[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaging of static libraries

Adam Borowski writes ("Re: Packaging of static libraries"):
> On Tue, Apr 12, 2016 at 02:52:33PM +0100, Ian Jackson wrote:
> > I'm afraid that LTO is probably too dangerous to be used as a
> > substitute for static linking.  See my comments in the recent LTO
> > thread here, where I referred to the problem of undefined behaviour,
> > and pointed at John Regehr's blog.
> LTO is no different from just concatenating all source files and making
> functions static.  If your code blows after this, it is your fault not
> LTO's.  LTO just allows interprocedural optimizations to work between
> functions that were originally in different source files.

This narrative of `fault' has two very serious problems.

Firstly, it is hopelessly impractical.  As I have already observed

   Recently we have seen spectacular advances in compiler optimisation.
   Spectacular in that large swathes of existing previously-working code
   have been discovered, by diligent compilers, to be contrary to the
   published C standard, and `optimised' into non-working machine code.

   In fact, it turns out that there is practically no existing C code
   which is correct according to said standards (including C compilers

Real existing code does not conform to the rules now being enforced by
compilers.  Indeed often it can be very hard to write new code which
does conform to the rules, even if you know what the rules are and
take great care.

Two examples showing how C has been turned into a puzzle language:



The second problem is that it is based on the idea that the C
specification is by definition right and proper.

There are two ways to evaluate the the C specification's rightness and

The first is to ask what the the nominal remit of the C standards
bodies is.  Well, it is and was to standardise existing practice.
Existing practice was to use C as a kind of portable assembler; the
programmer was traditionally entitled to do the kind of things which
are nowadays forbidden.  So the C committee has failed at its
task. [1]

The second is to ask what is most useful.  And there again the C
committee have clearly failed.

We in Debian are in a good position to defend our users from the
fallout from this problem.  We could change our default compiler
options to favour safety, and provide more traditional semantics.

We would have influence upstream (for example to further advance the
set of available safety options) if we cared to use it.  But sadly it
seems that the notion that our most basic and widely-used programming
language should be one that's fit for programming in is not yet fully

At the very least we should fiercely resist any further broadening of
the scope of the C UB problem.

Sorry if I seem cross in this email.  But that's because I am.
Thanks for listening.


[1] Consider for example the divergence between the C89 rationale
and what C89 actually did (initially, only on paper, but now being
enforced by compilers).

Reply to: