Become a Tier 2 Rust Target

[dave-tucker]

Seeing as BPF has spent a few release cycles at Tier 3, we should think about Tier 2.

This is the policy for Tier 2 targets: https://doc.rust-lang.org/nightly/rustc/target-tier-policy.html#tier-2-target-policy

Tier 3 checklist was here

• A tier 2 target must have value to people other than its maintainers. (It may still be a niche target, but it must not be exclusively useful for an inherently closed group.)

:heavy_check_mark:

• A tier 2 target must have a designated team of developers (the "target maintainers") available to consult on target-specific build-breaking issues, or if necessary to develop target-specific language or library implementation details. This team must have at least 2 developers.
  • The target maintainers should not only fix target-specific issues, but should use any such issue as an opportunity to educate the Rust community about portability to their target, and enhance documentation of the target.

That would be @alessandrod and @dave-tucker and anyone else who would like to volunteer

• The target must not place undue burden on Rust developers not specifically concerned with that target. Rust developers are expected to not gratuitously break a tier 2 target, but are not expected to become experts in every tier 2 target, and are not expected to provide target-specific implementations for every tier 2 target.

I think this is ok, since codegen is done in the linker. The only issue might be #1 since that will require the debug bitcode not to break LLVM's dwarf to btf conversion. Which may require LLVM and/or rustc patches.

• The target must provide documentation for the Rust community explaining how to build for the target using cross-compilation, and explaining how to run tests for the target. If at all possible, this documentation should show how to run Rust programs and tests for the target using emulation, to allow anyone to do so. If the target cannot be feasibly emulated, the documentation should explain how to obtain and work with physical hardware, cloud systems, or equivalent.
• The target must document its baseline expectations for the features or versions of CPUs, operating systems, libraries, runtime environments, and similar.

I'm unclear where this documentation should live, but I think it's do-able

• Tier 2 targets must not leave any significant portions of core or the standard library unimplemented or stubbed out, unless they cannot possibly be supported on the target.
  • The right approach to handling a missing feature from a target may depend on whether the target seems likely to develop the feature in the future. In some cases, a target may be co-developed along with Rust support, and Rust may gain new features on the target as that target gains the capabilities to support those features.
  • As an exception, a target identical to an existing tier 1 target except for lower baseline expectations for the OS, CPU, or similar, may propose to qualify as tier 2 (but not higher) without support for std if the target will primarily be used in no_std applications, to reduce the support burden for the standard library. In this case, evaluation of the proposed target's value will take this limitation into account.

This is going to require a lot of work :thinking: We'll need to create an issue to track exactly what we can and can't support here and make sure it gets folded in to the documentation above.

• The code generation backend for the target should not have deficiencies that invalidate Rust safety properties, as evaluated by the Rust compiler team. (This requirement does not apply to arbitrary security enhancements or mitigations provided by code generation backends, only to those properties needed to ensure safe Rust code cannot cause undefined behavior or other unsoundness.) If this requirement does not hold, the target must clearly and prominently document any such limitations as part of the target's entry in the target tier list, and ideally also via a failing test in the testsuite. The Rust compiler team must be satisfied with the balance between these limitations and the difficulty of implementing the necessary features.
  • For example, if Rust relies on a specific code generation feature to ensure that safe code cannot overflow the stack, the code generation for the target should support that feature.
  • If the Rust compiler introduces new safety properties (such as via new capabilities of a compiler backend), the Rust compiler team will determine if they consider those new safety properties a best-effort improvement for specific targets, or a required property for all Rust targets. In the latter case, the compiler team may require the maintainers of existing targets to either implement and confirm support for the property or update the target tier list with documentation of the missing property.

This is also going to require some research, especially as integer overflow checks in the debug profile upset the eBPF verifier.

• If the target supports C code, and the target has an interoperable calling convention for C code, the Rust target must support that C calling convention for the platform via extern "C". The C calling convention does not need to be the default Rust calling convention for the target, however.

Yup, I guess we'd need to implement that too.

• The target must build reliably in CI, for all components that Rust's CI considers mandatory.

:heavy_check_mark:

• The approving teams may additionally require that a subset of tests pass in CI, such as enough to build a functional "hello world" program, ./x.py test --no-run, or equivalent "smoke tests". In particular, this requirement may apply if the target builds host tools, or if the tests in question provide substantial value via early detection of critical problems. Building the target in CI must not take substantially longer than the current slowest target in CI, and should not substantially raise the maintenance burden of the CI infrastructure. This requirement is subjective, to be evaluated by the infrastructure team, and will take the community importance of the target into account.
• Tier 2 targets should, if at all possible, support cross-compiling. Tier 2 targets should not require using the target as the host for builds, even if the target supports host tools.

:heavy_check_mark:

• In addition to the legal requirements for all targets (specified in the tier 3 requirements), because a tier 2 target typically involves the Rust project building and supplying various compiled binaries, incorporating the target and redistributing any resulting compiled binaries (e.g. built libraries, host tools if any) must not impose any onerous license requirements on any members of the Rust project, including infrastructure team members and those operating CI systems. This is a subjective requirement, to be evaluated by the approving teams.

:heavy_check_mark:

• The target maintainers should regularly run the testsuite for the target, and should fix any test failures in a reasonably timely fashion.

:heavy_check_mark:

[vadorovsky]

What do we need to concretely do here? I guess that:

• [ ] Figuring out a better was of targetting CPU architectures cross-compilation rather than ctg(bpf_target_arch). bpf_target_arch is a hack. How do we fix that?
  • Different targets per CPU arch? Like bpfel_aarch64-unknown-none, bpfel_x86_64-unknown-none?
• [ ] Do we support extern "C"? I guess yes, but I need to double check.
• [ ] Handle panics. For now we tell people to not panic but if they do panic then currently that triggers UB.

Regarding some previous concerns from @dave-tucker

The only issue might be https://github.com/aya-rs/bpf-linker/issues/1 since that will require the debug bitcode not to break LLVM's dwarf to btf conversion. Which may require LLVM and/or rustc patches.

We chatted a bit with Josh Triplett on LPC, he said that BTF and disabling debug info in bpf-linker is not an issue and shouldn't be an obstacle in getting to Tier 2.

I'm unclear where this documentation should live, but I think it's do-able

I think it should live here:

https://doc.rust-lang.org/rustc/platform-support.html

like i.e. https://doc.rust-lang.org/rustc/platform-support/wasm64-unknown-unknown.html

and follow the template https://doc.rust-lang.org/rustc/platform-support/TEMPLATE.html

This is also going to require some research, especially as integer overflow checks in the debug profile upset the eBPF verifier.

Is it still the case?