Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AArch64 build attributes specification #230

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

smithp35
Copy link
Contributor

@smithp35 smithp35 commented Nov 3, 2023

Introduce a new specification document for AArch64 build attributes.

The 32-bit ABI makes extensive use of the build attributes defined in addenda32. These attributes defined for relocatable objects are used for a number of purposes including:

  • Checking ABI compatibility.

  • Checking required processor feature compatibility.

  • Automatic static library selection.

With AArch64's focus on software platforms, there has not been a strong requirement to introduce extra metadata to denote the requirements and optional processor features used by a relocatable object. Programs are expected to do runtime testing to check if processor features are available.

With the advent of security features like PAuthABI, BTI and GCS we need a way to record additional metadata that a static linker can use to set metadata like GNU properties in a loadable-unit (executable or shared-library).

A brief summary:

  • Made a generic "aeabi" prefix for Arm subsections. Including a header that states optionality and encoding. All ULEB or all NTBS.

  • Describes a single subsection that maps directly to the existing .note.gnu.properties and uses language similar to AAELF64. This includes the existing BTI and PAC properties.

  • Is accompanied by a design rationale with a suggestion for tool syntax.

@smithp35
Copy link
Contributor Author

smithp35 commented Nov 3, 2023

I don't think the PDF creation is to do with this pull-request as I didn't add the directory to the generate-pdfs script and the same attribute error happens in other documents.

Looks like we may need to upgrade rst2pdf to 0.101 for python 3.12 compatibility.

Formal Syntax of aeabi prefixed subsections
-------------------------------------------

<uint8: optional> <uint8: parameter type>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The design doc mentions "optimized for size". If we optimize for size, "optional" and "parameter type" can be merged into one byte. In contrast, the current design using two bytes is cleaner. I wonder whether there are additional thoughts into the current choice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is true. In this particular case I'm not expecting too many different subsections, currently we only define one so my instinct is to keep it simple for now.

*0* the values are ULEB128 encoded.

*1* the values are NTBS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. This can be extended in the future if addenda32-style Tag_compatibility is needed.

The effect of omitting a public tag in file scope is identical to
including it with a value of 0 or “”, depending on its parameter type.

Formal Syntax of aeabi prefixed subsections
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use lowercase "syntax"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, will fix.

* There is a least a3 such that a1 ≤ a3 and a2 ≤ a3.
Then a1 + a2 = a3.

Example: ``Tag_CPU_arch`` from (ADDENDA32_) when a1 = v6KZ, a2 = v6T2, and a3 = v7.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume that this AArch32-specific example can be replaced when an AArch64 tag with the right semantics arises.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I'm somewhat limited with the examples right now.


GNU Program Properties as defined by [LINUX_ABI_] are a similar
concept to Build Attributes. Program properties are encoded in
.note.gnu.property sections. A static linker combines the program
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should .note.gnu.property be placed in backquotes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, will fix.


The parameter type is ULEB128.

The lattice value is custom. Two entities are compabitible if both
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps semilattice. Since we support just the "join" operation, not "meet".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking it up, it seems like join-semilattice is the formal term. What I'll do for now is explain that it is a join-semilattice but we'll use lattice for brevity.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ended up using partial order to remove the use of lattice. While build attributes are modelled on a lattice, the addenda32 only mentions it once.

An executable or shared library. Also known as loadable-unit in
this document.

Loadable-unit
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The existing docs don't use the term "loadable-unit". "link unit" has been used in several docs. Is there a rationale to introduce this alias?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In some internal feedback some of my colleagues didn't like link-unit :-) . Loadable unit was felt to be more inituitively understandable than link-unit.

I'm confortable with link-unit, but that's many years of familiarity.


The major differences between build attributes and GNU properties are:

- Build attributes are relocatable object only and have an encoding
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sentence appears to contradict with "Encoding of meta data in a loadable-unit" in buildattr64.rst. If the recommended practice is for loaders not to inspect the platform-specific build attributes, mention it in buildattr64.rst?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In buildattr64.rst there is:

Encoding of meta data in a loadable-unit
----------------------------------------

Build attributes are only defined for relocatable objects.  The
encoding of metadata in a loadable-unit (executable or shared-library)
is platform specific.  For example a platform may choose to use GNU
program properties as defined in (LINUX_ABI_). This document specifies
the meaning of build attributes for relocatable objects only.  The
presence of ``.ARM.attributes`` sections in a loadable-unit is
permitted, but the interpretation of the contents of the section is
outside the scope of this document.

I think that is consistent with Build Attributes are relocatable only.

Arm has traditionally taken the approach that the executable and shared-library are mostly "owned" by the platform holder, be that Android or the Linux community and the AArch64 ABI. I've written #229 which is a rationale for using GNU properties in sysvabi64.rst files which we equate to Linux/BSD.

Hope that makes sense. Any suggestions for improvement are welcome though.

- All candidate libraries with build attributes ≤ selection build
attributes are compatible.

- For each compatible candidate library L with best candidate B then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am puzzled by this sentence. Perhaps clarify it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I'll try and rewrite it.

a bit vector and use the binary ``or`` or ``and`` operator to do the
join.

Alternative one .aeabi_attributes section
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add a colon after "Alternative" to clarify that "alternative one" is not a phrase?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, will fix.

@MaskRay
Copy link
Contributor

MaskRay commented Nov 30, 2023

Thanks for starting https://discourse.llvm.org/t/rfc-aarch64-build-attributes-for-elf-relocatable-objects/75161 and I came here while reading that post. I have done a lot of object file format/assembler/linker work in llvm-project and I am in favor of AArch64 Build Attributes. I haven't studied much about PAuth, but if loaders don't need to know the relevant build attributes, using build attributes should be good.

LLD processing of Build Attributes sections similar to the ARM target.

In lld/ELF/Driver.cpp, I added mergeRISCVAttributesSections. For AArch64 we will need something similar.

Copy link
Contributor

@MaskRay MaskRay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Forgot to push some "pending comments"...


## About this document

The [Build Attributes for the Arm 64-bit Architecture](buildattr64.rst) describes the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

missing words after "the"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

-------------------

The tool interface for private subsections is implementation defined.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete trailing blank line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

multiple feature bits with forcing functions. A concrete example is
``FEAT_LSE2`` which can only exist if ``FEAT_LSE`` exists.

- require more then one attribute to describe. For example the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: "then"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK


- Textual formats are slower to parse and take up more space.


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

delete trailing blank lines?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK

@smithp35
Copy link
Contributor Author

Uploaded new version, thanks for the additional comments.

The syntactic structure of an attributes section is::

<format-version: <version-letter>>
[ <uint32: subsection-length> NTBS: vendor-name

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first byte will be followed by 0 or more subsections.

[ <uint32: subsection-length> NTBS: vendor-name
  <bytes: vendor-data>
]

Is the equivalent of a single .aeabi_subsection in the assembly.
for each .aeabi_subsection there must be single

[ <uint32: subsection-length> NTBS: vendor-name
  <bytes: vendor-data>
]

In the ELF.

Each unique .aeabi_subsection vendor-name will result in a single subsection. That permits an assembler to allow .aeabi_subsection to appear multiple times in the same file with the same vendor name, like a .section directive. Therefore it is possible to change subsections, but be able to return to the previous one. I don't think this is likely in practice, but it is often how "stateful" directives are implemented in assembler.

For example:

// switch to subsection aeabi-feature-and-bits
.aeabi_subsection aeabi-feature-and-bits , 0, 0
.aeabi_attribute Tag_Feature_BTI, 1

// switch to subsection aeabi-pauthabi
.aeabi_subsection aeabi-pauthabi, 1, 0
.aeabi_attribute Tag_PAuth_Platform, 1
.aeabi_attribute Tag_PAuth_Schema, 1

// switch back to subsection aeabi-feature-and-bits
// Note this doesn't create a new subsection.
.aeabi_subsection aeabi-feature-and-bits , 0, 0
.aeabi_attribute Tag_Feature_GCS, 1

There will be two subsections in the ELF file aeabi-feature-and-bits and aeabi-pauthabi.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The buildattr64.rst doesn't mention assembly syntax as these are not part of the "binary" standard. They are covered for GNU compatible assembley in the rationale document, I'll find a way of covering this there.

Yes the intention is that each uniquely named .aeabi_subsection will be a subsection in the ELF file, with the vendor-name set to the name given in the directive.


The syntactic structure of an attributes section is::

<format-version: <version-letter>>

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The <format-version: > (double '<, >' also around 'version-letter') and <uint32: subsection-length> (single '<, >', not around 'subsection-length') does not indicated a different between the cases.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original in addenda32 hard coded A, but mentioned that this was just the current version. I think I'll go back to that form.

type ``SHT_AARCH64_ATTRIBUTES`` and name ``.ARM.attributes`` (for
further details see [AAELF64_]).

An attribute is encoded in a <tag, value> pair.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A tag with the same name in a different .aeabi_subsections is considered a different tag.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part of the document is specifically about encoding and subsections haven't been described yet. I'll see if I can find a place to express this later on in either subsections or tags.

construct "aeabi" prefixed subsections.

::
.aeabi_subsection name [optional] [, parameter type]

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The syntax is not final. There are consideration around whether the values should be optional and with what exact syntax.
Options:

  • as it is now, and to denote optional arguments:
    .aeabi_subsection MySectionA 0 -> 'optional'
    .aeabi_subsection MySectionA, 0 -> 'parameter type'
  • The syntax might be .aeabi_subsection name [, optional] [, parameter type]
    and to denote optional arguments:
    .aeabi_subsection MySectionA, 0, or:
    .aeabi_subsection MySectionA, ,0
  • Having both the arguments being mandatory
  • Make encoding and parameter type either both present or absent

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internally with a conversation with the GNU team we decided that it should be [, optional] I think that while possible to disambiguate between

.aeabi-subsection vendor-name optional

and

.aeabi-subsection vendor-name ,ntbs

Is possible, given that optional and ,ntbs can be digits then it will be difficult for a human to spot.

Public aeabi prefixed subsections
=================================

About public tags
Copy link

@sivan-shani sivan-shani Nov 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: reading it again I realize that this part describe the ELF while I thought that it describes the assembly. Therefore some of the comments are irrelevant, but some still makes sense so I figure I better leave them.
If details like vendor name has to be be encoded in the ELF, does it mean that they must also appear in the assembly?
Might it be a good idea to have a clear section regarding assembly, or some related document? even though strictly speaking the ABI is only the binary specification for the ELF file.

Here is a suggestion for this paragraph that reflect my understanding of public subsections: (Edit: in the assembly, maybe this can serve for another document that specify the assembly)

Suggested change
About public tags
Public subsections
Subsections are denoted with the tag: `.aeabi_subsection <name>`
Public subsections are subsections with <name> starting with a prefix of "aeabi".
Public subsections have a header that indicates whether the subsection is mandatory or not, and what is the type of the value for all the subsection's attributes.
A consumer must be able to parse the header of all the mandatory public subsections. A consumer may skip an optional subsection.

Several points:

  • The header does not indicates only optionality, but also the attribute's values type.
    Edit: irrelevant to ELF, only to assembly.
  • The part about the subsection that do not need to be read is confusing. My understanding of the essence is: If subsection is mandatory, it has to be read, not being able to read it is an error. If it is optional, it can be skipped, from any reason (e.g. not being able to recognize the full vendor-name or any other reason, it is not clear what is special about the vendor-name)
    Edit: This part seems relevant also for ELF.
  • Remove the mention of "vendor name" since in actuality sections names does not contained a vendor name.
    Edit: not true to ELF, still, since this data is not in the assembly, how do we know what to put it in the ELF?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion, I'll have a think about what I can incorporate.

I'm thinking that I could move the assembly support into the main specification as an appendix.

Default values for public tags
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The effect of omitting a public tag in file scope is identical to

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is unclear to me whether this is true only for optional subsections, only for mandatory subsections, or for both, optional and mandatory and subsections.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll see if I can make the mandatory part clearer. I think an examples section in the rationale would help too. All tags get an implicit default of 0 whether in a mandatory or optional section.

A subsection should be mandatory if a static linker must be able to understand at least one of the tags defined in it to produce correct output. By making the subsection mandatory a static linker is expected to give an error message if it can't process the subsection.

If the subsection is optional and a static linker doesn't understand either the subsection or a tag within it then it can just skip over it. The output will be correct, if not optimal.

have a prefix of "aeabi". If the header is optional then a consumer
may skip the subsection if they do not recognize the full vendor-name.

Default values for public tags

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might it be a good idea to call 'tags' -> subsections and therefore 'public tags' -> public subsections?
"Tags" might mean quite a few things.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll see if I can define these terms a bit better. A public tag is just a tag defined in a public (name starting with aeabi) subsection.

I agree that tag is a general term, I've taken a lot of the language from the 32-bit ABI.

Encoding
--------

Encoding build attributes are encoded in a vendor-specific section of

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Encoding build attributes are encoded in a vendor-specific section of
Build attributes are encoded ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, I'll adopt in the next patch.

It looks like this partially came from addenda32.rst

Encoding build attributes needs more than a few bits, so we encode them in an vendor-specific section of type SHT_ARM_ATTRIBUTES and name .ARM.attributes (for further details see 

@smithp35
Copy link
Contributor Author

Thanks for all the comments. I'll aim to get a response tomorrow and I'll post an update to the spec and rationale this week.

Copy link
Contributor Author

@smithp35 smithp35 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll start work on an update tomorrow.

Encoding
--------

Encoding build attributes are encoded in a vendor-specific section of
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK, I'll adopt in the next patch.

It looks like this partially came from addenda32.rst

Encoding build attributes needs more than a few bits, so we encode them in an vendor-specific section of type SHT_ARM_ATTRIBUTES and name .ARM.attributes (for further details see 

type ``SHT_AARCH64_ATTRIBUTES`` and name ``.ARM.attributes`` (for
further details see [AAELF64_]).

An attribute is encoded in a <tag, value> pair.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This part of the document is specifically about encoding and subsections haven't been described yet. I'll see if I can find a place to express this later on in either subsections or tags.


The syntactic structure of an attributes section is::

<format-version: <version-letter>>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original in addenda32 hard coded A, but mentioned that this was just the current version. I think I'll go back to that form.

The syntactic structure of an attributes section is::

<format-version: <version-letter>>
[ <uint32: subsection-length> NTBS: vendor-name
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The buildattr64.rst doesn't mention assembly syntax as these are not part of the "binary" standard. They are covered for GNU compatible assembley in the rationale document, I'll find a way of covering this there.

Yes the intention is that each uniquely named .aeabi_subsection will be a subsection in the ELF file, with the vendor-name set to the name given in the directive.

Public aeabi prefixed subsections
=================================

About public tags
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the suggestion, I'll have a think about what I can incorporate.

I'm thinking that I could move the assembly support into the main specification as an appendix.

Default values for public tags
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The effect of omitting a public tag in file scope is identical to
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll see if I can make the mandatory part clearer. I think an examples section in the rationale would help too. All tags get an implicit default of 0 whether in a mandatory or optional section.

A subsection should be mandatory if a static linker must be able to understand at least one of the tags defined in it to produce correct output. By making the subsection mandatory a static linker is expected to give an error message if it can't process the subsection.

If the subsection is optional and a static linker doesn't understand either the subsection or a tag within it then it can just skip over it. The output will be correct, if not optimal.

have a prefix of "aeabi". If the header is optional then a consumer
may skip the subsection if they do not recognize the full vendor-name.

Default values for public tags
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll see if I can define these terms a bit better. A public tag is just a tag defined in a public (name starting with aeabi) subsection.

I agree that tag is a general term, I've taken a lot of the language from the 32-bit ABI.

construct "aeabi" prefixed subsections.

::
.aeabi_subsection name [optional] [, parameter type]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internally with a conversation with the GNU team we decided that it should be [, optional] I think that while possible to disambiguate between

.aeabi-subsection vendor-name optional

and

.aeabi-subsection vendor-name ,ntbs

Is possible, given that optional and ,ntbs can be digits then it will be difficult for a human to spot.

Introduce a new specification document for AArch64 build attributes.

The 32-bit ABI makes extensive use of the build attributes
defined in addenda32. These attributes defined for relocatable
objects are used for a number of purposes including:

* Checking ABI compatibility.

* Checking required processor feature compatibility.

* Automatic static library selection.

With AArch64's focus on software platforms, there has not been
a strong requirement to introduce extra metadata to denote the
requirements and optional processor features used by a
relocatable object. Programs are expected to do runtime testing
to check if processor features are available.

With the advent of security features like PAuthABI, BTI and GCS
we need a way to record additional metadata that a static linker
can use to set metadata like GNU properties in a loadable-unit
(executable or shared-library).

A brief summary:

* Made a generic "aeabi" prefix for Arm subsections. Including
  a header that states optionality and encoding. All ULEB or
  all NTBS.

* Describes a single subsection that maps directly to the existing
  .note.gnu.properties and uses language similar to AAELF64. This
  includes the existing BTI and PAC properties.

* Is accompanied by a design rationale with a suggestion for
  tool syntax.
Commmit will be squashed prior to commit.

- Fixed references to GNU properties which have moved to sysvabi64.rst
- Mention in buildattr64.rst that SysVr4 platforms are recommended to
  use GNU properties in loadable units.
- Change lattice to partial order.
- Be more consistent with relocatable object file, rather than
  relocatable file, relocatable object or relocatable object file.
- Rewrite example of library selection to be clearer.
This was unfortunately missed out in the initial commit.
Make further corrections, these were all non-functional in nature.
This commit will be squashed prior to merging.
* In assembly syntax use a comma in [,optional].
* Change document status to Beta quality.
* Remove superfluous Encoding from start of sentence.
* Clarification of "optional" in public subsection header.
* Clarification that public subsections define their own attributes.
* Clarify static linker responsibilities with mixed build attributes.
  and .note.gnu.property sections.
* Reformat the aeabi-pauthabi section to match aeabi-feature-and-bits.
* Move and expand the tool interface section from the rationale to
  the specification.
*optional*

This field is optional and only applies to subsection names with a
prefix of "aeabi". The default value is 1 for optional.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Starting to doubt whether it is a good idea to have optional parameters with default values.
It creates the possibility for user mistakes when writing build attributes as assembly and implementation mistakes.
Are there any real benefits for allowing the omission of parameters?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Default values are necessary for reasoning about the properties of old object files in new toolchains and vice-versa. If we introduce a new attribute in ABI release N, then toolchains that implement some version prior to N won't have that attribute, toolchains need to be able to reason about that case as we can't guarantee that everyone recompiles all their objects, including all their dependencies, all of the time. An explicit default value of 0 forces the attribute definition to think about backwards compatibility. With the most common kinds of attribute combination being "all objects must have property X to set X in output", "If at least one object has property X to set X in output" or "all objects must have the same property for the combination to be valid" then 0 works well.

Copy link

@sivan-shani sivan-shani Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the reply, it is a bit difficult to understand.

Given old object file O1 which does not have attrX,
Being handled with new object files O2, O3 that has attrX.
The way to handle O1, O2 and O3 together will be implemented in the logic of the handling tool (e.g. linker)
Something like "if no attrx, then..."

It is not so clear how having default values for attrX helps this process.

  1. Having default value for attrX can not imply that old object has to be treated like it has the default value, because there is no way to know if it will make sense for future attributes.
  2. "An explicit default value of 0 forces the attribute definition to think about backwards compatibility" - Why? when there is an old object involved, it is not the same as having new object with no explicit attribute (see (1)) It is a completely different case that has to be handled anyhow. e.g. even in a world without old object files, there could be a case of a missing attribute, either by design (if the attribute is optional) or mistake (if it is mandatory)

It seems to be completely unrelated?

Copy link

@sivan-shani sivan-shani Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some logic to the idea that the default is '0', and it means that no attribute -> value is '0', and then it imply that all other objects can not have '1'.
However, if this is the intention, do we really want to force all future developers to comply with this logic? It is a bit micromanagy on our part, and it might be better to leave those decisions to the future implementers.
Edit: especially given that the partial order on the attributes could be defined ad-hoc if I am not mistaken.

Copy link

@sivan-shani sivan-shani Nov 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I am gathering my thoughts slowly. Just want to add this:
Handling old object files has to be done anyhow, and I believe that having default values will hardly effect it or will hint anything to those who will implement it, while it will add the need to remember that 1) there are default values and 2) what they are to everyone who read/write assembly, or handle the tools that parse/write assembly/elf. We adding complexity and making things more error prone for benefits that does not seems quite there.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(sorry, a very last comment ) It will be clear from the partial order defined on the attribute, what should be the way to handle the case of missing attribute. (or "what should be the default value for missing attribute") and in the process of implementation and review, it should be done correctly, is there a need to hint it by setting a default value?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hope this goes through all the questions:

A given tool will understand a non-strict subset of the documented attributes and documented subsections of the current specification.

A build attributes producer like an assembler or compiler can only set the attributes and subsections it knows about. A build attributes consumer like a linker can only take action (the encoding permits it to read the attributes even if it doesn't understand them) on attributes and subsections it knows about.

On the producer side, the attributes and subsections that the tool doesn't know about will not be present. When the intended value of the attribute is the same as the default then it is up to the producer whether to emit the attribute or leave it out. Personally I would expect tools like compilers to just set the attribute explicitly to 0, however in hand-written assembly I would expect humans to only set the ones they care about. It isn't realistic to expect a human to look up all the attributes in the spec.

On the consumer side it is clear what happens if an attribute is encountered that the consumer doesn't understand. If it is in an optional subsection, it ignores it, if it is an non-optional subsection it gives a diagnostic.

If the consumer encounters an object file that is missing an attribute that it understands it uses the default 0 value for the object. As you suggest the partial order and combination rule will tell the consumer how to update the output value of the attribute.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I was confusing Assembly default values, such as subsection header values such as optional/value and ELF default value such as an entire tag.
ELF does not have default values like Assembly, therefore my point was not relevant.

* Changed assembler syntax to make parameters mandatory and to define
human readable names.
* Generalise mapping of aeabi-feature-and-bits to .note.gnu.property
* Renumber aeabi-feature-and-bits tags to start from 0.
We follow the 32-bit ABI which permits an attribute to occur more
than once, but if it does it has to have the same value.
Subsection names including `-` character can be difficult for
assemblers to parse unless part of a quoted string.

* Change aeabi-feature-and-bits to aeabi_feature_and_bits.
* Change aeabi-pauthabi to aeabi_pauthabi.
The aeabi_pauthabi subsection is mandatory, which means that if it
is present an object consumer is required to understand the contents
of the subsection. That makes a relocatable object containing
an aeabi_pauthabi subsection with explicit 0 values for the tags
less portable than relying on the implicit 0 values when the
subsection isn't present.

In the current active subsection, set *tag* to *value*.

It is an error if .aebi_attribute is encountered when the current

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo, '.aeabi_attribute'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for spotting, will update.

sivan-shani added a commit to llvm/llvm-project that referenced this pull request Jan 22, 2025
- Added support for AArch64-specific build attributes.
- Print AArch64 build attributes to assembly.
- Parse AArch64 build attributes from assembly.
- Emit AArch64 build attributes to ELF.

Specification:
 ARM-software/abi-aa#230
github-actions bot pushed a commit to arm/arm-toolchain that referenced this pull request Jan 22, 2025
…(#118771)

- Added support for AArch64-specific build attributes.
- Print AArch64 build attributes to assembly.
- Parse AArch64 build attributes from assembly.
- Emit AArch64 build attributes to ELF.

Specification:
 ARM-software/abi-aa#230
sivan-shani added a commit to sivan-shani/llvm-project that referenced this pull request Jan 22, 2025
- Added support for AArch64-specific build attributes.
- Print AArch64 build attributes to assembly.
- Emit AArch64 build attributes to ELF.

Specification: ARM-software/abi-aa#230
sivan-shani added a commit to llvm/llvm-project that referenced this pull request Jan 23, 2025
- Added support for AArch64-specific build attributes.
- Print AArch64 build attributes to assembly.
- Emit AArch64 build attributes to ELF.

Specification: ARM-software/abi-aa#230
github-actions bot pushed a commit to arm/arm-toolchain that referenced this pull request Jan 23, 2025
…(#123990)

- Added support for AArch64-specific build attributes.
- Print AArch64 build attributes to assembly.
- Emit AArch64 build attributes to ELF.

Specification: ARM-software/abi-aa#230
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants