Re: VAX addressing modes

To: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Subject: Re: VAX addressing modes
From: "Maciej W. Rozycki" <macro%linux-mips.org@localhost>
Date: Thu, 27 Jul 2017 17:06:12 +0100 (BST)

On Thu, 27 Jul 2017, Mouse wrote:

> But note the relocation was two instructions after the last case
> offset:
> 
>          5ca19: 14 d2       case -> 0x59c1b
>          5ca1b: 38 45       case -> 0x60f3f
>          5ca1d: 31 06 00    brw     0x5ca26
>          5ca20: 17 9f cf 76 jmp     *$000676cf
>                 06 00
>                         5ca22: R_VAX_RELATIVE   *ABS*+0x676cf
>          5ca26: dd 5a       pushl   r10
> 
> The relocation applies to the target of the jmp instruction, not to one
> of the case offsets.  (The jmp instruction can be is reached via one of
> the arms of the case, but that's not relevant to the relocation.)

 This is presumably a DSO, with PIC code and a dynamic relocation.

 This tells the dynamic loader to relocate the longword pointed, by the 
base address.  The *ABS* reference indicates that there is no symbol 
referred (the relocation's `ELF32_R_SYM' is 0 aka STN_UNDEF), so the 
calculation only involves the immediate addend (0x676cf).  Such a 
relocation is produced when a non-PC-relative local symbol reference 
requires calculation at dynamic load, in which case the symbol itself 
has already been reduced to a sum of the offset from the binary's VMA 
(virtual address aka link address) and any original addend.

 The base address, as per the ELF gABI, is the difference between the 
load address and the link address.  So if this binary has been linked at 
say 0x10000 and will be loaded at 0x10000000, then the base address will 
be 0xfff0000 and the final value of the field relocated: 0x676cf + 
0xfff0000 => 0x100576cf.

 The bug here is the relocation applies to text, which will trigger COW 
and defeat page sharing, which is one of the main purposes of using 
DSOs.  This would have been avoided if a proper PC-relative reference to 
the jump target has been used.  This looks like GCC choosing the wrong 
address mode (absolute rather than PC-relative) for the JMP instruction 
in PIC code, presumably produced as the distance required went went out 
of range of the unconditional branch (BR) instruction.

 Of course this relocation should still be handled correctly by the 
dynamic loader.

 HTH,

  Maciej

Follow-Ups:
- Re: VAX addressing modes
  - From: Martin Husemann

References:
- VAX addressing modes
  - From: Martin Husemann
- Re: VAX addressing modes
  - From: Johnny Billquist
- Re: VAX addressing modes
  - From: Martin Husemann
- Re: VAX addressing modes
  - From: Mouse
- Re: VAX addressing modes
  - From: Martin Husemann
- Re: VAX addressing modes
  - From: Mouse

Prev by Date: Re: VAX addressing modes
Next by Date: Re: VAX addressing modes
Previous by Thread: Re: VAX addressing modes
Next by Thread: Re: VAX addressing modes
Indexes:

Home | Main Index | Thread Index | Old Index