fix PL/SQL exception handler not catching errors on macOS ARM64

obdev · footka · LINxiansheng · ob-robot · commit 215df8fdc81d · 2026-02-11T06:36:10.000Z
Co-authored-by: footka &lt;672528926@qq.com&gt;
Co-authored-by: LINxiansheng &lt;wangzelin19961202@gmail.com&gt;
diff --git a/src/objit/src/core/ob_jit_memory_manager.h b/src/objit/src/core/ob_jit_memory_manager.h
@@ -33,29 +33,204 @@ class ObJitMemoryManager : public llvm::RTDyldMemoryManager
   void operator=(const ObJitMemoryManager&);
 public:
   explicit ObJitMemoryManager(ObJitAllocator &allocator)
-      : allocator_(allocator)
+      : allocator_(allocator),
+        code_section_addr_(nullptr),
+        gcc_except_tab_addr_(nullptr),
+        gcc_except_tab_size_(0)
   {}
   virtual ~ObJitMemoryManager() {}
 
-  /// Allocate a memory block of (at least) the given size suitable for
-  /// executable code. The SectionID is a unique identifier assigned by the JIT
-  /// engine, and optionally recorded by the memory manager to access a loaded
-  /// section.
   virtual uint8_t *allocateCodeSection(
       uintptr_t Size, unsigned Alignment, unsigned SectionID,
       llvm::StringRef SectionName)
   {
-    return reinterpret_cast<uint8_t*>(allocator_.alloc(JMT_RWE, Size, Alignment));
+    uint8_t *ptr = reinterpret_cast<uint8_t*>(allocator_.alloc(JMT_RWE, Size, Alignment));
+#if defined(__APPLE__)
+    // Track __text section address for .eh_frame pc_begin fixup.
+    if (SectionName == "__text") {
+      code_section_addr_ = ptr;
+    }
+#endif
+    return ptr;
   }
 
-  /// Allocate a memory block of (at least) the given size suitable for data.
-  /// The SectionID is a unique identifier assigned by the JIT engine, and
-  /// optionally recorded by the memory manager to access a loaded section.
   virtual uint8_t *allocateDataSection(
       uintptr_t Size, unsigned Alignment, unsigned SectionID,
       llvm::StringRef SectionName, bool IsReadOnly){
-    return reinterpret_cast<uint8_t*>(allocator_.alloc(JMT_RO, Size, Alignment));
+    uint8_t *ptr = reinterpret_cast<uint8_t*>(allocator_.alloc(JMT_RO, Size, Alignment));
+#if defined(__APPLE__)
+    // Track __gcc_except_tab section address for .eh_frame LSDA fixup.
+    // On macOS ARM64, RuntimeDyld doesn't properly relocate the LSDA pointer
+    // in .eh_frame (ARM64_RELOC_SUBTRACTOR+UNSIGNED pair), so we fix it up
+    // manually in registerEHFrames.
+    if (SectionName == "__gcc_except_tab") {
+      gcc_except_tab_addr_ = ptr;
+      gcc_except_tab_size_ = Size;
+    }
+#endif
+    return ptr;
+  }
+
+  virtual void registerEHFrames(uint8_t *Addr, uint64_t LoadAddr, size_t Size) {
+#if defined(__APPLE__)
+    // Fix up LSDA pointers in .eh_frame before registration.
+    // RuntimeDyld on MachO ARM64 does not correctly apply the
+    // ARM64_RELOC_SUBTRACTOR + ARM64_RELOC_UNSIGNED relocation pair
+    // within __eh_frame, leaving the LSDA pointer unrelocated and pointing
+    // to garbage memory. We parse the CIE/FDE and patch the LSDA pointer
+    // to correctly reference __gcc_except_tab.
+    if (Size > 0) {
+      fixupEHFrameRelocations(Addr, Size);
+    }
+#endif
+    llvm::RTDyldMemoryManager::registerEHFrames(Addr, LoadAddr, Size);
+    // Reset for next module
+    code_section_addr_ = nullptr;
+    gcc_except_tab_addr_ = nullptr;
+    gcc_except_tab_size_ = 0;
+  }
+
+  virtual void deregisterEHFrames() {
+    llvm::RTDyldMemoryManager::deregisterEHFrames();
+  }
+
+private:
+#if defined(__APPLE__)
+  // Read a ULEB128 value, advancing the pointer
+  static uint64_t readULEB128(const uint8_t **p) {
+    uint64_t result = 0;
+    unsigned shift = 0;
+    uint8_t byte;
+    do {
+      byte = **p; (*p)++;
+      result |= ((uint64_t)(byte & 0x7f)) << shift;
+      shift += 7;
+    } while (byte & 0x80);
+    return result;
+  }
+
+  // Get byte size of an encoded pointer given the DWARF encoding
+  static size_t getEncodedPtrSize(uint8_t enc) {
+    if (enc == 0xFF) return 0; // DW_EH_PE_omit
+    switch (enc & 0x0F) {
+      case 0x00: return sizeof(uintptr_t); // DW_EH_PE_absptr
+      case 0x02: return 2;  // DW_EH_PE_udata2
+      case 0x03: return 4;  // DW_EH_PE_udata4
+      case 0x04: return 8;  // DW_EH_PE_udata8
+      case 0x09: return 2;  // DW_EH_PE_sdata2
+      case 0x0A: return 4;  // DW_EH_PE_sdata4 (note: some refs use 0x0B)
+      case 0x0B: return 4;  // DW_EH_PE_sdata4
+      case 0x0C: return 8;  // DW_EH_PE_sdata8
+      default:   return sizeof(uintptr_t);
+    }
+  }
+
+  // Fix up pc_begin and LSDA pointers in .eh_frame FDEs.
+  // RuntimeDyld on MachO ARM64 does not correctly apply
+  // ARM64_RELOC_SUBTRACTOR + ARM64_RELOC_UNSIGNED pairs in __eh_frame,
+  // so both pc_begin (function start) and LSDA pointer end up wrong.
+  void fixupEHFrameRelocations(uint8_t *ehFrame, size_t size) {
+    const uint8_t *p = ehFrame;
+    const uint8_t *end = ehFrame + size;
+
+    // --- Parse CIE ---
+    if (p + 4 > end) return;
+    uint32_t cie_length = *(const uint32_t *)p; p += 4;
+    if (cie_length == 0 || p + cie_length > end) return;
+    const uint8_t *cie_end = p + cie_length;
+
+    if (p + 4 > cie_end) return;
+    uint32_t cie_id = *(const uint32_t *)p; p += 4;
+    if (cie_id != 0) return; // not a CIE
+
+    if (p >= cie_end) return;
+    uint8_t version = *p++;
+
+    const char *aug_str = (const char *)p;
+    while (p < cie_end && *p) p++;
+    if (p >= cie_end) return;
+    p++; // skip null terminator
+
+    bool has_z = false, has_L = false, has_P = false, has_R = false;
+    for (const char *a = aug_str; *a; a++) {
+      switch (*a) {
+        case 'z': has_z = true; break;
+        case 'L': has_L = true; break;
+        case 'P': has_P = true; break;
+        case 'R': has_R = true; break;
+      }
+    }
+
+    readULEB128(&p); // code_alignment_factor
+    { uint8_t b; do { b = *p++; } while (b & 0x80); } // data_alignment_factor (SLEB128)
+    if (version >= 3) { readULEB128(&p); } else { p++; } // return_address_register
+
+    uint8_t lsda_encoding = 0xFF;
+    uint8_t fde_encoding = 0x00;
+
+    if (has_z) {
+      readULEB128(&p); // augmentation_data_length
+      for (const char *a = aug_str; *a; a++) {
+        if (*a == 'z') continue;
+        if (*a == 'P') {
+          uint8_t penc = *p++;
+          p += getEncodedPtrSize(penc);
+        } else if (*a == 'L') {
+          lsda_encoding = *p++;
+        } else if (*a == 'R') {
+          fde_encoding = *p++;
+        }
+      }
+    }
+
+    // --- Parse FDE(s) ---
+    p = cie_end;
+    while (p + 4 <= end) {
+      uint32_t fde_length = *(const uint32_t *)p; p += 4;
+      if (fde_length == 0) break;
+      if (p + fde_length > end) break;
+      const uint8_t *fde_end = p + fde_length;
+
+      uint32_t cie_ptr = *(const uint32_t *)p; p += 4;
+      if (cie_ptr == 0) { p = fde_end; continue; } // another CIE
+
+      // --- Fix pc_begin ---
+      size_t fde_ptr_sz = getEncodedPtrSize(fde_encoding);
+      bool fde_pcrel = ((fde_encoding & 0x70) == 0x10);
+      if (code_section_addr_ != nullptr && fde_pcrel) {
+        uint8_t *pc_begin_field = const_cast<uint8_t *>(p);
+        if (fde_ptr_sz == 8) {
+          int64_t correct = (int64_t)code_section_addr_ - (int64_t)pc_begin_field;
+          *(int64_t *)pc_begin_field = correct;
+        } else if (fde_ptr_sz == 4) {
+          int32_t correct = (int32_t)((int64_t)code_section_addr_ - (int64_t)pc_begin_field);
+          *(int32_t *)pc_begin_field = correct;
+        }
+      }
+      p += fde_ptr_sz; // skip pc_begin
+      p += fde_ptr_sz; // skip pc_range (not relocated, leave as-is)
+
+      // --- Fix LSDA pointer ---
+      if (has_z) {
+        readULEB128(&p); // augmentation_data_length
+        if (has_L && lsda_encoding != 0xFF && gcc_except_tab_addr_ != nullptr) {
+          uint8_t *lsda_field = const_cast<uint8_t *>(p);
+          size_t lsda_ptr_sz = getEncodedPtrSize(lsda_encoding);
+          bool lsda_pcrel = ((lsda_encoding & 0x70) == 0x10);
+
+          if (lsda_pcrel && lsda_ptr_sz == 8) {
+            int64_t correct = (int64_t)gcc_except_tab_addr_ - (int64_t)lsda_field;
+            *(int64_t *)lsda_field = correct;
+          } else if (lsda_pcrel && lsda_ptr_sz == 4) {
+            int32_t correct = (int32_t)((int64_t)gcc_except_tab_addr_ - (int64_t)lsda_field);
+            *(int32_t *)lsda_field = correct;
+          }
+        }
+      }
+      p = fde_end;
+    }
   }
+#endif
 
   /// This method is called when object loading is complete and section page
   /// permissions can be applied.  It is up to the memory manager implementation
@@ -99,6 +274,9 @@ class ObJitMemoryManager : public llvm::RTDyldMemoryManager
 
 private:
   ObJitAllocator &allocator_;
+  uint8_t *code_section_addr_;
+  uint8_t *gcc_except_tab_addr_;
+  size_t gcc_except_tab_size_;
 };
 
 }  // core
diff --git a/src/objit/src/core/ob_orc_jit.cpp b/src/objit/src/core/ob_orc_jit.cpp
@@ -62,6 +62,15 @@ int ObOrcJit::init()
               return std::make_unique<ObJitMemoryManager>(JITAllocator);
           });
 
+#if defined(__APPLE__) && defined(__aarch64__)
+      // Process all sections (including .eh_frame / __eh_frame) even if they
+      // don't contain symbols. Without this, the .eh_frame section is skipped
+      // by RuntimeDyld, EH frames are not registered with the system via
+      // __register_frame, and PL exception handlers will not work because
+      // the unwinder cannot find the personality function or LSDA data for
+      // JIT-compiled PL code.
+      ObjLinkingLayer->setProcessAllSections(true);
+#endif
       ObjLinkingLayer->registerJITEventListener(NotifyLoaded);
       return ObjLinkingLayer;
     });
@@ -85,6 +94,16 @@ int ObOrcJit::init()
       ret = OB_ERR_UNEXPECTED;
       LOG_WARN("failed to get target machine", K(msg.c_str()));
     } else {
+#if defined(__APPLE__) && defined(__aarch64__)
+      // Force DwarfCFI exception handling model to ensure .eh_frame and LSDA
+      // (Language-Specific Data Area) are generated by the JIT code generator.
+      // Without this, on macOS ARM64 the default ExceptionModel is None, which
+      // causes compact unwind to be used instead. Compact unwind cannot carry
+      // LSDA data, so the PL personality function (ObPLEH::eh_personality)
+      // cannot find exception handlers, causing PL DECLARE HANDLER to fail.
+      tm_builder_wrapper->getOptions().ExceptionModel = ExceptionHandling::DwarfCFI;
+      tm_builder_wrapper->getOptions().MCOptions.EmitDwarfUnwind = EmitDwarfUnwindType::Always;
+#endif
       ObEngineBuilder.setJITTargetMachineBuilder(*tm_builder_wrapper);
     }
 
diff --git a/src/pl/ob_pl_exception_handling.cpp b/src/pl/ob_pl_exception_handling.cpp
@@ -26,6 +26,45 @@ namespace pl
 {
 
 _RLOCAL(_Unwind_Exception*, tl_eptr);
+
+#if defined(__APPLE__) && defined(__aarch64__)
+// Workaround for Apple libunwind crash in _Unwind_SetIP on macOS ARM64.
+// Apple's unw_set_reg for UNW_REG_IP tries to re-lookup unwind info (compact
+// unwind) for the new IP, but JIT frames registered via __register_frame only
+// have DWARF unwind info. The lookup returns NULL, causing a crash.
+// We bypass _Unwind_SetIP by locating the PC register in the cursor's
+// Registers_arm64 layout and writing directly.
+//
+// Registers_arm64 layout:
+//   x[0..28] (29 regs * 8 = 232), fp(x29), lr(x30), sp, pc
+//   PC is at offset 32*8 = 256 bytes from x0.
+static void safe_Unwind_SetIP(struct _Unwind_Context *context, uintptr_t new_ip) {
+  // Place a unique magic value in the eh_return_data register (x0) to find it
+  const uintptr_t magic = 0xDEAD1234CAFE5678ULL;
+  uintptr_t saved = _Unwind_GetGR(context, __builtin_eh_return_data_regno(0));
+  _Unwind_SetGR(context, __builtin_eh_return_data_regno(0), magic);
+
+  uint8_t *ctx = (uint8_t *)context;
+  bool found = false;
+  // Scan first 2KB for the magic value (register state is near the front)
+  for (size_t i = 0; i + 256 + 8 <= 2048; i += sizeof(uintptr_t)) {
+    if (*(uintptr_t *)(ctx + i) == magic) {
+      // Found x0 at offset i. PC is 256 bytes later.
+      *(uintptr_t *)(ctx + i + 256) = new_ip;
+      found = true;
+      break;
+    }
+  }
+
+  // Restore x0 to the saved value
+  _Unwind_SetGR(context, __builtin_eh_return_data_regno(0), saved);
+
+  if (!found) {
+    // Fallback to standard API (may crash — shouldn't reach here)
+    _Unwind_SetIP(context, new_ip);
+  }
+}
+#endif
 ObPLException pre_reserved_e(OB_ALLOCATE_MEMORY_FAILED); // reserved exception space to prevent exceptions from not being thrown when there is no memory
 
 void ObPLEH::eh_debug_int64(const char *name_ptr, int64_t name_len, int64_t object)
@@ -571,7 +610,11 @@ _Unwind_Reason_Code ObPLEH::handleLsda(int version,
           }
 
           // To execute landing pad set here
+#if defined(__APPLE__) && defined(__aarch64__)
+          safe_Unwind_SetIP(context, funcStart + landingPad);
+#else
           _Unwind_SetIP(context, funcStart + landingPad);
+#endif
           ret = _URC_INSTALL_CONTEXT;
         } else if (exceptionMatched) {
           ret = _URC_HANDLER_FOUND;
@@ -595,8 +638,9 @@ _Unwind_Reason_Code ObPLEH::eh_personality(int version, _Unwind_Action actions,
                                    struct _Unwind_Context *context)
 {
   const uint8_t *lsda = reinterpret_cast<const uint8_t *>(_Unwind_GetLanguageSpecificData(context));
+  _Unwind_Reason_Code ret = handleLsda(version, lsda, actions, exceptionClass, exceptionObject, context);
   LOG_DEBUG(">>>>>>>>>>0", K(version), K(actions), K(exceptionClass), K(lsda));
-  return handleLsda(version, lsda, actions, exceptionClass, exceptionObject, context);
+  return ret;
 }
 
 }
