Why isn't static linking used more?

Asked 24/8, 2011 at 18:39 Answered 25/8, 2011 at 0:4

Solved linux linker shared-libraries dynamic-linking static-linking

I understand the benefits of dynamic linking (old code can take advantage of library upgrades automatically, it's more space efficient), but it definitely has downsides, especially in the heterogeneous Linux ecosystem. It makes it difficult to distribute a distribution-agnostic binary that "just works" and makes a previously working program more likely to break due to a system upgrade that breaks backwards compatibility or introduces regressions into a shared library.

Given these disadvantages, why does dynamic linking seem to be so universally preferred? Why is it so hard to find statically linked, distribution-agnostic Linux binaries, even for small applications?

Everard answered 24/8, 2011 at 18:39 Comment(3)

Why do you think those applications are so small? – Sybaris 24/8, 2011 at 18:41

@Adam: I meant small in terms of source code size and scope. – Everard 24/8, 2011 at 18:43

Most of linux apps distributed as sourcecode, you could build them statically linked. – Thrombo 24/8, 2011 at 20:50

There are three big reasons:

GNU libc doesn't support static linkage to itself, because it makes extensive internal use of dlopen. (This means that static linkage to anything else is less worthwhile, because you can't get a totally static binary without replacing the C library.)
Distributions don't support static linkage to anything else, because it increases the amount of work they have to do when a library has a security vulnerability.
Distributions have no interest whatsoever in distribution-agnostic binaries. They want to get the source and build it themselves.

You should also keep in mind that the Linux-not-Android software ecology is entirely source-based. If you are shipping binaries and you're not a distribution vendor you are Doing It Wrong.

Colored answered 24/8, 2011 at 18:58 Comment(3)

Yeah, it's the last sentence that really aggravates me. If my distro doesn't have the version of package X that I want, or if I need to install it to my home directory b/c I don't have root privileges, setting up the right build environment to compile it from source is almost always a pain. I'd rather just unpack a statically linked binary tarball. – Everard 24/8, 2011 at 19:0

It's not supposed to be, although I agree that it can be if you don't have root. This is why I use Debian rather than Fedora or Ubuntu: they almost always have a new-enough version of anything packaged, and if they don't, they certainly do have all its build dependencies. – Colored 24/8, 2011 at 19:51

Note that a lot of commercial software is statically linked. – Adventure 1/10, 2011 at 11:41

There are several reasons we prefer dynamic linkage:

Licensing. This is a particular issue with the LGPL, though there are other licenses with similar strictures.

Basically, it's legal for me to send you a binary built against LGPL libfoo.so.*, and even to give you a binary for that library. I have a various responsibilities, such as responding to requests for the source for the LGPL'd library, but the important thing here is that I don't have to give you the source for my program, too. Since glibc is LGPL and almost every binary on a Linux box is linked to it, that alone will force dynamic linkage by default.
Bandwidth costs. People like to say bandwidth is free, but that's true only in principle. In many practical cases, bandwidth still matters.

My company's main C++-based system packs up into a ~4 MB RPM, which takes a few minutes to upload over the slow DSL uplinks at most of our customers' sites. We still have some customers only accessible via modem, too, and for those an upload is a matter of "start it, then go to lunch." If we were shipping static binaries, these packages would be much larger. Our system is composed of several cooperating programs, most of which are linked to the same set of dynamic libraries, so the RPM would contain redundant copies of the same shared code. Compression can squeeze some of that out, but why keep shipping it again and again for each upgrade?
Management. Many of the libraries we link against are part of the OS distro, so we get free updates to those libraries independent from our program. We don't have to manage it.

We do separately ship some libraries which aren't part of the OS, but they have to change much less often than our code does. Typically, these are installed on the system when we build the server, then never updated again. This is because we are most often more interested in stability than new features from these libraries. As long as they're working, we don't touch them.

Lanner answered 25/8, 2011 at 0:4 Comment(2)

IANAL but I don't think you have to give the source code to your code that links with an LGPL library, even if you use static linking. – Everard 25/8, 2011 at 17:14

The only alternative I'm aware of is to give your users a pile of object files and a linker, so they can relink the program against a different version of the library. Without either the source or the objects, your users cannot exercise the main freedom LGPL gives them, which is the ability to replace the library. – Lanner 25/8, 2011 at 19:36

Recommended topics

Hot tags