Slashdot Mirror

← Back to Stories (view on slashdot.org)

GNU C Library Alternative Musl Libc Hits 1.0 Milestone

Posted by Unknown on from the pry-glibc-from-my-cold-dead-ld.so dept.

New submitter dalias (1978986) writes "The musl libc project has released version 1.0, the result of three years of development and testing. Musl is a lightweight, fast, simple, MIT-licensed, correctness-oriented alternative to the GNU C library (glibc), uClibc, or Android's Bionic. At this point musl provides all mandatory C99 and POSIX interfaces (plus a lot of widely-used extensions), and well over 5000 packages are known to build successfully against musl.

Several options are available for trying musl. Compiler toolchains are available from the musl-cross project, and several new musl-based Linux distributions are already available (Sabotage and Snowflake, among others). Some well-established distributions including OpenWRT and Gentoo are in the process of adding musl-based variants, and others (Aboriginal, Alpine, Bedrock, Dragora) are adopting musl as their default libc." The What's New file contains release notes (you have to scroll to the bottom). There's also a handy chart comparing muscl to other libc implementations: it looks like musl is a better bet than dietlibc and uclibc for embedded use.

27 of 134 comments (clear)

  1. pkgsrc test results by staalmannen · · Score: 4, Informative

    For those curious about which "5000 packages" that build with musl, there is the awesome automated pkgsrc tests published: http://wiki.musl-libc.org/wiki...

  2. Re:Either gnu libc is hideously slow and bloated.. by staalmannen · · Score: 3, Insightful

    It might be easier to add than to remove, leading to bloat over time and glibc has been around for a while. Also, building on old code might mean that you are limited in what you can change. For example, the modular design of LLVM has been a pretty big success and is considered easier to work with/develop than gcc. For musl, I think they have decided to remove all legacy stuff + non-standard extensions.

  3. define _GNU_SOURCE by cyberthanasis12 · · Score: 2, Interesting

    I downloaded the library to see some random code. Here is the very first file I (randomly) chose (putw.c):

    #define _GNU_SOURCE
     #include
    int putw(int x, FILE *f)
    {
    return (int)fwrite(&x, sizeof x, 1, f)-1;
    }

    Cheers.

    1. Re:define _GNU_SOURCE by QuietLagoon · · Score: 2

      and the problem with that code is...?

    2. Re:define _GNU_SOURCE by uhmmmm · · Score: 2

      putw is a non-standard function that musl's headers only expose to programs when they define _GNU_SOURCE.or _BSD_SOURCE. The file that actually implements it, therefore, needs to define one of these in order for the header to expose the declaration, which allows the compiler to verify that the type signatures of the declaration and the definition match.

  4. Why is libm.a empty? by Sponge+Bath · · Score: 2, Funny

    From the FAQ:

    On musl, the entire standard library is included in a single library file — libc.a for static linking, and libc.so for dynamic linking. This significantly improves the efficiency of dynamic linking, and avoids all sorts of symbol interposition bugs that arise when you split the libraries up — bugs which have plagued glibc for more than a decade.

    Bringing it all together? That's why they call it the love musl.

  5. Re:Either gnu libc is hideously slow and bloated.. by Anonymous Coward · · Score: 3, Insightful

    the guys at gnu know a thing or 2 about compilers and libraries

    You obviously never worked on or looked at their source code.

  6. glibc is horribly bloated by uhmmmm · · Score: 4, Informative

    The first priority on musl is correctness, and they will take a hit to size and speed if that's what's necessary to achieve it. But thus far, they've been doing a good job of achieving correctness without introducing too much bloat.

    Take a look at their page on bugs found while developing musl, and you'll find that they've found and reported quite a few bugs in glibc where glibc had been "cutting corners".

    1. Re:glibc is horribly bloated by Just+Some+Guy · · Score: 3

      LOL Drepper. He had a free pass to be an abrasive jerk for years because of his supposed dedication to perfection and uncompromising quality. In retrospect, maybe he was just a jerk to shut down people who wanted to examine his work more closely than he liked.

      --
      Dewey, what part of this looks like authorities should be involved?
    2. Re:glibc is horribly bloated by dalias · · Score: 4, Interesting

      I've submitted at least two bugfix patches to glibc where the diff was 100% "-" lines for things Drepper added. I believe they were all eventually committed. And thankfully this is the one type of glibc patch submission that doesn't require having a copyright assignment on file with the FSF. ;-)

    3. Re:glibc is horribly bloated by Just+Some+Guy · · Score: 5, Funny

      You're doing God's work, son.

      --
      Dewey, what part of this looks like authorities should be involved?
  7. Re:Either gnu libc is hideously slow and bloated.. by Improv · · Score: 5, Insightful

    Steps to a useless comment:
    1) Speculate on the features of something
    2) Note that that speculated feature set doesn't include something you want
    3) Criticise based on your speculation

    --
    For every problem, there is at least one solution that is simple, neat, and wrong.
  8. Musl's supported architectures by uhmmmm · · Score: 3, Informative

    You're right that musl doesn't support the same breadth of architectures that glibc does. They currently support x86, amd64, ARM, MIPS, PPC, microblaze, and they have experimental support for superh and x32.

    One big advantage they do have is that it's much simpler to add support for a new architecture to musl than it is to add it to glibc. They are interested in supporting more architectures, so I'd expect their list of supported architectures to grow fairly quickly if there are people interested in that support.

    1. Re:Musl's supported architectures by dalias · · Score: 3, Insightful

      We have people working on aarch64, someone interested in doing a sparc port, and interest from the OpenRISC folks in musl too (and I've offered to help them with a port). There's also someone who wants to port to LM32-mmu (which, as I understand it, doesn't have any userspace infrastructure yet and only a very experimental kernel port).

  9. Link to comparison chart by paulpach · · Score: 4, Informative

    Here is a link to the comparison chart mentioned in the description.

  10. Re:Brain damaged project by pe1rxq · · Score: 3, Insightful

    Have you ever looked at static linking in detail?
    A .a file is basicly a collection of .o files. The linker only links those that are needed.
    So they have a single .a file instead of two or more .a files. This allows them to prevent difficult interdepencies between those .a files.
    The end result might still be a very small subset of the complete library.

    --
    Secure messaging: http://quickmsg.vreeken.net/
  11. re: Brain damaged project by uhmmmm · · Score: 3, Informative

    Where does it say you have to link the whole thing into your application? Musl supports dynamic linking just fine. The musl developers do have a preference for static linking, so they have better support for it than glibc (see their size comparisons of static linked programs on musl and glibc, for instance). But that doesn't mean you have to use it.

    The bit about aiming for correctness is correctness of musl itself. Of course they can't, in general, guarantee that you will write your own code correctly. In theory, they could split the math library out and force you to link against it correctly. But what would be the point? To arbitrarily break broken programs, while having no impact on correct programs? It would also have several downsides.

    Musl is the only C library I'm aware of which allows the entire C library ecosystem (C library, math library, threading library, dynamic linker, and some others probably) to be upgraded atomically, which eliminates a small window during upgrade where you might start a new program and have it break because it gets conflicting versions of these components.

    There is also code within the main C library (for example, the code to format floating point numbers in printf) which benefits from being able to call functions that are part of the math library.

  12. Re:Is it all about the license? by Archangel+Michael · · Score: 2

    http://stackoverflow.com/quest...

    Of course Google it your self next time.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  13. Re:Either gnu libc is hideously slow and bloated.. by dalias · · Score: 4, Informative

    At the time the comparison was made, glibc was essentially unmaintained and Debian-based distributions were using the eglibc fork. Now that glibc is under new leadership, eglibc is being discontinued and the important changes have been merged back to glibc upstream. So when I update the chart's quantitative comparisons, it will be for glibc rather than eglibc. The main things that will change when I do are significant increases in size (especially since I seem to have under-measured eglibc's totals) and possibly some improvements in performance. In terms of all the other qualitative comparisons, glibc remains about the same place it was before.

  14. Re:Reinventing GPL wheels by thevirtualcat · · Score: 2, Insightful

    If you're a developer working for a company and you have your choice between an MIT|BSD library and a GPL library that, on a technical level, work equally well, it's a hard sell to choose the GPL library.

    Consider...

    "Well boss, if we use libfoo, we'll have to disclose our source code since it's GPL. There are ways around it by doing things like writing LGPL wrappers and dynamically linking it, but we'll have to distribute THAT source code, instead. Plus, you may want to run this by legal, since the developer has outright refused to sell non-GPL licenses..."

    Versus...

    "Well boss, if we use libbar, we can just use it since it's MIT. If we make changes to it, we should contribute them back, but we're not obligated to do anything except keep their copyright notice."

    With that in mind, is it any wonder projects like llvm and musl are popping up and gaining the support of large companies that use them?

  15. Re:buffer overflow in printf ... great for securit by dalias · · Score: 4, Insightful

    Unlike some projects, we fully disclose bugs that might be relevant to security. In this instance, the bug could only be triggered by explicitly requesting sufficiently many decimal places (16445 for ld80) and printing a denormal long double with the lowest bit set, as in:

    printf("%.16445Lf", 0x1p-16445);

    In addition, even when triggered, it only wrote past the end of the buffer by one slot, and we were unable to get it to overwrite anything important like a return address (of course, what it overwrites depends on the compiler, so in principle it could).

  16. Re:Reinventing GPL wheels by dalias · · Score: 3, Insightful

    The main effect of glibc being LGPL is not that companies don't use it, rather it's that nobody making non-free software is willing to static-link it, so you end up with versioning hell. glibc partially solves this problem with symbol versioning, but the solution actually makes the problem worse in other cases: for example, in order to provide a binary that runs on systems with older glibc, people making binaries intentionally link against an older glibc, using the outdated/bug-compatible symbol versions instead of the up-to-date ones.

    Of course if your goal is to make sure non-free software is always breaking and giving people problems, that's a potential benefit of the LGPL.

    With musl, all you have to do to make a binary that works with older versions of the shared libc is avoid using functionality that was introduced in later versions. Or you can just static link and have it work everywhere.

  17. Re:Why should I drop glibc? by dalias · · Score: 4, Insightful

    If you don't want to switch, that's fine. You're still getting the benefits of musl, because competition has driven the glibc developers to fix, or at least study how to fix, a number of longstanding bugs in glibc.

  18. Re:Either gnu libc is hideously slow and bloated.. by dalias · · Score: 3, Informative

    It doesn't mean you can't use gdb, just that libc itself does not try to double as a debugging tool. This is actually a security consideration. For example, glibc prints debugging information if it detects corruption in malloc. But if there's already memory corruption, you have to assume the whole program state is inconsistent; the corruption may be intentional due to the actions of an attacker, and various function pointers, etc. may have been overwritten. Continuing execution, even to print debug output, risks expanding the attacker's opportunity to take control of the program.

    FWIW, musl does detect heap corruption. The difference is that it immediately executes an instruction that will crash the program rather than trying to continue execution, make additional function calls that go though indirection (the PLT) and access complex data structures, etc.

  19. Re:Brain damaged project by porges · · Score: 2

    No. You're thinking of the fact that once the linker marks a .o as required, it brings in all of that .o file unless you provide those flags you mention. But the point is definitely that only the .o files that are needed get linked into the final object model. Just do a gcc of a simple "hello world" program and then look at the a.out's size; it won't be anywhere near as big as libc.a. Also, nm a.out will show you the relatively few symbols in the a.out file.

  20. Re:Why should I drop glibc? by peppepz · · Score: 2

    The libc is not a library like all the others. Proposing a binary- and source- incompatible replacement for glibc, as is being done here, means to partition the Linux userspace, both binaries and source code, into two isolated subsystems. Something that we are already suffering with Android. This is not a benefit, this is a damage for the Linux community as a whole, and it will hurt me even if I don't want to switch. Casual PC users already run into enough problems when switching to Linux; asking them to check which libc is required before installing a program is the kind of nuisance that makes them run away. I don't contest musl developers' freedom to code whatever they want, and I welcome their efforts. I do contest the stance to replace glibc with an incompatible library, whomever it comes from.

  21. Re:Why should I drop glibc? by peppepz · · Score: 2

    Virtually all binary software is distributed in enormous tarballs containing their own libc, and every other library they use, and a bunch they don't simply because static linking doesn't work against glibc properly (and violates the license for non-free software).

    Please don't spread false information this way.

    Take Firefox for example, from Firefox.org, not the version shipped with your distro. Every Firefox tarball includes their own build of GTK, GDK, glibc, libnspr, etc.

    Yes, let's take the version from firefox.org that I'm using right now.

    $ ldd /opt/firefox/firefox-bin
    linux-gate.so.1 (0xb77bb000)
    libpthread.so.0 => /lib/i386-linux-gnu/libpthread.so.0 (0xb776b000)
    libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xb7765000)
    librt.so.1 => /lib/i386-linux-gnu/librt.so.1 (0xb775c000)
    libstdc++.so.6 => /usr/lib/libstdc++.so.6 (0xb7675000)
    libm.so.6 => /lib/i386-linux-gnu/libm.so.6 (0xb762f000)
    libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0xb7614000)
    libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb746a000)
    /lib/ld-linux.so.2 (0xb77bc000)

     See? It's using my libc, so what you said is completely incorrect. Shall we see if it uses its own GTK library as you've said? I'll past the ldd result here: http://pastebin.com/UsP0MHUe , so you can see for yourself that firefox uses the system libraries instead.

    Because dynamic linking is so horribly broken on Linux that is the only way it could possibly work on more than one distro.

    Dynamic linking on Linux is state-of-the-art. If it doesn't work for you, look for responsibilities somewhere else than the operating system. If anything, it's static linking which is badly supported (by glibc, not by Linux).

    SORRY.

    ...