Find functions names in .init_array section in unstripped library

Question

Is it possible to find out all instances of static initialization in a elf dynamic library. I can dump the array of function pointers in .init_array section via objdump command like this.

objdump -s -j .init_array <libname.so>

Is there a way to map these function pointers back to function names. I have unstripped library with debug symbols. I want to eliminate static initialization as much as possible to improve my library load time.

Answer 1

On x86-64, .init_array contains a list of 8-byte little-endian pointers to static initializers/constructors. The example below has 4 initializers with the addresses - 0x1160, 0x11a7, 0x1231 and 0x12bb:

$ objdump -s -j .init_array a.out

a.out:     file format elf64-x86-64

Contents of section .init_array:
 3d88 60110000 00000000 a7110000 00000000  `...............
 3d98 31120000 00000000 bb120000 00000000  1...............

You can find the initializer function by providing an address from .init_array to objdump. E.g. the address 0x11a7 points to the special function _GLOBAL__sub_I_a (static initializer for the global variable a):

$ objdump -S --start-address=0x11a7 a.out | head

a.out:     file format elf64-x86-64


Disassembly of section .text:

00000000000011a7 <_GLOBAL__sub_I_a>:
    11a7:       f3 0f 1e fa             endbr64
    11ab:       55                      push   %rbp
    11ac:       48 89 e5                mov    %rsp,%rbp