feat: replace v1 custom labels with OTEP 4947 TLS record format

[scottgerring]

Summary

• Replaces v1 string-based labelset format with OTEP 4947 compact TLS record format (trace context + inline attributes)
• Adds process context module (OTEP 4719) for cross-process context sharing via memfd/mmap
• Adds OTel TLS Rust module with record builder, reader, and key table configuration

[scottgerring]

When we forked originally, we grabbed this when it was still C. I've switched back to C because we don't need anything from C++ and it keeps things simpler.

[ivoanjo]

The C++-related incantations might come in handy if someone wants to pull this file from a C++ project (and they might not want to have to pull in a C compiler just for these bits), so I can see some usefulness in them eventually (the process context reference impl does this).

Having said that, we can re-add it any time so I think we're good with the simplification for now. (And in particular, if we want to keep it clean in both C and C++ we probably want a setup like the process context where we test-build with both, as I found that it's very easy to do a change that makes building with a C++ compiler unhappy)

[scottgerring]

Removed all the js stuff as its out of scope for us

[scottgerring]

I've had to make this a standalone crate so we can emit the build instructions

[yannham]

I've reviewed by commit, so apologies of some of them are outdated/irrelevant.

[yannham]

Does this store need to be either volatile or atomic (or rather, should the otel_thread_ctx_v1 be a volatile sig_atomic_t ?) Otherwise I believe the store might be optimized away, or the signal handler might come in the middle of a non-atomic store to the variable (all of that is quite theoretical: we do read back the value in our case, so I don't think it'll be optimized away, and usize stores are atomic on all reasonable platforms, but I've grown very afraid of what advanced optimizing compilers can do 😅 )

[scottgerring]

so I don't think it'll be optimized away, and usize stores are atomic on all reasonable platforms
Famous last words and no harm in being overly cautious here I think!

@yannham : It looks like sig_atomic_t is typically a 32 bit integer? I've tried __thread _Atomic(custom_labels_tl_record_t *) otel_thread_ctx_v1 . I think this captures the spirit of your comment. Unfortunately, bindgen chokes on this, but we don't use this from the Rust side of things, so I can use the preprocessor to hide it when bindgen runs.

This was a bit more hectic than I expected; lmk what you think!

[yannham]

Answered on another channel, but short answer, this works as well 🙂

[ivoanjo]

I don't think we need any barrier here? Either the reader observes the write before or after; this is a pointer after all, and we document the semantics as "equivalent to a signal handler" (e.g. a thread observes its own things).

[yannham]

TL;DR: I think some barrier is required (or some ordering), at least it would be in Rust. But I agree that the second barrier is not needed.

The semantics of signal handlers is a bit different than code running of the same program running in the same thread, basically because the compiler is oblivious to it. So what could happen is something like:

    custom_labels_tl_record_t *record = malloc(...);
    record->xxx = yyy;
    // other stores...
    custom_labels_set_current_record(record);

the function (say without the barrier) then gets inlined, so the compiler sees:

    custom_labels_tl_record_t *record = malloc(...);
    record->xxx = yyy;
    // other stores...
    custom_labels_tl_record_t *old_record = otel_thread_ctx_v1;
    otel_thread_ctx_v1 = record;

Those are just a bunch of stores with no atomics around (there's actually one read for old_record, but it doesn't change the reasoning), so nothing prevents them from being re-ordered, say as:

    custom_labels_tl_record_t *record = malloc(...);
    custom_labels_tl_record_t *old_record = otel_thread_ctx_v1; // moved up
    otel_thread_ctx_v1 = record; // moved up
    record->xxx = yyy;
    // other stores...

Now if your signal handler comes in at L3 it will see an uninitialized record.

Using an atomic with relaxed order isn't sufficient because it doesn't create any synchronization. The compiler is still free to re-order stuff past or before it. However a release barrier just before setting the pointer (as the first BARRIER here), or setting otel_thread_ctx_v1 atomically with release order should prevent that. With the caveat that I don't know what's the exact semantics of C's BARRIER here, but if it is at least as strong as a C++ compiler-only release fence, this should be good.

[ivoanjo]

Yup, good call, I missed that.

In theory the reader would be able to adapt (since it's expected to use safe memory reading APIs), and when it tried to interpret the data it would probably realize it doesn't make sense. In practice it's much better if we avoid that happening altogether, and the cost of this barrier should be really low so it's definitely worth it.

[ivoanjo]

I gave it a pass but didn't finish. Need to switch gears for a bit!

[ivoanjo]

THE FORBIDDEN DATADOG FRUIT 👀 (Sorry couldn't resist)

[scottgerring]

True story: I won a jetbrains license at a conference last week, and immediately used it to restore my access to rust rover

[ivoanjo]

This change is slightly weird -- isn't all of custom-labels linux-only?

[scottgerring]

You're right, it is. I thought I needed this at some point to have some modicum of LSP/build access on mac but it doesn't seem necessary anymore so it can definitely go.

[ivoanjo]

Should we maybe update these? E.g. maybe call it custom-labels-otep-wip or something like that? (and then change the metadata)

[scottgerring]

I don't think custom-labels really works now that it's "labels and some fixed metadata"; similar to the TLS var rename.

How about otel-thread-ctx

[ivoanjo]

Sounds good! We can always adjust later if needed (e.g. before this becomes "stable")

[ivoanjo]

I was thinking we could call this out in a bit of a louder form at the beginning of the README. Something along the lines of

"This is a temporary fork of https://github.com/polarsignals/custom-labels to match up with the open-telemetry/opentelemetry-specification#4947 . It is experimental. This work will be incorporated/moved back upstream once the OTEP is accepted. Thanks to Polar signals for providing a great shoulder for us to stand on -- this work is (C) Polar Signals ..."

...or something like that?

[ivoanjo]

I spotted a few more files that we should probably remove: GOVERNANCE.md, tsconfig.json. The Makefile is also outdated, although I'd also suggest removing and we can always re-add later.

[ivoanjo]

So I'll be honest and say I didn't look at the encoder very closely -- I think if we do change to a full decoder, the tests below kinda have us covered for "output of encoder is valid protobuf".

[ivoanjo]

Minor: I think this could be local to the encoder (this limitation is actually in the encoder itself, not protobuf)

[ivoanjo]

Minor: Since this implementation exists only for the thread context, I'd probably just simplify it even more -- support only strings and arrays which is actually the only thing we're making use of right now.

[ivoanjo]

All this #[cfg(target_os = "linux")] is kinda redundant; is it maybe possible to do it at the file or crate level?

[ivoanjo]

This... is weird -- is this 34 a reference to open-telemetry/sig-profiling#34? We actually don't need page size anymore, that PR was where we removed it?