Skip to content

arch/sim: replace macOS C++ constructor runtime hack with post-link patch#18886

Open
xiaoxiang781216 wants to merge 1 commit into
apache:masterfrom
xiaoxiang781216:macos
Open

arch/sim: replace macOS C++ constructor runtime hack with post-link patch#18886
xiaoxiang781216 wants to merge 1 commit into
apache:masterfrom
xiaoxiang781216:macos

Conversation

@xiaoxiang781216
Copy link
Copy Markdown
Contributor

@xiaoxiang781216 xiaoxiang781216 commented May 16, 2026

Summary

Replace the macOS sim C++ global constructor runtime hack (sim_macho_init.c)
with a post-link Mach-O section patching scheme so dyld no longer auto-runs
constructors before NuttX is initialized.

Impact

  • Area: arch/sim (macOS host only). Linux behavior is unchanged.

Testing

  • Build host: macOS (Ventura VM)
  • Target: sim:nsh with CONFIG_HAVE_CXX=y / CONFIG_HAVE_CXXINITIALIZE=y
  • Verified via standalone test (test_sinit7) that the C++ constructor is
    deferred past main() and is only invoked when explicitly called through
    the _sinit[]/_einit[] loop in lib_cxx_initialize().

Details

  1. Link with -Wl,-ld_classic,-no_fixup_chains to keep the classic
    __mod_init_func pointer format (prevents ld64 from converting it to
    __init_offsets).
  2. Post-link, run patch_macho_initsection.py (python3 + lief) to patch
    the Mach-O section type flags from MOD_INIT_FUNC_POINTERS /
    INIT_FUNC_OFFSETS to REGULAR, so dyld skips them.
  3. Use the Mach-O auto-generated boundary symbols
    section$start$__DATA_CONST$__mod_init_func /
    section$end$__DATA_CONST$__mod_init_func, mapped via __asm() labels in
    arch/sim/include/arch.h to the common _sinit[]/_einit[] names used
    by lib_cxx_initialize().
  4. Delete the old sim_macho_init.c runtime hack and the macOS-specific
    macho_call_saved_init_funcs() path in lib_cxx_initialize.c.

Dependency: pip install lief on the build host when
CONFIG_HAVE_CXXINITIALIZE=y.

Copilot AI review requested due to automatic review settings May 16, 2026 12:18
@github-actions github-actions Bot added Arch: simulator Issues related to the SIMulator Area: OS Components OS Components issues Size: M The size of the change in this PR is medium labels May 16, 2026
@xiaoxiang781216 xiaoxiang781216 mentioned this pull request May 16, 2026
Open
2 tasks
Copilot AI reviewed May 16, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR replaces the macOS simulator C++ constructor deferral mechanism with post-link Mach-O section patching, so dyld does not run constructors before NuttX initialization.

Changes:

  • Removes the old runtime Mach-O constructor interception path.
  • Adds macOS linker flags and post-build patching for Mach-O init sections.
  • Maps macOS Mach-O section boundary symbols to _sinit / _einit.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 7 comments.

Show a summary per file
File Description
libs/libc/misc/lib_cxx_initialize.c Uses the common _sinit / _einit constructor loop for macOS too.
arch/sim/src/sim/posix/sim_macho_init.c Removes the previous runtime constructor-saving hack.
arch/sim/src/sim/CMakeLists.txt Adds macOS link options and a post-build Mach-O patch command.
arch/sim/src/patch_macho_initsection.py Adds the LIEF-based Mach-O section type patcher.
arch/sim/src/Makefile Adds macOS linker flags and invokes the patcher in make builds.
arch/sim/include/arch.h Adds macOS-specific _sinit / _einit asm symbol mappings.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread arch/sim/src/Makefile Outdated
Comment thread arch/sim/src/sim/CMakeLists.txt
Comment thread arch/sim/include/arch.h
Comment thread arch/sim/src/Makefile Outdated
Comment thread arch/sim/src/sim/CMakeLists.txt
Comment thread arch/sim/src/patch_macho_initsection.py
Comment thread arch/sim/src/Makefile Outdated
@xiaoxiang781216 xiaoxiang781216 linked an issue May 16, 2026 that may be closed by this pull request
[FEATURE] mechanism to ensure the consistent locking order #15446
Open
1 task
@xiaoxiang781216 xiaoxiang781216 removed a link to an issue May 16, 2026
[FEATURE] mechanism to ensure the consistent locking order #15446
Open
1 task
@xiaoxiang781216 xiaoxiang781216 linked an issue May 16, 2026 that may be closed by this pull request
[BUG] our hack around __mod_init_func doesn't work for the latest macOS with chained fixups #15208
Open
1 task
@xiaoxiang781216 xiaoxiang781216 force-pushed the macos branch 2 times, most recently from 7ee85e0 to 0f309e2 Compare May 16, 2026 13:17
@xiaoxiang781216
arch/sim: replace macOS C++ constructor runtime hack with post-link p…
eae41ca 
…atch

The sim architecture needs to defer C++ global constructors until after
NuttX kernel initialization completes. On macOS this was previously done
via a runtime hack (sim_macho_init.c): a __attribute__((constructor))
function intercepted constructors, saved them, and replayed them later.
That approach was fragile because it depended on constructor ordering
and required mprotect() to patch the read-only __mod_init_func section
at runtime.

This commit replaces the runtime hack with a post-link patching scheme:

  1. Link with -Wl,-ld_classic,-no_fixup_chains to keep the classic
     __mod_init_func pointer format (prevents ld64 from converting it
     to __init_offsets).
  2. Post-link, run patch_macho_initsection.py (python3 + lief) to
     patch Mach-O section type flags from
     MOD_INIT_FUNC_POINTERS/INIT_FUNC_OFFSETS to REGULAR, so dyld
     skips them entirely.
  3. Use the Mach-O auto-generated boundary symbols
     section$start$__DATA_CONST$__mod_init_func /
     section$end$__DATA_CONST$__mod_init_func, mapped via __asm()
     labels in arch/sim/include/arch.h to the common _sinit[]/_einit[]
     names used by lib_cxx_initialize().

Linux behavior is unchanged.

Changes:
  - arch/sim/include/arch.h: add macOS __asm() declarations for
    _sinit/_einit
  - arch/sim/src/Makefile: drop sim_macho_init.c HEADSRC handling,
    always pass -ld_classic,-no_fixup_chains on macOS, run
    patch_macho_initsection.py after link when CONFIG_HAVE_CXXINITIALIZE
  - arch/sim/src/sim/CMakeLists.txt: same for the CMake build
  - arch/sim/src/patch_macho_initsection.py: new lief-based patcher
  - arch/sim/src/sim/posix/sim_macho_init.c: deleted (135-line hack)
  - libs/libc/misc/lib_cxx_initialize.c: remove
    macho_call_saved_init_funcs special case; single unified loop

Testing:
  - macOS (Ventura VM): verified lief patching with standalone test
    (test_sinit7) confirming the constructor is deferred past main()
    and only invoked when explicitly called via the _sinit/_einit loop.

Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
@toku-mac
Copy link
Copy Markdown

toku-mac commented May 16, 2026

Hello. Regarding arch/sim/src/sim/CMakeLists.txt.

  add_custom_command(
    TARGET nuttx
    POST_BUILD
    COMMAND
      ${Python3_EXECUTABLE}
      ${CMAKE_CURRENT_SOURCE_DIR}/../patch_macho_initsection.py
      $<TARGET_FILE:nuttx>
    COMMENT "Patching Mach-O init section type flags")
endif()

add_custom_command(TARGET ...) can only be used in the directory where the target was created.
Since the nuttx executable is created in the top-level CMakeLists.txt, attaching a POST_BUILD command to it from here would not work.
Please use a custom target hooked into nuttx_post instead.

  add_custom_target(
    sim_patch_macho_initsection ALL
    COMMAND
      ${Python3_EXECUTABLE}
      ${CMAKE_CURRENT_SOURCE_DIR}/../patch_macho_initsection.py
      $<TARGET_FILE:nuttx>
    DEPENDS nuttx
    COMMENT "Patching Mach-O init section type flags")
  add_dependencies(nuttx_post sim_patch_macho_initsection)
endif()

@toku-mac
Copy link
Copy Markdown

toku-mac commented May 16, 2026

about arch/sim/src/patch_macho_initsection.py.
On macOS 11 and later with Apple Silicon, binary re-signing is required.

Writing the file invalidates the ad-hoc signature that ld attached at link time, which causes the kernel to SIGKILL the process at exec.

import argparse
import subprocess
import sys

    if patched:
        fat.write(args.binary)

        if sys.platform == "darwin":
            subprocess.run(
                ["codesign", "--force", "--sign", "-", args.binary],
                check=True,
            )

    return 0

@toku-mac toku-mac mentioned this pull request May 16, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jerpelea jerpelea Awaiting requested review from jerpelea jerpelea is a code owner

@masayuki2009 masayuki2009 Awaiting requested review from masayuki2009 masayuki2009 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Arch: simulator Issues related to the SIMulator Area: OS Components OS Components issues Size: M The size of the change in this PR is medium

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] our hack around __mod_init_func doesn't work for the latest macOS with chained fixups

3 participants

@xiaoxiang781216 @toku-mac