Comment by matheusmoreira
2 years ago
OpenBSD is certainly taking it quite far. They want to disallow system calls from all non-libc code segments so that only whitelisted code can interface with it.
It is not the only operating system in the "unstable kernel interface" group though. Linux is actually the only one with a stable system call interface.
I've written somewhat at length about this:
> It is not the only operating system in the "unstable kernel interface" group though. Linux is actually the only one with a stable system call interface.
It's wrong to say that Linux stands alone in having a stable syscall interface. FreeBSD [0] and NetBSD [1] both retain syscall compatibility for old binaries (the former apparently with some exceptions permitted); DragonFly BSD also appears to keep old syscalls in place. In fact, I only know of Windows, OpenBSD, and presumably macOS as mainstream desktop OSes without mostly-stable syscalls.
[0] https://wiki.freebsd.org/AddingSyscalls#Backward_compatibily
[1] https://www.netbsd.org/docs/internals/en/chap-processes.html...
When I wrote the article I searched the web for the kernel-userspace ABI situation in the BSDs. I found posts that contradict that.
https://forums.freebsd.org/threads/what-is-meant-by-abi.8622...
> I keep reading that the ABI of FreeBSD is constantly changing.
> Someone's system has random crashes and someone else says it's that pesky ABI changing again.
It seems FreeBSD has a reputation of changing binary interfaces. Even when they clarified that they meant the kernel-userspace interface, it was pointed out they're only stable for current releases. There seems to be some emulation but I can't figure out how hard of a guarantee that is.
https://docs.freebsd.org/en/books/handbook/kernelconfig/#ker...
> If the kernel version differs from the one that the system utilities have been built with
> for example, a kernel built from -CURRENT sources is installed on a -RELEASE system
> many system status commands like ps(1) and vmstat(8) will not work.
> To fix this, recompile and install a world built with the same version of the source tree as the kernel.
> It is never a good idea to use a different version of the kernel than the rest of the operating system.
How could the ABI be stable if you have to recompile user space when you update the kernel? Linux is said to be able to run binaries from the 90s.
https://old.reddit.com/r/BSD/comments/8vysxg/a_question_abou...
> FreeBSD breaks syscall ABI compatibility with some regularity.
> Like Windows and unlike Linux, the compatibility layer is considered to be libc, rather than the syscall interface.
FWIW your website is unusable on desktop: the font is unreadably huge. And while Firefox's reader mode does seem to mitigate the issue correctly, Safari's cuts off at the second paragraph.
Thank you. I'll try to fix it. I gotta get better at this.
I reduced the font size to 24px. Does it read better despite the margins?
I appreciate the feedback. My intention was to maximize the use of space with big fonts even on the desktop but there's no point if the resulting text is unreadable.
Improved the look of the site as well while I was at it.
We need more fat kernels and less libcs, libc ties us forcibly to the C legacy. Time for more type safe and richer interfaces with the kernel.
What do you mean when you say "fat kernel"?
Also, FYI, OpenBSD is never going to stop being written in C, and is never going to introduce a language like Rust into the kernel [1], so there's little point in wishing for this.
If you wish to rid yourself of legacy of C (and therefore that of Unix), then OpenBSD, which is Unix (or derived from it) and will always be written in C, is not a good operating system for you.
Edit: Changed to be less rude; it wasn't my intention to be rude.
[1]: https://marc.info/?t=151233221700001&r=1&w=2
I'm not the person you're replying to, but I don't really mind the kernel (or anything else) being written in C as such, but interacting with C from $other_language can be rather painful for various reasons. In Go the reason they do what they do is because integrating it with how the Go scheduler works is tricky, and getting rid of libc makes cross-compilation a lot easier.
So in short, it's a pragmatic thing more than anything else.
(Aside: that thread is a little bit outdated by the way, as I do believe there's a reasonably complete Rust coreutils implementation now. Not that I think Rust is a good fit for OpenBSD though – I wish people would stop conflating "safety" with "Rust".)
5 replies →
Wow, that discussion does not warm me at all to OpenBSD. A lot of those responses seemed way more abrasive than they needed to be.
It's interesting, though, that at least initially, the only examples of memory-safe languages were ones like Java or Python, which are both very high-level and come with a lot of runtime tradeoffs that would practically make them unsuitable to tools like ls or cat that need to be run quickly and a lot. (Also interesting: this never seems to be given as a reason not to use memory-safe languages.) Later on Rust and Ada are discussed, but it feels much more cursory, except in the final comment.
The big reason to use C seems to be that it provides a signal that the developer is competent - you need to be at least good enough to learn C in order to contribute to OpenBSD. And more specifically, if you would rather write code in a non-C, memory-safe language, you are probably a bad developer who should not contribute to OpenBSD. To me, this intuitively feels like quite a weak argument (are there so many people clamouring to contribute to OpenBSD that they need this kind of gatekeeping mechanism?) but it's pretty much the main one that gets repeated. The more convincing argument at the end is that, practically speaking, most of the benefits of memory-safe, low-level languages like Rust or Ada can be provided by static C linters/checkers, and so they don't add much value overall. This seems very much the opposite of what some other companies are saying, e.g. Google and Microsoft, which is that even with static analysis of C/C++, Rust is still dramatically reducing the number of memory safety issues they're running into.
I find it interesting that they don't bring up what seems to be the more obvious reasons not to bring in memory-safe languages, which are mainly the classic "rewrites are hard, here be dragons" arguments - the existing tools have been hardened through years of use, and rewriting them is more likely to add new bugs than remove old ones; new languages/tools means new knowledge which means having people on hand familiar with the new languages to understand what's going on; reimplantation tends to be slow initially, which eats resources and prevents ongoing maintenance and development; etc.
My main takeaways from that discussion are (a) I really hope I never have to work with the OpenBSD maintainers, and (b) their main arguments seem more about maintaining the exclusivity of their club than about the technical details of any transition.
3 replies →
A kernel is not a programming languages. Type safety is something enforced by a compiler or interpreter, while accessing a system call interface is always something that can be expressed in terms of a sequence of assembly language instructions. Doesn't matter whether you're accessing a C API or a syscall mechanism.
Forcing usage of libc is actually an effort towards type safety. `syscall` just takes a syscall number and an unspecified amount of arguments of unconstrained type. It's the opposite of being type safe.
It does matter. You don't have to link with the kernel, or support the C ABI. You're still tied to C with libc. It's especially bad on Linux because glibc is so awful.
Forcing libc has absolutely nothing to do with type safety. How do you think they invoke syscalls in libc? There's no more type checking of syscalls there than there is in Go's standard library. From a user's point of view it's identical, except you don't have to worry about endless glibc version errors with Go.
1 reply →
[dead]