elf: mode-based IRELATIVE handling with strict default + coverage

[jlinenkohl]

PR A Draft: Relocation IRELATIVE Modes + Coverage

Summary

This PR adds explicit and testable handling for R_X86_64_IRELATIVE relocations with a fail-fast default.

What Changed

• Added mode-based IRELATIVE handling:
  • StrictFail (default)
  • BestEffort (opt-in)
  • ExecuteResolver (opt-in)
• Added deterministic relocation test coverage for:
  • static control path
  • dynamic relocation success paths
  • strict-fail/default-policy behavior
  • fail-hard malformed relocation guard paths

Scope

Files in this PR:

• lib/tinykvm/common.hpp
• lib/tinykvm/machine.cpp
• lib/tinykvm/machine.hpp
• lib/tinykvm/machine_elf.cpp
• tests/unit/elf.cpp

Non-goals

• No .rela.plt enablement.
• No syscall/mmap/thread behavior changes.
• No unrelated loader refactors.

Why

Recompiling binaries with different linker/build options can reduce relocation surface in some cases, but that is not a complete operational strategy:

• TinyKVM should be able to handle externally produced binaries that we do not always control.
• Build-flag assumptions can drift across toolchains/targets over time.
• A runtime loader still needs deterministic behavior when relocation records are present.

The objective here is to make that runtime behavior explicit and safe: fail fast by default when correctness is uncertain, while preserving explicit opt-in modes for compatibility and experimentation.

How Silent Mis-relocation Could Happen (Before)

Before this policy was explicit and default-strict, unsupported or unresolved dynamic relocation paths could continue far enough to look like a successful load in permissive scenarios.

In practice, that can mean:

• an IRELATIVE entry exists but resolver handling is not enforced as a hard correctness gate
• relocation-derived addresses remain unresolved or are interpreted under the wrong assumptions
• the guest starts and only fails later when those addresses are used (for example, indirect call/jump or pointer-dependent path)

This is the "silent" part: failure appears late and indirect (for example, runtime crash/segfault) instead of at deterministic load-time validation.

This PR changes that by making the default behavior explicit StrictFail, adding clear opt-in alternatives, and extending fail-hard coverage for malformed/unsafe relocation inputs.

IFUNC/IRELATIVE Boundary

• This PR directly implements policy and execution handling for R_X86_64_IRELATIVE only.
• It does not claim full IFUNC support and does not enable .rela.plt in this change set.
• It does lay foundation pieces useful for future IFUNC work:
  • explicit relocation policy modes
  • deferred resolver execution plumbing
  • deterministic fail-hard validation coverage

Validation

• cd tests && bash ./run_unit_tests.sh -R test_basic
• cd tests && bash ./run_unit_tests.sh -R test_elf

Reviewer Ask

1. Is StrictFail the right default policy for IRELATIVE in current scope?
2. Is this change set sufficiently narrow and safe?
3. Is the IRELATIVE-only scope (with IFUNC explicitly out of scope here) clearly communicated?

Optional Context (if helpful)

• Behavior baseline: docs/elf_loader_contract_baseline.md
• Coverage matrix: docs/elf_relocation_test_matrix.md

[jlinenkohl]

Request for feedback (see reviewer ask section). PR 74 is standalone.