(Created page with '= Static Library guideline changes = == Summary == Add the following as the second bullet point under Packaging:Guidelines#Packaging_Static_Libraries_2: * Static libraries ...') |
|
(No difference)
|
Revision as of 15:24, 6 October 2010
Static Library guideline changes
Summary
Add the following as the second bullet point under Packaging:Guidelines#Packaging_Static_Libraries_2:
- Static libraries (.a files) must be built as PIC objects.
Add the following section before Packaging:Guidelines#Staticly_Linking_Executables:
Building Static Libraries
Typically all that's needed to build a library PIC is to add -fPIC to CFLAGS, and checking that -fPIC is present on the compiler command lines is sufficient to determine that a library is PIC. If a library contains assembly code, adding -fPIC won't make the assembly magically become PIC; code changes will be necessary in this case.
Autotools-based projects can usually force PIC static libraries by configuring with --with-pic.
The remainder of this document is rationale and explanation, which are probably not appropriate for inclusion in the main guidelines but may be useful in a separate page linked from the above sections.
Definitions
PIC
Position-independent code (PIC) is machine instruction code that executes properly regardless of where in memory it resides. PIC is commonly used for shared libraries, so that the same library code can be loaded in a location in each program address space where it won't overlap any other uses of memory (for example, other shared libraries). Position-independent code can be copied to any memory location and executed without modification. This differs from relocatable code, which requires special processing by a link editor or program loader to make it suitable for execution at a given location. Position independent code must adhere to a specific set of semantics in the source code, and compiler support is required. Instructions that refer to specific memory addresses, such as absolute branches, must be replaced with equivalent program counter relative instructions.
PIE
Position-independent executables (PIE) are executable binaries made entirely from position-independent code. PIE binaries are used in Fedora to allow Exec Shield to use address space layout randomization to prevent attackers from knowing where existing executable code is during an exploit that relies on knowing the offset of the executable code in the binary, such as return-to-libc attacks.
Rationale
Some architectures (including i386, but not including x86_64) permit non-position-independent code. A static library may, through subsequent linking, be included in any of another static library, an application, or a shared library.
On architectures that permit it, non-PIC code comes with a tradeoff. Since the load address is assumed, the compiler has an additional register to use, which can be a - usually small - performance benefit. However, any otherwise relocatable object (shared library or PIE executable) that the non-PIC code is linked into will require text relocations. Text relocations impose a performance penalty on executable startup, and effectively make the code unshareable, thus negating the benefits of making the code into a shared library in the first place.
In general, it is preferable to err on the side of PIC. Text relocations are incompatible with some of the security measures in Fedora, and the performance benefit of actually being able to share your shared library code in memory outweighs any performance benefit from the additional register. Static libraries in particular should be built PIC, since if not their non-PIC-ness effectively poisons any shared libraries in which they are included.