From: Florian Weimer <fweimer@redhat.com>
To: Zack Weinberg <zackw@panix.com>
Cc: libc-alpha@sourceware.org
Subject: Re: Evolution of ELF symbol management
Date: Fri, 18 Nov 2016 15:48:00 -0000 [thread overview]
Message-ID: <94e35eaa-a01d-db4e-eabe-6d100e581302@redhat.com> (raw)
In-Reply-To: <0c682496-5c13-b3c5-ff66-0f8923a1d6e3@panix.com>
On 11/16/2016 04:55 PM, Zack Weinberg wrote:
> First, I don't have a problem with adding __libc_* aliases as
> non-default but public alternative names, so that third-party libraries
> can avoid namespace pollution in static linkage and/or choose to refer
> to symbols that are more likely to get resolved to the C library's
> export than to a colliding symbol in the main executable. I'd reserve
> that for cases where there is already a demonstrated need, though, such
> as libstdc++. I also don't have a problem with a hypothetical policy
> that all new symbols that aren't in the current revisions of C+POSIX
> should be given an impl-namespace name as their primary definition, with
> the user-namespace name being a weak alias (but still the only name used
> in the public headers).
If we don't declare the library-safe names in headers, how can libraries
call them?
I also do not want to encourage application or library code to reference
the implementation namespace at the source code level. It's ugly, and I
suspect it encourages implementation namespace pollution once
programmers are used to it.
> I _do_ have problems with causing these symbols to be used by default.
> My main concern is that I think it's tackling the problem in the wrong
> place. If we want to back away from the original principle that the
> executable always wins, isn't an expanded version of -Bsymbolic mode
> what's _really_ wanted?
We could cover a lot of ground if we had a new flag on versioned symbol
definitions which tells the static linker to set a flag on the versioned
symbol reference, and the dynamic linker would then use this flag to
ignore unversioned symbols for binding symbols.
(The static linker currently does not add the version of the interposed
symbol when interposition happens at static link time.)
*However*, this is hardly a complete solution. It does not cover symbol
references from public C++ headers because there is no static linker
invocation that comes between application use of the symbol and the use
from system headers.
It also does not work for static libraries. In those cases, we could
perhaps do some post-processing to add the symbol versions to the .a
files, but it would still need the interposition protection mentioned
above *and* changes to how we build static libraries.
> That is, an opt-in link-time declaration that
> you want all dynamic symbols resolved at load-time to the same library
> that provided them at link-time. Once that exists, we could try to move
> slowly in the direction of turning it on by default, along with various
> other "yes, fix the bug" linker toggles like -z relro and --as-needed.
The build changes I mentioned in the previous paragraph are more
invasive than just adding a flag to gcc's ld invocation because there is
currently no such invocation at all. We could put it into ar or ranlib,
but that's perhaps too much magic. A new linking step would be needed.
The header files could contain the symbol version and instruct GCC to
put it into the header file. (Even today, it is possible to link
against specific symbol versions without a custom DSO containing them as
the default version, but please don't tell anyone.) But this would
still need the interposition protection. I still think this is the most
promising option, all things considered.
But then we need to step back and ask ourselves: If we have to put the
versioning information in the header, why do we even need symbol
versioning? Why can't we version the interface through its name?
Hence my proposal.
> A secondary reason for not wanting __libc_* aliases to be activated by
> default is that it doesn't seem to me that it actually solves the
> problem. Applications that _want_ to interpose are going to shift to
> the __libc_* names; depending on what the headers actually do,
> applications that don't care (but do define a conflicting symbol) might
> wind up shifting to those names by accident.
What I would like is a GCC attribute which tells the compiler that the
declaration must not be completed with a definition in this translation
unit. That would make the asm aliases pretty robust because then you
can only reach the implementation namespace by explicitly referencing it
in your sources.
Deliberate interposition is much easier if you don't have to worry about
linker tricks and the unversioned-symbol-interposes-all-versioned-symbol
issue (which you cannot detect in the interposing DSO).
> __REDIRECT doesn't work
> without GCC(-compatible) extensions, after all. (I would not object to
> a _documented and enforced_ set of GCC-compatible extensions being a
> baseline requirement for use of glibc headers -- but that would need to
> happen _first_.)
I wouldn't like that, there are many consumers for header files which
aren't compilers (and would not be forced to implement many GNU extensions).
Thanks,
Florian
next prev parent reply other threads:[~2016-11-18 15:48 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-18 9:26 Florian Weimer
2016-10-18 16:50 ` Joseph Myers
2016-10-25 14:32 ` Florian Weimer
2016-10-25 15:37 ` Joseph Myers
2016-11-21 15:35 ` Florian Weimer
2016-10-26 12:17 ` Joseph Myers
2016-11-20 11:13 ` Mike Frysinger
2016-11-21 10:12 ` Florian Weimer
2016-11-16 15:55 ` Zack Weinberg
2016-11-18 15:48 ` Florian Weimer [this message]
2016-11-19 17:25 ` Zack Weinberg
2016-11-22 15:09 ` Florian Weimer
2016-11-22 15:30 ` Andreas Schwab
2016-11-22 15:39 ` Florian Weimer
2016-11-22 15:48 ` Zack Weinberg
2016-11-22 15:48 ` Zack Weinberg
2016-11-22 17:42 ` Joseph Myers
2016-11-23 14:09 ` Zack Weinberg
2016-11-24 10:01 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=94e35eaa-a01d-db4e-eabe-6d100e581302@redhat.com \
--to=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
--cc=zackw@panix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).