From nobody Mon Sep 05 14:41:58 2022 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MLrnv6HHwz4cXZn for ; Mon, 5 Sep 2022 14:42:11 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-qk1-f178.google.com (mail-qk1-f178.google.com [209.85.222.178]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MLrnv0CCzz3rLF for ; Mon, 5 Sep 2022 14:42:11 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-qk1-f178.google.com with SMTP id g16so6389095qkl.11 for ; Mon, 05 Sep 2022 07:42:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=MrMFuCng7BW283AVm2kBKjNQtrdmpFjCQDfEfWP/Xwk=; b=UXHgPLIwsB3drt1DjFld+4yDjOQBZ2fY2PgVJn4SvM2XIjyOb4S+ZPKqod+QIjYSZ1 SZgEoNoolT3Le6X6940EMFakyaGgl41rMrPrkauOqYDIAhchdrEmjEEXE6bwDhvu/g8n 3KYRqKV97R+fv8/KfY2WWB50IZI9EzZsJvirx6aBJKER8xBU8+FoU8PJNVc1XPXjJ3jl Duhp44M2ZtJeMXv8rj3V/iHNG4VhX7+fZu4/vznTaawyQbjMdsUyH/LzmOK/bQ7cw8SR WwbsmcpD4sTU7CpccqRjwPiuX5svChT1fY7mxNiW9YEbzzXUVFgUz0sQmgdfDYAeZpAX WX7Q== X-Gm-Message-State: ACgBeo1Twcf8rijBq6aVnYDPclxWPmecB3BahA8RwZ3x6fo+c6si3os5 EsPQFbFzC8TcJqxkH3VNvk9zdqfNqqesNb/2BH5C/NwX55U= X-Google-Smtp-Source: AA6agR6hCFgYnLuj9U+7QjdnsbG0IhCdTTChIgI2hoWlEPe5DOYfzK3PCIwcPooFnIWCiO+WduqQ3ukgpr7qmrxEHfs= X-Received: by 2002:a05:620a:4104:b0:6bb:61ce:73a3 with SMTP id j4-20020a05620a410400b006bb61ce73a3mr32530096qko.250.1662388929884; Mon, 05 Sep 2022 07:42:09 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: Alan Somers Date: Mon, 5 Sep 2022 08:41:58 -0600 Message-ID: Subject: Re: Header symbols that shouldn't be visible to ports? To: Konstantin Belousov Cc: FreeBSD CURRENT Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4MLrnv0CCzz3rLF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.222.178 as permitted sender) smtp.mailfrom=asomers@gmail.com X-Spamd-Result: default: False [-1.71 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.991]; NEURAL_HAM_MEDIUM(-0.72)[-0.721]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[209.85.222.178:from]; FREEFALL_USER(0.00)[asomers]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ARC_NA(0.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FREEMAIL_TO(0.00)[gmail.com]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_ALL(0.00)[]; RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.222.178:from]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N On Sat, Sep 3, 2022 at 11:10 PM Konstantin Belousov wrote: > > On Sat, Sep 03, 2022 at 10:19:12AM -0600, Alan Somers wrote: > > Our /usr/include headers define a lot of symbols that are used by > > critical utilities in the base system like ps and ifconfig, but aren't > > stable across major releases. Since they aren't stable, utilities > > built for older releases won't run correctly on newer ones. Would it > > make sense to guard these symbols so they can't be used by programs in > > the ports tree? There is some precedent for that, for example > > _WANT_SOCKET and _WANT_MNTOPTNAMES. > _WANT_SOCKET is clearly about exposing parts of the kernel definitions > for userspace code that wants to dig into kernel structures. Similarly > for _WANT_MNTOPTNAMES, but in fact this thing is quite stable. The > definitions are guarded by additional defines not due to their instability, > but because using them in userspace requires (much) more preparation from > userspace environment, which is either not trivial (_WANT_SOCKET) or > contradicts to standartized use of the header (_WANT_MNTOPTNAMES + > sys/mount.h). > > > > > I'm particular, I'm thinking about symbols like the following: > > MINCORE_SUPER > Why this symbol should be hidden? It is implementation-defined and > intended to be exposed to userspace. All MINCORE_* not only MINCORE_SUPER > are under BSD_VISIBLE braces, because POSIX does not define the symbols. Because it isn't stable. It changed for example in rev 847ab36bf22 for 13.0. Programs using the older value (including virtually every Rust program) won't work on 13.0 and later. > > > TDF_* > These symbols coming from non-standard header sys/proc.h. If userspace > includes the header, it is already outside any formal standard, and I > do not see a reason to make the implementation more convoluted there. > > > PRI_MAX* > > PRI_MIN* > > PI_*, PRIBIO, PVFS, etc > > IFCAP_* > These are all implementation-specific and come from non-standard headers, > unless I am mistaken, then please correct me. > > > RLIM_NLIMITS > > IFF_* > Same. > > > *_MAXID > This is too broad. I'm talking about symbols like IPV6CTL_MAXID, which record the size of sysctl lists. Obviously, these symbols can't be stable, and probably aren't useful outside of the base system. > > > > > Clearly delineating private symbols like this would ease the > > maintenance burden on languages that rely on FFI, like Ruby and Rust. > > FFI basically assumes that symbols once defined will never change. > > Why e.g. sys/proc.h is ever consumed by FFI wrappers? I should add a little detail. Rust uses FFI to access C functions, and #define'd constants are redefined in the Rust bindings. For most Rust programs, the build process doesn't check the contents of /usr/include in any way. Instead, all of that stuff is hard-coded in the Rust bindings. That makes cross-compiling a breeze! But it does cause problems when the C library changes. Adding a new symbol, like copy_file_range, isn't so bad. If your Rust program doesn't use it, then the Rust binding will become an unused symbol and get eliminated by the linker. If your Rust program does use it OTOH, then it will be resolved by the dynamic linker at runtime - if you're running on FreeBSD 13 or newer. Otherwise, your program will fail to run. A bigger problem is with symbols that change. For example, the 64-bit inode stuff. Rust programs still use a FreeBSD 11 ABI (we're working on that). But other symbols change more frequently. Things like PRI_MAX_REALTIME can change between any two releases. That creates a big maintenance burden to keep track of them in the FFI bindings. And they also aren't very useful in cross-compiled programs targeting a FreeBSD 11 ABI. Instead, they really need to have bindings automatically generated at build time. That's possible, but it's not the default. So what the Rust community really needs is a way to know which symbols will be stable across releases, and which might vary. Are you suggesting that anything from a non-POSIX header file should be considered variable?