8

Does anyone know what the format of the data pointed to by the Mach-O LC_FUNCTION_STARTS command is?

The most information I could find is in the loader.h header file:

#define LC_FUNCTION_STARTS 0x26 /* compressed table of function start addresses */

I see the dyldinfo tool has a -function_starts option which analyzes this data and the tool is open source, but the latest released version of the tool doesn't contain the support:

http://opensource.apple.com/source/ld64/ld64-97.2/src/other/dyldinfo.cpp

Does anyone know where I can get the source for the latest version of dyldinfo, or where I can get more information on this load command?

Thanks!

Locksleyu
  • 5,192
  • 8
  • 52
  • 77
  • Update: I found the link to a newer version of dyldinfo: http://opensource.apple.com/source/ld64/ld64-127.2/src/other/dyldinfo.cpp. I always seem to find answers to my own questions as soon as I post them here (: – Locksleyu Mar 07 '12 at 13:38
  • 2
    A more important question - does the loader actually use this command and if so why? Doesn't it have sufficient information as to where the start() location is based on the exports ? – Locksleyu Mar 07 '12 at 13:41

2 Answers2

14

It's used by tools that need to symbolicate addresses in crash logs, samples, spindumps, etc. to determine if a given address falls inside a function. It could also be useful to debuggers to help them more quickly find the bounds of the function that a given address is within.

The data within this section is formatted as a zero-terminated sequence of DWARF-style ULEB128 values. The first value is the offset from the start of the __TEXT segment to the start of the first function. The remaining values is the offset to the start of the next function.

bdash
  • 18,110
  • 1
  • 59
  • 91
  • 5
    It's mostly useful for tools that need to operate on a stripped executable. For instance, a debugger that wants to do a stack walk needs to know where all the functions start in `__TEXT` so it can look at the prologue instructions and see how the stack was modified and where registers were saved. But in a stripped executable, the symbols for most of the functions are missing. The LC_FUNCTION_STARTS gives the debugger that information. – Jason Molenda Mar 14 '13 at 07:47
0

Since I haven't got any additional answers or comments in a few days I thought I might as well answer this myself. The solution is basically what I put in a comment above:

The newest version of dyldinfo is located here:

http://opensource.apple.com/source/ld64/ld64-127.2/src/other/dyldinfo.cpp

However I still never figured out exactly what the function starts are used for, if anyone has info on that I'd still appreciate it.

Locksleyu
  • 5,192
  • 8
  • 52
  • 77