Management of failure in the code generator

This document describes the proposed new arrangement for handling failure in the code generator. It builds upon allocation.html, which describes the mechanism we use to preserve the values of variables that may be needed on backtracking and the mechanism we use to set up resumption points.

RUNTIME DATA STRUCTURES

In the current design of the nondet stack, two registers point to nondet stack frames.

The maxfr register always points to the topmost nondet stack frame.
While executing a model_non procedure, the curfr register points to the nondet stack frame of that procedure. While executing a model_det or model_semi procedure, the curfr register points to the nondet stack frame of the nearest model_non ancestor of that procedure. (In the following, we will consider that any model_det or model_semi procedure is effectively part of its nearest model_non caller.)

Each nondet stack frame contains four fixed fields:

succip, the label to go to on success
succfr, the value to reset curfr to on success (frame of our caller)
redoip, the label to go when backtracking reaches this frame
prevfr, the address of the previous frame on the nondet stack

The redo() macro is implemented as

curfr = maxfr;
goto *redoip_slot(maxfr);

while the fail() macro discards the top nondet stack frame and then executes a redo().

The proposed design extends each nondet stack frame with a fifth fixed field, redofr (it gives the frame corresponding to the label in the redoip slot). When a frame is created, the redofr slot is initialized to point to the frame itself. The redo macro is redefined as

curfr = redofr_slot(maxfr);
goto *redoip_slot(maxfr);

The purpose of the new slot is to allow the code generator to hijack the redoip slots of frames without jumping through hoops to arrange for curfr to be set correctly whenever execution backtracks through hijacked redoip slots. With the new design, the code generator can simply hijack the redofr field as well.

It is an invariant that for any nondet stack frame whose address is frame_addr, redofr_slot(frame_addr) == frame_addr whenever curfr == frame_addr. However, it is possible that redofr_slot(frame_addr) != frame_addr at other times.

One implication of the change is that at a point in the code where execution may resume after a redo(), the code of a procedure can assume that curfr == maxfr at that point only if it did not hijack any frames anywhere to the left of that point.

CODE GENERATOR DATA STRUCTURES

The proposed code generator uses two data structures for managing failure: the resume point stack and the left context.

The resume point stack

Several kinds of goals want to get control on failure.

disjunctions want control when a nonlast disjunct or something executed to its right fails
if-then-elses want control when the condition fails
negations are a special case of if-then-elses
commits want control when the committed goal fails

These kinds of goals can be nested inside each other.

Whenever we are about to generate code for a goal after whose failure we want to get back control, we push an entry onto the resume point stack. This entry gives the arrangements for the resumption point; the details of the arrangement are described in the "Resumption points" section of allocation.html.

The depth of the resume point stack reflects the depth of nesting of goals that want to get control on failure.

It is an invariant that the resume point stack is the same before and after generating code for a goal.

The left context

When the code generator looks at a goal, the left context field of code_info gives information about what happened to the left of this goal that may affect how we handle failures in this goal.

The left context has two subfields.

The resume_point_known subfield says whether the code generator knows what label to branch to on failure. The answer is yes if there is no nondet code between the establishment of the latest (tightest enclosing) resume point and the start of the current goal.
The curfr_is_maxfr subfield says whether the code generator knows that curfr is guaranteed to be equal to maxfr. The answer is yes if all of the following conditions hold:
- we are in a procedure that lives on the nondet stack (maxfr and curfr are both set to the address of the procedure's stack frame when it is created);
- there are no calls to nondet procedures on the path between the start of the procedure and the start of the current goal; and
- the code generator itself hasn't pushed any temporary nondet stack frames (see nondet if-then-elses below).

The resume_point_known subfield is initialized to yes in all procedures. curfr_is_maxfr is initialized to yes in procedures whose prologues create a nondet stack frame, and to no in other procedures.

When the code generator processes any nondet goal, it must set the resume_point_known subfield to no at the end of the goal.

When the code generator processes a nondet construct that leaves this procedure (i.e. a call or higher order call), it must set both subfields to no at the end of the goal.

When the code generator processes branched structures (if-then-elses, switches or disjunctions), if resume_point_known is no at the end of any arm, it must be no after the branched structure, and if curfr_is_maxfr is no at the end of any arm, it must also be no after the branched structure.

When the code generator establishes a new resumption point, it may set the resume_point_known subfield to yes, but it may not set the curfr_is_maxfr subfield to yes.

Note that in the absence of nondet code, both subfields will always be yes.

Generating failure

How we generate code for failure depends on the top entry on the resume point stack and the left context.

If resume_point_known is no, the code we generate for failure is redo(). If resume_point_known is yes, the code we generate for failure is a branch to one of the labels in the resumption point; which one depends on the locations of the variables needed at the resumption point (see allocation.html).

To prepare for backtracking to a resumption point that takes place via a redo(), not via a direct branch, we must select one of the labels as the one whose address will be put in the redoip slot via which backtracking will take place. This label will be the stack label, the label whose resume map maps all the resume variables to their stack slots.

We have to make sure that this choice is always valid. We do this by enforcing three invariants:

We never generate redo() for failure if resume_point_known is yes, and we always generate redo() for failure if resume_point_known is no.
At all points when resume_point_known goes from yes to no, we make sure that the resume variables are flushed to their stack slots.
If, while a resumption point is active, control can reach a point where resume_point_known goes from yes to no, the resumption point must include a stack label.

Classifying left contexts

In many cases, the code generator classifies left contexts into three cases:

best case: resume_point_known and curfr_is_maxfr are both yes
middle case: resume_point_known is no but curfr_is_maxfr is yes
worst case: curfr_is_maxfr is no

The code generator can treat any situation as worst case, but it can generate better code if it exploits the available information.

HANDLING DISJUNCTIONS

Handling nondet disjunctions

Best case. When the code generator enters a nonlast disjunct, it pushes a new entry on the resume point stack indicating the resume point at the start of the next disjunct, and sets the redoip slot of the top frame (which is this frame) to the stack continuation in that resume point. When the code generator enters the last disjunct, it does not push any entry on the resume point stack, and sets the redoip slot of the top frame (which is this frame) to the main continuation of the resume point that was initially on top of the stack. In this case, the disjunction hijacks its own frame without having to save the value in the hijacked slot; we call this a quarter hijack, since it involves one restore.
Middle case. Before entering the disjunction, the code generator saves in a stack slot the contents of the redoip slot of the top frame (which is this frame, and whose redofr slot must point to this frame). When the code generator enters a nonlast disjunct, it pushes a new entry on the resume point stack indicating the resume point at the start of the next disjunct, and sets the redoip slot of the top frame (which is this frame) to the stack continuation in that resume point. When the code generator enters the last disjunct, it does not push any entry on the resume point stack, and sets the redoip slot of the top frame (which is this frame) to its old, saved value. In this case, the disjunction hijacks its own frame while having to save the value in the hijacked slot; we call this a half hijack, since it involves one save and one restore.
Worst case. Before entering the disjunction, the code generator saves in two stack slots the contents of the redoip and redofr slots of the top frame, (which may be different from this frame), and sets the redofr slot of the top frame from curfr, so that backtracking through the redoip slot of that frame will set curfr to point to this frame. When the code generator enters a nonlast disjunct, it pushes a new entry on the resume point stack indicating the resume point at the start of the next disjunct, and sets the redoip slot of the top frame to the stack continuation in that resume point. When the code generator enters the last disjunct, it does not push any entry on the resume point stack, and restores the redoip and redofr slots of the top frame (which may be different from this frame), to their old, saved values. In this case, the disjunction hijacks a frame that may not be its own; we call this a full hijack, since it involves two saves and two restores.

In the case of all these hijackings, the choices represented by the hijacked redoip and maybe redofr slots cannot be backtracked to until the disjunct that we are generating code for has failed. This cannot happen until the last disjunct has failed, by which time the slots must have been restored. This maintains the invariant that for any nondet stack frame whose address is frame_addr, redofr_slot(frame_addr) == frame_addr whenever curfr == frame_addr.

Handling semi or det disjunctions

When the code generator enters a nonlast disjunct, it pushes a new entry on the resume point stack indicating the resume point at the start of the next disjunct. When the code generator enters the last disjunct, it does not push any entry on the resume point stack.

HANDLING IF-THEN-ELSES

Handling nondet if-then-elses with nondet conditions

Best case. Before the code generator enters the condition, it pushes a new entry on the resume point stack indicating the resume point at the start of the else part, and sets the redoip slot of the top frame (which must be this frame) to the stack continuation in that resume point. After the code generator emerges from the condition, it pops the new entry off the resume point stack. Before entry to the then part or to the else part, it resets the redoip slot of the frame it hijacked (pointed to by curfr) to the stack label of the exposed top entry of the resume point stack. If that entry has no stack label, then that resume point will never be reached via redo() and thus we do not need to reset the redoip slot.
Middle case. Before entering the if-then-else, the code generator saves in a stack slot the contents of the redoip of the top frame (which must be this frame). Before the code generator enters the condition, it pushes a new entry on the resume point stack indicating the resume point at the start of the else part, and sets the redoip slot of the top frame to the stack continuation in that resume point. After the code generator emerges from the condition, it pops the new entry off the resume point stack. Before entry to the then part or to the else part, it resets the redoip slot of the frame it hijacked to its saved value. Since maxfr may have been changed by the condition pushing new frames, the address of the frame in which the restoration is to be performed is given by curfr (although on entry to the else part maxfr will be equal to its value on entry to the if-then-else, which was equal to curfr).
Worst case. Before entering the if-then-else, the code generator saves in three stack slots the address of the top frame (which is in maxfr), and the contents of the redoip and redofr slots of the top frame (which may be different from this frame). It also sets the redofr slot of the top frame from curfr, so that backtracking through the redoip slot of that frame will set curfr to point to this frame. Before the code generator enters the condition, it pushes a new entry on the resume point stack indicating the resume point at the start of the else part, and sets the redoip slot of the top frame to the stack continuation in that resume point. After the code generator emerges from the condition, it pops the new entry off the resume point stack. Before entry to the then part or to the else part, it resets the redoip and redofr slots of the frame it hijacked to their saved values. Since maxfr may have been changed by the condition pushing new frames, the address of the frame in which the restoration is to be performed is given by the saved original value of maxfr (although on entry to the else part maxfr will be equal to its value on entry to the if-then-else, which may be different from curfr).

If the condition may perform a hijacking (i.e. if it contains a nondet disjunction, nondet if-then-else or a commit across a nondet -as opposed to multi- goal), the hijacking we do for the if-then-else may overwrite the same slots used by the hijacking inside the condition. We avoid this by pushing a junk frame whose redoip slot is do_fail before generating code for the condition; any hijacks inside the condition will hijack the slots of this frame. The presence of this frame on top of ours then requires us to set curfr_is_maxfr to no before entering the condition.

Handling nondet if-then-elses with semi or det conditions

We can handle these as we handle nondet if-then-elses with nondet conditions, or we can handle them as we handle semi or det if-then-elses, with the exception that we generate the then part and the else part as nondet goals. The latter will be more efficient.

Handling semi or det if-then-elses

Before the code generator enters the condition, it pushes a new entry on the resume point stack indicating the resume point at the start of the else part, to the stack continuation in that resume point. After the code generator emerges from the condition, it pops the new entry off the resume point stack.

HANDLING NEGATIONS

We handle not(G) as (G -> fail ; true).

HANDLING COMMITS

Handling commits across nondet goals

Best case. Before the code generator enters a goal that is being committed across, it saves the value of maxfr, pushes a new entry on the resume point stack indicating the resume point for getting control back if the goal has no solutions and sets the redoip slot of the top frame (which is this frame) to the stack continuation in that resume point. The code at this resume point will perform a failure in the manner appropriate for whatever entry was originally on top of the resume point stack (There is no need to reset maxfr, since the resume point can only be reached if all other frames above the one hijacked have failed.) The code after the goal in the success continuation will reset maxfr to the saved value.
Middle case. Before the code generator enters a goal that is being committed across, it saves the value of maxfr, pushes a new entry on the resume point stack indicating the resume point for getting control back if the goal has no solutions saves the value of the redoip slot of the top frame (which is this frame). and overrides this redoip slot to make it point to the stack continuation in the resume point. The success continuation will reset maxfr; the failure continuation doesn't have to (since the resume point can only be reached if all other frames above the one hijacked have failed.) Both continuations will reset the redoip slot of the top frame to the saved value. The failure continuation will then perform a failure in the manner appropriate for the values of the resume point stack and left context that were current before the commit. The order of actions in the success continuation is important, since resetting maxfr affects which frame is top.
Worst case. Before the code generator enters a goal that is being committed across, it saves the value of maxfr, pushes a new entry on the resume point stack indicating the resume point for getting control back if the goal has no solutions, saves the values of the redoip and redofr slots of the top frame (which may be different from this frame), overrides the redoip slot to make it point to the stack continuation in the resume point and the redofr slot to point to this frame. The success continuation will reset maxfr; the failure continuation doesn't have to (since the resume point can only be reached if all other frames above the one hijacked have failed.) Both continuations will reset the redoip and redofr slots of the top frame to their saved values. The failure continuation will then perform a failure in the manner appropriate for the values of the resume point stack and left context that were current before the commit. The order of actions in the success continuation is important, since resetting maxfr affects which frame is top.

Since we are cutting away any frames created by the goal being committed across, and since any resumption points established in that goal cannot survive across the commit, at the end of processing the commit we can reset both curfr_is_maxfr and resume_point_known to their values before the commit.

We do not need to push a junk frame when entering the goal to be committed across even if this goal may perform a hijacking. If the goal fails, either it did not do any hijacking, or it will have restored anything it hijacked before failing. If the goal succeeds, it may have hijacked the top frame, but we since we do not need to preserve any further solutions inside the goal, we can simply restore that frame to its original contents anyway.

Handling commits across multi goals

Before the code generator enters a goal that is being committed across, it saves the value of maxfr in a stack slot. The code after the goal will reset maxfr to the saved value.

This is the way the code generator handles commits across nondet goals except that we do not need to handle failure, and thus do not need to set any redoips or hijack anything.

Last update was $Date: 1997-11-05 08:22:26 $ by $Author: zs $@cs.mu.oz.au.