Date: Wed, 7 Sep 2022 09:44:11 -0400 From: Rich Felker <dalias@...c.org> To: Jeffrey Walton <noloader@...il.com> Cc: musl@...ts.openwall.com Subject: Re: ecvt(0, 0, ...) is broken On Tue, Sep 06, 2022 at 11:51:35PM -0400, Jeffrey Walton wrote: > On Tue, Sep 6, 2022 at 11:39 PM Markus Wichmann <nullplan@....net> wrote: > > > > On Tue, Sep 06, 2022 at 03:19:51PM -0400, Rich Felker wrote: > > > On Tue, Sep 06, 2022 at 08:48:26PM +0200, Markus Wichmann wrote: > > > > On Tue, Sep 06, 2022 at 10:17:36AM -0400, Rich Felker wrote: > > > > > But these are garbage functions. The > > > > > right answer is to fix whatever is using them to use snprintf and move > > > > > on. > > > > > > > > Well, then why not remove them from the lib? Any program using them > > > > would invoke a link failure. Indeed, for GCC, the declarations could be > > > > retained and an error attribute be added. Configure tests would fail to > > > > find these functions and possibly switch on alternative paths. > > > > > > > > Of course, that is not ABI compatible. But isn't excising broken > > > > functions better than retaining them? > > > > > > If that were the case we would have removed gets, so no. > > > > > > > That would have been the next function on my hit list. > > > > Alright, next idea then: Could we put a linker warning on these > > functions to encourage users to switch? That would not break ABI, as all > > symbols are still there and the functions do what they are supposed to > > (as well as we ever implemented them, at least). But new compilations > > would get a nag to make them stop. > > > > Unfortunately, it is possible that a configure script may misinterpret > > these warnings as errors, and if it was set up to test for a function's > > existence and the function is mandatory, then that script would fail > > when previously, it would succeed. > > > > What I'm trying to get at more generally here is a mechanism for > > deprecating libc functions. Because apparently we have amassed a few > > junk functions that people should not keep using. And experience > > suggests that merely documenting this state of affairs will not change > > it, since developers only ever read documentation after things go wrong. > > Make it a configure option, like --no-xxx or --disablke-xxx. Having multiple build-time configurations with different functionality, especially different symbol sets (ABI-breaking), is something musl very intentionally does not do. > Recommend > the distros build with the option. I very much do not recommend that distros build with incompatible ABI changes. This not only makes it impossible (in general, without assumptions on what symbols it's using/not-using) to take a dynamic-linked musl binary that was not built for the particular distro and use it there, but can even break binaries the user themselves compiled *on the distro* when they perform an upgrade. There is utterly no value in doing this, and huge platform reputation destroying cost. If a distro has a policy of not wanting to build packages that use fcnv or ecnv or gets, all it takes is a recipe to check the symbol tables along with other checks they should already be doing (like checking that the package did not create suid-root files without being flagged as allowed to do so) as part of packaging a distro. This does not need an intentionally-compat-breaking libc to do it. Note that distros are very much on board with all this, and that's why we have a healthy ecosystem. For example when there are new interfaces proposed for inclusion in musl, the Alpine folks always reach out to confirm that they're actually going to be going upstream before patching them in early to support the need of some software they're trying to package. This ensures that we don't end up with ABI mismatches and a fragmented platform. > Now the problem is transferred to the distros. When a user uses a > deprecated function that's no longer supported by the standard, the > distros can decide what to do. They can help users move away from the > functions, supply patches for the deprecated functions, etc. I'm confused who the "users" are here. Distros generally deal with the bad decisions of upstream software providers, not of their users, in the course of what they do -- it's upstreams they have to convince to stop doing stuff that's deprecated or nonportable. I guess there may also be some value in pointing out to users building in-house software (that they compile themselves) on top of the distro that certain functions they're using are deprecated/bad-to-use, which could probably be achieved by some sort of warning, without breaking anything. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.