Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider adding -Werror=unguarded-availability-new to compiler flags for Apple platforms #100384

Closed
indygreg opened this issue Dec 21, 2022 · 11 comments · Fixed by #128155
Closed
Labels
build The build process and cross-build OS-mac type-feature A feature request or enhancement

Comments

@indygreg
Copy link
Contributor

indygreg commented Dec 21, 2022

Feature or enhancement

Runtime crashes like #97897 could be prevented by turning clang's unguaded-availability-new warning into a fatal compile error. This can be done by adding -Werror=unguarded-availability-new to compiler flags.

Essentially what this warning does is cross reference undefined symbols against symbols defined in the targeted Apple SDK. If it sees a symbol introduced in a newer SDK version and that symbol isn't weakly referenced/linked, you get a warning. -Werror upconverts it to a fatal compiler error.

If you add this flag to release builds, the compiler prevents you from shipping binaries that ship unguarded symbol usage for targeted SDK versions. i.e. it prevents run-time crashes when binaries run on older Apple OS versions.

If you enable this setting today, you may find the 3.8 branch isn't properly gating use of mkfifoat and mknodat. (Although this may be an oddity from python-build-standalone and not a CPython bug.)

cc @ned-deily


The advantages of having this additional warning is to catch regressions such as:

Linked PRs

@indygreg indygreg added the type-feature A feature request or enhancement label Dec 21, 2022
@indygreg
Copy link
Contributor Author

Ignore my comment about 3.8. 3.8 doesn't have properly weak linking support at all (at least not in posixmodule.c). The mkfifoat and mknodat errors were just clang catching these symbols falling through a gap in python-build-standalone's build system, which attempts to disable all optional symbols on 3.8 to work around the lack of weak referencing. I think this demonstrates the value of -Werror=unguarded-availability-new, as without this, I probably would have shipped binaries that segfault at runtime.

@ronaldoussoren
Copy link
Contributor

3.9 and later should have weak linking support in posixmodule, this was introduced while working on support for arm64 and Universal 2 binaries. That said, newer SDKs can introduce new APIs that require changes to that.

@picnixz picnixz added the build The build process and cross-build label Dec 20, 2024
@zanieb
Copy link
Contributor

zanieb commented Dec 21, 2024

Copying over some of my commentary from #128135

Here's an initial patch 36c7da4

@picnixz
Copy link
Contributor

picnixz commented Dec 21, 2024

What we could do is integrate this new flag as part of our CI without necessarily making it part of the configure script. At least it could help without affecting local configurations? cc @hugovk

@ned-deily
Copy link
Member

Instead of CFLAGS, try adding this to CFLAGS_NODIST. "CFLAGS_NODIST is used for building the interpreter and stdlib C extensions. Use it when a compiler flag should not be part of CFLAGS once Python is installed."

@zanieb
Copy link
Contributor

zanieb commented Dec 21, 2024

Ah cool, thanks @ned-deily. I was hoping there was something like that.

Do you have any other concerns before I post the patch as a pull request?

I think my most important open question is

This flag is clang-only, will this help prevent regressions upstream or just avoid shipping bad code downstream?

Is clang being used in CI?

@indygreg
Copy link
Contributor Author

The Xcode C toolchain is clang. There are an extremely small number of people not using clang when targeting Apple platforms. I'm pretty sure CPython's build system implicitly requires clang for Apple targets.

@picnixz
Copy link
Contributor

picnixz commented Dec 21, 2024

We use clang on build bots sanitizers (UBSan, TSan and ASan) so yes we use clang. And for the JIT as well since this requires LLVM.

@hugovk
Copy link
Member

hugovk commented Dec 21, 2024

What we could do is integrate this new flag as part of our CI without necessarily making it part of the configure script. At least it could help without affecting local configurations? cc @hugovk

Like with this tooling?

https://devguide.python.org/development-tools/warnings/

@zanieb
Copy link
Contributor

zanieb commented Dec 21, 2024

I think the concern about it affecting users is addressed by using CFLAGS_NODIST, is there a different concern you have that makes this better as a warning than an error?

@ned-deily
Copy link
Member

I'm not sure if we should be using unguarded-availability or unguarded-availability-new?

If I understand the implications correctly, I think we should stick with unguarded-availability until there is a demonstrated need to restrict to unguarded-availability-new.

Also we specifically now check and report on supported platform / compiler combinations (see AC_MSG_CHECKING([for PEP 11 support tier]) in configure.ac) which for macOS is clang for tier 1 support. That said, we should be careful to not deliberately break gcc builds; presumably the AX_CHECK_COMPILE_FLAG([-Wunguarded-availability] ... test in the patch should take care of that.

ned-deily pushed a commit that referenced this issue Dec 22, 2024
Generate a build error on ``unguarded-availability`` in portable macOS builds (i.e. using MACOSX_DEPLOYMENT_TARGET), preventing invalid use of symbols that are not available in older versions of the OS.
srinivasreddy pushed a commit to srinivasreddy/cpython that referenced this issue Dec 23, 2024
…ython#128155)

Generate a build error on ``unguarded-availability`` in portable macOS builds (i.e. using MACOSX_DEPLOYMENT_TARGET), preventing invalid use of symbols that are not available in older versions of the OS.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
build The build process and cross-build OS-mac type-feature A feature request or enhancement
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants