fix(ebpf): support Go 1.26 pclntab where pcHeader.textStart is always zero#1
Closed
harveywong98 wants to merge 1 commit intocoroot:mainfrom
Closed
fix(ebpf): support Go 1.26 pclntab where pcHeader.textStart is always zero#1harveywong98 wants to merge 1 commit intocoroot:mainfrom
harveywong98 wants to merge 1 commit intocoroot:mainfrom
Conversation
… zero Go 1.26 changed the linker so that the textStart field in pcHeader (.gopclntab) is permanently set to zero on all platforms. Previously, ParseRuntimeTextFromPclntab18 read this field to determine the base address for functab PC offset calculations; it now always returns 0. The existing fallback (use .text section address) is correct for non-PIE Go binaries. This commit makes the fallback path explicit for Go 1.26+ by: 1. Adding isGo126OrLater() to detect binaries affected by the change. 2. Adding findRuntimeTextSymbol() to look up "runtime.text" from the ELF .symtab section, which is more precise than .text.Addr for edge cases. 3. Falling back to .text.Addr if the symbol is not found (e.g. stripped binaries). 4. Adding a Go 1.26 test ELF and a corresponding test case. Fixes inverted/corrupted flame graphs in coroot when profiling Go 1.26 applications.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
In Go 1.26, the linker no longer writes
pcHeader.textStartinto the.gopclntabheader (it is always zero). See the Go 1.26 linker release notes.The profiler previously relied on this field to locate the base address for
functabPC offset calculations:With Go 1.26,
textStartreads as0, so the profiler falls back to.text.Addr(the section start address). For pure Go binaries this is often coincidentally correct, but for CGO + external link binaries it is wrong:Using
.text.Addrinstead ofruntime.textshifts every resolved PC by the size of the C preamble, causing the entire flame graph to show wrong function names (consistently off by a fixed delta, not random noise).Fix
When
pcHeader.textStart == 0and the binary is Go 1.26+, look up theruntime.textsymbol from.symtaband use its value astextStart. Only fall back to.text.Addrif.symtabis missing (e.g. binary was stripped with-s).Two helpers are added to
MMapedElfFile:findRuntimeTextSymbol()— walks.symtab/.strtabto find theruntime.textsymbol valueisGo126OrLater()— detects Go 1.26+ binaries by checking pclntab magic0xFFFFFFF0/F1withtextStart == 0The modified
NewGoTable()flow:textStartfrom pclntab header (as before)textStart == 0andisGo126OrLater: tryfindRuntimeTextSymbol()0: fall back to.text.Addr(unchanged for Go ≤ 1.25 and stripped binaries)Impact
Fixes flame graph corruption for Go 1.26 CGO binaries. The fix is a no-op for:
.text.Addr == runtime.text-s): still falls back to.text.Addr, same as beforeTest
Added a test ELF binary (
testdata/elfs/go26) compiled with Go 1.26, verified thatfindRuntimeTextSymbol()returns the correctruntime.textvalue and that symbol resolution produces the expected function names.