From Fedora Project Wiki
Line 104: Line 104:
== Contingency Plan ==
== Contingency Plan ==
The backup plan is trivial.  We can keep the current policy in place.
The backup plan is trivial.  We can keep the current policy in place.
If the policy change is approved, but a particular package has not switched to the upstream preferred compiler, the package can continue to build with GCC until the package maintainer has the time to make the change for their particular package.
Failure to convert any particular package should not create any downstream or distribution wide delays.


* Contingency mechanism:  
* Contingency mechanism:  

Revision as of 00:35, 17 April 2021

Changes/CompilerPolicy Change

Summary

Fedora has historically forced packages to build with GCC unless the upstream project for the package only supported Clang/LLVM. This change proposal replaces that policy with one where, given a good technical reason, a packager may:

  • Choose to build with their package with clang even if the upstream project supports gcc.
  • Choose to build with gcc even if upstream does not support it.

The goal is to give the packager the ability to use their own technical judgement to choose the best compiler.

Note this change is only for compiler selection. It does not change existing policies WRT runtime library selection, linker selection, debuggers, etc.

Owner

  • Name: Jeff Law
  • Email: law@redhat.com
  • Name: Tom Stellard
  • Email: tstellar@redhat.com

Current status

  • Targeted release: Fedora 35
  • Last updated: 2021-04-17
  • FESCo issue: #2409
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The main goal here is to give a packager some freedom to select the best compiler for their package. However, packagers must have a valid technical reason for the compiler choice. Without a valid technical reason, packagers must use the default compiler for their package. The default compiler is defined as gcc or when upstream doesn't support gcc, then the default compiler should be clang. Examples of valid technical reasons to not use the default compiler, include but are not limited to:

  • The default compiler cannot build a package correctly.
  • The packager needs to disable a compiler feature (e.g. LTO) in order for the default compiler to correctly compile their package.
  • The default compiler takes significantly longer to build a package.
  • The default compiler is missing a feature that would benefit the package.

If this policy is implemented, it may be beneficial for packagers to use conditional macros to switch between different compilers. This could be useful when trying to make a comparison between the two compilers or to make it easy to change back to the default compiler. Therefore, in addition to updating the compiler policy, we are also proposing to add the following macros redhat-rpm-config to help facilitate easily switching between different compilers: The new macros are:

%cc - equivalent to %__cc (C Compiler) %cxx - equivalent to %__cxx (C++ Compiler) %cpp - equivalent to %_cpp (C preprocessor)

The policy update will also recommend that when packagers want to add conditional flags to control the compiler choice, that they should use standardized parameter names:

%bcond_with toolchain_clang %bcond_with toolchain_gcc

Note this change is only for compiler selection. It does not change existing policies WRT runtime library selection, linker selection, debuggers, etc.

It is worth noting that Clang/LLVM's implementation of -fstack-clash-protection, which is one of Fedora's default compiler flags, is under development and does not yet have an implentation for AArch64.

Benefit to Fedora

This change allows packagers more freedom to use the compiler that produces the best version of their package, which helps to give our users a better overall experience. Also, giving package maintainers more freedom to select the best compiler, let's them spend more time focusing on package improvements and less time on debugging compiler issues.

An example of a package that could benefit from this policy is Firefox. Upstream, the Firefox project builds primarily with Clang/LLVM. Yet we force the Fedora package owner to find and fix issues building with GCC then either carry those custom fixes forward in Fedora or negotiate with upstream to get those changes upstreamed. While this process can be helpful in finding non-portable code, this is ultimately a poor use of the packager's time.

Additionally Fedora loses the benefit of the testing provided by other distributions where Firefox is compiled in the same way as the upstream project -- when issues arise the Fedora team must consider the possibility that the problem is due to using GCC instead of Clang/LLVM or the patches to make that possible. Again, this is a poor use of Fedora developer's time.

Other packages that may benefit include:

  • llvm/clang (currently has to disable LTO due to compilation failures).
  • qemu (could take advantage of clang's CFI hardening feature).

Scope

  • Proposal owners:

Update the Fedora Packaging Guidelines to reflect the policy change and submit patch with new macros to redhat-rpm-config


  • Other developers:

Developers that want to use a new compiler in accordance with the policy may update their packages if they want, but there is no required action for packagers with this change.


  • Release engineering: [1] (a check of an impact with Release Engineering is needed)

I do not believe this change requires any coordination with release engineering. No mass rebuild is required.

  • Policies and guidelines:

Yes, the packaging guidelines certainly need to be updated for this feature. That can happen as soon as the exact text is agreed upon.

  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This should not require any configuration changes or data migration, nor should it change existing functionality.

How To Test

For packages where the compiler should change, the package owner will need to update the spec file and build the package with the new compiler. Once done, the package's testsuite should be run (if it's not part of the standard build process).

In general, I would think the standard Fedora QE work should be sufficient here, perhaps with a bit of additional attention to the affected packages. The graphical nature of some of the affected packages like Firefox and Chrome will make testing difficult on some of Fedora's architectures.

User Experience

Users should not notice any change.

Dependencies

There are no dependencies, once the policy change is made, if packagers choose to update their packages, they can do it at any time.

Contingency Plan

The backup plan is trivial. We can keep the current policy in place.

  • Contingency mechanism:

It seems like we could institute the policy change anytime we choose. But it also seems like once the policy change is in place, packages that are going to convert should do so before beta freeze.

  • Contingency deadline: Fedora can ship with this feature in an incomplete state.
  • Blocks release? No
  • Blocks product? N/A

Documentation

Several years ago Red Hat's tools team championed for Fedora policy to strongly discourage the use of LLVM/Clang for package building. Exceptions were made for packages that could only be built with Clang/LLVM:

https://docs.fedoraproject.org/en-US/packaging-guidelines/#compiler


At that point in history Red Hat had no Clang/LLVM engineers or expertise. In fact, the LLVM packages were actually maintained by an engineer on the desktop team (they had a hard requirement for llvm-pipe, so they got to own the Clang/LLVM bits). The policy essentially was a risk management strategy for Fedora.

Times have changed and as a result we should revisit that Fedora policy.

The Red Hat tools team believes that LLVM/Clang and GCC should be considered equals from a Fedora policy standpoint. Selection of one toolchain over the other should be driven by the upstream project's preferences not by Fedora specific policy.

What that means in practice is that if the project upstream prefers Clang/LLVM, then Fedora should in turn be using Clang/LLVM to build those packages. As a concrete example, let's consider Chromium.

Chromium upstream has been building with Clang/LLVM for several years. Yet policy has forced Fedora package owners to shoulder a significant burden to make it build with GCC. Furthermore, Fedora does not get as much benefit at it could by forcing Chromium to be built with GCC since most other instances are built with Clang/LLVM.

By changing policy Fedora package maintainers no longer have to waste time trying to make Chromium build/work with GCC and Fedora gains additional "many eyes" and "many users" benefits by relying on the same tools to build Chrome as the upstream developers and other distributions.

Additionally, if an upstream project currently uses GCC, but switches to Clang/LLVM (or vice-versa), then the package in Fedora should switch in a similar manner. The only policy restriction should be that the compiler must exist in Fedora.

In some ways this means there is no "default" compiler for Fedora. The default is whatever the upstream project supports/recommends. However, there are probably many packages with upstreams that are ambivalent about their compiler choice. For those packages I would recommend we keep the status quo at the current time. For a package with a dead upstream, the Fedora packager should be able to select the compiler they want to use for the package.

Release Notes

This change should not have any end user impacts nor does it strictly require a release note. However, a short release note could be written if FESCO or the development community thinks it would be useful.