dlsym to load sidecar symbols not necessary any+

Author: cataphract

Makefile

@@ -51,7 +51,7 @@ RUN_TESTS_CMD := DD_SERVICE= DD_ENV= REPORT_EXIT_STATUS=1 TEST_PHP_SRCDIR=$(PROJ
 
 C_FILES = $(shell find components components-rs ext src/dogstatsd zend_abstract_interface -name '*.c' -o -name '*.h' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
 TEST_FILES = $(shell find tests/ext -name '*.php*' -o -name '*.inc' -o -name '*.json' -o -name '*.yaml' -o -name 'CONFLICTS' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
-RUST_FILES = $(BUILD_DIR)/Cargo.toml $(BUILD_DIR)/Cargo.lock $(shell find components-rs -name '*.c' -o -name '*.rs' -o -name 'Cargo.toml' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' ) $(shell find libdatadog/{build-common,datadog-ffe,datadog-ipc,datadog-ipc-macros,datadog-live-debugger,datadog-live-debugger-ffi,datadog-remote-config,datadog-sidecar,datadog-sidecar-ffi,datadog-sidecar-macros,libdd-alloc,libdd-common,libdd-common-ffi,libdd-crashtracker,libdd-crashtracker-ffi,libdd-data-pipeline,libdd-ddsketch,libdd-dogstatsd-client,libdd-library-config,libdd-library-config-ffi,libdd-log,libdd-telemetry,libdd-telemetry-ffi,libdd-tinybytes,libdd-trace-*,spawn_worker,tools/cc_utils,libdd-trace-*,Cargo.toml} \( -type l -o -type f \) \( -path "*/src*" -o -path "*/examples*" -o -path "*Cargo.toml" -o -path "*/build.rs" -o -path "*/tests/dataservice.rs" -o -path "*/tests/service_functional.rs" \) -not -path "*/datadog-ipc/build.rs" -not -path "*/datadog-sidecar-ffi/build.rs")
+RUST_FILES = $(BUILD_DIR)/Cargo.toml $(BUILD_DIR)/Cargo.lock $(shell find components-rs -name '*.c' -o -name '*.rs' -o -name 'Cargo.toml' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' ) $(shell find libdatadog/{build-common,datadog-ffe,datadog-ipc,datadog-ipc-macros,datadog-live-debugger,datadog-live-debugger-ffi,datadog-remote-config,datadog-sidecar,datadog-sidecar-appsec-ffi,datadog-sidecar-ffi,datadog-sidecar-macros,libdd-alloc,libdd-common,libdd-common-ffi,libdd-crashtracker,libdd-crashtracker-ffi,libdd-data-pipeline,libdd-ddsketch,libdd-dogstatsd-client,libdd-library-config,libdd-library-config-ffi,libdd-log,libdd-telemetry,libdd-telemetry-ffi,libdd-tinybytes,libdd-trace-*,spawn_worker,tools/cc_utils,libdd-trace-*,Cargo.toml} \( -type l -o -type f \) \( -path "*/src*" -o -path "*/examples*" -o -path "*Cargo.toml" -o -path "*/build.rs" -o -path "*/tests/dataservice.rs" -o -path "*/tests/service_functional.rs" \) -not -path "*/datadog-ipc/build.rs" -not -path "*/datadog-sidecar-ffi/build.rs")
 ALL_OBJECT_FILES = $(C_FILES) $(RUST_FILES) $(BUILD_DIR)/Makefile
 TEST_OPCACHE_FILES = $(shell find tests/opcache -name '*.php*' -o -name '.gitkeep' | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
 TEST_STUB_FILES = $(shell find tests/ext -type d -name 'stubs' -exec find '{}' -type f \; | awk '{ printf "$(BUILD_DIR)/%s\n", $$1 }' )
@@ -426,7 +426,7 @@ clang_format_fix:
 cbindgen: remove_cbindgen generate_cbindgen
 
 remove_cbindgen:
-	rm -f components-rs/ddtrace.h components-rs/live-debugger.h components-rs/telemetry.h components-rs/sidecar.h components-rs/common.h components-rs/crashtracker.h components-rs/library-config.h
+	rm -f components-rs/ddtrace.h components-rs/live-debugger.h components-rs/telemetry.h components-rs/sidecar.h components-rs/sidecar-appsec.h components-rs/common.h components-rs/crashtracker.h components-rs/library-config.h
 
 generate_cbindgen: cbindgen_binary # Regenerate components-rs/ddtrace.h components-rs/live-debugger.h components-rs/telemetry.h components-rs/sidecar.h components-rs/common.h components-rs/crashtracker.h components-rs/library-config.h
 	( \
@@ -446,6 +446,9 @@ generate_cbindgen: cbindgen_binary # Regenerate components-rs/ddtrace.h componen
 		$(command rustup && echo run nightly --) cbindgen --crate datadog-sidecar-ffi  \
 			--config datadog-sidecar-ffi/cbindgen.toml \
 			--output $(PROJECT_ROOT)/components-rs/sidecar.h; \
+		$(command rustup && echo run nightly --) cbindgen --crate datadog-sidecar-appsec-ffi  \
+			--config datadog-sidecar-appsec-ffi/cbindgen.toml \
+			--output $(PROJECT_ROOT)/components-rs/sidecar-appsec.h; \
 		$(command rustup && echo run nightly --) cbindgen --crate libdd-crashtracker-ffi  \
 			--config libdd-crashtracker-ffi/cbindgen.toml \
 			--output $(PROJECT_ROOT)/components-rs/crashtracker.h; \
@@ -456,7 +459,7 @@ generate_cbindgen: cbindgen_binary # Regenerate components-rs/ddtrace.h componen
 			mkdir -pv "$(BUILD_DIR)"; \
 			export CARGO_TARGET_DIR="$(BUILD_DIR)/target"; \
 		fi; \
-		cargo run -p tools --bin dedup_headers -- $(PROJECT_ROOT)/components-rs/common.h $(PROJECT_ROOT)/components-rs/ddtrace.h $(PROJECT_ROOT)/components-rs/live-debugger.h $(PROJECT_ROOT)/components-rs/telemetry.h $(PROJECT_ROOT)/components-rs/sidecar.h $(PROJECT_ROOT)/components-rs/crashtracker.h $(PROJECT_ROOT)/components-rs/library-config.h \
+		cargo run -p tools --bin dedup_headers -- $(PROJECT_ROOT)/components-rs/common.h $(PROJECT_ROOT)/components-rs/ddtrace.h $(PROJECT_ROOT)/components-rs/live-debugger.h $(PROJECT_ROOT)/components-rs/telemetry.h $(PROJECT_ROOT)/components-rs/sidecar.h $(PROJECT_ROOT)/components-rs/sidecar-appsec.h $(PROJECT_ROOT)/components-rs/crashtracker.h $(PROJECT_ROOT)/components-rs/library-config.h \
 	)
 
 cbindgen_binary:

appsec/helper-rust/build.rs

@@ -52,8 +52,13 @@ fn main() {
     // in the same directory as the binary/library
     if target.contains("linux") {
         println!("cargo::rustc-link-arg=-Wl,-rpath,$ORIGIN");
+        // Allow symbols to be resolved from the parent process at dlopen time.
+        println!("cargo::rustc-link-arg=-Wl,--allow-shlib-undefined");
     } else if target.contains("darwin") || target.contains("apple") {
         println!("cargo::rustc-link-arg=-Wl,-rpath,@loader_path");
+        // Allow undefined symbols to be resolved at dlopen time from the parent process.
+        println!("cargo::rustc-link-arg=-undefined");
+        println!("cargo::rustc-link-arg=dynamic_lookup");
     }
 
     // If LIBDDWAF_PREFIX is set, add that library path to rpath as well
@@ -66,7 +71,6 @@ fn main() {
     println!("cargo::rerun-if-env-changed=LIBDDWAF_PREFIX");
 
     set_ddappsec_version();
-    build_test_sidecar_lib();
 }
 
 fn set_ddappsec_version() {
@@ -81,32 +85,3 @@ fn set_ddappsec_version() {
     println!("cargo::rustc-env=DDAPPSEC_VERSION={}", version);
     println!("cargo::rerun-if-changed={}", version_path.display());
 }
-
-fn build_test_sidecar_lib() {
-    let out_dir = env::var("OUT_DIR").expect("OUT_DIR not set");
-    let target = env::var("TARGET").expect("TARGET not set");
-    let host = env::var("HOST").expect("HOST not set");
-
-    let (lib_name, shared_flag) = if target.contains("darwin") || target.contains("apple") {
-        ("libtest_sidecar.dylib", "-dynamiclib")
-    } else {
-        ("libtest_sidecar.so", "-shared")
-    };
-
-    let src = "test_sidecar_lib.c";
-    let out = PathBuf::from(&out_dir).join(lib_name);
-
-    let status = cc::Build::new()
-        .target(&target)
-        .host(&host)
-        .get_compiler()
-        .to_command()
-        .args([shared_flag, "-fPIC", "-o"])
-        .arg(&out)
-        .arg(src)
-        .status()
-        .expect("Failed to run C compiler for test fixture");
-
-    assert!(status.success(), "Failed to compile test sidecar library");
-    println!("cargo::rerun-if-changed={}", src);
-}

appsec/helper-rust/scripts/generate-sidecar-ffi.sh

@@ -14,7 +14,7 @@ OUTPUT_FILE="$PROJECT_DIR/src/ffi/sidecar_ffi.rs"
 
 cd "$COMPONENTS_RS_DIR"
 
-bindgen sidecar.h \
+bindgen sidecar-appsec.h \
     --allowlist-function 'ddog_sidecar_enqueue_telemetry_log' \
     --allowlist-function 'ddog_sidecar_enqueue_telemetry_point' \
     --allowlist-function 'ddog_sidecar_enqueue_telemetry_metric' \
@@ -24,6 +24,9 @@ bindgen sidecar.h \
     --allowlist-function 'ddog_Error_drop' \
     --allowlist-function 'ddog_Error_message' \
     --allowlist-function 'ddog_MaybeError_drop' \
+    --allowlist-function 'ddog_remote_config_path' \
+    --allowlist-function 'ddog_remote_config_path_free' \
+    --allowlist-function 'ddog_set_rc_notify_fn' \
     --allowlist-type 'ddog_SidecarTransport' \
     --allowlist-type 'ddog_LogLevel' \
     --allowlist-type 'ddog_CharSlice' \
@@ -34,14 +37,15 @@ bindgen sidecar.h \
     --allowlist-type 'ddog_Error' \
     --allowlist-type 'ddog_Vec_U8' \
     --allowlist-type 'ddog_MetricNamespace' \
+    --allowlist-type 'ddog_MetricType' \
     --no-layout-tests \
     --no-doc-comments \
     --use-core \
-    --raw-line '//! Auto-generated FFI bindings from components-rs/sidecar.h' \
+    --raw-line '//! Auto-generated FFI bindings from components-rs/sidecar-appsec.h' \
     --raw-line '//!' \
     --raw-line '//! Regenerate with: ./scripts/generate-sidecar-ffi.sh' \
     --raw-line '//!' \
-    --raw-line '//! Only includes types/functions needed for helper-rust as telemetry sender.' \
+    --raw-line '//! Only includes types/functions needed by helper-rust.' \
     --raw-line '#![allow(non_camel_case_types, non_upper_case_globals, dead_code)]' \
     --output "$OUTPUT_FILE" \
     -- -I.

appsec/helper-rust/src/ffi.rs

@@ -1,198 +1,83 @@
-use std::{
-    cell::UnsafeCell,
-    ffi::CStr,
-    marker::PhantomData,
-    ops::Deref,
-    sync::atomic::{AtomicBool, Ordering},
-};
-
-use crate::client::log::error;
-
 pub mod sidecar_ffi;
 
-#[macro_export]
-macro_rules! sidecar_symbol {
-    // form 1: inline function signature
-    (
-        static $static:ident =
-        fn($($arg:ty),* $(, ...)? $(,)?) $(-> $ret:ty)? :
-        $name:ident
-    ) => {
-        type $name = unsafe extern "C" fn(
-            $($arg),*
-            $(, ...)?
-        ) $(-> $ret)?;
-
-        static $static: SidecarSymbol<$name> =
-            SidecarSymbol::new(::std::concat!(::std::stringify!($name), "\0"));
-
-        const _: () = {
-            let _: $name = $name;
-        };
-    };
-
-    // form 2: type alias
-    (
-        static $static:ident =
-        $ty:ty :
-        $name:ident
-    ) => {
-        static $static: SidecarSymbol<$ty> =
-            SidecarSymbol::new(unsafe {::std::ffi::CStr::from_bytes_with_nul_unchecked(::std::concat!(::std::stringify!($name), "\0").as_bytes())});
-
-        const _: () = {
-            let _: $ty = $name;
-        };
-    };
-}
-
-pub struct SidecarSymbol<Func> {
-    // In order to implement Deref, we need to have a sort of rvalue for the function
-    // So do not use an AtomicPtr that we check for null to determine if we're initialized
-    func_ptr: UnsafeCell<*mut libc::c_void>,
-    initialized: AtomicBool,
-    name: &'static CStr,
-    _phantom: PhantomData<Func>,
-}
-impl<Func> SidecarSymbol<Func> {
-    pub const fn new(name: &'static CStr) -> Self {
-        assert!(
-            std::mem::size_of::<Func>() == std::mem::size_of::<*mut libc::c_void>(),
-            "Func must be pointer-sized"
-        );
-        Self {
-            func_ptr: UnsafeCell::new(std::ptr::null_mut()),
-            initialized: AtomicBool::new(false),
-            name,
-            _phantom: PhantomData,
-        }
+// Stub implementations of the sidecar symbols for `cargo test`.
+// In production the real symbols are provided by datadog-ipc-helper at
+// dlopen time.  The cdylib has no stubs (--allow-shlib-undefined covers it);
+// the test executable needs concrete definitions at link time because lld on
+// musl does not allow undefined symbols in executables.
+#[cfg(test)]
+mod test_stubs {
+    use super::sidecar_ffi::*;
+
+    #[no_mangle]
+    extern "C" fn ddog_Error_drop(_: *mut ddog_Error) {}
+    #[no_mangle]
+    extern "C" fn ddog_Error_message(_: *const ddog_Error) -> ddog_CharSlice {
+        ddog_CharSlice { ptr: std::ptr::null(), len: 0 }
     }
-
-    pub fn resolve(&self) -> anyhow::Result<()> {
-        if self.initialized.load(Ordering::Acquire) {
-            return Ok(());
-        }
-
-        let func_ptr = unsafe { libc::dlsym(libc::RTLD_DEFAULT, self.name.as_ptr()) };
-        if func_ptr.is_null() {
-            return Err(anyhow::anyhow!("Failed to resolve symbol: {:?}", self.name));
-        }
-        unsafe { std::ptr::write(self.func_ptr.get(), func_ptr) };
-        self.initialized.store(true, Ordering::Release);
-        Ok(())
+    #[no_mangle]
+    extern "C" fn ddog_MaybeError_drop(_: ddog_MaybeError) {}
+    #[no_mangle]
+    extern "C" fn ddog_set_rc_notify_fn(_: ddog_InProcNotifyFn) {}
+    #[no_mangle]
+    unsafe extern "C" fn ddog_remote_config_path(
+        _: *const ddog_ConfigInvariants,
+        _: *const ddog_Arc_Target,
+    ) -> *mut std::ffi::c_char {
+        std::ptr::null_mut()
     }
-
-    fn get(&self) -> Option<&Func> {
-        if !self.initialized.load(Ordering::Acquire) {
-            None
-        } else {
-            Some(unsafe { &*self.func_ptr.get().cast() })
+    #[no_mangle]
+    extern "C" fn ddog_remote_config_path_free(_: *mut std::ffi::c_char) {}
+    #[no_mangle]
+    unsafe extern "C" fn ddog_sidecar_connect(
+        _: *mut *mut ddog_SidecarTransport,
+    ) -> ddog_MaybeError {
+        ddog_MaybeError {
+            tag: ddog_Option_Error_Tag_DDOG_OPTION_ERROR_NONE_ERROR,
+            __bindgen_anon_1: unsafe { std::mem::zeroed() },
         }
     }
-}
-unsafe impl<Func> Sync for SidecarSymbol<Func> {}
-impl<Func> Deref for SidecarSymbol<Func> {
-    type Target = Func;
-
-    fn deref(&self) -> &Self::Target {
-        match self.get() {
-            Some(func) => func,
-            None => {
-                error!("Symbol is not resolved, will panic: {:?}", self);
-                panic!("Symbol is not resolved: {:?}", self.name);
-            }
+    #[no_mangle]
+    extern "C" fn ddog_sidecar_transport_drop(_: *mut ddog_SidecarTransport) {}
+    #[no_mangle]
+    unsafe extern "C" fn ddog_sidecar_ping(
+        _: *mut *mut ddog_SidecarTransport,
+    ) -> ddog_MaybeError {
+        ddog_MaybeError {
+            tag: ddog_Option_Error_Tag_DDOG_OPTION_ERROR_NONE_ERROR,
+            __bindgen_anon_1: unsafe { std::mem::zeroed() },
         }
     }
-}
-impl<Func> std::fmt::Debug for SidecarSymbol<Func> {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        let initialized = self.initialized.load(Ordering::Acquire);
-        let mut ds = f.debug_struct("SidecarSymbol");
-        ds.field("name", &self.name)
-            .field("name", &self.name)
-            .field("initialized", &initialized);
-        if initialized {
-            ds.field("func_ptr", &self.func_ptr.get());
+    #[no_mangle]
+    unsafe extern "C" fn ddog_sidecar_enqueue_telemetry_log(
+        _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice,
+        _: ddog_CharSlice, _: ddog_LogLevel, _: ddog_CharSlice,
+        _: *mut ddog_CharSlice, _: *mut ddog_CharSlice, _: bool,
+    ) -> ddog_MaybeError {
+        ddog_MaybeError {
+            tag: ddog_Option_Error_Tag_DDOG_OPTION_ERROR_NONE_ERROR,
+            __bindgen_anon_1: unsafe { std::mem::zeroed() },
         }
-        ds.finish()
     }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use std::ffi::CStr;
-    use std::path::PathBuf;
-
-    fn load_library(path: &std::path::Path) -> *mut libc::c_void {
-        let path_cstr = std::ffi::CString::new(path.to_str().unwrap()).expect("Invalid path");
-
-        let handle =
-            unsafe { libc::dlopen(path_cstr.as_ptr(), libc::RTLD_NOW | libc::RTLD_GLOBAL) };
-
-        if handle.is_null() {
-            let error = unsafe { libc::dlerror() };
-            if !error.is_null() {
-                let error_str = unsafe { CStr::from_ptr(error) };
-                panic!("dlopen failed: {:?}", error_str);
-            }
-            panic!("dlopen failed with unknown error");
+    #[no_mangle]
+    unsafe extern "C" fn ddog_sidecar_enqueue_telemetry_point(
+        _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice,
+        _: ddog_CharSlice, _: f64, _: *mut ddog_CharSlice,
+    ) -> ddog_MaybeError {
+        ddog_MaybeError {
+            tag: ddog_Option_Error_Tag_DDOG_OPTION_ERROR_NONE_ERROR,
+            __bindgen_anon_1: unsafe { std::mem::zeroed() },
         }
-
-        handle
     }
-
-    fn unload_library(handle: *mut libc::c_void) {
-        if !handle.is_null() {
-            unsafe {
-                libc::dlclose(handle);
-            }
+    #[no_mangle]
+    unsafe extern "C" fn ddog_sidecar_enqueue_telemetry_metric(
+        _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice, _: ddog_CharSlice,
+        _: ddog_CharSlice, _: ddog_MetricType, _: ddog_MetricNamespace,
+    ) -> ddog_MaybeError {
+        ddog_MaybeError {
+            tag: ddog_Option_Error_Tag_DDOG_OPTION_ERROR_NONE_ERROR,
+            __bindgen_anon_1: unsafe { std::mem::zeroed() },
         }
     }
-
-    type TestAddFn = unsafe extern "C" fn(i32, i32) -> i32;
-
-    #[test]
-    fn test_sidecar_symbol_resolve_and_call() {
-        #[cfg(target_os = "macos")]
-        let lib_name = "libtest_sidecar.dylib";
-        #[cfg(target_os = "linux")]
-        let lib_name = "libtest_sidecar.so";
-        let lib_path = PathBuf::from(env!("OUT_DIR")).join(lib_name);
-        let handle = load_library(&lib_path);
-
-        static TEST_ADD_SYMBOL: SidecarSymbol<TestAddFn> = SidecarSymbol::new(c"test_add");
-        TEST_ADD_SYMBOL
-            .resolve()
-            .expect("Failed to resolve test_add symbol");
-
-        let result = unsafe { TEST_ADD_SYMBOL(3, 4) };
-        assert_eq!(result, 7, "test_add(3, 4) should return 7");
-
-        unload_library(handle);
-    }
-
-    #[test]
-    fn test_sidecar_symbol_unresolved_symbol_fails() {
-        static NONEXISTENT_SYMBOL: SidecarSymbol<TestAddFn> =
-            SidecarSymbol::new(c"nonexistent_function_12345");
-
-        let result = NONEXISTENT_SYMBOL.resolve();
-        assert!(result.is_err(), "Resolving nonexistent symbol should fail");
-    }
-
-    #[test]
-    fn test_sidecar_symbol_debug_format() {
-        static DEBUG_TEST_SYMBOL: SidecarSymbol<TestAddFn> = SidecarSymbol::new(c"debug_test_func");
-
-        let debug_str = format!("{:?}", DEBUG_TEST_SYMBOL);
-        assert!(
-            debug_str.contains("initialized: false"),
-            "Unresolved symbol should show initialized: false"
-        );
-        assert!(
-            debug_str.contains("debug_test_func"),
-            "Debug output should contain the symbol name"
-        );
-    }
 }
+