|
| 1 | +# Dynamic Linking |
| 2 | + |
| 3 | +## Build dynamically linked shecc and programs |
| 4 | + |
| 5 | +Build the dynamically linked version of shecc, but notice that shecc currently doesn't support dynamic linking for the RISC-V architecture: |
| 6 | + |
| 7 | +```shell |
| 8 | +$ make ARCH=arm DYNLINK=1 |
| 9 | +``` |
| 10 | + |
| 11 | +Next, you can use shecc to build dynamically linked programs by adding the `--dynlink` flag: |
| 12 | + |
| 13 | +```shell |
| 14 | +# Use the stage 0 compiler |
| 15 | +$ out/shecc --dynlink -o <output> <input.c> |
| 16 | +# Use the stage 1 or stage 2 compiler |
| 17 | +$ qemu-arm -L <LD_PREFIX> out/shecc-stage2.elf --dynlink -o <output> <input.c> |
| 18 | + |
| 19 | +# Execute the compiled program |
| 20 | +$ qemu-arm -L <LD_PREFIX> <output> |
| 21 | +``` |
| 22 | + |
| 23 | +When executing a dynamically linked program, you should set the ELF interpreter prefix so that `ld.so` can be invoked. Generally, it should be `/usr/arm-linux-gnueabihf` if you have installed the ARM GNU toolchain by `apt`. Otherwise, you should find and specify the correct path if you manually installed the toolchain. |
| 24 | + |
| 25 | +## Stack frame layout |
| 26 | + |
| 27 | +In dynamic linking mode, the stack frame layout for each function can be illustrated as follows: |
| 28 | + |
| 29 | +``` |
| 30 | +High Address |
| 31 | ++------------------+ |
| 32 | +| incoming args | |
| 33 | ++------------------+ <- sp + total_size |
| 34 | +| saved lr | |
| 35 | ++------------------+ <- sp + total_size - 4 |
| 36 | +| saved r11 | |
| 37 | ++------------------+ |
| 38 | +| saved r10 | |
| 39 | ++------------------+ |
| 40 | +| saved r9 | |
| 41 | ++------------------+ |
| 42 | +| saved r8 | |
| 43 | ++------------------+ |
| 44 | +| saved r7 | |
| 45 | ++------------------+ |
| 46 | +| saved r6 | |
| 47 | ++------------------+ |
| 48 | +| saved r5 | |
| 49 | ++------------------+ |
| 50 | +| saved r4 | |
| 51 | ++------------------+ |
| 52 | +| local variables | |
| 53 | ++------------------+ <- <- sp + (MAX_PARAMS - MAX_ARGS_IN_REG) * 4 |
| 54 | +| outgoing args | |
| 55 | ++------------------+ <- sp (MUST be aligned to 8 bytes) |
| 56 | +Low Address |
| 57 | +``` |
| 58 | + |
| 59 | +* `total_size`: includes the size of the following elements: |
| 60 | + * `outgoing args`: a fixed size - `(MAX_PARAMS - MAX_ARGS_IN_REG) * 4` bytes |
| 61 | + * All local variables |
| 62 | + * `saved r4-r11 and lr`: a fixed size - 36 bytes |
| 63 | + |
| 64 | + |
| 65 | +## About function arguments handling |
| 66 | + |
| 67 | +### Arm (32-bit) |
| 68 | + |
| 69 | +If the callee is an internal function meaning that its implementation is compiled by shecc, the caller directly puts all arguments into register `r0` - `r7`. |
| 70 | + |
| 71 | +Conversely, the caller performs the following operations to comply with the Arm Architecture Procedure Call Standard (AAPCS). |
| 72 | + |
| 73 | +* First four arguments are put into `r0` - `r3` |
| 74 | +* Other additional arguments are passed to stack. Arguments are pushed onto stack starting from the last argument, so the fifth argument is at the lower address and the last argument is at the higher address. |
| 75 | +* Align the stack pointer to 8 bytes, as external functions may access 8-byte objects, which require 8-byte alignment. |
| 76 | + |
| 77 | +### RISC-V (32-bit) |
| 78 | + |
| 79 | +(Currently not supported) |
| 80 | + |
| 81 | +## Runtime execution flow |
| 82 | + |
| 83 | +1. Program starts at ELF entry point. |
| 84 | +2. Dynamic linker (`ld.so`) is invoked. |
| 85 | + * For the Arm architecture, the dynamic linker is `/lib/ld-linux-armhf.so.3`. |
| 86 | +3. Linker loads shared libraries such as `libc.so`. |
| 87 | +4. Linker resolves symbols and fills global offset table (GOT). |
| 88 | +5. Control transfers to the program. |
| 89 | +6. Program executes `__libc_start_main` at the beginning. |
| 90 | +7. `__libc_start_main` calls the *main wrapper*, which pushes registers r4-r11 and lr onto stack, sets up a global stack for all global variables (excluding read-only variables), and initializes them. |
| 91 | +8. Execute the *main wrapper*, and then invoke the main function. |
| 92 | +9. After the `main` function returns, the *main wrapper* restores the necessary registers and passes control back to `__libc_start_main`, which implicitly calls `exit(3)` to terminate the program. |
| 93 | + |
| 94 | +## Dynamic sections |
| 95 | + |
| 96 | +When using dynamic linking, the following sections are generated for compiled programs: |
| 97 | + |
| 98 | +1. `.interp` - Path to dynamic linker |
| 99 | +2. `.dynsym` - Dynamic symbol table |
| 100 | +3. `.dynstr` - Dynamic string table |
| 101 | +4. `.rel.plt` - PLT relocations |
| 102 | +5. `.plt` - Procedure Linkage Table |
| 103 | +6. `.got` - Global Offset Table |
| 104 | +7. `.dynamic` - Dynamic linking information |
| 105 | + |
| 106 | +### PLT explanation for Arm32 |
| 107 | + |
| 108 | +The first entry contains the following instructions to invoke resolver to perform relocation. |
| 109 | + |
| 110 | +``` |
| 111 | +push {lr} @ (str lr, [sp, #-4]!) |
| 112 | +movw sl, #:lower16:(&GOT[2]) |
| 113 | +movt sl, #:upper16:(&GOT[2]) |
| 114 | +mov lr, sl |
| 115 | +ldr pc, [lr] |
| 116 | +``` |
| 117 | + |
| 118 | +1. Push register `lr` onto stack. |
| 119 | +2. Set register `sl` to the address of `GOT[2]`. |
| 120 | +3. Move the value of `sl` to `lr`. |
| 121 | +4. Load the value located at `[lr]` into the program counter (`pc`). |
| 122 | + |
| 123 | + |
| 124 | + |
| 125 | +The remaining entries correspond to all external functions, with each entry including the following instructions: |
| 126 | + |
| 127 | +``` |
| 128 | +movw ip, #:lower16:(&GOT[x]) |
| 129 | +movt ip, #:upper16:(&GOT[x]) |
| 130 | +ldr pc, [ip] |
| 131 | +``` |
| 132 | + |
| 133 | +1. Set register `ip` to the address of `GOT[x]`. |
| 134 | +2. Assign register `pc` to the value of `GOT[x]`. That is, set `pc` to the address of the callee. |
| 135 | + |
0 commit comments