| blob | 487fb119a966b12f1125e89edb366b39bcc3c16d |
1 //===- Writer.cpp ---------------------------------------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
34 #include <climits>
47 // The writer writes a SymbolTable result to a file.
85 // ThunkCreator holds Thunks that are used at writeTo time.
86 ThunkCreator tc;
94 };
99 }
101 static void
110 });
112 // Clear OutputSection::ptLoad for sections contained in removed
113 // segments.
121 }
133 }
139 }
140 }
144 }
158 }
160 // The linker is expected to define some symbols depending on
161 // the linking result. This function defines such symbols.
170 };
171 // Define _gp for MIPS. st_value of _gp symbol will be updated by Writer
172 // so that it points to an absolute address which by default is relative
173 // to GOT. Default offset is 0x7ff0.
174 // See "Global Data Symbols" in Chapter 6 in the following document:
175 // ftp://www.linux-mips.org/pub/linux/mips/doc/ABI/mipsabi.pdf
178 // On MIPS O32 ABI, _gp_disp is a magic symbol designates offset between
179 // start of function and 'gp' pointer into GOT.
183 // The __gnu_local_gp is a magic symbol equal to the current value of 'gp'
184 // pointer. This symbol is used in the code generated by .cpload pseudo-op
185 // in case of using -mno-shared option.
186 // https://sourceware.org/ml/binutils/2004-12/msg00094.html
190 // glibc *crt1.o has a undefined reference to _SDA_BASE_. Since we don't
191 // support Small Data Area, define it arbitrarily as 0.
195 }
197 // The Power Architecture 64-bit v2 ABI defines a TableOfContents (TOC) which
198 // combines the typical ELF GOT with the small data sections. It commonly
199 // includes .got .toc .sdata .sbss. The .TOC. symbol replaces both
200 // _GLOBAL_OFFSET_TABLE_ and _SDA_BASE_ from the 32-bit ABI. It is used to
201 // represent the TOC base which is offset by 0x8000 bytes from the start of
202 // the .got section.
203 // We do not allow _GLOBAL_OFFSET_TABLE_ to be defined by input objects as the
204 // correctness of some relocations depends on its value.
205 StringRef gotSymName =
213 }
223 }
225 // __ehdr_start is the location of ELF file headers. Note that we define
226 // this symbol unconditionally even when using a linker script, which
227 // differs from the behavior implemented by GNU linker which only define
228 // this symbol if ELF headers are in the memory mapped segment.
230 STV_HIDDEN);
232 // __executable_start is not documented, but the expectation of at
233 // least the Android libc is that it points to the ELF header.
235 STV_HIDDEN);
237 // __dso_handle symbol is passed to cxa_finalize as a marker to identify
238 // each DSO. The address of the symbol doesn't matter as long as they are
239 // different in different DSOs, so we chose the start address of the DSO.
241 STV_HIDDEN);
243 // If linker script do layout we do not need to create any standard symbols.
249 STV_DEFAULT);
250 };
259 }
265 // Change WEAK to GLOBAL so that if a scanned relocation references sym,
266 // maybeReportUndefined will report an error.
271 // Eliminate from the symbol table, otherwise we would leave an undefined
272 // symbol if the symbol is unreferenced in the absence of GC.
274 }
276 // If all references to a DSO happen to be weak, the DSO is not added to
277 // DT_NEEDED. If that happens, replace ShardSymbol with Undefined to avoid
278 // dangling references to an unneeded DSO. Use a weak binding to avoid
279 // --no-allow-shlib-undefined diagnostics. Similarly, demote lazy symbols.
280 //
281 // In addition, demote symbols defined in discarded sections, so that
282 // references to /DISCARD/ discarded symbols will lead to errors.
300 }
301 }
307 }
308 }
317 }
319 // The main function of the writer.
321 // Now that we have a complete set of output sections. This function
322 // completes section contents. For example, we need to add strings
323 // to the string table, and add entries to .got and .plt.
324 // finalizeSections does that.
328 // If --compressed-debug-sections is specified, compress .debug_* sections.
329 // Do it right now because it changes the size of output sections.
336 // Remove empty PT_LOAD to avoid causing the dynamic linker to try to mmap a
337 // 0 sized region. This has to be done late since only after assignAddresses
338 // we know the size of the sections.
344 else
350 // Handle --print-map(-M)/--Map and --cref. Dump them before checkSections()
351 // because the files may be useful in case checkSections() or openFile()
352 // fails, for example, due to an erroneous file size.
355 // Handle --print-memory-usage option.
362 // It does not make sense try to open the file if we have error already.
366 {
368 // Write the result down to a file.
380 }
382 // Backfill .note.gnu.build-id section content. This is done at last
383 // because the content is usually a hash value of the entire output file.
392 }
396 }
397 }
406 }
407 }
409 // The function ensures that the "used" field of local symbols reflects the fact
410 // that the symbol is used in a relocation from a live section.
412 // With --gc-sections, the field is already filled.
413 // See MarkLive<ELFT>::resolveReloc().
427 // The is64=true variant also works with ELF32 since only the r_symidx
428 // member is used.
433 }
434 }
435 }
436 }
437 }
443 // If --emit-reloc or -r is given, preserve symbols referenced by relocations
444 // from live sections.
448 // Exclude local symbols pointing to .ARM.exidx sections.
449 // They are probably mapping symbols "$d", which are optional for these
450 // sections. After merging the .ARM.exidx sections, some of these symbols
451 // may become dangling. The easiest way to avoid the issue is not to add
452 // them to the symbol table from the beginning.
462 // In ELF assembly .L symbols are normally discarded by the assembler.
463 // If the assembler fails to do so, the linker discards them if
464 // * --discard-locals is used.
465 // * The symbol is in a SHF_MERGE section, which is normally the reason for
466 // the assembler keeping the .L symbol.
472 }
476 // Always include absolute symbols.
485 }
487 }
489 // Scan local symbols to:
490 //
491 // - demote symbols defined relative to /DISCARD/ discarded input sections so
492 // that relocations referencing them will lead to errors.
493 // - copy eligible symbols to .symTab
509 }
510 }
511 }
513 // Create a section symbol for each output section so that we can represent
514 // relocations that point to the section. If we know that no relocation is
515 // referring to a section (that happens if the section is a synthetic one), we
516 // don't create a section symbol for that section.
524 // Iterate over all input sections and add a STT_SECTION symbol if any input
525 // section may be a relocation target.
531 // Relocations are not using REL[A] section symbols.
535 // Unlike other synthetic sections, mergeable output sections contain
536 // data copied from input sections, and there may be a relocation
537 // pointing to its contents if -r or --emit-reloc is given.
543 }
544 }
548 // Set the symbol to be relative to the output section so that its st_value
549 // equals the output section address. Note, there may be a gap between the
550 // start of the output section and isec.
554 }
555 }
557 // Today's loaders have a feature to make segments read-only after
558 // processing dynamic relocations to enhance security. PT_GNU_RELRO
559 // is defined for that.
560 //
561 // This function returns true if a section needs to be put into a
562 // PT_GNU_RELRO segment.
571 // Non-allocatable or non-writable sections don't need RELRO because
572 // they are not writable or not even mapped to memory in the first place.
573 // RELRO is for sections that are essentially read-only but need to
574 // be writable only at process startup to allow dynamic linker to
575 // apply relocations.
579 // Once initialized, TLS data segments are used as data templates
580 // for a thread-local storage. For each new thread, runtime
581 // allocates memory for a TLS and copy templates there. No thread
582 // are supposed to use templates directly. Thus, it can be in RELRO.
586 // .init_array, .preinit_array and .fini_array contain pointers to
587 // functions that are executed on process startup or exit. These
588 // pointers are set by the static linker, and they are not expected
589 // to change at runtime. But if you are an attacker, you could do
590 // interesting things by manipulating pointers in .fini_array, for
591 // example. So they are put into RELRO.
597 // .got contains pointers to external symbols. They are resolved by
598 // the dynamic linker when a module is loaded into memory, and after
599 // that they are not expected to change. So, it can be in RELRO.
603 // .toc is a GOT-ish section for PowerPC64. Their contents are accessed
604 // through r2 register, which is reserved for that purpose. Since r2 is used
605 // for accessing .got as well, .got and .toc need to be close enough in the
606 // virtual address space. Usually, .toc comes just after .got. Since we place
607 // .got into RELRO, .toc needs to be placed into RELRO too.
611 // .got.plt contains pointers to external function symbols. They are
612 // by default resolved lazily, so we usually cannot put it into RELRO.
613 // However, if "-z now" is given, the lazy symbol resolution is
614 // disabled, which enables us to put it into RELRO.
621 // .dynamic section contains data for the dynamic linker, and
622 // there's no need to write to it at runtime, so it's better to put
623 // it into RELRO.
627 // Sections with some special names are put into RELRO. This is a
628 // bit unfortunate because section names shouldn't be significant in
629 // ELF in spirit. But in reality many linker features depend on
630 // magic section names.
642 }
644 // We compute a rank for each section. The rank indicates where the
645 // section should be placed in the file. Instead of using simple
646 // numbers (0,1,2...), we use a series of flags. One for each decision
647 // point when placing the section.
648 // Using flags has two key properties:
649 // * It is easy to check if a give branch was taken.
650 // * It is easy two see how similar two ranks are (see getRankProximity).
664 };
669 // We want to put section specified by -T option first, so we
670 // can start assigning VA starting from them later.
675 // Allocatable sections go first to reduce the total PT_LOAD size and
676 // so debug info doesn't change addresses in actual code.
680 // Sort sections based on their access permission in the following
681 // order: R, RX, RXW, RW(RELRO), RW(non-RELRO).
682 //
683 // Read-only sections come first such that they go in the PT_LOAD covering the
684 // program headers at the start of the file.
685 //
686 // The layout for writable sections is PT_LOAD(PT_GNU_RELRO(.data.rel.ro
687 // .bss.rel.ro) | .data .bss), where | marks where page alignment happens.
688 // An alternative ordering is PT_LOAD(.data | PT_GNU_RELRO( .data.rel.ro
689 // .bss.rel.ro) | .bss), but it may waste more bytes due to 2 alignment
690 // places.
695 // Among PROGBITS sections, place .lrodata further from .text.
696 // For -z lrodata-after-bss, place .lrodata after .lbss like GNU ld. This
697 // layout has one extra PT_LOAD, but alleviates relocation overflow
698 // pressure for absolute relocations referencing small data from -fno-pic
699 // relocatable files.
702 else
706 ;
711 // Put .note sections at the beginning so that they are likely to be
712 // included in a truncate core file. In particular, .note.gnu.build-id, if
713 // available, can identify the object file.
716 // Make PROGBITS sections (e.g .rodata .eh_frame) closer to .text to
717 // alleviate relocation overflow pressure. Large special sections such as
718 // .dynstr and .dynsym can be away from .text.
721 else
727 // The TLS initialization block needs to be a single contiguous block. Place
728 // TLS sections directly before the other RELRO sections.
733 else
735 // Place .ldata and .lbss after .bss. Making .bss closer to .text
736 // alleviates relocation overflow pressure.
737 // For -z lrodata-after-bss, place .lbss/.lrodata/.ldata after .bss.
738 // .bss/.lbss being adjacent reuses the NOBITS size optimization.
743 }
744 }
746 // Within TLS sections, or within other RelRo sections, or within non-RelRo
747 // sections, place non-NOBITS sections first.
751 // Some architectures have additional ordering restrictions for sections
752 // within the same PT_LOAD.
754 // PPC64 has a number of special SHT_PROGBITS+SHF_ALLOC+SHF_WRITE sections
755 // that we would like to make sure appear is a specific order to maximize
756 // their coverage by a single signed 16-bit offset from the TOC base
757 // pointer.
763 }
768 // All sections with SHF_MIPS_GPREL flag should be grouped together
769 // because data in these sections is addressable with a gp relative address.
772 }
775 // .sdata and .sbss are placed closer to make GP relaxation more profitable
776 // and match GNU ld.
780 }
783 }
797 }
806 }
808 // A statically linked position-dependent executable should only contain
809 // IRELATIVE relocations and no other dynamic relocations. Encapsulation symbols
810 // __rel[a]_iplt_{start,end} will be defined for .rel[a].dyn, to be
811 // processed by the libc runtime. Other executables or DSOs use dynamic tags
812 // instead.
817 // __rela_iplt_{start,end} are initially defined relative to dummy section 0.
818 // We'll override ctx.out.elfHeader with relaDyn later when we are sure that
819 // .rela.dyn will be present in the output.
826 }
828 // This function generates assignments for predefined symbols (e.g. _end or
829 // _etext) and inserts them into the commands sequence to be processed at the
830 // appropriate time. This ensures that the value is going to be correct by the
831 // time any references to these symbols are processed and is equivalent to
832 // defining these symbols explicitly in the linker script.
835 // The _GLOBAL_OFFSET_TABLE_ symbol is defined by target convention usually
836 // to the start of the .got or .got.plt section.
842 }
844 // .rela_iplt_{start,end} mark the start and the end of the section containing
845 // IRELATIVE relocations.
852 }
853 }
859 };
867 }
868 }
871 // _etext is the first location after the last read-only loadable segment
872 // that does not contain large sections.
877 }
880 // _edata points to the end of the last non-large mapped initialized
881 // section.
888 }
895 // _end is the first location after the uninitialized data region.
900 }
903 // On RISC-V, set __bss_start to the start of .sbss if present.
907 }
909 // Setup MIPS _gp_disp/__gnu_local_gp symbols which should
910 // be equal to the _gp symbol's value.
912 // Find GP-relative section with the lowest address
913 // and use this address to calculate default _gp value.
919 }
920 }
921 }
922 }
924 // We want to find how similar two ranks are.
925 // The more branches in getSectionRank that match, the more similar they are.
926 // Since each branch corresponds to a bit flag, we can just use
927 // countLeadingZeros.
933 }
935 // When placing orphan sections, we want to place them after symbol assignments
936 // so that an orphan after
937 // begin_foo = .;
938 // foo : { *(foo) }
939 // end_foo = .;
940 // doesn't break the intended meaning of the begin/end symbols.
941 // We don't want to go over sections since findOrphanPos is the
942 // one in charge of deciding the order of the sections.
943 // We don't want to go over changes to '.', since doing so in
944 // rx_sec : { *(rx_sec) }
945 // . = ALIGN(0x1000);
946 // /* The RW PT_LOAD starts here*/
947 // rw_sec : { *(rw_sec) }
948 // would mean that the RW PT_LOAD would become unaligned.
953 }
955 // We want to place orphan sections so that they share as much
956 // characteristics with their neighbors as possible. For example, if
957 // both are rw, or both are tls.
961 // Place non-alloc orphan sections at the end. This matches how we assign file
962 // offsets to non-alloc sections.
967 // As a special case, place .relro_padding before the SymbolAssignment using
968 // DATA_SEGMENT_RELRO_END, if present.
974 });
977 }
979 // Find the most similar output section as the anchor. Rank Proximity is a
980 // value in the range [-1, 32] where [0, 32] indicates potential anchors (0:
981 // least similar; 32: identical). -1 means not an anchor.
982 //
983 // In the event of proximity ties, we select the first or last section
984 // depending on whether the orphan's rank is smaller.
993 }
994 }
1001 };
1003 // Then, scan backward or forward through the script for a suitable insertion
1004 // point. If i's rank is larger, the orphan section can be placed before i.
1005 //
1006 // However, don't do this if custom program headers are defined. Otherwise,
1007 // adding the orphan to a previous segment can change its flags, for example,
1008 // making a read-only segment writable. If memory regions are defined, an
1009 // orphan section should continue the same region as the found section to
1010 // better resemble the behavior of GNU ld.
1020 }
1025 }
1027 // As a special case, if the orphan section is the last section, put
1028 // it at the very end, past any other commands.
1029 // This matches bfd's behavior and is convenient when the linker script fully
1030 // specifies the start of the file, but doesn't care about the end (the non
1031 // alloc sections for example).
1038 }
1040 // Adds random priorities to sections not already in the map.
1055 // If --shuffle-sections <section-glob>=-1, reverse the section order. The
1056 // section order is stable even if the number of sections changes. This is
1057 // useful to catch issues like static initialization order fiasco
1058 // reliably.
1063 }
1068 }
1070 // Existing priorities are < 0, so use priorities >= 0 for the missing
1071 // sections.
1076 }
1077 }
1079 // Return section order within an InputSectionDescription.
1080 // If both --symbol-ordering-file and call graph profile are present, the order
1081 // file takes precedence, but the call graph profile is still used for symbols
1082 // that don't appear in the order file.
1094 };
1096 // Build a map from symbols to their priorities. Symbols that didn't
1097 // appear in the symbol ordering file have the lowest priority 0.
1098 // All explicitly mentioned symbols have negative (higher) priorities.
1104 // Build a map from sections to their priorities.
1118 }
1119 }
1120 };
1122 // We want both global and local symbols. We get the global ones from the
1123 // symbol table and iterate the object files for the local ones.
1138 }
1140 // Sorts the sections in ISD according to the provided section order.
1141 static void
1158 }
1160 }
1163 // Find an insertion point for the ordered section list in the unordered
1164 // section list. On targets with limited-range branches, this is the mid-point
1165 // of the unordered section list. This decreases the likelihood that a range
1166 // extension thunk will be needed to enter or exit the ordered region. If the
1167 // ordered section list is a list of hot functions, we can generally expect
1168 // the ordered functions to be called more often than the unordered functions,
1169 // making it more likely that any particular call will be within range, and
1170 // therefore reducing the number of thunks required.
1171 //
1172 // For example, imagine that you have 8MB of hot code and 32MB of cold code.
1173 // If the layout is:
1174 //
1175 // 8MB hot
1176 // 32MB cold
1177 //
1178 // only the first 8-16MB of the cold code (depending on which hot function it
1179 // is actually calling) can call the hot code without a range extension thunk.
1180 // However, if we use this layout:
1181 //
1182 // 16MB cold
1183 // 8MB hot
1184 // 16MB cold
1185 //
1186 // both the last 8-16MB of the first block of cold code and the first 8-16MB
1187 // of the second block of cold code can call the hot code without a thunk. So
1188 // we effectively double the amount of code that could potentially call into
1189 // the hot code without a thunk.
1190 //
1191 // The above is not necessary if total size of input sections in this "isd"
1192 // is small. Note that we assume all input sections are executable if the
1193 // output section is executable (which is not always true but supposed to
1194 // cover most cases).
1204 }
1205 }
1214 }
1220 // Never sort these.
1224 // Sort input sections by priority using the list provided by
1225 // --symbol-ordering-file or --shuffle-sections=. This is a least significant
1226 // digit radix sort. The sections may be sorted stably again by a more
1227 // significant key.
1241 // .toc is allocated just after .got and is accessed using GOT-relative
1242 // relocations. Object files compiled with small code model have an
1243 // addressable range of [.got, .got + 0xFFFC] for GOT-relative relocations.
1244 // To reduce the risk of relocation overflow, .toc contents are sorted so
1245 // that sections having smaller relocation offsets are at beginning of .toc
1252 });
1253 }
1254 }
1256 // Sort sections within each InputSectionDescription.
1258 // Assign negative priorities.
1260 // Assign non-negative priorities due to --shuffle-sections.
1265 }
1270 // Don't sort if using -r. It is not necessary and we want to preserve the
1271 // relative order for SHF_LINK_ORDER sections.
1275 }
1283 // OutputDescs are mostly contiguous, but may be interleaved with
1284 // SymbolAssignments in the presence of INSERT commands.
1291 }
1293 // Process INSERT commands and update output section attributes. From this
1294 // point onwards the order of script->sectionCommands is fixed.
1302 }
1305 // Orphan sections are sections present in the input files which are
1306 // not explicitly placed into the output file by the linker script.
1307 //
1308 // The sections in the linker script are already in the correct
1309 // order. We have to figuere out where to insert the orphan
1310 // sections.
1311 //
1312 // The order of the sections in the script is arbitrary and may not agree with
1313 // compareSections. This means that we cannot easily define a strict weak
1314 // ordering. To see why, consider a comparison of a section in the script and
1315 // one not in the script. We have a two simple options:
1316 // * Make them equivalent (a is not less than b, and b is not less than a).
1317 // The problem is then that equivalence has to be transitive and we can
1318 // have sections a, b and c with only b in a script and a less than c
1319 // which breaks this property.
1320 // * Use compareSectionsNonScript. Given that the script order doesn't have
1321 // to match, we can end up with sections a, b, c, d where b and c are in the
1322 // script and c is compareSectionsNonScript less than b. In which case d
1323 // can be equivalent to c, a to b and d < a. As a concrete example:
1324 // .a (rx) # not in script
1325 // .b (rx) # in script
1326 // .c (ro) # in script
1327 // .d (ro) # not in script
1328 //
1329 // The way we define an order then is:
1330 // * Sort only the orphan sections. They are in the end right now.
1331 // * Move each orphan section to its preferred position. We try
1332 // to put each section in the last position where it can share
1333 // a PT_LOAD.
1334 //
1335 // There is some ambiguity as to where exactly a new entry should be
1336 // inserted, because Commands contains not only output section
1337 // commands but also other types of commands such as symbol assignment
1338 // expressions. There's no correct answer here due to the lack of the
1339 // formal specification of the linker script. We use heuristics to
1340 // determine whether a new output command should be added before or
1341 // after another commands. For the details, look at shouldSkip
1342 // function.
1350 });
1352 // Sort the orphan sections.
1355 });
1357 // As a horrible special case, skip the first . assignment if it is before any
1358 // section. We do this because it is common to set a load address by starting
1359 // the script with ". = 0xabcd" and the expectation is that every section is
1360 // after that.
1372 // As an optimization, find all sections with the same sort rank
1373 // and insert them with one rotate.
1377 });
1380 }
1381 }
1386 // SHF_LINK_ORDER sections with non-zero sh_link are ordered before
1387 // non-SHF_LINK_ORDER sections and SHF_LINK_ORDER sections with zero sh_link.
1398 }
1406 // The ARM.exidx section use SHF_LINK_ORDER, but we have consolidated
1407 // this processing inside the ARMExidxsyntheticsection::finalizeContents().
1412 // Link order may be distributed across several InputSectionDescriptions.
1413 // Sorting is performed separately.
1430 }
1433 }
1438 }
1439 }
1440 }
1441 }
1447 }
1448 }
1455 }
1470 }
1472 // Probability of inserting padding is 1 in 16.
1477 }
1479 }
1480 }
1481 }
1482 }
1484 // We need to generate and finalize the content that depends on the address of
1485 // InputSections. As the generation of the content may also alter InputSection
1486 // addresses we must converge to a fixed point. We do that here. See the comment
1487 // in Writer<ELFT>::finalizeSections().
1494 // .ARM.exidx and SHF_LINK_ORDER do not require precise addresses, but they
1495 // do require the relative addresses of OutputSections because linker scripts
1496 // can assign Virtual Addresses to OutputSections that are not monotonically
1497 // increasing. Anything here must be repeatable, since spilling may change
1498 // section order.
1503 };
1506 // Converts call x@GDPLT to call __tls_get_addr
1522 // With Thunk Size much smaller than branch range we expect to
1523 // converge quickly; if we get to 30 something has gone wrong.
1528 }
1534 }
1539 }
1546 // The R_AARCH64_AUTH_RELATIVE has a smaller addend field as bits [63:32]
1547 // encode the signing schema. We've put relocations in .relr.auth.dyn
1548 // during RelocationScanner::processAux, but the target VA for some of
1549 // them might be wider than 32 bits. We can only know the final VA at this
1550 // point, so move relocations with large values from .relr.auth.dyn to
1551 // .rela.dyn. See also AArch64::relocate.
1563 });
1566 }
1575 }
1580 // Some symbols may be dependent on section addresses. When we break the
1581 // loop, the symbol values are finalized because a previous
1582 // assignAddresses() finalized section addresses.
1594 }
1596 // Spilling can change relative section order.
1598 }
1599 }
1607 // If addrExpr is set, the address may not be a multiple of the alignment.
1608 // Warn because this is error-prone.
1617 }
1619 // Sizes are no longer allowed to grow, so all allowable spills have been
1620 // taken. Remove any leftover potential spills.
1622 }
1624 // If Input Sections have been shrunk (basic block sections) then
1625 // update symbol values and sizes associated with these sections. With basic
1626 // block sections, input sections can shrink when the jump instructions at
1627 // the end of the section are relaxed.
1653 }
1662 }
1663 });
1664 }
1665 }
1667 // If basic block sections exist, there are opportunities to delete fall thru
1668 // jumps and shrink jump instructions after basic block reordering. This
1669 // relaxation pass does that. It is only enabled when --optimize-bb-jumps
1670 // option is used.
1676 // For every output section that has executable input sections, this
1677 // does the following:
1678 // 1. Deletes all direct jump instructions in input sections that
1679 // jump to the following section as it is not required.
1680 // 2. If there are two consecutive jump instructions, it checks
1681 // if they can be flipped and one can be deleted.
1687 // Delete all fall through jump instructions. Also, check if two
1688 // consecutive jump instructions can be flipped so that a fall
1689 // through jmp instruction can be deleted.
1694 }
1699 }
1700 }
1707 }
1709 // In order to allow users to manipulate linker-synthesized sections,
1710 // we had to add synthetic sections to the input section list early,
1711 // even before we make decisions whether they are needed. This allows
1712 // users to write scripts like this: ".mygot : { .got }".
1713 //
1714 // Doing it has an unintended side effects. If it turns out that we
1715 // don't need a .got (for example) at all because there's no
1716 // relocation that needs a .got, we don't want to emit .got.
1717 //
1718 // To deal with the above problem, this function is called after
1719 // scanRelocations is called to remove synthetic sections that turn
1720 // out to be empty.
1722 // All input synthetic sections that can be empty are placed after
1723 // all regular ones. Reverse iterate to find the first synthetic section
1724 // after a non-synthetic one which will be our starting point.
1730 // Remove unused synthetic sections from ctx.inputSections;
1737 // .relr.auth.dyn relocations may be moved to .rela.dyn in
1738 // finalizeAddressDependentContent, making .rela.dyn no longer empty.
1739 // Conservatively keep .rela.dyn. .relr.auth.dyn can be made empty, but
1740 // we would fail to remove it here.
1746 });
1749 // Remove unused synthetic sections from the corresponding input section
1750 // description and orphanSections.
1757 });
1760 });
1761 }
1763 // Create output section objects and add them to OutputSections.
1770 // The linker needs to define SECNAME_start, SECNAME_end and SECNAME_stop
1771 // symbols for sections, so that the runtime can get the start and end
1772 // addresses of each section by section name. Add such symbols.
1778 // Add _DYNAMIC symbol. Unlike GNU gold, our _DYNAMIC symbol has no type.
1779 // It should be okay as no one seems to care about the type.
1780 // Even the author of gold doesn't remember why gold behaves that way.
1781 // https://sourceware.org/ml/binutils/2002-03/msg00360.html
1787 }
1789 // Define __rel[a]_iplt_{start,end} symbols if needed.
1792 // RISC-V's gp can address +/- 2 KiB, set it to .sdata + 0x800. This symbol
1793 // should only be defined in an executable. If .sdata does not exist, its
1794 // value/section does not matter but it has to be relative, so set its
1795 // st_shndx arbitrarily to 1 (ctx.out.elfHeader).
1801 STV_DEFAULT);
1802 // Set riscvGlobalPointer to be used by the optional global pointer
1803 // relaxation.
1808 }
1809 }
1810 }
1813 // On targets that support TLSDESC, _TLS_MODULE_BASE_ is defined in such a
1814 // way that:
1815 //
1816 // 1) Without relaxation: it produces a dynamic TLSDESC relocation that
1817 // computes 0.
1818 // 2) With LD->LE relaxation: _TLS_MODULE_BASE_@tpoff = 0 (lowest address
1819 // in the TLS block).
1820 //
1821 // 2) is special cased in @tpoff computation. To satisfy 1), we define it
1822 // as an absolute symbol of zero. This is different from GNU linkers which
1823 // define _TLS_MODULE_BASE_ relative to the first TLS section.
1830 }
1831 }
1833 // This responsible for splitting up .eh_frame section into
1834 // pieces. The relocation scan uses those pieces, so this has to be
1835 // earlier.
1836 {
1840 }
1841 }
1843 // If the previous code block defines any non-hidden symbols (e.g.
1844 // __global_pointer$), they may be exported.
1859 // Change values of linker-script-defined symbols from placeholders (assigned
1860 // by declareSymbols) to actual definitions.
1865 // Scan relocations. This must be done after every symbol is declared so
1866 // that we can correctly decide if a dynamic relocation is needed. This is
1867 // called after processSymbolAssignments() because it needs to know whether
1868 // a linker-script-defined symbol is absolute.
1884 // Error on undefined symbols in a shared object, if all of its DT_NEEDED
1885 // entries are seen. These cases would otherwise lead to runtime errors
1886 // reported by the dynamic linker.
1887 //
1888 // ld.bfd traces all DT_NEEDED to emulate the logic of the dynamic linker
1889 // to catch more cases. That is too much for us. Our approach resembles
1890 // the one used in ld.gold, achieves a good balance to be useful but not
1891 // too smart.
1892 //
1893 // If a DSO reference is resolved by a SharedSymbol, but the SharedSymbol
1894 // is overridden by a hidden visibility Defined (which is later discarded
1895 // due to GC), don't report the diagnostic. However, this may indicate an
1896 // unintended SharedSymbol.
1901 });
1916 }
1917 }
1918 }
1919 }
1920 }
1922 {
1924 // Now that we have defined all possible global symbols including linker-
1925 // synthesized ones. Visit all symbols to give the finishing touches.
1934 // computeBinding might localize a linker-synthesized hidden symbol
1935 // (e.g. __global_pointer$) that was considered exported.
1941 }
1942 }
1944 // We also need to scan the dynamic relocation tables of the other
1945 // partitions and add any referenced symbols to the partition's dynsym.
1955 }
1956 }
1967 // Create a list of OutputSections, assign sectionIndex, and populate
1968 // ctx.in.shStrTab. If -z nosectionheader is specified, drop non-ALLOC
1969 // sections.
1979 }
1981 // Prefer command line supplied address over other constraints.
1986 }
1988 // With the ctx.outputSections available check for GDPLT relocations
1989 // and add __tls_get_addr symbol if needed.
1997 }
1999 // This is a bit of a hack. A value of 0 means undef, so we set it
2000 // to 1 to make __ehdr_start defined. The section number is not
2001 // particularly relevant.
2005 // Binary and relocatable output does not have PHDRS.
2006 // The headers have to be created before finalize as that can influence the
2007 // image base and the dynamic section on mips includes the image base.
2013 // PT_ARM_EXIDX is the ARM EHABI equivalent of PT_GNU_EH_FRAME
2015 }
2017 // Add separate segments for MIPS-specific sections.
2021 }
2024 PF_R);
2025 }
2029 // Find the TLS segment. This happens before the section layout loop so that
2030 // Android relocation packing can look up TLS symbol addresses. We only need
2031 // to care about the main partition here because all TLS symbols were moved
2032 // to the main partition (see MarkLive.cpp).
2036 }
2038 // Some symbols are defined in term of program headers. Now that we
2039 // have the headers, we can find out which sections they point to.
2045 }
2047 {
2065 // Dynamic section must be the last one in this list and dynamic
2066 // symbol table section (dynSymTab) must be the first one.
2070 // Compute DT_RELACOUNT to be used by part.dynamic.
2073 }
2077 }
2081 }
2091 }
2092 }
2097 // This is used to:
2098 // 1) Create "thunks":
2099 // Jump instructions in many ISAs have small displacements, and therefore
2100 // they cannot jump to arbitrary addresses in memory. For example, RISC-V
2101 // JAL instruction can target only +-1 MiB from PC. It is a linker's
2102 // responsibility to create and insert small pieces of code between
2103 // sections to extend the ranges if jump targets are out of range. Such
2104 // code pieces are called "thunks".
2105 //
2106 // We add thunks at this stage. We couldn't do this before this point
2107 // because this is the earliest point where we know sizes of sections and
2108 // their layouts (that are needed to determine if jump targets are in
2109 // range).
2110 //
2111 // 2) Update the sections. We need to generate content that depends on the
2112 // address of InputSections. For example, MIPS GOT section content or
2113 // android packed relocations sections content.
2114 //
2115 // 3) Assign the final values for the linker script symbols. Linker scripts
2116 // sometimes using forward symbol declarations. We want to set the correct
2117 // values. They also might change after adding the thunks.
2120 // All information needed for OutputSection part of Map file is available.
2124 {
2126 // finalizeAddressDependentContent may have added local symbols to the
2127 // static symbol table.
2132 }
2134 // Relaxation to delete inter-basic block jumps created by basic block
2135 // sections. Run after ctx.in.symTab is finalized as optimizeBasicBlockJumps
2136 // can relax jump instructions based on symbol offset.
2140 // Fill other section headers. The dynamic table is finalized
2141 // at the end because some tags like RELSZ depend on result
2142 // of finalizing other sections.
2151 }
2152 }
2154 // Ensure data sections are not mixed with executable sections when
2155 // --execute-only is used. --execute-only make pages executable but not
2156 // readable.
2169 }
2171 // The linker is expected to define SECNAME_start and SECNAME_end
2172 // symbols for a few sections. This function defines them.
2174 // If the associated output section does not exist, there is ambiguity as to
2175 // how we define _start and _end symbols for an init/fini section. Users
2176 // expect no "undefined symbol" linker errors and loaders expect equal
2177 // st_value but do not particularly care whether the symbols are defined or
2178 // not. We retain the output section so that the section indexes will be
2179 // correct.
2189 }
2190 };
2196 // As a special case, don't unnecessarily retain .ARM.exidx, which would
2197 // create an empty PT_ARM_EXIDX.
2200 }
2202 // If a section name is valid as a C identifier (which is rare because of
2203 // the leading '.'), linkers are expected to define __start_<secname> and
2204 // __stop_<secname> symbols. They are at beginning and end of the section,
2205 // respectively. This is not requested by the ELF standard, but GNU ld and
2206 // gold provide the feature, and used by many programs.
2219 }
2225 // Don't allocate VA space for TLS NOBITS sections. The PT_TLS PHDR is
2226 // responsible for allocating space for them, not the PT_LOAD that
2227 // contains the TLS initialization image.
2231 }
2233 // Adjust phdr flags according to certain options.
2240 }
2242 // Decide which program headers to create and which sections to include in each
2243 // one.
2251 };
2256 // Add the first PT_LOAD segment for regular output sections.
2260 // nmagic or omagic output does not have PT_PHDR, PT_INTERP, or the readonly
2261 // PT_LOAD.
2263 // The first phdr entry is PT_PHDR which describes the program header
2264 // itself.
2267 else
2270 // PT_INTERP must be the second entry if exists.
2274 // Add the headers. We will remove them if they don't fit.
2275 // In the other partitions the headers are ordinary sections, so they don't
2276 // need to be added here.
2281 }
2282 }
2284 // PT_GNU_RELRO includes all sections that should be marked as
2285 // read-only by dynamic linker after processing relocations.
2286 // Current dynamic loaders only support one PT_GNU_RELRO PHDR, give
2287 // an error message if more than one PT_GNU_RELRO PHDR is required.
2298 else
2304 }
2305 }
2312 // Normally, sections in partitions other than the current partition are
2313 // ignored. But partition number 255 is a special case: it contains the
2314 // partition end marker (.part.end). It needs to be added to the main
2315 // partition so that a segment is created for it in the main partition,
2316 // which will cause the dynamic loader to reserve space for the other
2317 // partitions.
2322 }
2324 // Segments are contiguous memory regions that has the same attributes
2325 // (e.g. executable or writable). There is one phdr for each segment.
2326 // Therefore, we need to create a new phdr when the next section has
2327 // incompatible flags or is loaded at a discontiguous address or memory
2328 // region using AT or AT> linker script command, respectively.
2329 //
2330 // As an exception, we don't create a separate load segment for the ELF
2331 // headers, even if the first "real" output has an AT or AT> attribute.
2332 //
2333 // In addition, NOBITS sections should only be placed at the end of a LOAD
2334 // segment (since it's represented as p_filesz < p_memsz). If we have a
2335 // not-NOBITS section after a NOBITS, we create a new LOAD for the latter
2336 // even if flags match, so as not to require actually writing the
2337 // supposed-to-be-NOBITS section to the output file. (However, we cannot do
2338 // so when hasSectionsCommand, since we cannot introduce the extra alignment
2339 // needed to create a new LOAD)
2341 // When --no-rosegment is specified, RO and RX sections are compatible.
2359 }
2362 }
2364 // Add a TLS segment if any.
2372 // Add an entry for .dynamic.
2379 // PT_GNU_EH_FRAME is a special section pointing on .eh_frame_hdr.
2386 // PT_OPENBSD_MUTABLE makes the dynamic linker fill the segment with
2387 // zero data, like bss, but it can be treated differently.
2391 // PT_OPENBSD_RANDOMIZE makes the dynamic linker fill the segment
2392 // with random data.
2396 // PT_OPENBSD_SYSCALLS makes the kernel and dynamic linker register
2397 // system call sites.
2400 }
2403 // PT_GNU_STACK is a special section to tell the loader to make the
2404 // pages for the stack non-executable. If you really want an executable
2405 // stack, you can pass -z execstack, but that's not recommended for
2406 // security reasons.
2411 }
2413 // PT_OPENBSD_NOBTCFI is an OpenBSD-specific header to mark that the
2414 // executable is expected to violate branch-target CFI checks.
2418 // PT_OPENBSD_WXNEEDED is a OpenBSD-specific header to mark the executable
2419 // is expected to perform W^X violations, such as calling mprotect(2) or
2420 // mmap(2) with PROT_WRITE | PROT_EXEC, which is prohibited by default on
2421 // OpenBSD.
2428 // Create one PT_NOTE per a group of contiguous SHT_NOTE sections with the
2429 // same alignment.
2440 }
2441 }
2443 }
2451 });
2458 }
2460 // Place the first section of each PT_LOAD to a different page (of maxPageSize).
2461 // This is achieved by assigning an alignment expression to addrExpr of each
2462 // such section.
2471 // Prefer advancing to align(dot, maxPageSize) + dot%maxPageSize to avoid
2472 // padding in the file contents.
2473 //
2474 // When -z separate-code is used we must not have any overlap in pages
2475 // between an executable segment and a non-executable segment. We align to
2476 // the next maximum page size boundary on transitions between executable
2477 // and non-executable segments.
2478 //
2479 // SHT_LLVM_PART_EHDR marks the start of a partition. The partition
2480 // sections will be extracted to a separate file. Align to the next
2481 // maximum page size boundary so that we can find the ELF header at the
2482 // start. We cannot benefit from overlapping p_offset ranges with the
2483 // previous segment anyway.
2490 };
2491 // PT_TLS is at the start of the first RW PT_LOAD. If `p` includes PT_TLS,
2492 // it must be the RW. Align to p_align(PT_TLS) to make sure
2493 // p_vaddr(PT_LOAD)%p_align(PT_LOAD) = 0. Otherwise, if
2494 // sh_addralign(.tdata) < sh_addralign(.tbss), we will set p_align(PT_TLS)
2495 // to sh_addralign(.tbss), while p_vaddr(PT_TLS)=p_vaddr(PT_LOAD) may not
2496 // be congruent to 0 modulo p_align(PT_TLS).
2497 //
2498 // Technically this is not required, but as of 2019, some dynamic loaders
2499 // don't handle p_vaddr%p_align != 0 correctly, e.g. glibc (i386 and
2500 // x86-64) doesn't make runtime address congruent to p_vaddr modulo
2501 // p_align for dynamic TLS blocks (PR/24606), FreeBSD rtld has the same
2502 // bug, musl (TLS Variant 1 architectures) before 1.1.23 handled TLS
2503 // blocks correctly. We need to keep the workaround for a while.
2509 };
2510 else
2514 };
2515 }
2516 };
2524 }
2525 }
2526 }
2528 // Compute an in-file position for a given section. The file offset must be the
2529 // same with its virtual address modulo the page size, so that the loader can
2530 // load executables without any address adjustment.
2532 // The first section in a PT_LOAD has to have congruent offset and address
2533 // modulo the maximum page size.
2537 // File offsets are not significant for .bss sections other than the first one
2538 // in a PT_LOAD/PT_TLS. By convention, we keep section offsets monotonically
2539 // increasing rather than setting to zero.
2543 // If the section is not in a PT_LOAD, we just have to align it.
2547 // If two sections share the same PT_LOAD the file offset is calculated
2548 // using this formula: Off2 = Off1 + (VA2 - VA1).
2551 }
2554 // Compute the minimum LMA of all non-empty non-NOBITS sections as minAddr.
2557 };
2563 }
2565 // Sections are laid out at LMA minus minAddr.
2571 }
2572 }
2576 }
2578 // Assign file offsets to output sections.
2589 // Layout SHF_ALLOC sections before non-SHF_ALLOC sections. A non-SHF_ALLOC
2590 // will not occupy file offsets contained by a PT_LOAD.
2599 // If this is a last section of the last executable segment and that
2600 // segment is the last loadable segment, align the offset of the
2601 // following section to avoid loading non-segments parts of the file.
2605 }
2611 }
2614 fileSize =
2617 // Our logic assumes that sections have rising VA within the same segment.
2618 // With use of linker scripts it is possible to violate this rule and get file
2619 // offset overlaps or overflows. That should never happen with a valid script
2620 // which does not move the location counter backwards and usually scripts do
2621 // not do that. Unfortunately, there are apps in the wild, for example, Linux
2622 // kernel, which control segment distribution explicitly and move the counter
2623 // backwards, so we have to allow doing that to support linking them. We
2624 // perform non-critical checks for overlaps in checkSectionOverlap(), but here
2625 // we want to prevent file size overflows because it would crash the linker.
2634 }
2635 }
2637 // Finalize the program headers. We call this function after we assign
2638 // file offsets and VAs to all sections.
2644 // .ARM.exidx sections may not be within a single .ARM.exidx
2645 // output section. We always want to describe just the
2646 // SyntheticSection.
2659 }
2670 // File offsets in partitions other than the main partition are relative
2671 // to the offset of the ELF headers. Perform that adjustment now.
2677 }
2678 }
2679 }
2681 // A helper struct for checkSectionOverlap.
2686 };
2689 // Check whether sections overlap for a specific address range (file offsets,
2690 // load and virtual addresses).
2696 });
2698 // Finding overlap is easy given a vector is sorted by start position.
2699 // If an element starts before the end of the previous element, they overlap.
2706 // If both sections are in OVERLAY we allow the overlapping of virtual
2707 // addresses, because it is what OVERLAY was designed for.
2716 }
2717 }
2719 // Check for overlapping sections and address overflows.
2720 //
2721 // In this function we check that none of the output sections have overlapping
2722 // file offsets. For SHF_ALLOC sections we also check that the load address
2723 // ranges and the virtual address ranges don't overlap
2725 // First, check that section's VAs fit in available address space for target.
2734 // Check for overlapping file offsets. In this case we need to skip any
2735 // section marked as SHT_NOBITS. These sections don't actually occupy space in
2736 // the file so Sec->Offset + Sec->Size can overlap with others. If --oformat
2737 // binary is specified only add SHF_ALLOC sections are added to the output
2738 // file so we skip any non-allocated sections in that case.
2746 // When linking with -r there is no need to check for overlapping virtual/load
2747 // addresses since those addresses will only be assigned when the final
2748 // executable/shared object is created.
2752 // Checking for overlapping virtual and load addresses only needs to take
2753 // into account SHF_ALLOC sections since others will not be loaded.
2754 // Furthermore, we also need to skip SHF_TLS sections since these will be
2755 // mapped to other addresses at runtime and can therefore have overlapping
2756 // ranges in the file.
2763 // Finally, check that the load addresses don't overlap. This will usually be
2764 // the same as the virtual addresses but can be different when using a linker
2765 // script with AT().
2771 }
2773 // The entry point address is chosen in the following ways.
2774 //
2775 // 1. the '-e' entry command-line option;
2776 // 2. the ENTRY(symbol) command in a linker control script;
2777 // 3. the value of the symbol _start, if present;
2778 // 4. the number represented by the entry symbol, if it is a number;
2779 // 5. the address 0.
2781 // Case 1, 2 or 3
2785 // Case 4
2790 // Case 5
2795 }
2803 }
2813 // If -z nosectionheader is specified, omit the section header table.
2818 // Write the section header table.
2819 //
2820 // The ELF header can only store numbers up to SHN_LORESERVE in the e_shnum
2821 // and e_shstrndx fields. When the value of one of these fields exceeds
2822 // SHN_LORESERVE ELF requires us to put sentinel values in the ELF header and
2823 // use fields in the section header at index 0 to store
2824 // the value. The sentinel values and fields are:
2825 // e_shnum = 0, SHdrs[0].sh_size = number of sections.
2826 // e_shstrndx = SHN_XINDEX, SHdrs[0].sh_link = .shstrtab section index.
2831 else
2840 }
2844 }
2846 // Open a result file.
2858 }
2873 }
2876 }
2883 }
2889 }
2891 // Fill the last page of executable segments with trap instructions
2892 // instead of leaving them as zero. Even though it is not required by any
2893 // standard, it is in general a good thing to do for security reasons.
2894 //
2895 // We'll leave other pages in segments as-is because the rest will be
2896 // overwritten by output sections.
2899 // Fill the last page.
2908 // Round up the file size of the last segment to the page boundary iff it is
2909 // an executable segment to ensure that other tools don't accidentally
2910 // trim the instruction padding (e.g. when stripping the file).
2919 }
2920 }
2922 // Write section contents to a mmap'ed file.
2926 {
2927 // In -r or --emit-relocs mode, write the relocation sections first as in
2928 // ELf_Rel targets we might find out that we need to modify the relocated
2929 // section while doing it.
2934 }
2935 {
2940 }
2942 // Finally, check that all dynamic relocation addends were written correctly.
2947 }
2948 }
2950 // Computes a hash value of Data using a given hash function.
2951 // In order to utilize multiple cores, we first split data into 1MB
2952 // chunks, compute a hash for each chunk, and then compute a hash value
2953 // of the hash values.
2954 static void
2962 // Compute hash values.
2965 });
2967 // Write to the final output buffer.
2969 }
2979 }
2981 // Compute a hash of all sections of the output file.
2987 // Fedora introduced build ID as "approximation of true uniqueness across all
2988 // binaries that might be used by overlapping sets of people". It does not
2989 // need some security goals that some hash algorithms strive to provide, e.g.
2990 // (second-)preimage and collision resistance. In practice people use 'md5'
2991 // and 'sha1' just for different lengths. Implement them with the more
2992 // efficient BLAKE3.
2997 });
3002 });
3007 });
3015 }
3018 }