Slashdot Mirror

← Back to Stories (view on slashdot.org)

GNU C Library Alternative Musl Libc Hits 1.0 Milestone

Posted by Unknown on from the pry-glibc-from-my-cold-dead-ld.so dept.

New submitter dalias (1978986) writes "The musl libc project has released version 1.0, the result of three years of development and testing. Musl is a lightweight, fast, simple, MIT-licensed, correctness-oriented alternative to the GNU C library (glibc), uClibc, or Android's Bionic. At this point musl provides all mandatory C99 and POSIX interfaces (plus a lot of widely-used extensions), and well over 5000 packages are known to build successfully against musl.

Several options are available for trying musl. Compiler toolchains are available from the musl-cross project, and several new musl-based Linux distributions are already available (Sabotage and Snowflake, among others). Some well-established distributions including OpenWRT and Gentoo are in the process of adding musl-based variants, and others (Aboriginal, Alpine, Bedrock, Dragora) are adopting musl as their default libc." The What's New file contains release notes (you have to scroll to the bottom). There's also a handy chart comparing muscl to other libc implementations: it looks like musl is a better bet than dietlibc and uclibc for embedded use.

18 of 134 comments (clear)

  1. pkgsrc test results by staalmannen · · Score: 4, Informative

    For those curious about which "5000 packages" that build with musl, there is the awesome automated pkgsrc tests published: http://wiki.musl-libc.org/wiki...

  2. Re:Either gnu libc is hideously slow and bloated.. by staalmannen · · Score: 3, Insightful

    It might be easier to add than to remove, leading to bloat over time and glibc has been around for a while. Also, building on old code might mean that you are limited in what you can change. For example, the modular design of LLVM has been a pretty big success and is considered easier to work with/develop than gcc. For musl, I think they have decided to remove all legacy stuff + non-standard extensions.

  3. Re:Either gnu libc is hideously slow and bloated.. by Anonymous Coward · · Score: 3, Insightful

    the guys at gnu know a thing or 2 about compilers and libraries

    You obviously never worked on or looked at their source code.

  4. glibc is horribly bloated by uhmmmm · · Score: 4, Informative

    The first priority on musl is correctness, and they will take a hit to size and speed if that's what's necessary to achieve it. But thus far, they've been doing a good job of achieving correctness without introducing too much bloat.

    Take a look at their page on bugs found while developing musl, and you'll find that they've found and reported quite a few bugs in glibc where glibc had been "cutting corners".

    1. Re:glibc is horribly bloated by Just+Some+Guy · · Score: 3

      LOL Drepper. He had a free pass to be an abrasive jerk for years because of his supposed dedication to perfection and uncompromising quality. In retrospect, maybe he was just a jerk to shut down people who wanted to examine his work more closely than he liked.

      --
      Dewey, what part of this looks like authorities should be involved?
    2. Re:glibc is horribly bloated by dalias · · Score: 4, Interesting

      I've submitted at least two bugfix patches to glibc where the diff was 100% "-" lines for things Drepper added. I believe they were all eventually committed. And thankfully this is the one type of glibc patch submission that doesn't require having a copyright assignment on file with the FSF. ;-)

    3. Re:glibc is horribly bloated by Just+Some+Guy · · Score: 5, Funny

      You're doing God's work, son.

      --
      Dewey, what part of this looks like authorities should be involved?
  5. Re:Either gnu libc is hideously slow and bloated.. by Improv · · Score: 5, Insightful

    Steps to a useless comment:
    1) Speculate on the features of something
    2) Note that that speculated feature set doesn't include something you want
    3) Criticise based on your speculation

    --
    For every problem, there is at least one solution that is simple, neat, and wrong.
  6. Musl's supported architectures by uhmmmm · · Score: 3, Informative

    You're right that musl doesn't support the same breadth of architectures that glibc does. They currently support x86, amd64, ARM, MIPS, PPC, microblaze, and they have experimental support for superh and x32.

    One big advantage they do have is that it's much simpler to add support for a new architecture to musl than it is to add it to glibc. They are interested in supporting more architectures, so I'd expect their list of supported architectures to grow fairly quickly if there are people interested in that support.

    1. Re:Musl's supported architectures by dalias · · Score: 3, Insightful

      We have people working on aarch64, someone interested in doing a sparc port, and interest from the OpenRISC folks in musl too (and I've offered to help them with a port). There's also someone who wants to port to LM32-mmu (which, as I understand it, doesn't have any userspace infrastructure yet and only a very experimental kernel port).

  7. Link to comparison chart by paulpach · · Score: 4, Informative

    Here is a link to the comparison chart mentioned in the description.

  8. Re:Brain damaged project by pe1rxq · · Score: 3, Insightful

    Have you ever looked at static linking in detail?
    A .a file is basicly a collection of .o files. The linker only links those that are needed.
    So they have a single .a file instead of two or more .a files. This allows them to prevent difficult interdepencies between those .a files.
    The end result might still be a very small subset of the complete library.

    --
    Secure messaging: http://quickmsg.vreeken.net/
  9. re: Brain damaged project by uhmmmm · · Score: 3, Informative

    Where does it say you have to link the whole thing into your application? Musl supports dynamic linking just fine. The musl developers do have a preference for static linking, so they have better support for it than glibc (see their size comparisons of static linked programs on musl and glibc, for instance). But that doesn't mean you have to use it.

    The bit about aiming for correctness is correctness of musl itself. Of course they can't, in general, guarantee that you will write your own code correctly. In theory, they could split the math library out and force you to link against it correctly. But what would be the point? To arbitrarily break broken programs, while having no impact on correct programs? It would also have several downsides.

    Musl is the only C library I'm aware of which allows the entire C library ecosystem (C library, math library, threading library, dynamic linker, and some others probably) to be upgraded atomically, which eliminates a small window during upgrade where you might start a new program and have it break because it gets conflicting versions of these components.

    There is also code within the main C library (for example, the code to format floating point numbers in printf) which benefits from being able to call functions that are part of the math library.

  10. Re:Either gnu libc is hideously slow and bloated.. by dalias · · Score: 4, Informative

    At the time the comparison was made, glibc was essentially unmaintained and Debian-based distributions were using the eglibc fork. Now that glibc is under new leadership, eglibc is being discontinued and the important changes have been merged back to glibc upstream. So when I update the chart's quantitative comparisons, it will be for glibc rather than eglibc. The main things that will change when I do are significant increases in size (especially since I seem to have under-measured eglibc's totals) and possibly some improvements in performance. In terms of all the other qualitative comparisons, glibc remains about the same place it was before.

  11. Re:buffer overflow in printf ... great for securit by dalias · · Score: 4, Insightful

    Unlike some projects, we fully disclose bugs that might be relevant to security. In this instance, the bug could only be triggered by explicitly requesting sufficiently many decimal places (16445 for ld80) and printing a denormal long double with the lowest bit set, as in:

    printf("%.16445Lf", 0x1p-16445);

    In addition, even when triggered, it only wrote past the end of the buffer by one slot, and we were unable to get it to overwrite anything important like a return address (of course, what it overwrites depends on the compiler, so in principle it could).

  12. Re:Reinventing GPL wheels by dalias · · Score: 3, Insightful

    The main effect of glibc being LGPL is not that companies don't use it, rather it's that nobody making non-free software is willing to static-link it, so you end up with versioning hell. glibc partially solves this problem with symbol versioning, but the solution actually makes the problem worse in other cases: for example, in order to provide a binary that runs on systems with older glibc, people making binaries intentionally link against an older glibc, using the outdated/bug-compatible symbol versions instead of the up-to-date ones.

    Of course if your goal is to make sure non-free software is always breaking and giving people problems, that's a potential benefit of the LGPL.

    With musl, all you have to do to make a binary that works with older versions of the shared libc is avoid using functionality that was introduced in later versions. Or you can just static link and have it work everywhere.

  13. Re:Why should I drop glibc? by dalias · · Score: 4, Insightful

    If you don't want to switch, that's fine. You're still getting the benefits of musl, because competition has driven the glibc developers to fix, or at least study how to fix, a number of longstanding bugs in glibc.

  14. Re:Either gnu libc is hideously slow and bloated.. by dalias · · Score: 3, Informative

    It doesn't mean you can't use gdb, just that libc itself does not try to double as a debugging tool. This is actually a security consideration. For example, glibc prints debugging information if it detects corruption in malloc. But if there's already memory corruption, you have to assume the whole program state is inconsistent; the corruption may be intentional due to the actions of an attacker, and various function pointers, etc. may have been overwritten. Continuing execution, even to print debug output, risks expanding the attacker's opportunity to take control of the program.

    FWIW, musl does detect heap corruption. The difference is that it immediately executes an instruction that will crash the program rather than trying to continue execution, make additional function calls that go though indirection (the PLT) and access complex data structures, etc.