Mauerer runapp05.tex V1 - 09/04/2008 6:13pm Page 1263Appendix E: The ELF Binary Format
Theobjdumptool does not show the argument of thecallstatement on the right
side, but it automatically recognizes that a relocation entry refers to the
corresponding memory position (which is why this information is inserted).As the relocation table shows, relocation position 46 is anaddfunction call.00000046 00000702 R_386_PC32 00000000 addBecause the sections of the binary file are moved to their final position in memory before relocation takes
place, the position ofaddin memory is already known. For example, ifaddis positioned at 0x08048388,
themainfunction should be at position 0x080483a2 — this means that the relocation position to which
the relocation result is to be written is at 0x80483ce.The relocation result is computed by applying the formula for PC-relative relocation:Result=S−P+A= 0 x 08048388 − 0 x 80483 ce+(−4)
= 134513544 − 134513614 − 4=− 74The result corresponds to the code in the executable filetest,ascanbeconfirmedusingobjdump.80483cd: e8 b6 ff ff ff call 8048388 <add>0xffffffb6 corresponds to the decimal number−74 (this can easily be checked, assuming that little endian
notation and 2’s complement notation are taken into account). The symbolic representation on the right
side of the output ofobjdumpdoes not show the relative branch address,butitconvertstherelative
address into an absolute value to make it easier for programmers to find the corresponding position in
the machine code.At first glance, the result appears to be incorrect. As you have already seen, the machine code of theadd
statement is 70 bytes (0x46), not 74 bytes,beforethe relocation position. The displacement by 4 bytes is
owing to the addend value. Why does the compiler set this value to -4 when generating the object file
test.oinstead of leaving it at 0? The reason has to do with the way in which IA-32 processors work.
The program counter always points to the statement thatfollowsthe statement currently executing — and
is therefore 4 bytes ‘‘too big‘‘if the processor computes the absolute branch address from the relative
address in the machine code. Consequently, the compiler must deduct 4 bytes from the relative branch
address to obtain the correct position in the program.Absolute relocations adopt the same scheme. However, computation is simpler because it is only neces-
sary to combine the destination address of the desired symbol with the addend value.E.2.6 Dynamic Linking
ELF files that must be linked dynamically with libraries in order to run are of little interest to the kernel.
All references in modules can be resolved by means of relocations while dynamic linking of userspace
programs is performed entirely byld.soin userspace. Therefore, this appendix only touches upon the
meaning of the dynamic sections.