In theory everything's visible to the compiler so it should be able to optimise it (it's a loop with no side effects and a non-constant condition so is UB if it doesn't terminate). Weirdly, at least looking at aarch64, Clang does inline everything but leaves the loop in with the result unused. Toy examples on godbolt.org are able to optimise it so there's something special, perhaps just the size, about this file.

I would ultimately like to share this code with TLS by passing it into _init_tls as well, which would make it no longer matter, but don't know what the ABI implications are of changing that. (Can we assume you're not mixing libc.a and crt1.o versions? Hopefully? Also _init_tls is a versioned non-private symbol but in libc_private.h so presumably we don't have to care about *other* users of the API?)

Might be, some additional application of const would help. E.g. the env arg to handle_irelocs can be const char *env[] and might be const char * const * env.

_init_tls is exported from user namespace FBSD_1.0, so changing its ABI would break the promise. You need to set it to other version.

Sure, we can assume that crt1.o and libc.a match at linking time, but we cannot assume that libc.so.7 matches crt1.o from binary at runtime.

Ah, we compile the file as gnu99 but that bit of UB was new in C11.

And ok, that should be fine here, it's guarded by checking _DYNAMIC, so long as we're sure no dynamic binaries ever called it.

It should be perfectly valid to compile all crt in c11 or newer mode. Perhaps as a second change?