[nanvix] E: Drop -lssl -lcrypto -lffi from python.elf LIBS#16
Open
esaurez wants to merge 1 commit into
Open
Conversation
After the Phase 3b OpenSSL unbundling (cpython#15) and Phase 3b libffi unbundling (cpython#14) shipped, libssl/libcrypto/libffi are loaded at runtime via per-module .so DT_NEEDED chains:
_ssl.cpython-312.so -> DT_NEEDED libssl.so, libcrypto.so
_hashlib.cpython-312.so -> DT_NEEDED libcrypto.so
_ctypes.cpython-312.so -> DT_NEEDED libffi.so
python.elf no longer needs to reference these libraries. Leaving '-lssl -lcrypto -lffi' in Makefile.nanvix's LIBS env was producing three unneeded DT_NEEDED entries on python.elf itself:
$ readelf -d python.elf | grep NEEDED
0x00000001 (NEEDED) Shared library: [libssl.so]
0x00000001 (NEEDED) Shared library: [libcrypto.so]
0x00000001 (NEEDED) Shared library: [libffi.so]
Every Python startup loaded all three .so files even if no script ever imported ssl/hashlib/ctypes -- pure waste.
Dropping the flags from LIBS produces a python.elf with NO DT_NEEDED entries (verified via readelf -d). Runtime behaviour unchanged: the per-module .so files still pull in the .so chains when they're imported.
No size change in python.elf itself (the flags resolved to .so entries, not bundled .a content).
Dependencies: cpython#14 (libffi unbundle) + cpython#15 (openssl unbundle) both must ship first for this to be safe. This PR stacks on cpython#15's branch.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
After the Phase 3b libffi unbundling (esaurez/cpython#14) and Phase 3b OpenSSL unbundling (esaurez/cpython#15) shipped,
libssl/libcrypto/libffiare loaded at runtime via per-module.soDT_NEEDEDchains:python.elfno longer needs to reference these libraries directly. Leaving-lssl -lcrypto -lffiinMakefile.nanvix'sLIBSenv produced three unneededDT_NEEDEDentries onpython.elfitself:Every Python startup loaded all three
.sofiles even if no script ever importedssl/hashlib/ctypes— pure waste. Worse: these were the onlyDT_NEEDEDentries onpython.elf, so eliminating them returns the binary to a pure-static layout matching the intent.After this PR
Runtime behaviour unchanged: the per-module
.sofiles still pull in the.sochains when they're imported. No size change inpython.elfitself (the flags resolved to.soentries, not bundled.acontent).Dependencies
_ctypesviaDT_NEEDED libffi.so. Must ship first so the libffi consumers are wired up correctly._ssl/_hashlibviaDT_NEEDED libcrypto.so+libssl.so. Must ship first.This PR stacks on
cpython#15.Related followup (not in this PR)
Phase 2 unbundling (
_decimal,pyexpat,_elementtree,_sha2— the cpython-bundled libs) hit a hidden-visibility blocker during exploration. The bundled libraries' headers (mpdecimal.h, expat headers, HACL headers) use_Pragma("GCC visibility push(hidden)")to make all public symbolsSTV_HIDDEN. The MODLIBS-piggyback architecture is correct in principle but the hidden symbols don't end up inpython.elf's.dynsymeven with--export-dynamic. The recommended path forward isobjcopy --globalize-symbolspost-build, documented innanvix-todo/cpython-phase2-bundled-libs-hidden-visibility-blocker.md.