Abstract
Beneath the surface, software usually depends on complex linker behaviour to work as intended. Even linking <pre>hello_world.c</pre> is surprisingly involved, and systems software such as <pre>libc</pre> and operating system kernels rely on a host of linker features. But linking is poorly understood by working programmers and has largely been neglected by language researchers.
In this paper we survey the many use-cases that linkers support and the poorly specified linker speak by which they are controlled: metadata in object files, command-line options, and linker-script language. We provide the first validated formalisation of a realistic executable and linkable format (ELF), and capture aspects of the Application Binary Interfaces for four mainstream platforms (AArch64, AMD64, Power64, and IA32). Using these, we develop an executable specification of static linking, covering (among other things) enough to link small C programs (we use the example of bzip2) into a correctly running executable. We provide our specification in Lem and Isabelle/HOL forms. This is the first formal specification of mainstream linking. We have used the Isabelle/HOL version to prove a sample correctness property for one case of AMD64 ABI relocation, demonstrating that the specification supports formal proof, and as a first step towards the much more ambitious goal of verified linking. Our work should enable several novel strands of research, including linker-aware verified compilation and program analysis, and better languages for controlling linking.
- R. M. Amadio, N. Ayache, F. Bobot, J. B. Boender, B. Campbell, I. Garnier, A. Madet, J. McKinna, D. P. Mulligan, M. Piccolo, R. Pollack, Y. Régis-Gianas, C. Sacerdoti Coen, I. Stark, and P. Tranquilli. Certified complexity (CerCo). In Proceedings of the 3rd International Workshop on Foundational and Practical Aspects of Resource Analysis (FOPARA), pages 1– 18, 2014.Google Scholar
Cross Ref
- G. Balakrishnan and T. Reps. WYSINWYX: What You See Is Not What You eXecute. ACM Transactions on Programming Languages and Systems (TOPLAS), 32:1–84, 2010. Google Scholar
Digital Library
- G. Bracha and W. Cook. Mixin-based inheritance. In Proceedings of the European Conference on Object-Oriented Programming and Object-Oriented Programming Systems, Languages, and Applications (ECOOP/OOPSLA), pages 303– 311, 1990. Google Scholar
Digital Library
- H. Cannon. Flavors: a non-hierachical approach to objectoriented programming. Technical report, Symbolics Inc., 1982.Google Scholar
- L. Cardelli. Program fragments, linking, and modularization. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 266–277, 1997. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In Proceedings of the 37th annual ACM SIGPLANSIGACT symposium on Principles of Programming Languages (POPL), pages 93–106, 2010. Google Scholar
Digital Library
- F. DeRemer and H. Kron. Programming-in-the large versus programming-in-the-small. In Proceedings of the International Conference on Reliable Software, pages 114–121, 1975. Google Scholar
Digital Library
- U. Drepper. How to write shared libraries, December 2011. Available at http://www.akkadia.org/drepper/ dsohowto.pdf, retrieved 2015/11/19.Google Scholar
- S. Fagorzi and E. Zucca. A calculus of open modules: callby-need strategy and confluence. Mathematical Structures in Computer Science, 17:675–751, 2007. Google Scholar
Digital Library
- S. Flur, K. E. Gray, C. Pulte, S. Sarkar, A. Sezgin, L. Maranget, W. Deacon, and P. Sewell. Modelling the ARMv8 architecture, operationally: Concurrency and ISA. In Proceedings of the 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2016. Google Scholar
Digital Library
- A. C. J. Fox. Improved tool support for machine-code decompilation in HOL4. In Proceedings of the 6th International Conference on Interactive Theorem Proving (ITP), pages 187– 202, 2015.Google Scholar
Cross Ref
- R. A. Gingell, M. Lee, X. T. Dang, and M. S. Weeks. Shared libraries in SunOS. In Proceedings of the USENIX Summer Conference, pages 375–390, 1987.Google Scholar
- N. Glew and G. Morrisett. Type-safe linking and modular assembly language. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 250–261, 1999. Google Scholar
Digital Library
- GNU Project. ld, the GNU linker. Available at https://sourceware.org/binutils/docs/ld, retrieved on 2016/8/24.Google Scholar
- K. Gray, G. Kerneis, D. P. Mulligan, C. Pulte, S. Sarkar, and P. Sewell. An integrated concurrency and core-ISA architectural envelope definition, and test oracle, for IBM POWER multiprocessors. In Proceedings of the 48th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO 48), pages 635–646, 2015. Google Scholar
Digital Library
- IEEE POSIX Standard Committee. Standard portable operating system interface for computer environments. IEEE Standard 1003.1-1988, 1988. Google Scholar
Digital Library
- ISO WG21. Programming languages — C. ISO/IEC Standard 9899:2011, Dec. 2011. A non-final but recent version is available at http://www.open-std.org/JTC1/SC22/WG14/www/ docs/n1539.pdf, retrieved on 2016/8/24.Google Scholar
- J. Jelinek. RFC: ELF prelinker, 2001. Message to binutils mailing list, available at http://www.sourceware.org/ml/ binutils/2001-07/msg00057.html.Google Scholar
- J. Kang, Y. Kim, C.-K. Hur, D. Dreyer, and V. Vafeiadis. Lightweight verification of separate compilation. In Proceedings of the 43rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL). 2016. Google Scholar
Digital Library
- S. Kell. Towards a dynamic object model within Unix processes. In Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!), pages 224–239, 2015. Google Scholar
Digital Library
- A. Kennedy, N. Benton, J. B. Jensen, and P.-E. Dagand. Coq: The world’s best macro assembler? In Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming (PPDP), pages 13–24, 2013. Google Scholar
Digital Library
- R. Kumar, M. O. Myreen, M. Norrish, and S. Owens. CakeML: A verified implementation of ML. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 179–191, 2014. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107–115, 2009. Google Scholar
Digital Library
- J. R. Levine. Linkers and Loaders. Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 1st edition, 1999. Google Scholar
Digital Library
- Linux Foundation. The Linux Standard Base 5.0. http://refspecs.linuxfoundation.org/lsb.shtml as retrieved on 2016/8/24.Google Scholar
- E. Machkasova and F. A. Turbak. A calculus for link-time compilation. In Proceedings of the 9th European Symposium on Programming (ESOP), pages 260–274, 2000. Google Scholar
Digital Library
- J. S. Moore. Piton: A Mechanically Verified Assembly-Level Language. Springer, 1996. Google Scholar
Digital Library
- D. P. Mulligan, S. Owens, K. E. Gray, T. Ridge, and P. Sewell. Lem: reusable engineering of real-world semantics. In Proceedings of the 19th ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 175–188, 2014. Google Scholar
Digital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: intermediate language and tools for analysis and transformation of C programs. In Proceedings of the 11th International Conference on Compiler Construction (CC), pages 213–228, 2002. Google Scholar
Digital Library
- D. B. Orr, J. Bonn, J. Lepreau, and R. Mecklenburg. Fast and flexible shared libraries. In Proceedings of the USENIX Summer Conference, pages 237–251, 1993.Google Scholar
- E. Petrova. Veriflcation of the C0 Compiler Implementation on the Source Code Level. PhD thesis, 2007.Google Scholar
- A. Reid, M. Flatt, L. Stoller, J. Lepreau, and E. Eide. Knit: Component composition for systems software. In Proceedings of the 4th Conference on Symposium on Operating System Design and Implementation (OSDI), page 24, 2000. Google Scholar
Digital Library
- A. Serra, N. Navarro, and T. Cortes. DITools: applicationlevel support for dynamic extension and flexible composition. In Proceedings of the USENIX Annual Technical Conference, page 19, 2000. Google Scholar
Digital Library
- R. Shapiro, S. Bratus, and S. W. Smith. ‘Weird machines’ in ELF: A spotlight on the underappreciated metadata. In Proceedings of the 7th USENIX Workshop on Offensive Technologies (WOOT), page 11, 2013. Google Scholar
Digital Library
- Y. Smaragdakis. Layered development with (Unix) dynamic libraries. In C. Gacek, editor, Software Reuse: Methods, Techniques, and Tools, volume 2319 of Lecture Notes in Computer Science, pages 33–45. Springer Berlin Heidelberg, 2002. Google Scholar
Digital Library
- G. Stewart, L. Beringer, S. Cuellar, and A. W. Appel. Compositional CompCert. In Proceedings of the 47th ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL), pages 275–287, 2015. Google Scholar
Digital Library
- The CompCert Development Team. CompCert manual. Available at http://compcert.inria.fr/man/ as retrieved on 2016/8/24.Google Scholar
- The Santa Cruz Operation (SCO). System V Application Binary Interface, 10th June 2013. http://www.sco.com/ developers/gabi/latest/contents.html.Google Scholar
- J. Ševˇcík, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. CompCertTSO: a verified compiler for relaxed memory concurrency. Journal of the ACM, 60(22), 2013. Google Scholar
Digital Library
- P. Wang, S. Cuellar, and A. Chlipala. Compiler verification meets cross-language linking via data abstraction. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), pages 675–690, 2014. Google Scholar
Digital Library
- J. B. Wells and R. Vestergaard. Equational reasoning for linking with first-class primitive modules. In Proceedings of the 9th European Symposium on Programming (ESOP), pages 412–428, 2000. Google Scholar
Digital Library
Index Terms
The missing link: explaining ELF static linking, semantically
Recommendations
The missing link: explaining ELF static linking, semantically
OOPSLA 2016: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsBeneath the surface, software usually depends on complex linker behaviour to work as intended. Even linking <pre>hello_world.c</pre> is surprisingly involved, and systems software such as <pre>libc</pre> and operating system kernels rely on a host of ...
Linking Object-Z with Spec#
ICECCS '07: Proceedings of the 12th IEEE International Conference on Engineering Complex Computer SystemsFormal specifications have been a focus of software engineering research for many years and have been applied in a wide variety of settings. Their use in software engineering not only promotes high-level verification via theorem proving or model ...
A Formal Framework for ASTRAL Intralevel Proof Obligations
ASTRAL is a formal specification language for real-time systems. It is intended to support formal software development, and therefore has been formally defined. This paper focuses on how to formally prove the mathematical correctness of ASTRAL ...







Comments