Address feedback, cleanup, fix memory leak in LLVM-backend

lib/llvm-backend/cpp/object_loader.hh

@@ -49,7 +49,7 @@ typedef struct {
   visit_fde_t visit_fde;
 } callbacks_t;
 
-using runtime_error_t = void*;
+typedef struct runtime_error_t_privdecl runtime_error_t;
 
 enum WasmTrapType {
   Unreachable = 0,
@@ -63,7 +63,8 @@ enum WasmTrapType {
 
 extern "C" void callback_trampoline(void *, void *);
 
-extern "C" void copy_runtime_error(runtime_error_t src, runtime_error_t dst);
+extern "C" void copy_runtime_error(runtime_error_t *src, runtime_error_t *dst);
+extern "C" void free_runtime_error_without_drop(runtime_error_t*);
 
 struct MemoryManager : llvm::RuntimeDyld::MemoryManager {
 public:
@@ -121,7 +122,7 @@ private:
 
 struct WasmErrorSink {
   WasmTrapType *trap_out;
-  runtime_error_t user_error;
+  runtime_error_t *user_error;
 };
 
 struct WasmException : std::exception {
@@ -150,7 +151,13 @@ public:
 struct UserException : UncatchableException {
 public:
   UserException(size_t data) {
-      error_data = reinterpret_cast<runtime_error_t>(data);
+      error_data = reinterpret_cast<runtime_error_t*>(data);
+  }
+
+  UserException(const UserException &) = delete;
+
+  ~UserException() {
+    free_runtime_error_without_drop(error_data);
   }
 
   virtual std::string description() const noexcept override {
@@ -158,7 +165,7 @@ public:
   }
 
   // The pointer to `Option<RuntimeError>`.
-  runtime_error_t error_data;
+  runtime_error_t *error_data;
 
   virtual void write_error(WasmErrorSink &out) const noexcept override {
     copy_runtime_error(error_data, out.user_error);
@@ -290,7 +297,7 @@ void module_delete(WasmModule *module) { delete module; }
 
 bool cxx_invoke_trampoline(trampoline_t trampoline, void *ctx, void *func,
                        void *params, void *results, WasmTrapType *trap_out,
-                       runtime_error_t user_error, void *invoke_env) noexcept {
+                       runtime_error_t *user_error, void *invoke_env) noexcept {
   try {
     catch_unwind([trampoline, ctx, func, params, results]() {
       trampoline(ctx, func, params, results);

lib/llvm-backend/src/backend.rs

@@ -11,6 +11,7 @@ use inkwell::{
 };
 use libc::c_char;
 use std::{
+    alloc,
     cell::RefCell,
     ffi::{c_void, CString},
     mem,
@@ -69,6 +70,22 @@ extern "C" {
     ) -> bool;
 }
 
+/// Unsafe copy of `RuntimeError`. For use from C++.
+///
+/// This copy is unsafe because `RuntimeError` contains non-`Clone` types such as
+/// `Box<dyn Any>`.
+///
+/// This function should only be used when the ownership can be manually tracked.
+///
+/// For example, this is safe* when used indirectly through the C++ API with a pointer
+/// from `do_early_trap` because `do_early_trap` fully owns the `RuntimeError` and
+/// creates and leaks the `Box` itself.
+///
+/// *: it is only safe provided the following invariants are upheld:
+/// 1. The versions of memory that these 2 pointers point to is only dropped once;
+///    the memory itself can be freed provided the inner type is not dropped.
+/// 2. The duplicated memory is not brought back into Rust to violate standard
+///    mutable aliasing/ownership rules.
 #[no_mangle]
 pub unsafe extern "C" fn copy_runtime_error(
     src: *mut Option<RuntimeError>,
@@ -79,6 +96,18 @@ pub unsafe extern "C" fn copy_runtime_error(
     ptr::copy::<Option<RuntimeError>>(src, dst, 1);
 }
 
+/// Frees the memory of a `Option<RuntimeError>` without calling its destructor.
+/// For use from C++ to safely clean up after `copy_runtime_error`.
+#[no_mangle]
+pub unsafe extern "C" fn free_runtime_error_without_drop(rte: *mut Option<RuntimeError>) {
+    let rte_layout = alloc::Layout::from_size_align(
+        mem::size_of::<Option<RuntimeError>>(),
+        mem::align_of::<Option<RuntimeError>>(),
+    )
+    .expect("layout of `Option<RuntimeError>`");
+    alloc::dealloc(rte as *mut u8, rte_layout)
+}
+
 /// `invoke_trampoline` is a wrapper around `cxx_invoke_trampoline`, for fixing up the obsoleted
 /// `trap_out` in the C++ part.
 unsafe extern "C" fn invoke_trampoline(