2 @c Copyright 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998,
3 @c 2000, 2001, 2002, 2003, 2004, 2006, 2007
4 @c Free Software Foundation, Inc.
5 @setfilename bfdint.info
7 @settitle BFD Internals
11 @author{Ian Lance Taylor}
12 @author{Cygnus Solutions}
17 This file documents the internals of the BFD library.
19 Copyright @copyright{} 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995,
20 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2006, 2007
21 Free Software Foundation, Inc.
22 Contributed by Cygnus Support.
24 Permission is granted to copy, distribute and/or modify this document
25 under the terms of the GNU Free Documentation License, Version 1.1 or
26 any later version published by the Free Software Foundation; with the
27 Invariant Sections being ``GNU General Public License'' and ``Funding
28 Free Software'', the Front-Cover texts being (a) (see below), and with
29 the Back-Cover Texts being (b) (see below). A copy of the license is
30 included in the section entitled ``GNU Free Documentation License''.
32 (a) The FSF's Front-Cover Text is:
36 (b) The FSF's Back-Cover Text is:
38 You have freedom to copy and modify this GNU Manual, like GNU
39 software. Copies published by the Free Software Foundation raise
40 funds for GNU development.
48 This document describes some BFD internal information which may be
49 helpful when working on BFD. It is very incomplete.
51 This document is not updated regularly, and may be out of date.
53 The initial version of this document was written by Ian Lance Taylor
54 @email{ian@@cygnus.com}.
57 * BFD overview:: BFD overview
58 * BFD guidelines:: BFD programming guidelines
59 * BFD target vector:: BFD target vector
60 * BFD generated files:: BFD generated files
61 * BFD multiple compilations:: Files compiled multiple times in BFD
62 * BFD relocation handling:: BFD relocation handling
63 * BFD ELF support:: BFD ELF support
64 * BFD glossary:: Glossary
71 BFD is a library which provides a single interface to read and write
72 object files, executables, archive files, and core files in any format.
75 * BFD library interfaces:: BFD library interfaces
76 * BFD library users:: BFD library users
77 * BFD view:: The BFD view of a file
78 * BFD blindness:: BFD loses information
81 @node BFD library interfaces
82 @subsection BFD library interfaces
84 One way to look at the BFD library is to divide it into four parts by
87 The first interface is the set of generic functions which programs using
88 the BFD library will call. These generic function normally translate
89 directly or indirectly into calls to routines which are specific to a
90 particular object file format. Many of these generic functions are
91 actually defined as macros in @file{bfd.h}. These functions comprise
92 the official BFD interface.
94 The second interface is the set of functions which appear in the target
95 vectors. This is the bulk of the code in BFD. A target vector is a set
96 of function pointers specific to a particular object file format. The
97 target vector is used to implement the generic BFD functions. These
98 functions are always called through the target vector, and are never
99 called directly. The target vector is described in detail in @ref{BFD
100 target vector}. The set of functions which appear in a particular
101 target vector is often referred to as a BFD backend.
103 The third interface is a set of oddball functions which are typically
104 specific to a particular object file format, are not generic functions,
105 and are called from outside of the BFD library. These are used as hooks
106 by the linker and the assembler when a particular object file format
107 requires some action which the BFD generic interface does not provide.
108 These functions are typically declared in @file{bfd.h}, but in many
109 cases they are only provided when BFD is configured with support for a
110 particular object file format. These functions live in a grey area, and
111 are not really part of the official BFD interface.
113 The fourth interface is the set of BFD support functions which are
114 called by the other BFD functions. These manage issues like memory
115 allocation, error handling, file access, hash tables, swapping, and the
116 like. These functions are never called from outside of the BFD library.
118 @node BFD library users
119 @subsection BFD library users
121 Another way to look at the BFD library is to divide it into three parts
122 by the manner in which it is used.
124 The first use is to read an object file. The object file readers are
125 programs like @samp{gdb}, @samp{nm}, @samp{objdump}, and @samp{objcopy}.
126 These programs use BFD to view an object file in a generic form. The
127 official BFD interface is normally fully adequate for these programs.
129 The second use is to write an object file. The object file writers are
130 programs like @samp{gas} and @samp{objcopy}. These programs use BFD to
131 create an object file. The official BFD interface is normally adequate
132 for these programs, but for some object file formats the assembler needs
133 some additional hooks in order to set particular flags or other
134 information. The official BFD interface includes functions to copy
135 private information from one object file to another, and these functions
136 are used by @samp{objcopy} to avoid information loss.
138 The third use is to link object files. There is only one object file
139 linker, @samp{ld}. Originally, @samp{ld} was an object file reader and
140 an object file writer, and it did the link operation using the generic
141 BFD structures. However, this turned out to be too slow and too memory
144 The official BFD linker functions were written to permit specific BFD
145 backends to perform the link without translating through the generic
146 structures, in the normal case where all the input files and output file
147 have the same object file format. Not all of the backends currently
148 implement the new interface, and there are default linking functions
149 within BFD which use the generic structures and which work with all
152 For several object file formats the linker needs additional hooks which
153 are not provided by the official BFD interface, particularly for dynamic
154 linking support. These functions are typically called from the linker
158 @subsection The BFD view of a file
160 BFD uses generic structures to manage information. It translates data
161 into the generic form when reading files, and out of the generic form
164 BFD describes a file as a pointer to the @samp{bfd} type. A @samp{bfd}
165 is composed of the following elements. The BFD information can be
166 displayed using the @samp{objdump} program with various options.
169 @item general information
170 The object file format, a few general flags, the start address.
172 The architecture, including both a general processor type (m68k, MIPS
173 etc.) and a specific machine number (m68000, R4000, etc.).
180 BFD represents a section as a pointer to the @samp{asection} type. Each
181 section has a name and a size. Most sections also have an associated
182 block of data, known as the section contents. Sections also have
183 associated flags, a virtual memory address, a load memory address, a
184 required alignment, a list of relocations, and other miscellaneous
187 BFD represents a relocation as a pointer to the @samp{arelent} type. A
188 relocation describes an action which the linker must take to modify the
189 section contents. Relocations have a symbol, an address, an addend, and
190 a pointer to a howto structure which describes how to perform the
191 relocation. For more information, see @ref{BFD relocation handling}.
193 BFD represents a symbol as a pointer to the @samp{asymbol} type. A
194 symbol has a name, a pointer to a section, an offset within that
195 section, and some flags.
197 Archive files do not have any sections or symbols. Instead, BFD
198 represents an archive file as a file which contains a list of
199 @samp{bfd}s. BFD also provides access to the archive symbol map, as a
200 list of symbol names. BFD provides a function to return the @samp{bfd}
201 within the archive which corresponds to a particular entry in the
205 @subsection BFD loses information
207 Most object file formats have information which BFD can not represent in
208 its generic form, at least as currently defined.
210 There is often explicit information which BFD can not represent. For
211 example, the COFF version stamp, or the ELF program segments. BFD
212 provides special hooks to handle this information when copying,
213 printing, or linking an object file. The BFD support for a particular
214 object file format will normally store this information in private data
215 and handle it using the special hooks.
217 In some cases there is also implicit information which BFD can not
218 represent. For example, the MIPS processor distinguishes small and
219 large symbols, and requires that all small symbols be within 32K of the
220 GP register. This means that the MIPS assembler must be able to mark
221 variables as either small or large, and the MIPS linker must know to put
222 small symbols within range of the GP register. Since BFD can not
223 represent this information, this means that the assembler and linker
224 must have information that is specific to a particular object file
225 format which is outside of the BFD library.
227 This loss of information indicates areas where the BFD paradigm breaks
228 down. It is not actually possible to represent the myriad differences
229 among object file formats using a single generic interface, at least not
230 in the manner which BFD does it today.
232 Nevertheless, the BFD library does greatly simplify the task of dealing
233 with object files, and particular problems caused by information loss
234 can normally be solved using some sort of relatively constrained hook
240 @section BFD programming guidelines
241 @cindex bfd programming guidelines
242 @cindex programming guidelines for bfd
243 @cindex guidelines, bfd programming
245 There is a lot of poorly written and confusing code in BFD. New BFD
246 code should be written to a higher standard. Merely because some BFD
247 code is written in a particular manner does not mean that you should
250 Here are some general BFD programming guidelines:
254 Follow the GNU coding standards.
257 Avoid global variables. We ideally want BFD to be fully reentrant, so
258 that it can be used in multiple threads. All uses of global or static
259 variables interfere with that. Initialized constant variables are OK,
260 and they should be explicitly marked with @samp{const}. Instead of global
261 variables, use data attached to a BFD or to a linker hash table.
264 All externally visible functions should have names which start with
265 @samp{bfd_}. All such functions should be declared in some header file,
266 typically @file{bfd.h}. See, for example, the various declarations near
267 the end of @file{bfd-in.h}, which mostly declare functions required by
268 specific linker emulations.
271 All functions which need to be visible from one file to another within
272 BFD, but should not be visible outside of BFD, should start with
273 @samp{_bfd_}. Although external names beginning with @samp{_} are
274 prohibited by the ANSI standard, in practice this usage will always
275 work, and it is required by the GNU coding standards.
278 Always remember that people can compile using @samp{--enable-targets} to
279 build several, or all, targets at once. It must be possible to link
280 together the files for all targets.
283 BFD code should compile with few or no warnings using @samp{gcc -Wall}.
284 Some warnings are OK, like the absence of certain function declarations
285 which may or may not be declared in system header files. Warnings about
286 ambiguous expressions and the like should always be fixed.
289 @node BFD target vector
290 @section BFD target vector
291 @cindex bfd target vector
292 @cindex target vector in bfd
294 BFD supports multiple object file formats by using the @dfn{target
295 vector}. This is simply a set of function pointers which implement
296 behaviour that is specific to a particular object file format.
298 In this section I list all of the entries in the target vector and
299 describe what they do.
302 * BFD target vector miscellaneous:: Miscellaneous constants
303 * BFD target vector swap:: Swapping functions
304 * BFD target vector format:: Format type dependent functions
305 * BFD_JUMP_TABLE macros:: BFD_JUMP_TABLE macros
306 * BFD target vector generic:: Generic functions
307 * BFD target vector copy:: Copy functions
308 * BFD target vector core:: Core file support functions
309 * BFD target vector archive:: Archive functions
310 * BFD target vector symbols:: Symbol table functions
311 * BFD target vector relocs:: Relocation support
312 * BFD target vector write:: Output functions
313 * BFD target vector link:: Linker functions
314 * BFD target vector dynamic:: Dynamic linking information functions
317 @node BFD target vector miscellaneous
318 @subsection Miscellaneous constants
320 The target vector starts with a set of constants.
324 The name of the target vector. This is an arbitrary string. This is
325 how the target vector is named in command line options for tools which
326 use BFD, such as the @samp{--oformat} linker option.
329 A general description of the type of target. The following flavours are
333 @item bfd_target_unknown_flavour
334 Undefined or unknown.
335 @item bfd_target_aout_flavour
337 @item bfd_target_coff_flavour
339 @item bfd_target_ecoff_flavour
341 @item bfd_target_elf_flavour
343 @item bfd_target_ieee_flavour
345 @item bfd_target_nlm_flavour
347 @item bfd_target_oasys_flavour
349 @item bfd_target_tekhex_flavour
350 Tektronix hex format.
351 @item bfd_target_srec_flavour
352 Motorola S-record format.
353 @item bfd_target_ihex_flavour
355 @item bfd_target_som_flavour
357 @item bfd_target_os9k_flavour
359 @item bfd_target_versados_flavour
361 @item bfd_target_msdos_flavour
363 @item bfd_target_evax_flavour
365 @item bfd_target_mmo_flavour
366 Donald Knuth's MMIXware object format.
370 The byte order of data in the object file. One of
371 @samp{BFD_ENDIAN_BIG}, @samp{BFD_ENDIAN_LITTLE}, or
372 @samp{BFD_ENDIAN_UNKNOWN}. The latter would be used for a format such
373 as S-records which do not record the architecture of the data.
375 @item header_byteorder
376 The byte order of header information in the object file. Normally the
377 same as the @samp{byteorder} field, but there are certain cases where it
381 Flags which may appear in the @samp{flags} field of a BFD with this
385 Flags which may appear in the @samp{flags} field of a section within a
386 BFD with this format.
388 @item symbol_leading_char
389 A character which the C compiler normally puts before a symbol. For
390 example, an a.out compiler will typically generate the symbol
391 @samp{_foo} for a function named @samp{foo} in the C source, in which
392 case this field would be @samp{_}. If there is no such character, this
393 field will be @samp{0}.
396 The padding character to use at the end of an archive name. Normally
400 The maximum length of a short name in an archive. Normally @samp{14}.
403 A pointer to constant backend data. This is used by backends to store
404 whatever additional information they need to distinguish similar target
405 vectors which use the same sets of functions.
408 @node BFD target vector swap
409 @subsection Swapping functions
411 Every target vector has function pointers used for swapping information
412 in and out of the target representation. There are two sets of
413 functions: one for data information, and one for header information.
414 Each set has three sizes: 64-bit, 32-bit, and 16-bit. Each size has
415 three actual functions: put, get unsigned, and get signed.
417 These 18 functions are used to convert data between the host and target
420 @node BFD target vector format
421 @subsection Format type dependent functions
423 Every target vector has three arrays of function pointers which are
424 indexed by the BFD format type. The BFD format types are as follows:
428 Unknown format. Not used for anything useful.
437 The three arrays of function pointers are as follows:
440 @item bfd_check_format
441 Check whether the BFD is of a particular format (object file, archive
442 file, or core file) corresponding to this target vector. This is called
443 by the @samp{bfd_check_format} function when examining an existing BFD.
444 If the BFD matches the desired format, this function will initialize any
445 format specific information such as the @samp{tdata} field of the BFD.
446 This function must be called before any other BFD target vector function
447 on a file opened for reading.
450 Set the format of a BFD which was created for output. This is called by
451 the @samp{bfd_set_format} function after creating the BFD with a
452 function such as @samp{bfd_openw}. This function will initialize format
453 specific information required to write out an object file or whatever of
454 the given format. This function must be called before any other BFD
455 target vector function on a file opened for writing.
457 @item bfd_write_contents
458 Write out the contents of the BFD in the given format. This is called
459 by @samp{bfd_close} function for a BFD opened for writing. This really
460 should not be an array selected by format type, as the
461 @samp{bfd_set_format} function provides all the required information.
462 In fact, BFD will fail if a different format is used when calling
463 through the @samp{bfd_set_format} and the @samp{bfd_write_contents}
464 arrays; fortunately, since @samp{bfd_close} gets it right, this is a
465 difficult error to make.
468 @node BFD_JUMP_TABLE macros
469 @subsection @samp{BFD_JUMP_TABLE} macros
470 @cindex @samp{BFD_JUMP_TABLE}
472 Most target vectors are defined using @samp{BFD_JUMP_TABLE} macros.
473 These macros take a single argument, which is a prefix applied to a set
474 of functions. The macros are then used to initialize the fields in the
477 For example, the @samp{BFD_JUMP_TABLE_RELOCS} macro defines three
478 functions: @samp{_get_reloc_upper_bound}, @samp{_canonicalize_reloc},
479 and @samp{_bfd_reloc_type_lookup}. A reference like
480 @samp{BFD_JUMP_TABLE_RELOCS (foo)} will expand into three functions
481 prefixed with @samp{foo}: @samp{foo_get_reloc_upper_bound}, etc. The
482 @samp{BFD_JUMP_TABLE_RELOCS} macro will be placed such that those three
483 functions initialize the appropriate fields in the BFD target vector.
485 This is done because it turns out that many different target vectors can
486 share certain classes of functions. For example, archives are similar
487 on most platforms, so most target vectors can use the same archive
488 functions. Those target vectors all use @samp{BFD_JUMP_TABLE_ARCHIVE}
489 with the same argument, calling a set of functions which is defined in
492 Each of the @samp{BFD_JUMP_TABLE} macros is mentioned below along with
493 the description of the function pointers which it defines. The function
494 pointers will be described using the name without the prefix which the
495 @samp{BFD_JUMP_TABLE} macro defines. This name is normally the same as
496 the name of the field in the target vector structure. Any differences
499 @node BFD target vector generic
500 @subsection Generic functions
501 @cindex @samp{BFD_JUMP_TABLE_GENERIC}
503 The @samp{BFD_JUMP_TABLE_GENERIC} macro is used for some catch all
504 functions which don't easily fit into other categories.
507 @item _close_and_cleanup
508 Free any target specific information associated with the BFD. This is
509 called when any BFD is closed (the @samp{bfd_write_contents} function
510 mentioned earlier is only called for a BFD opened for writing). Most
511 targets use @samp{bfd_alloc} to allocate all target specific
512 information, and therefore don't have to do anything in this function.
513 This function pointer is typically set to
514 @samp{_bfd_generic_close_and_cleanup}, which simply returns true.
516 @item _bfd_free_cached_info
517 Free any cached information associated with the BFD which can be
518 recreated later if necessary. This is used to reduce the memory
519 consumption required by programs using BFD. This is normally called via
520 the @samp{bfd_free_cached_info} macro. It is used by the default
521 archive routines when computing the archive map. Most targets do not
522 do anything special for this entry point, and just set it to
523 @samp{_bfd_generic_free_cached_info}, which simply returns true.
525 @item _new_section_hook
526 This is called from @samp{bfd_make_section_anyway} whenever a new
527 section is created. Most targets use it to initialize section specific
528 information. This function is called whether or not the section
529 corresponds to an actual section in an actual BFD.
531 @item _get_section_contents
532 Get the contents of a section. This is called from
533 @samp{bfd_get_section_contents}. Most targets set this to
534 @samp{_bfd_generic_get_section_contents}, which does a @samp{bfd_seek}
535 based on the section's @samp{filepos} field and a @samp{bfd_bread}. The
536 corresponding field in the target vector is named
537 @samp{_bfd_get_section_contents}.
539 @item _get_section_contents_in_window
540 Set a @samp{bfd_window} to hold the contents of a section. This is
541 called from @samp{bfd_get_section_contents_in_window}. The
542 @samp{bfd_window} idea never really caught on, and I don't think this is
543 ever called. Pretty much all targets implement this as
544 @samp{bfd_generic_get_section_contents_in_window}, which uses
545 @samp{bfd_get_section_contents} to do the right thing. The
546 corresponding field in the target vector is named
547 @samp{_bfd_get_section_contents_in_window}.
550 @node BFD target vector copy
551 @subsection Copy functions
552 @cindex @samp{BFD_JUMP_TABLE_COPY}
554 The @samp{BFD_JUMP_TABLE_COPY} macro is used for functions which are
555 called when copying BFDs, and for a couple of functions which deal with
556 internal BFD information.
559 @item _bfd_copy_private_bfd_data
560 This is called when copying a BFD, via @samp{bfd_copy_private_bfd_data}.
561 If the input and output BFDs have the same format, this will copy any
562 private information over. This is called after all the section contents
563 have been written to the output file. Only a few targets do anything in
566 @item _bfd_merge_private_bfd_data
567 This is called when linking, via @samp{bfd_merge_private_bfd_data}. It
568 gives the backend linker code a chance to set any special flags in the
569 output file based on the contents of the input file. Only a few targets
570 do anything in this function.
572 @item _bfd_copy_private_section_data
573 This is similar to @samp{_bfd_copy_private_bfd_data}, but it is called
574 for each section, via @samp{bfd_copy_private_section_data}. This
575 function is called before any section contents have been written. Only
576 a few targets do anything in this function.
578 @item _bfd_copy_private_symbol_data
579 This is called via @samp{bfd_copy_private_symbol_data}, but I don't
580 think anything actually calls it. If it were defined, it could be used
581 to copy private symbol data from one BFD to another. However, most BFDs
582 store extra symbol information by allocating space which is larger than
583 the @samp{asymbol} structure and storing private information in the
584 extra space. Since @samp{objcopy} and other programs copy symbol
585 information by copying pointers to @samp{asymbol} structures, the
586 private symbol information is automatically copied as well. Most
587 targets do not do anything in this function.
589 @item _bfd_set_private_flags
590 This is called via @samp{bfd_set_private_flags}. It is basically a hook
591 for the assembler to set magic information. For example, the PowerPC
592 ELF assembler uses it to set flags which appear in the e_flags field of
593 the ELF header. Most targets do not do anything in this function.
595 @item _bfd_print_private_bfd_data
596 This is called by @samp{objdump} when the @samp{-p} option is used. It
597 is called via @samp{bfd_print_private_data}. It prints any interesting
598 information about the BFD which can not be otherwise represented by BFD
599 and thus can not be printed by @samp{objdump}. Most targets do not do
600 anything in this function.
603 @node BFD target vector core
604 @subsection Core file support functions
605 @cindex @samp{BFD_JUMP_TABLE_CORE}
607 The @samp{BFD_JUMP_TABLE_CORE} macro is used for functions which deal
608 with core files. Obviously, these functions only do something
609 interesting for targets which have core file support.
612 @item _core_file_failing_command
613 Given a core file, this returns the command which was run to produce the
616 @item _core_file_failing_signal
617 Given a core file, this returns the signal number which produced the
620 @item _core_file_matches_executable_p
621 Given a core file and a BFD for an executable, this returns whether the
622 core file was generated by the executable.
625 @node BFD target vector archive
626 @subsection Archive functions
627 @cindex @samp{BFD_JUMP_TABLE_ARCHIVE}
629 The @samp{BFD_JUMP_TABLE_ARCHIVE} macro is used for functions which deal
630 with archive files. Most targets use COFF style archive files
631 (including ELF targets), and these use @samp{_bfd_archive_coff} as the
632 argument to @samp{BFD_JUMP_TABLE_ARCHIVE}. Some targets use BSD/a.out
633 style archives, and these use @samp{_bfd_archive_bsd}. (The main
634 difference between BSD and COFF archives is the format of the archive
635 symbol table). Targets with no archive support use
636 @samp{_bfd_noarchive}. Finally, a few targets have unusual archive
641 Read in the archive symbol table, storing it in private BFD data. This
642 is normally called from the archive @samp{check_format} routine. The
643 corresponding field in the target vector is named
644 @samp{_bfd_slurp_armap}.
646 @item _slurp_extended_name_table
647 Read in the extended name table from the archive, if there is one,
648 storing it in private BFD data. This is normally called from the
649 archive @samp{check_format} routine. The corresponding field in the
650 target vector is named @samp{_bfd_slurp_extended_name_table}.
652 @item construct_extended_name_table
653 Build and return an extended name table if one is needed to write out
654 the archive. This also adjusts the archive headers to refer to the
655 extended name table appropriately. This is normally called from the
656 archive @samp{write_contents} routine. The corresponding field in the
657 target vector is named @samp{_bfd_construct_extended_name_table}.
659 @item _truncate_arname
660 This copies a file name into an archive header, truncating it as
661 required. It is normally called from the archive @samp{write_contents}
662 routine. This function is more interesting in targets which do not
663 support extended name tables, but I think the GNU @samp{ar} program
664 always uses extended name tables anyhow. The corresponding field in the
665 target vector is named @samp{_bfd_truncate_arname}.
668 Write out the archive symbol table using calls to @samp{bfd_bwrite}.
669 This is normally called from the archive @samp{write_contents} routine.
670 The corresponding field in the target vector is named @samp{write_armap}
671 (no leading underscore).
674 Read and parse an archive header. This handles expanding the archive
675 header name into the real file name using the extended name table. This
676 is called by routines which read the archive symbol table or the archive
677 itself. The corresponding field in the target vector is named
678 @samp{_bfd_read_ar_hdr_fn}.
680 @item _openr_next_archived_file
681 Given an archive and a BFD representing a file stored within the
682 archive, return a BFD for the next file in the archive. This is called
683 via @samp{bfd_openr_next_archived_file}. The corresponding field in the
684 target vector is named @samp{openr_next_archived_file} (no leading
687 @item _get_elt_at_index
688 Given an archive and an index, return a BFD for the file in the archive
689 corresponding to that entry in the archive symbol table. This is called
690 via @samp{bfd_get_elt_at_index}. The corresponding field in the target
691 vector is named @samp{_bfd_get_elt_at_index}.
693 @item _generic_stat_arch_elt
694 Do a stat on an element of an archive, returning information read from
695 the archive header (modification time, uid, gid, file mode, size). This
696 is called via @samp{bfd_stat_arch_elt}. The corresponding field in the
697 target vector is named @samp{_bfd_stat_arch_elt}.
699 @item _update_armap_timestamp
700 After the entire contents of an archive have been written out, update
701 the timestamp of the archive symbol table to be newer than that of the
702 file. This is required for a.out style archives. This is normally
703 called by the archive @samp{write_contents} routine. The corresponding
704 field in the target vector is named @samp{_bfd_update_armap_timestamp}.
707 @node BFD target vector symbols
708 @subsection Symbol table functions
709 @cindex @samp{BFD_JUMP_TABLE_SYMBOLS}
711 The @samp{BFD_JUMP_TABLE_SYMBOLS} macro is used for functions which deal
715 @item _get_symtab_upper_bound
716 Return a sensible upper bound on the amount of memory which will be
717 required to read the symbol table. In practice most targets return the
718 amount of memory required to hold @samp{asymbol} pointers for all the
719 symbols plus a trailing @samp{NULL} entry, and store the actual symbol
720 information in BFD private data. This is called via
721 @samp{bfd_get_symtab_upper_bound}. The corresponding field in the
722 target vector is named @samp{_bfd_get_symtab_upper_bound}.
724 @item _canonicalize_symtab
725 Read in the symbol table. This is called via
726 @samp{bfd_canonicalize_symtab}. The corresponding field in the target
727 vector is named @samp{_bfd_canonicalize_symtab}.
729 @item _make_empty_symbol
730 Create an empty symbol for the BFD. This is needed because most targets
731 store extra information with each symbol by allocating a structure
732 larger than an @samp{asymbol} and storing the extra information at the
733 end. This function will allocate the right amount of memory, and return
734 what looks like a pointer to an empty @samp{asymbol}. This is called
735 via @samp{bfd_make_empty_symbol}. The corresponding field in the target
736 vector is named @samp{_bfd_make_empty_symbol}.
739 Print information about the symbol. This is called via
740 @samp{bfd_print_symbol}. One of the arguments indicates what sort of
741 information should be printed:
744 @item bfd_print_symbol_name
745 Just print the symbol name.
746 @item bfd_print_symbol_more
747 Print the symbol name and some interesting flags. I don't think
748 anything actually uses this.
749 @item bfd_print_symbol_all
750 Print all information about the symbol. This is used by @samp{objdump}
751 when run with the @samp{-t} option.
753 The corresponding field in the target vector is named
754 @samp{_bfd_print_symbol}.
756 @item _get_symbol_info
757 Return a standard set of information about the symbol. This is called
758 via @samp{bfd_symbol_info}. The corresponding field in the target
759 vector is named @samp{_bfd_get_symbol_info}.
761 @item _bfd_is_local_label_name
762 Return whether the given string would normally represent the name of a
763 local label. This is called via @samp{bfd_is_local_label} and
764 @samp{bfd_is_local_label_name}. Local labels are normally discarded by
765 the assembler. In the linker, this defines the difference between the
766 @samp{-x} and @samp{-X} options.
769 Return line number information for a symbol. This is only meaningful
770 for a COFF target. This is called when writing out COFF line numbers.
772 @item _find_nearest_line
773 Given an address within a section, use the debugging information to find
774 the matching file name, function name, and line number, if any. This is
775 called via @samp{bfd_find_nearest_line}. The corresponding field in the
776 target vector is named @samp{_bfd_find_nearest_line}.
778 @item _bfd_make_debug_symbol
779 Make a debugging symbol. This is only meaningful for a COFF target,
780 where it simply returns a symbol which will be placed in the
781 @samp{N_DEBUG} section when it is written out. This is called via
782 @samp{bfd_make_debug_symbol}.
784 @item _read_minisymbols
785 Minisymbols are used to reduce the memory requirements of programs like
786 @samp{nm}. A minisymbol is a cookie pointing to internal symbol
787 information which the caller can use to extract complete symbol
788 information. This permits BFD to not convert all the symbols into
789 generic form, but to instead convert them one at a time. This is called
790 via @samp{bfd_read_minisymbols}. Most targets do not implement this,
791 and just use generic support which is based on using standard
792 @samp{asymbol} structures.
794 @item _minisymbol_to_symbol
795 Convert a minisymbol to a standard @samp{asymbol}. This is called via
796 @samp{bfd_minisymbol_to_symbol}.
799 @node BFD target vector relocs
800 @subsection Relocation support
801 @cindex @samp{BFD_JUMP_TABLE_RELOCS}
803 The @samp{BFD_JUMP_TABLE_RELOCS} macro is used for functions which deal
807 @item _get_reloc_upper_bound
808 Return a sensible upper bound on the amount of memory which will be
809 required to read the relocations for a section. In practice most
810 targets return the amount of memory required to hold @samp{arelent}
811 pointers for all the relocations plus a trailing @samp{NULL} entry, and
812 store the actual relocation information in BFD private data. This is
813 called via @samp{bfd_get_reloc_upper_bound}.
815 @item _canonicalize_reloc
816 Return the relocation information for a section. This is called via
817 @samp{bfd_canonicalize_reloc}. The corresponding field in the target
818 vector is named @samp{_bfd_canonicalize_reloc}.
820 @item _bfd_reloc_type_lookup
821 Given a relocation code, return the corresponding howto structure
822 (@pxref{BFD relocation codes}). This is called via
823 @samp{bfd_reloc_type_lookup}. The corresponding field in the target
824 vector is named @samp{reloc_type_lookup}.
827 @node BFD target vector write
828 @subsection Output functions
829 @cindex @samp{BFD_JUMP_TABLE_WRITE}
831 The @samp{BFD_JUMP_TABLE_WRITE} macro is used for functions which deal
832 with writing out a BFD.
836 Set the architecture and machine number for a BFD. This is called via
837 @samp{bfd_set_arch_mach}. Most targets implement this by calling
838 @samp{bfd_default_set_arch_mach}. The corresponding field in the target
839 vector is named @samp{_bfd_set_arch_mach}.
841 @item _set_section_contents
842 Write out the contents of a section. This is called via
843 @samp{bfd_set_section_contents}. The corresponding field in the target
844 vector is named @samp{_bfd_set_section_contents}.
847 @node BFD target vector link
848 @subsection Linker functions
849 @cindex @samp{BFD_JUMP_TABLE_LINK}
851 The @samp{BFD_JUMP_TABLE_LINK} macro is used for functions called by the
855 @item _sizeof_headers
856 Return the size of the header information required for a BFD. This is
857 used to implement the @samp{SIZEOF_HEADERS} linker script function. It
858 is normally used to align the first section at an efficient position on
859 the page. This is called via @samp{bfd_sizeof_headers}. The
860 corresponding field in the target vector is named
861 @samp{_bfd_sizeof_headers}.
863 @item _bfd_get_relocated_section_contents
864 Read the contents of a section and apply the relocation information.
865 This handles both a final link and a relocatable link; in the latter
866 case, it adjust the relocation information as well. This is called via
867 @samp{bfd_get_relocated_section_contents}. Most targets implement it by
868 calling @samp{bfd_generic_get_relocated_section_contents}.
870 @item _bfd_relax_section
871 Try to use relaxation to shrink the size of a section. This is called
872 by the linker when the @samp{-relax} option is used. This is called via
873 @samp{bfd_relax_section}. Most targets do not support any sort of
876 @item _bfd_link_hash_table_create
877 Create the symbol hash table to use for the linker. This linker hook
878 permits the backend to control the size and information of the elements
879 in the linker symbol hash table. This is called via
880 @samp{bfd_link_hash_table_create}.
882 @item _bfd_link_add_symbols
883 Given an object file or an archive, add all symbols into the linker
884 symbol hash table. Use callbacks to the linker to include archive
885 elements in the link. This is called via @samp{bfd_link_add_symbols}.
887 @item _bfd_final_link
888 Finish the linking process. The linker calls this hook after all of the
889 input files have been read, when it is ready to finish the link and
890 generate the output file. This is called via @samp{bfd_final_link}.
892 @item _bfd_link_split_section
893 I don't know what this is for. Nothing seems to call it. The only
894 non-trivial definition is in @file{som.c}.
897 @node BFD target vector dynamic
898 @subsection Dynamic linking information functions
899 @cindex @samp{BFD_JUMP_TABLE_DYNAMIC}
901 The @samp{BFD_JUMP_TABLE_DYNAMIC} macro is used for functions which read
902 dynamic linking information.
905 @item _get_dynamic_symtab_upper_bound
906 Return a sensible upper bound on the amount of memory which will be
907 required to read the dynamic symbol table. In practice most targets
908 return the amount of memory required to hold @samp{asymbol} pointers for
909 all the symbols plus a trailing @samp{NULL} entry, and store the actual
910 symbol information in BFD private data. This is called via
911 @samp{bfd_get_dynamic_symtab_upper_bound}. The corresponding field in
912 the target vector is named @samp{_bfd_get_dynamic_symtab_upper_bound}.
914 @item _canonicalize_dynamic_symtab
915 Read the dynamic symbol table. This is called via
916 @samp{bfd_canonicalize_dynamic_symtab}. The corresponding field in the
917 target vector is named @samp{_bfd_canonicalize_dynamic_symtab}.
919 @item _get_dynamic_reloc_upper_bound
920 Return a sensible upper bound on the amount of memory which will be
921 required to read the dynamic relocations. In practice most targets
922 return the amount of memory required to hold @samp{arelent} pointers for
923 all the relocations plus a trailing @samp{NULL} entry, and store the
924 actual relocation information in BFD private data. This is called via
925 @samp{bfd_get_dynamic_reloc_upper_bound}. The corresponding field in
926 the target vector is named @samp{_bfd_get_dynamic_reloc_upper_bound}.
928 @item _canonicalize_dynamic_reloc
929 Read the dynamic relocations. This is called via
930 @samp{bfd_canonicalize_dynamic_reloc}. The corresponding field in the
931 target vector is named @samp{_bfd_canonicalize_dynamic_reloc}.
934 @node BFD generated files
935 @section BFD generated files
936 @cindex generated files in bfd
937 @cindex bfd generated files
939 BFD contains several automatically generated files. This section
940 describes them. Some files are created at configure time, when you
941 configure BFD. Some files are created at make time, when you build
942 BFD. Some files are automatically rebuilt at make time, but only if
943 you configure with the @samp{--enable-maintainer-mode} option. Some
944 files live in the object directory---the directory from which you run
945 configure---and some live in the source directory. All files that live
946 in the source directory are checked into the CVS repository.
951 @cindex @file{bfd-in3.h}
952 Lives in the object directory. Created at make time from
953 @file{bfd-in2.h} via @file{bfd-in3.h}. @file{bfd-in3.h} is created at
954 configure time from @file{bfd-in2.h}. There are automatic dependencies
955 to rebuild @file{bfd-in3.h} and hence @file{bfd.h} if @file{bfd-in2.h}
956 changes, so you can normally ignore @file{bfd-in3.h}, and just think
957 about @file{bfd-in2.h} and @file{bfd.h}.
959 @file{bfd.h} is built by replacing a few strings in @file{bfd-in2.h}.
960 To see them, search for @samp{@@} in @file{bfd-in2.h}. They mainly
961 control whether BFD is built for a 32 bit target or a 64 bit target.
964 @cindex @file{bfd-in2.h}
965 Lives in the source directory. Created from @file{bfd-in.h} and several
966 other BFD source files. If you configure with the
967 @samp{--enable-maintainer-mode} option, @file{bfd-in2.h} is rebuilt
968 automatically when a source file changes.
971 @itemx elf64-target.h
972 @cindex @file{elf32-target.h}
973 @cindex @file{elf64-target.h}
974 Live in the object directory. Created from @file{elfxx-target.h}.
975 These files are versions of @file{elfxx-target.h} customized for either
976 a 32 bit ELF target or a 64 bit ELF target.
979 @cindex @file{libbfd.h}
980 Lives in the source directory. Created from @file{libbfd-in.h} and
981 several other BFD source files. If you configure with the
982 @samp{--enable-maintainer-mode} option, @file{libbfd.h} is rebuilt
983 automatically when a source file changes.
986 @cindex @file{libcoff.h}
987 Lives in the source directory. Created from @file{libcoff-in.h} and
988 @file{coffcode.h}. If you configure with the
989 @samp{--enable-maintainer-mode} option, @file{libcoff.h} is rebuilt
990 automatically when a source file changes.
993 @cindex @file{targmatch.h}
994 Lives in the object directory. Created at make time from
995 @file{config.bfd}. This file is used to map configuration triplets into
996 BFD target vector variable names at run time.
999 @node BFD multiple compilations
1000 @section Files compiled multiple times in BFD
1001 Several files in BFD are compiled multiple times. By this I mean that
1002 there are header files which contain function definitions. These header
1003 files are included by other files, and thus the functions are compiled
1004 once per file which includes them.
1006 Preprocessor macros are used to control the compilation, so that each
1007 time the files are compiled the resulting functions are slightly
1008 different. Naturally, if they weren't different, there would be no
1009 reason to compile them multiple times.
1011 This is a not a particularly good programming technique, and future BFD
1012 work should avoid it.
1016 Since this technique is rarely used, even experienced C programmers find
1020 It is difficult to debug programs which use BFD, since there is no way
1021 to describe which version of a particular function you are looking at.
1024 Programs which use BFD wind up incorporating two or more slightly
1025 different versions of the same function, which wastes space in the
1029 This technique is never required nor is it especially efficient. It is
1030 always possible to use statically initialized structures holding
1031 function pointers and magic constants instead.
1034 The following is a list of the files which are compiled multiple times.
1038 @cindex @file{aout-target.h}
1039 Describes a few functions and the target vector for a.out targets. This
1040 is used by individual a.out targets with different definitions of
1041 @samp{N_TXTADDR} and similar a.out macros.
1044 @cindex @file{aoutf1.h}
1045 Implements standard SunOS a.out files. In principle it supports 64 bit
1046 a.out targets based on the preprocessor macro @samp{ARCH_SIZE}, but
1047 since all known a.out targets are 32 bits, this code may or may not
1048 work. This file is only included by a few other files, and it is
1049 difficult to justify its existence.
1052 @cindex @file{aoutx.h}
1053 Implements basic a.out support routines. This file can be compiled for
1054 either 32 or 64 bit support. Since all known a.out targets are 32 bits,
1055 the 64 bit support may or may not work. I believe the original
1056 intention was that this file would only be included by @samp{aout32.c}
1057 and @samp{aout64.c}, and that other a.out targets would simply refer to
1058 the functions it defined. Unfortunately, some other a.out targets
1059 started including it directly, leading to a somewhat confused state of
1063 @cindex @file{coffcode.h}
1064 Implements basic COFF support routines. This file is included by every
1065 COFF target. It implements code which handles COFF magic numbers as
1066 well as various hook functions called by the generic COFF functions in
1067 @file{coffgen.c}. This file is controlled by a number of different
1068 macros, and more are added regularly.
1071 @cindex @file{coffswap.h}
1072 Implements COFF swapping routines. This file is included by
1073 @file{coffcode.h}, and thus by every COFF target. It implements the
1074 routines which swap COFF structures between internal and external
1075 format. The main control for this file is the external structure
1076 definitions in the files in the @file{include/coff} directory. A COFF
1077 target file will include one of those files before including
1078 @file{coffcode.h} and thus @file{coffswap.h}. There are a few other
1079 macros which affect @file{coffswap.h} as well, mostly describing whether
1080 certain fields are present in the external structures.
1083 @cindex @file{ecoffswap.h}
1084 Implements ECOFF swapping routines. This is like @file{coffswap.h}, but
1085 for ECOFF. It is included by the ECOFF target files (of which there are
1086 only two). The control is the preprocessor macro @samp{ECOFF_32} or
1090 @cindex @file{elfcode.h}
1091 Implements ELF functions that use external structure definitions. This
1092 file is included by two other files: @file{elf32.c} and @file{elf64.c}.
1093 It is controlled by the @samp{ARCH_SIZE} macro which is defined to be
1094 @samp{32} or @samp{64} before including it. The @samp{NAME} macro is
1095 used internally to give the functions different names for the two target
1099 @cindex @file{elfcore.h}
1100 Like @file{elfcode.h}, but for functions that are specific to ELF core
1101 files. This is included only by @file{elfcode.h}.
1103 @item elfxx-target.h
1104 @cindex @file{elfxx-target.h}
1105 This file is the source for the generated files @file{elf32-target.h}
1106 and @file{elf64-target.h}, one of which is included by every ELF target.
1107 It defines the ELF target vector.
1110 @cindex @file{freebsd.h}
1111 Presumably intended to be included by all FreeBSD targets, but in fact
1112 there is only one such target, @samp{i386-freebsd}. This defines a
1113 function used to set the right magic number for FreeBSD, as well as
1114 various macros, and includes @file{aout-target.h}.
1117 @cindex @file{netbsd.h}
1118 Like @file{freebsd.h}, except that there are several files which include
1122 @cindex @file{nlm-target.h}
1123 Defines the target vector for a standard NLM target.
1126 @cindex @file{nlmcode.h}
1127 Like @file{elfcode.h}, but for NLM targets. This is only included by
1128 @file{nlm32.c} and @file{nlm64.c}, both of which define the macro
1129 @samp{ARCH_SIZE} to an appropriate value. There are no 64 bit NLM
1130 targets anyhow, so this is sort of useless.
1133 @cindex @file{nlmswap.h}
1134 Like @file{coffswap.h}, but for NLM targets. This is included by each
1135 NLM target, but I think it winds up compiling to the exact same code for
1136 every target, and as such is fairly useless.
1139 @cindex @file{peicode.h}
1140 Provides swapping routines and other hooks for PE targets.
1141 @file{coffcode.h} will include this rather than @file{coffswap.h} for a
1142 PE target. This defines PE specific versions of the COFF swapping
1143 routines, and also defines some macros which control @file{coffcode.h}
1147 @node BFD relocation handling
1148 @section BFD relocation handling
1149 @cindex bfd relocation handling
1150 @cindex relocations in bfd
1152 The handling of relocations is one of the more confusing aspects of BFD.
1153 Relocation handling has been implemented in various different ways, all
1154 somewhat incompatible, none perfect.
1157 * BFD relocation concepts:: BFD relocation concepts
1158 * BFD relocation functions:: BFD relocation functions
1159 * BFD relocation codes:: BFD relocation codes
1160 * BFD relocation future:: BFD relocation future
1163 @node BFD relocation concepts
1164 @subsection BFD relocation concepts
1166 A relocation is an action which the linker must take when linking. It
1167 describes a change to the contents of a section. The change is normally
1168 based on the final value of one or more symbols. Relocations are
1169 created by the assembler when it creates an object file.
1171 Most relocations are simple. A typical simple relocation is to set 32
1172 bits at a given offset in a section to the value of a symbol. This type
1173 of relocation would be generated for code like @code{int *p = &i;} where
1174 @samp{p} and @samp{i} are global variables. A relocation for the symbol
1175 @samp{i} would be generated such that the linker would initialize the
1176 area of memory which holds the value of @samp{p} to the value of the
1179 Slightly more complex relocations may include an addend, which is a
1180 constant to add to the symbol value before using it. In some cases a
1181 relocation will require adding the symbol value to the existing contents
1182 of the section in the object file. In others the relocation will simply
1183 replace the contents of the section with the symbol value. Some
1184 relocations are PC relative, so that the value to be stored in the
1185 section is the difference between the value of a symbol and the final
1186 address of the section contents.
1188 In general, relocations can be arbitrarily complex. For example,
1189 relocations used in dynamic linking systems often require the linker to
1190 allocate space in a different section and use the offset within that
1191 section as the value to store. In the IEEE object file format,
1192 relocations may involve arbitrary expressions.
1194 When doing a relocatable link, the linker may or may not have to do
1195 anything with a relocation, depending upon the definition of the
1196 relocation. Simple relocations generally do not require any special
1199 @node BFD relocation functions
1200 @subsection BFD relocation functions
1202 In BFD, each section has an array of @samp{arelent} structures. Each
1203 structure has a pointer to a symbol, an address within the section, an
1204 addend, and a pointer to a @samp{reloc_howto_struct} structure. The
1205 howto structure has a bunch of fields describing the reloc, including a
1206 type field. The type field is specific to the object file format
1207 backend; none of the generic code in BFD examines it.
1209 Originally, the function @samp{bfd_perform_relocation} was supposed to
1210 handle all relocations. In theory, many relocations would be simple
1211 enough to be described by the fields in the howto structure. For those
1212 that weren't, the howto structure included a @samp{special_function}
1213 field to use as an escape.
1215 While this seems plausible, a look at @samp{bfd_perform_relocation}
1216 shows that it failed. The function has odd special cases. Some of the
1217 fields in the howto structure, such as @samp{pcrel_offset}, were not
1218 adequately documented.
1220 The linker uses @samp{bfd_perform_relocation} to do all relocations when
1221 the input and output file have different formats (e.g., when generating
1222 S-records). The generic linker code, which is used by all targets which
1223 do not define their own special purpose linker, uses
1224 @samp{bfd_get_relocated_section_contents}, which for most targets turns
1225 into a call to @samp{bfd_generic_get_relocated_section_contents}, which
1226 calls @samp{bfd_perform_relocation}. So @samp{bfd_perform_relocation}
1227 is still widely used, which makes it difficult to change, since it is
1228 difficult to test all possible cases.
1230 The assembler used @samp{bfd_perform_relocation} for a while. This
1231 turned out to be the wrong thing to do, since
1232 @samp{bfd_perform_relocation} was written to handle relocations on an
1233 existing object file, while the assembler needed to create relocations
1234 in a new object file. The assembler was changed to use the new function
1235 @samp{bfd_install_relocation} instead, and @samp{bfd_install_relocation}
1236 was created as a copy of @samp{bfd_perform_relocation}.
1238 Unfortunately, the work did not progress any farther, so
1239 @samp{bfd_install_relocation} remains a simple copy of
1240 @samp{bfd_perform_relocation}, with all the odd special cases and
1241 confusing code. This again is difficult to change, because again any
1242 change can affect any assembler target, and so is difficult to test.
1244 The new linker, when using the same object file format for all input
1245 files and the output file, does not convert relocations into
1246 @samp{arelent} structures, so it can not use
1247 @samp{bfd_perform_relocation} at all. Instead, users of the new linker
1248 are expected to write a @samp{relocate_section} function which will
1249 handle relocations in a target specific fashion.
1251 There are two helper functions for target specific relocation:
1252 @samp{_bfd_final_link_relocate} and @samp{_bfd_relocate_contents}.
1253 These functions use a howto structure, but they @emph{do not} use the
1254 @samp{special_function} field. Since the functions are normally called
1255 from target specific code, the @samp{special_function} field adds
1256 little; any relocations which require special handling can be handled
1257 without calling those functions.
1259 So, if you want to add a new target, or add a new relocation to an
1260 existing target, you need to do the following:
1264 Make sure you clearly understand what the contents of the section should
1265 look like after assembly, after a relocatable link, and after a final
1266 link. Make sure you clearly understand the operations the linker must
1267 perform during a relocatable link and during a final link.
1270 Write a howto structure for the relocation. The howto structure is
1271 flexible enough to represent any relocation which should be handled by
1272 setting a contiguous bitfield in the destination to the value of a
1273 symbol, possibly with an addend, possibly adding the symbol value to the
1274 value already present in the destination.
1277 Change the assembler to generate your relocation. The assembler will
1278 call @samp{bfd_install_relocation}, so your howto structure has to be
1279 able to handle that. You may need to set the @samp{special_function}
1280 field to handle assembly correctly. Be careful to ensure that any code
1281 you write to handle the assembler will also work correctly when doing a
1282 relocatable link. For example, see @samp{bfd_elf_generic_reloc}.
1285 Test the assembler. Consider the cases of relocation against an
1286 undefined symbol, a common symbol, a symbol defined in the object file
1287 in the same section, and a symbol defined in the object file in a
1288 different section. These cases may not all be applicable for your
1292 If your target uses the new linker, which is recommended, add any
1293 required handling to the target specific relocation function. In simple
1294 cases this will just involve a call to @samp{_bfd_final_link_relocate}
1295 or @samp{_bfd_relocate_contents}, depending upon the definition of the
1296 relocation and whether the link is relocatable or not.
1299 Test the linker. Test the case of a final link. If the relocation can
1300 overflow, use a linker script to force an overflow and make sure the
1301 error is reported correctly. Test a relocatable link, whether the
1302 symbol is defined or undefined in the relocatable output. For both the
1303 final and relocatable link, test the case when the symbol is a common
1304 symbol, when the symbol looked like a common symbol but became a defined
1305 symbol, when the symbol is defined in a different object file, and when
1306 the symbol is defined in the same object file.
1309 In order for linking to another object file format, such as S-records,
1310 to work correctly, @samp{bfd_perform_relocation} has to do the right
1311 thing for the relocation. You may need to set the
1312 @samp{special_function} field to handle this correctly. Test this by
1313 doing a link in which the output object file format is S-records.
1316 Using the linker to generate relocatable output in a different object
1317 file format is impossible in the general case, so you generally don't
1318 have to worry about that. The GNU linker makes sure to stop that from
1319 happening when an input file in a different format has relocations.
1321 Linking input files of different object file formats together is quite
1322 unusual, but if you're really dedicated you may want to consider testing
1323 this case, both when the output object file format is the same as your
1324 format, and when it is different.
1327 @node BFD relocation codes
1328 @subsection BFD relocation codes
1330 BFD has another way of describing relocations besides the howto
1331 structures described above: the enum @samp{bfd_reloc_code_real_type}.
1333 Every known relocation type can be described as a value in this
1334 enumeration. The enumeration contains many target specific relocations,
1335 but where two or more targets have the same relocation, a single code is
1336 used. For example, the single value @samp{BFD_RELOC_32} is used for all
1337 simple 32 bit relocation types.
1339 The main purpose of this relocation code is to give the assembler some
1340 mechanism to create @samp{arelent} structures. In order for the
1341 assembler to create an @samp{arelent} structure, it has to be able to
1342 obtain a howto structure. The function @samp{bfd_reloc_type_lookup},
1343 which simply calls the target vector entry point
1344 @samp{reloc_type_lookup}, takes a relocation code and returns a howto
1347 The function @samp{bfd_get_reloc_code_name} returns the name of a
1348 relocation code. This is mainly used in error messages.
1350 Using both howto structures and relocation codes can be somewhat
1351 confusing. There are many processor specific relocation codes.
1352 However, the relocation is only fully defined by the howto structure.
1353 The same relocation code will map to different howto structures in
1354 different object file formats. For example, the addend handling may be
1357 Most of the relocation codes are not really general. The assembler can
1358 not use them without already understanding what sorts of relocations can
1359 be used for a particular target. It might be possible to replace the
1360 relocation codes with something simpler.
1362 @node BFD relocation future
1363 @subsection BFD relocation future
1365 Clearly the current BFD relocation support is in bad shape. A
1366 wholescale rewrite would be very difficult, because it would require
1367 thorough testing of every BFD target. So some sort of incremental
1370 My vague thoughts on this would involve defining a new, clearly defined,
1371 howto structure. Some mechanism would be used to determine which type
1372 of howto structure was being used by a particular format.
1374 The new howto structure would clearly define the relocation behaviour in
1375 the case of an assembly, a relocatable link, and a final link. At
1376 least one special function would be defined as an escape, and it might
1377 make sense to define more.
1379 One or more generic functions similar to @samp{bfd_perform_relocation}
1380 would be written to handle the new howto structure.
1382 This should make it possible to write a generic version of the relocate
1383 section functions used by the new linker. The target specific code
1384 would provide some mechanism (a function pointer or an initial
1385 conversion) to convert target specific relocations into howto
1388 Ideally it would be possible to use this generic relocate section
1389 function for the generic linker as well. That is, it would replace the
1390 @samp{bfd_generic_get_relocated_section_contents} function which is
1391 currently normally used.
1393 For the special case of ELF dynamic linking, more consideration needs to
1394 be given to writing ELF specific but ELF target generic code to handle
1395 special relocation types such as GOT and PLT.
1397 @node BFD ELF support
1398 @section BFD ELF support
1399 @cindex elf support in bfd
1400 @cindex bfd elf support
1402 The ELF object file format is defined in two parts: a generic ABI and a
1403 processor specific supplement. The ELF support in BFD is split in a
1404 similar fashion. The processor specific support is largely kept within
1405 a single file. The generic support is provided by several other files.
1406 The processor specific support provides a set of function pointers and
1407 constants used by the generic support.
1410 * BFD ELF sections and segments:: ELF sections and segments
1411 * BFD ELF generic support:: BFD ELF generic support
1412 * BFD ELF processor specific support:: BFD ELF processor specific support
1413 * BFD ELF core files:: BFD ELF core files
1414 * BFD ELF future:: BFD ELF future
1417 @node BFD ELF sections and segments
1418 @subsection ELF sections and segments
1420 The ELF ABI permits a file to have either sections or segments or both.
1421 Relocatable object files conventionally have only sections.
1422 Executables conventionally have both. Core files conventionally have
1423 only program segments.
1425 ELF sections are similar to sections in other object file formats: they
1426 have a name, a VMA, file contents, flags, and other miscellaneous
1427 information. ELF relocations are stored in sections of a particular
1428 type; BFD automatically converts these sections into internal relocation
1431 ELF program segments are intended for fast interpretation by a system
1432 loader. They have a type, a VMA, an LMA, file contents, and a couple of
1433 other fields. When an ELF executable is run on a Unix system, the
1434 system loader will examine the program segments to decide how to load
1435 it. The loader will ignore the section information. Loadable program
1436 segments (type @samp{PT_LOAD}) are directly loaded into memory. Other
1437 program segments are interpreted by the loader, and generally provide
1438 dynamic linking information.
1440 When an ELF file has both program segments and sections, an ELF program
1441 segment may encompass one or more ELF sections, in the sense that the
1442 portion of the file which corresponds to the program segment may include
1443 the portions of the file corresponding to one or more sections. When
1444 there is more than one section in a loadable program segment, the
1445 relative positions of the section contents in the file must correspond
1446 to the relative positions they should hold when the program segment is
1447 loaded. This requirement should be obvious if you consider that the
1448 system loader will load an entire program segment at a time.
1450 On a system which supports dynamic paging, such as any native Unix
1451 system, the contents of a loadable program segment must be at the same
1452 offset in the file as in memory, modulo the memory page size used on the
1453 system. This is because the system loader will map the file into memory
1454 starting at the start of a page. The system loader can easily remap
1455 entire pages to the correct load address. However, if the contents of
1456 the file were not correctly aligned within the page, the system loader
1457 would have to shift the contents around within the page, which is too
1458 expensive. For example, if the LMA of a loadable program segment is
1459 @samp{0x40080} and the page size is @samp{0x1000}, then the position of
1460 the segment contents within the file must equal @samp{0x80} modulo
1463 BFD has only a single set of sections. It does not provide any generic
1464 way to examine both sections and segments. When BFD is used to open an
1465 object file or executable, the BFD sections will represent ELF sections.
1466 When BFD is used to open a core file, the BFD sections will represent
1467 ELF program segments.
1469 When BFD is used to examine an object file or executable, any program
1470 segments will be read to set the LMA of the sections. This is because
1471 ELF sections only have a VMA, while ELF program segments have both a VMA
1472 and an LMA. Any program segments will be copied by the
1473 @samp{copy_private} entry points. They will be printed by the
1474 @samp{print_private} entry point. Otherwise, the program segments are
1475 ignored. In particular, programs which use BFD currently have no direct
1476 access to the program segments.
1478 When BFD is used to create an executable, the program segments will be
1479 created automatically based on the section information. This is done in
1480 the function @samp{assign_file_positions_for_segments} in @file{elf.c}.
1481 This function has been tweaked many times, and probably still has
1482 problems that arise in particular cases.
1484 There is a hook which may be used to explicitly define the program
1485 segments when creating an executable: the @samp{bfd_record_phdr}
1486 function in @file{bfd.c}. If this function is called, BFD will not
1487 create program segments itself, but will only create the program
1488 segments specified by the caller. The linker uses this function to
1489 implement the @samp{PHDRS} linker script command.
1491 @node BFD ELF generic support
1492 @subsection BFD ELF generic support
1494 In general, functions which do not read external data from the ELF file
1495 are found in @file{elf.c}. They operate on the internal forms of the
1496 ELF structures, which are defined in @file{include/elf/internal.h}. The
1497 internal structures are defined in terms of @samp{bfd_vma}, and so may
1498 be used for both 32 bit and 64 bit ELF targets.
1500 The file @file{elfcode.h} contains functions which operate on the
1501 external data. @file{elfcode.h} is compiled twice, once via
1502 @file{elf32.c} with @samp{ARCH_SIZE} defined as @samp{32}, and once via
1503 @file{elf64.c} with @samp{ARCH_SIZE} defined as @samp{64}.
1504 @file{elfcode.h} includes functions to swap the ELF structures in and
1505 out of external form, as well as a few more complex functions.
1507 Linker support is found in @file{elflink.c}. The
1508 linker support is only used if the processor specific file defines
1509 @samp{elf_backend_relocate_section}, which is required to relocate the
1510 section contents. If that macro is not defined, the generic linker code
1511 is used, and relocations are handled via @samp{bfd_perform_relocation}.
1513 The core file support is in @file{elfcore.h}, which is compiled twice,
1514 for both 32 and 64 bit support. The more interesting cases of core file
1515 support only work on a native system which has the @file{sys/procfs.h}
1516 header file. Without that file, the core file support does little more
1517 than read the ELF program segments as BFD sections.
1519 The BFD internal header file @file{elf-bfd.h} is used for communication
1520 among these files and the processor specific files.
1522 The default entries for the BFD ELF target vector are found mainly in
1523 @file{elf.c}. Some functions are found in @file{elfcode.h}.
1525 The processor specific files may override particular entries in the
1526 target vector, but most do not, with one exception: the
1527 @samp{bfd_reloc_type_lookup} entry point is always processor specific.
1529 @node BFD ELF processor specific support
1530 @subsection BFD ELF processor specific support
1532 By convention, the processor specific support for a particular processor
1533 will be found in @file{elf@var{nn}-@var{cpu}.c}, where @var{nn} is
1534 either 32 or 64, and @var{cpu} is the name of the processor.
1537 * BFD ELF processor required:: Required processor specific support
1538 * BFD ELF processor linker:: Processor specific linker support
1539 * BFD ELF processor other:: Other processor specific support options
1542 @node BFD ELF processor required
1543 @subsubsection Required processor specific support
1545 When writing a @file{elf@var{nn}-@var{cpu}.c} file, you must do the
1550 Define either @samp{TARGET_BIG_SYM} or @samp{TARGET_LITTLE_SYM}, or
1551 both, to a unique C name to use for the target vector. This name should
1552 appear in the list of target vectors in @file{targets.c}, and will also
1553 have to appear in @file{config.bfd} and @file{configure.in}. Define
1554 @samp{TARGET_BIG_SYM} for a big-endian processor,
1555 @samp{TARGET_LITTLE_SYM} for a little-endian processor, and define both
1556 for a bi-endian processor.
1558 Define either @samp{TARGET_BIG_NAME} or @samp{TARGET_LITTLE_NAME}, or
1559 both, to a string used as the name of the target vector. This is the
1560 name which a user of the BFD tool would use to specify the object file
1561 format. It would normally appear in a linker emulation parameters
1564 Define @samp{ELF_ARCH} to the BFD architecture (an element of the
1565 @samp{bfd_architecture} enum, typically @samp{bfd_arch_@var{cpu}}).
1567 Define @samp{ELF_MACHINE_CODE} to the magic number which should appear
1568 in the @samp{e_machine} field of the ELF header. As of this writing,
1569 these magic numbers are assigned by Caldera; if you want to get a magic
1570 number for a particular processor, try sending a note to
1571 @email{registry@@caldera.com}. In the BFD sources, the magic numbers are
1572 found in @file{include/elf/common.h}; they have names beginning with
1575 Define @samp{ELF_MAXPAGESIZE} to the maximum size of a virtual page in
1576 memory. This can normally be found at the start of chapter 5 in the
1577 processor specific supplement. For a processor which will only be used
1578 in an embedded system, or which has no memory management hardware, this
1579 can simply be @samp{1}.
1581 If the format should use @samp{Rel} rather than @samp{Rela} relocations,
1582 define @samp{USE_REL}. This is normally defined in chapter 4 of the
1583 processor specific supplement.
1585 In the absence of a supplement, it's easier to work with @samp{Rela}
1586 relocations. @samp{Rela} relocations will require more space in object
1587 files (but not in executables, except when using dynamic linking).
1588 However, this is outweighed by the simplicity of addend handling when
1589 using @samp{Rela} relocations. With @samp{Rel} relocations, the addend
1590 must be stored in the section contents, which makes relocatable links
1593 For example, consider C code like @code{i = a[1000];} where @samp{a} is
1594 a global array. The instructions which load the value of @samp{a[1000]}
1595 will most likely use a relocation which refers to the symbol
1596 representing @samp{a}, with an addend that gives the offset from the
1597 start of @samp{a} to element @samp{1000}. When using @samp{Rel}
1598 relocations, that addend must be stored in the instructions themselves.
1599 If you are adding support for a RISC chip which uses two or more
1600 instructions to load an address, then the addend may not fit in a single
1601 instruction, and will have to be somehow split among the instructions.
1602 This makes linking awkward, particularly when doing a relocatable link
1603 in which the addend may have to be updated. It can be done---the MIPS
1604 ELF support does it---but it should be avoided when possible.
1606 It is possible, though somewhat awkward, to support both @samp{Rel} and
1607 @samp{Rela} relocations for a single target; @file{elf64-mips.c} does it
1608 by overriding the relocation reading and writing routines.
1610 Define howto structures for all the relocation types.
1612 Define a @samp{bfd_reloc_type_lookup} routine. This must be named
1613 @samp{bfd_elf@var{nn}_bfd_reloc_type_lookup}, and may be either a
1614 function or a macro. It must translate a BFD relocation code into a
1615 howto structure. This is normally a table lookup or a simple switch.
1617 If using @samp{Rel} relocations, define @samp{elf_info_to_howto_rel}.
1618 If using @samp{Rela} relocations, define @samp{elf_info_to_howto}.
1619 Either way, this is a macro defined as the name of a function which
1620 takes an @samp{arelent} and a @samp{Rel} or @samp{Rela} structure, and
1621 sets the @samp{howto} field of the @samp{arelent} based on the
1622 @samp{Rel} or @samp{Rela} structure. This is normally uses
1623 @samp{ELF@var{nn}_R_TYPE} to get the ELF relocation type and uses it as
1624 an index into a table of howto structures.
1627 You must also add the magic number for this processor to the
1628 @samp{prep_headers} function in @file{elf.c}.
1630 You must also create a header file in the @file{include/elf} directory
1631 called @file{@var{cpu}.h}. This file should define any target specific
1632 information which may be needed outside of the BFD code. In particular
1633 it should use the @samp{START_RELOC_NUMBERS}, @samp{RELOC_NUMBER},
1634 @samp{FAKE_RELOC}, @samp{EMPTY_RELOC} and @samp{END_RELOC_NUMBERS}
1635 macros to create a table mapping the number used to identify a
1636 relocation to a name describing that relocation.
1638 While not a BFD component, you probably also want to make the binutils
1639 program @samp{readelf} parse your ELF objects. For this, you need to add
1640 code for @code{EM_@var{cpu}} as appropriate in @file{binutils/readelf.c}.
1642 @node BFD ELF processor linker
1643 @subsubsection Processor specific linker support
1645 The linker will be much more efficient if you define a relocate section
1646 function. This will permit BFD to use the ELF specific linker support.
1648 If you do not define a relocate section function, BFD must use the
1649 generic linker support, which requires converting all symbols and
1650 relocations into BFD @samp{asymbol} and @samp{arelent} structures. In
1651 this case, relocations will be handled by calling
1652 @samp{bfd_perform_relocation}, which will use the howto structures you
1653 have defined. @xref{BFD relocation handling}.
1655 In order to support linking into a different object file format, such as
1656 S-records, @samp{bfd_perform_relocation} must work correctly with your
1657 howto structures, so you can't skip that step. However, if you define
1658 the relocate section function, then in the normal case of linking into
1659 an ELF file the linker will not need to convert symbols and relocations,
1660 and will be much more efficient.
1662 To use a relocation section function, define the macro
1663 @samp{elf_backend_relocate_section} as the name of a function which will
1664 take the contents of a section, as well as relocation, symbol, and other
1665 information, and modify the section contents according to the relocation
1666 information. In simple cases, this is little more than a loop over the
1667 relocations which computes the value of each relocation and calls
1668 @samp{_bfd_final_link_relocate}. The function must check for a
1669 relocatable link, and in that case normally needs to do nothing other
1670 than adjust the addend for relocations against a section symbol.
1672 The complex cases generally have to do with dynamic linker support. GOT
1673 and PLT relocations must be handled specially, and the linker normally
1674 arranges to set up the GOT and PLT sections while handling relocations.
1675 When generating a shared library, random relocations must normally be
1676 copied into the shared library, or converted to RELATIVE relocations
1679 @node BFD ELF processor other
1680 @subsubsection Other processor specific support options
1682 There are many other macros which may be defined in
1683 @file{elf@var{nn}-@var{cpu}.c}. These macros may be found in
1684 @file{elfxx-target.h}.
1686 Macros may be used to override some of the generic ELF target vector
1689 Several processor specific hook functions which may be defined as
1690 macros. These functions are found as function pointers in the
1691 @samp{elf_backend_data} structure defined in @file{elf-bfd.h}. In
1692 general, a hook function is set by defining a macro
1693 @samp{elf_backend_@var{name}}.
1695 There are a few processor specific constants which may also be defined.
1696 These are again found in the @samp{elf_backend_data} structure.
1698 I will not define the various functions and constants here; see the
1699 comments in @file{elf-bfd.h}.
1701 Normally any odd characteristic of a particular ELF processor is handled
1702 via a hook function. For example, the special @samp{SHN_MIPS_SCOMMON}
1703 section number found in MIPS ELF is handled via the hooks
1704 @samp{section_from_bfd_section}, @samp{symbol_processing},
1705 @samp{add_symbol_hook}, and @samp{output_symbol_hook}.
1707 Dynamic linking support, which involves processor specific relocations
1708 requiring special handling, is also implemented via hook functions.
1710 @node BFD ELF core files
1711 @subsection BFD ELF core files
1712 @cindex elf core files
1714 On native ELF Unix systems, core files are generated without any
1715 sections. Instead, they only have program segments.
1717 When BFD is used to read an ELF core file, the BFD sections will
1718 actually represent program segments. Since ELF program segments do not
1719 have names, BFD will invent names like @samp{segment@var{n}} where
1720 @var{n} is a number.
1722 A single ELF program segment may include both an initialized part and an
1723 uninitialized part. The size of the initialized part is given by the
1724 @samp{p_filesz} field. The total size of the segment is given by the
1725 @samp{p_memsz} field. If @samp{p_memsz} is larger than @samp{p_filesz},
1726 then the extra space is uninitialized, or, more precisely, initialized
1729 BFD will represent such a program segment as two different sections.
1730 The first, named @samp{segment@var{n}a}, will represent the initialized
1731 part of the program segment. The second, named @samp{segment@var{n}b},
1732 will represent the uninitialized part.
1734 ELF core files store special information such as register values in
1735 program segments with the type @samp{PT_NOTE}. BFD will attempt to
1736 interpret the information in these segments, and will create additional
1737 sections holding the information. Some of this interpretation requires
1738 information found in the host header file @file{sys/procfs.h}, and so
1739 will only work when BFD is built on a native system.
1741 BFD does not currently provide any way to create an ELF core file. In
1742 general, BFD does not provide a way to create core files. The way to
1743 implement this would be to write @samp{bfd_set_format} and
1744 @samp{bfd_write_contents} routines for the @samp{bfd_core} type; see
1745 @ref{BFD target vector format}.
1747 @node BFD ELF future
1748 @subsection BFD ELF future
1750 The current dynamic linking support has too much code duplication.
1751 While each processor has particular differences, much of the dynamic
1752 linking support is quite similar for each processor. The GOT and PLT
1753 are handled in fairly similar ways, the details of -Bsymbolic linking
1754 are generally similar, etc. This code should be reworked to use more
1755 generic functions, eliminating the duplication.
1757 Similarly, the relocation handling has too much duplication. Many of
1758 the @samp{reloc_type_lookup} and @samp{info_to_howto} functions are
1759 quite similar. The relocate section functions are also often quite
1760 similar, both in the standard linker handling and the dynamic linker
1761 handling. Many of the COFF processor specific backends share a single
1762 relocate section function (@samp{_bfd_coff_generic_relocate_section}),
1763 and it should be possible to do something like this for the ELF targets
1766 The appearance of the processor specific magic number in
1767 @samp{prep_headers} in @file{elf.c} is somewhat bogus. It should be
1768 possible to add support for a new processor without changing the generic
1771 The processor function hooks and constants are ad hoc and need better
1775 @section BFD glossary
1776 @cindex glossary for bfd
1777 @cindex bfd glossary
1779 This is a short glossary of some BFD terms.
1783 The a.out object file format. The original Unix object file format.
1784 Still used on SunOS, though not Solaris. Supports only three sections.
1787 A collection of object files produced and manipulated by the @samp{ar}
1791 The implementation within BFD of a particular object file format. The
1792 set of functions which appear in a particular target vector.
1795 The BFD library itself. Also, each object file, archive, or executable
1796 opened by the BFD library has the type @samp{bfd *}, and is sometimes
1797 referred to as a bfd.
1800 The Common Object File Format. Used on Unix SVR3. Used by some
1801 embedded targets, although ELF is normally better.
1804 A shared library on Windows.
1806 @item dynamic linker
1807 When a program linked against a shared library is run, the dynamic
1808 linker will locate the appropriate shared library and arrange to somehow
1809 include it in the running image.
1811 @item dynamic object
1812 Another name for an ELF shared library.
1815 The Extended Common Object File Format. Used on Alpha Digital Unix
1816 (formerly OSF/1), as well as Ultrix and Irix 4. A variant of COFF.
1819 The Executable and Linking Format. The object file format used on most
1820 modern Unix systems, including GNU/Linux, Solaris, Irix, and SVR4. Also
1821 used on many embedded systems.
1824 A program, with instructions and symbols, and perhaps dynamic linking
1825 information. Normally produced by a linker.
1828 Load Memory Address. This is the address at which a section will be
1829 loaded. Compare with VMA, below.
1832 NetWare Loadable Module. Used to describe the format of an object which
1833 be loaded into NetWare, which is some kind of PC based network server
1837 A binary file including machine instructions, symbols, and relocation
1838 information. Normally produced by an assembler.
1840 @item object file format
1841 The format of an object file. Typically object files and executables
1842 for a particular system are in the same format, although executables
1843 will not contain any relocation information.
1846 The Portable Executable format. This is the object file format used for
1847 Windows (specifically, Win32) object files. It is based closely on
1848 COFF, but has a few significant differences.
1851 The Portable Executable Image format. This is the object file format
1852 used for Windows (specifically, Win32) executables. It is very similar
1853 to PE, but includes some additional header information.
1856 Information used by the linker to adjust section contents. Also called
1860 Object files and executable are composed of sections. Sections have
1861 optional data and optional relocation information.
1863 @item shared library
1864 A library of functions which may be used by many executables without
1865 actually being linked into each executable. There are several different
1866 implementations of shared libraries, each having slightly different
1870 Each object file and executable may have a list of symbols, often
1871 referred to as the symbol table. A symbol is basically a name and an
1872 address. There may also be some additional information like the type of
1873 symbol, although the type of a symbol is normally something simple like
1874 function or object, and should be confused with the more complex C
1875 notion of type. Typically every global function and variable in a C
1876 program will have an associated symbol.
1879 A set of functions which implement support for a particular object file
1880 format. The @samp{bfd_target} structure.
1883 The current Windows API, implemented by Windows 95 and later and Windows
1884 NT 3.51 and later, but not by Windows 3.1.
1887 The eXtended Common Object File Format. Used on AIX. A variant of
1888 COFF, with a completely different symbol table implementation.
1891 Virtual Memory Address. This is the address a section will have when
1892 an executable is run. Compare with LMA, above.
1896 @unnumberedsec Index