appcert Results
The results of the appcert utility's analysis of an application's object files are written to several files that are located in the appcert utility's working directory (typically /tmp) The main subdirectory under the working directory is appcert.pid, where pid is the process ID for that instantiation of appcert. The appcert utility's results are written to the following files:
Index | Contains the mapping between checked binaries and the subdirectory in which appcert output specific to that binary is located. | |||||||||||||||
Report | Contains a copy of the rollup report displayed on stdout when appcert is run. | |||||||||||||||
Skipped | Contains a list of binaries that appcert was asked to check but was forced to skip, along with the reason each binary was skipped. These reasons are:
| |||||||||||||||
objects/object_name | A separate subdirectory is under the objects subdirectory for each object examined by appcert. Each of these subdirectories contains the following files:
|
When appcert exits, it returns one of four exit values.
0 | No potential sources of binary instability were found by appcert. |
1 | The appcert utility did not run successfully. |
2 | Some of the objects checked by appcert have potential binary stability problems. |
3 | The appcert utility did not find any binary objects to check. |
Correcting Problems Reported by appcert
Private Symbol Use - Because private symbols might change their behavior or disappear from one Solaris release to another, an application that depends on private symbols might not run on a Solaris release different from the one in which it was developed. If appcert reports private symbol usage in your application, rewrite the application to avoid the use of private symbols.
Demoted Symbols - Demoted symbols are functions or data variables in a Solaris library that have been removed or scoped locally in a later Solaris release. An application that directly calls such a symbol will fail to run on a release whose libraries do not export that symbol.
Unbound Symbols - Unbound symbols are library symbols that are referenced by the application that the dynamic linker was unable to resolve when called by appcert. While unbound symbols are not always an indicator of poor binary stability, they might indicate a more serious problem, such as dependencies on demoted symbols.
Obsolete Library - An obsolete library might be removed from the Solaris operating environment in a future release. The appcert utility flags any use of such a library, because applications that depend on them may not function in a future release that does not feature the library. To avoid this problem, do not use interfaces from obsolete libraries.
Use of sys_errlist or sys_nerr - The use of the sys_errlist and sys_nerr symbols might degrade binary stability, as a reference might be made past the end of the sys_errlist array. To avoid this risk, use strerror instead.
Use of strong and weak symbols - The strong symbols that are associated with weak symbols are reserved as private because their behavior might change in future Solaris releases. Applications should only directly reference weak symbols. An example of a strong symbol is _socket, which is associated with the weak symbol socket.
Using apptrace for Application Verification
The apptrace utility is a C program which dynamically traces calls to Solaris library routines as an application runs. It works on either SPARC or Intel platforms, and can trace interface calls for both SPARC and Intel 32-bit interfaces as well as the 64-bit interfaces on SPARC. As with appcert, apptrace only examines C language interfaces.
Application Verification
After using appcert to determine an application is at risk of binary instability, apptrace helps assess the degree of risk in each case. To determine an application's binary compatibility with a given release, verify the successful use of each interface used by the application with apptrace.
The apptrace utility can verify that an application is using public interfaces correctly. For example, an application using the open() to open the administrative file /etc/passwd directly should instead use the appropriate programmatic interfaces. This ability to inspect the usage of the Solaris ABI enables easy and rapid identification of potential interface problems.
Running apptrace
The apptrace utility does not require any modification of the application being traced. To use apptrace, type apptrace, followed by any desired options along with the command line used to run the application of interest. The apptrace utility works by using the link-auditing functionality of the runtime linker to intercept the application's calls to Solaris library interfaces. The apptrace utility then traces the calls by printing the names and values of the call's arguments and return value. The tracing output can be on a single line or arranged across multiple lines for readability. Public interfaces are printed in human-readable form. Private interfaces are printed in hexadecimal.
The apptrace utility enables selective tracing of calls, both at the level of individual interfaces and/or libraries. For example, apptrace can trace calls to printf() coming from libnsl, or a range of calls within a specific library. The apptrace utility can also verbosely trace user-specified calls. The specifications dictating apptrace behavior are governed by a syntax consistent with the usage of truss(1). The -f option directs apptrace to follow forked child processes. The -o option specifies an output file for apptrace results.
The apptrace utility traces only library-level calls and is loaded into the running application process, gaining a performance increase over truss. With the exception of printf, apptrace cannot trace calls to functions that accept variable argument lists or examine the stack or other caller information, for example, setcontext, getcontext, setjmp, longjmp, and vfork.
Interpreting apptrace Output
The following examples contain sample apptrace output from tracing a simple one-binary application, ls.
Example 10-1 Default Tracing Behavior
The above example shows the default tracing behavior, tracing every library call on the command ls /etc/passwd. The apptrace utility prints a line of output for every system call, indicating:
The name of the call
The library the call is in
The arguments and return values of the call
Example 10-2 Selective Tracing
The above example shows how apptrace can selectively trace calls with regular-expression syntax. In the example, calls to interfaces ending in printf, which include sprintf, are traced in the same ls command as before. Consequently, apptrace only traces the printf and sprintf calls.
Example 10-3 Verbose Tracing