hoakley November 12, 2020 Macs, Technology

The non-Universal binary: a cautionary tale

Predictability, determinism if you want to be posh, is something we come to rely on. When you have two apps which use identical code, you expect it to behave exactly the same in each app. When it doesn’t, you can readily lose much of a day trying to discover why.

My problem should have had a simple solution: I wanted to get the firmware version number in all recent models of Mac. For Intel hardware, this is slightly arcane, but reliable. You can either use the command line equivalent of System Information, system_profiler, or you can inspect an IORegistry entry in the path IODeviceTree:/rom, and there are a couple of other alternatives. The IORegistry technique doesn’t appear to work with Apple Silicon models, though, and system_profiler‘s output also changes subtly.

I have three apps, each of which need now to check with system_profiler so they can get the firmware version. Mints was a bit of a bigger job, as it also needs to obtain other information from that tool, so makes the call
/usr/sbin/system_profiler -xml -detailLevel basic SPHardwareDataType
to get it in XML format, then trudges through that data. That works fine.

LockRattler has simpler needs, and uses
/usr/sbin/system_profiler SPHardwareDataType
to get the information in plain text. That too works fine.

But dropping either function to obtain the firmware version number into SilentKnight failed completely: there was simply no sign of that line in the text output, nor the key boot_rom_version in the XML. I tried entering the commands in Terminal, where both worked fine, and generated the firmware version reproducibly.

So there was something wrong internally in SilentKnight. My first suspicion was that the app wasn’t waiting properly for the result from system_profiler, which takes a little longer than many commands. That wasn’t the case, and I could access other data produced by system_profiler, just not the firmware version number, except on Intel systems, where it worked fine.

It wasn’t until several hours later, by which time I had coded almost every conceivable variant to access this missing firmware version, that it occurred to me that there might be a difference in SilentKnight’s build settings. Before I had gone far in checking the many inscrutable controls, I realised that all these test versions of SilentKnight which had failed were being built for Intel processors alone, and not as Universal Apps, although elsewhere I had changed that setting and debug versions of Mints and LockRattler are Universal.

determinism

I quickly reinstated some sensible code to check for the firmware version – things had got out of hand by this time – changed the build settings so that the debug build is also a Universal App, and the problem vanished. My original code from several increasingly fraught hours ago now worked a treat.

The explanation is as weird as its solution. When an Intel app runs on Apple Silicon and makes calls to command tools like system_profiler, it will keep to a consistent architecture, so calling the Intel version of the tool. The Intel version of system_profiler gave a different result when asked to provide information of SPHardwareDataType, which omitted the Apple Silicon firmware version.

When a Universal App runs on Apple Silicon and makes that same call to a command tool, it’s the ARM version of the executable which is run, and that can and does deliver the firmware version number on an Apple Silicon Mac.

In case you expect code for the supported architectures in a Universal binary to do essentially the same things, let this be a lesson. I don’t know whether system_profiler intentionally omits firmware versions when running in Rosetta 2, but it’s entirely unpredictable. I’ve also learned the lesson to ensure that I never build anything for a single architecture, even a debug version, although Xcode seems to make that a default. Now you’ll be testing on and developing for both architectures, ensure everything is built for both.

10Comments

Add yours

1

Lee on November 15, 2020 at 5:06 am

Did you report the System Profiler difference as a bug to Apple?

LikeLiked by 1 person
- 2
  
  hoakley on November 15, 2020 at 9:10 am
  
  No. I may get the time to do so, but as Apple has several major bug reports from me which remain outstanding without even a response in over 6 months, is there really any point?
  Howard.
  
  LikeLike
3

Pico on November 25, 2020 at 8:14 pm

Thanks for this article Howard, I’m very glad I came across it before I went about updating a cross-platform Java app for M1 Macs which we use to check specs and run tests when refurbishing computers on macOS, Linux, and Windows.

Since there is not an Apple Silicon version of Java yet, I was getting incorrect info from system_profiler and probably would have been stumped if I hadn’t already known I couldn’t trust system_profiler under Rosetta from your article.

Because I was in the unique situation of not even being able to build the Java app as Universal, I needed to find a workaround to be able to spawn an Apple Silicon native child processed from within a Rosetta process. Luckily, I found that the “arch” command can do this. So instead of running “system_profiler” directly from a Rosetta process, one can run “arch -arm64e system_profiler” to force the process to run natively on Apple Silicon and get back the true and full hardware information. Obviously, some code should be run in advance to determine whether the process is running under Rosetta. In my case, I used the output of “sysctl -n machdep.cpu.brand_string” to determine this since I was running it anyway to get the full Intel processor model. When running natively on Apple Silicon, the output will be oh-so-specific string of “Apple processor” and when running on Apple Silicon under Rosetta, the output is “VirtualApple @ 2.50Ghz processor” (for an M1 MacBook Air). I’m sure there may be more efficient ways of checking if a process is running under Rosetta, but this worked for my use case since I was gonna be running that command no matter what.

As an aside, I had actually hope that the “sysctl -n machdep.cpu.brand_string” may give more details about M1 processors, but clearly it does not. For Apple Silicon, it seems that system_profiler may be the only source of processor details.

PS. The arch command is also useful on Apple Silicon to force commands to run under Rosetta with “arch -x86_64 some_command”

LikeLiked by 1 person
- 4
  
  Pico on November 25, 2020 at 8:39 pm
  
  Forgot to mention an important point… it appears that (for now) only Apple’s own binaries are built using the “arm64e” architecture (which uses pointer authentication). Any 3rd-party universal binaries will be “arm64”. “lipo -info /path/to/some/binary” can use used to check the binary architectures. It seems that in the future Apple will open up arm64e for 3rd-party developers to use as well. I found info about this here https://developer.apple.com/forums/thread/652340 and here https://developer.apple.com/documentation/security/preparing_your_app_to_work_with_pointer_authentication
  
  LikeLiked by 1 person
  - 5
    
    hoakley on November 25, 2020 at 9:03 pm
    
    Thank you. I’ll look forward to someone else building that into Swift, I think.
    Howard.
    
    LikeLike
- 6
  
  hoakley on November 25, 2020 at 9:02 pm
  
  Thank you, Pico.
  Compiled code has access to simpler ways of telling whether it’s running in Rosetta translation.
  Howard.
  
  LikeLike
7

Antonio on April 27, 2021 at 12:00 pm

“Active architecture only” is the default for debug (but not release) because it lessens the compile time and assumes you are debugging only on the target devices you select as the build target for Xcode.

So if you select iOS simulator, you will only debug on it, and there’s no point in compiling the ARM version as well because this build won’t be debugged on the iPhone. If you select iPhone, no point in also compiling for iOS simulator.

If you select Mac as the target, you are debugging only on the same Mac you are compiling, so no point in compiling it for other architecture Macs, saving you precious time specially on projects that take several minutes to compile… and only when you compile for release it will compile all architectures because that will be necessary to use on all of them.

I would guess this is actually the case for over 99,99% of the time, so it’s a very sensible default. Then if you want something different you can change the default like you did.

By the way I don’t think it’s useless reporting things to Apple. I do it all the time regardless of whether they answer or not. They usually answer about 2% of my reports. I prefer to keep bugging them (pun intended) so at least they will know the problem exists, even if they decide they don’t want to tackle it.

LikeLiked by 1 person
- 8
  
  hoakley on April 27, 2021 at 9:01 pm
  
  Thank you.
  As I regularly transfer debug builds to the other architecture for testing, this still doesn’t make any sense once you’re working fully Universal, as all developers should be by now. It means to test on the other architecture I have to make a different, non-debug build, which is inefficient and silly.
  Howard.
  
  LikeLike
9

jlobesantos on April 28, 2021 at 9:00 am

I wish Apple realized that it’s forcing devs to add unnecessary code and bloat Macs with Universal binaries and dylds.

If I have an Intel Mac… why would I ever need the M1 code of those apps and frameworks?
Specially when Apple keeps selling machines with as little as 128 or 256 Gbs of storage, it makes sense (and a difference) to give the users a chance to optimize the system and apps to avoid duplicating code.

Yes, I understand that can make harder to migrate apps and system from a Time Machine backup, but I hardly ever recover that. I usually install from scratch the Mac OS and Apps, and then migrate the user data and settings from the backup. Still, it’s like treating all users like we “don’t know and don’t care” and limiting our options to optimize our apps, system and storage.

If anybody knows of methods of slimming the system and apps, that’d be great to hear about!

LikeLiked by 1 person
- 10
  
  hoakley on April 28, 2021 at 11:30 am
  
  Thank you.
  Apple isn’t forcing developers – they want to, because that ensures sales to users with M1 Macs. Developers can continue to ship only Intel versions, or (as some do) provide separate Intel and M1 versions as they wish.
  I have written about the ‘cost’ of Universal binaries elsewhere, and it isn’t anywhere as much as you’d imagine, because the executable code in the great majority of apps is actually only a small proportion of their total size.
  Trust me: having been through two previous processor transitions when users enthusiastically stripped Universal binaries, the effort and penalties involved make this one of the most futile things that you can try. The gains are small, and the penalties last for years.
  Of course you can’t do this in the System volume anyway, where it might have saved less than 1 GB, because of the SSV, and the fact that Apple rightly ships a single version of macOS for both architectures (more or less).
  Howard.
  
  LikeLike

·Comments are closed.

Share this:

Like this:

Related