2 @c Copyright 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998,
4 @c Free Software Foundation, Inc.
5 @setfilename bfdint.info
7 @settitle BFD Internals
11 @author{Ian Lance Taylor}
12 @author{Cygnus Solutions}
21 This document describes some BFD internal information which may be
22 helpful when working on BFD. It is very incomplete.
24 This document is not updated regularly, and may be out of date.
26 The initial version of this document was written by Ian Lance Taylor
27 @email{ian@@cygnus.com}.
30 * BFD overview:: BFD overview
31 * BFD guidelines:: BFD programming guidelines
32 * BFD target vector:: BFD target vector
33 * BFD generated files:: BFD generated files
34 * BFD multiple compilations:: Files compiled multiple times in BFD
35 * BFD relocation handling:: BFD relocation handling
36 * BFD ELF support:: BFD ELF support
37 * BFD glossary:: Glossary
44 BFD is a library which provides a single interface to read and write
45 object files, executables, archive files, and core files in any format.
48 * BFD library interfaces:: BFD library interfaces
49 * BFD library users:: BFD library users
50 * BFD view:: The BFD view of a file
51 * BFD blindness:: BFD loses information
54 @node BFD library interfaces
55 @subsection BFD library interfaces
57 One way to look at the BFD library is to divide it into four parts by
60 The first interface is the set of generic functions which programs using
61 the BFD library will call. These generic function normally translate
62 directly or indirectly into calls to routines which are specific to a
63 particular object file format. Many of these generic functions are
64 actually defined as macros in @file{bfd.h}. These functions comprise
65 the official BFD interface.
67 The second interface is the set of functions which appear in the target
68 vectors. This is the bulk of the code in BFD. A target vector is a set
69 of function pointers specific to a particular object file format. The
70 target vector is used to implement the generic BFD functions. These
71 functions are always called through the target vector, and are never
72 called directly. The target vector is described in detail in @ref{BFD
73 target vector}. The set of functions which appear in a particular
74 target vector is often referred to as a BFD backend.
76 The third interface is a set of oddball functions which are typically
77 specific to a particular object file format, are not generic functions,
78 and are called from outside of the BFD library. These are used as hooks
79 by the linker and the assembler when a particular object file format
80 requires some action which the BFD generic interface does not provide.
81 These functions are typically declared in @file{bfd.h}, but in many
82 cases they are only provided when BFD is configured with support for a
83 particular object file format. These functions live in a grey area, and
84 are not really part of the official BFD interface.
86 The fourth interface is the set of BFD support functions which are
87 called by the other BFD functions. These manage issues like memory
88 allocation, error handling, file access, hash tables, swapping, and the
89 like. These functions are never called from outside of the BFD library.
91 @node BFD library users
92 @subsection BFD library users
94 Another way to look at the BFD library is to divide it into three parts
95 by the manner in which it is used.
97 The first use is to read an object file. The object file readers are
98 programs like @samp{gdb}, @samp{nm}, @samp{objdump}, and @samp{objcopy}.
99 These programs use BFD to view an object file in a generic form. The
100 official BFD interface is normally fully adequate for these programs.
102 The second use is to write an object file. The object file writers are
103 programs like @samp{gas} and @samp{objcopy}. These programs use BFD to
104 create an object file. The official BFD interface is normally adequate
105 for these programs, but for some object file formats the assembler needs
106 some additional hooks in order to set particular flags or other
107 information. The official BFD interface includes functions to copy
108 private information from one object file to another, and these functions
109 are used by @samp{objcopy} to avoid information loss.
111 The third use is to link object files. There is only one object file
112 linker, @samp{ld}. Originally, @samp{ld} was an object file reader and
113 an object file writer, and it did the link operation using the generic
114 BFD structures. However, this turned out to be too slow and too memory
117 The official BFD linker functions were written to permit specific BFD
118 backends to perform the link without translating through the generic
119 structures, in the normal case where all the input files and output file
120 have the same object file format. Not all of the backends currently
121 implement the new interface, and there are default linking functions
122 within BFD which use the generic structures and which work with all
125 For several object file formats the linker needs additional hooks which
126 are not provided by the official BFD interface, particularly for dynamic
127 linking support. These functions are typically called from the linker
131 @subsection The BFD view of a file
133 BFD uses generic structures to manage information. It translates data
134 into the generic form when reading files, and out of the generic form
137 BFD describes a file as a pointer to the @samp{bfd} type. A @samp{bfd}
138 is composed of the following elements. The BFD information can be
139 displayed using the @samp{objdump} program with various options.
142 @item general information
143 The object file format, a few general flags, the start address.
145 The architecture, including both a general processor type (m68k, MIPS
146 etc.) and a specific machine number (m68000, R4000, etc.).
153 BFD represents a section as a pointer to the @samp{asection} type. Each
154 section has a name and a size. Most sections also have an associated
155 block of data, known as the section contents. Sections also have
156 associated flags, a virtual memory address, a load memory address, a
157 required alignment, a list of relocations, and other miscellaneous
160 BFD represents a relocation as a pointer to the @samp{arelent} type. A
161 relocation describes an action which the linker must take to modify the
162 section contents. Relocations have a symbol, an address, an addend, and
163 a pointer to a howto structure which describes how to perform the
164 relocation. For more information, see @ref{BFD relocation handling}.
166 BFD represents a symbol as a pointer to the @samp{asymbol} type. A
167 symbol has a name, a pointer to a section, an offset within that
168 section, and some flags.
170 Archive files do not have any sections or symbols. Instead, BFD
171 represents an archive file as a file which contains a list of
172 @samp{bfd}s. BFD also provides access to the archive symbol map, as a
173 list of symbol names. BFD provides a function to return the @samp{bfd}
174 within the archive which corresponds to a particular entry in the
178 @subsection BFD loses information
180 Most object file formats have information which BFD can not represent in
181 its generic form, at least as currently defined.
183 There is often explicit information which BFD can not represent. For
184 example, the COFF version stamp, or the ELF program segments. BFD
185 provides special hooks to handle this information when copying,
186 printing, or linking an object file. The BFD support for a particular
187 object file format will normally store this information in private data
188 and handle it using the special hooks.
190 In some cases there is also implicit information which BFD can not
191 represent. For example, the MIPS processor distinguishes small and
192 large symbols, and requires that all small symbls be within 32K of the
193 GP register. This means that the MIPS assembler must be able to mark
194 variables as either small or large, and the MIPS linker must know to put
195 small symbols within range of the GP register. Since BFD can not
196 represent this information, this means that the assembler and linker
197 must have information that is specific to a particular object file
198 format which is outside of the BFD library.
200 This loss of information indicates areas where the BFD paradigm breaks
201 down. It is not actually possible to represent the myriad differences
202 among object file formats using a single generic interface, at least not
203 in the manner which BFD does it today.
205 Nevertheless, the BFD library does greatly simplify the task of dealing
206 with object files, and particular problems caused by information loss
207 can normally be solved using some sort of relatively constrained hook
213 @section BFD programming guidelines
214 @cindex bfd programming guidelines
215 @cindex programming guidelines for bfd
216 @cindex guidelines, bfd programming
218 There is a lot of poorly written and confusing code in BFD. New BFD
219 code should be written to a higher standard. Merely because some BFD
220 code is written in a particular manner does not mean that you should
223 Here are some general BFD programming guidelines:
227 Follow the GNU coding standards.
230 Avoid global variables. We ideally want BFD to be fully reentrant, so
231 that it can be used in multiple threads. All uses of global or static
232 variables interfere with that. Initialized constant variables are OK,
233 and they should be explicitly marked with const. Instead of global
234 variables, use data attached to a BFD or to a linker hash table.
237 All externally visible functions should have names which start with
238 @samp{bfd_}. All such functions should be declared in some header file,
239 typically @file{bfd.h}. See, for example, the various declarations near
240 the end of @file{bfd-in.h}, which mostly declare functions required by
241 specific linker emulations.
244 All functions which need to be visible from one file to another within
245 BFD, but should not be visible outside of BFD, should start with
246 @samp{_bfd_}. Although external names beginning with @samp{_} are
247 prohibited by the ANSI standard, in practice this usage will always
248 work, and it is required by the GNU coding standards.
251 Always remember that people can compile using @samp{--enable-targets} to
252 build several, or all, targets at once. It must be possible to link
253 together the files for all targets.
256 BFD code should compile with few or no warnings using @samp{gcc -Wall}.
257 Some warnings are OK, like the absence of certain function declarations
258 which may or may not be declared in system header files. Warnings about
259 ambiguous expressions and the like should always be fixed.
262 @node BFD target vector
263 @section BFD target vector
264 @cindex bfd target vector
265 @cindex target vector in bfd
267 BFD supports multiple object file formats by using the @dfn{target
268 vector}. This is simply a set of function pointers which implement
269 behaviour that is specific to a particular object file format.
271 In this section I list all of the entries in the target vector and
272 describe what they do.
275 * BFD target vector miscellaneous:: Miscellaneous constants
276 * BFD target vector swap:: Swapping functions
277 * BFD target vector format:: Format type dependent functions
278 * BFD_JUMP_TABLE macros:: BFD_JUMP_TABLE macros
279 * BFD target vector generic:: Generic functions
280 * BFD target vector copy:: Copy functions
281 * BFD target vector core:: Core file support functions
282 * BFD target vector archive:: Archive functions
283 * BFD target vector symbols:: Symbol table functions
284 * BFD target vector relocs:: Relocation support
285 * BFD target vector write:: Output functions
286 * BFD target vector link:: Linker functions
287 * BFD target vector dynamic:: Dynamic linking information functions
290 @node BFD target vector miscellaneous
291 @subsection Miscellaneous constants
293 The target vector starts with a set of constants.
297 The name of the target vector. This is an arbitrary string. This is
298 how the target vector is named in command line options for tools which
299 use BFD, such as the @samp{-oformat} linker option.
302 A general description of the type of target. The following flavours are
306 @item bfd_target_unknown_flavour
307 Undefined or unknown.
308 @item bfd_target_aout_flavour
310 @item bfd_target_coff_flavour
312 @item bfd_target_ecoff_flavour
314 @item bfd_target_elf_flavour
316 @item bfd_target_ieee_flavour
318 @item bfd_target_nlm_flavour
320 @item bfd_target_oasys_flavour
322 @item bfd_target_tekhex_flavour
323 Tektronix hex format.
324 @item bfd_target_srec_flavour
325 Motorola S-record format.
326 @item bfd_target_ihex_flavour
328 @item bfd_target_som_flavour
330 @item bfd_target_os9k_flavour
332 @item bfd_target_versados_flavour
334 @item bfd_target_msdos_flavour
336 @item bfd_target_evax_flavour
341 The byte order of data in the object file. One of
342 @samp{BFD_ENDIAN_BIG}, @samp{BFD_ENDIAN_LITTLE}, or
343 @samp{BFD_ENDIAN_UNKNOWN}. The latter would be used for a format such
344 as S-records which do not record the architecture of the data.
346 @item header_byteorder
347 The byte order of header information in the object file. Normally the
348 same as the @samp{byteorder} field, but there are certain cases where it
352 Flags which may appear in the @samp{flags} field of a BFD with this
356 Flags which may appear in the @samp{flags} field of a section within a
357 BFD with this format.
359 @item symbol_leading_char
360 A character which the C compiler normally puts before a symbol. For
361 example, an a.out compiler will typically generate the symbol
362 @samp{_foo} for a function named @samp{foo} in the C source, in which
363 case this field would be @samp{_}. If there is no such character, this
364 field will be @samp{0}.
367 The padding character to use at the end of an archive name. Normally
371 The maximum length of a short name in an archive. Normally @samp{14}.
374 A pointer to constant backend data. This is used by backends to store
375 whatever additional information they need to distinguish similar target
376 vectors which use the same sets of functions.
379 @node BFD target vector swap
380 @subsection Swapping functions
382 Every target vector has fuction pointers used for swapping information
383 in and out of the target representation. There are two sets of
384 functions: one for data information, and one for header information.
385 Each set has three sizes: 64-bit, 32-bit, and 16-bit. Each size has
386 three actual functions: put, get unsigned, and get signed.
388 These 18 functions are used to convert data between the host and target
391 @node BFD target vector format
392 @subsection Format type dependent functions
394 Every target vector has three arrays of function pointers which are
395 indexed by the BFD format type. The BFD format types are as follows:
399 Unknown format. Not used for anything useful.
408 The three arrays of function pointers are as follows:
411 @item bfd_check_format
412 Check whether the BFD is of a particular format (object file, archive
413 file, or core file) corresponding to this target vector. This is called
414 by the @samp{bfd_check_format} function when examining an existing BFD.
415 If the BFD matches the desired format, this function will initialize any
416 format specific information such as the @samp{tdata} field of the BFD.
417 This function must be called before any other BFD target vector function
418 on a file opened for reading.
421 Set the format of a BFD which was created for output. This is called by
422 the @samp{bfd_set_format} function after creating the BFD with a
423 function such as @samp{bfd_openw}. This function will initialize format
424 specific information required to write out an object file or whatever of
425 the given format. This function must be called before any other BFD
426 target vector function on a file opened for writing.
428 @item bfd_write_contents
429 Write out the contents of the BFD in the given format. This is called
430 by @samp{bfd_close} function for a BFD opened for writing. This really
431 should not be an array selected by format type, as the
432 @samp{bfd_set_format} function provides all the required information.
433 In fact, BFD will fail if a different format is used when calling
434 through the @samp{bfd_set_format} and the @samp{bfd_write_contents}
435 arrays; fortunately, since @samp{bfd_close} gets it right, this is a
436 difficult error to make.
439 @node BFD_JUMP_TABLE macros
440 @subsection @samp{BFD_JUMP_TABLE} macros
441 @cindex @samp{BFD_JUMP_TABLE}
443 Most target vectors are defined using @samp{BFD_JUMP_TABLE} macros.
444 These macros take a single argument, which is a prefix applied to a set
445 of functions. The macros are then used to initialize the fields in the
448 For example, the @samp{BFD_JUMP_TABLE_RELOCS} macro defines three
449 functions: @samp{_get_reloc_upper_bound}, @samp{_canonicalize_reloc},
450 and @samp{_bfd_reloc_type_lookup}. A reference like
451 @samp{BFD_JUMP_TABLE_RELOCS (foo)} will expand into three functions
452 prefixed with @samp{foo}: @samp{foo_get_reloc_upper_bound}, etc. The
453 @samp{BFD_JUMP_TABLE_RELOCS} macro will be placed such that those three
454 functions initialize the appropriate fields in the BFD target vector.
456 This is done because it turns out that many different target vectors can
457 share certain classes of functions. For example, archives are similar
458 on most platforms, so most target vectors can use the same archive
459 functions. Those target vectors all use @samp{BFD_JUMP_TABLE_ARCHIVE}
460 with the same argument, calling a set of functions which is defined in
463 Each of the @samp{BFD_JUMP_TABLE} macros is mentioned below along with
464 the description of the function pointers which it defines. The function
465 pointers will be described using the name without the prefix which the
466 @samp{BFD_JUMP_TABLE} macro defines. This name is normally the same as
467 the name of the field in the target vector structure. Any differences
470 @node BFD target vector generic
471 @subsection Generic functions
472 @cindex @samp{BFD_JUMP_TABLE_GENERIC}
474 The @samp{BFD_JUMP_TABLE_GENERIC} macro is used for some catch all
475 functions which don't easily fit into other categories.
478 @item _close_and_cleanup
479 Free any target specific information associated with the BFD. This is
480 called when any BFD is closed (the @samp{bfd_write_contents} function
481 mentioned earlier is only called for a BFD opened for writing). Most
482 targets use @samp{bfd_alloc} to allocate all target specific
483 information, and therefore don't have to do anything in this function.
484 This function pointer is typically set to
485 @samp{_bfd_generic_close_and_cleanup}, which simply returns true.
487 @item _bfd_free_cached_info
488 Free any cached information associated with the BFD which can be
489 recreated later if necessary. This is used to reduce the memory
490 consumption required by programs using BFD. This is normally called via
491 the @samp{bfd_free_cached_info} macro. It is used by the default
492 archive routines when computing the archive map. Most targets do not
493 do anything special for this entry point, and just set it to
494 @samp{_bfd_generic_free_cached_info}, which simply returns true.
496 @item _new_section_hook
497 This is called from @samp{bfd_make_section_anyway} whenever a new
498 section is created. Most targets use it to initialize section specific
499 information. This function is called whether or not the section
500 corresponds to an actual section in an actual BFD.
502 @item _get_section_contents
503 Get the contents of a section. This is called from
504 @samp{bfd_get_section_contents}. Most targets set this to
505 @samp{_bfd_generic_get_section_contents}, which does a @samp{bfd_seek}
506 based on the section's @samp{filepos} field and a @samp{bfd_read}. The
507 corresponding field in the target vector is named
508 @samp{_bfd_get_section_contents}.
510 @item _get_section_contents_in_window
511 Set a @samp{bfd_window} to hold the contents of a section. This is
512 called from @samp{bfd_get_section_contents_in_window}. The
513 @samp{bfd_window} idea never really caught on, and I don't think this is
514 ever called. Pretty much all targets implement this as
515 @samp{bfd_generic_get_section_contents_in_window}, which uses
516 @samp{bfd_get_section_contents} to do the right thing. The
517 corresponding field in the target vector is named
518 @samp{_bfd_get_section_contents_in_window}.
521 @node BFD target vector copy
522 @subsection Copy functions
523 @cindex @samp{BFD_JUMP_TABLE_COPY}
525 The @samp{BFD_JUMP_TABLE_COPY} macro is used for functions which are
526 called when copying BFDs, and for a couple of functions which deal with
527 internal BFD information.
530 @item _bfd_copy_private_bfd_data
531 This is called when copying a BFD, via @samp{bfd_copy_private_bfd_data}.
532 If the input and output BFDs have the same format, this will copy any
533 private information over. This is called after all the section contents
534 have been written to the output file. Only a few targets do anything in
537 @item _bfd_merge_private_bfd_data
538 This is called when linking, via @samp{bfd_merge_private_bfd_data}. It
539 gives the backend linker code a chance to set any special flags in the
540 output file based on the contents of the input file. Only a few targets
541 do anything in this function.
543 @item _bfd_copy_private_section_data
544 This is similar to @samp{_bfd_copy_private_bfd_data}, but it is called
545 for each section, via @samp{bfd_copy_private_section_data}. This
546 function is called before any section contents have been written. Only
547 a few targets do anything in this function.
549 @item _bfd_copy_private_symbol_data
550 This is called via @samp{bfd_copy_private_symbol_data}, but I don't
551 think anything actually calls it. If it were defined, it could be used
552 to copy private symbol data from one BFD to another. However, most BFDs
553 store extra symbol information by allocating space which is larger than
554 the @samp{asymbol} structure and storing private information in the
555 extra space. Since @samp{objcopy} and other programs copy symbol
556 information by copying pointers to @samp{asymbol} structures, the
557 private symbol information is automatically copied as well. Most
558 targets do not do anything in this function.
560 @item _bfd_set_private_flags
561 This is called via @samp{bfd_set_private_flags}. It is basically a hook
562 for the assembler to set magic information. For example, the PowerPC
563 ELF assembler uses it to set flags which appear in the e_flags field of
564 the ELF header. Most targets do not do anything in this function.
566 @item _bfd_print_private_bfd_data
567 This is called by @samp{objdump} when the @samp{-p} option is used. It
568 is called via @samp{bfd_print_private_data}. It prints any interesting
569 information about the BFD which can not be otherwise represented by BFD
570 and thus can not be printed by @samp{objdump}. Most targets do not do
571 anything in this function.
574 @node BFD target vector core
575 @subsection Core file support functions
576 @cindex @samp{BFD_JUMP_TABLE_CORE}
578 The @samp{BFD_JUMP_TABLE_CORE} macro is used for functions which deal
579 with core files. Obviously, these functions only do something
580 interesting for targets which have core file support.
583 @item _core_file_failing_command
584 Given a core file, this returns the command which was run to produce the
587 @item _core_file_failing_signal
588 Given a core file, this returns the signal number which produced the
591 @item _core_file_matches_executable_p
592 Given a core file and a BFD for an executable, this returns whether the
593 core file was generated by the executable.
596 @node BFD target vector archive
597 @subsection Archive functions
598 @cindex @samp{BFD_JUMP_TABLE_ARCHIVE}
600 The @samp{BFD_JUMP_TABLE_ARCHIVE} macro is used for functions which deal
601 with archive files. Most targets use COFF style archive files
602 (including ELF targets), and these use @samp{_bfd_archive_coff} as the
603 argument to @samp{BFD_JUMP_TABLE_ARCHIVE}. Some targets use BSD/a.out
604 style archives, and these use @samp{_bfd_archive_bsd}. (The main
605 difference between BSD and COFF archives is the format of the archive
606 symbol table). Targets with no archive support use
607 @samp{_bfd_noarchive}. Finally, a few targets have unusual archive
612 Read in the archive symbol table, storing it in private BFD data. This
613 is normally called from the archive @samp{check_format} routine. The
614 corresponding field in the target vector is named
615 @samp{_bfd_slurp_armap}.
617 @item _slurp_extended_name_table
618 Read in the extended name table from the archive, if there is one,
619 storing it in private BFD data. This is normally called from the
620 archive @samp{check_format} routine. The corresponding field in the
621 target vector is named @samp{_bfd_slurp_extended_name_table}.
623 @item construct_extended_name_table
624 Build and return an extended name table if one is needed to write out
625 the archive. This also adjusts the archive headers to refer to the
626 extended name table appropriately. This is normally called from the
627 archive @samp{write_contents} routine. The corresponding field in the
628 target vector is named @samp{_bfd_construct_extended_name_table}.
630 @item _truncate_arname
631 This copies a file name into an archive header, truncating it as
632 required. It is normally called from the archive @samp{write_contents}
633 routine. This function is more interesting in targets which do not
634 support extended name tables, but I think the GNU @samp{ar} program
635 always uses extended name tables anyhow. The corresponding field in the
636 target vector is named @samp{_bfd_truncate_arname}.
639 Write out the archive symbol table using calls to @samp{bfd_write}.
640 This is normally called from the archive @samp{write_contents} routine.
641 The corresponding field in the target vector is named @samp{write_armap}
642 (no leading underscore).
645 Read and parse an archive header. This handles expanding the archive
646 header name into the real file name using the extended name table. This
647 is called by routines which read the archive symbol table or the archive
648 itself. The corresponding field in the target vector is named
649 @samp{_bfd_read_ar_hdr_fn}.
651 @item _openr_next_archived_file
652 Given an archive and a BFD representing a file stored within the
653 archive, return a BFD for the next file in the archive. This is called
654 via @samp{bfd_openr_next_archived_file}. The corresponding field in the
655 target vector is named @samp{openr_next_archived_file} (no leading
658 @item _get_elt_at_index
659 Given an archive and an index, return a BFD for the file in the archive
660 corresponding to that entry in the archive symbol table. This is called
661 via @samp{bfd_get_elt_at_index}. The corresponding field in the target
662 vector is named @samp{_bfd_get_elt_at_index}.
664 @item _generic_stat_arch_elt
665 Do a stat on an element of an archive, returning information read from
666 the archive header (modification time, uid, gid, file mode, size). This
667 is called via @samp{bfd_stat_arch_elt}. The corresponding field in the
668 target vector is named @samp{_bfd_stat_arch_elt}.
670 @item _update_armap_timestamp
671 After the entire contents of an archive have been written out, update
672 the timestamp of the archive symbol table to be newer than that of the
673 file. This is required for a.out style archives. This is normally
674 called by the archive @samp{write_contents} routine. The corresponding
675 field in the target vector is named @samp{_bfd_update_armap_timestamp}.
678 @node BFD target vector symbols
679 @subsection Symbol table functions
680 @cindex @samp{BFD_JUMP_TABLE_SYMBOLS}
682 The @samp{BFD_JUMP_TABLE_SYMBOLS} macro is used for functions which deal
686 @item _get_symtab_upper_bound
687 Return a sensible upper bound on the amount of memory which will be
688 required to read the symbol table. In practice most targets return the
689 amount of memory required to hold @samp{asymbol} pointers for all the
690 symbols plus a trailing @samp{NULL} entry, and store the actual symbol
691 information in BFD private data. This is called via
692 @samp{bfd_get_symtab_upper_bound}. The corresponding field in the
693 target vector is named @samp{_bfd_get_symtab_upper_bound}.
696 Read in the symbol table. This is called via
697 @samp{bfd_canonicalize_symtab}. The corresponding field in the target
698 vector is named @samp{_bfd_canonicalize_symtab}.
700 @item _make_empty_symbol
701 Create an empty symbol for the BFD. This is needed because most targets
702 store extra information with each symbol by allocating a structure
703 larger than an @samp{asymbol} and storing the extra information at the
704 end. This function will allocate the right amount of memory, and return
705 what looks like a pointer to an empty @samp{asymbol}. This is called
706 via @samp{bfd_make_empty_symbol}. The corresponding field in the target
707 vector is named @samp{_bfd_make_empty_symbol}.
710 Print information about the symbol. This is called via
711 @samp{bfd_print_symbol}. One of the arguments indicates what sort of
712 information should be printed:
715 @item bfd_print_symbol_name
716 Just print the symbol name.
717 @item bfd_print_symbol_more
718 Print the symbol name and some interesting flags. I don't think
719 anything actually uses this.
720 @item bfd_print_symbol_all
721 Print all information about the symbol. This is used by @samp{objdump}
722 when run with the @samp{-t} option.
724 The corresponding field in the target vector is named
725 @samp{_bfd_print_symbol}.
727 @item _get_symbol_info
728 Return a standard set of information about the symbol. This is called
729 via @samp{bfd_symbol_info}. The corresponding field in the target
730 vector is named @samp{_bfd_get_symbol_info}.
732 @item _bfd_is_local_label_name
733 Return whether the given string would normally represent the name of a
734 local label. This is called via @samp{bfd_is_local_label} and
735 @samp{bfd_is_local_label_name}. Local labels are normally discarded by
736 the assembler. In the linker, this defines the difference between the
737 @samp{-x} and @samp{-X} options.
740 Return line number information for a symbol. This is only meaningful
741 for a COFF target. This is called when writing out COFF line numbers.
743 @item _find_nearest_line
744 Given an address within a section, use the debugging information to find
745 the matching file name, function name, and line number, if any. This is
746 called via @samp{bfd_find_nearest_line}. The corresponding field in the
747 target vector is named @samp{_bfd_find_nearest_line}.
749 @item _bfd_make_debug_symbol
750 Make a debugging symbol. This is only meaningful for a COFF target,
751 where it simply returns a symbol which will be placed in the
752 @samp{N_DEBUG} section when it is written out. This is called via
753 @samp{bfd_make_debug_symbol}.
755 @item _read_minisymbols
756 Minisymbols are used to reduce the memory requirements of programs like
757 @samp{nm}. A minisymbol is a cookie pointing to internal symbol
758 information which the caller can use to extract complete symbol
759 information. This permits BFD to not convert all the symbols into
760 generic form, but to instead convert them one at a time. This is called
761 via @samp{bfd_read_minisymbols}. Most targets do not implement this,
762 and just use generic support which is based on using standard
763 @samp{asymbol} structures.
765 @item _minisymbol_to_symbol
766 Convert a minisymbol to a standard @samp{asymbol}. This is called via
767 @samp{bfd_minisymbol_to_symbol}.
770 @node BFD target vector relocs
771 @subsection Relocation support
772 @cindex @samp{BFD_JUMP_TABLE_RELOCS}
774 The @samp{BFD_JUMP_TABLE_RELOCS} macro is used for functions which deal
778 @item _get_reloc_upper_bound
779 Return a sensible upper bound on the amount of memory which will be
780 required to read the relocations for a section. In practice most
781 targets return the amount of memory required to hold @samp{arelent}
782 pointers for all the relocations plus a trailing @samp{NULL} entry, and
783 store the actual relocation information in BFD private data. This is
784 called via @samp{bfd_get_reloc_upper_bound}.
786 @item _canonicalize_reloc
787 Return the relocation information for a section. This is called via
788 @samp{bfd_canonicalize_reloc}. The corresponding field in the target
789 vector is named @samp{_bfd_canonicalize_reloc}.
791 @item _bfd_reloc_type_lookup
792 Given a relocation code, return the corresponding howto structure
793 (@pxref{BFD relocation codes}). This is called via
794 @samp{bfd_reloc_type_lookup}. The corresponding field in the target
795 vector is named @samp{reloc_type_lookup}.
798 @node BFD target vector write
799 @subsection Output functions
800 @cindex @samp{BFD_JUMP_TABLE_WRITE}
802 The @samp{BFD_JUMP_TABLE_WRITE} macro is used for functions which deal
803 with writing out a BFD.
807 Set the architecture and machine number for a BFD. This is called via
808 @samp{bfd_set_arch_mach}. Most targets implement this by calling
809 @samp{bfd_default_set_arch_mach}. The corresponding field in the target
810 vector is named @samp{_bfd_set_arch_mach}.
812 @item _set_section_contents
813 Write out the contents of a section. This is called via
814 @samp{bfd_set_section_contents}. The corresponding field in the target
815 vector is named @samp{_bfd_set_section_contents}.
818 @node BFD target vector link
819 @subsection Linker functions
820 @cindex @samp{BFD_JUMP_TABLE_LINK}
822 The @samp{BFD_JUMP_TABLE_LINK} macro is used for functions called by the
826 @item _sizeof_headers
827 Return the size of the header information required for a BFD. This is
828 used to implement the @samp{SIZEOF_HEADERS} linker script function. It
829 is normally used to align the first section at an efficient position on
830 the page. This is called via @samp{bfd_sizeof_headers}. The
831 corresponding field in the target vector is named
832 @samp{_bfd_sizeof_headers}.
834 @item _bfd_get_relocated_section_contents
835 Read the contents of a section and apply the relocation information.
836 This handles both a final link and a relocateable link; in the latter
837 case, it adjust the relocation information as well. This is called via
838 @samp{bfd_get_relocated_section_contents}. Most targets implement it by
839 calling @samp{bfd_generic_get_relocated_section_contents}.
841 @item _bfd_relax_section
842 Try to use relaxation to shrink the size of a section. This is called
843 by the linker when the @samp{-relax} option is used. This is called via
844 @samp{bfd_relax_section}. Most targets do not support any sort of
847 @item _bfd_link_hash_table_create
848 Create the symbol hash table to use for the linker. This linker hook
849 permits the backend to control the size and information of the elements
850 in the linker symbol hash table. This is called via
851 @samp{bfd_link_hash_table_create}.
853 @item _bfd_link_add_symbols
854 Given an object file or an archive, add all symbols into the linker
855 symbol hash table. Use callbacks to the linker to include archive
856 elements in the link. This is called via @samp{bfd_link_add_symbols}.
858 @item _bfd_final_link
859 Finish the linking process. The linker calls this hook after all of the
860 input files have been read, when it is ready to finish the link and
861 generate the output file. This is called via @samp{bfd_final_link}.
863 @item _bfd_link_split_section
864 I don't know what this is for. Nothing seems to call it. The only
865 non-trivial definition is in @file{som.c}.
868 @node BFD target vector dynamic
869 @subsection Dynamic linking information functions
870 @cindex @samp{BFD_JUMP_TABLE_DYNAMIC}
872 The @samp{BFD_JUMP_TABLE_DYNAMIC} macro is used for functions which read
873 dynamic linking information.
876 @item _get_dynamic_symtab_upper_bound
877 Return a sensible upper bound on the amount of memory which will be
878 required to read the dynamic symbol table. In practice most targets
879 return the amount of memory required to hold @samp{asymbol} pointers for
880 all the symbols plus a trailing @samp{NULL} entry, and store the actual
881 symbol information in BFD private data. This is called via
882 @samp{bfd_get_dynamic_symtab_upper_bound}. The corresponding field in
883 the target vector is named @samp{_bfd_get_dynamic_symtab_upper_bound}.
885 @item _canonicalize_dynamic_symtab
886 Read the dynamic symbol table. This is called via
887 @samp{bfd_canonicalize_dynamic_symtab}. The corresponding field in the
888 target vector is named @samp{_bfd_canonicalize_dynamic_symtab}.
890 @item _get_dynamic_reloc_upper_bound
891 Return a sensible upper bound on the amount of memory which will be
892 required to read the dynamic relocations. In practice most targets
893 return the amount of memory required to hold @samp{arelent} pointers for
894 all the relocations plus a trailing @samp{NULL} entry, and store the
895 actual relocation information in BFD private data. This is called via
896 @samp{bfd_get_dynamic_reloc_upper_bound}. The corresponding field in
897 the target vector is named @samp{_bfd_get_dynamic_reloc_upper_bound}.
899 @item _canonicalize_dynamic_reloc
900 Read the dynamic relocations. This is called via
901 @samp{bfd_canonicalize_dynamic_reloc}. The corresponding field in the
902 target vector is named @samp{_bfd_canonicalize_dynamic_reloc}.
905 @node BFD generated files
906 @section BFD generated files
907 @cindex generated files in bfd
908 @cindex bfd generated files
910 BFD contains several automatically generated files. This section
911 describes them. Some files are created at configure time, when you
912 configure BFD. Some files are created at make time, when you build
913 BFD. Some files are automatically rebuilt at make time, but only if
914 you configure with the @samp{--enable-maintainer-mode} option. Some
915 files live in the object directory---the directory from which you run
916 configure---and some live in the source directory. All files that live
917 in the source directory are checked into the CVS repository.
922 @cindex @file{bfd-in3.h}
923 Lives in the object directory. Created at make time from
924 @file{bfd-in2.h} via @file{bfd-in3.h}. @file{bfd-in3.h} is created at
925 configure time from @file{bfd-in2.h}. There are automatic dependencies
926 to rebuild @file{bfd-in3.h} and hence @file{bfd.h} if @file{bfd-in2.h}
927 changes, so you can normally ignore @file{bfd-in3.h}, and just think
928 about @file{bfd-in2.h} and @file{bfd.h}.
930 @file{bfd.h} is built by replacing a few strings in @file{bfd-in2.h}.
931 To see them, search for @samp{@@} in @file{bfd-in2.h}. They mainly
932 control whether BFD is built for a 32 bit target or a 64 bit target.
935 @cindex @file{bfd-in2.h}
936 Lives in the source directory. Created from @file{bfd-in.h} and several
937 other BFD source files. If you configure with the
938 @samp{--enable-maintainer-mode} option, @file{bfd-in2.h} is rebuilt
939 automatically when a source file changes.
942 @itemx elf64-target.h
943 @cindex @file{elf32-target.h}
944 @cindex @file{elf64-target.h}
945 Live in the object directory. Created from @file{elfxx-target.h}.
946 These files are versions of @file{elfxx-target.h} customized for either
947 a 32 bit ELF target or a 64 bit ELF target.
950 @cindex @file{libbfd.h}
951 Lives in the source directory. Created from @file{libbfd-in.h} and
952 several other BFD source files. If you configure with the
953 @samp{--enable-maintainer-mode} option, @file{libbfd.h} is rebuilt
954 automatically when a source file changes.
957 @cindex @file{libcoff.h}
958 Lives in the source directory. Created from @file{libcoff-in.h} and
959 @file{coffcode.h}. If you configure with the
960 @samp{--enable-maintainer-mode} option, @file{libcoff.h} is rebuilt
961 automatically when a source file changes.
964 @cindex @file{targmatch.h}
965 Lives in the object directory. Created at make time from
966 @file{config.bfd}. This file is used to map configuration triplets into
967 BFD target vector variable names at run time.
970 @node BFD multiple compilations
971 @section Files compiled multiple times in BFD
972 Several files in BFD are compiled multiple times. By this I mean that
973 there are header files which contain function definitions. These header
974 files are included by other files, and thus the functions are compiled
975 once per file which includes them.
977 Preprocessor macros are used to control the compilation, so that each
978 time the files are compiled the resulting functions are slightly
979 different. Naturally, if they weren't different, there would be no
980 reason to compile them multiple times.
982 This is a not a particularly good programming technique, and future BFD
983 work should avoid it.
987 Since this technique is rarely used, even experienced C programmers find
991 It is difficult to debug programs which use BFD, since there is no way
992 to describe which version of a particular function you are looking at.
995 Programs which use BFD wind up incorporating two or more slightly
996 different versions of the same function, which wastes space in the
1000 This technique is never required nor is it especially efficient. It is
1001 always possible to use statically initialized structures holding
1002 function pointers and magic constants instead.
1005 The following is a list of the files which are compiled multiple times.
1009 @cindex @file{aout-target.h}
1010 Describes a few functions and the target vector for a.out targets. This
1011 is used by individual a.out targets with different definitions of
1012 @samp{N_TXTADDR} and similar a.out macros.
1015 @cindex @file{aoutf1.h}
1016 Implements standard SunOS a.out files. In principle it supports 64 bit
1017 a.out targets based on the preprocessor macro @samp{ARCH_SIZE}, but
1018 since all known a.out targets are 32 bits, this code may or may not
1019 work. This file is only included by a few other files, and it is
1020 difficult to justify its existence.
1023 @cindex @file{aoutx.h}
1024 Implements basic a.out support routines. This file can be compiled for
1025 either 32 or 64 bit support. Since all known a.out targets are 32 bits,
1026 the 64 bit support may or may not work. I believe the original
1027 intention was that this file would only be included by @samp{aout32.c}
1028 and @samp{aout64.c}, and that other a.out targets would simply refer to
1029 the functions it defined. Unfortunately, some other a.out targets
1030 started including it directly, leading to a somewhat confused state of
1034 @cindex @file{coffcode.h}
1035 Implements basic COFF support routines. This file is included by every
1036 COFF target. It implements code which handles COFF magic numbers as
1037 well as various hook functions called by the generic COFF functions in
1038 @file{coffgen.c}. This file is controlled by a number of different
1039 macros, and more are added regularly.
1042 @cindex @file{coffswap.h}
1043 Implements COFF swapping routines. This file is included by
1044 @file{coffcode.h}, and thus by every COFF target. It implements the
1045 routines which swap COFF structures between internal and external
1046 format. The main control for this file is the external structure
1047 definitions in the files in the @file{include/coff} directory. A COFF
1048 target file will include one of those files before including
1049 @file{coffcode.h} and thus @file{coffswap.h}. There are a few other
1050 macros which affect @file{coffswap.h} as well, mostly describing whether
1051 certain fields are present in the external structures.
1054 @cindex @file{ecoffswap.h}
1055 Implements ECOFF swapping routines. This is like @file{coffswap.h}, but
1056 for ECOFF. It is included by the ECOFF target files (of which there are
1057 only two). The control is the preprocessor macro @samp{ECOFF_32} or
1061 @cindex @file{elfcode.h}
1062 Implements ELF functions that use external structure definitions. This
1063 file is included by two other files: @file{elf32.c} and @file{elf64.c}.
1064 It is controlled by the @samp{ARCH_SIZE} macro which is defined to be
1065 @samp{32} or @samp{64} before including it. The @samp{NAME} macro is
1066 used internally to give the functions different names for the two target
1070 @cindex @file{elfcore.h}
1071 Like @file{elfcode.h}, but for functions that are specific to ELF core
1072 files. This is included only by @file{elfcode.h}.
1075 @cindex @file{elflink.h}
1076 Like @file{elfcode.h}, but for functions used by the ELF linker. This
1077 is included only by @file{elfcode.h}.
1079 @item elfxx-target.h
1080 @cindex @file{elfxx-target.h}
1081 This file is the source for the generated files @file{elf32-target.h}
1082 and @file{elf64-target.h}, one of which is included by every ELF target.
1083 It defines the ELF target vector.
1086 @cindex @file{freebsd.h}
1087 Presumably intended to be included by all FreeBSD targets, but in fact
1088 there is only one such target, @samp{i386-freebsd}. This defines a
1089 function used to set the right magic number for FreeBSD, as well as
1090 various macros, and includes @file{aout-target.h}.
1093 @cindex @file{netbsd.h}
1094 Like @file{freebsd.h}, except that there are several files which include
1098 @cindex @file{nlm-target.h}
1099 Defines the target vector for a standard NLM target.
1102 @cindex @file{nlmcode.h}
1103 Like @file{elfcode.h}, but for NLM targets. This is only included by
1104 @file{nlm32.c} and @file{nlm64.c}, both of which define the macro
1105 @samp{ARCH_SIZE} to an appropriate value. There are no 64 bit NLM
1106 targets anyhow, so this is sort of useless.
1109 @cindex @file{nlmswap.h}
1110 Like @file{coffswap.h}, but for NLM targets. This is included by each
1111 NLM target, but I think it winds up compiling to the exact same code for
1112 every target, and as such is fairly useless.
1115 @cindex @file{peicode.h}
1116 Provides swapping routines and other hooks for PE targets.
1117 @file{coffcode.h} will include this rather than @file{coffswap.h} for a
1118 PE target. This defines PE specific versions of the COFF swapping
1119 routines, and also defines some macros which control @file{coffcode.h}
1123 @node BFD relocation handling
1124 @section BFD relocation handling
1125 @cindex bfd relocation handling
1126 @cindex relocations in bfd
1128 The handling of relocations is one of the more confusing aspects of BFD.
1129 Relocation handling has been implemented in various different ways, all
1130 somewhat incompatible, none perfect.
1133 * BFD relocation concepts:: BFD relocation concepts
1134 * BFD relocation functions:: BFD relocation functions
1135 * BFD relocation codes:: BFD relocation codes
1136 * BFD relocation future:: BFD relocation future
1139 @node BFD relocation concepts
1140 @subsection BFD relocation concepts
1142 A relocation is an action which the linker must take when linking. It
1143 describes a change to the contents of a section. The change is normally
1144 based on the final value of one or more symbols. Relocations are
1145 created by the assembler when it creates an object file.
1147 Most relocations are simple. A typical simple relocation is to set 32
1148 bits at a given offset in a section to the value of a symbol. This type
1149 of relocation would be generated for code like @code{int *p = &i;} where
1150 @samp{p} and @samp{i} are global variables. A relocation for the symbol
1151 @samp{i} would be generated such that the linker would initialize the
1152 area of memory which holds the value of @samp{p} to the value of the
1155 Slightly more complex relocations may include an addend, which is a
1156 constant to add to the symbol value before using it. In some cases a
1157 relocation will require adding the symbol value to the existing contents
1158 of the section in the object file. In others the relocation will simply
1159 replace the contents of the section with the symbol value. Some
1160 relocations are PC relative, so that the value to be stored in the
1161 section is the difference between the value of a symbol and the final
1162 address of the section contents.
1164 In general, relocations can be arbitrarily complex. For example,
1165 relocations used in dynamic linking systems often require the linker to
1166 allocate space in a different section and use the offset within that
1167 section as the value to store. In the IEEE object file format,
1168 relocations may involve arbitrary expressions.
1170 When doing a relocateable link, the linker may or may not have to do
1171 anything with a relocation, depending upon the definition of the
1172 relocation. Simple relocations generally do not require any special
1175 @node BFD relocation functions
1176 @subsection BFD relocation functions
1178 In BFD, each section has an array of @samp{arelent} structures. Each
1179 structure has a pointer to a symbol, an address within the section, an
1180 addend, and a pointer to a @samp{reloc_howto_struct} structure. The
1181 howto structure has a bunch of fields describing the reloc, including a
1182 type field. The type field is specific to the object file format
1183 backend; none of the generic code in BFD examines it.
1185 Originally, the function @samp{bfd_perform_relocation} was supposed to
1186 handle all relocations. In theory, many relocations would be simple
1187 enough to be described by the fields in the howto structure. For those
1188 that weren't, the howto structure included a @samp{special_function}
1189 field to use as an escape.
1191 While this seems plausible, a look at @samp{bfd_perform_relocation}
1192 shows that it failed. The function has odd special cases. Some of the
1193 fields in the howto structure, such as @samp{pcrel_offset}, were not
1194 adequately documented.
1196 The linker uses @samp{bfd_perform_relocation} to do all relocations when
1197 the input and output file have different formats (e.g., when generating
1198 S-records). The generic linker code, which is used by all targets which
1199 do not define their own special purpose linker, uses
1200 @samp{bfd_get_relocated_section_contents}, which for most targets turns
1201 into a call to @samp{bfd_generic_get_relocated_section_contents}, which
1202 calls @samp{bfd_perform_relocation}. So @samp{bfd_perform_relocation}
1203 is still widely used, which makes it difficult to change, since it is
1204 difficult to test all possible cases.
1206 The assembler used @samp{bfd_perform_relocation} for a while. This
1207 turned out to be the wrong thing to do, since
1208 @samp{bfd_perform_relocation} was written to handle relocations on an
1209 existing object file, while the assembler needed to create relocations
1210 in a new object file. The assembler was changed to use the new function
1211 @samp{bfd_install_relocation} instead, and @samp{bfd_install_relocation}
1212 was created as a copy of @samp{bfd_perform_relocation}.
1214 Unfortunately, the work did not progress any farther, so
1215 @samp{bfd_install_relocation} remains a simple copy of
1216 @samp{bfd_perform_relocation}, with all the odd special cases and
1217 confusing code. This again is difficult to change, because again any
1218 change can affect any assembler target, and so is difficult to test.
1220 The new linker, when using the same object file format for all input
1221 files and the output file, does not convert relocations into
1222 @samp{arelent} structures, so it can not use
1223 @samp{bfd_perform_relocation} at all. Instead, users of the new linker
1224 are expected to write a @samp{relocate_section} function which will
1225 handle relocations in a target specific fashion.
1227 There are two helper functions for target specific relocation:
1228 @samp{_bfd_final_link_relocate} and @samp{_bfd_relocate_contents}.
1229 These functions use a howto structure, but they @emph{do not} use the
1230 @samp{special_function} field. Since the functions are normally called
1231 from target specific code, the @samp{special_function} field adds
1232 little; any relocations which require special handling can be handled
1233 without calling those functions.
1235 So, if you want to add a new target, or add a new relocation to an
1236 existing target, you need to do the following:
1240 Make sure you clearly understand what the contents of the section should
1241 look like after assembly, after a relocateable link, and after a final
1242 link. Make sure you clearly understand the operations the linker must
1243 perform during a relocateable link and during a final link.
1246 Write a howto structure for the relocation. The howto structure is
1247 flexible enough to represent any relocation which should be handled by
1248 setting a contiguous bitfield in the destination to the value of a
1249 symbol, possibly with an addend, possibly adding the symbol value to the
1250 value already present in the destination.
1253 Change the assembler to generate your relocation. The assembler will
1254 call @samp{bfd_install_relocation}, so your howto structure has to be
1255 able to handle that. You may need to set the @samp{special_function}
1256 field to handle assembly correctly. Be careful to ensure that any code
1257 you write to handle the assembler will also work correctly when doing a
1258 relocateable link. For example, see @samp{bfd_elf_generic_reloc}.
1261 Test the assembler. Consider the cases of relocation against an
1262 undefined symbol, a common symbol, a symbol defined in the object file
1263 in the same section, and a symbol defined in the object file in a
1264 different section. These cases may not all be applicable for your
1268 If your target uses the new linker, which is recommended, add any
1269 required handling to the target specific relocation function. In simple
1270 cases this will just involve a call to @samp{_bfd_final_link_relocate}
1271 or @samp{_bfd_relocate_contents}, depending upon the definition of the
1272 relocation and whether the link is relocateable or not.
1275 Test the linker. Test the case of a final link. If the relocation can
1276 overflow, use a linker script to force an overflow and make sure the
1277 error is reported correctly. Test a relocateable link, whether the
1278 symbol is defined or undefined in the relocateable output. For both the
1279 final and relocateable link, test the case when the symbol is a common
1280 symbol, when the symbol looked like a common symbol but became a defined
1281 symbol, when the symbol is defined in a different object file, and when
1282 the symbol is defined in the same object file.
1285 In order for linking to another object file format, such as S-records,
1286 to work correctly, @samp{bfd_perform_relocation} has to do the right
1287 thing for the relocation. You may need to set the
1288 @samp{special_function} field to handle this correctly. Test this by
1289 doing a link in which the output object file format is S-records.
1292 Using the linker to generate relocateable output in a different object
1293 file format is impossible in the general case, so you generally don't
1294 have to worry about that. Linking input files of different object file
1295 formats together is quite unusual, but if you're really dedicated you
1296 may want to consider testing this case, both when the output object file
1297 format is the same as your format, and when it is different.
1300 @node BFD relocation codes
1301 @subsection BFD relocation codes
1303 BFD has another way of describing relocations besides the howto
1304 structures described above: the enum @samp{bfd_reloc_code_real_type}.
1306 Every known relocation type can be described as a value in this
1307 enumeration. The enumeration contains many target specific relocations,
1308 but where two or more targets have the same relocation, a single code is
1309 used. For example, the single value @samp{BFD_RELOC_32} is used for all
1310 simple 32 bit relocation types.
1312 The main purpose of this relocation code is to give the assembler some
1313 mechanism to create @samp{arelent} structures. In order for the
1314 assembler to create an @samp{arelent} structure, it has to be able to
1315 obtain a howto structure. The function @samp{bfd_reloc_type_lookup},
1316 which simply calls the target vector entry point
1317 @samp{reloc_type_lookup}, takes a relocation code and returns a howto
1320 The function @samp{bfd_get_reloc_code_name} returns the name of a
1321 relocation code. This is mainly used in error messages.
1323 Using both howto structures and relocation codes can be somewhat
1324 confusing. There are many processor specific relocation codes.
1325 However, the relocation is only fully defined by the howto structure.
1326 The same relocation code will map to different howto structures in
1327 different object file formats. For example, the addend handling may be
1330 Most of the relocation codes are not really general. The assembler can
1331 not use them without already understanding what sorts of relocations can
1332 be used for a particular target. It might be possible to replace the
1333 relocation codes with something simpler.
1335 @node BFD relocation future
1336 @subsection BFD relocation future
1338 Clearly the current BFD relocation support is in bad shape. A
1339 wholescale rewrite would be very difficult, because it would require
1340 thorough testing of every BFD target. So some sort of incremental
1343 My vague thoughts on this would involve defining a new, clearly defined,
1344 howto structure. Some mechanism would be used to determine which type
1345 of howto structure was being used by a particular format.
1347 The new howto structure would clearly define the relocation behaviour in
1348 the case of an assembly, a relocateable link, and a final link. At
1349 least one special function would be defined as an escape, and it might
1350 make sense to define more.
1352 One or more generic functions similar to @samp{bfd_perform_relocation}
1353 would be written to handle the new howto structure.
1355 This should make it possible to write a generic version of the relocate
1356 section functions used by the new linker. The target specific code
1357 would provide some mechanism (a function pointer or an initial
1358 conversion) to convert target specific relocations into howto
1361 Ideally it would be possible to use this generic relocate section
1362 function for the generic linker as well. That is, it would replace the
1363 @samp{bfd_generic_get_relocated_section_contents} function which is
1364 currently normally used.
1366 For the special case of ELF dynamic linking, more consideration needs to
1367 be given to writing ELF specific but ELF target generic code to handle
1368 special relocation types such as GOT and PLT.
1370 @node BFD ELF support
1371 @section BFD ELF support
1372 @cindex elf support in bfd
1373 @cindex bfd elf support
1375 The ELF object file format is defined in two parts: a generic ABI and a
1376 processor specific supplement. The ELF support in BFD is split in a
1377 similar fashion. The processor specific support is largely kept within
1378 a single file. The generic support is provided by several other files.
1379 The processor specific support provides a set of function pointers and
1380 constants used by the generic support.
1383 * BFD ELF sections and segments:: ELF sections and segments
1384 * BFD ELF generic support:: BFD ELF generic support
1385 * BFD ELF processor specific support:: BFD ELF processor specific support
1386 * BFD ELF core files:: BFD ELF core files
1387 * BFD ELF future:: BFD ELF future
1390 @node BFD ELF sections and segments
1391 @subsection ELF sections and segments
1393 The ELF ABI permits a file to have either sections or segments or both.
1394 Relocateable object files conventionally have only sections.
1395 Executables conventionally have both. Core files conventionally have
1396 only program segments.
1398 ELF sections are similar to sections in other object file formats: they
1399 have a name, a VMA, file contents, flags, and other miscellaneous
1400 information. ELF relocations are stored in sections of a particular
1401 type; BFD automatically converts these sections into internal relocation
1404 ELF program segments are intended for fast interpretation by a system
1405 loader. They have a type, a VMA, an LMA, file contents, and a couple of
1406 other fields. When an ELF executable is run on a Unix system, the
1407 system loader will examine the program segments to decide how to load
1408 it. The loader will ignore the section information. Loadable program
1409 segments (type @samp{PT_LOAD}) are directly loaded into memory. Other
1410 program segments are interpreted by the loader, and generally provide
1411 dynamic linking information.
1413 When an ELF file has both program segments and sections, an ELF program
1414 segment may encompass one or more ELF sections, in the sense that the
1415 portion of the file which corresponds to the program segment may include
1416 the portions of the file corresponding to one or more sections. When
1417 there is more than one section in a loadable program segment, the
1418 relative positions of the section contents in the file must correspond
1419 to the relative positions they should hold when the program segment is
1420 loaded. This requirement should be obvious if you consider that the
1421 system loader will load an entire program segment at a time.
1423 On a system which supports dynamic paging, such as any native Unix
1424 system, the contents of a loadable program segment must be at the same
1425 offset in the file as in memory, modulo the memory page size used on the
1426 system. This is because the system loader will map the file into memory
1427 starting at the start of a page. The system loader can easily remap
1428 entire pages to the correct load address. However, if the contents of
1429 the file were not correctly aligned within the page, the system loader
1430 would have to shift the contents around within the page, which is too
1431 expensive. For example, if the LMA of a loadable program segment is
1432 @samp{0x40080} and the page size is @samp{0x1000}, then the position of
1433 the segment contents within the file must equal @samp{0x80} modulo
1436 BFD has only a single set of sections. It does not provide any generic
1437 way to examine both sections and segments. When BFD is used to open an
1438 object file or executable, the BFD sections will represent ELF sections.
1439 When BFD is used to open a core file, the BFD sections will represent
1440 ELF program segments.
1442 When BFD is used to examine an object file or executable, any program
1443 segments will be read to set the LMA of the sections. This is because
1444 ELF sections only have a VMA, while ELF program segments have both a VMA
1445 and an LMA. Any program segments will be copied by the
1446 @samp{copy_private} entry points. They will be printed by the
1447 @samp{print_private} entry point. Otherwise, the program segments are
1448 ignored. In particular, programs which use BFD currently have no direct
1449 access to the program segments.
1451 When BFD is used to create an executable, the program segments will be
1452 created automatically based on the section information. This is done in
1453 the function @samp{assign_file_positions_for_segments} in @file{elf.c}.
1454 This function has been tweaked many times, and probably still has
1455 problems that arise in particular cases.
1457 There is a hook which may be used to explicitly define the program
1458 segments when creating an executable: the @samp{bfd_record_phdr}
1459 function in @file{bfd.c}. If this function is called, BFD will not
1460 create program segments itself, but will only create the program
1461 segments specified by the caller. The linker uses this function to
1462 implement the @samp{PHDRS} linker script command.
1464 @node BFD ELF generic support
1465 @subsection BFD ELF generic support
1467 In general, functions which do not read external data from the ELF file
1468 are found in @file{elf.c}. They operate on the internal forms of the
1469 ELF structures, which are defined in @file{include/elf/internal.h}. The
1470 internal structures are defined in terms of @samp{bfd_vma}, and so may
1471 be used for both 32 bit and 64 bit ELF targets.
1473 The file @file{elfcode.h} contains functions which operate on the
1474 external data. @file{elfcode.h} is compiled twice, once via
1475 @file{elf32.c} with @samp{ARCH_SIZE} defined as @samp{32}, and once via
1476 @file{elf64.c} with @samp{ARCH_SIZE} defined as @samp{64}.
1477 @file{elfcode.h} includes functions to swap the ELF structures in and
1478 out of external form, as well as a few more complex functions.
1480 Linker support is found in @file{elflink.c} and @file{elflink.h}. The
1481 latter file is compiled twice, for both 32 and 64 bit support. The
1482 linker support is only used if the processor specific file defines
1483 @samp{elf_backend_relocate_section}, which is required to relocate the
1484 section contents. If that macro is not defined, the generic linker code
1485 is used, and relocations are handled via @samp{bfd_perform_relocation}.
1487 The core file support is in @file{elfcore.h}, which is compiled twice,
1488 for both 32 and 64 bit support. The more interesting cases of core file
1489 support only work on a native system which has the @file{sys/procfs.h}
1490 header file. Without that file, the core file support does little more
1491 than read the ELF program segments as BFD sections.
1493 The BFD internal header file @file{elf-bfd.h} is used for communication
1494 among these files and the processor specific files.
1496 The default entries for the BFD ELF target vector are found mainly in
1497 @file{elf.c}. Some functions are found in @file{elfcode.h}.
1499 The processor specific files may override particular entries in the
1500 target vector, but most do not, with one exception: the
1501 @samp{bfd_reloc_type_lookup} entry point is always processor specific.
1503 @node BFD ELF processor specific support
1504 @subsection BFD ELF processor specific support
1506 By convention, the processor specific support for a particular processor
1507 will be found in @file{elf@var{nn}-@var{cpu}.c}, where @var{nn} is
1508 either 32 or 64, and @var{cpu} is the name of the processor.
1511 * BFD ELF processor required:: Required processor specific support
1512 * BFD ELF processor linker:: Processor specific linker support
1513 * BFD ELF processor other:: Other processor specific support options
1516 @node BFD ELF processor required
1517 @subsubsection Required processor specific support
1519 When writing a @file{elf@var{nn}-@var{cpu}.c} file, you must do the
1524 Define either @samp{TARGET_BIG_SYM} or @samp{TARGET_LITTLE_SYM}, or
1525 both, to a unique C name to use for the target vector. This name should
1526 appear in the list of target vectors in @file{targets.c}, and will also
1527 have to appear in @file{config.bfd} and @file{configure.in}. Define
1528 @samp{TARGET_BIG_SYM} for a big-endian processor,
1529 @samp{TARGET_LITTLE_SYM} for a little-endian processor, and define both
1530 for a bi-endian processor.
1532 Define either @samp{TARGET_BIG_NAME} or @samp{TARGET_LITTLE_NAME}, or
1533 both, to a string used as the name of the target vector. This is the
1534 name which a user of the BFD tool would use to specify the object file
1535 format. It would normally appear in a linker emulation parameters
1538 Define @samp{ELF_ARCH} to the BFD architecture (an element of the
1539 @samp{bfd_architecture} enum, typically @samp{bfd_arch_@var{cpu}}).
1541 Define @samp{ELF_MACHINE_CODE} to the magic number which should appear
1542 in the @samp{e_machine} field of the ELF header. As of this writing,
1543 these magic numbers are assigned by SCO; if you want to get a magic
1544 number for a particular processor, try sending a note to
1545 @email{registry@@sco.com}. In the BFD sources, the magic numbers are
1546 found in @file{include/elf/common.h}; they have names beginning with
1549 Define @samp{ELF_MAXPAGESIZE} to the maximum size of a virtual page in
1550 memory. This can normally be found at the start of chapter 5 in the
1551 processor specific supplement. For a processor which will only be used
1552 in an embedded system, or which has no memory management hardware, this
1553 can simply be @samp{1}.
1555 If the format should use @samp{Rel} rather than @samp{Rela} relocations,
1556 define @samp{USE_REL}. This is normally defined in chapter 4 of the
1557 processor specific supplement.
1559 In the absence of a supplement, it's easier to work with @samp{Rela}
1560 relocations. @samp{Rela} relocations will require more space in object
1561 files (but not in executables, except when using dynamic linking).
1562 However, this is outweighed by the simplicity of addend handling when
1563 using @samp{Rela} relocations. With @samp{Rel} relocations, the addend
1564 must be stored in the section contents, which makes relocateable links
1567 For example, consider C code like @code{i = a[1000];} where @samp{a} is
1568 a global array. The instructions which load the value of @samp{a[1000]}
1569 will most likely use a relocation which refers to the symbol
1570 representing @samp{a}, with an addend that gives the offset from the
1571 start of @samp{a} to element @samp{1000}. When using @samp{Rel}
1572 relocations, that addend must be stored in the instructions themselves.
1573 If you are adding support for a RISC chip which uses two or more
1574 instructions to load an address, then the addend may not fit in a single
1575 instruction, and will have to be somehow split among the instructions.
1576 This makes linking awkward, particularly when doing a relocateable link
1577 in which the addend may have to be updated. It can be done---the MIPS
1578 ELF support does it---but it should be avoided when possible.
1580 It is possible, though somewhat awkward, to support both @samp{Rel} and
1581 @samp{Rela} relocations for a single target; @file{elf64-mips.c} does it
1582 by overriding the relocation reading and writing routines.
1584 Define howto structures for all the relocation types.
1586 Define a @samp{bfd_reloc_type_lookup} routine. This must be named
1587 @samp{bfd_elf@var{nn}_bfd_reloc_type_lookup}, and may be either a
1588 function or a macro. It must translate a BFD relocation code into a
1589 howto structure. This is normally a table lookup or a simple switch.
1591 If using @samp{Rel} relocations, define @samp{elf_info_to_howto_rel}.
1592 If using @samp{Rela} relocations, define @samp{elf_info_to_howto}.
1593 Either way, this is a macro defined as the name of a function which
1594 takes an @samp{arelent} and a @samp{Rel} or @samp{Rela} structure, and
1595 sets the @samp{howto} field of the @samp{arelent} based on the
1596 @samp{Rel} or @samp{Rela} structure. This is normally uses
1597 @samp{ELF@var{nn}_R_TYPE} to get the ELF relocation type and uses it as
1598 an index into a table of howto structures.
1601 You must also add the magic number for this processor to the
1602 @samp{prep_headers} function in @file{elf.c}.
1604 You must also create a header file in the @file{include/elf} directory
1605 called @file{@var{cpu}.h}. This file should define any target specific
1606 information which may be needed outside of the BFD code. In particular
1607 it should use the @samp{START_RELOC_NUMBERS}, @samp{RELOC_NUMBER},
1608 @samp{FAKE_RELOC}, @samp{EMPTY_RELOC} and @samp{END_RELOC_NUMBERS}
1609 macros to create a table mapping the number used to indentify a
1610 relocation to a name describing that relocation.
1612 While not a BFD component, you probably also want to make the binutils
1613 program @samp{readelf} parse your ELF objects. For this, you need to add
1614 code for @code{EM_@var{cpu}} as appropriate in @file{binutils/readelf.c}.
1616 @node BFD ELF processor linker
1617 @subsubsection Processor specific linker support
1619 The linker will be much more efficient if you define a relocate section
1620 function. This will permit BFD to use the ELF specific linker support.
1622 If you do not define a relocate section function, BFD must use the
1623 generic linker support, which requires converting all symbols and
1624 relocations into BFD @samp{asymbol} and @samp{arelent} structures. In
1625 this case, relocations will be handled by calling
1626 @samp{bfd_perform_relocation}, which will use the howto structures you
1627 have defined. @xref{BFD relocation handling}.
1629 In order to support linking into a different object file format, such as
1630 S-records, @samp{bfd_perform_relocation} must work correctly with your
1631 howto structures, so you can't skip that step. However, if you define
1632 the relocate section function, then in the normal case of linking into
1633 an ELF file the linker will not need to convert symbols and relocations,
1634 and will be much more efficient.
1636 To use a relocation section function, define the macro
1637 @samp{elf_backend_relocate_section} as the name of a function which will
1638 take the contents of a section, as well as relocation, symbol, and other
1639 information, and modify the section contents according to the relocation
1640 information. In simple cases, this is little more than a loop over the
1641 relocations which computes the value of each relocation and calls
1642 @samp{_bfd_final_link_relocate}. The function must check for a
1643 relocateable link, and in that case normally needs to do nothing other
1644 than adjust the addend for relocations against a section symbol.
1646 The complex cases generally have to do with dynamic linker support. GOT
1647 and PLT relocations must be handled specially, and the linker normally
1648 arranges to set up the GOT and PLT sections while handling relocations.
1649 When generating a shared library, random relocations must normally be
1650 copied into the shared library, or converted to RELATIVE relocations
1653 @node BFD ELF processor other
1654 @subsubsection Other processor specific support options
1656 There are many other macros which may be defined in
1657 @file{elf@var{nn}-@var{cpu}.c}. These macros may be found in
1658 @file{elfxx-target.h}.
1660 Macros may be used to override some of the generic ELF target vector
1663 Several processor specific hook functions which may be defined as
1664 macros. These functions are found as function pointers in the
1665 @samp{elf_backend_data} structure defined in @file{elf-bfd.h}. In
1666 general, a hook function is set by defining a macro
1667 @samp{elf_backend_@var{name}}.
1669 There are a few processor specific constants which may also be defined.
1670 These are again found in the @samp{elf_backend_data} structure.
1672 I will not define the various functions and constants here; see the
1673 comments in @file{elf-bfd.h}.
1675 Normally any odd characteristic of a particular ELF processor is handled
1676 via a hook function. For example, the special @samp{SHN_MIPS_SCOMMON}
1677 section number found in MIPS ELF is handled via the hooks
1678 @samp{section_from_bfd_section}, @samp{symbol_processing},
1679 @samp{add_symbol_hook}, and @samp{output_symbol_hook}.
1681 Dynamic linking support, which involves processor specific relocations
1682 requiring special handling, is also implemented via hook functions.
1684 @node BFD ELF core files
1685 @subsection BFD ELF core files
1686 @cindex elf core files
1688 On native ELF Unix systems, core files are generated without any
1689 sections. Instead, they only have program segments.
1691 When BFD is used to read an ELF core file, the BFD sections will
1692 actually represent program segments. Since ELF program segments do not
1693 have names, BFD will invent names like @samp{segment@var{n}} where
1694 @var{n} is a number.
1696 A single ELF program segment may include both an initialized part and an
1697 uninitialized part. The size of the initialized part is given by the
1698 @samp{p_filesz} field. The total size of the segment is given by the
1699 @samp{p_memsz} field. If @samp{p_memsz} is larger than @samp{p_filesz},
1700 then the extra space is uninitialized, or, more precisely, initialized
1703 BFD will represent such a program segment as two different sections.
1704 The first, named @samp{segment@var{n}a}, will represent the initialized
1705 part of the program segment. The second, named @samp{segment@var{n}b},
1706 will represent the uninitialized part.
1708 ELF core files store special information such as register values in
1709 program segments with the type @samp{PT_NOTE}. BFD will attempt to
1710 interpret the information in these segments, and will create additional
1711 sections holding the information. Some of this interpretation requires
1712 information found in the host header file @file{sys/procfs.h}, and so
1713 will only work when BFD is built on a native system.
1715 BFD does not currently provide any way to create an ELF core file. In
1716 general, BFD does not provide a way to create core files. The way to
1717 implement this would be to write @samp{bfd_set_format} and
1718 @samp{bfd_write_contents} routines for the @samp{bfd_core} type; see
1719 @ref{BFD target vector format}.
1721 @node BFD ELF future
1722 @subsection BFD ELF future
1724 The current dynamic linking support has too much code duplication.
1725 While each processor has particular differences, much of the dynamic
1726 linking support is quite similar for each processor. The GOT and PLT
1727 are handled in fairly similar ways, the details of -Bsymbolic linking
1728 are generally similar, etc. This code should be reworked to use more
1729 generic functions, eliminating the duplication.
1731 Similarly, the relocation handling has too much duplication. Many of
1732 the @samp{reloc_type_lookup} and @samp{info_to_howto} functions are
1733 quite similar. The relocate section functions are also often quite
1734 similar, both in the standard linker handling and the dynamic linker
1735 handling. Many of the COFF processor specific backends share a single
1736 relocate section function (@samp{_bfd_coff_generic_relocate_section}),
1737 and it should be possible to do something like this for the ELF targets
1740 The appearance of the processor specific magic number in
1741 @samp{prep_headers} in @file{elf.c} is somewhat bogus. It should be
1742 possible to add support for a new processor without changing the generic
1745 The processor function hooks and constants are ad hoc and need better
1748 When a linker script uses @samp{SIZEOF_HEADERS}, the ELF backend must
1749 guess at the number of program segments which will be required, in
1750 @samp{get_program_header_size}. This is because the linker calls
1751 @samp{bfd_sizeof_headers} before it knows all the section addresses and
1752 sizes. The ELF backend may later discover, when creating program
1753 segments, that more program segments are required. This is currently
1754 reported as an error in @samp{assign_file_positions_for_segments}.
1756 In practice this makes it difficult to use @samp{SIZEOF_HEADERS} except
1757 with a carefully defined linker script. Unfortunately,
1758 @samp{SIZEOF_HEADERS} is required for fast program loading on a native
1759 system, since it permits the initial code section to appear on the same
1760 page as the program segments, saving a page read when the program starts
1761 running. Fortunately, native systems permit careful definition of the
1762 linker script. Still, ideally it would be possible to use relaxation to
1763 compute the number of program segments.
1766 @section BFD glossary
1767 @cindex glossary for bfd
1768 @cindex bfd glossary
1770 This is a short glossary of some BFD terms.
1774 The a.out object file format. The original Unix object file format.
1775 Still used on SunOS, though not Solaris. Supports only three sections.
1778 A collection of object files produced and manipulated by the @samp{ar}
1782 The implementation within BFD of a particular object file format. The
1783 set of functions which appear in a particular target vector.
1786 The BFD library itself. Also, each object file, archive, or exectable
1787 opened by the BFD library has the type @samp{bfd *}, and is sometimes
1788 referred to as a bfd.
1791 The Common Object File Format. Used on Unix SVR3. Used by some
1792 embedded targets, although ELF is normally better.
1795 A shared library on Windows.
1797 @item dynamic linker
1798 When a program linked against a shared library is run, the dynamic
1799 linker will locate the appropriate shared library and arrange to somehow
1800 include it in the running image.
1802 @item dynamic object
1803 Another name for an ELF shared library.
1806 The Extended Common Object File Format. Used on Alpha Digital Unix
1807 (formerly OSF/1), as well as Ultrix and Irix 4. A variant of COFF.
1810 The Executable and Linking Format. The object file format used on most
1811 modern Unix systems, including GNU/Linux, Solaris, Irix, and SVR4. Also
1812 used on many embedded systems.
1815 A program, with instructions and symbols, and perhaps dynamic linking
1816 information. Normally produced by a linker.
1819 Load Memory Address. This is the address at which a section will be
1820 loaded. Compare with VMA, below.
1823 NetWare Loadable Module. Used to describe the format of an object which
1824 be loaded into NetWare, which is some kind of PC based network server
1828 A binary file including machine instructions, symbols, and relocation
1829 information. Normally produced by an assembler.
1831 @item object file format
1832 The format of an object file. Typically object files and executables
1833 for a particular system are in the same format, although executables
1834 will not contain any relocation information.
1837 The Portable Executable format. This is the object file format used for
1838 Windows (specifically, Win32) object files. It is based closely on
1839 COFF, but has a few significant differences.
1842 The Portable Executable Image format. This is the object file format
1843 used for Windows (specifically, Win32) executables. It is very similar
1844 to PE, but includes some additional header information.
1847 Information used by the linker to adjust section contents. Also called
1851 Object files and executable are composed of sections. Sections have
1852 optional data and optional relocation information.
1854 @item shared library
1855 A library of functions which may be used by many executables without
1856 actually being linked into each executable. There are several different
1857 implementations of shared libraries, each having slightly different
1861 Each object file and executable may have a list of symbols, often
1862 referred to as the symbol table. A symbol is basically a name and an
1863 address. There may also be some additional information like the type of
1864 symbol, although the type of a symbol is normally something simple like
1865 function or object, and should be confused with the more complex C
1866 notion of type. Typically every global function and variable in a C
1867 program will have an associated symbol.
1870 A set of functions which implement support for a particular object file
1871 format. The @samp{bfd_target} structure.
1874 The current Windows API, implemented by Windows 95 and later and Windows
1875 NT 3.51 and later, but not by Windows 3.1.
1878 The eXtended Common Object File Format. Used on AIX. A variant of
1879 COFF, with a completely different symbol table implementation.
1882 Virtual Memory Address. This is the address a section will have when
1883 an executable is run. Compare with LMA, above.
1887 @unnumberedsec Index