someFunc(){
+  %0 = cir.alloca !rec_ThrowingDtor, !cir.ptr<!rec_ThrowingDtor>, ["c", init]
+  cir.call @_ZN12ThrowingDtorC1Ev(%0) : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+  cir.try_call @_ZN12ThrowingDtor11doSomethingEv(%0) ^bb1, ^bb2 : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+^bb1 // Normal cleanup
+  cir.call @_ZN12ThrowingDtorD1Ev(%0) : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+  cir.br ^bb6
+^bb2 // EH cleanup (from entry block)
+  %1 = cir.eh.initiate cleanup : !cir.eh_token
+  cir.br ^bb3(%1 : !cir.eh_token)
+^bb3(%eh_token : !cir.eh_token) // Perform cleanup
+  %2 = cir.begin_cleanup(%eh_token : !cir.eh_token) : !cir.cleanup_token
+  cir.try_call @_ZN12ThrowingDtorD1Ev(%0) ^bb4, ^bb5 : (!cir.ptr<!rec_ThrowingDtor>) -> ()
+^bb4 // Destructor completed: continue unwinding
+  cir.end_cleanup(%2 : !cir.cleanup_token)
+  cir.resume %eh_token : !cir.eh_token
+^bb5 // Destructor threw: terminate
+  %3 = cir.eh.initiate : !cir.eh_token
+  cir.eh.terminate %3 : !cir.eh_token
+^bb6 // Normal continue (from ^bb1)
+  cir.return
+}
+```
+
+In this example, the destructor for `ThrowingDtor` may throw. In the
+normal cleanup path (`^bb1`), the destructor is a regular `cir.call`
+since the exception would propagate normally. In the EH cleanup path
+(`^bb3`), the destructor call is a `cir.try_call` because if the
+destructor throws during exception unwinding, the program must
+terminate. If the destructor completes normally, the exception
+continues unwinding via `cir.resume`. If the destructor throws, control
+transfers to `^bb5`, which initiates exception handling and immediately
+terminates.
+
 #### Example: Shared cleanups
 
 **C++**
@@ -1142,7 +1227,9 @@ The Itanium exception handling ABI representation replaces the
 for the catch handlers. The `cir.begin_cleanup` and `cir.end_cleanup`
 operations are simply dropped. The `cir.begin_catch` operation becomes a
 call to `__cxa_begin_catch`. The `cir.end_catch` operation becomes a
-call to `__cxa_end_catch`.
+call to `__cxa_end_catch`. The `cir.eh.terminate` operation becomes a
+call to `__clang_call_terminate` (which calls `__cxa_begin_catch`
+followed by `std::terminate()`) and then an unreachable operation.
 
 The only operation that is specific to Itanium exception handling is
 `cir.eh.landingpad`.

clang/include/clang/CIR/Dialect/IR/CIROps.td

@@ -7037,6 +7037,46 @@ def CIR_EhInitiateOp : CIR_Op<"eh.initiate"> {
   let hasLLVMLowering = false;
 }
 
+//===----------------------------------------------------------------------===//
+// Flattened EH Operations: EhTerminateOp
+//===----------------------------------------------------------------------===//
+
+def CIR_EhTerminateOp : CIR_Op<"eh.terminate", [
+  Terminator
+]> {
+  let summary = "Terminate due to exception thrown during cleanup";
+  let description = [{
+    `cir.eh.terminate` terminates program execution when an exception is thrown
+    while executing cleanup code during exception unwinding. The C++ standard
+    requires that `std::terminate()` be called in this scenario.
+
+    This operation takes an `!cir.eh_token` from a `cir.eh.initiate` operation
+    and acts as a terminator. It is produced during CFG flattening when throwing
+    calls are found in EH cleanup regions.
+
+    During EH ABI lowering, this is replaced with target-specific termination
+    code. For the Itanium ABI, the `cir.eh.initiate` is lowered to
+    `cir.eh.inflight_exception` (producing an exception pointer), and the
+    `cir.eh.terminate` becomes a call to `__clang_call_terminate` with that
+    pointer, followed by an unreachable operation.
+
+    Example:
+
+    ```mlir
+    ^terminate_unwind:
+      %eh_token = cir.eh.initiate : !cir.eh_token
+      cir.eh.terminate %eh_token : !cir.eh_token
+    ```
+  }];
+
+  let arguments = (ins CIR_EhTokenType:$eh_token);
+  let assemblyFormat = [{
+    $eh_token `:` type($eh_token) attr-dict
+  }];
+
+  let hasLLVMLowering = false;
+}
+
 //===----------------------------------------------------------------------===//
 // Flattened EH Operations: EhDispatchOp
 //===----------------------------------------------------------------------===//

clang/lib/CIR/Dialect/Transforms/EHABILowering.cpp

@@ -17,6 +17,7 @@
 //   - cir.end_cleanup      → (removed)
 //   - cir.begin_catch      → call to __cxa_begin_catch
 //   - cir.end_catch        → call to __cxa_end_catch
+//   - cir.eh.terminate     → call to __clang_call_terminate + unreachable
 //   - cir.resume           → cir.resume.flat
 //   - !cir.eh_token values → (!cir.ptr<!void>, !u32i) value pairs
 //   - personality function set on functions requiring EH
@@ -116,11 +117,13 @@ class ItaniumEHLowering : public EHABILowering {
   cir::FuncOp personalityFunc;
   cir::FuncOp beginCatchFunc;
   cir::FuncOp endCatchFunc;
+  cir::FuncOp clangCallTerminateFunc;
 
   constexpr const static ::llvm::StringLiteral kGxxPersonality =
       "__gxx_personality_v0";
 
   void ensureRuntimeDecls(mlir::Location loc);
+  void ensureClangCallTerminate(mlir::Location loc);
   mlir::LogicalResult lowerFunc(cir::FuncOp funcOp);
   void lowerEhInitiate(cir::EhInitiateOp initiateOp, EhTokenMap &ehTokenMap,
                        SmallVectorImpl<mlir::Operation *> &deadOps);
@@ -172,6 +175,62 @@ void ItaniumEHLowering::ensureRuntimeDecls(mlir::Location loc) {
   }
 }
 
+/// Ensure the __clang_call_terminate function exists in the module. This
+/// function is defined with a body that calls __cxa_begin_catch followed by
+/// std::terminate, matching the behavior of Clang's LLVM IR codegen.
+///
+///   void __clang_call_terminate(void *exn) nounwind noreturn {
+///     __cxa_begin_catch(exn);
+///     std::terminate();
+///     unreachable;
+///   }
+void ItaniumEHLowering::ensureClangCallTerminate(mlir::Location loc) {
+  if (clangCallTerminateFunc)
+    return;
+
+  ensureRuntimeDecls(loc);
+
+  if (auto existing = mod.lookupSymbol<cir::FuncOp>("__clang_call_terminate")) {
+    clangCallTerminateFunc = existing;
+    return;
+  }
+
+  auto funcTy = cir::FuncType::get({voidPtrType}, voidType, /*isVarArg=*/false);
+  builder.setInsertionPointToEnd(mod.getBody());
+  auto funcOp =
+      cir::FuncOp::create(builder, loc, "__clang_call_terminate", funcTy);
+  funcOp.setLinkage(cir::GlobalLinkageKind::LinkOnceODRLinkage);
+  funcOp.setGlobalVisibilityAttr(
+      cir::VisibilityAttr::get(ctx, cir::VisibilityKind::Hidden));
+
+  mlir::Block *entryBlock = funcOp.addEntryBlock();
+  builder.setInsertionPointToStart(entryBlock);
+  mlir::Value exnArg = entryBlock->getArgument(0);
+
+  auto catchCall = cir::CallOp::create(
+      builder, loc, mlir::FlatSymbolRefAttr::get(beginCatchFunc), u8PtrType,
+      mlir::ValueRange{exnArg});
+  catchCall.setNothrowAttr(builder.getUnitAttr());
+
+  auto terminateFuncDecl = getOrCreateRuntimeFuncDecl(
+      mod, loc, "_ZSt9terminatev",
+      cir::FuncType::get({}, voidType, /*isVarArg=*/false));
+  terminateFuncDecl->setAttr(cir::CIRDialect::getNoReturnAttrName(),
+                             builder.getUnitAttr());
+  auto terminateCall = cir::CallOp::create(
+      builder, loc, mlir::FlatSymbolRefAttr::get(terminateFuncDecl), voidType,
+      mlir::ValueRange{});
+  terminateCall.setNothrowAttr(builder.getUnitAttr());
+  terminateCall->setAttr(cir::CIRDialect::getNoReturnAttrName(),
+                         builder.getUnitAttr());
+
+  cir::UnreachableOp::create(builder, loc);
+
+  funcOp->setAttr(cir::CIRDialect::getNoReturnAttrName(),
+                  builder.getUnitAttr());
+  clangCallTerminateFunc = funcOp;
+}
+
 /// Lower all EH operations in a single function.
 mlir::LogicalResult ItaniumEHLowering::lowerFunc(cir::FuncOp funcOp) {
   if (funcOp.isDeclaration())
@@ -360,6 +419,19 @@ void ItaniumEHLowering::lowerEhInitiate(
           auto [exnPtr, typeId] = ehTokenMap.lookup(op.getEhToken());
           lowerDispatch(op, exnPtr, typeId, deadOps);
         }
+      } else if (auto op = mlir::dyn_cast<cir::EhTerminateOp>(user)) {
+        auto [exnPtr, typeId] = ehTokenMap.lookup(op.getEhToken());
+        ensureClangCallTerminate(op.getLoc());
+        builder.setInsertionPoint(op);
+        auto call = cir::CallOp::create(
+            builder, op.getLoc(),
+            mlir::FlatSymbolRefAttr::get(clangCallTerminateFunc), voidType,
+            mlir::ValueRange{exnPtr});
+        call.setNothrowAttr(builder.getUnitAttr());
+        call->setAttr(cir::CIRDialect::getNoReturnAttrName(),
+                      builder.getUnitAttr());
+        cir::UnreachableOp::create(builder, op.getLoc());
+        op.erase();
       } else if (auto op = mlir::dyn_cast<cir::ResumeOp>(user)) {
         auto [exnPtr, typeId] = ehTokenMap.lookup(op.getEhToken());
         builder.setInsertionPoint(op);

clang/lib/CIR/Dialect/Transforms/FlattenCFG.cpp

@@ -717,6 +717,19 @@ static mlir::Block *buildUnwindBlock(mlir::Block *dest, bool hasCleanup,
   return unwindBlock;
 }
 
+// Create a shared terminate unwind block for throwing calls in EH cleanup
+// regions. When an exception is thrown during cleanup (unwinding), the C++
+// standard requires that std::terminate() be called.
+static mlir::Block *buildTerminateUnwindBlock(mlir::Location loc,
+                                              mlir::Block *insertBefore,
+                                              mlir::PatternRewriter &rewriter) {
+  mlir::Block *terminateBlock = rewriter.createBlock(insertBefore);
+  rewriter.setInsertionPointToEnd(terminateBlock);
+  auto ehInitiate = cir::EhInitiateOp::create(rewriter, loc, /*cleanup=*/false);
+  cir::EhTerminateOp::create(rewriter, loc, ehInitiate.getEhToken());
+  return terminateBlock;
+}
+
 class CIRCleanupScopeOpFlattening
     : public mlir::OpRewritePattern<cir::CleanupScopeOp> {
 public:
@@ -1332,6 +1345,28 @@ class CIRCleanupScopeOpFlattening
         replaceCallWithTryCall(callOp, unwindBlock, loc, rewriter);
     }
 
+    // Handle throwing calls in EH cleanup blocks. When an exception is thrown
+    // during cleanup code that runs on the exception unwind path, the C++
+    // standard requires that std::terminate() be called. Replace such calls
+    // with try_call operations that unwind to a terminate block containing
+    // cir.eh.initiate + cir.eh.terminate.
+    if (ehCleanupEntry) {
+      llvm::SmallVector<cir::CallOp> ehCleanupThrowingCalls;
+      for (mlir::Block *block = ehCleanupEntry; block != continueBlock;
+           block = block->getNextNode()) {
+        block->walk([&](cir::CallOp callOp) {
+          if (!callOp.getNothrow())
+            ehCleanupThrowingCalls.push_back(callOp);
+        });
+      }
+      if (!ehCleanupThrowingCalls.empty()) {
+        mlir::Block *terminateBlock =
+            buildTerminateUnwindBlock(loc, continueBlock, rewriter);
+        for (cir::CallOp callOp : ehCleanupThrowingCalls)
+          replaceCallWithTryCall(callOp, terminateBlock, loc, rewriter);
+      }
+    }
+
     // Chain inner EH cleanup resume ops to this cleanup's EH handler.
     // Each cir.resume from an already-flattened inner cleanup is replaced
     // with a branch to the outer EH cleanup entry, passing the eh_token
@@ -1372,17 +1407,6 @@ class CIRCleanupScopeOpFlattening
 
     cir::CleanupKind cleanupKind = cleanupOp.getCleanupKind();
 
-    // Throwing calls in the cleanup region of an EH-enabled cleanup scope
-    // are not yet supported. Such calls would need their own EH handling
-    // (e.g., terminate or nested cleanup) during the unwind path.
-    if (cleanupKind != cir::CleanupKind::Normal) {
-      llvm::SmallVector<cir::CallOp> cleanupThrowingCalls;
-      collectThrowingCalls(cleanupOp.getCleanupRegion(), cleanupThrowingCalls);
-      if (!cleanupThrowingCalls.empty())
-        return cleanupOp->emitError(
-            "throwing calls in cleanup region are not yet implemented");
-    }
-
     // Collect all exits from the body region.
     llvm::SmallVector<CleanupExit> exits;
     int nextId = 0;