巧妙使用链接描述文件?
对 我的回答描述了如何使用链接描述文件来制作类似 ctor 的函数列表 指出,最近的 GNU ld 对使用 -Wl,-T 将新部分移植到系统链接描述文件中的支持有了很大的改进。 ..
和 INSERT BEFORE
/INSERT AFTER
。这让我开始思考其他链接器脚本技巧。
对于网卡固件,我修改了链接器脚本以将固件的运行时模块分组在一起,以便它们全部位于可以位于 L1 缓存中的连续块中而不会发生冲突。为了清理落后者(我无法按 .o
分组),我在各个函数上使用了部分属性。性能计数器验证了它确实有效(将 L1 指令缓存未命中减少到几乎为零)。
您还使用链接器脚本完成了哪些其他巧妙的事情?
A great comment on my answer describing how to use linker scripts to make a ctor-like function list pointed out that recent GNU ld has much improved support for grafting new sections into system linker scripts with -Wl,-T...
and INSERT BEFORE
/INSERT AFTER
. This got me thinking about other linker script tricks.
For a network card firmware I modified the linker script to group together the runtime modules of the firmware so that they would all be in a contiguous block that could be in L1 cache without conflicts. To clean up stragglers (where I couldn't group by .o
) I used section attributes on individual functions. Performance counters verified that it actually worked (reduced L1 instruction cache misses to almost nothing).
What other clever things have you accomplished with linker scripts?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在某个平台上,出于我不会详细讨论的原因,我需要有一段可执行文件,可以在加载后丢弃它。现在不幸的是,取消可执行文件的内存映射是不可能的,所以我不得不诉诸链接器技巧。
我最终做的是引入可执行文件的一部分,其中别名为 bss。这样,假设我可以足够早地潜入一些代码,我可以将数据复制出来,重新初始化 bss,并且只要我的别名部分小于可执行文件的总 bss,就无需为该特权支付任何成本。有几个问题,我根本无法真正更改 crt,并且我可以注入代码的最早点仍然是在 tls 初始化(使用了一些 bss)之后,但没有什么是不可能解决的。
我仍然有点惊讶它的工作原理,我本以为 bss 是在加载所有程序部分后由 crt 初始化的。我还没有在任何可以访问加载程序或 crt 源的平台上尝试过它。
On a certain platform, for reasons I won't go into, I needed to have a section of executable which I could discard after load. Now unfortunately unmapping the memory for the executable was not possible so I was compelled to resort to linker trickery.
What I ended up doing was introducing a section of the executable which aliased the bss. That way, presuming I could sneak some code in early enough, I could copy the data out, reinitialize the bss, and so long as my aliased section was smaller than the total bss of the executable, paid no cost for the privilege. There are a couple of problems in that I couldn't really change the crt at all and the earliest point I could inject code was still after tls initialization (which used some bss), but nothing impossible to work around.
I'm still sort of surprised it worked, I would have thought that the bss was initialized by the crt after all the program sections were loaded. I haven't tried it on any platform where I have access to the loader or crt source.