1.\" Copyright (c) 1993 Paul Kranenburg 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by Paul Kranenburg. 15.\" 3. The name of the author may not be used to endorse or promote products 16.\" derived from this software without specific prior written permission 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28.\" 29.\" $FreeBSD$ 30.\" 31.Dd October 23, 1993 32.Dt LINK 5 33.Os 34.Sh NAME 35.Nm link 36.Nd dynamic loader and link editor interface 37.Sh SYNOPSIS 38.In sys/types.h 39.In nlist.h 40.In link.h 41.Sh DESCRIPTION 42The include file 43.Aq Pa link.h 44declares several structures that are present in dynamically linked 45programs and libraries. 46The structures define the interface between several components of the 47link-editor and loader mechanism. 48The layout of a number of these 49structures within the binaries resembles the a.out format in many places 50as it serves such similar functions as symbol definitions (including the 51accompanying string table) and relocation records needed to resolve 52references to external entities. 53It also records a number of data structures 54unique to the dynamic loading and linking process. 55These include references 56to other objects that are required to complete the link-editing process and 57indirection tables to facilitate 58.Em Position Independent Code 59(PIC for short) to improve sharing of code pages among different processes. 60The collection of data structures described here will be referred to as the 61.Em Run-time Relocation Section (RRS) 62and is embedded in the standard text and data segments of the dynamically 63linked program or shared object image as the existing 64.Xr a.out 5 65format offers no room for it elsewhere. 66.Pp 67Several utilities cooperate to ensure that the task of getting a program 68ready to run can complete successfully in a way that optimizes the use 69of system resources. 70The compiler emits PIC code from which shared libraries 71can be built by 72.Xr ld 1 . 73The compiler also includes size information of any initialized data items 74through the .size assembler directive. 75PIC code differs from conventional code 76in that it accesses data variables through an indirection table, the 77Global Offset Table, by convention accessible by the reserved name 78.Dv _GLOBAL_OFFSET_TABLE_ . 79The exact mechanism used for this is machine dependent, usually a machine 80register is reserved for the purpose. 81The rational behind this construct 82is to generate code that is independent of the actual load address. 83Only 84the values contained in the Global Offset Table may need updating at run-time 85depending on the load addresses of the various shared objects in the address 86space. 87.Pp 88Likewise, procedure calls to globally defined functions are redirected through 89the Procedure Linkage Table (PLT) residing in the data segment of the core 90image. 91Again, this is done to avoid run-time modifications to the text segment. 92.Pp 93The linker-editor allocates the Global Offset Table and Procedure Linkage Table 94when combining PIC object files into an image suitable for mapping into the 95process address space. 96It also collects all symbols that may be needed by the 97run-time link-editor and stores these along with the image's text and data bits. 98Another reserved symbol, 99.Em _DYNAMIC 100is used to indicate the presence of the run-time linker structures. 101Whenever 102_DYNAMIC is relocated to 0, there is no need to invoke the run-time 103link-editor. 104If this symbol is non-zero, it points at a data structure from 105which the location of the necessary relocation- and symbol information can 106be derived. 107This is most notably used by the start-up module, 108.Em crt0 . 109The _DYNAMIC structure is conventionally located at the start of the data 110segment of the image to which it pertains. 111.Sh DATA STRUCTURES 112The data structures supporting dynamic linking and run-time relocation 113reside both in the text and data segments of the image they apply to. 114The text segments contain read-only data such as symbols descriptions and 115names, while the data segments contain the tables that need to be modified by 116during the relocation process. 117.Pp 118The _DYNAMIC symbol references a 119.Fa _dynamic 120structure: 121.Bd -literal -offset indent 122struct _dynamic { 123 int d_version; 124 struct so_debug *d_debug; 125 union { 126 struct section_dispatch_table *d_sdt; 127 } d_un; 128 struct ld_entry *d_entry; 129}; 130.Ed 131.Bl -tag -width d_version 132.It Fa d_version 133This field provides for different versions of the dynamic linking 134implementation. 135The current version numbers understood by 136.Xr ld 1 137and 138.Xr ld.so 1 139are 140.Em LD_VERSION_SUN (3) , 141which is used by the 142.Tn SunOS 1434.x releases, and 144.Em LD_VERSION_BSD (8) , 145which has been in use since 146.Fx 1.1 . 147.It Fa d_un 148Refers to a 149.Em d_version 150dependent data structure. 151.It Fa so_debug 152this field provides debuggers with a hook to access symbol tables of shared 153objects loaded as a result of the actions of the run-time link-editor. 154.El 155.Pp 156The 157.Fa section_dispatch_table 158structure is the main 159.Dq dispatcher 160table, containing offsets into the image's segments where various symbol 161and relocation information is located. 162.Bd -literal -offset indent 163struct section_dispatch_table { 164 struct so_map *sdt_loaded; 165 long sdt_sods; 166 long sdt_filler1; 167 long sdt_got; 168 long sdt_plt; 169 long sdt_rel; 170 long sdt_hash; 171 long sdt_nzlist; 172 long sdt_filler2; 173 long sdt_buckets; 174 long sdt_strings; 175 long sdt_str_sz; 176 long sdt_text_sz; 177 long sdt_plt_sz; 178}; 179.Ed 180.Pp 181.Bl -tag -width sdt_filler1 182.It Fa sdt_loaded 183A pointer to the first link map loaded (see below). This field is set by 184.Nm ld.so 185.It Fa sdt_sods 186The start of a (linked) list of shared object descriptors needed by 187.Em this 188object. 189.It Fa sdt_filler1 190Deprecated (used by SunOS to specify library search rules). 191.It Fa sdt_got 192The location of the Global Offset Table within this image. 193.It Fa sdt_plt 194The location of the Procedure Linkage Table within this image. 195.It Fa sdt_rel 196The location of an array of 197.Fa relocation_info 198structures 199(see 200.Xr a.out 5 ) 201specifying run-time relocations. 202.It Fa sdt_hash 203The location of the hash table for fast symbol lookup in this object's 204symbol table. 205.It Fa sdt_nzlist 206The location of the symbol table. 207.It Fa sdt_filler2 208Currently unused. 209.It Fa sdt_buckets 210The number of buckets in 211.Fa sdt_hash 212.It Fa sdt_strings 213The location of the symbol string table that goes with 214.Fa sdt_nzlist . 215.It Fa sdt_str_sz 216The size of the string table. 217.It Fa sdt_text_sz 218The size of the object's text segment. 219.It Fa sdt_plt_sz 220The size of the Procedure Linkage Table. 221.El 222.Pp 223A 224.Fa sod 225structure describes a shared object that is needed 226to complete the link edit process of the object containing it. 227A list of such objects 228(chained through 229.Fa sod_next ) 230is pointed at 231by the 232.Fa sdt_sods 233in the section_dispatch_table structure. 234.Bd -literal -offset indent 235struct sod { 236 long sod_name; 237 u_int sod_library : 1, 238 sod_reserved : 31; 239 short sod_major; 240 short sod_minor; 241 long sod_next; 242}; 243.Ed 244.Pp 245.Bl -tag -width sod_library 246.It Fa sod_name 247The offset in the text segment of a string describing this link object. 248.It Fa sod_library 249If set, 250.Fa sod_name 251specifies a library that is to be searched for by 252.Nm ld.so . 253The path name 254is obtained by searching a set of directories 255(see also 256.Xr ldconfig 8 ) 257for a shared object matching 258.Em lib\&<sod_name>\&.so.n.m . 259If not set, 260.Fa sod_name 261should point at a full path name for the desired shared object. 262.It Fa sod_major 263Specifies the major version number of the shared object to load. 264.It Fa sod_minor 265Specifies the preferred minor version number of the shared object to load. 266.El 267.Pp 268The run-time link-editor maintains a list of structures called 269.Em link maps 270to keep track of all shared objects loaded into a process' address space. 271These structures are only used at run-time and do not occur within 272the text or data segment of an executable or shared library. 273.Bd -literal -offset indent 274struct so_map { 275 caddr_t som_addr; 276 char *som_path; 277 struct so_map *som_next; 278 struct sod *som_sod; 279 caddr_t som_sodbase; 280 u_int som_write : 1; 281 struct _dynamic *som_dynamic; 282 caddr_t som_spd; 283}; 284.Ed 285.Bl -tag -width som_dynamic 286.It Fa som_addr 287The address at which the shared object associated with this link map has 288been loaded. 289.It Fa som_path 290The full path name of the loaded object. 291.It Fa som_next 292Pointer to the next link map. 293.It Fa som_sod 294The 295.Fa sod 296structure that was responsible for loading this shared object. 297.It Fa som_sodbase 298Tossed in later versions the run-time linker. 299.It Fa som_write 300Set if (some portion of) this object's text segment is currently writable. 301.It Fa som_dynamic 302Pointer to this object's 303.Fa _dynamic 304structure. 305.It Fa som_spd 306Hook for attaching private data maintained by the run-time link-editor. 307.El 308.Pp 309Symbol description with size. 310This is simply an 311.Fa nlist 312structure with one field 313.Pq Fa nz_size 314added. 315Used to convey size information on items in the data segment 316of shared objects. 317An array of these lives in the shared object's 318text segment and is addressed by the 319.Fa sdt_nzlist 320field of 321.Fa section_dispatch_table . 322.Bd -literal -offset indent 323struct nzlist { 324 struct nlist nlist; 325 u_long nz_size; 326#define nz_un nlist.n_un 327#define nz_strx nlist.n_un.n_strx 328#define nz_name nlist.n_un.n_name 329#define nz_type nlist.n_type 330#define nz_value nlist.n_value 331#define nz_desc nlist.n_desc 332#define nz_other nlist.n_other 333}; 334.Ed 335.Bl -tag -width nz_size 336.It Fa nlist 337(see 338.Xr nlist 3 ) . 339.It Fa nz_size 340The size of the data represented by this symbol. 341.El 342.Pp 343A hash table is included within the text segment of shared object 344to facilitate quick lookup of symbols during run-time link-editing. 345The 346.Fa sdt_hash 347field of the 348.Fa section_dispatch_table 349structure points at an array of 350.Fa rrs_hash 351structures: 352.Bd -literal -offset indent 353struct rrs_hash { 354 int rh_symbolnum; /* symbol number */ 355 int rh_next; /* next hash entry */ 356}; 357.Ed 358.Pp 359.Bl -tag -width rh_symbolnum 360.It Fa rh_symbolnum 361The index of the symbol in the shared object's symbol table (as given by the 362.Fa ld_symbols 363field). 364.It Fa rh_next 365In case of collisions, this field is the offset of the next entry in this 366hash table bucket. 367It is zero for the last bucket element. 368.El 369The 370.Fa rt_symbol 371structure is used to keep track of run-time allocated commons 372and data items copied from shared objects. 373These items are kept on linked list 374and is exported through the 375.Fa dd_cc 376field in the 377.Fa so_debug 378structure (see below) for use by debuggers. 379.Bd -literal -offset indent 380struct rt_symbol { 381 struct nzlist *rt_sp; 382 struct rt_symbol *rt_next; 383 struct rt_symbol *rt_link; 384 caddr_t rt_srcaddr; 385 struct so_map *rt_smp; 386}; 387.Ed 388.Pp 389.Bl -tag -width rt_scraddr 390.It Fa rt_sp 391The symbol description. 392.It Fa rt_next 393Virtual address of next rt_symbol. 394.It Fa rt_link 395Next in hash bucket. 396Used by internally by 397.Nm ld.so . 398.It Fa rt_srcaddr 399Location of the source of initialized data within a shared object. 400.It Fa rt_smp 401The shared object which is the original source of the data that this 402run-time symbol describes. 403.El 404.Pp 405The 406.Fa so_debug 407structure is used by debuggers to gain knowledge of any shared objects 408that have been loaded in the process's address space as a result of run-time 409link-editing. 410Since the run-time link-editor runs as a part of process 411initialization, a debugger that wishes to access symbols from shared objects 412can only do so after the link-editor has been called from crt0. 413A dynamically linked binary contains a 414.Fa so_debug 415structure which can be located by means of the 416.Fa d_debug 417field in 418.Fa _dynamic . 419.Bd -literal -offset indent 420struct so_debug { 421 int dd_version; 422 int dd_in_debugger; 423 int dd_sym_loaded; 424 char *dd_bpt_addr; 425 int dd_bpt_shadow; 426 struct rt_symbol *dd_cc; 427}; 428.Ed 429.Pp 430.Bl -tag -width dd_in_debugger 431.It Fa dd_version 432Version number of this interface. 433.It Fa dd_in_debugger 434Set by the debugger to indicate to the run-time linker that the program is 435run under control of a debugger. 436.It Fa dd_sym_loaded 437Set by the run-time linker whenever it adds symbols by loading shared objects. 438.It Fa dd_bpt_addr 439The address were a breakpoint will be set by the run-time linker to 440divert control to the debugger. 441This address is determined by the start-up 442module, 443.Pa crt0.o , 444to be some convenient place before the call to _main. 445.It Fa dd_bpt_shadow 446Contains the original instruction that was at 447.Fa dd_bpt_addr . 448The debugger is expected to put this instruction back before continuing the 449program. 450.It Fa dd_cc 451A pointer to the linked list of run-time allocated symbols that the debugger 452may be interested in. 453.El 454.Pp 455The 456.Em ld_entry 457structure defines a set of service routines within 458.Nm ld.so . 459.\" See 460.\" .Xr libdl.a 461.\" for more information. 462.Bd -literal -offset indent 463struct ld_entry { 464 void *(*dlopen)(char *, int); 465 int (*dlclose)(void *); 466 void *(*dlsym)(void *, char *); 467 char *(*dlerror)(void); 468}; 469.Ed 470.Pp 471The 472.Fa crt_ldso 473structure defines the interface between the start-up code in crt0 and 474.Nm ld.so . 475.Bd -literal -offset indent 476struct crt_ldso { 477 int crt_ba; 478 int crt_dzfd; 479 int crt_ldfd; 480 struct _dynamic *crt_dp; 481 char **crt_ep; 482 caddr_t crt_bp; 483 char *crt_prog; 484 char *crt_ldso; 485 struct ld_entry *crt_ldentry; 486}; 487#define CRT_VERSION_SUN 1 488#define CRT_VERSION_BSD_2 2 489#define CRT_VERSION_BSD_3 3 490#define CRT_VERSION_BSD_4 4 491.Ed 492.Bl -tag -width crt_dzfd 493.It Fa crt_ba 494The virtual address at which 495.Nm ld.so 496was loaded by crt0. 497.It Fa crt_dzfd 498On SunOS systems, this field contains an open file descriptor to 499.Dq Pa /dev/zero 500used to get demand paged zeroed pages. 501On 502.Fx 503systems it contains -1. 504.It Fa crt_ldfd 505Contains an open file descriptor that was used by crt0 to load 506.Nm ld.so . 507.It Fa crt_dp 508A pointer to main's 509.Fa _dynamic 510structure. 511.It Fa crt_ep 512A pointer to the environment strings. 513.It Fa crt_bp 514The address at which a breakpoint will be placed by the run-time linker 515if the main program is run by a debugger. 516See 517.Fa so_debug 518.It Fa crt_prog 519The name of the main program as determined by crt0 (CRT_VERSION_BSD3 only). 520.It Fa crt_ldso 521The path of the run-time linker as mapped by crt0 (CRT_VERSION_BSD4 only). 522.El 523.Pp 524The 525.Fa hints_header 526and 527.Fa hints_bucket 528structures define the layout of the library hints, normally found in 529.Dq Pa /var/run/ld.so.hints , 530which is used by 531.Nm ld.so 532to quickly locate the shared object images in the 533filesystem. 534The organization of the hints file is not unlike that of an 535.Dq a.out 536object file, in that it contains a header determining the offset and size 537of a table of fixed sized hash buckets and a common string pool. 538.Bd -literal -offset indent 539struct hints_header { 540 long hh_magic; 541#define HH_MAGIC 011421044151 542 long hh_version; 543#define LD_HINTS_VERSION_1 1 544 long hh_hashtab; 545 long hh_nbucket; 546 long hh_strtab; 547 long hh_strtab_sz; 548 long hh_ehints; 549}; 550.Ed 551.Bl -tag -width hh_strtab_sz 552.It Fa hh_magic 553Hints file magic number. 554.It Fa hh_version 555Interface version number. 556.It Fa hh_hashtab 557Offset of hash table. 558.It Fa hh_strtab 559Offset of string table. 560.It Fa hh_strtab_sz 561Size of strings. 562.It Fa hh_ehints 563Maximum usable offset in hints file. 564.El 565.Pp 566.Bd -literal -offset indent 567/* 568 * Hash table element in hints file. 569 */ 570struct hints_bucket { 571 int hi_namex; 572 int hi_pathx; 573 int hi_dewey[MAXDEWEY]; 574 int hi_ndewey; 575#define hi_major hi_dewey[0] 576#define hi_minor hi_dewey[1] 577 int hi_next; 578}; 579.Ed 580.Bl -tag -width hi_ndewey 581.It Fa hi_namex 582Index of the string identifying the library. 583.It Fa hi_pathx 584Index of the string representing the full path name of the library. 585.It Fa hi_dewey 586The version numbers of the shared library. 587.It Fa hi_ndewey 588The number of valid entries in 589.Fa hi_dewey . 590.It Fa hi_next 591Next bucket in case of hashing collisions. 592.El 593.Sh CAVEATS 594Only the (GNU) C compiler currently supports the creation of shared libraries. 595Other programming languages cannot be used. 596