Handling ARM architecture changes

By Jonathan Corbet
July 23, 2014

Current Linux systems running on x86 processors will run binary programs created in the 1990s. A strong focus on not breaking the user-space ABI deserves much of the credit for this state of affairs, but there is another factor at play: the x86 hardware architecture has also been managed with an eye toward keeping old executables working. The ARM architecture is different, though; it evolves in ways that will prevent some older applications from running properly (or at all). That presents a challenge for kernel developers, who do not want to break applications but who also want to keep the kernel maintainable in the long term.

Recently, Colin Cross (of Google) raised an issue for consideration. The ARM architecture is occasionally put through a major revision, the latest of which is ARMv8. This version adds 64-bit support, among other things; it also provides compatibility support for applications built for older versions of the architecture. But that compatibility only goes so far; it lacks, in particular, support for the SWP instruction (which performed an atomic read-modify-write operation), the SETEND instruction (used for changing the endianness of data accesses), and certain types of barriers. This lack of support is not surprising; these features were all deprecated in v6 or v7 of the ARM architecture. ARM is following a well-established schedule in its removal of these instructions.

The problem, of course, is that there are applications out there that are still using those instructions. Any application that is built today should be free of deprecated instructions, but there are plenty of applications sitting in the dustier corners of the Google Play Store that have not been built recently, and which, perhaps, will never be rebuilt again. As things stand, if a user loads such an application onto an ARMv8 device, it will fail to run. That runs counter to the plan that ARMv8-based Android devices are expected to be compatible with existing applications.

The solution to the problem seems straightforward enough: the kernel can trap attempts to use the deprecated instructions and emulate them. Applications using those instructions will then continue to run, though they will run more slowly than they otherwise would. Colin asked if the kernel community would be willing to accept a set of patches implementing this emulation. The alternative, he said, was for Google to maintain the patches in a separate tree that all Android vendors would use; in this case, the mainline kernel would fail the Android compatibility test suite.

Given the importance of Android in the ARM world, one would think that there would be little opposition to keeping the kernel compatible in this way. But ARM developer Will Deacon expressed his opposition to the idea, complaining that, once emulation for instructions like SWP goes in, it will have to be maintained for a long time. He also argued that use of SWP, in particular, almost certainly indicates a bug in the application. It would be better, he said, to keep this code out of the kernel and to simply fix the affected applications.

Catalin Marinas added that anybody moving to an ARMv8 device is going to have to download all their applications from the store anyway. In his mind, Google should push to get older applications rebuilt so that, when users download them on their shiny new ARMv8 devices, they will simply work. But Grant Likely objected to this reasoning, saying that forcing developers to rebuild applications makes the platform as a whole more hostile. Also, he said, many of those older applications may no longer have a functioning company or developer behind them; getting them rebuilt may simply not be possible. But they work well enough now, and should not be broken.

After some back-and-forth, the conversation seemed to reach a point where most developers agreed that breaking existing applications is not a good thing. How that will translate into patches going into the mainline kernel is not yet entirely clear, though. The developers also reiterated the usual rule about backward compatibility: it is, in fact, perfectly fine to remove support for deprecated features as long as nobody is actually using that support. Given that ARM is likely to continue deprecating hardware features in the future, kernel developers are going to have to find a way to minimize support for deprecated features going forward. Nobody wants to turn the kernel into an emulator for all older versions of the ARM architecture.

To that end, Catalin put forward a proposed timeline for how to deal with deprecated features in general. The first step happens as soon as a feature has been deprecated in the hardware, but while current hardware still supports it. That is when the kernel community needs to find ways of calling attention to the deprecated feature and encouraging developers to move away from it. In particular, the right way to replace the deprecated feature should be worked out and publicized.

Step two comes about in the next hardware version, where, by ARM's normal practice, the deprecated feature is still available but can be explicitly disabled. At this point, the kernel will disable such features and emulate them in software; warnings will be emitted when the deprecated features are used by applications. Everything will continue to work (though maybe more slowly). There is one challenge here, in that it can be hard to get anybody to see kernel warnings on a mobile device; users tend not to read the log files often, if, indeed, they have access to the logs at all. For this type of device, warnings may have to be implemented at other levels; in the Play Store, for example.

In the third phase, another hardware revision has removed the feature entirely. At this point, Catalin says, the kernel should stop emulating the instruction and, instead, deliver an illegal-instruction signal (SIGILL) to the offending process. The emulation code might still be in the kernel, he said, but it should not be enabled by default. Finally, in the fourth stage, the emulation support would be removed altogether.

There appears to be widespread agreement in the ARM kernel community around this set of rules for dealing with hardware deprecations. There may, however, still be some dissent over the issues at hand today. It can be argued that the SWP instruction, deprecated in ARMv6, should not yet be at stage three because the effort to move users away from it was not made at an appropriate level. So, while some developers would still like to see applications rewarded with SIGILL for using SWP on ARMv8, it may be necessary to carry emulation for that instruction for a while yet.

For ARM hardware features that are deprecated in the future, though, the above timeline seems likely to be followed. As long as the word gets out to developers in time, there should, with luck, not be users of the deprecated features remaining by the time the support is removed entirely. That should help to keep the kernel maintainable as the hardware architecture evolves. But it will be disappointing to those who wish they could carry forward applications from their old G1 phone and have them run properly on future devices.

Index entries for this article
Kernel	Architectures/Arm
Kernel	Development model/User-space ABI

Handling ARM architecture changes

Posted Jul 24, 2014 5:15 UTC (Thu) by alkbyby (subscriber, #61687) [Link]

Perhaps ARM should consider stopping practice of removing user-level features completely. What they are doing might be fine for mostly embedded uses of ARM's past. But with ARM moving into desktop and server they might want to keep more or less perfect backwards compat. Similar to what Intel and AMD do. IMHO.

Handling ARM architecture changes

Posted Jul 24, 2014 5:17 UTC (Thu) by dlang (guest, #313) [Link] (6 responses)

the problem is that developers are not consulting the kernel when they compile their code, this is something you need to get into the compilers, and since a lot of developers use old compilers (they think it's needed to be compatible with old systems), they aren't going to see the warnings.

So the proposed schedule is no better than doing nothing, when hardware comes out that doesn't have the command, the application will die with an illegal instruction fault, that's actually better than the kernel killing it because the application will continue to run on older hardware even with new kernels.

Handling ARM architecture changes

Posted Jul 24, 2014 7:32 UTC (Thu) by marcH (subscriber, #57642) [Link] (1 responses)

> and since a lot of developers use old compilers (they think it's needed to be compatible with old systems), they aren't going to see the warnings.

So how do they support new systems?

Handling ARM architecture changes

Posted Jul 24, 2014 18:21 UTC (Thu) by dlang (guest, #313) [Link]

they rely on backwards compatibility of those new systems

Handling ARM architecture changes

Posted Jul 24, 2014 16:28 UTC (Thu) by zlynx (guest, #2285) [Link] (3 responses)

You pretty much DO need to use older compilers to build compatible code.

Do you have any idea how much of a pain it is to get new versions of GCC to build against old system libraries?

I guess I am thinking specifically about C++ and libstdc++ support. It is possible plain old C works perfectly.

Handling ARM architecture changes

Posted Jul 28, 2014 17:03 UTC (Mon) by eean (subscriber, #50420) [Link] (2 responses)

err, is using a new G++ with an older libstdc++ even supposed to work? I thought that wasn't supported. Or do you mean other C++ system libraries... like what?

OTOH shipping a newer libstdc++ seems pretty painless.

Handling ARM architecture changes

Posted Jul 28, 2014 17:20 UTC (Mon) by zlynx (guest, #2285) [Link]

I don't think it IS supported which is why it is so much of a pain to make it work.

Say you want to build using a newer G++ that has working profile-generate / profile-use support but you don't want to require a new libstdc++. You have to hack stuff to get g++ to link the right libraries in its build script.

You could ship a new libstdc++ but that is only good if you are shipping an entire application. If you are doing a library or a plugin then you have to work with the system libraries as they are.

Plus, shipping all your own .so or DLL files is a waste of space and makes a mockery of the whole idea of shared libraries.

Handling ARM architecture changes

Posted Jul 29, 2014 19:34 UTC (Tue) by jwakely (subscriber, #60262) [Link]

> err, is using a new G++ with an older libstdc++ even supposed to work?

No.

Handling ARM architecture changes

Posted Jul 24, 2014 5:50 UTC (Thu) by ttonino (guest, #4073) [Link] (2 responses)

The behavior described here delivers no value to the user, compared to ignoring the problem. However, an 'deprecated instruction set' module gets created and maintained, and extensively tested. Which can then be more widely used for devices which lack the deprecated instructions.

But I wonder: instruction sets being what they are, aren't they rather maintenance free, being hidden behind the trap handler?

If the number of instructions does not matter, and only the trap handler will need updating, carrying around a long list of legacy instructions is not really a maintenance burden.

Handling ARM architecture changes

Posted Jul 25, 2014 21:21 UTC (Fri) by kleptog (subscriber, #1183) [Link] (1 responses)

What I'm reading here is that the instructions are related to atomic instructions and memory barriers. This is probably related to the C memory model developed around 2011 where after much discussion they figured out the most relaxed model that still allowed useful programs.

This talk discusses this: http://herbsutter.com/2013/02/11/atomic-weapons-the-c-mem...

At this point ARM decided to toss all the broken/slow/incorrect instructions and just implement the standard C model.

So I think the maintenance cost for the CPU is probably high since atomic instructions tend involve interaction with cache lines and memory, especially in SMP. That's not something you just tack on.

Also, you could emulate it, but ISTM that if your spinlock code is going to trap to the kernel every spin, that's not going to be great for performance.

Handling ARM architecture changes

Posted Jul 26, 2014 3:04 UTC (Sat) by wahern (subscriber, #37304) [Link]

It was deprecated because it was too slow on embedded hardware and replaced by an LL/SC primitive. See http://www.doulos.com/knowhow/arm/Hints_and_Tips/Implemen...

Interestingly LL/SC is a much stronger primitive than a simple atomic swap or even cmpxchg (x86 only has cmpxchg). Although I'm not sure how weak their LL/SC ops are (most LL/SC are pretty weak).

This is all consistent with taking another look at their atomic support after the C11 and C++11 standards where released, but I'm pretty sure SWP was more than sufficient. It really just looks like it was a performance issue regarding memory latency. It's also a bonus that you can probably implement some lock-free algorithms using LDREX/STREX.

Handling ARM architecture changes

Posted Jul 24, 2014 6:00 UTC (Thu) by jcm (subscriber, #18262) [Link]

It's worth noting that instructions aren't arbitrarily removed from any instruction set. This only happens when a deprecation plan exists, and usually only affects infrequently used instructions. The transition to ARMv8 was a little different. v8 is very carefully designed for implementation efficiency. It would be wrong to think, though, that ARM would ever do something they hadn't carefully considered. Their architecture team are some of the most informed, most intelligent, and most wonderful people one is likely to meet anywhere.

Handling ARM architecture changes

Posted Jul 24, 2014 6:50 UTC (Thu) by mjthayer (guest, #39183) [Link] (2 responses)

I wonder whether it wouldn't make more sense to intercept and interpret the illegal instructions in user rather than kernel space?

Handling ARM architecture changes

Posted Jul 24, 2014 9:37 UTC (Thu) by cmarinas (subscriber, #39468) [Link]

I tried suggesting user space handling (SIGILL is delivered with all the information needed) and it's suitable for Android's application launching model but the discussions were rather fundamental about whether the kernel should cover up deprecated/removed architecture features. I'm still strongly opposed to considering this an ABI breakage, especially in the SWP case where HWCAP_SWP is no longer advertised (but never checked by user code anyway).

Handling ARM architecture changes

Posted Jul 24, 2014 16:07 UTC (Thu) by k3ninho (subscriber, #50375) [Link]

This emulatioon could happily appear when processing the apk with Dalvik or ART -- especially if you're going to reprocess every apk from working with a Java-esque VM to native code when installing it (I'm looking at you, ART). It doesn't need to be a kernel thing and can be marked deprecated in the Android compat suite and then removed when the last app triggering the warming leaves the Play Store.

K3n.

Handling ARM architecture changes

Posted Jul 24, 2014 7:26 UTC (Thu) by intgr (subscriber, #39733) [Link] (3 responses)

How would one emulate the SETEND instruction? Wouldn't that also entail trapping all loads and stores larger than 1 byte, to do the endianness conversion?

Handling ARM architecture changes

Posted Jul 24, 2014 7:56 UTC (Thu) by arnd (subscriber, #8866) [Link] (2 responses)

This one is not that hard: the kernel can normally change endianess of a user process, but it requires to trap into the kernel mode, whereas current architecture versions allow changing endianess without going into a higher privilege level.

The ARMv8 architecture also allows implementations to be fixed-endian, so if anybody does that, those processors will not have an easy way to emulate setend.

The other really hard feature to emulate is the "if-then" instructions that allows multiple following instructions to be executed conditionally.

Handling ARM architecture changes

Posted Jul 24, 2014 9:40 UTC (Thu) by cmarinas (subscriber, #39468) [Link] (1 responses)

But note that big endian support is optional, so what do we do on a CPU that chose not to implement it at all?

Handling ARM architecture changes

Posted Jul 24, 2014 10:46 UTC (Thu) by arnd (subscriber, #8866) [Link]

I mentioned that case above, and I think it's reasonable to hope we don't have to deal with it. Emulating setend on bi-endian armv8 hardware is obscure already, and we'd only do that if there are actual users that are impacted by it.

I'm not aware of applications that actually run as big-endian user space with a little-endian kernel, because that's very hard to do (syscall ABI and all). If this exists in theory, that would be the same thing as running a hardfloat binary on an FPU-less CPU, or an iWMMX (xscale) binary on a standard ARM core.

The only use case I know for calling setend otherwise is ARMv6-optimized code (memcmp in raspbian), but there is extremely little ARMv6-optimized code that is meant to be portable -- all general-purpose distros are either built for ARMv5 or ARMv7, and ARMv6 optimized builds tend to be made for a particular SoC. There is also a workaround that you can use for memcmp, using LD_PRELOAD.

not Java?

Posted Jul 24, 2014 7:31 UTC (Thu) by marcH (subscriber, #57642) [Link] (2 responses)

I thought native code was the exception on Android?

Anyway, trying to run binaries that were *compiled* in the 1990s and that no one can merely recompile today (!) does not sound like a very good idea in this Internet+malware day and age.

not Java?

Posted Jul 24, 2014 7:59 UTC (Thu) by arnd (subscriber, #8866) [Link]

Native code is common enough in Android apps that it's a significant problem for the adoption of MIPS and x86 Android devices, to the extent that they often ship with an ARM emulator.

Compatibility with arm32 Android apps is seen as a major feature for arm64 CPUs.

old libraries

Posted Jul 24, 2014 11:16 UTC (Thu) by nhippi (subscriber, #34640) [Link]

People only started seriously getting rid of swp around ~2010 when gas started emitting a warning about it (and compiling to thumb2 become more common). People using old libraries (like boost 1.49*) in their projects are still hitting it:

http://www.rtsoft.com/forums/showthread.php?16636-Warning...

Take an ignorant developer who uses and old copy of a library and doesn't care about warnings... they might still be uploading new packages to play store with swp.

This needs to be attacked from multiple fronts:

- change gas to emit an error instead of warning on swp from armv7+
- get the gas patch into android NDK
- error on deprecated instructions on play store uploads
- spam developers of existing apps in play store about their use of deprecated instructions?
- emulate swp until google reports that there is less than X apps in play store without swp.

Just emulating in kernel won't solve the issue, but it still needs to be done - OEM's will do it anyways, and not having it mainline will be seen from OEM's a message that their needs are not taken seriously by mainline community.

* I suspect game developers using boost are major source of swp as boost upgrades are often API incompatible so sticking to old version is tempting...

Play Store and compatibility

Posted Jul 24, 2014 7:35 UTC (Thu) by marcH (subscriber, #57642) [Link] (8 responses)

> There is one challenge here, in that it can be hard to get anybody to see kernel warnings on a mobile device; users tend not to read the log files often, if, indeed, they have access to the logs at all. For this type of device, warnings may have to be implemented at other levels; in the Play Store, for example.

Indeed, the Play Store is already able to prevent the installation of new applications on old devices. Surely it could do the same thing, just the other way round?

Play Store and compatibility

Posted Jul 24, 2014 9:09 UTC (Thu) by dgm (subscriber, #49227) [Link] (4 responses)

Not all applications come through the Play Store. Users routinely pass .apk files around. Just read some of the forums at xda-developers.com and you will see. There are also applications that backup your installed applications as .apk files. They are very handy when switching phones.

Play Store and compatibility

Posted Jul 24, 2014 9:14 UTC (Thu) by marcH (subscriber, #57642) [Link] (3 responses)

> Not all applications come through the Play Store. Users routinely pass .apk files around. Just read some of the forums at xda-developers.com and you will see.

I know that but: it's "xda-developers", not "xda-users".

You cannot have your cake and eat it: if you pass .apk files around you are supposed to know what you are doing - everything is fine.

Play Store and compatibility

Posted Jul 25, 2014 9:29 UTC (Fri) by dgm (subscriber, #49227) [Link] (2 responses)

Only the vast majority of people on xda-developers are NOT developers. Sorry, but nothing is fine.

Play Store and compatibility

Posted Jul 25, 2014 19:01 UTC (Fri) by marcH (subscriber, #57642) [Link] (1 responses)

Who is installing does not really matter. This is about installing something:
- from a site which has "developers" in the name
- with quite often a warning next to the .apk
- off the official market / store => far away from the usual "incompatible with your device" warnings.

This also requires going and finding in the security settings the box called "Unknown Sources".

Not sure how many more signs you think are needed.

Play Store and compatibility

Posted Jul 28, 2014 13:37 UTC (Mon) by dgm (subscriber, #49227) [Link]

I need none, of course. Just try not to get very upset when users say your stuff is "utter crap".

Play Store and compatibility

Posted Jul 24, 2014 15:29 UTC (Thu) by drag (guest, #31333) [Link] (2 responses)

> Surely it could do the same thing, just the other way round?

Of course. But to do so is' a unacceptable thing to do to people when it can be easily avoided.

The sole purpose for any operating system or hardware is to run software. By forcing people to do things like rebuild binaries for OS upgrades diminishes the value of the OS.

The more you do that the worse the OS is.

----------

Personally I think that they should be looking more at using something like a Qemu-based solution rather then attacking the problem at the OS kernel level.

Qemu has various modes of launching applications. It is typically used for a 'full VM' with emulated hardware and such things, but it doesn't have to be like that.

I expect, especially with a OS like android that does a sandboxed approach by default, that a sort of hybrid container approach is possible... that the application gets executed in the context of the main android OS, but the actual code for the app is executed via a thinly emulated cpu. That would accomplish the same sort of thing as emulating the instructions at the kernel level, but without having to place a permanent maintenance burden on the kernel developers.

This sounds complicated, but I don't think it's really super weird or anything. The kernel would detect that it's not native binary format and instead of treating it like a binary format it treats it like a interpreted program and uses qemu as the interpreter. That way the machine code just becomes another VM language like java or anything else that isn't 'native'.

After all, differences in architectures is why we have VM stuff in the first place.

Play Store and compatibility

Posted Jul 24, 2014 15:49 UTC (Thu) by marcH (subscriber, #57642) [Link]

> The sole purpose for any operating system or hardware is to run software. By forcing people to do things like rebuild binaries for OS upgrades diminishes the value of the OS.
> The more you do that the worse the OS is.

The purpose of an OS is also to be a _sane base for modern, secure and maintained_ applications. Backward compatibility at all costs can be short-sighted; look for instance at the mess that Windows has become. Compare it to how MacOS very successfully migrated from one kernel to another, completely different one, and then again from one CPU architecture to another, every time maintaining backward compatibility *limited in time*.

So there is a balance, nothing's ever black and white. Looks like the final solution is effectively a trade-off with different phases; neither one back compatibility extreme nor the other. Sounds about right - except the devil is always in the details.

Play Store and compatibility

Posted Jul 31, 2014 8:12 UTC (Thu) by Wol (subscriber, #4433) [Link]

Sounds a bit like IBM mainframes, if I understand them correctly ...

Each new revision comes with an emulator for the previous one. To the extent that there are some very old apps that run on an emulator stack about 6 deep ...

Cheers,
Wol

Handling ARM architecture changes

Posted Jul 24, 2014 12:21 UTC (Thu) by flussence (guest, #85566) [Link] (1 responses)

I can understand the position of not wanting to add these sort of hacks to the kernel, but there's already a pretty large (both figuratively and literally) precedent for doing so: the 387 emulator. Given the lack of outcry to remove that over the last 20 years or so, maybe emulating 3 instructions isn't as much of a maintenance burden as it's made out to be.

Handling ARM architecture changes

Posted Jul 26, 2014 1:01 UTC (Sat) by jwarnica (subscriber, #27492) [Link]

Especially when Google is essentially offering to do that work. There is going to be some infrastructure bits, trap handler, instruction loaders... They want this done in a way acceptable to the general kernel, but at least as I read this article would go it their own, if the stock kernel didn't want to do it.

... and then the instructions. As someone else has pointed out, CPU instructions are pretty well defined things, so only ever touching that code once is not impossible.

Handling ARM architecture changes

Posted Nov 19, 2014 19:32 UTC (Wed) by rob.rdj (guest, #99872) [Link]

I know this is very late to contribute but I think it is worth pointing out that the emulation overhead incurred will often be completely invisible because each generation tends to run significantly faster than the previous one. Meaning that performance will not normally be a issue.