symbol-granularity trace output for ld and ldd?

symbol-granularity trace output for ld and ldd?

[Daniel S. Wilkerson]

We are doing whole-program static analysis of C and C++.  It works
very much like a C++ compiler except instead of compiling code it
computes various properties of it that someone might want to know
about, such as what data can flow to where.  This is handy for finding
remotely-exploitable security holes for example.

First we replace the system compiler, linker, etc. with scripts that
record their input and then call the real tool (see
build-interceptor.tigris.org).  Our scripts capture the .i files as
they go into the compiler and keep them around; they also pass extra
flags to the linker such as --trace to find out what the linker is
doing.

Then we take the captured .i files and run them through our analysis
tool.  Right now we are doing ok on the compiling part, but we are
having some trouble with linking.  We really do not want to
re-implement all of the subtleties of the ld linker and the dynamic
linker; it would be error-prone and a waste.  Instead we would rather
just ask the real linker what symbols it links to what and then do
what it says in our linker.  That is, our linker can "link" the
results of our analysis, but we don't want it to have to figure out
which symbols match up with which other symbols.

Using 'ld --trace' and 'ldd' only give us information at the file
granularity.  This is probably ok for static linking as we can sort of
figure things out; however for dynamic linking we have heard that
symbols can be loaded lazily and one at a time and multiple libraries
sometimes provide definitions for the same symbol.  It would be really
handy if there were a way to just get from the static and especially
the dynamic linkers exactly what symbols were linked to what.  Any
help is appreciated.

Daniel Wilkerson
http://www.cs.berkeley.edu/~dsw/

Re: symbol-granularity trace output for ld and ldd?

[Alan Modra]

On Mon, Jul 10, 2006 at 04:57:58PM -0700, Daniel S. Wilkerson wrote:
> It would be really
> handy if there were a way to just get from the static and especially
> the dynamic linkers exactly what symbols were linked to what.

It's a bit of work, but you can glean this info from a linker map and
LD_DEBUG=symbols ./program_under_test

-- 
Alan Modra
IBM OzLabs - Linux Technology Centre

Re: symbol-granularity trace output for ld and ldd?

[Daniel Jacobowitz]

On Tue, Jul 11, 2006 at 10:38:29AM +0930, Alan Modra wrote:
> On Mon, Jul 10, 2006 at 04:57:58PM -0700, Daniel S. Wilkerson wrote:
> > It would be really
> > handy if there were a way to just get from the static and especially
> > the dynamic linkers exactly what symbols were linked to what.
> 
> It's a bit of work, but you can glean this info from a linker map and
> LD_DEBUG=symbols ./program_under_test

If you're using glibc, LD_TRACE_LOADED_OBJECTS can be useful too.  It's
undocumented, but you can probably work out how it works, especially if
you poke around in the glibc or prelink sources.

-- 
Daniel Jacobowitz
CodeSourcery

Re: symbol-granularity trace output for ld and ldd?

[Andreas Schwab]

Daniel Jacobowitz <drow@false.org> writes:

> If you're using glibc, LD_TRACE_LOADED_OBJECTS can be useful too.

That's equivalent to using ldd.

Andreas.

-- 
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany
PGP key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: symbol-granularity trace output for ld and ldd?

[Daniel Jacobowitz]

On Tue, Jul 11, 2006 at 11:09:03AM +0200, Andreas Schwab wrote:
> Daniel Jacobowitz <drow@false.org> writes:
> 
> > If you're using glibc, LD_TRACE_LOADED_OBJECTS can be useful too.
> 
> That's equivalent to using ldd.

You're right, I misread.  You have to use LD_TRACE_PRELINKING= to get
symbol level details.

-- 
Daniel Jacobowitz
CodeSourcery