Developer Tool Enhancements

This section describes all development tools in the Solaris 10 3/05 release that are new or have been enhanced since the Solaris 9 OS was originally distributed in May 2002. DTrace dynamic tracing facility is a feature of particular importance.

Developers should also review these new features in the security and system administration sections:

• Kernel Modular Debugger

• OpenSSL and OpenSSL PKCS#11 Engine

Dynamic Tracing Facility

This feature is new in the Solaris Express 11/03 release.

The Solaris DTrace is a comprehensive dynamic tracing facility that gives Solaris users, administrators, and developers a new level of observability into the kernel and user processes. For further information, see DTrace Dynamic Tracing Facility.

GCC Version 3.4.3

This feature is new in the Solaris 10 3/05 release.

GCC is the open source “C” compiler from the GNU Software Foundation. Build tools include gmake, bison, binutils, gnuM4, and flex.

Perl Version 5.8.4

This feature is new in the Solaris Express 8/04 release.

A new, default version of the Practical Extraction and Report Language (Perl) is available in the Solaris 10 OS. The new default version of Perl is version 5.8.4. You need to reinstall any modules that you have manually installed after upgrading to the Solaris 10 software. For more information about installing modules, see “Perl 5” in the System Administration Guide: Network Services.

For more information about Perl, see the perl(1) man page.

Per-thread Mode Enhancement

This feature is new in the Solaris Express 8/04 release.

The truss, pstack, and pflags commands have been updated to enable the user to specify individual threads within a process or core. Developers and system administrators can better understand the behavior of large multithreaded applications, and target specific threads for debugging.

For further information, see the following man pages:

• truss(1)

• pstack(1)

• pflags(1)

USB End-User Device Support Enhancements

These enhancements are new in the Solaris Express 5/04 release. New programming interfaces were added in the Solaris Express 8/04 release.

All current Edgeport USB-to-serial devices now work with this Solaris release. USB 1.1 audio and other isochronous devices now work behind USB 2.0 high-speed hubs.

New Programming Interfaces

These interfaces are new in the Solaris Express 8/04 release.

Universal Serial Bus Architecture (USBA) 2.0 programming interfaces are being released publicly as part of the Solaris 10 OS. These interfaces are documented as usb_* functions and structures in man page sections 9F and 9S. See also Writing Device Drivers.

The USBA framework now is called USBA 2.0. USB drivers that were written to USBA 1.0 interfaces in prior DDKs are only binary compatible with the Solaris 10 software. These drivers are not source compatible with the Solaris 10 software.

ls Enhancements

This feature is new in the Solaris Express 8/04 release.

The ls command can now display file times to the second or to the nanosecond. See Enhancements to ls Command.

New Functions for Converting Strings

This feature is new in the Solaris Express 7/04 release.

Two new functions for converting strings to long integers are now available to kernel module developers. The ddi_strtol() and ddi_strtoul() functions enable conversion from strings to long integers and unsigned long integers respectively. The new functions provide flexible input, DDI compliancy, and increased error detection.

For more information, refer to the ddi_strtol(9F) and ddi_strtoul(9F) man pages.

Java Support for pstack Command

This feature is new in the Solaris Express 7/04 release.

The pstack command has been enhanced to display Java frames when using the latest version of Java. For each Java frame in the call stack, the function and line number displays, if available.

See the pstack(1) man page.

New Mechanisms for the Solaris Cryptographic Framework

This feature is new in the Solaris Express 6/04 release.

The Solaris Cryptographic Framework now supports the following mechanisms for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols:

• CKM_SSL3_PRE_MASTER_KEY_GEN

• CKM_SSL3_MASTER_KEY_DERIVE

• CKM_SSL3_KEY_AND_MAC_DERIVE

• CKM_SSL3_MASTER_KEY_DERIVE_DH

• CKM_TLS_PRE_MASTER_KEY_GEN

• CKM_TLS_MASTER_KEY_DERIVE

• CKM_TLS_KEY_AND_MAC_DERIVE

• CKM_TLS_MASTER_KEY_DERIVE_DH

The Solaris Cryptographic Framework is an architecture that enables applications in the Solaris system to use or provide cryptographic services. All interactions with the framework are based on the PKCS#11 Cryptographic Token Interface (Cryptoki) from RSA Laboratories, the research arm of RSA Security, Inc.

For more information, see “PKCS #11 Functions: C_GetMechanismList” in the Solaris Security for Developers Guide.

Retail and Nonretail Options for Providers in Solaris Cryptographic Framework

This feature is new in the Solaris Express 6/04 release.

Vendors of cryptographic providers that connect to the Solaris Cryptographic Framework have more flexibility in requesting certificates from Sun Microsystems. Certificates now support both retail and nonretail export distribution.

Retail encryption products are those products that the U.S. government permits to be shipped to all countries. Retail products cannot be shipped, however, to designated nations that the U.S. government considers to be security threats. Nonretail encryption products are those products that the U.S. government has permitted for domestic use only or for countries that the government has exempted.

For more information, see the elfsign(1) man page and Appendix F, “Packaging and Signing Cryptographic Providers,” in the Solaris Security for Developers Guide.

Linkers and Libraries Updates

This description is new in the Software Express pilot program and revised in the Solaris Express 5/04 release. Linker and libraries updates were also introduced in the Solaris 9 12/02 and subsequent releases. These updates are included in the Solaris 10 3/05 release.

The Solaris 10 OS includes linker-editor features such as string table compression, unreferenced section elimination, and unreferenced dependency detection. For complete information on the most recent feature enhancements, see Appendix D, “Linker and Libraries Updates and New Features,” in the Linker and Libraries Guide.

Enhancements introduced in the Solaris Express 5/04 release include the following:

• A restructuring of the file system has moved many components from under /usr/lib to /lib. The default search paths for both the link-editor and runtime linkers have been changed accordingly.

• System archive libraries are no longer provided. Therefore, the creation of a entirely statically-linked executable is no longer possible.

• Greater flexibility for defining alternative dependencies is provided with the -A option for the crle command.

Enhancements introduced in the previous Software Express pilot program include the following:

• Greater flexibility in defining the hardware and software requirements of ELF objects is provided with the link-editors.

• The runtime link-auditing interface la_objfilter() has been added.

• Shared-object filtering has been extended to provide filtering on a per-symbol basis.

• Thread-local storage is provided.

• The -z ignore option has been extended to eliminate unreferenced sections during a link-edit. See the ld(1) man page.

• Greater flexibility in defining a symbol's visibility is provided with the “protected” mapfile directive.

• dlopen(3DL) and dlsym(3DL) look-up semantics have been expanded with a new mode, RTLD_FIRST.

• Unreferenced dependencies can be determined by using the ldd utility. See the -U option in the ldd(1) man page.

Layered Driver Interfaces

This feature is new in the Solaris Express 3/04 release.

The Solaris 10 Operating System has been enhanced to enable kernel modules to perform device access operations such as open, read, and write a device. This system also enables you to determine which devices are provided through a new set of publicly available Layered Driver Interfaces, referred to as the “LDI.”

Driver developers can use the LDI interfaces to access character, block, or STREAMS devices directly from within the Solaris kernel. Application developers can use the LDI interfaces to display device layering information. This new architecture also provides administrators with observability into device usage inside the kernel. For further information, see the ldi_*(9F) and the di_*(3DEVINFO) man pages.

The prtconf and fuser utilities have been enhanced to include the following capabilities:

• “Device Layering” through the prtconf command – This command displays device minor node and device usage information. The utility also shows which minor nodes a kernel module currently has open.

  See the prtconf(1M) man page.

• “Device Usage” through the fuser command – This command displays information about users of a device. The command also shows what generic Solaris kernel subsystem or user process opens and accesses a device inside the Solaris kernel.

  See the fuser(1M) man page.

The Layered Driver Interfaces begin with the prefix ldi_. These interfaces are used for device access and to obtain device information at the kernel level. Man pages are provided for the interfaces in section 9F. At the user level, a set of device information library interfaces provides for retrieving kernel device usage information within applications. Man pages are provided for the LDI libdevinfo interfaces within section 3DEVINFO. In addition, the prtconf(1M) and fuser(1M) man pages include information about displaying the kernel device usage information that is provided by the LDI architecture.

For further information, see Chapter 13, “Layered Driver Interface (LDI),” in the Writing Device Drivers.

Changes to makecontext() Function

This feature is new in the Solaris Express 3/04 release and in the Solaris 9 9/04 release.

The semantics of the uc_stack member of the ucontext_t structure have changes as they apply to inputs to the makecontext(3C) libc library function. Binary compatibility is preserved between previous versions of Solaris and the Solaris 10 OS.

Applications that use this interface must be updated before they are recompiled for the Solaris 10 OS. See the makecontext(3C) man page for further information.

Single UNIX Specification, Version 3

This feature is new in the Solaris Express 2/04 release.

This Solaris release conforms to the Single UNIX Specification, Version 3 (SUSv3). SUSv3 provides updates to POSIX.1-1990, POSIX.1b-1993, POSIX.1c-1996, POSIX.2-1992, and POSIX.2a-1992.

See “Single UNIX Specification, Version 3 Introduces Changes” in the Solaris 10 Release Notes for a detailed description of the impact of the SUSv3 updates for Solaris users.

Advanced API

This feature is new in the Solaris Express 1/04 release.

The IPv6 Advanced Sockets API updates the Solaris Sockets API to meet the current version of RFC 2292. See IPv6 Advanced Sockets API.

Simple Authentication and Security Layer for Developers

This feature is new in the Solaris Express 12/03 release.

Simple Authentication and Security Layer (SASL) provides developers of applications and shared libraries with interfaces for adding authentication, data integrity checking, and encryption to connection-based protocols.

SASL consists of the following items:

• Library, libsasl, which provides an API for applications that need authentication, privacy, and integrity services

• Service provider interface (SPI) for third-party plug-ins to add new authentication methods, name canonicalization rules, and property stores

• Header files for development

• Plug-ins that are supplied by Sun for these mechanisms:

  • EXTERNAL

  • PLAIN

  • CRAM-MD5

  • DIGEST-MD5

  • GSS-API

  • GSS-SPNEGO

SASL enables the developer to write to a generic API without having to be concerned about the details of security mechanisms. When developed to use SASL appropriately, servers and clients can use new security mechanisms, naming and user canonicalization plug-ins, and auxprop plug-ins without recompilation.

SASL is described in RFC 2222. SASL is particularly appropriate for applications that use the following protocols that support SASL:

• IMAP

• SMTP

• ACAP

• LDAP

For more information about SASL, see the libsasl(3LIB) man page. See also the Solaris Security for Developers Guide.

Event Ports

This feature is new in the Solaris Express 12/03 release.

Event Ports is a framework that allows applications to generate and collect events from disjoint sources. The framework can retrieve events from multiple objects simultaneously without degrading overall performance.

For further information, see the port_create(3C) and signal.h(3HEAD) man pages.

Core File Content

The Solaris Express 12/03 release introduced enhancements to the coreadm, gcore, and mdb utilities. See Core File Content Enhancements.

Atomic Operations

This feature is new in the Solaris Express 10/03 release and has been enhanced in the Solaris 10 1/06 release.

Atomic operations provide APIs in libc that perform simple atomic operations quickly. This new feature permits applications to atomically update memory without using other synchronization primitives or platform-specific assembly language. The available operations include addition, the “and” Boolean function, and the “or” Boolean function.

For more information, see the atomic_ops(3C) man page.

Solaris WBEM File Changes

This feature description was updated in the Solaris Express 9/03 release.

There have been several changes to the Managed Object Format (MOF) files in the /usr/sadm/mof directory.

• The Solaris_VM1.0.mof file was revised to Solaris_VM2.0.mof and subsequently to Solaris_VM3.0.mof.

• The local file system classes were relocated from Solaris_VM2.0.mof to the new file, Solaris_FS1.0.mof. Solaris_FS1.0.mof defines classes that pertain to storage devices.

• Two of the providers, Solaris_DiskDrive and Solaris_DiskPartition, that were in the Solaris_VM1.0.mof file, were moved into the new Solaris_DMGT.1.0.mof file. The Solaris_DMGT.1.0.mof file contains classes that represent disks, disk partitions, and other device management classes.

• This release includes another new MOF file, Solaris_NFS1.0.mof. The Solaris_NFS1.0.mof file defines classes that pertain to NFS devices. This file contains the NFS classes from Solaris_VM2.0.mof as well as new classes for configuring and monitoring NFS shares (or “exports”) and mounts.

Privileges for Software Developers

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

Processes need no longer run as root to have superuser capabilities. Instead, superuser capabilities can be parceled out by system administrators as discrete process rights. These process rights are implemented through privileges. Privileges enable developers to limit access to restricted operations and limit the periods for which privileges are in effect. The use of privileges can reduce the harm that formerly resulted if a privileged program was compromised. For compatibility, unmodified programs that run as root continue to have all privileges.

For general information about privileges, see Process Rights Management. For information about setting and getting privileges, see the setppriv(2) and getppriv(2) man pages. To learn more about manipulating privileges, see the priv_str_to_set(3C) and the priv_addset(3C) man pages.

For further information, see the Solaris Security for Developers Guide.

Solaris Cryptographic Framework for Developers

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

The Solaris Cryptographic Framework provides cryptographic services to applications. Applications can access the framework through libpkcs11(3LIB) and at higher levels.

The Solaris Cryptographic Framework provides the following features for developers of applications that use encryption:

• User-level programming interfaces for various cryptographic functions. These interfaces cover, for example, encryption, decryption, message digests, and signing. The industry standard, RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki), serves as the API.

  The framework supports the following encryption algorithms:

  • AES

  • DES/3DES

  • RC4

  • MD5

  • SHA-1

  • DSA

  • RSA

  • D-H

• User-level pluggable interfaces for Sun and third-party developers. These interfaces enable administrators to add new plug-ins from providers of encryption algorithms at the user level. Administrators can replace an existing provider with a different implementation. The user service provider interface (SPI) also uses the PKCS#11 standard. Tools for signing, packaging, and installing third-party binaries are provided.

• An optimized software implementation of the most commonly used encryption and digital signing algorithms, such as AES, DES/3DES, and RSA. These implementations have been optimized for the SPARC platform and UltraSPARC platform.

• An administrative CLI tool, cryptoadm, for adding or removing encryption plug-ins, setting cryptographic security policy, and other related administrative functions. See the cryptoadm(1M) man page.

See the following man pages: libpkcs11(3LIB), pkcs11_softtoken(5) and pkcs11_kernel(5). See also Solaris Cryptographic Framework for System Administrators.

Vendors of software or hardware cryptographic accelerators who are interested in supplying plug-ins to the Solaris cryptographic framework should contact Sun Microsystems for more details.

SPARC: 64-bit Package Changes for Software Developers

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

In the Solaris 10 Operating System, packaging has been simplified with most 32-bit components and 64-bit components being delivered in a single package. See SPARC: 64-bit Package Changes.

SPNEGO Pseudo-Mechanism for GSS-API Applications

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

This Solaris 10 OS includes a new GSS-API “pseudo-mechanism” for negotiating GSS-API security that is based on the SPNEGO protocol (IETF RFC 2478). Simple and Protected GSS-API Negotiation (SPNEGO) is most useful for applications that are based on GSS-API implementations which support multiple security mechanisms. SPNEGO can be applied when two applications use GSS-API to exchange data and do not know which mechanisms are supported by the other application.

SPNEGO is a pseudo-security mechanism that is represented by the following object identifier:

iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2)

SPNEGO enables GSS-API peers to determine in-band whether their credentials share common GSS-API security mechanisms. If the mechanisms are shared, then the peers can select a common mechanism to establish the security context.

For further information, see the mech(4) and the mech_spnego(5) man pages. See also the Solaris Security for Developers Guide.

Locality Groups

This feature is new in the Software Express pilot program and in the Solaris 9 12/03 release. This feature is included in the Solaris 10 3/05 release.

The Programming Interfaces Guide now includes a chapter that explains the interfaces that interact with locality groups (lgroups). These interfaces can be used to help an application efficiently allocate CPU and memory resources. This capability results in improved performance on some systems.

Thread Stacks in pmap

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

The pmap utility now labels threads' stacks so the stacks can be identified more easily.

See the pmap(1) man page for further information.

New DOOR_REFUSE_DESC Flag

This feature is new in the Software Express pilot program. This feature is included in the Solaris 10 3/05 release.

A new flag, DOOR_REFUSE_DESC, was added to the door_create() function. This new flag simplifies writing door servers which do not accept argument descriptors.

For further information, see the door_create(3DOOR) man page.

Stack Check APIs

This feature is new in the Software Express pilot program and in the Solaris 9 4/03 release. This feature is included in the Solaris 10 3/05 release.

Stack Check APIs allow for advanced interaction with stack-checking compiler support available in the Sun ONE Studio. These APIs should be used in applications that are compiled with stack checking enabled, and either manage their own stacks or attempt to detect their own stack overflows.

Developers who maintain their own thread library need to use the setustack interface to enable consumers of their library to compile with stack checking enabled.

See the stack_getbounds(3C), stack_setbounds(3C), and the stack_inbounds(3C) man pages.

Enhanced crypt() Function for Software Developers

This feature is new in the Software Express pilot program and in the Solaris 9 12/02 release. This feature is included in the Solaris 10 3/05 release.

The Software Express releases include new extensions to the crypt() function and introduce the crypt_gensalt()function. These enhancements allow administrators to change the algorithm that is used to obscure users' UNIX login passwords.

Modules are included for MD5 and Blowfish. The MD5 modules are at crypt_sunmd5 and crypt_bsdmd5. The Blowfish module is at crypt_bsdbf.

Developers can create new modules for alternate password-obscuring algorithms. Application developers must use the crypt_gensalt() function instead of manually generating the salt string for passing to the crypt() function.

Modules for alternate algorithms are specified in the crypt.conf(4) file. The module_path field specifies the path to the shared library object that implements the two required functions:

• crypt_gensalt_impl() – Generates the salt string

• crypt_genhash_impl() – Generates the encrypted password

For further information, see the crypt(3C) and the policy.conf(4) man pages.

New Flags for madvise() Function

This feature is new in the Software Express pilot program and in the Solaris 9 12/02 release. This feature is included in the Solaris 10 3/05 release.

The madvise() function enables the kernel to optimize access to a user-defined region of memory. This Solaris release includes three new flags for the madvise() function:

• MADV_ACCESS_LWP – Gives a specified lightweight process (LWP) resource allocation priority

• MADV_ACCESS_MANY – Specifies an address range that is intensively used by processes across the machine

• MADV_ACCESS_DEFAULT – Resets an address range's access pattern to the system default

For further information on the madvise() function, see the madvise(3C) man page.

Memory Allocation With libumem

This feature is new in the Software Express pilot program and in the Solaris 9 4/03 release. This feature is included in the Solaris 10 3/05 release.

libumem is a user-mode (nonkernel mode) memory allocator library. libumem has features that enable you to debug memory leaks and other aberrations that involve memory usage.

This feature is used in the same way that a standard application binary interface (ABI) allocator, such as malloc(), is used. A user-mode application requests an arbitrary number of bytes of memory. Then a pointer is returned that is loaded with the address of the allocated memory.

For further information, see the libumem(3LIB) man page.

Smart Card Terminal Interfaces

This feature is new in the Software Express pilot program and in the Solaris 9 8/03 release. This feature is included in the Solaris 10 3/05 release.

Solaris smart card interfaces are a set of public interfaces for Smart Card Terminals. Card-terminal vendors can implement these interfaces in a user-level shared library to provide device-level support for their smart card terminals in Solaris. The set of Solaris smart card terminal interfaces is based on card terminal interfaces that are available as part of the Linux Smartcard framework. Card terminal support libraries from Linux can be ported to the Solaris environment with minimum effort. For further information on smart cards, see the Solaris Smartcard Administration Guide.

Smartcard Middleware APIs

This feature is new in the Software Express pilot program and in the Solaris 9 9/02 release. This feature is included in the Solaris 10 3/05 release.

The Solaris Smartcard framework now provides low-level middleware APIs. These APIs can be used to exchange data with a smart card by using a smart card reader. The APIs can be used in platforms such as the Sun Blade^TM and Sun Ray^TM systems. Applications that are written in the Java language, or in C, can use these interfaces.

For more information, see the libsmartcard(3LIB) man page and the JavaDocs in /usr/share/javadoc/smartcard. See also the Solaris Smartcard Administration Guide.