2016-03-12 14:06:40 +08:00
|
|
|
The ELF and COFF Linkers
|
|
|
|
========================
|
|
|
|
|
|
|
|
The ELF Linker as a Library
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
You can embed LLD to your program by linking against it and calling the linker's
|
|
|
|
entry point function lld::elf::link.
|
|
|
|
|
|
|
|
The current policy is that it is your reponsibility to give trustworthy object
|
|
|
|
files. The function is guaranteed to return as long as you do not pass corrupted
|
|
|
|
or malicious object files. A corrupted file could cause a fatal error or SEGV.
|
|
|
|
That being said, you don't need to worry too much about it if you create object
|
|
|
|
files in the usual way and give them to the linker. It is naturally expected to
|
|
|
|
work, or otherwise it's a linker's bug.
|
|
|
|
|
|
|
|
Design
|
|
|
|
======
|
|
|
|
|
|
|
|
We will describe the design of the linkers in the rest of the document.
|
|
|
|
|
|
|
|
Key Concepts
|
|
|
|
------------
|
|
|
|
|
|
|
|
Linkers are fairly large pieces of software.
|
|
|
|
There are many design choices you have to make to create a complete linker.
|
|
|
|
|
|
|
|
This is a list of design choices we've made for ELF and COFF LLD.
|
|
|
|
We believe that these high-level design choices achieved a right balance
|
|
|
|
between speed, simplicity and extensibility.
|
|
|
|
|
|
|
|
* Implement as native linkers
|
|
|
|
|
|
|
|
We implemented the linkers as native linkers for each file format.
|
|
|
|
|
|
|
|
The two linkers share the same design but do not share code.
|
|
|
|
Sharing code makes sense if the benefit is worth its cost.
|
|
|
|
In our case, ELF and COFF are different enough that we thought the layer to
|
|
|
|
abstract the differences wouldn't worth its complexity and run-time cost.
|
|
|
|
Elimination of the abstract layer has greatly simplified the implementation.
|
|
|
|
|
|
|
|
* Speed by design
|
|
|
|
|
2016-03-15 03:53:52 +08:00
|
|
|
One of the most important things in archiving high performance is to
|
2016-03-12 14:06:40 +08:00
|
|
|
do less rather than do it efficiently.
|
|
|
|
Therefore, the high-level design matters more than local optimizations.
|
|
|
|
Since we are trying to create a high-performance linker,
|
|
|
|
it is very important to keep the design as efficient as possible.
|
|
|
|
|
|
|
|
Broadly speaking, we do not do anything until we have to do it.
|
|
|
|
For example, we do not read section contents or relocations
|
|
|
|
until we need them to continue linking.
|
|
|
|
When we need to do some costly operation (such as looking up
|
|
|
|
a hash table for each symbol), we do it only once.
|
|
|
|
We obtain a handler (which is typically just a pointer to actual data)
|
|
|
|
on the first operation and use it throughout the process.
|
|
|
|
|
|
|
|
* Efficient archive file handling
|
|
|
|
|
|
|
|
LLD's handling of archive files (the files with ".a" file extension) is different
|
2016-03-15 03:53:52 +08:00
|
|
|
from the traditional Unix linkers and similar to Windows linkers.
|
2016-03-12 14:06:40 +08:00
|
|
|
We'll describe how the traditional Unix linker handles archive files,
|
|
|
|
what the problem is, and how LLD approached the problem.
|
|
|
|
|
|
|
|
The traditional Unix linker maintains a set of undefined symbols during linking.
|
|
|
|
The linker visits each file in the order as they appeared in the command line
|
|
|
|
until the set becomes empty. What the linker would do depends on file type.
|
|
|
|
|
|
|
|
- If the linker visits an object file, the linker links object files to the result,
|
|
|
|
and undefined symbols in the object file are added to the set.
|
|
|
|
|
|
|
|
- If the linker visits an archive file, it checks for the archive file's symbol table
|
|
|
|
and extracts all object files that have definitions for any symbols in the set.
|
|
|
|
|
|
|
|
This algorithm sometimes leads to a counter-intuitive behavior.
|
|
|
|
If you give archive files before object files, nothing will happen
|
|
|
|
because when the linker visits archives, there is no undefined symbols in the set.
|
|
|
|
As a result, no files are extracted from the first archive file,
|
|
|
|
and the link is done at that point because the set is empty after it visits one file.
|
|
|
|
|
|
|
|
You can fix the problem by reordering the files,
|
|
|
|
but that cannot fix the issue of mutually-dependent archive files.
|
|
|
|
|
|
|
|
Linking mutually-dependent archive files is tricky.
|
|
|
|
You may specify the same archive file multiple times to
|
|
|
|
let the linker visit it more than once.
|
2016-03-15 03:53:52 +08:00
|
|
|
Or, you may use the special command line options, `--start-group` and `--end-group`,
|
2016-03-12 14:06:40 +08:00
|
|
|
to let the linker loop over the files between the options until
|
|
|
|
no new symbols are added to the set.
|
|
|
|
|
|
|
|
Visiting the same archive files multiple makes the linker slower.
|
|
|
|
|
2017-03-02 18:40:24 +08:00
|
|
|
Here is how LLD approaches the problem. Instead of memorizing only undefined symbols,
|
2016-03-12 14:06:40 +08:00
|
|
|
we program LLD so that it memorizes all symbols.
|
|
|
|
When it sees an undefined symbol that can be resolved by extracting an object file
|
|
|
|
from an archive file it previously visited, it immediately extracts the file and link it.
|
|
|
|
It is doable because LLD does not forget symbols it have seen in archive files.
|
|
|
|
|
|
|
|
We believe that the LLD's way is efficient and easy to justify.
|
|
|
|
|
|
|
|
The semantics of LLD's archive handling is different from the traditional Unix's.
|
|
|
|
You can observe it if you carefully craft archive files to exploit it.
|
|
|
|
However, in reality, we don't know any program that cannot link
|
2016-03-15 03:53:52 +08:00
|
|
|
with our algorithm so far, so it's not going to cause trouble.
|
2016-03-12 14:06:40 +08:00
|
|
|
|
2016-03-15 02:43:01 +08:00
|
|
|
Numbers You Want to Know
|
|
|
|
------------------------
|
|
|
|
|
|
|
|
To give you intuition about what kinds of data the linker is mainly working on,
|
2016-03-15 03:53:52 +08:00
|
|
|
I'll give you the list of objects and their numbers LLD has to read and process
|
|
|
|
in order to link a very large executable. In order to link Chrome with debug info,
|
|
|
|
which is roughly 2 GB in output size, LLD reads
|
2016-03-15 02:43:01 +08:00
|
|
|
|
2016-03-15 03:53:52 +08:00
|
|
|
- 17,000 files,
|
|
|
|
- 1,800,000 sections,
|
|
|
|
- 6,300,000 symbols, and
|
|
|
|
- 13,000,000 relocations.
|
2016-03-15 02:43:01 +08:00
|
|
|
|
2016-03-15 03:53:52 +08:00
|
|
|
LLD produces the 2 GB executable in 15 seconds.
|
2016-03-15 02:43:01 +08:00
|
|
|
|
|
|
|
These numbers vary depending on your program, but in general,
|
|
|
|
you have a lot of relocations and symbols for each file.
|
|
|
|
If your program is written in C++, symbol names are likely to be
|
|
|
|
pretty long because of name mangling.
|
|
|
|
|
|
|
|
It is important to not waste time on relocations and symbols.
|
|
|
|
|
|
|
|
In the above case, the total amount of symbol strings is 450 MB,
|
|
|
|
and inserting all of them to a hash table takes 1.5 seconds.
|
|
|
|
Therefore, if you causally add a hash table lookup for each symbol,
|
|
|
|
it would slow down the linker by 10%. So, don't do that.
|
|
|
|
|
|
|
|
On the other hand, you don't have to pursue efficiency
|
|
|
|
when handling files.
|
|
|
|
|
2017-01-22 11:28:56 +08:00
|
|
|
Important Data Structures
|
2016-03-12 14:06:40 +08:00
|
|
|
-------------------------
|
|
|
|
|
|
|
|
We will describe the key data structures in LLD in this section.
|
|
|
|
The linker can be understood as the interactions between them.
|
|
|
|
Once you understand their functions, the code of the linker should look obvious to you.
|
|
|
|
|
|
|
|
* SymbolBody
|
|
|
|
|
|
|
|
SymbolBody is a class to represent symbols.
|
|
|
|
They are created for symbols in object files or archive files.
|
|
|
|
The linker creates linker-defined symbols as well.
|
|
|
|
|
|
|
|
There are basically three types of SymbolBodies: Defined, Undefined, or Lazy.
|
|
|
|
|
|
|
|
- Defined symbols are for all symbols that are considered as "resolved",
|
|
|
|
including real defined symbols, COMDAT symbols, common symbols,
|
|
|
|
absolute symbols, linker-created symbols, etc.
|
|
|
|
- Undefined symbols represent undefined symbols, which need to be replaced by
|
|
|
|
Defined symbols by the resolver until the link is complete.
|
|
|
|
- Lazy symbols represent symbols we found in archive file headers
|
|
|
|
which can turn into Defined if we read archieve members.
|
|
|
|
|
|
|
|
* Symbol
|
|
|
|
|
ELF: New symbol table design.
This patch implements a new design for the symbol table that stores
SymbolBodies within a memory region of the Symbol object. Symbols are mutated
by constructing SymbolBodies in place over existing SymbolBodies, rather
than by mutating pointers. As mentioned in the initial proposal [1], this
memory layout helps reduce the cache miss rate by improving memory locality.
Performance numbers:
old(s) new(s)
Without debug info:
chrome 7.178 6.432 (-11.5%)
LLVMgold.so 0.505 0.502 (-0.5%)
clang 0.954 0.827 (-15.4%)
llvm-as 0.052 0.045 (-15.5%)
With debug info:
scylla 5.695 5.613 (-1.5%)
clang 14.396 14.143 (-1.8%)
Performance counter results show that the fewer required indirections is
indeed the cause of the improved performance. For example, when linking
chrome, stalled cycles decreases from 14,556,444,002 to 12,959,238,310, and
instructions per cycle increases from 0.78 to 0.83. We are also executing
many fewer instructions (15,516,401,933 down to 15,002,434,310), probably
because we spend less time allocating SymbolBodies.
The new mechanism by which symbols are added to the symbol table is by calling
add* functions on the SymbolTable.
In this patch, I handle local symbols by storing them inside "unparented"
SymbolBodies. This is suboptimal, but if we do want to try to avoid allocating
these SymbolBodies, we can probably do that separately.
I also removed a few members from the SymbolBody class that were only being
used to pass information from the input file to the symbol table.
This patch implements the new design for the ELF linker only. I intend to
prepare a similar patch for the COFF linker.
[1] http://lists.llvm.org/pipermail/llvm-dev/2016-April/098832.html
Differential Revision: http://reviews.llvm.org/D19752
llvm-svn: 268178
2016-05-01 12:55:03 +08:00
|
|
|
A Symbol is a container for a SymbolBody. There's only one Symbol for each
|
|
|
|
unique symbol name (this uniqueness is guaranteed by the symbol table).
|
|
|
|
Each global symbol has only one SymbolBody at any one time, which is
|
|
|
|
the SymbolBody stored within a memory region of the Symbol large enough
|
|
|
|
to store any SymbolBody.
|
|
|
|
|
|
|
|
As the resolver reads symbols from input files, it replaces the Symbol's
|
|
|
|
SymbolBody with the "best" SymbolBody for its symbol name by constructing
|
|
|
|
the new SymbolBody in place on top of the existing SymbolBody. For example,
|
|
|
|
if the resolver is given a defined symbol, and the SymbolBody with its name
|
|
|
|
is undefined, it will construct a Defined SymbolBody over the Undefined
|
|
|
|
SymbolBody.
|
|
|
|
|
|
|
|
This means that each SymbolBody pointer always points to the best SymbolBody,
|
|
|
|
and it is possible to get from a SymbolBody to a Symbol, or vice versa,
|
|
|
|
by adding or subtracting a fixed offset. This memory layout helps reduce
|
|
|
|
the cache miss rate through high locality and a small number of required
|
|
|
|
pointer indirections.
|
2016-03-12 14:06:40 +08:00
|
|
|
|
|
|
|
* SymbolTable
|
|
|
|
|
|
|
|
SymbolTable is basically a hash table from strings to Symbols
|
2017-03-02 18:40:24 +08:00
|
|
|
with logic to resolve symbol conflicts. It resolves conflicts by symbol type.
|
2016-03-12 14:06:40 +08:00
|
|
|
|
2016-03-15 03:53:52 +08:00
|
|
|
- If we add Defined and Undefined symbols, the symbol table will keep the former.
|
2016-03-12 14:06:40 +08:00
|
|
|
- If we add Defined and Lazy symbols, it will keep the former.
|
|
|
|
- If we add Lazy and Undefined, it will keep the former,
|
|
|
|
but it will also trigger the Lazy symbol to load the archive member
|
|
|
|
to actually resolve the symbol.
|
|
|
|
|
|
|
|
* Chunk (COFF specific)
|
|
|
|
|
|
|
|
Chunk represents a chunk of data that will occupy space in an output.
|
|
|
|
Each regular section becomes a chunk.
|
|
|
|
Chunks created for common or BSS symbols are not backed by sections.
|
|
|
|
The linker may create chunks to append additional data to an output as well.
|
|
|
|
|
|
|
|
Chunks know about their size, how to copy their data to mmap'ed outputs,
|
|
|
|
and how to apply relocations to them.
|
|
|
|
Specifically, section-based chunks know how to read relocation tables
|
|
|
|
and how to apply them.
|
|
|
|
|
|
|
|
* InputSection (ELF specific)
|
|
|
|
|
|
|
|
Since we have less synthesized data for ELF, we don't abstract slices of
|
|
|
|
input files as Chunks for ELF. Instead, we directly use the input section
|
|
|
|
as an internal data type.
|
|
|
|
|
|
|
|
InputSection knows about their size and how to copy themselves to
|
|
|
|
mmap'ed outputs, just like COFF Chunks.
|
|
|
|
|
|
|
|
* OutputSection
|
|
|
|
|
|
|
|
OutputSection is a container of InputSections (ELF) or Chunks (COFF).
|
|
|
|
An InputSection or Chunk belongs to at most one OutputSection.
|
|
|
|
|
|
|
|
There are mainly three actors in this linker.
|
|
|
|
|
|
|
|
* InputFile
|
|
|
|
|
|
|
|
InputFile is a superclass of file readers.
|
|
|
|
We have a different subclass for each input file type,
|
|
|
|
such as regular object file, archive file, etc.
|
|
|
|
They are responsible for creating and owning SymbolBodies and
|
|
|
|
InputSections/Chunks.
|
|
|
|
|
|
|
|
* Writer
|
|
|
|
|
|
|
|
The writer is responsible for writing file headers and InputSections/Chunks to a file.
|
|
|
|
It creates OutputSections, put all InputSections/Chunks into them,
|
|
|
|
assign unique, non-overlapping addresses and file offsets to them,
|
|
|
|
and then write them down to a file.
|
|
|
|
|
|
|
|
* Driver
|
|
|
|
|
2017-03-02 18:40:24 +08:00
|
|
|
The linking process is driven by the driver. The driver:
|
2016-03-12 14:06:40 +08:00
|
|
|
|
|
|
|
- processes command line options,
|
|
|
|
- creates a symbol table,
|
2017-03-02 18:40:24 +08:00
|
|
|
- creates an InputFile for each input file and puts all symbols within into the symbol table,
|
2016-03-12 14:06:40 +08:00
|
|
|
- checks if there's no remaining undefined symbols,
|
|
|
|
- creates a writer,
|
|
|
|
- and passes the symbol table to the writer to write the result to a file.
|
|
|
|
|
|
|
|
Link-Time Optimization
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
LTO is implemented by handling LLVM bitcode files as object files.
|
|
|
|
The linker resolves symbols in bitcode files normally. If all symbols
|
2016-03-23 04:58:15 +08:00
|
|
|
are successfully resolved, it then runs LLVM passes
|
2016-03-12 14:06:40 +08:00
|
|
|
with all bitcode files to convert them to one big regular ELF/COFF file.
|
|
|
|
Finally, the linker replaces bitcode symbols with ELF/COFF symbols,
|
2016-03-15 03:53:52 +08:00
|
|
|
so that they are linked as if they were in the native format from the beginning.
|
2016-03-12 14:06:40 +08:00
|
|
|
|
|
|
|
The details are described in this document.
|
|
|
|
http://llvm.org/docs/LinkTimeOptimization.html
|
|
|
|
|
|
|
|
Glossary
|
|
|
|
--------
|
|
|
|
|
|
|
|
* RVA (COFF)
|
|
|
|
|
|
|
|
Short for Relative Virtual Address.
|
|
|
|
|
|
|
|
Windows executables or DLLs are not position-independent; they are
|
|
|
|
linked against a fixed address called an image base. RVAs are
|
|
|
|
offsets from an image base.
|
|
|
|
|
|
|
|
Default image bases are 0x140000000 for executables and 0x18000000
|
|
|
|
for DLLs. For example, when we are creating an executable, we assume
|
|
|
|
that the executable will be loaded at address 0x140000000 by the
|
|
|
|
loader, so we apply relocations accordingly. Result texts and data
|
|
|
|
will contain raw absolute addresses.
|
|
|
|
|
|
|
|
* VA
|
|
|
|
|
|
|
|
Short for Virtual Address. For COFF, it is equivalent to RVA + image base.
|
|
|
|
|
|
|
|
* Base relocations (COFF)
|
|
|
|
|
|
|
|
Relocation information for the loader. If the loader decides to map
|
|
|
|
an executable or a DLL to a different address than their image
|
|
|
|
bases, it fixes up binaries using information contained in the base
|
|
|
|
relocation table. A base relocation table consists of a list of
|
|
|
|
locations containing addresses. The loader adds a difference between
|
|
|
|
RVA and actual load address to all locations listed there.
|
|
|
|
|
|
|
|
Note that this run-time relocation mechanism is much simpler than ELF.
|
|
|
|
There's no PLT or GOT. Images are relocated as a whole just
|
|
|
|
by shifting entire images in memory by some offsets. Although doing
|
|
|
|
this breaks text sharing, I think this mechanism is not actually bad
|
|
|
|
on today's computers.
|
|
|
|
|
|
|
|
* ICF
|
|
|
|
|
|
|
|
Short for Identical COMDAT Folding (COFF) or Identical Code Folding (ELF).
|
|
|
|
|
|
|
|
ICF is an optimization to reduce output size by merging read-only sections
|
|
|
|
by not only their names but by their contents. If two read-only sections
|
|
|
|
happen to have the same metadata, actual contents and relocations,
|
|
|
|
they are merged by ICF. It is known as an effective technique,
|
|
|
|
and it usually reduces C++ program's size by a few percent or more.
|
|
|
|
|
|
|
|
Note that this is not entirely sound optimization. C/C++ require
|
|
|
|
different functions have different addresses. If a program depends on
|
|
|
|
that property, it would fail at runtime.
|
|
|
|
|
|
|
|
On Windows, that's not really an issue because MSVC link.exe enabled
|
|
|
|
the optimization by default. As long as your program works
|
|
|
|
with the linker's default settings, your program should be safe with ICF.
|
|
|
|
|
|
|
|
On Unix, your program is generally not guaranteed to be safe with ICF,
|
|
|
|
although large programs happen to work correctly.
|
|
|
|
LLD works fine with ICF for example.
|