Beware the prebinding

There appears to be a known but nasty bug in the routines for updating prebinding information in OS X where system files can be overwritten with nothing. This can in a worst case cause a system to become unbootable but there are other lesser symptoms. For a full explanation see Rosyna from Unsanity's weblog.

What is prebinding and how can this occur?
According to Apple's own documentation:
"Prebinding is the process of computing the addresses for symbols imported by a shared library or application prior to their use. Resolving these addresses before their use reduces the amount of work performed by the dynamic loader (dyld) at runtime and results in faster launch times for applications."
Which basically means, whenever an application is launched, it needs to know where all the bits that help it to work are. It can either look for where these things are and map to them when the application is being launched, or you can give it everything it needs in advance. This second process is called prebinding and it can in certain cases speed application launch up. This is all it does though.

Updating prebinding is not something end-users need to bother themselves with, it happens automatically when needed. When installing anything using Apple's Installer framework or running a Software Update prebinding is updated as necessary, that's what "Optimizing System Performance" message is all about. Additionally as of 10.2 when an application is launched, if the system sees that prebinding needs to be updated it will do so. This is where the problem appears to lie, if multiple processes are updating prebinding at the same time then it is possible for a file being accessed by both processes to be written over. So if, for example, you are running Software Update then launch an application there is a chance that given the right (or wrong) timing, you could zap an important system file.

To ensure the bug doesn't manifest itself, when you see this message, do NOT launch any applications. Ideally, when running an update, just leave your computer alone. Oh and steer clear of the myriad of voodoo-like 'maintenance' apps out there some of which also update prebinding for no apparent reason.

I think I've been hit by the problem myself, once after running an update on my G5 is wouldn't boot. Luckily I have a few boot partitions for testing so jumped into one of them and downloaded then ran the combined updater from the commandline and pointed it in the direction of the borked partition. If it was a case of this bug I was lucky enough that the deleted file was included in the update.

This issue may or may not be fixed. It has been reported at least once (Rosyna's report was marked as a dupe) but as prebinding is deprecated as of 10.4 Apple may forget about it. And the issues with Radar itself are well known .

Again from Apple's own docs:
"In Mac OS X v10.4, dyld was improved in a way that eliminated the need for prebinding information in most situations. The system libraries are now the only executables that are still prebound, and they are prebound in a way that optimizes performance on the target system. Because of the improved prebinding of the system libraries, applications and third-party libraries no longer need to be prebound"
So it still seems to be important to Apple, could I believe impact any system between 10.2 and 10.4 (and possibly others under different circumstances) and will likely be a problem for users for some years to come. Here's hoping Apple finally get around to looking at the issue which looks to have impacted many and thankfully been firmly nailed and reproduced.