Mach-o dynamic Link (Lazy Bind mechanism)

From "Listening to Cloud Technology blog": http://blog.tingyun.com/web/article/detail/1347

Dynamic links

The simplest way to solve the problems of space wasting and updating is to separate the modules of the program from each other to form independent files instead of linking them statically. Simply put, you don't link the target files that make up the program until the program is running. In other words, the link process is deferred until the runtime, which is the dynamic link (linking) _ idea.

Delay binding (PLT)

Dynamic link performance is lower than static link, the main reason is that the dynamic link for both global and static data access to the complex got positioning, indirect addressing, the call to the module must first locate got, indirect jump, the program will slow down the speed of operation. Also, because dynamic linking is the work of linking at run time: When the program starts executing, the dynamic linker does a link work, the dynamic linker will search and load the shared objects needed, and then the symbolic query address relocation, this series of actions will slow down the program's startup speed.

The PLT is to optimize the dynamic link performance, the basic idea is that when the function is called to the first time to bind (symbol lookup, relocation), if not used, do not bind. This way, when the program executes, the function calls between the modules are not bind, but the dynamic linker is responsible for bind when it needs to be called. This can speed up the program's start-up.

Mach-o Lazy Bind

The Mach-o file is loaded by Dyld and does not determine where the specific address of each function is, but when the function is actually called through the Process Link table (Procedure linkage table), referred to as the PLT, for a lazybind.

Combine the analysis of Mach-o file with the debugging of code simple analysis.

The source code is as follows:

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101857671.png&filename=1.png "title=" Listen to Cloud Blog reference image "alt=" 1.png "style=" border:0px; Vertical-align:middle; "/>

Place breakpoints at two printf functions, respectively.

The first call of the printf function

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101907100.png&filename=2.png "title=" Listen to Cloud Blog reference image "alt=" 2.png "style=" border:0px; Vertical-align:middle; "/>

printf is called by Callq 0x100000f76 at the 0x100000f52 \<+34\> line.

After executing the CALLQ instruction, the code jumps here:

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101916486.png&filename=2-2.png "title=" Listen to Cloud Blog reference image "alt=" 2-2.png "style=" border:0px; Vertical-align:middle; "/>

Here the JMPQ to jump to 0x0000000100000f8c, this address is from-data,-la-symbol-ptr in the lazy symbol pointers obtained.

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101925548.png&filename=3.png "title=" Listen to Cloud Blog reference image "alt=" 3.png "style=" border:0px; Vertical-align:middle; "/>

The same value was obtained by viewing the address 0x100001010 at the lldb command.

Lazybind through the-stub-helper

Each symbol Stub in Mach-o may have one of the following two behaviors: jump to the instruction of the function, execute the function body, find the symbol of the function through the dynamic Dynamic Library linker, and then execute the function body

Looking at-stubs's section data, we found that only one function was printf.

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101939023.png&filename=4.png "title=" Listen to Cloud Blog reference image "alt=" 4.png "style=" border:0px; Vertical-align:middle; "/>

The data in this case is actually the JMPQ code seen above. After execution, the code jumps to such a snippet.

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101948138.png&filename=5.png "title=" Listen to Cloud Blog reference image "alt=" 5.png "style=" border:0px; Vertical-align:middle; "/>

This is where the Dyld-stubbinder function is called by-stub-helper to calculate the true address of the printf function. As can be seen from the following information, JMPQ 0x100000f7c, is the pressure as the parameter 0x0 (the function of the link when the number given) jump to the beginning of the section, call Binder (a piece of assembly code, the function is to calculate the specific function address, and call the printf function)

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209101957310.png&filename=6.png "title=" Listen to Cloud Blog reference image "alt=" 6.png "style=" border:0px; Vertical-align:middle; "/>

Call printf function for the second time

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209102012559.png&filename=7.png "title=" Listen to Cloud Blog reference image "alt=" 7.png "style=" border:0px; Vertical-align:middle; "/>

After executing the instruction, it is not the same as the first call to printf.

650) this.width=650; "Src=" http://blog.tingyun.com/dynamic/transitionResourcePath?key=image/ Forumimage20161209102021621.png&filename=8.png "title=" Listen to Cloud Blog reference picture "alt=" 8.png "class=" Last "style=" border:0px; Vertical-align:middle; "/>

Once again, look at the 0x100001010 memory value. It's been different for the first time, meaning that the value in-data,-la-symbol-ptr that points to the printf address has changed, pointing to the printf instructions.

This proves that the delay binding only occurs when the first call is made. The whole process is basically the same as the PLT and got in Linux, but the implementation code is different.

Refer to "Mac OS X and IOS Internals", "links, loading and libraries"

This article is from the "Listen to Cloud Technology blog" blog, make sure to keep this source http://tingyunblog.blog.51cto.com/12385276/1881854

Mach-o dynamic Link (Lazy Bind mechanism)