This chapter describes the executable and linking format (ELF) of the object files produced by the assembler and link-editor. There are three main types of object files:
A relocatable file holds code and data suitable to be linked with other object files to create an executable or shared object file, or another relocatable object.
An executable file holds a program that is ready to execute. The file specifies how exec(2) creates a program's process image.
A shared object file holds code and data suitable to be linked in two contexts. First, the link-editor can process this file with other relocatable and shared object files to create other object files. Second, the runtime linker combines this file with a dynamic executable file and other shared objects to create a process image.
The first section in this chapter, File Format, focuses on the format of object files and how that pertains to creating programs. The second section, Dynamic Linking, focuses on how the format pertains to loading programs.
Programs manipulate object files with the functions contained in the ELF access library, libelf. Refer to the elf(3ELF) man page for a description of libelf contents. Sample source code that uses libelf is provided in the SUNWosdem package under the /usr/demo/ELF directory.
Object files participate in both program linking and program execution. For convenience and efficiency, the object file format provides parallel views of a file's contents, reflecting the differing needs of these activities. The following figure shows an object file's organization.
An ELF header resides at the beginning of an object file and holds a road map describing the file's organization.
Only the ELF header has a fixed position in the file. The flexibility of the ELF format requires no specified order for header tables, sections or segments. However, this figure is typical of the layout used in Solaris.
Sections represent the smallest indivisible units that can be processed within an ELF file. Segments are a collection of sections that represent the smallest individual units that can be mapped to a memory image by exec(2) or by the runtime linker.
Sections hold the bulk of object file information for the linking view: instructions, data, symbol table, relocation information, and so on. Descriptions of sections appear in the first part of this chapter. The second part of this chapter discusses segments and the program execution view of the file.
A program header table, if present, tells the system how to create a process image. Files used to generate a process image, executables and shared objects, must have a program header table; relocatable objects do not need such a table.
A section header table contains information describing the file's sections. Every section has an entry in the table. Each entry gives information such as the section name, the section size, and so forth. Files used in link-editing must have a section header table; other object files might or might not have one.
The object file format supports various processors with 8-bit bytes, 32–bit and 64–bit architectures. Nevertheless, it is intended to be extensible to larger (or smaller) architectures. Table 7–1 and Table 7–2 list the 32–bit and 64–bit data types.
Object files represent some control data with a machine-independent format. making it possible to identify object files and interpret their contents in a common way. The remaining data in an object file use the encoding of the target processor, regardless of the machine on which the file was created.
Table 7–1 ELF 32–Bit Data Types
Name |
Size |
Alignment |
Purpose |
---|---|---|---|
Elf32_Addr |
4 |
4 |
Unsigned program address |
Elf32_Half |
2 |
2 |
Unsigned medium integer |
Elf32_Off |
4 |
4 |
Unsigned file offset |
Elf32_Sword |
4 |
4 |
Signed integer |
Elf32_Word |
4 |
4 |
Unsigned integer |
unsigned char |
1 |
1 |
Unsigned small integer |
Table 7–2 ELF 64–Bit Data Types
Name |
Size |
Alignment |
Purpose |
---|---|---|---|
Elf64_Addr |
8 |
8 |
Unsigned program address |
Elf64_Half |
2 |
2 |
Unsigned medium integer |
Elf64_Off |
8 |
8 |
Unsigned file offset |
Elf64_Sword |
4 |
4 |
Signed integer |
Elf64_Word |
4 |
4 |
Unsigned integer |
Elf64_Xword |
8 |
8 |
Unsigned long integer |
Elf64_Sxword |
8 |
8 |
Signed long integer |
unsigned char |
1 |
1 |
Unsigned small integer |
All data structures that the object file format defines follow the natural size and alignment guidelines for the relevant class. If necessary, data structures contain explicit padding to ensure 4-byte alignment for 4-byte objects, to force structure sizes to a multiple of 4, and so forth. Data also have suitable alignment from the beginning of the file. Thus, for example, a structure containing an Elf32_Addr member will be aligned on a 4-byte boundary within the file, and a structure containing an Elf64_Addr member will be aligned on an 8–byte boundary.
For portability, ELF uses no bit-fields.
Some object file control structures can grow because the ELF header contains their actual sizes. If the object file format changes, a program can encounter control structures that are larger or smaller than expected. Programs might therefore ignore extra information. The treatment of missing information depends on context and will be specified if and when extensions are defined.
The ELF header has the following structure, defined in sys/elf.h:
#define EI_NIDENT 16 typedef struct { unsigned char e_ident[EI_NIDENT]; Elf32_Half e_type; Elf32_Half e_machine; Elf32_Word e_version; Elf32_Addr e_entry; Elf32_Off e_phoff; Elf32_Off e_shoff; Elf32_Word e_flags; Elf32_Half e_ehsize; Elf32_Half e_phentsize; Elf32_Half e_phnum; Elf32_Half e_shentsize; Elf32_Half e_shnum; Elf32_Half e_shstrndx; } Elf32_Ehdr; typedef struct { unsigned char e_ident[EI_NIDENT]; Elf64_Half e_type; Elf64_Half e_machine; Elf64_Word e_version; Elf64_Addr e_entry; Elf64_Off e_phoff; Elf64_Off e_shoff; Elf64_Word e_flags; Elf64_Half e_ehsize; Elf64_Half e_phentsize; Elf64_Half e_phnum; Elf64_Half e_shentsize; Elf64_Half e_shnum; Elf64_Half e_shstrndx; } Elf64_Ehdr;
The elements of this structure are:
The initial bytes mark the file as an object file and provide machine-independent data with which to decode and interpret the file's contents. Complete descriptions appear in ELF Identification.
Identifies the object file type, as listed in the following table.
Table 7–3 ELF File Identifiers
Name |
Value |
Meaning |
---|---|---|
ET_NONE |
0 |
No file type |
ET_REL |
1 |
Relocatable file |
ET_EXEC |
2 |
Executable file |
ET_DYN |
3 |
Shared object file |
ET_CORE |
4 |
Core file |
ET_LOPROC |
0xff00 |
Processor-specific |
ET_HIPROC |
0xffff |
Processor-specific |
Although the core file contents are unspecified, type ET_CORE is reserved to mark the file. Values from ET_LOPROC through ET_HIPROC (inclusive) are reserved for processor-specific semantics. Other values are reserved and will be assigned to new object file types as necessary.
Specifies the required architecture for an individual file. Relevant architectures are listed in the following table.
Table 7–4 ELF Machines
Name |
Value |
Meaning |
---|---|---|
EM_NONE |
0 |
No machine |
EM_SPARC |
2 |
SPARC |
EM_386 |
3 |
Intel 80386 |
EM_SPARC32PLUS |
18 |
Sun SPARC 32+ |
EM_SPARCV9 |
43 |
SPARC V9 |
Other values are reserved and will be assigned to new machines as necessary (see sys/elf.h). Processor-specific ELF names use the machine name to distinguish them. For example, the flags defined in Table 7–5 use the prefix EF_. A flag named WIDGET for the EM_XYZ machine would be called EF_XYZ_WIDGET.
Identifies the object file version, as listed in the following table.
Table 7–5 ELF Versions
Name |
Value |
Meaning |
---|---|---|
EV_NONE |
0 |
Invalid version |
EV_CURRENT |
>=1 |
Current version |
The value 1 signifies the original file format. The value of EV_CURRENT changes as necessary to reflect the current version number.
The virtual address to which the system first transfers control, thus starting the process. If the file has no associated entry point, this member holds zero.
The program header table's file offset in bytes. If the file has no program header table, this member holds zero.
The section header table's file offset in bytes. If the file has no section header table, this member holds zero.
Processor-specific flags associated with the file. Flag names take the form EF_machine_flag. This member is presently zero for x86. The SPARC flags are listed in the following table.
Table 7–6 SPARC: ELF Flags
Name |
Value |
Meaning |
---|---|---|
EF_SPARC_EXT_MASK |
0xffff00 |
Vendor Extension mask |
EF_SPARC_32PLUS |
0x000100 |
Generic V8+ features |
EF_SPARC_SUN_US1 |
0x000200 |
Sun UltraSPARC™ 1 Extensions |
EF_SPARC_HAL_R1 |
0x000400 |
HAL R1 Extensions |
EF_SPARC_SUN_US3 |
0x000800 |
Sun UltraSPARC 3 Extensions |
EF_SPARCV9_MM |
0x3 |
Mask for Memory Model |
EF_SPARCV9_TSO |
0x0 |
Total Store Ordering |
EF_SPARCV9_PSO |
0x1 |
Partial Store Ordering |
EF_SPARCV9_RMO |
0x2 |
Relaxed Memory Ordering |
The ELF header's size in bytes.
The size in bytes of one entry in the file's program header table. All entries are the same size.
The number of entries in the program header table. The product of e_phentsize and e_phnum gives the table's size in bytes. If a file has no program header table, e_phnum holds the value zero.
A section header's size in bytes. A section header is one entry in the section header table. All entries are the same size.
The number of entries in the section header table. The product of e_shentsize and e_shnum gives the section header table's size in bytes. If a file has no section header table, e_shnum holds the value zero.
If the number of sections is greater than or equal to SHN_LORESERVE (0xff00), this member has the value zero and the actual number of section header table entries is contained in the sh_size field of the section header at index 0. Otherwise, the sh_size member of the initial entry contains 0.
The section header table index of the entry that is associated with the section name string table. If the file has no section name string table, this member holds the value SHN_UNDEF.
If the section name string table section index is greater than or equal to SHN_LORESERVE (0xff00), this member has the value SHN_XINDEX (0xffff) and the actual index of the section name string table section is contained in the sh_link field of the section header at index 0. Otherwise, the sh_link member of the initial entry contains 0.
ELF provides an object file framework to support multiple processors, multiple data encoding, and multiple classes of machines. To support this object file family, the initial bytes of the file specify how to interpret the file. These bytes are independent of the processor on which the inquiry is made and independent of the file's remaining contents.
The initial bytes of an ELF header and an object file correspond to the e_ident member.
Table 7–7 ELF Identification Index
Name |
Value |
Purpose |
---|---|---|
EI_MAG0 |
0 |
File identification |
EI_MAG1 |
1 |
File identification |
EI_MAG2 |
2 |
File identification |
EI_MAG3 |
3 |
File identification |
EI_CLASS |
4 |
File class |
EI_DATA |
5 |
Data encoding |
EI_VERSION |
6 |
File version |
EI_OSABI |
7 |
Operating system/ABI identification |
EI_ABIVERSION |
8 |
ABI version |
EI_PAD |
9 |
Start of padding bytes |
EI_NIDENT |
16 |
Size of e_ident[] |
These indexes access bytes that hold the values described below.
A 4–byte magic number, identifying the file as an ELF object file, as listed in the following table.
Table 7–8 ELF Magic Number
Name |
Value |
Position |
---|---|---|
ELFMAG0 |
0x7f |
e_ident[EI_MAG0] |
ELFMAG1 |
'E' |
e_ident[EI_MAG1] |
ELFMAG2 |
'L' |
e_ident[EI_MAG2] |
ELFMAG3 |
'F' |
e_ident[EI_MAG3] |
Byte e_ident[EI_CLASS] identifies the file's class, or capacity, as listed in the following table.
Table 7–9 ELF File Class
Name |
Value |
Meaning |
---|---|---|
ELFCLASSNONE |
0 |
Invalid class |
ELFCLASS32 |
1 |
32–bit objects |
ELFCLASS64 |
2 |
64–bit objects |
The file format is designed to be portable among machines of various sizes, without imposing the sizes of the largest machine on the smallest. The class of the file defines the basic types used by the data structures of the object file container itself. The data contained in object file sections may follow a different programming model.
Class ELFCLASS32 supports machines with files and virtual address spaces up to 4 gigabytes. It uses the basic types defined in Table 7–1.
Class ELFCLASS64 is reserved for 64–bit architectures such as SPARC. It uses the basic types defined in Table 7–2.
Byte e_ident[EI_DATA] specifies the data encoding of the processor-specific data in the object file, as listed in the following table.
Table 7–10 ELF Data Encoding
Name |
Value |
Meaning |
---|---|---|
ELFDATANONE |
0 |
Invalid data encoding |
ELFDATA2LSB |
1 |
See Figure 7–2. |
ELFDATA2MSB |
2 |
See Figure 7–3. |
More information on these encodings appears in the section Data Encoding. Other values are reserved and will be assigned to new encodings as necessary.
Byte e_ident[EI_VERSION] specifies the ELF header version number. Currently, this value must be EV_CURRENT.
Byte e_ident[EI_OSABI] identifies the operating system and ABI to which the object is targeted. Some fields in other ELF structures have flags and values that have operating system or ABI specific meanings. The interpretation of those fields is determined by the value of this byte.
Byte e_ident[EI_ABIVERSION] identifies the version of the ABI to which the object is targeted. This field is used to distinguish among incompatible versions of an ABI. The interpretation of this version number is dependent on the ABI identified by the EI_OSABI field. If no values are specified for the EI_OSABI field for the processor, or no version values are specified for the ABI determined by a particular value of the EI_OSABI byte, the value 0 is used to indicate unspecified.
This value marks the beginning of the unused bytes in e_ident. These bytes are reserved and set to zero. Programs that read object files should ignore them.
A file's data encoding specifies how to interpret the basic objects in a file. Class ELFCLASS32 files use objects that occupy 1, 2, and 4 bytes. Class ELFCLASS64 files use objects that occupy 1, 2, 4, and 8 bytes. Under the defined encodings, objects are represented as shown below. Byte numbers appear in the upper left corners.
Encoding ELFDATA2LSB specifies 2's complement values, with the least significant byte occupying the lowest address.
Encoding ELFDATA2MSB specifies 2's complement values, with the most significant byte occupying the lowest address.
An object file's section header table helps you locate all of the sections of the file. The section header table is an array of Elf32_Shdr or Elf64_Shdr structures, as described below. A section header table index is a subscript into this array. The ELF header's e_shoff member gives the byte offset from the beginning of the file to the section header table; e_shnum tells how many entries the section header table contains; e_shentsize gives the size in bytes of each entry.
If the number of sections is greater than or equal to SHN_LORESERVE (0xff00), e_shnum has the value SHN_UNDEF (0) and the actual number of section header table entries is contained in the sh_size field of the section header at index 0. Otherwise, the sh_size member of the initial entry contains 0.
Some section header table indexes are reserved in contexts where index size is restricted. For example, the st_shndx member of a symbol table entry and the e_shnum and e_shstrndx members of the ELF header. In such contexts, the reserved values do not represent actual sections in the object file. Also in such contexts, an escape value indicates that the actual section index is to be found elsewhere, in a larger field.
Table 7–11 ELF Special Section Indexes
Name |
Value |
---|---|
SHN_UNDEF |
0 |
SHN_LORESERVE |
0xff00 |
SHN_LOPROC |
0xff00 |
SHN_BEFORE |
0xff00 |
SHN_AFTER |
0xff01 |
SHN_HIPROC |
0xff1f |
SHN_LOOS |
0xff20 |
SHN_HIOS |
0xff3f |
SHN_ABS |
0xfff1 |
SHN_COMMON |
0xfff2 |
SHN_XINDEX |
0xffff |
SHN_HIRESERVE |
0xffff |
Although index 0 is reserved as the undefined value, the section header table contains an entry for index 0. That is, if the e_shnum member of the ELF header says a file has 6 entries in the section header table, they have the indexes 0 through 5. The contents of the initial entry are specified later in this section.
An undefined, missing, irrelevant, or otherwise meaningless section reference. For example, a symbol defined relative to section number SHN_UNDEF is an undefined symbol.
The lower boundary of the range of reserved indexes.
Values in this inclusive range are reserved for processor-specific semantics.
Values in this inclusive range are reserved for operating system-specific semantics.
Provide for initial and final section ordering in conjunction with the SHF_LINK_ORDER and SHF_ORDERED section flags, listed in Table 7–14.
Absolute values for the corresponding reference. For example, symbols defined relative to section number SHN_ABS have absolute values and are not affected by relocation.
Symbols defined relative to this section are common symbols, such as FORTRAN COMMON or unallocated C external variables. These symbols are sometimes referred to as tentative.
An escape value indicating that the actual section header index is too large to fit in the containing field. The header section index is found in another location specific to the structure where it appears.
The upper boundary of the range of reserved indexes. The system reserves indexes between SHN_LORESERVE and SHN_HIRESERVE, inclusive. The values do not reference the section header table. The section header table does not contain entries for the reserved indexes.
Sections contain all information in an object file except the ELF header, the program header table, and the section header table. Moreover, the sections in object files satisfy several conditions:
Every section in an object file has exactly one section header describing it. Section headers can exist that do not have a section.
Each section occupies one contiguous, possibly empty, sequence of bytes within a file.
Sections in a file cannot overlap. No byte in a file resides in more than one section.
An object file can have inactive space. The various headers and the sections might not cover every byte in an object file. The contents of the inactive data are unspecified.
A section header has the following structure, defined in sys/elf.h:
typedef struct { Elf32_Word sh_name; Elf32_Word sh_type; Elf32_Word sh_flags; Elf32_Addr sh_addr; Elf32_Off sh_offset; Elf32_Word sh_size; Elf32_Word sh_link; Elf32_Word sh_info; Elf32_Word sh_addralign; Elf32_Word sh_entsize; } Elf32_Shdr; typedef struct { Elf64_Word sh_name; Elf64_Word sh_type; Elf64_Xword sh_flags; Elf64_Addr sh_addr; Elf64_Off sh_offset; Elf64_Xword sh_size; Elf64_Word sh_link; Elf64_Word sh_info; Elf64_Xword sh_addralign; Elf64_Xword sh_entsize; } Elf64_Shdr;
The elements of this structure are:
The name of the section. Its value is an index into the section header string table section giving the location of a null-terminated string. Section names and their descriptions are listed in Table 7–17.
Categorizes the section's contents and semantics. Section types and their descriptions are listed in Table 7–12.
Sections support 1-bit flags that describe miscellaneous attributes. Flag definitions are listed in Table 7–14.
If the section is to appear in the memory image of a process, this member gives the address at which the section's first byte should reside. Otherwise, the member contains 0.
The byte offset from the beginning of the file to the first byte in the section. Section type SHT_NOBITS occupies no space in the file. Its sh_offset member locates the conceptual placement in the file.
The section's size in bytes. Unless the section type is SHT_NOBITS, the section occupies sh_size bytes in the file. A section of type SHT_NOBITS can have a nonzero size, but it occupies no space in the file.
A section header table index link, whose interpretation depends on the section type. Table 7–15 describes the values.
Extra information, whose interpretation depends on the section type. Table 7–15 describes the values.
Some sections have address alignment constraints. For example, if a section holds a double-word, the system must ensure double-word alignment for the entire section. That is, the value of sh_addr must be congruent to 0, modulo the value of sh_addralign. Currently, only 0 and positive integral powers of two are allowed. Values 0 and 1 mean the section has no alignment constraints.
Some sections hold a table of fixed-size entries, such as a symbol table. For such a section, this member gives the size in bytes of each entry. The member contains 0 if the section does not hold a table of fixed-size entries.
A section header's sh_type member specifies the section's semantics, as shown in the following table.
Table 7–12 ELF Section Types, sh_type
Name |
Value |
---|---|
SHT_NULL |
0 |
SHT_PROGBITS |
1 |
SHT_SYMTAB |
2 |
SHT_STRTAB |
3 |
SHT_RELA |
4 |
SHT_HASH |
5 |
SHT_DYNAMIC |
6 |
SHT_NOTE |
7 |
SHT_NOBITS |
8 |
SHT_REL |
9 |
SHT_SHLIB |
10 |
SHT_DYNSYM |
11 |
SHT_INIT_ARRAY |
14 |
SHT_FINI_ARRAY |
15 |
SHT_PREINIT_ARRAY |
16 |
SHT_GROUP |
17 |
SHT_SYMTAB_SHNDX |
18 |
SHT_LOOS |
0x60000000 |
SHT_SUNW_move |
0x6ffffffa |
SHT_SUNW_COMDAT |
0x6ffffffb |
SHT_SUNW_syminfo |
0x6ffffffc |
SHT_SUNW_verdef |
0x6ffffffd |
SHT_SUNW_verneed |
0x6ffffffe |
SHT_SUNW_versym |
0x6fffffff |
SHT_HIOS |
0x6fffffff |
SHT_LOPROC |
0x70000000 |
SHT_HIPROC |
0x7fffffff |
SHT_LOUSER |
0x80000000 |
SHT_HIUSER |
0xffffffff |
Identifies the section header as inactive. This section header does not have an associated section. Other members of the section header have undefined values.
Identifies information defined by the program, whose format and meaning are determined solely by the program.
Identifies a symbol table. Typically a SHT_SYMTAB section provides symbols for link-editing. As a complete symbol table, it can contain many symbols unnecessary for dynamic linking. Consequently, an object file can also contain a SHT_DYNSYM section, which holds a minimal set of dynamic linking symbols, to save space. See Symbol Table for details.
Identifies a string table. An object file can have multiple string table sections. See String Table for details.
Identifies relocation entries with explicit addends, such as type Elf32_Rela for the 32–bit class of object files. An object file can have multiple relocation sections. See Relocation for details.
Identifies a symbol hash table. All dynamically linked object files must contain a symbol hash table. Currently, an object file can have only one hash table, but this restriction might be relaxed in the future. See Hash Table for details.
Identifies information for dynamic linking. Currently, an object file can have only one dynamic section. See Dynamic Section for details.
Identifies information that marks the file in some way. See Note Section for details.
Identifies a section that occupies no space in the file but otherwise resembles SHT_PROGBITS. Although this section contains no bytes, the sh_offset member contains the conceptual file offset.
Identifies relocation entries without explicit addends, such as type Elf32_Rel for the 32–bit class of object files. An object file can have multiple relocation sections. See Relocation for details.
Identifies a reserved section which has unspecified semantics. Programs that contain a section of this type do not conform to the ABI.
Identifies a section containing an array of pointers to initialization functions. Each pointer in the array is taken as a parameterless procedure with a void return. See Initialization and Termination Sections for details.
Identifies a section containing an array of pointers to termination functions. Each pointer in the array is taken as a parameterless procedure with a void return. See Initialization and Termination Sections for details.
Identifies a section containing an array of pointers to functions that are invoked before all other initialization functions. Each pointer in the array is taken as a parameterless procedure with a void return. See Initialization and Termination Sections for details.
Identifies a section group. A section group is a set of sections that are related and that must be treated specially by the link-editor. Sections of type SHT_GROUP may appear only in relocatable objects. The section header table entry for a group section must appear in the section header table before the entries for any of the sections that are members of the group. See Section Groups for details.
Identifies a section containing extended section indexes, that is associated with a symbol table. If any section header indexes referenced by a symbol table, contain the escape value SHN_XINDEX, an associated SHT_SYMTAB_SHNDX is required.
The SHT_SYMTAB_SHNDX section is an array of Elf32_Word values. Each value corresponds one to one with a symbol table entry and appear in the same order as those entries. The values represent the section header indexes against which the symbol table entries are defined. Only if corresponding symbol table entry's st_shndx field contains the escape value SHN_XINDEX will the matching Elf32_Word hold the actual section header index; otherwise, the entry must be SHN_UNDEF (0).
Values in this inclusive range are reserved for operating system-specific semantics.
Identifies data to handle partially initialized symbols. See Move Section for details.
Identifies a section that allows multiple copies of the same data to be reduced to a single copy. See Comdat Section for details.
Identifies additional symbol information. See Syminfo Table for details.
Identifies fine-grained versions defined by this file. See Version Definition Section for details.
Identifies fine-grained dependencies required by this file. See Version Dependency Section for details.
Identifies a table describing the relationship of symbols to the version definitions offered by the file. See Version Symbol Section for details.
Values in this inclusive range are reserved for processor-specific semantics.
Specifies the lower boundary of the range of indexes reserved for application programs.
Specifies the upper boundary of the range of indexes reserved for application programs. Section types between SHT_LOUSER and SHT_HIUSER can be used by the application without conflicting with current or future system-defined section types.
Other section-type values are reserved. As mentioned before, the section header for index 0 (SHN_UNDEF) exists, even though the index marks undefined section references. The following table shows the values.
Table 7–13 ELF Section Header Table Entry: Index 0
Name |
Value |
Note |
---|---|---|
sh_name |
0 |
No name |
sh_type |
SHT_NULL |
Inactive |
sh_flags |
0 |
No flags |
sh_addr |
0 |
No address |
sh_offset |
0 |
No file offset |
sh_size |
0 |
No size |
sh_link |
SHN_UNDEF |
No link information |
sh_info |
0 |
No auxiliary information |
sh_addralign |
0 |
No alignment |
sh_entsize |
0 |
No entries |
A section header's sh_flags member holds 1-bit flags that describe the section's attributes:
Table 7–14 ELF Section Attribute Flags
Name |
Value |
---|---|
SHF_WRITE |
0x1 |
SHF_ALLOC |
0x2 |
SHF_EXECINSTR |
0x4 |
SHF_MERGE |
0x10 |
SHF_STRINGS |
0x20 |
SHF_INFO_LINK |
0x40 |
SHF_LINK_ORDER |
0x80 |
SHF_OS_NONCONFORMING |
0x100 |
SHF_GROUP |
0x200 |
SHF_TLS |
0x400 |
SHF_MASKOS |
0x0ff00000 |
SHF_ORDERED |
0x40000000 |
SHF_EXCLUDE |
0x80000000 |
SHF_MASKPROC |
0xf0000000 |
If a flag bit is set in sh_flags, the attribute is on for the section. Otherwise, the attribute is off or does not apply. Undefined attributes are reserved and set to zero.
Identifies a section that should be writable during process execution.
Identifies a section that occupies memory during process execution. Some control sections do not reside in the memory image of an object file. This attribute is off for those sections.
Identifies a section that contains executable machine instructions.
Identifies a section containing data that may be merged to eliminate duplication. Unless the SHF_STRINGS flag is also set, the data elements in the section are of a uniform size. The size of each element is specified in the section header's sh_entsize field. If the SHF_STRINGS flag is also set, the data elements consist of null-terminated character strings. The size of each character is specified in the section header's sh_entsize field.
Identifies a section that consists of null-terminated character strings. The size of each character is specified in the section header's sh_entsize field.
This section headers sh_info field holds a section header table index.
This section adds special ordering requirements to the link-editor. The requirements apply if the sh_link field of this section's header references another section, the linked-to section. If this section is combined with other sections in the output file, the section appears in the same relative order with respect to those sections. Similarly the linked-to section appears with respect to sections the linked-to section is combined with.
The special sh_link values SHN_BEFORE and SHN_AFTER (see Table 7–11) imply that the sorted section is to precede or follow, respectively, all other sections in the set being ordered. Input file link-line order is preserved if multiple sections in an ordered set have one of these special values.
A typical use of this flag is to build a table that references text or data sections in address order.
In the absence of the sh_link ordering information, sections from a single input file combined within one section of the output file will be contiguous and have the same relative ordering as they did in the input file. The contributions from multiple input files appear in link-line order.
This section requires special OS-specific processing beyond the standard linking rules to avoid incorrect behavior. If this section has either an sh_type value or contains sh_flags bits in the OS-specific ranges for those fields, and the link-editor does not recognize these values, then the link-editor will reject the object file containing this section with an error.
This section is a member, perhaps the only one, of a section group. The section must be referenced by a section of type SHT_GROUP. The SHF_GROUP flag can be set only for sections contained in relocatable objects. See Section Groups for further details.
This section holds thread-local storage, meaning that each separate execution flow has its own distinct instance of this data. See Thread-Local Storage for more information.
All bits included in this mask are reserved for operating system-specific semantics.
This section requires ordering in relation to other sections of the same type. Ordered sections are combined within the section pointed to by the sh_link entry. The sh_link entry of an ordered section can point to itself.
If the sh_info entry of the ordered section is a valid section within the same input file, the ordered section will be sorted based on the relative ordering within the output file of the section pointed to by the sh_info entry.
The special sh_info values SHN_BEFORE and SHN_AFTER (see Table 7–11) imply that the sorted section is to precede or follow, respectively, all other sections in the set being ordered. Input file link-line order is preserved if multiple sections in an ordered set have one of these special values.
In the absence of the sh_info ordering information, sections from a single input file combined within one section of the output file will be contiguous and have the same relative ordering as they did in the input file. The contributions from multiple input files appear in link-line order.
This section is excluded from input to the link-edit of an executable or shared object. This flag is ignored if the SHF_ALLOC flag is also set, or if relocations exist against the section.
All bits included in this mask are reserved for processor-specific semantics.
Two members in the section header, sh_link and sh_info, hold special information, depending on section type.
Table 7–15 ELF sh_link and sh_info Interpretation
sh_type |
sh_link |
sh_info |
---|---|---|
SHT_DYNAMIC |
The section header index of the associated string table. |
0 |
SHT_HASH |
The section header index of the associated symbol table. |
0 |
SHT_REL SHT_RELA |
The section header index of the associated symbol table. |
The section header index of the section to which the relocation applies. See also Table 7–17 and Relocation. |
SHT_SYMTAB SHT_DYNSYM |
The section header index of the associated string table. |
One greater than the symbol table index of the last local symbol (binding STB_LOCAL). |
SHT_GROUP |
The section header index of the associated symbol table. |
The symbol table index of an entry in the associated symbol table. The name of the specified symbol table entry provides a signature for the section group. |
SHT_SYMTAB_SHNDX |
The section header index of the associated symbol table. |
0 |
SHT_SUNW_move |
The section header index of the associated symbol table. |
0 |
SHT_SUNW_COMDAT |
0 |
0 |
SHT_SUNW_syminfo |
The section header index of the associated symbol table. |
The section header index of the associated .dynamic section. |
SHT_SUNW_verdef |
The section header index of the associated string table. |
The number of version definitions within the section. |
SHT_SUNW_verneed |
The section header index of the associated string table. |
The number of version dependencies within the section. |
SHT_SUNW_versym |
The section header index of the associated symbol table. |
0 |
Some sections occur in interrelated groups. For example, an out-of-line definition of an inline function might require, in addition to the section containing its executable instructions, a read-only data section containing literals referenced, one or more debugging information sections and other informational sections. Furthermore, there may be internal references among these sections that would not make sense if one of the sections were removed or replaced by a duplicate from another object. Therefore, such groups must be included or omitted from the linked object as a unit.
A section of type SHT_GROUP defines such a grouping of sections. The name of a symbol from one of the containing object's symbol tables provides a signature for the section group. The section header of the SHT_GROUP section specifies the identifying symbol entry. The sh_link member contains the section header index of the symbol table section that contains the entry. The sh_info member contains the symbol table index of the identifying entry. The sh_flags member of the section header contains 0. The name of the section (sh_name) is not specified.
The section data of a SHT_GROUP section is an array of Elf32_Word entries. The first entry is a flag word. The remaining entries are a sequence of section header indices.
The following flag is currently defined:
Table 7–16 ELF Section Group Flag
Name |
Value |
---|---|
GRP_COMDAT |
0x1 |
GRP_COMDAT is a COMDAT group. It may duplicate another COMDAT group in another object file, where duplication is defined as having the same group signature. In such cases, only one of the duplicate groups is retained by the link-editor. The members of the remaining groups are discarded.
The section header indices in the SHT_GROUP section identify the sections that make up the group. Each such section must have the SHF_GROUP flag set in its sh_flags section header member. If the link-editor decides to remove the section group, the link-editor removes all members of the group.
To facilitate removing a group without leaving dangling references and with only minimal processing of the symbol table, the following rules are followed:
References to the sections comprising a group from sections outside of the group must be made through symbol table entries with STB_GLOBAL or STB_WEAK binding and section index SHN_UNDEF. If there is a definition of the same symbol in the object containing the references, it must have a separate symbol table entry from the references. Sections outside of the group may not reference symbols with STB_LOCAL binding for addresses contained in the group's sections, including symbols with type STT_SECTION.
There may not be non-symbol references to the sections comprising a group from outside the group. For example, you cannot use a group member's section header index in an sh_link or sh_info member.
A symbol table entry that is defined relative to one of the group's sections and that is contained in a symbol table section that is not part of the group, will be removed if the group members are discarded.
Various sections hold program and control information. Sections in the following table are used by the system and have the indicated types and attributes.
Table 7–17 ELF Special Sections
Name |
Type |
Attribute |
---|---|---|
.bss |
SHT_NOBITS |
SHF_ALLOC + SHF_WRITE |
.comment |
SHT_PROGBITS |
None |
.data |
SHT_PROGBITS |
SHF_ALLOC + SHF_WRITE |
.data1 |
SHT_PROGBITS |
SHF_ALLOC + SHF_WRITE |
.dynamic |
SHT_DYNAMIC |
SHF_ALLOC + SHF_WRITE |
.dynstr |
SHT_STRTAB |
SHF_ALLOC |
.dynsym |
SHT_DYNSYM |
SHF_ALLOC |
.fini |
SHT_PROGBITS |
SHF_ALLOC + SHF_EXECINSTR |
.fini_array |
SHT_FINI_ARRAY |
SHF_ALLOC + SHF_WRITE |
.got |
SHT_PROGBITS | |
.hash |
SHT_HASH |
SHF_ALLOC |
.init |
SHT_PROGBITS |
SHF_ALLOC + SHF_EXECINSTR |
.init_array |
SHT_INIT_ARRAY |
SHF_ALLOC + SHF_WRITE |
.interp |
SHT_PROGBITS | |
.note |
SHT_NOTE |
None |
.plt |
SHT_PROGBITS | |
.preinit_array |
SHT_PREINIT_ARRAY |
SHF_ALLOC + SHF_WRITE |
.rela |
SHT_RELA |
None |
.relname |
SHT_REL |
See Relocation |
.relaname |
SHT_RELA |
See Relocation |
.rodata |
SHT_PROGBITS |
SHF_ALLOC |
.rodata1 |
SHT_PROGBITS |
SHF_ALLOC |
.shstrtab |
SHT_STRTAB |
None |
.strtab |
SHT_STRTAB |
See description below |
.symtab |
SHT_SYMTAB |
See Symbol Table |
.symtab_shndx |
SHT_SYMTAB_SHNDX |
See Symbol Table |
.tbss |
SHT_NOBITS |
SHF_ALLOC + SHF_WRITE + SHF_TLS |
.tdata |
SHT_PROGBITS |
SHF_ALLOC + SHF_WRITE + SHF_TLS |
.tdata1 |
SHT_PROGBITS |
SHF_ALLOC + SHF_WRITE + SHF_TLS |
.text |
SHT_PROGBITS |
SHF_ALLOC + SHF_EXECINSTR |
.SUNW_bss |
SHT_NOBITS |
SHF_ALLOC + SHF_WRITE |
.SUNW_heap |
SHT_PROGBITS |
SHF_ALLOC + SHF_WRITE |
.SUNW_move |
SHT_SUNW_move |
SHF_ALLOC |
.SUNW_reloc |
SHT_REL SHT_RELA |
SHF_ALLOC |
.SUNW_syminfo |
SHT_SUNW_syminfo |
SHF_ALLOC |
.SUNW_version |
SHT_SUNW_verdef SHT_SUNW_verneed SHT_SUNW_versym |
SHF_ALLOC |
Uninitialized data that contribute to the program's memory image. By definition, the system initializes the data with zeros when the program begins to run. The section occupies no file space, as indicated by the section type SHT_NOBITS.
Comment information, typically contributed by the components of the compilation system. This section can be manipulated by mcs(1).
Initialized data that contribute to the program's memory image.
Dynamic linking information. See Dynamic Section for details.
Strings needed for dynamic linking, most commonly the strings that represent the names associated with symbol table entries.
Dynamic linking symbol table. See Symbol Table for details.
Executable instructions that contribute to a single termination function for the executable or shared object containing the section. See Initialization and Termination Routines for details.
An array of function pointers that contribute to a single termination array for the executable or shared object containing the section. See Initialization and Termination Routines for details.
The global offset table. See Global Offset Table (Processor-Specific).
Symbol hash table. See Hash Table.
Executable instructions that contribute to a single initialization function for the executable or shared object containing the section. See Initialization and Termination Routines for details.
An array of function pointers that contributes to a single initialization array for the executable or shared object containing the section. See Initialization and Termination Routines for details.
The path name of a program interpreter. See Program Interpreter.
Information in the format described in Note Section.
The procedure linkage table. See Procedure Linkage Table (Processor-Specific).
An array of function pointers that contribute to a single pre-initialization array for the executable or shared object containing the section. See Initialization and Termination Routines for details.
Relocations that do not apply to a particular section. One use of this section is for register relocations. See Register Symbols.
Relocation information, as Relocation describes. If the file has a loadable segment that includes relocation, the sections' attributes include the SHF_ALLOC bit. Otherwise, that bit is off. Conventionally, name is supplied by the section to which the relocations apply. Thus a relocation section for .text normally will have the name .rel.text or .rela.text.
Read-only data that typically contribute to a non-writable segment in the process image. See Program Header.
Section names.
Strings, most commonly the strings that represent the names associated with symbol table entries. If the file has a loadable segment that includes the symbol string table, the section's attributes include the SHF_ALLOC bit. Otherwise, that bit is turned off.
Symbol table, as Symbol Table describes. If the file has a loadable segment that includes the symbol table, the section's attributes include the SHF_ALLOC bit. Otherwise, that bit is turned off.
This section holds the special symbol table section index array, as described by .symtab. The section's attributes will include the SHF_ALLOC bit if the associated symbol table section does. Otherwise, that bit is turned off.
This section holds uninitialized thread-local data that contribute to the program's memory image. By definition, the system initializes the data with zeros when the data is instantiated for each new execution flow. The section occupies no file space, as indicated by the section type, SHT_NOBITS. See Thread-Local Storage for more information.
These sections hold initialized thread-local data that contribute to the program's memory image. A copy of its contents is instantiated by the system for each new execution flow. See Thread-Local Storage for more information.
The text or executable instructions of a program.
Partially initialized data for shared objects that contribute to the program's memory image. The data is initialized at runtime. The section occupies no file space, as indicated by the section type SHT_NOBITS.
The heap of a dynamic executable created from dldump(3DL).
Additional information for partially initialized data. See Move Section.
Relocation information, as Relocation describes. This section is a concatenation of relocation sections that provides better locality of reference of the individual relocation records. Only the offset of the relocation record itself is meaningful, thus the section sh_info value is zero.
Additional symbol table information. See Syminfo Table.
Versioning information. See Versioning Information.
Section names with a dot (.) prefix are reserved for the system, although applications can use these sections if their existing meanings are satisfactory. Applications can use names without the prefix to avoid conflicts with system sections. The object file format enables you to define sections not in the list above. An object file can have more than one section with the same name.
Section names reserved for a processor architecture are formed by placing an abbreviation of the architecture name ahead of the section name. The name should be taken from the architecture names used for e_machine. For example, .Foo.psect is the psect section defined by the FOO architecture.
Existing extensions use their historical names.
String table sections hold null-terminated character sequences, commonly called strings. The object file uses these strings to represent symbol and section names. You reference a string as an index into the string table section.
The first byte, which is index zero, holds a null character. Likewise, a string table's last byte holds a null character, ensuring null termination for all strings. A string whose index is zero specifies either no name or a null name, depending on the context.
An empty string table section is permitted. The section header's sh_size member contains zero. Nonzero indexes are invalid for an empty string table.
A section header's sh_name member holds an index into the section header string table section, as designated by the e_shstrndx member of the ELF header. The following figure shows a string table with 25 bytes and the strings associated with various indexes.
The table below shows the strings of the string table shown in the preceding figure.
Table 7–18 ELF String Table Indexes
Index |
String |
---|---|
0 |
none |
1 |
name |
7 |
Variable |
11 |
able |
16 |
able |
24 |
null string |
As the example shows, a string table index can refer to any byte in the section. A string can appear more than once. References to substrings can exist. A single string can be referenced multiple times. Unreferenced strings also are allowed.
An object file's symbol table holds information needed to locate and relocate a program's symbolic definitions and references. A symbol table index is a subscript into this array. Index 0 both designates the first entry in the table and serves as the undefined symbol index. See Table 7–22.
A symbol table entry has the following format, defined in sys/elf.h:
typedef struct { Elf32_Word st_name; Elf32_Addr st_value; Elf32_Word st_size; unsigned char st_info; unsigned char st_other; Elf32_Half st_shndx; } Elf32_Sym; typedef struct { Elf64_Word st_name; unsigned char st_info; unsigned char st_other; Elf64_Half st_shndx; Elf64_Addr st_value; Elf64_Xword st_size; } Elf64_Sym;
The elements of this structure are:
An index into the object file's symbol string table, which holds the character representations of the symbol names. If the value is nonzero, it represents a string table index that gives the symbol name. Otherwise, the symbol table entry has no name.
The value of the associated symbol. Depending on the context, this can be an absolute value, an address, and so forth. See Symbol Values.
Many symbols have associated sizes. For example, a data object's size is the number of bytes contained in the object. This member holds 0 if the symbol has no size or an unknown size.
The symbol's type and binding attributes. A list of the values and meanings appears in Table 7–19. The following code shows how to manipulate the values, defined in sys/elf.h:
#define ELF32_ST_BIND(info) ((info) >> 4) #define ELF32_ST_TYPE(info) ((info) & 0xf) #define ELF32_ST_INFO(bind, type) (((bind)<<4)+((type)&0xf)) #define ELF64_ST_BIND(info) ((info) >> 4) #define ELF64_ST_TYPE(info) ((info) & 0xf) #define ELF64_ST_INFO(bind, type) (((bind)<<4)+((type)&0xf))
A symbol's visibility. A list of the values and meanings appears in Table 7–21. The following code shows how to manipulate the values for both 32–bit and 64–bit objects. Other bits contain 0 and have no defined meaning.
#define ELF32_ST_VISIBILITY(o) ((o)&0x3) #define ELF64_ST_VISIBILITY(o) ((o)&0x3)
Every symbol table entry is defined in relation to some section. This member holds the relevant section header table index. Some section indexes indicate special meanings. See Table 7–11.
If this member contains SHN_XINDEX, then the actual section header index is too large to fit in this field. The actual value is contained in the associated section of type SHT_SYMTAB_SHNDX.
A symbol's binding, determined from its st_info field, determines the linkage visibility and behavior.
Table 7–19 ELF Symbol Binding, ELF32_ST_BIND and ELF64_ST_BIND
Name |
Value |
---|---|
STB_LOCAL |
0 |
STB_GLOBAL |
1 |
STB_WEAK |
2 |
STB_LOOS |
10 |
STB_HIOS |
12 |
STB_LOPROC |
13 |
STB_HIPROC |
15 |
Local symbol. These symbols are not visible outside the object file containing their definition. Local symbols of the same name can exist in multiple files without interfering with each other.
Global symbols. These symbols are visible to all object files being combined. One file's definition of a global symbol satisfies another file's undefined reference to the same global symbol.
Weak symbols. These symbols resemble global symbols, but their definitions have lower precedence.
Values in this inclusive range are reserved for operating system-specific semantics.
Values in this inclusive range are reserved for processor-specific semantics.
Global symbols and weak symbols differ in two major ways:
When the link-editor combines several relocatable object files, it does not allow multiple definitions of STB_GLOBAL symbols with the same name. On the other hand, if a defined global symbol exists, the appearance of a weak symbol with the same name does not cause an error. The link-editor honors the global definition and ignores the weak ones.
Similarly, if a common symbol exists, the appearance of a weak symbol with the same name does not cause an error. The link-editor uses the common definition and ignores the weak one. A common symbol has the st_shndx field holding SHN_COMMON. See Symbol Resolution.
When the link-editor searches archive libraries it extracts archive members that contain definitions of undefined or tentative global symbols. The member's definition can be either a global or a weak symbol.
The link-editor, by default, does not extract archive members to resolve undefined weak symbols. Unresolved weak symbols have a zero value. The use of -z weakextract overrides this default behavior. It enables weak references to cause the extraction of archive members.
Weak symbols are intended primarily for use in system software. Their use in application programs is discouraged.
In each symbol table, all symbols with STB_LOCAL binding precede the weak and global symbols. As Sections describes, a symbol table section's sh_info section header member holds the symbol table index for the first non-local symbol.
A symbol's type, determined from its st_info field, provides a general classification for the associated entity.
Table 7–20 ELF Symbol Types, ELF32_ST_TYPE and ELF64_ST_TYPE
Name |
Value |
---|---|
STT_NOTYPE |
0 |
STT_OBJECT |
1 |
STT_FUNC |
2 |
STT_SECTION |
3 |
STT_FILE |
4 |
STT_COMMON |
5 |
STT_TLS |
6 |
STT_LOOS |
10 |
STT_HIOS |
12 |
STT_LOPROC |
13 |
STT_SPARC_REGISTER |
13 |
STT_HIPROC |
15 |
The symbol type is not specified.
This symbol is associated with a data object, such as a variable, an array, and so forth.
This symbol is associated with a function or other executable code.
This symbol is associated with a section. Symbol table entries of this type exist primarily for relocation and normally have STB_LOCAL binding.
Conventionally, the symbol's name gives the name of the source file associated with the object file. A file symbol has STB_LOCAL binding and its section index is SHN_ABS. This symbol, if present, precedes the other STB_LOCAL symbols for the file. Symbol index 1 of the SHT_SYMTAB is an STT_FILE symbol representing the file itself. Conventionally, this symbols is followed by the files STT_SECTION symbols, and any global symbols that have been reduced to locals.
This symbol labels an uninitialized common block. It is treated exactly the same as STT_OBJECT.
The symbol specifies a thread-local storage entity. When defined, it gives the assigned offset for the symbol, not the actual address. Symbols of type STT_TLS can be referenced by only special thread-local storage relocations and thread-local storage relocations can only reference symbols with type STT_TLS. See Thread-Local Storage for more information.
Values in this inclusive range are reserved for operating system-specific semantics.
Values in this inclusive range are reserved for processor-specific semantics.
A symbol's visibility, determined from its st_other field, may be specified in a relocatable object. This visibility defines how that symbol may be accessed once the symbol has become part of an executable or shared object.
Table 7–21 ELF Symbol Visibility
Name |
Value |
---|---|
STV_DEFAULT |
0 |
STV_INTERNAL |
1 |
STV_HIDDEN |
2 |
STV_PROTECTED |
3 |
The visibility of symbols with the STV_DEFAULT attribute is as specified by the symbol's binding type. That is, global and weak symbols are visible outside of their defining component, the executable file or shared object. Local symbols are hidden. Global and weak symbols can also be preempted, that is, they may by interposed by definitions of the same name in another component.
A symbol defined in the current component is protected if it is visible in other components but cannot be preempted. Any reference to such a symbol from within the defining component must be resolved to the definition in that component, even if there is a definition in another component that would interpose by the default rules. A symbol with STB_LOCAL binding will not have STV_PROTECTED visibility.
A symbol defined in the current component is hidden if its name is not visible to other components. Such a symbol is necessarily protected. This attribute is used to control the external interface of a component. An object named by such a symbol may still be referenced from another component if its address is passed outside.
A hidden symbol contained in a relocatable object is either removed or converted to STB_LOCAL binding by the link-editor when the relocatable object is included in an executable file or shared object.
This visibility attribute is currently reserved.
None of the visibility attributes affects the resolution of symbols within an executable or shared object during link-editing. Such resolution is controlled by the binding type. Once the link-editor has chosen its resolution, these attributes impose two requirements. Both requirements are based on the fact that references in the code being linked may have been optimized to take advantage of the attributes.
First, all of the non-default visibility attributes, when applied to a symbol reference, imply that a definition to satisfy that reference must be provided within the current executable or shared object. If this type of symbol reference has no definition within the component being linked, then the reference must have STB_WEAK binding and is resolved to zero.
Second, if any reference to or definition of a name is a symbol with a non-default visibility attribute, the visibility attribute must be propagated to the resolving symbol in the linked object. If different visibility attributes are specified for distinct references to or definitions of a symbol, the most constraining visibility attribute must be propagated to the resolving symbol in the linked object. The attributes, ordered from least to most constraining, are STV_PROTECTED, STV_HIDDEN and STV_INTERNAL.
If a symbol's value refers to a specific location within a section, its section index member, st_shndx, holds an index into the section header table. As the section moves during relocation, the symbol's value changes as well. References to the symbol continue to point to the same location in the program. Some special section index values give other semantics:
This symbol has an absolute value that does not change because of relocation.
This symbol labels a common block that has not yet been allocated. The symbol's value gives alignment constraints, similar to a section's sh_addralign member. The link-editor allocates the storage for the symbol at an address that is a multiple of st_value. The symbol's size tells how many bytes are required.
This section table index means the symbol is undefined. When the link-editor combines this object file with another that defines the indicated symbol, this file's references to the symbol will be bound to the actual definition.
As mentioned above, the symbol table entry for index 0 (STN_UNDEF) is reserved. This entry holds the values listed in the following table.
Table 7–22 ELF Symbol Table Entry: Index 0
Name |
Value |
Note |
---|---|---|
st_name |
0 |
No name |
st_value |
0 |
Zero value |
st_size |
0 |
No size |
st_info |
0 |
No type, local binding |
st_other |
0 |
|
st_shndx |
SHN_UNDEF |
No section |
Symbol table entries for different object file types have slightly different interpretations for the st_value member.
In relocatable files, st_value holds alignment constraints for a symbol whose section index is SHN_COMMON.
In relocatable files, st_value holds a section offset for a defined symbol. st_value is an offset from the beginning of the section that st_shndx identifies.
In executable and shared object files, st_value holds a virtual address. To make these files' symbols more useful for the runtime linker, the section offset (file interpretation) gives way to a virtual address (memory interpretation) for which the section number is irrelevant.
Although the symbol table values have similar meanings for different object files, the data allow efficient access by the appropriate programs.
The SPARC architecture supports register symbols, which are symbols that initialize a global register. A symbol table entry for a register symbol contains the entries listed in the following table.
Table 7–23 SPARC: ELF Symbol Table Entry: Register Symbol
Field |
Meaning |
---|---|
st_name |
Index into string table of the name of the symbol, or 0 for a scratch register. |
st_value | Register number. See the ABI manual for integer register assignments. |
st_size |
Unused (0). |
st_info | Bind is typically STB_GLOBAL, type must be STT_SPARC_REGISTER. |
st_other |
Unused (0). |
st_shndx |
SHN_ABS if this object initializes this register symbol; SHN_UNDEF otherwise. |
The register values defined for SPARC are listed in the following table.
Table 7–24 SPARC: ELF Register Numbers
Name |
Value |
Meaning |
---|---|---|
STO_SPARC_REGISTER_G2 |
0x2 |
%g2 |
STO_SPARC_REGISTER_G3 |
0x3 |
%g3 |
Absence of an entry for a particular global register means that the particular global register is not used at all by the object.
The syminfo section contains multiple entries of the type Elf32_Syminfo or Elf64_Syminfo. There is one entry in the .SUNW_syminfo section for every entry in the associated symbol table (sh_link).
If this section is present in an object, additional symbol information is to be found by taking the symbol index from the associated symbol table and using that to find the corresponding Elf32_Syminfo or Elf64_Syminfo entry in this section. The associated symbol table and the Syminfo table will always have the same number of entries.
Index 0 is used to store the current version of the Syminfo table, which is SYMINFO_CURRENT. Since symbol table entry 0 is always reserved for the UNDEF symbol table entry, this does not pose any conflicts.
An Symfino entry has the following format, defined in sys/link.h:
typedef struct { Elf32_Half si_boundto; Elf32_Half si_flags; } Elf32_Syminfo; typedef struct { Elf64_Half si_boundto; Elf64_Half si_flags; } Elf64_Syminfo;
The elements of this structure are:
This index is to an entry in the .dynamic section, identified by the sh_info field, that augments the Syminfo flags. For example, a DT_NEEDED entry identifies a dynamic object associated with the Syminfo entry. The entries that follow are reserved values for si_boundto.
Table 7–25 ELF si_boundto Reserved Values
Name |
Value |
Meaning |
---|---|---|
SYMINFO_BT_SELF |
0xffff |
Symbol bound to self. |
SYMINFO_BT_PARENT |
0xfffe |
Symbol bound to parent. The parent is the first object to cause this dynamic object to be loaded. |
This bit-field can have flags set, as shown in the following table.
Table 7–26 ELF Syminfo Flags
Name |
Value |
Meaning |
---|---|---|
SYMINFO_FLG_DIRECT |
0x01 |
Has a direct reference to an external object. |
SYMINFO_FLG_COPY |
0x04 |
Is the result of a copy-relocation. |
SYMINFO_FLG_LAZYLOAD |
0x08 |
Has a reference to an external, lazy loadable object. |
Relocation is the process of connecting symbolic references with symbolic definitions. For example, when a program calls a function, the associated call instruction must transfer control to the proper destination address at execution. Relocatable files must have information that describes how to modify their section contents, thus allowing executable and shared object files to hold the right information for a process's program image. Relocation entries are these data.
Relocation entries can have the following structure, defined in sys/elf.h:
typedef struct { Elf32_Addr r_offset; Elf32_Word r_info; } Elf32_Rel; typedef struct { Elf32_Addr r_offset; Elf32_Word r_info; Elf32_Sword r_addend; } Elf32_Rela; typedef struct { Elf64_Addr r_offset; Elf64_Xword r_info; } Elf64_Rel; typedef struct { Elf64_Addr r_offset; Elf64_Xword r_info; Elf64_Sxword r_addend; } Elf64_Rela;
The elements of this structure are:
This member gives the location at which to apply the relocation action. Different object files have slightly different interpretations for this member.
For a relocatable file, the value indicates a section offset. The relocation section itself describes how to modify another section in the file. Relocation offsets designate a storage unit within the second section.
For an executable or shared object, the value indicates the virtual address of the storage unit affected by the relocation. This information makes the relocation entries more useful for the runtime linker.
Although the interpretation of the member changes for different object files to allow efficient access by the relevant programs, the meanings of the relocation types stay the same.
This member gives both the symbol table index, with respect to which the relocation must be made, and the type of relocation to apply. For example, a call instruction's relocation entry holds the symbol table index of the function being called. If the index is STN_UNDEF, the undefined symbol index, the relocation uses 0 as the symbol value.
Relocation types are processor-specific. A relocation entry's relocation type or symbol table index is the result of applying ELF32_R_TYPE or ELF32_R_SYM, respectively, to the entry's r_info member:
#define ELF32_R_SYM(info) ((info)>>8) #define ELF32_R_TYPE(info) ((unsigned char)(info)) #define ELF32_R_INFO(sym, type) (((sym)<<8)+(unsigned char)(type)) #define ELF64_R_SYM(info) ((info)>>32) #define ELF64_R_TYPE(info) ((Elf64_Word)(info)) #define ELF64_R_INFO(sym, type) (((Elf64_Xword)(sym)<<32)+ \ (Elf64_Xword)(type))
For Elf64_Rel and Elf64_Rela structures, the r_info field is further broken down into an 8–bit type identifier and a 24–bit type dependent data field:
#define ELF64_R_TYPE_DATA(info) (((Elf64_Xword)(info)<<32)>>40) #define ELF64_R_TYPE_ID(info) (((Elf64_Xword)(info)<<56)>>56) #define ELF64_R_TYPE_INFO(data, type) (((Elf64_Xword)(data)<<8)+ \ (Elf64_Xword)(type))
This member specifies a constant addend used to compute the value to be stored into the relocatable field.
Rela entries contain an explicit addend. Entries of type Rel store an implicit addend in the location to be modified. 32–bit and 64–bit SPARC use only Elf32_Rela and Elf64_Rela relocation entries respectively. Thus, the r_addend member serves as the relocation addend. x86 uses only Elf32_Rel relocation entries. The field to be relocated holds the addend. In all cases, the addend and the computed result use the same byte order.
A relocation section can reference two other sections: a symbol table, identified by the sh_info section header entry, and a section to modify, identified by the sh_link section header entry. Sections specifies these relationships. An sh_link entry is required when a relocation section exists in a relocatable object, but is optional for executables and shared objects. The relocation offset is sufficient to perform the relocation.
Relocation entries describe how to alter instruction and data fields in the following figures. Bit numbers appear in the lower box corners.
On the SPARC platform, relocation entries apply to bytes (byte8), half-words (half16), or words (the others).
On 64–bit SPARC, relocations also apply to extended-words (xword64):
On x86, relocation entries apply to words (word32):
word32 specifies a 32–bit field occupying 4 bytes with an arbitrary byte alignment. These values use the same byte order as other word values in the x86 architecture:
In all cases, the r_offset value designates the offset or virtual address of the first byte of the affected storage unit. The relocation type specifies which bits to change and how to calculate their values.
Calculations for the following relocation types assume the actions are transforming a relocatable file into either an executable or a shared object file. Conceptually, the link-editor merges one or more relocatable files to form the output. The link-editor first decides how to combine and locate the input files. Then it updates the symbol values. Finally the link-editor performs the relocation. Relocations applied to executable or shared object files are similar and accomplish the same result. Descriptions in the tables in this section use the following notation:
The addend used to compute the value of the relocatable field.
The base address at which a shared object is loaded into memory during execution. Generally, a shared object file is built with a 0 base virtual address, but the execution address is different. See Program Header.
The offset into the global offset table at which the address of the relocation entry's symbol resides during execution. See Global Offset Table (Processor-Specific).
The address of the global offset table. See Global Offset Table (Processor-Specific).
The section offset or address of the procedure linkage table entry for a symbol. See Procedure Linkage Table (Processor-Specific).
The section offset or address of the storage unit being relocated, computed using r_offset.
The value of the symbol whose index resides in the relocation entry.
Field names in the following table tell whether the relocation type checks for overflow. A calculated relocation value can be larger than the intended field, and a relocation type can verify (V) the value fits or truncate (T) the result. As an example, V-simm13 means that the computed value can not have significant, nonzero bits outside the simm13 field.
Table 7–27 SPARC: ELF Relocation Types
Name |
Value |
Field |
Calculation |
---|---|---|---|
R_SPARC_NONE |
0 |
None |
None |
R_SPARC_8 |
1 |
V-byte8 |
S + A |
R_SPARC_16 |
2 |
V-half16 |
S + A |
R_SPARC_32 |
3 |
V-word32 |
S + A |
R_SPARC_DISP8 |
4 |
V-byte8 |
S + A - P |
R_SPARC_DISP16 |
5 |
V-half16 |
S + A - P |
R_SPARC_DISP32 |
6 |
V-disp32 |
S + A - P |
R_SPARC_WDISP30 |
7 |
V-disp30 |
(S + A - P) >> 2 |
R_SPARC_WDISP22 |
8 |
V-disp22 |
(S + A - P) >> 2 |
R_SPARC_HI22 |
9 |
T-imm22 |
(S + A) >> 10 |
R_SPARC_22 |
10 |
V-imm22 |
S + A |
R_SPARC_13 |
11 |
V-simm13 |
S + A |
R_SPARC_LO10 |
12 |
T-simm13 |
(S + A) & 0x3ff |
R_SPARC_GOT10 |
13 |
T-simm13 |
G & 0x3ff |
R_SPARC_GOT13 |
14 |
V-simm13 |
G |
R_SPARC_GOT22 |
15 |
T-simm22 |
G >> 10 |
R_SPARC_PC10 |
16 |
T-simm13 |
(S + A - P) & 0x3ff |
R_SPARC_PC22 |
17 |
V-disp22 |
(S + A - P) >> 10 |
R_SPARC_WPLT30 |
18 |
V-disp30 |
(L + A - P) >> 2 |
R_SPARC_COPY |
19 |
None |
None |
R_SPARC_GLOB_DAT |
20 |
V-word32 |
S + A |
R_SPARC_JMP_SLOT |
21 |
None |
See R_SPARC_JMP_SLOT, |
R_SPARC_RELATIVE |
22 |
V-word32 |
B + A |
R_SPARC_UA32 |
23 |
V-word32 |
S + A |
R_SPARC_PLT32 |
24 |
V-word32 |
L + A |
R_SPARC_HIPLT22 |
25 |
T-imm22 |
(L + A) >> 10 |
R_SPARC_LOPLT10 |
26 |
T-simm13 |
(L + A) & 0x3ff |
R_SPARC_PCPLT32 |
27 |
V-word32 |
L + A - P |
R_SPARC_PCPLT22 |
28 |
V-disp22 |
(L + A - P) >> 10 |
R_SPARC_PCPLT10 |
29 |
V-simm13 |
(L + A - P) & 0x3ff |
R_SPARC_10 |
30 |
V-simm10 |
S + A |
R_SPARC_11 |
31 |
V-simm11 |
S + A |
R_SPARC_OLO10 |
33 |
V-simm13 |
((S + A) & 0x3ff) + O |
R_SPARC_HH22 |
34 |
V-imm22 |
(S + A) >> 42 |
R_SPARC_HM10 |
35 |
T-simm13 |
((S + A) >> 32) & 0x3ff |
R_SPARC_LM22 |
36 |
T-imm22 |
(S + A) >> 10 |
R_SPARC_PC_HH22 |
37 |
V-imm22 |
(S + A - P) >> 42 |
R_SPARC_PC_HM10 |
38 |
T-simm13 |
((S + A - P) >> 32) & 0x3ff |
R_SPARC_PC_LM22 |
39 |
T-imm22 |
(S + A - P) >> 10 |
R_SPARC_WDISP16 |
40 |
V-d2/disp14 |
(S + A - P) >> 2 |
R_SPARC_WDISP19 |
41 |
V-disp19 |
(S + A - P) >> 2 |
R_SPARC_7 |
43 |
V-imm7 |
S + A |
R_SPARC_5 |
44 |
V-imm5 |
S + A |
R_SPARC_6 |
45 |
V-imm6 |
S + A |
R_SPARC_HIX22 |
48 |
V-imm22 |
((S + A) ^ 0xffffffffffffffff) >> 10 |
R_SPARC_LOX10 |
49 |
T-simm13 |
((S + A) & 0x3ff) | 0x1c00 |
R_SPARC_H44 |
50 |
V-imm22 |
(S + A) >> 22 |
R_SPARC_M44 |
51 |
T-imm10 |
((S + A) >> 12) & 0x3ff |
R_SPARC_L44 |
52 |
T-imm13 |
(S + A) & 0xfff |
R_SPARC_REGISTER |
53 |
V-word32 |
S + A |
R_SPARC_UA16 |
55 |
V-half16 |
S + A |
Some relocation types have semantics beyond simple calculation:
Resembles R_SPARC_LO10, except that it refers to the address of the symbol's global offset table entry. Additionally, R_SPARC_GOT10 instructs the link-editor to create a global offset table.
Resembles R_SPARC_13, except that it refers to the address of the symbol's global offset table entry. Additionally, R_SPARC_GOT13 instructs the link-editor to create a global offset table.
Resembles R_SPARC_22, except that it refers to the address of the symbol's global offset table entry. Additionally, R_SPARC_GOT22 instructs the link-editor to create a global offset table.
Resembles R_SPARC_WDISP30, except that it refers to the address of the symbol's procedure linkage table entry. Additionally, R_SPARC_WPLT30 instructs the link-editor to create a procedure linkage table.
Created by the link-editor for dynamic executables to preserve a read-only text segment. Its offset member refers to a location in a writable segment. The symbol table index specifies a symbol that should exist both in the current object file and in a shared object. During execution, the runtime linker copies data associated with the shared object's symbol to the location specified by the offset. See Copy Relocations.
Resembles R_SPARC_32, except that it sets a global offset table entry to the address of the specified symbol. The special relocation type enables you to determine the correspondence between symbols and global offset table entries.
Created by the link-editor for dynamic objects to provide lazy binding. Its offset member gives the location of a procedure linkage table entry. The runtime linker modifies the procedure linkage table entry to transfer control to the designated symbol address.
Created by the link-editor for dynamic objects. Its offset member gives the location within a shared object that contains a value representing a relative address. The runtime linker computes the corresponding virtual address by adding the virtual address at which the shared object is loaded to the relative address. Relocation entries for this type must specify 0 for the symbol table index.
Resembles R_SPARC_32, except that it refers to an unaligned word. The word to be relocated must be treated as four separate bytes with arbitrary alignment, not as a word aligned according to the architecture requirements.
Resembles R_SPARC_LO10, except that an extra offset is added to make full use of the 13-bit signed immediate field.
Resembles R_SPARC_HI22, except that it truncates rather than validates.
Resembles R_SPARC_PC22, except that it truncates rather than validates.
Used with R_SPARC_LOX10 for executables that are confined to the uppermost 4 gigabytes of the 64–bit address space. Similar to R_SPARC_HI22, but supplies ones complement of linked value.
Used with R_SPARC_HIX22. Similar to R_SPARC_LO10, but always sets bits 10 through 12 of the linked value.
Used with the R_SPARC_H44 and R_SPARC_M44 relocation types to generate a 44-bit absolute addressing model.
Used to initialize a register symbol. Its offset member contains the register number to be initialized. There must be a corresponding register symbol for this register of type SHN_ABS.
The relocations listed in the following table extend, or alter, those define for 32–bit SPARC. See SPARC: Relocation Types.
Table 7–28 64-bit SPARC: ELF Relocation Types
Name |
Value |
Field |
Calculation |
---|---|---|---|
R_SPARC_HI22 |
9 |
V-imm22 |
(S + A) >> 10 |
R_SPARC_GLOB_DAT |
20 |
V-xword64 |
S + A |
R_SPARC_RELATIVE |
22 |
V-xword64 |
B + A |
R_SPARC_64 |
32 |
V-xword64 |
S + A |
R_SPARC_DISP64 |
46 |
V-xword64 |
S + A - P |
R_SPARC_PLT64 |
47 |
V-xword64 |
L + A |
R_SPARC_REGISTER |
53 |
V-xword64 |
S + A |
R_SPARC_UA64 |
54 |
V-xword64 |
S + A |
The relocations listed in the following table are defined for 32–bit x86.
Table 7–29 x86: ELF Relocation Types
Name |
Value |
Field |
Calculation |
---|---|---|---|
R_386_NONE |
0 |
none |
none |
R_386_32 |
1 |
word32 |
S + A |
R_386_PC32 |
2 |
word32 |
S + A - P |
R_386_GOT32 |
3 |
word32 |
G + A |
R_386_PLT32 |
4 |
word32 |
L + A - P |
R_386_COPY |
5 |
none |
none |
R_386_GLOB_DAT |
6 |
word32 |
S |
R_386_JMP_SLOT |
7 |
word32 |
S |
R_386_RELATIVE |
8 |
word32 |
B + A |
R_386_GOTOFF |
9 |
word32 |
S + A - GOT |
R_386_GOTPC |
10 |
word32 |
GOT + A - P |
R_386_32PLT |
11 |
word32 |
L + A |
Some relocation types have semantics beyond simple calculation:
Computes the distance from the base of the global offset table to the symbol's global offset table entry. It also instructs the link-editor to create a global offset table.
Computes the address of the symbol's procedure linkage table entry and instructs the link-editor to create a procedure linkage table.
Created by the link-editor for dynamic executables to preserve a read-only text segment. Its offset member refers to a location in a writable segment. The symbol table index specifies a symbol that should exist both in the current object file and in a shared object. During execution, the runtime linker copies data associated with the shared object's symbol to the location specified by the offset. See Copy Relocations.
Used to set a global offset table entry to the address of the specified symbol. The special relocation type enable you to determine the correspondence between symbols and global offset table entries.
Created by the link-editor for dynamic objects to provide lazy binding. Its offset member gives the location of a procedure linkage table entry. The runtime linker modifies the procedure linkage table entry to transfer control to the designated symbol address.
Created by the link-editor for dynamic objects. Its offset member gives the location within a shared object that contains a value representing a relative address. The runtime linker computes the corresponding virtual address by adding the virtual address at which the shared object is loaded to the relative address. Relocation entries for this type must specify 0 for the symbol table index.
Computes the difference between a symbol's value and the address of the global offset table. It also instructs the link-editor to create the global offset table.
Resembles R_386_PC32, except that it uses the address of the global offset table in its calculation. The symbol referenced in this relocation normally is _GLOBAL_OFFSET_TABLE_, which also instructs the link-editor to create the global offset table.
Comdat sections uniquely identified by their section name (sh_name). If the link-editor encounters multiple sections of type SHT_SUNW_COMDAT with the same section name, the first one will be retained and all others will be discarded. Any relocations applied to a discarded SHT_SUNW_COMDAT section will be ignored and any symbols defined in a discarded section will not be kept.
Additionally the link-editor also supports the section naming convention used for section reordering when the compiler is invoked with the -xF option. If the sections are placed in a section of the name .funcname%sectname the final SHT_SUNW_COMDAT sections that have been retained are coalesced into a section identified by the .sectname. Using this method, the SHT_SUNW_COMDAT sections can be placed into the .text, .data, or any other section as their final destination.
Objects created by the link-editor can contain two types of versioning information:
Version definitions provide associations of global symbols and are implemented using sections of type SHT_SUNW_verdef and SHT_SUNW_versym.
Version dependencies indicate the version definition requirements from other object dependencies and are implemented using sections of type SHT_SUNW_verneed.
The structures that form these sections are defined in sys/link.h. Sections that contain versioning information are named .SUNW_version.
This section is defined by the type SHT_SUNW_verdef. If this section exists, a SHT_SUNW_versym section must also exist. Using these two structures, an association of symbols-to-version definitions is maintained within the file. See Creating a Version Definition. Elements of this section have the following structure:
typedef struct { Elf32_Half vd_version; Elf32_Half vd_flags; Elf32_Half vd_ndx; Elf32_Half vd_cnt; Elf32_Word vd_hash; Elf32_Word vd_aux; Elf32_Word vd_next; } Elf32_Verdef; typedef struct { Elf32_Word vda_name; Elf32_Word vda_next; } Elf32_Verdaux; typedef struct { Elf64_Half vd_version; Elf64_Half vd_flags; Elf64_Half vd_ndx; Elf64_Half vd_cnt; Elf64_Word vd_hash; Elf64_Word vd_aux; Elf64_Word vd_next; } Elf64_Verdef; typedef struct { Elf64_Word vda_name; Elf64_Word vda_next; } Elf64_Verdaux;
The elements of this structure are:
This member identifies the version of the structure itself, as listed in the following table.
Table 7–30 ELF Version Definition Structure Versions
Name |
Value |
Meaning |
---|---|---|
VER_DEF_NONE |
0 |
Invalid version. |
VER_DEF_CURRENT |
>=1 |
Current version. |
The value 1 signifies the original section format. Extensions will create new versions with higher numbers. The value of VER_DEF_CURRENT changes as necessary to reflect the current version number.
This member holds version definition-specific information, as listed in the following table.
Table 7–31 ELF Version Definition Section Flags
Name |
Value |
Meaning |
---|---|---|
VER_FLG_BASE |
0x1 |
Version definition of the file itself. |
VER_FLG_WEAK |
0x2 |
Weak version identifier. |
The base version definition is always present when version definitions, or symbol auto-reduction, have been applied to the file. The base version provides a default version for the files reserved symbols. A weak version definition has no symbols associated with it. See Creating a Weak Version Definition.
The version index. Each version definition has a unique index that is used to associate SHT_SUNW_versym entries to the appropriate version definition.
The number of elements in the Elf32_Verdaux array.
The hash value of the version definition name. This value is generated using the same hashing function described in Hash Table.
The byte offset from the start of this Elf32_Verdef entry to the Elf32_Verdaux array of version definition names. The first element of the array must exist. It points to the version definition string this structure defines. Additional elements can be present. The number of elements is indicated by the vd_cnt value. These elements represent the dependencies of this version definition. Each of these dependencies will have its own version definition structure.
The byte offset from the start of this Elf32_Verdef structure to the next Elf32_Verdef entry.
The string table offset to a null-terminated string, giving the name of the version definition.
The byte offset from the start of this Elf32_Verdaux entry to the next Elf32_Verdaux entry.
The version symbol section is defined by the type SHT_SUNW_versym, and consists of an array of elements having the following structure:
typedef Elf32_Half Elf32_Versym; typedef Elf64_Half Elf64_Versym;
The number of elements of the array must equal the number of symbol table entries contained in the associated symbol table. This number is determined by the section's sh_link value. Each element of the array contains a single index that can have the values shown in the following table.
Table 7–32 ELF Version Dependency Indexes
Name |
Value |
Meaning |
---|---|---|
VER_NDX_LOCAL |
0 |
Symbol has local scope. |
VER_NDX_GLOBAL |
1 |
Symbol has global scope (assigned to base version definition). |
|
>1 |
Symbol has global scope (assigned to user-defined version definition). |
Any index values greater than VER_NDX_GLOBAL must correspond to the vd_ndx value of an entry in the SHT_SUNW_verdef section. If no index values greater than VER_NDX_GLOBAL exist, then no SHT_SUNW_verdef section need be present.
The version dependency section is defined by the type SHT_SUNW_verneed. This section complements the dynamic dependency requirements of the file by indicating the version definitions required from these dependencies.A recording is made in this section only if a dependency contains version definitions. Elements of this section have the following structure:
typedef struct { Elf32_Half vn_version; Elf32_Half vn_cnt; Elf32_Word vn_file; Elf32_Word vn_aux; Elf32_Word vn_next; } Elf32_Verneed; typedef struct { Elf32_Word vna_hash; Elf32_Half vna_flags; Elf32_Half vna_other; Elf32_Word vna_name; Elf32_Word vna_next; } Elf32_Vernaux; typedef struct { Elf64_Half vn_version; Elf64_Half vn_cnt; Elf64_Word vn_file; Elf64_Word vn_aux; Elf64_Word vn_next; } Elf64_Verneed; typedef struct { Elf64_Word vna_hash; Elf64_Half vna_flags; Elf64_Half vna_other; Elf64_Word vna_name; Elf64_Word vna_next; } Elf64_Vernaux;
The elements of this structure are:
This member identifies the version of the structure itself, as listed in the following table.
Table 7–33 ELF Version Dependency Structure Versions
Name |
Value |
Meaning |
---|---|---|
VER_NEED_NONE |
0 |
Invalid version. |
VER_NEED_CURRENT |
>=1 |
Current version. |
The value 1 signifies the original section format. Extensions will create new versions with higher numbers. The value of VER_NEED_CURRENT changes as necessary to reflect the current version number.
The number of elements in the Elf32_Vernaux array.
The string table offset to a null-terminated string, that provides the file name having a version dependency. This name matches one of the .dynamic dependencies found in the file. See Dynamic Section.
The byte offset, from the start of this Elf32_Verneed entry, to the Elf32_Vernaux array of version definitions required from the associated file dependency. There must exist at least one version dependency. Additional version dependencies can be present, the number being indicated by the vn_cnt value.
The byte offset, from the start of this Elf32_Verneed entry, to the next Elf32_Verneed entry.
The hash value of the version dependency name. This value is generated using the same hashing function described in Hash Table.
Version dependency specific information, as listed in the following table.
Table 7–34 ELF Version Dependency Structure Flags
Name |
Value |
Meaning |
---|---|---|
VER_FLG_WEAK |
0x2 |
Weak version identifier. |
A weak version dependency indicates an original binding to a weak version definition.
Presently unused.
The string table offset to a null-terminated string, giving the name of the version dependency.
The byte offset from the start of this Elf32_Vernaux entry to the next Elf32_Vernaux entry.
Sometimes a vendor or system engineer needs to mark an object file with special information that other programs will check for conformance, compatibility, and so forth. Sections of type SHT_NOTE and program header elements of type PT_NOTE can be used for this purpose.
The note information in sections and program header elements holds any number of entries, as shown in the following figure. For 64– and 32–bit objects, each entry is an array of 4-byte words in the format of the target processor. Labels are shown in Figure 7–6 to help explain note information organization, but they are not part of the specification.
The elements of the structure are:
The first namesz bytes in name contain a null-terminated character representation of the entry's owner or originator. There is no formal mechanism for avoiding name conflicts. By convention, vendors use their own name, such as “XYZ Computer Company,” as the identifier. If no name is present, namesz contains 0. Padding is present, if necessary, to ensure 4-byte alignment for the descriptor. Such padding is not included in namesz.
The first descsz bytes in desc hold the note descriptor. If no descriptor is present, descsz contains 0. Padding is present, if necessary, to ensure 4-byte alignment for the next note entry. Such padding is not included in descsz.
Provides the interpretation of the descriptor. Each originator controls its own types. Multiple interpretations of a single type value can exist. A program must recognize both the name and the type to understand a descriptor. Types currently must be nonnegative.
The note segment shown in the following figure holds two entries.
The system reserves note information with no name (namesz == 0) and with a zero-length name (name[0] == '\0') but currently defines no types. All other names must have at least one non-null character.
Typically, within ELF files, initialized data variables are maintained within the object file. If a data variable is very large and only contains a small number of initialized (nonzero) elements, the entire variable is still maintained in the object file.
Objects that contain large partially initialized data variables, such as FORTRAN
COMMON blocks, can result in a significant disk space
overhead. The SHT_SUNW_move section provides a mechanism of compressing these data variables. This compression reduces the disk size of the associated object.
The SHT_SUNW_move section contains multiple entries of the type ELF32_Move or Elf64_Move. These entries allow data variables to be defined as tentative items (.bss), thus occupying no space in the object file but contributing to the object's memory image at runtime. The move records establish how the memory image is initialized with data to construct the complete data variable.
ELF32_Move and Elf64_Move entries are defined as follows:
typedef struct { Elf32_Lword m_value; Elf32_Word m_info; Elf32_Word m_poffset; Elf32_Half m_repeat; Elf32_Half m_stride; } Elf32_Move; #define ELF32_M_SYM(info) ((info)>>8) #define ELF32_M_SIZE(info) ((unsigned char)(info)) #define ELF32_M_INFO(sym, size) (((sym)<<8)+(unsigned char)(size)) typedef struct { Elf64_Lword m_value; Elf64_Xword m_info; Elf64_Xword m_poffset; Elf64_Half m_repeat; Elf64_Half m_stride; } Elf64_Move; #define ELF64_M_SYM(info) ((info)>>8) #define ELF64_M_SIZE(info) ((unsigned char)(info)) #define ELF64_M_INFO(sym, size) (((sym)<<8)+(unsigned char)(size))
The elements of these structures are:
The initialization value, which is the value that is moved into the memory image.
The symbol table index, with respect to which the initialization is applied, together with the size, in bytes, of the offset being initialized. The lower 8 bits of the member define the size, which can be 1, 2, 4 or 8. The upper bytes define the symbol index.
The offset relative to the associated symbol to which the initialization is applied.
A repetition count.
The stride count. This value indicates the number of units that should be skipped when performing a repetitive initialization. A unit is the size of an initialization object as defined by m_info. An m_stride value of 0 indicates that the initialization be performed contiguously for m_repeat units.
The following data definition would traditionally consume 0x8000 bytes within an object file:
typedef struct { int one; char two; } Data Data move[0x1000] = { {0, 0}, {1, '1'}, {0, 0}, {0xf, 'F'}, {0xf, 'F'}, {0, 0}, {0xe, 'E'}, {0, 0}, {0xe, 'E'} };
Using an SHT_SUNW_move section the data item can be moved to the .bss section and initialized with the associated move entries:
$ elfdump -s data | fgrep move [17] 0x00020868 0x00008000 OBJT GLOB 0 .bss move $ elfdump -m data Move Section: .SUNW_move offset ndx size repeat stride value with respect to 0x8 0x17 4 1 0 0x1 move 0xc 0x17 1 1 0 0x31 move 0x18 0x17 4 2 2 0xf move 0x1c 0x17 1 2 8 0x46 move 0x28 0x17 4 2 4 0xe move 0x2c 0x17 1 2 16 0x45 move |
Move sections supplied from relocatable objects are concatenated and output in the object being created by the link-editor. However, the following conditions cause the link-editor to process the move entries and expand their contents into a traditional data item:
The output file is a static executable.
The size of the move entries is greater than the size of the symbol into which the move data would be expanded.
To permit association of separate copies of data allocated at compile-time with individual threads of execution, thread-local storage sections can be used to specify the size and initial contents of such data.
Sections of type SHF_TLS provide uninitialized and initialized thread-local storage. The uninitialized section, .tbss, is allocated immediately following any initialized sections, .tdata and .tdata1, subject to padding for proper alignment. The combined sections together form a TLS template that is used to allocate thread-local storage whenever a new thread is created.
The initialized portion of this template is called the TLS initialization image. All relocations generated as a result of initialized thread-local variables are applied to this template, so that the relocated values can be used when a new thread requires the initial values.
A PT_TLS program entry describes a TLS template, and has the following members:
Table 7–35 ELF PT_TLS program entry
Member |
Value |
---|---|
p_offset |
File offset of the TLS initialization image |
p_vaddr |
Virtual memory address of the TLS initialization image |
p_paddr |
Reserved |
p_filesz |
Size of the TLS initialization image |
p_memsz |
Total size of the TLS template |
p_flags |
PF_R |
p_align |
Alignment of the TLS template |
This section describes the object file information and system actions that create running programs. Most information here applies to all systems. Information specific to one processor resides in sections marked accordingly.
Executable and shared object files statically represent application programs. To execute such programs, the system uses the files to create dynamic program representations, or process images. A process image has segments that contain its text, data, stack, and so on. The major subsections of this section are:
Program Header describes object file structures that are directly involved in program execution. The primary data structure, a program header table, locates segment images in the file and contains other information needed to create the memory image of the program.
Program Loading (Processor-Specific) describes the information used to load a program into memory.
Runtime Linker describes the information used to specify and resolve symbolic references among the object files of the process image.
An executable or shared object file's program header table is an array of structures, each describing a segment or other information that the system needs to prepare the program for execution. An object file segment contains one or more sections, as described in Segment Contents.
Program headers are meaningful only for executable and shared object files. A file specifies its own program header size with the ELF header's e_phentsize and e_phnum members..
A program header has the following structure, defined in sys/elf.h:
typedef struct { Elf32_Word p_type; Elf32_Off p_offset; Elf32_Addr p_vaddr; Elf32_Addr p_paddr; Elf32_Word p_filesz; Elf32_Word p_memsz; Elf32_Word p_flags; Elf32_Word p_align; } Elf32_Phdr; typedef struct { Elf64_Word p_type; Elf64_Word p_flags; Elf64_Off p_offset; Elf64_Addr p_vaddr; Elf64_Addr p_paddr; Elf64_Xword p_filesz; Elf64_Xword p_memsz; Elf64_Xword p_align; } Elf64_Phdr;
The elements of this structure are:
The kind of segment this array element describes or how to interpret the array element's information. Type values and their meanings are specified in Table 7–36.
The offset from the beginning of the file at which the first byte of the segment resides.
The virtual address at which the first byte of the segment resides in memory.
The segment's physical address for systems in which physical addressing is relevant. Because the system ignores physical addressing for application programs, this member has unspecified contents for executable files and shared objects.
The number of bytes in the file image of the segment, which can be zero.
The number of bytes in the memory image of the segment, which can be zero.
Flags relevant to the segment. Type values and their meanings are specified in Table 7–37.
Loadable process segments must have congruent values for p_vaddr and p_offset, modulo the page size. This member gives the value to which the segments are aligned in memory and in the file. Values 0 and 1 mean no alignment is required. Otherwise, p_align should be a positive, integral power of 2, and p_vaddr should equal p_offset, modulo p_align. See Program Loading (Processor-Specific).
Some entries describe process segments. Other entries give supplementary information and do not contribute to the process image. Segment entries can appear in any order, except as explicitly noted. Defined type values are listed in the following table.
Table 7–36 ELF Segment Types
Name |
Value |
---|---|
PT_NULL |
0 |
PT_LOAD |
1 |
PT_DYNAMIC |
2 |
PT_INTERP |
3 |
PT_NOTE |
4 |
PT_SHLIB |
5 |
PT_PHDR |
6 |
PT_TLS |
7 |
PT_LOSUNW |
0x6ffffffa |
PT_SUNWBSS |
0x6ffffffb |
PT_SUNWSTACK |
0x6ffffffa |
PT_HISUNW |
0x6fffffff |
PT_LOPROC |
0x70000000 |
PT_HIPROC |
0x7fffffff |
Unused; other members' values are undefined. This type enables the program header table to contain ignored entries.
Specifies a loadable segment, described by p_filesz and p_memsz. The bytes from the file are mapped to the beginning of the memory segment. If the segment's memory size (p_memsz) is larger than the file size (p_filesz), the extra bytes are defined to hold the value 0 and to follow the segment's initialized area. The file size can not be larger than the memory size. Loadable segment entries in the program header table appear in ascending order, sorted on the p_vaddr member.
Specifies dynamic linking information. See Dynamic Section.
Specifies the location and size of a null-terminated path name to invoke as an interpreter. This segment type is mandatory for dynamic executable files and can occur in shared objects. It cannot occur more than once in a file. This type, if present, it must precede any loadable segment entry. See Program Interpreter for further information.
Specifies the location and size of auxiliary information. See Note Section for details.
Reserved but has unspecified semantics.
Specifies the location and size of the program header table itself, both in the file and in the memory image of the program. This segment type cannot occur more than once in a file. Moreover, it can occur only if the program header table is part of the memory image of the program. This type, if present, must precede any loadable segment entry. See Program Interpreter for further information.
Specifies a thread-local storage template. See Thread-Local Storage for more information.
Values in this inclusive range are reserved for Sun-specific semantics.
The same attributes as a PT_LOAD element and used to describe a .SUNW_bss section.
Describes a process stack. Presently only one such element may exist, and only access permissions, as defined in the p_flags field, are meaningful.
Values in this inclusive range are reserved for processor-specific semantics.
Unless specifically required elsewhere, all program header segment types are optional. A file's program header table can contain only those elements relevant to its contents.
Executable and shared object files have a base address, which is the lowest virtual address associated with the memory image of the program's object file. One use of the base address is to relocate the memory image of the program during dynamic linking.
An executable or shared object file's base address is calculated during execution from three values: the memory load address, the maximum page size, and the lowest virtual address of a program's loadable segment. The virtual addresses in the program headers might not represent the actual virtual addresses of the program's memory image. See Program Loading (Processor-Specific).
To compute the base address, you determine the memory address associated with the lowest p_vaddr value for a PT_LOAD segment. You then obtain the base address by truncating the memory address to the nearest multiple of the maximum page size. Depending on the kind of file being loaded into memory, the memory address might not match the p_vaddr values.
A program to be loaded by the system must have at least one loadable segment, although this is not required by the file format. When the system creates loadable segment memory images, it gives access permissions, as specified in the p_flags member. All bits included in the PF_MASKPROC mask are reserved for processor-specific semantics.
Table 7–37 ELF Segment Flags
Name |
Value |
Meaning |
---|---|---|
PF_X |
0x1 |
Execute |
PF_W |
0x2 |
Write |
PF_R |
0x4 |
Read |
PF_MASKPROC |
0xf0000000 |
Unspecified |
If a permission bit is 0, that bit's type of access is denied. Actual memory permissions depend on the memory management unit, which can vary from one system to another. Although all flag combinations are valid, the system can grant more access than requested. In no case, however, will a segment have write permission unless it is specified explicitly. The following table lists both the exact flag interpretation and the allowable flag interpretation.
Table 7–38 ELF Segment Permissions
Flags |
Value |
Exact |
Allowable |
---|---|---|---|
None |
0 |
All access denied |
All access denied |
PF_X |
1 |
Execute only |
Read, execute |
PF_W |
2 |
Write only |
Read, write, execute |
PF_W + PF_X |
3 |
Write, execute |
Read, write, execute |
PF_R |
4 |
Read only |
Read, execute |
PF_R + PF_X |
5 |
Read, execute |
Read, execute |
PF_R + PF_W |
6 |
Read, write |
Read, write, execute |
PF_R + PF_W + PF_X |
7 |
Read, write, execute |
Read, write, execute |
For example, typical text segments have read and execute, but not write permissions. Data segments normally have read, write, and execute permissions.
An object file segment consists of one or more sections, though this fact is transparent to the program header. Whether the file segment holds one or many sections also is immaterial to program loading. Nonetheless, various data must be present for program execution, dynamic linking, and so on. The diagrams below illustrate segment contents in general terms. The order and membership of sections within a segment can vary.
Text segments contain read-only instructions and data. Data segments contain writable data and instructions. See Table 7–17 for a list of all special sections.
A PT_DYNAMIC program header element points at the .dynamic section. The .got and .plt sections also hold information related to position-independent code and dynamic linking.
The .plt can reside in a text or a data segment, depending on the processor. See Global Offset Table (Processor-Specific) and Procedure Linkage Table (Processor-Specific) for details.
The .bss section has the type SHT_NOBITS. Although it occupies no space in the file, it contributes to the segment's memory image. Normally, these uninitialized data reside at the end of the segment, thereby making p_memsz larger than p_filesz in the associated program header element.
As the system creates or augments a process image, it logically copies a file's segment to a virtual memory segment. When, and if, the system physically reads the file depends on the program's execution behavior, system load, and so forth.
A process does not require a physical page unless it references the logical page during execution, and processes commonly leave many pages unreferenced. Therefore, delaying physical reads frequently obviates them, improving system performance. To obtain this efficiency in practice, executable and shared object files must have segment images whose file offsets and virtual addresses are congruent, modulo the page size.
Virtual addresses and file offsets for 32–bit segments are congruent modulo 64K (0x10000). Virtual addresses and file offsets for 64–bit segments are congruent modulo 1 megabyte (0x100000). By aligning segments to the maximum page size, the files are suitable for paging regardless of physical page size.
By default, 64–bit SPARC programs are linked with a starting address of 0x100000000. The whole program is above 4 gigabytes, including its text, data, heap, stack, and shared object dependencies. This helps ensure that 64–bit programs are correct because the program will fault in the least significant 4 gigabytes of its address space if it truncates any of its pointers. While 64–bit programs are linked above 4 gigabytes, you can still link them below 4 gigabytes by using a mapfile and the -M option to the compiler or link-editor. See /usr/lib/ld/sparcv9/map.below4G.
The following figure presents the SPARC version of the executable file.
The following table defines the loadable segment elements for the previous figure.
Table 7–39 SPARC: ELF Program Header Segments (64K alignment)
Member |
Text |
Data |
---|---|---|
p_type |
PT_LOAD |
PT_LOAD |
p_offset |
0x0 |
0x4000 |
p_vaddr |
0x10000 |
0x24000 |
p_paddr |
Unspecified |
Unspecified |
p_filesize |
0x3a82 |
0x4f5 |
p_memsz |
0x3a82 |
0x10a4 |
p_flags |
PF_R + PF_X |
PF_R + PF_W + PF_X |
p_align |
0x10000 |
0x10000 |
The following figure presents the x86 version of the executable file.
The following table defines the loadable segment elements for the previous figure.
Table 7–40 x86: ELF Program Header Segments (64K alignment)
Member |
Text |
Data |
---|---|---|
p_type |
PT_LOAD |
PT_LOAD |
p_offset |
0x0 |
0x4000 |
p_vaddr |
0x8050000 |
0x8064000 |
p_paddr |
Unspecified |
Unspecified |
p_filesize |
0x32fd |
0x3a0 |
p_memsz |
0x32fd |
0xdc4 |
p_flags |
PF_R + PF_X |
PF_R + PF_W + PF_X |
p_align |
0x10000 |
0x10000 |
The example's file offsets and virtual addresses are congruent modulo the maximum page size for both text and data. Up to four file pages hold impure text or data depending on page size and file system block size.
The first text page contains the ELF header, the program header table, and other information.
The last text page holds a copy of the beginning of data.
The first data page has a copy of the end of text.
The last data page can contain file information not relevant to the running process. Logically, the system enforces the memory permissions as if each segment were complete and separate The segments addresses are adjusted to ensure that each logical page in the address space has a single set of permissions. In the examples above, the region of the file holding the end of text and the beginning of data is mapped twice: at one virtual address for text and at a different virtual address for data.
The examples above reflect typical Solaris system binaries that have their text segments rounded.
The end of the data segment requires special handling for uninitialized data, which the system defines to begin with zero values. If a file's last data page includes information not in the logical memory page, the extraneous data must be set to zero, not the unknown contents of the executable file.
Impurities in the other three pages are not logically part of the process image. Whether the system expunges these impurities is unspecified. The memory image for this program is shown in the following figures, assuming 4 Kbyte (0x1000) pages. For simplicity, these figures illustrate only one page size.
One aspect of segment loading differs between executable files and shared objects. Executable file segments typically contain absolute code. For the process to execute correctly, the segments must reside at the virtual addresses used to create the executable file. The system uses the p_vaddr values unchanged as virtual addresses.
On the other hand, shared object segments typically contain position-independent code. This code enables a segment's virtual address change from one process to another, without invalidating execution behavior.
Though the system chooses virtual addresses for individual processes, it maintains the relative positions of the segments. Because position-independent code uses relative addressing between segments, the difference between virtual addresses in memory must match the difference between virtual addresses in the file.
The following tables show possible shared object virtual address assignments for several processes, illustrating constant relative positioning. The tables also include the base address computations.
Table 7–41 SPARC: ELF Example Shared Object Segment Addresses
Source |
Text |
Data |
Base Address |
---|---|---|---|
File |
0x0 |
0x4000 |
0x0 |
Process 1 |
0xc0000000 |
0xc0024000 |
0xc0000000 |
Process 2 |
0xc0010000 |
0xc0034000 |
0xc0010000 |
Process 3 |
0xd0020000 |
0xd0024000 |
0xd0020000 |
Process 4 |
0xd0030000 |
0xd0034000 |
0xd0030000 |
Table 7–42 x86: ELF Example Shared Object Segment Addresses
Source |
Text |
Data |
Base Address |
---|---|---|---|
File |
0x0 |
0x4000 |
0x0 |
Process 1 |
0x8000000 |
0x8004000 |
0x80000000 |
Process 2 |
0x80081000 |
0x80085000 |
0x80081000 |
Process 3 |
0x900c0000 |
0x900c4000 |
0x900c0000 |
Process 4 |
0x900c6000 |
0x900ca000 |
0x900c6000 |
A dynamic executable or shared object that initiates dynamic linking can have one PT_INTERP program header element. During exec(2), the system retrieves a path name from the PT_INTERP segment and creates the initial process image from the interpreter file's segments. The interpreter is responsible for receiving control from the system and providing an environment for the application program.
In the Solaris operating environment the interpreter is known as the runtime linker, ld.so.1(1).
When creating a dynamic object that initiates dynamic linking, the link-editor adds a program header element of type PT_INTERP to an executable file. This element instructing the system to invoke the runtime linker as the program interpreter. exec(2) and the runtime linker cooperate to create the process image for the program.
The link-editor constructs various data for executable and shared object files that assist the runtime linker. These data reside in loadable segments, making them available during execution. These segments include:
A .dynamic section with type SHT_DYNAMIC that holds various data. The structure residing at the beginning of the section holds the addresses of other dynamic linking information.
The .got and .plt sections with type SHT_PROGBITS that hold two separate tables: the global offset table and the procedure linkage table. Sections below explain how the runtime linker uses and changes the tables to create memory images for object files.
The .hash section with type SHT_HASH that holds a symbol hash table.
Shared objects can occupy virtual memory addresses that are different from the addresses recorded in the file's program header table. The runtime linker relocates the memory image, updating absolute addresses before the application gains control.
If an object file participates in dynamic linking, its program header table will have an element of type PT_DYNAMIC. This segment contains the .dynamic section. A special symbol, _DYNAMIC, labels the section, which contains an array of the following structures, defined in sys/link.h:
typedef struct { Elf32_Sword d_tag; union { Elf32_Word d_val; Elf32_Addr d_ptr; Elf32_Off d_off; } d_un; } Elf32_Dyn; typedef struct { Elf64_Xword d_tag; union { Elf64_Xword d_val; Elf64_Addr d_ptr; } d_un; } Elf64_Dyn;
For each object with this type, d_tag controls the interpretation of d_un.
These objects represent integer values with various interpretations.
These objects represent program virtual addresses. A file's virtual addresses might not match the memory virtual addresses during execution. When interpreting addresses contained in the dynamic structure, the runtime linker computes actual addresses, based on the original file value and the memory base address. For consistency, files do not contain relocation entries to correct addresses in the dynamic structure.
To make interpreting the contents of dynamic section entries simpler for tools, the value of each tag, except for those in two special compatibility ranges, will determine the interpretation of the d_un union. A tag whose value is an even number indicates a dynamic section entry that uses d_ptr. A tag whose value is an odd number indicates a dynamic section entry that uses d_val or that uses neither d_ptr nor d_val. Tags whose values are less than the special value DT_ENCODING and tags whose values fall between DT_HIOS and DT_LOPROC do not follow these rules.
The following table summarizes the tag requirements for executable and shared object files. If a tag is marked mandatory, then the dynamic linking array must have an entry of that type. Likewise, optional means an entry for the tag can appear but is not required.
Table 7–43 ELF Dynamic Array Tags
Name |
Value |
d_un |
Executable |
Shared Object |
---|---|---|---|---|
DT_NULL |
0 |
Ignored |
Mandatory |
Mandatory |
DT_NEEDED |
1 |
d_val |
Optional |
Optional |
DT_PLTRELSZ |
2 |
d_val |
Optional |
Optional |
DT_PLTGOT |
3 |
d_ptr |
Optional |
Optional |
DT_HASH |
4 |
d_ptr |
Mandatory |
Mandatory |
DT_STRTAB |
5 |
d_ptr |
Mandatory |
Mandatory |
DT_SYMTAB |
6 |
d_ptr |
Mandatory |
Mandatory |
DT_RELA |
7 |
d_ptr |
Mandatory |
Optional |
DT_RELASZ |
8 |
d_val |
Mandatory |
Optional |
DT_RELAENT |
9 |
d_val |
Mandatory |
Optional |
DT_STRSZ |
10 |
d_val |
Mandatory |
Mandatory |
DT_SYMENT |
11 |
d_val |
Mandatory |
Mandatory |
DT_INIT |
12 |
d_ptr |
Optional |
Optional |
DT_FINI |
13 |
d_ptr |
Optional |
Optional |
DT_SONAME |
14 |
d_val |
Ignored |
Optional |
DT_RPATH |
15 |
d_val |
Optional |
Optional |
DT_SYMBOLIC |
16 |
Ignored |
Ignored |
Optional |
DT_REL |
17 |
d_ptr |
Mandatory |
Optional |
DT_RELSZ |
18 |
d_val |
Mandatory |
Optional |
DT_RELENT |
19 |
d_val |
Mandatory |
Optional |
DT_PLTREL |
20 |
d_val |
Optional |
Optional |
DT_DEBUG |
21 |
d_ptr |
Optional |
Ignored |
DT_TEXTREL |
22 |
Ignored |
Optional |
Optional |
DT_JMPREL |
23 |
d_ptr |
Optional |
Optional |
DT_BIND_NOW |
24 |
Ignored |
Optional |
Optional |
DT_INIT_ARRAY |
25 |
d_ptr |
Optional |
Optional |
DT_FINI_ARRAY |
26 |
d_ptr |
Optional |
Optional |
DT_INIT_ARRAYSZ |
27 |
d_val |
Optional |
Optional |
DT_FINI_ARRAYSZ |
28 |
d_val |
Optional |
Optional |
DT_RUNPATH |
29 |
d_val |
Optional |
Optional |
DT_FLAGS |
30 |
d_val |
Optional |
Optional |
DT_ENCODING |
32 |
Unspecified |
Unspecified |
Unspecified |
DT_PREINIT_ARRAY |
32 |
d_ptr |
Optional |
Ignored |
DT_PREINIT_ARRAYSZ |
33 |
d_val |
Optional |
Ignored |
DT_LOOS |
0x6000000d |
Unspecified |
Unspecified |
Unspecified |
DT_SUNW_RTLDINF |
0x6000000e |
d_ptr |
Optional |
Optional |
DT_HIOS |
0x6ffff000 |
Unspecified |
Unspecified |
Unspecified |
DT_VALRNGLO |
0x6ffffd00 |
Unspecified |
Unspecified |
Unspecified |
DT_CHECKSUM |
0x6ffffdf8 |
d_val |
Optional |
Optional |
DT_PLTPADSZ |
0x6ffffdf9 |
d_val |
Optional |
Optional |
DT_MOVEENT |
0x6ffffdfa |
d_val |
Optional |
Optional |
DT_MOVESZ |
0x6ffffdfb |
d_val |
Optional |
Optional |
DT_FEATURE_1 |
0x6ffffdfc |
d_val |
Optional |
Optional |
DT_POSFLAG_1 |
0x6ffffdfd |
d_val |
Optional |
Optional |
DT_SYMINSZ |
0x6ffffdfe |
d_val |
Optional |
Optional |
DT_SYMINENT |
0x6ffffdff |
d_val |
Optional |
Optional |
DT_VALRNGHI |
0x6ffffdff |
Unspecified |
Unspecified |
Unspecified |
DT_ADDRRNGLO |
0x6ffffe00 |
Unspecified |
Unspecified |
Unspecified |
DT_CONFIG |
0x6ffffefa |
d_ptr |
Optional |
Optional |
DT_DEPAUDIT |
0x6ffffefb |
d_ptr |
Optional |
Optional |
DT_AUDIT |
0x6ffffefc |
d_ptr |
Optional |
Optional |
DT_PLTPAD |
0x6ffffefd |
d_ptr |
Optional |
Optional |
DT_MOVETAB |
0x6ffffefe |
d_ptr |
Optional |
Optional |
DT_SYMINFO |
0x6ffffeff |
d_ptr |
Optional |
Optional |
DT_ADDRRNGHI |
0x6ffffeff |
Unspecified |
Unspecified |
Unspecified |
DT_RELACOUNT |
0x6ffffff9 |
d_val |
Optional |
Optional |
DT_RELCOUNT |
0x6ffffffa |
d_val |
Optional |
Optional |
DT_FLAGS_1 |
0x6ffffffb |
d_val |
Optional |
Optional |
DT_VERDEF |
0x6ffffffc |
d_ptr |
Optional |
Optional |
DT_VERDEFNUM |
0x6ffffffd |
d_val |
Optional |
Optional |
DT_VERNEED |
0x6ffffffe |
d_ptr |
Optional |
Optional |
DT_VERNEEDNUM |
0x6fffffff |
d_val |
Optional |
Optional |
DT_LOPROC |
0x70000000 |
Unspecified |
Unspecified |
Unspecified |
DT_SPARC_REGISTER |
0x70000001 |
d_val |
Optional |
Optional |
DT_AUXILIARY |
0x7ffffffd |
d_val |
Unspecified |
Optional |
DT_USED |
0x7ffffffe |
d_val |
Optional |
Optional |
DT_FILTER |
0x7fffffff |
d_val |
Unspecified |
Optional |
DT_HIPROC |
0x7fffffff |
Unspecified |
Unspecified |
Unspecified |
Marks the end of the _DYNAMIC array.
The DT_STRTAB string table offset of a null-terminated string, giving the name of a needed dependency.The dynamic array can contain multiple entries of this type. The relative order of these entries is significant, though their relation to entries of other types is not. See Shared Object Dependencies.
The total size, in bytes, of the relocation entries associated with the procedure linkage table. See Procedure Linkage Table (Processor-Specific).
An address associated with the procedure linkage table or the global offset table. See Procedure Linkage Table (Processor-Specific) and Global Offset Table (Processor-Specific).
The address of the symbol hash table. This table refers to the symbol table indicated by the DT_SYMTAB element. See Hash Table.
The address of the string table. Symbol names, dependency names, and other strings required by the runtime linker reside in this table. See String Table.
The address of the symbol table. See Symbol Table.
The address of a relocation table. See Relocation.
An object file can have multiple relocation sections. When creating the relocation table for an executable or shared object file, the link-editor catenates those sections to form a single table. Although the sections may remain independent in the object file, the runtime linker sees a single table. When the runtime linker creates the process image for an executable file or adds a shared object to the process image, it reads the relocation table and performs the associated actions.
This element requires the DT_RELASZ and DT_RELAENT elements also be present. When relocation is mandatory for a file, either DT_RELA or DT_REL can occur.
The total size, in bytes, of the DT_RELA relocation table.
The size, in bytes, of the DT_RELA relocation entry.
The total size, in bytes, of the DT_STRTAB string table.
The size, in bytes, of the DT_SYMTAB symbol entry.
The address of an initialization function. See Initialization and Termination Sections.
The address of a termination function. See Initialization and Termination Sections.
The DT_STRTAB string table offset of a null-terminated string, identifying the name of the shared object. See Recording a Shared Object Name.
The DT_STRTAB string table offset of a null-terminated library search path string. This element's use has been superseded by DT_RUNPATH. See Directories Searched by the Runtime Linker.
Indicates the object contains symbolic bindings that were applied during its link-edit. This elements use has been superseded by the DF_SYMBOLIC flag. See Using -Bsymbolic.
Similar to DT_RELA, except its table has implicit addends. This element requires that the DT_RELSZ and DT_RELENT elements also be present.
The total size, in bytes, of the DT_REL relocation table.
The size, in bytes, of the DT_REL relocation entry.
Indicates the type of relocation entry to which the procedure linkage table refers, either DT_REL or DT_RELA. All relocations in a procedure linkage table must use the same relocation. See Procedure Linkage Table (Processor-Specific). This element requires a DT_JMPREL element also be present.
Used for debugging.
Indicates that one or more relocation entries might request modifications to a non-writable segment, and the runtime linker can prepare accordingly. This element's use has been superseded by the DF_TEXTREL flag. See Position-Independent Code.
The address of relocation entries associated solely with the procedure linkage table. See Procedure Linkage Table (Processor-Specific). Separating these relocation entries enables the runtime linker to ignore them when the object is loaded if lazy binding is enabled. This element requires the DT_PLTRELSZ and DT_PLTREL elements also be present.
Various state flags which are applied to the DT_ element immediately following. See Table 7–46.
Indicates that all relocations for this object must be processed before returning control to the program. The presence of this entry takes precedence over a directive to use lazy binding when specified through the environment or via dlopen(3DL). This element's use has been superseded by the DF_BIND_NOW flag. See When Relocations Are Performed.
The address of an array of pointers to initialization functions. This element requires that a DT_INIT_ARRAYSZ element also be present. See Initialization and Termination Sections.
The address of an array of pointers to termination functions. This element requires that a DT_FINI_ARRAYSZ element also be present. See Initialization and Termination Sections.
The total size, in bytes, of the DT_INIT_ARRAY array.
The total size, in bytes, of the DT_FINI_ARRAY array.
The DT_STRTAB string table offset of a null-terminated library search path string. See Directories Searched by the Runtime Linker.
Flag values specific to this object. See Table 7–44.
Values greater than or equal to DT_ENCODING and less than or equal to DT_HIOS follow the rules for the interpretation of the d_un union.
The address of an array of pointers to pre-initialization functions. This element requires that a DT_PREINIT_ARRAYSZ element also be present. This array is processed only in an executable file. It is ignored if contained in a shared object. See Initialization and Termination Sections.
The total size, in bytes, of the DT_PREINIT_ARRAY array.
Values in this inclusive range are reserved for operating system-specific semantics. All such values follow the rules for the interpretation of the d_un union.
Reserved for internal use by the runtime-linker.
The address of the symbol information table. This element requires that the DT_SYMINENT and DT_SYMINSZ elements also be present. See Syminfo Table.
The size, in bytes, of the DT_SYMINFO information entry.
The total size, in bytes, of the DT_SYMINFO table.
The address of the version definition table. Elements within this table contain indexes into the string table DT_STRTAB. This element requires that the DT_VERDEFNUM element also be present. See Version Definition Section.
The number of entries in the DT_VERDEF table.
The address of the version dependency table. Elements within this table contain indexes into the string table DT_STRTAB. This element requires that the DT_VERNEEDNUM element also be present. See Version Dependency Section.
The number of entries in the DT_VERNEEDNUM table.
Indicates that all Elf32_Rela (or Elf64_Rela) RELATIVE relocations have been concatenated together, and specifies the RELATIVE relocation count. See Combined Relocation Sections.
Indicates that all Elf32_Rel RELATIVE relocations have been concatenated together, and specifies the RELATIVE relocation count. See Combined Relocation Sections.
The DT_STRTAB string table offset of a null-terminated string that names one or more auxiliary filtees. See Generating an Auxiliary Filter.
The DT_STRTAB string table offset of a null-terminated string that names one or more standard filtees. See Generating a Standard Filter.
A simple checksum of selected sections of the object. See gelf_checksum(3ELF).
The size, in bytes, of the DT_MOVETAB move entries.
The total size, in bytes, of the DT_MOVETAB table.
The address of a move table. This element requires that the DT_MOVEENT and DT_MOVESZ elements also be present. See Move Section.
The DT_STRTAB string table offset of a null-terminated string defining a configuration file. The configuration file is only meaningful in an executable, and is typically unique to this object. See Configuring the Default Search Paths.
The DT_STRTAB string table offset of a null-terminated string defining one or more audit libraries. See Runtime Linker Auditing Interface.
The DT_STRTAB string table offset of a null-terminated string defining one or more audit libraries. See Runtime Linker Auditing Interface.
Flag values specific to this object. See Table 7–45.
Feature values specific to this object. See Feature Checking.
Values in this inclusive range use the d_un.d_val field of the dynamic structure.
Values in this inclusive range use the d_un.d_ptr field of the dynamic structure. If any adjustment is made to the ELF object after it has been built, these entries must be updated accordingly.
The index of an STT_SPARC_REGISTER symbol within the DT_SYMTAB symbol table. There is one entry for every STT_SPARC_REGISTER symbol in the symbol table. See Register Symbols.
Values in this inclusive range are reserved for processor-specific semantics.
Except for the DT_NULL element at the end of the dynamic array and the relative order of DT_NEEDED and DT_POSFLAG_1 elements, entries can appear in any order. Tag values not appearing in the table are reserved.
Table 7–44 ELF Dynamic Flags, DT_FLAGS
Name |
Value |
Meaning |
---|---|---|
DF_ORIGIN |
0x1 |
$ORIGIN processing required |
DF_SYMBOLIC |
0x2 |
Symbolic symbol resolution required |
DF_TEXTREL |
0x4 |
Text relocations exist |
DF_BIND_NOW |
0x8 |
Non-lazy binding required |
DF_STATIC_TLS |
0x10 |
Object uses static thread-local storage scheme |
Indicates that the object requires $ORIGIN processing. See Locating Associated Dependencies.
Indicates that the object contains symbolic bindings that were applied during its link-edit. See Using -Bsymbolic.
Indicates that one or more relocation entries might request modifications to a non-writable segment, and the runtime linker can prepare accordingly. See Position-Independent Code.
Indicates that all relocations for this object must be processed before returning control to the program. The presence of this entry takes precedence over a directive to use lazy binding when specified through the environment or via dlopen(3DL). See When Relocations Are Performed.
Indicates that the object contains code using a static thread-local storage scheme. Static thread-local storage can not be used in objects that are dynamically loaded, either using dlopen(3DL), or using lazy loading. Because of this restriction, the link-editor does not support the creation of a shared object that requires static thread-local storage.
Name |
Value |
Meaning |
---|---|---|
DF_1_NOW |
0x1 |
Perform complete relocation processing. |
DF_1_GLOBAL |
0x2 |
Unused |
DF_1_GROUP |
0x4 |
Indicate object is a member of a group. |
DF_1_NODELETE |
0x8 |
Object cannot be deleted from a process. |
DF_1_LOADFLTR |
0x10 |
Ensure immediate loading of filtees. |
DF_1_INITFIRST |
0x20 |
Objects' initialization occurs first. |
DF_1_NOOPEN |
0x40 |
Object can not be used with dlopen(3DL). |
DF_1_ORIGIN |
0x80 |
$ORIGIN processing required. |
DF_1_DIRECT |
0x100 |
Direct bindings enabled |
DF_1_INTERPOSE |
0x400 |
Object is an interposer |
DF_1_NODEFLIB |
0x800 |
Ignore default library search path |
DF_1_NODUMP |
0x1000 |
Object cannot be dumped with dldump(3DL) |
DF_1_CONFALT |
0x2000 |
Object is a configuration alternative. |
DF_1_ENDFILTEE |
0x4000 |
Filtee terminates filter's search. |
DF_1_DISPRELDNE |
0x8000 |
Displacement relocation done. |
DF_1_DISPRELPND |
0x10000 |
Displacement relocation pending. |
Indicates that all relocations for this object must be processed before returning control to the program. The presence of this flag takes precedence over a directive to use lazy binding when specified through the environment or via dlopen(3DL). See When Relocations Are Performed.
Indicates that the object is a member of a group. This flag is recorded in the object using the link-editor's -B group option. See Object Hierarchies.
Indicates that the object cannot be deleted from a process. If the object is loaded in a process, either directly or as a dependency, with dlopen(3DL), it cannot be unloaded with dlclose(3DL). This flag is recorded in the object using the link-editor's -z nodelete option.
Meaningful only for filters. Indicates that all associated filtees be processed immediately. This flag is recorded in the object using the link-editor's -z loadfltr option. See Filtee Processing.
Indicates that this object's initialization section be run before any other objects loaded with it.This flag is intended for specialized system libraries only, and is recorded in the object using the link-editor's -z initfirst option.
Indicates that the object cannot be added to a running process with dlopen(3DL). This flag is recorded in the object using the link-editor's -z nodlopen option.
Indicates that the object requires $ORIGIN processing. See Locating Associated Dependencies.
Indicates that the object should use direct binding information. See Direct Binding.
Indicates that the objects symbol table is to interpose before all symbols except the primary load object, which is typically the executable. This flag is recorded with the link-editor's -z interpose option. See Direct Binding.
Indicates that the search for dependencies of this object ignores any default library search paths. This flag is recorded in the object using the link-editor's -z nodefaultlib option. See Directories Searched by the Runtime Linker.
Indicates that this object is not dumped by dldump(3DL). Candidates for this option include objects with no relocations that might get included when generating alternative objects using crle(1). This flag is recorded in the object using the link-editor's -z nodump option.
Identifies this object as a configuration alternative object generated by crle(1). This flag triggers the runtime linker to search for a configuration file $ORIGIN/ld.config.app-name.
Meaningful only for filtees. Terminates a filters search for any further filtees. This flag is recorded in the object using the link-editor's -z endfiltee option. See Reducing Auxiliary Searches.
Indicates that this object has displacement relocations applied. The displacement relocation records no longer exist within the object as they were discarded once the relocation was applied. See Displacement Relocations.
Indicates that this object has displacement relocations pending. The displacement relocations exits within the object so they can be completed at runtime. See Displacement Relocations.
Name |
Value |
Meaning |
---|---|---|
DF_P1_LAZYLOAD |
0x1 |
Identify lazy loaded dependency. |
DF_P1_GROUPPERM |
0x2 |
Identify group dependency. |
Identifies the following DT_NEEDED entry as an object to be lazy loaded. This flag is recorded in the object using the link-editor's -z lazyload option. See Lazy Loading of Dynamic Dependencies.
Identifies the following DT_NEEDED entry as an object to be loaded as a group. This flag is recorded in the object using the link-editor's -z groupperm option. See Isolating a Group.
Name |
Value |
Meaning |
---|---|---|
DTF_1_PARINIT |
0x1 |
Partial initialization is required. |
DTF_1_CONFEXP |
0x2 |
A Configuration file is expected. |
Indicates that the object requires partial initialization. See Move Section.
Identifies this object as a configuration alternative object generated by crle(1). This flag triggers the runtime linker to search for a configuration file $ORIGIN/ld.config.app-name. This flag has the same affect as DF_1_CONFALT.
Position-independent code cannot, in general, contain absolute virtual addresses. Global offset tables hold absolute addresses in private data. Addresses are therefore available without compromising the position-independence and shareability of a program's text. A program references its global offset table using position-independent addressing and extracts absolute values. This technique redirects position-independent references to absolute locations.
Initially, the global offset table holds information as required by its relocation entries. After the system creates memory segments for a loadable object file, the runtime linker processes the relocation entries, some of which will be type R_SPARC_GLOB_DAT (for SPARC), or R_386_GLOB_DAT (for x86), referring to the global offset table.
The runtime linker determines the associated symbol values, calculates their absolute addresses, and sets the appropriate memory table entries to the proper values. Although the absolute addresses are unknown when the link-editor creates an object file, the runtime linker knows the addresses of all memory segments and can thus calculate the absolute addresses of the symbols contained therein.
If a program requires direct access to the absolute address of a symbol, that symbol will have a global offset table entry. Because the executable file and shared objects have separate global offset tables, a symbol's address can appear in several tables. The runtime linker processes all the global offset table relocations before giving control to any code in the process image. This processing ensures that absolute addresses are available during execution.
The table's entry zero is reserved to hold the address of the dynamic structure, referenced with the symbol _DYNAMIC. This symbol enables a program, such as the runtime linker, to find its own dynamic structure without having yet processed its relocation entries. This method is especially important for the runtime linker, because it must initialize itself without relying on other programs to relocate its memory image.
The system can choose different memory segment addresses for the same shared object in different programs. It can even choose different library addresses for different executions of the same program. Nonetheless, memory segments do not change addresses once the process image is established. As long as a process exists, its memory segments reside at fixed virtual addresses.
A global offset table's format and interpretation are processor-specific. For SPARC and x86 processors, the symbol _GLOBAL_OFFSET_TABLE_ can be used to access the table. This symbol can reside in the middle of the .got section, allowing both negative and nonnegative subscripts into the array of addresses. The symbol type is an array of Elf32_Addr for 32–bit code, and an array of Elf64_Addr for 64–bit code:
extern Elf32_Addr _GLOBAL_OFFSET_TABLE_[]; extern Elf64_Addr _GLOBAL_OFFSET_TABLE_[];
The global offset table converts position-independent address calculations to absolute locations. Similarly the procedure linkage table converts position-independent function calls to absolute locations. The link-editor cannot resolve execution transfers such as function calls from one executable or shared object to another. So, the link-editor arranges to have the program transfer control to entries in the procedure linkage table. The runtime linker thus redirects the entries without compromising the position-independence and shareability of the program's text. Executable files and shared object files have separate procedure linkage tables.
For 32–bit SPARC dynamic objects, the procedure linkage table resides in private data. The runtime linker determines the absolute addresses of the destinations and modifies the procedure linkage table's memory image accordingly.
The first four procedure linkage table entries are reserved. The original contents of these entries are unspecified, despite the example shown in Table 7–48. Each entry in the table occupies 3 words (12 bytes), and the last table entry is followed by a nop instruction.
A relocation table is associated with the procedure linkage table. The DT_JMP_REL entry in the _DYNAMIC array gives the location of the first relocation entry. The relocation table has one entry, in the same sequence, for each non-reserved procedure linkage table entry. The relocation type of each of these entries is R_SPARC_JMP_SLOT. The relocation offset specifies the address of the first byte of the associated procedure linkage table entry. The symbol table index refers to the appropriate symbol.
To illustrate procedure linkage tables, Table 7–48 shows four entries: two of the four initial reserved entries, the third is a call to name101, and the fourth entry is a call to name102. The example assumes that the entry for name102 is the table's last entry and shows the following nop instruction. The left column shows the instructions from the object file before dynamic linking. The right column demonstrates a possible way the runtime linker might fix the procedure linkage table entries.
Table 7–48 SPARC: Procedure Linkage Table Example
Following the steps below, the runtime linker and program jointly resolve the symbolic references through the procedure linkage table. Again, the steps described below are for explanation only. The precise execution-time behavior of the runtime linker is not specified.
When first creating the memory image of the program, the runtime linker changes the initial procedure linkage table entries, making them transfer control to one of the runtime linker's own routines. The runtime linker also stores a word of identification information in the second entry. When the runtime linker receives control, it can examine this word to find which object called it.
All other procedure linkage table entries initially transfer to the first entry, letting the runtime linker to gain control at the first execution of each table entry. For example, the program calls name101, which transfers control to the label .PLT101.
The sethi instruction computes the distance between the current and the initial procedure linkage table entries, .PLT101 and .PLT0, respectively. This value occupies the most significant 22 bits of the %g1 register.
Next, the ba,a instruction jumps to .PLT0, establishing a stack frame and calls the runtime linker.
With the identification value, the runtime linker gets its data structures for the object, including the relocation table.
By shifting the %g1 value and dividing by the size of the procedure linkage table entries, the runtime linker calculates the index of the relocation entry for name101. Relocation entry 101 has type R_SPARC_JMP_SLOT, its offset specifies the address of .PLT101, and its symbol table index refers to name101. Thus, the runtime linker gets the symbol's real value, unwinds the stack, modifies the procedure linkage table entry, and transfers control to the desired destination.
The runtime linker does not have to create the instruction sequences under the memory segment column. If it does, some points deserve more explanation.
To make the code re-entrant, the procedure linkage table's instructions are changed in a particular sequence. If the runtime linker is fixing a function's procedure linkage table entry and a signal arrives, the signal handling code must be able to call the original function with predictable and correct results.
The runtime linker changes three words to convert an entry. The runtime linker can update only a single word atomically with regard to instruction execution. Therefore, re-entrancy is achieved by updating each word in reverse order. If a re-entrant function call occurs just prior to the last patch, the runtime linker gains control a second time. Although both invocations of the runtime linker modify the same procedure linkage table entry, their changes do not interfere with each other.
The first sethi instruction of a procedure linkage table entry can fill the delay slot of the previous entry's jmp1 instruction. Although the sethi changes the value of the %g1 register, the previous contents can be safely discarded.
After conversion, the last procedure linkage table entry, .PLT102, needs a delay instruction for its jmp1. The required, trailing nop fills this delay slot.
The different instruction sequences shown for .PLT101, and .PLT102 demonstrate how the update may be optimized for the associated destination.
The LD_BIND_NOW
environment variable changes dynamic linking behavior. If its value is non-null, the runtime linker processes R_SPARC_JMP_SLOT relocation entries (procedure linkage table entries) before transferring control to the program.
For 64–bit SPARC dynamic objects, the procedure linkage table resides in private data. The runtime linker determines the absolute addresses of the destinations and modifies the procedure linkage table's memory image accordingly.
The first four procedure linkage table entries are reserved. The original contents of these entries are unspecified, despite the example shown in Table 7–49. Each of the first 32,768 entries in the table occupies 8 words (32 bytes), and must be aligned on a 32–byte boundary. The table as a whole must be aligned on a 256–byte boundary. If more than 32,768 entries are required, the remaining entries consist of 6 words (24 bytes) and 1 pointer (8 bytes). The instructions are collected together in blocks of 160 entries followed by 160 pointers. The last group of entries and pointers may contain less than 160 items. No padding is required.
The numbers 32,768 and 160 are based on the limits of branch and load displacements respectively with the second rounded down to make the divisions between code and data fall on 256–byte boundaries so as to improve cache performance.
A relocation table is associated with the procedure linkage table. The DT_JMP_REL entry in the _DYNAMIC array gives the location of the first relocation entry. The relocation table has one entry, in the same sequence, for each non-reserved procedure linkage table entry. The relocation type of each of these entries is R_SPARC_JMP_SLOT. For the first 32,767 slots, the relocation offset specifies the address of the first byte of the associated procedure linkage table entry, the addend field is zero. The symbol table index refers to the appropriate symbol. For slots 32,768 and beyond, the relocation offset specifies the address of the first byte of the associated pointer. The addend field is the unrelocated value -(.PLTN + 4). The symbol table index refers to the appropriate symbol.
To illustrate procedure linkage tables, Table 7–49 shows several entries. The first three show initial reserved entries. The following three show examples of the initial 32,768 entries together with possible resolved forms that might apply if the target address was +/- 2 Gbytes of the entry, within the lower 4 Gbytes of the address space, or anywhere respectively. The final two show examples of later entries, which consist of instruction and pointer pairs. The left column shows the instructions from the object file before dynamic linking. The right column demonstrates a possible way the runtime linker might fix the procedure linkage table entries.
Table 7–49 64-bit SPARC: Procedure Linkage Table Example
Following the steps below, the runtime linker and program jointly resolve the symbolic references through the procedure linkage table. Again, the steps described below are for explanation only. The precise execution-time behavior of the runtime linker is not specified.
When first creating the memory image of the program, the runtime linker changes the initial procedure linkage table entries, making them transfer control to one of the runtime linker's own routines. The runtime linker also stores an extended word of identification information in the third entry. When the runtime linker receives control, it can examine this extended word to find which object called it.
All other procedure linkage table entries initially transfer to the first or second entry. Those entries establish a stack frame and call the runtime linker.
With the identification value, the runtime linker gets its data structures for the object, including the relocation table.
The runtime linker computes the index of the relocation entry for the table slot.
With the index information, the runtime linker gets the symbol's real value, unwinds the stack, modifies the procedure linkage table entry, and transfers control to the desired destination.
The runtime linker does not have to create the instruction sequences under the memory segment column, it might. If it does, some points deserve more explanation.
To make the code re-entrant, the procedure linkage table's instructions are changed in a particular sequence. If the runtime linker is fixing a function's procedure linkage table entry and a signal arrives, the signal handling code must be able to call the original function with predictable and correct results.
The runtime linker may change up to eight words to convert an entry. The runtime linker can update only a single word atomically with regard to instruction execution. Therefore, re-entrancy is achieved by first overwriting the nop instructions with their replacement instructions, and then patching the ba,a, and the sethi if using a 64–bit store. If a re-entrant function call occurs just prior to the last patch, the runtime linker gains control a second time. Although both invocations of the runtime linker modify the same procedure linkage table entry, their changes do not interfere with each other.
If the initial sethi instruction is changed, it can only be replaced by a nop.
Changing the pointer as done for the second form of entry is done using a single atomic 64–bit store.
The different instruction sequences shown for .PLT101, .PLT102, and .PLT103 demonstrate how the update may be optimized for the associated destination.
The LD_BIND_NOW
environment variable changes dynamic linking behavior. If its value is non-null, the runtime linker processes R_SPARC_JMP_SLOT relocation entries (procedure linkage table entries) before transferring control to the program.
For 32–bit x86 dynamic objects, the procedure linkage table resides in shared text but uses addresses in the private global offset table. The runtime linker determines the absolute addresses of the destinations and modifies the global offset table's memory image accordingly. The runtime linker thus redirects the entries without compromising the position-independence and shareability of the program's text. Executable files and shared object files have separate procedure linkage tables.
Table 7–50 x86: Absolute Procedure Linkage Table Example
.PLT0: pushl got_plus_4 jmp *got_plus_8 nop; nop nop; nop .PLT1: jmp *name1_in_GOT pushl $offset jmp .PLT0@PC .PLT2: jmp *name2_in_GOT pushl $offset jmp .PLT0@PC |
Table 7–51 x86: Position-Independent Procedure Linkage Table Example
.PLT0: pushl 4(%ebx) jmp *8(%ebx) nop; nop nop; nop .PLT1: jmp *name1@GOT(%ebx) pushl $offset jmp .PLT0@PC .PLT2: jmp *name2@GOT(%ebx) pushl $offset jmp .PLT0@PC |
As the preceding examples show, the procedure linkage table instructions use different operand addressing modes for absolute code and for position-independent code. Nonetheless, their interfaces to the runtime linker are the same.
Following the steps below, the runtime linker and program cooperate to resolve the symbolic references through the procedure linkage table and the global offset table.
When first creating the memory image of the program, the runtime linker sets the second and third entries in the global offset table to special values. The steps below explain these values.
If the procedure linkage table is position-independent, the address of the global offset table must be in %ebx. Each shared object file in the process image has its own procedure linkage table, and control transfers to a procedure linkage table entry only from within the same object file. So, the calling function must set the global offset table base register before it calls the procedure linkage table entry.
For example, the program calls name1, which transfers control to the label .PLT1.
The first instruction jumps to the address in the global offset table entry for name1. Initially, the global offset table holds the address of the following pushl instruction, not the real address of name1.
The program pushes a relocation offset (offset) on the stack. The relocation offset is a 32–bit, nonnegative byte offset into the relocation table. The designated relocation entry has the type R_386_JMP_SLOT, and its offset specifies the global offset table entry used in the previous jmp instruction. The relocation entry also contains a symbol table index, which the runtime linker uses to get the referenced symbol, name1.
After pushing the relocation offset, the program jumps to .PLT0, the first entry in the procedure linkage table. The pushl instruction pushes the value of the second global offset table entry (got_plus_4 or 4(%ebx)) on the stack, giving the runtime linker one word of identifying information. The program then jumps to the address in the third global offset table entry (got_plus_8 or 8(%ebx)), to jump to the runtime linker.
The runtime linker unwinds the stack, checks the designated relocation entry, gets the symbol's value, stores the actual address of name1 in its global offset entry table, and jumps to the destination.
Subsequent executions of the procedure linkage table entry transfer directly to name1, without calling the runtime linker again. The jmp instruction at .PLT1 jumps to name1 instead of falling through to the pushl instruction.
The LD_BIND_NOW
environment variable changes dynamic linking behavior. If its value is non-null, the runtime linker processes R_386_JMP_SLOT
relocation entries (procedure linkage table entries) before transferring control to the program.
A hash table of Elf32_Word or Elf64_Word objects supports symbol table access. The symbol table to which the hashing is associated is specified in the sh_link entry of the hash table's section header (refer to Table 7–15). Labels appear below to help explain the hash table organization, but they are not part of the specification.
The bucket array contains nbucket entries, and the chain array contains nchain entries; indexes start at 0. Both bucket and chain hold symbol table indexes. Chain table entries parallel the symbol table. The number of symbol table entries should equal nchain, so symbol table indexes also select chain table entries.
A hashing function accepts a symbol name and returns a value that can be used to compute a bucket index. Consequently, if the hashing function returns the value x for some name, bucket [x%nbucket] gives an index y into both the symbol table and the chain table. If the symbol table entry is not the one desired, chain[y] gives the next symbol table entry with the same hash value.
You can follow the chain links until either the selected symbol table entry holds the desired name or the chain entry contains the value STN_UNDEF.
The hash function is as follows:
unsigned long elf_Hash(const unsigned char *name) { unsigned long h = 0, g; while (*name) { h = (h << 4) + *name++; if (g = h & 0xf0000000) h ^= g >> 24; h &= ~g; } return h; }