The GCSPR is almost always updated implicitly by the hardware, so the
compiler doesn't generate DWARF unwind information for it. Therefore add
an unwinding function that calculates the value of the GCSPR in the
previous frame based on its value in this frame. Some sanity checking is
done by confirming that the calculated value is within a Guarded Control
Stack memory area.
This function is the same as amd64_linux_dwarf2_prev_ssp, written by
Christina Schimpe to unwind Intel's SSP register.
The gdb.arch/aarch64-gcs-return.exp testcase is lightly adapted from
gdb.arch/amd64-shadow-stack-cmds.exp.
Reviewed-By: Christina Schimpe <christina.schimpe@intel.com> Approved-By: Luis Machado <luis.machado@arm.com>
GDB: aarch64-linux: Implement GCS support in displaced stepping
When doing displaced step on a branch and link instruction with the Guarded
Control Stack enabled, it's necessary to manually push and pop the GCS
entry for the function call since GDB writes a simple branch instruction
rather than a branch and link instruction in the displaced step buffer.
The testcase exercises GCS with displaced stepping by putting the
breakpoint on the bl instruction to force GDB to copy it to the
displaced stepping buffer. In this situation GDB needs to manually
manage the Guarded Control Stack.
Reviewed-By: Christina Schimpe <christina.schimpe@intel.com> Approved-By: Luis Machado <luis.machado@arm.com>
The signal frame can have a GCS context, so teach GDB how to use it.
Also, there's a new SEGV sigcode when the inferior does an illegal
memory access in the Guarded Control Stack, so display a message when
that is the case.
GDB, gdbserver: aarch64-linux: Initial Guarded Control Stack support
Add the org.gnu.gdb.aarch64.gcs feature with the GCSPR register, and the
org.gnu.gdb.aarch64.gcs.linux feature with "registers" to represent the
Linux kernel ptrace and prctl knobs that enable and lock specific GCS
functionality.
This code supports GCS only in Linux userspace applications, so the
GCSPR that is exposed is the one at EL0.
Also, support for calling inferior functions is enabled by adding an
implementation for the shadow_stack_push gdbarch method.
If for some reason a target description contains the
org.gnu.gdb.aarch64.gcs feature but not the
org.gnu.gdb.aarch64.gcs.linux feature then GCS support is disabled and
GDB continues the debugging session. Features that need GCS
support (for example, calling inferior functions) will not work and the
inferior will get a segmentation fault signal instead. There's a
testcase for this scenario but it only checks the native debugging case,
even though in practice this problem would only occur in remote
debugging with a broken stub or gdbserver. I tested manually with a
gdbserver hacked to send a broken target description and it worked as
described.
Testcases gdb.arch/aarch64-gcs.exp, gdb.arch/aarch64-gcs-core.exp and
gdb.arch/aarch64-gcs-wrong-tdesc.exp are included to cover the added
functionality.
The change in the core_find procedure allows aarch64-gcs-core.exp to
recover the output from the crashed program. It's needed because the
test program in this testcase prints to stdout the value of the GCSPR
right before crashing, and the testcase needs it to check whether GDB
got it right.
Reviewed-By: Christina Schimpe <christina.schimpe@intel.com> Approved-By: Luis Machado <luis.machado@arm.com>
gdb: Enable displaced stepping with shadow stack on amd64 linux.
Currently, if displaced stepping is active and the single stepped instruction
is a call instruction, the return address atop the stack is the address
following the copied instruction. However, to allow normal program execution
it has to be the address following the original instruction. Due to that
reason, the return address is corrected in amd64_displaced_step_fixup and
i386_displaced_step_fixup.
For programs that are shadow-stack enabled we see a control-protection
exception, as the address on the shadow stack does not match the address
atop the stack.
Fix this by correcting the shadow stack top address as well.
Approved-By: Luis Machado <luis.machado@arm.com> Reviewed-By: Eli Zaretskii <eliz@gnu.org>
gdb: Implement amd64 linux shadow stack support for inferior calls.
This patch enables inferior calls to support Intel's Control-Flow
Enforcement Technology (CET), which provides the shadow stack feature
for the x86 architecture.
Following the restriction of the linux kernel, enable inferior calls
for amd64 only.
Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Reviewed-By: Eli Zaretskii <eliz@gnu.org> Approved-By: Luis Machado <luis.machado@arm.com> Approved-By: Andrew Burgess <aburgess@redhat.com>
gdb, gdbarch: Enable inferior calls for shadow stack support.
Inferior calls in GDB reset the current PC to the beginning of the function
that is called. As no call instruction is executed the new return address
needs to be pushed to the shadow stack and the shadow stack pointer needs
to be updated.
This commit adds a new gdbarch method to push an address on the shadow
stack. The method is used to adapt the function 'call_function_by_hand_dummy'
for inferior call shadow stack support.
Reviewed-By: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com> Approved-By: Andrew Burgess <aburgess@redhat.com>
gdb: Handle shadow stack pointer register unwinding for amd64 linux.
Unwind the $pl3_ssp register.
We now have an updated value for the shadow stack pointer when
moving up or down the frame level. Note that $pl3_ssp can
become unavailable when moving to a frame before the shadow
stack enablement. In the example below, shadow stack is enabled
in the function 'call1'. Thus, when moving to a frame level above
the function, $pl3_ssp will become unavaiable.
Following the restriction of the linux kernel, implement the unwinding
for amd64 linux only.
Before this patch:
~~~
Breakpoint 1, call2 (j=3) at sample.c:44
44 return 42;
(gdb) p $pl3_ssp
$1 = (void *) 0x7ffff79ffff8
(gdb) up
55 call2 (3);
(gdb) p $pl3_ssp
$2 = (void *) 0x7ffff79ffff8
(gdb) up
68 call1 (43);
(gdb) p $pl3_ssp
$3 = (void *) 0x7ffff79ffff8
~~~
After this patch:
~~~
Breakpoint 1, call2 (j=3) at sample.c:44
44 return 42;
(gdb) p $pl3_ssp
$1 = (void *) 0x7ffff79ffff8
(gdb) up
55 call2 (3);
(gdb) p $pl3_ssp
$2 = (void *) 0x7ffff7a00000
(gdb) up
68 call1 (43i);
(gdb) p $pl3_ssp
$3 = <unavailable>
~~~
As we now have an updated value for each selected frame, the
return command is now enabled for shadow stack enabled programs, too.
We therefore add a test for the return command and shadow stack support,
and for an updated shadow stack pointer after a frame level change.
Reviewed-By: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com> Approved-By: Andrew Burgess <aburgess@redhat.com>
gdb: amd64 linux coredump support with shadow stack.
Intel's Control-Flow Enforcement Technology (CET) provides the shadow
stack feature for the x86 architecture.
This commit adds support to write and read the shadow-stack node in
corefiles. This helps debugging return address violations post-mortem.
The format is synced with the linux kernel commit "x86: Add PTRACE
interface for shadow stack". As the linux kernel restricts shadow
stack support to 64-bit, apply the fix for amd64 only.
Co-Authored-By: Christina Schimpe <christina.schimpe@intel.com> Reviewed-By: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com>
gdb, gdbserver: Add support of Intel shadow stack pointer register.
This patch adds the user mode register PL3_SSP which is part of the
Intel(R) Control-Flow Enforcement Technology (CET) feature for support
of shadow stack.
For now, only native and remote debugging support for shadow stack
userspace on amd64 linux are covered by this patch including 64 bit and
x32 support. 32 bit support is not covered due to missing Linux kernel
support.
This patch requires fixing the test gdb.base/inline-frame-cycle-unwind
which is failing in case the shadow stack pointer is unavailable.
Such a state is possible if shadow stack is disabled for the current thread
but supported by HW.
This test uses the Python unwinder inline-frame-cycle-unwind.py which fakes
the cyclic stack cycle by reading the pending frame's registers and adding
them to the unwinder:
~~~
for reg in pending_frame.architecture().registers("general"):
val = pending_frame.read_register(reg)
unwinder.add_saved_register(reg, val)
return unwinder
~~~
However, in case the python unwinder is used we add a register (pl3_ssp) that is
unavailable. This leads to a NOT_AVAILABLE_ERROR caught in
gdb/frame-unwind.c:frame_unwind_try_unwinder and it is continued with standard
unwinders. This destroys the faked cyclic behavior and the stack is
further unwinded after frame 5.
In the working scenario an error should be triggered:
~~~
bt
0 inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:49^M
1 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
2 0x000055555555516e in inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:45^M
3 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
4 0x000055555555516e in inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:45^M
5 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) PASS: gdb.base/inline-frame-cycle-unwind.exp: cycle at level 5: backtrace when the unwind is broken at frame 5
~~~
To fix the Python unwinder, we simply skip the unavailable registers.
Also it makes the test gdb.dap/scopes.exp fail. The shadow stack feature is
disabled by default, so the pl3_ssp register which is added with my CET
shadow stack series will be shown as unavailable and we see a TCL error:
~~
>>> {"seq": 12, "type": "request", "command": "variables", "arguments": {"variablesReference": 2, "count": 85}}
Content-Length: 129^M
^M
{"request_seq": 12, "type": "response", "command": "variables", "success": false, "message": "value is not available", "seq": 25}FAIL: gdb.dap/scopes.exp: fetch all registers success
ERROR: tcl error sourcing /tmp/gdb/testsuite/gdb.dap/scopes.exp.
ERROR: tcl error code TCL LOOKUP DICT body
ERROR: key "body" not known in dictionary
while executing
"dict get $val body variables"
(file "/tmp/gdb/testsuite/gdb.dap/scopes.exp" line 152)
invoked from within
"source /tmp/gdb/testsuite/gdb.dap/scopes.exp"
("uplevel" body line 1)
invoked from within
"uplevel #0 source /tmp/gdb/testsuite/gdb.dap/scopes.exp"
invoked from within
"catch "uplevel #0 source $test_file_name" msg"
UNRESOLVED: gdb.dap/scopes.exp: testcase '/tmp/gdb/testsuite/gdb.dap/scopes.exp' aborted due to Tcl error
~~
I am fixing this by enabling the test for CET shadow stack, in case we
detect that the HW supports it:
~~~
# If x86 shadow stack is supported we need to configure GLIBC_TUNABLES
# such that the feature is enabled and the register pl3_ssp is
# available. Otherwise the reqeust to fetch all registers will fail
# with "message": "value is not available".
if { [allow_ssp_tests] } {
append_environment GLIBC_TUNABLES "glibc.cpu.hwcaps" "SHSTK"
}
~~~
Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Reviewed-By: Eli Zaretskii <eliz@gnu.org> Approved-By: Luis Machado <luis.machado@arm.com>
gdb, gdbserver: Use xstate_bv for target description creation on x86.
The XSAVE function set is organized in state components, which are a set of
registers or parts of registers. So-called XSAVE-supported features are
organized using state-component bitmaps, each bit corresponding to a
single state component.
The Intel Software Developer's Manual uses the term xstate_bv for a
state-component bitmap, which is defined as XCR0 | IA32_XSS. The control
register XCR0 only contains a state-component bitmap that specifies user state
components, while IA32_XSS contains a state-component bitmap that specifies
supervisor state components.
Until now, XCR0 is used as input for target description creation in GDB.
However, a following patch will add userspace support for the CET shadow
stack feature by Intel. The CET state is configured in IA32_XSS and consists
of 2 state components:
- State component 11 used for the 2 MSRs controlling user-mode
functionality for CET (CET_U state)
- State component 12 used for the 3 MSRs containing shadow-stack pointers
for privilege levels 0-2 (CET_S state).
Reading the CET shadow stack pointer register on linux requires a separate
ptrace call using NT_X86_SHSTK. To pass the CET shadow stack enablement
state we would like to pass the xstate_bv value instead of xcr0 for target
description creation. To prepare for that, we rename the xcr0 mask
values for target description creation to xstate_bv. However, this
patch doesn't add any functional changes in GDB.
Future states specified in IA32_XSS such as CET will create a combined
xstate_bv_mask including xcr0 register value and its corresponding bit in
the state component bitmap. This combined mask will then be used to create
the target descriptions.
Reviewed-By: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com>
gdbserver: Add assert in x86_linux_read_description.
On x86 the PTRACE_GETREGSET request is currently only used for the xstate regset.
The size of the xstate regset is initialized to 0 such that it can be reset to
the appropriate size once we know it is supported for the current target
in x86_linux_read_description.
However, this configuration would not just affect the xstate regset but any regset
with PTRACE_GETREGSET request that is added in the future. The new regset would be
misconfigured with the xstate regset size. To avoid this we add an assert for
unsupported regsets and check explicitly for the note type of the register set.
Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com> Reviewed-By: Luis Machado <luis.machado@arm.com>
gdbserver: Add optional runtime register set type.
Some register sets can be activated and deactivated by the OS during the runtime of
a process. One example register is the Intel CET shadow stack pointer. This patch
adds a new type of register set to handle such cases. We shouldn't deactivate these
regsets and should not show a warning if the register set is not active but supported
by the kernel. However, it is safe to deactivate them, if they are unsupported by the
kernel. To differentiate those scenarios we can use the errno returned by the ptrace
call.
Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org> Approved-By: Luis Machado <luis.machado@arm.com> Reviewed-By: Luis Machado <luis.machado@arm.com>
We need it for testing coredump files, too. So include it in this patch series.
Abridged-by: Christina Schimpe <christina.schimpe@intel.com> Approved-By: Luis Machado <luis.machado@arm.com> Approved-By: Andrew Burgess <aburgess@redhat.com>
H.J. Lu [Wed, 20 Aug 2025 19:27:53 +0000 (12:27 -0700)]
elf: Clear entsize when clearing SEC_MERGE|SEC_STRINGS
When generating an output from input SEC_MERGE|SEC_STRINGS sections with
different entsizes, we clear the SEC_MERGE|SEC_STRINGS bits. We also need
to clear entsize.
PR ld/33291
* ldlang.c (lang_add_section): Clearing entsize when clearing
SEC_MERGE|SEC_STRINGS.
* testsuite/ld-elf/pr33291.d: New file.
* testsuite/ld-elf/pr33291a.s: Likewise.
* testsuite/ld-elf/pr33291b.s: Likewise.
H.J. Lu [Sun, 17 Aug 2025 22:22:22 +0000 (15:22 -0700)]
i386: Add GLIBC_ABI_GNU_TLS version dependency
On Linux/i386, programs and shared libraries compiled with
-mtls-dialect=gnu may fail silently at run-time against glibc without
the GNU TLS run-time fix for:
Add the --gnu-tls-tag option to x86-64 ELF linker to add the
GLIBC_ABI_GNU_TLS version dependency in output programs and shared
libraries when linking against glibc if input relocatable object files
call ___tls_get_addr. The output will fail to load and run at run-time
against glibc which doesn't define the GLIBC_ABI_GNU_TLS version.
Add the --enable-gnu-tls-tag configure option to enable --gnu-tls-tag
by default. If unspecified, linker will add the GLIBC_ABI_GNU_TLS
version dependency if input call ___tls_get_addr and libc.so defines
the GLIBC_ABI_GNU2_TLS version.
bfd/
PR ld/33287
* elf-linker-x86.h (elf_linker_x86_params): Add
gnu_tls_version_tag.
* elf32-i386.c (elf_backend_add_glibc_version_dependency): Add
GLIBC_ABI_GNU_TLS support.
* elfxx-x86.c (_bfd_x86_elf_link_check_relocs): Set
has_tls_get_addr_call to 1 if ___tls_get_addr is used.
* elfxx-x86.h (elf_x86_link_hash_table): Add has_tls_get_addr_call.
H.J. Lu [Sun, 17 Aug 2025 17:09:25 +0000 (10:09 -0700)]
x86-64: Add GLIBC_ABI_DT_X86_64_PLT version dependency
On Linux/x86-64, programs and shared libraries created with -z mark-plt
have the GLIBC_2.36 version tag dependency since -z mark-plt uses the
r_addend field of the R_X86_64_JUMP_SLOT relocation to store the offset
of the indirect branch instruction. Glibc versions which don't have the
commit added to glibc 2.36:
x86-64: Ignore r_addend for R_X86_64_GLOB_DAT/R_X86_64_JUMP_SLOT
we can add GLIBC_ABI_DT_X86_64_PLT version tag dependency, instead of
GLIBC_2.36 version tag dependency.
PR ld/33213
* elf-bfd.h (_bfd_elf_link_add_glibc_version_dependency): Change
return type to bool.
* elf64-x86-64.c (elf_x86_64_add_glibc_version_dependency): Add
GLIBC_ABI_DT_X86_64_PLT version tag dependency, instead of,
GLIBC_2.36 version tag dependency, for -z mark-plt if libc.so
defines GLIBC_ABI_DT_X86_64_PLT version tag.
* elflink.c (_bfd_elf_link_add_glibc_version_dependency): Change
return type to bool. Return false if elf_link_add_glibc_verneed
returns false.
H.J. Lu [Fri, 4 Jul 2025 00:39:03 +0000 (08:39 +0800)]
x86: Add GLIBC_ABI_GNU2_TLS version dependency
On Linux/x86, programs and shared libraries compiled with
-mtls-dialect=gnu2 may fail silently at run-time against glibc without
the GNU2 TLS run-time fixes for:
A version tag, GLIBC_ABI_GNU2_TLS, has been added to glibc to indicate
that glibc has the working GNU2 TLS run-time. Add the --gnu2-tls-tag
option to i386/x86-64 ELF linker to add the GLIBC_ABI_GNU2_TLS version
dependency in output programs and shared libraries when linking against
glibc if input relocatable object files have R_386_TLS_DESC_CALL or
R_X86_64_TLSDESC_CALL relocation. The output will fail to load and run
at run-time against glibc which doesn't define the GLIBC_ABI_GNU2_TLS
version.
Add the --enable-gnu2-tls-tag configure option to enable --gnu2-tls-tag
by default. If unspecified, linker will add the GLIBC_ABI_GNU2_TLS
version dependency if input object files have R_386_TLS_DESC_CALL or
R_X86_64_TLSDESC_CALL relocation and libc.so defines the GLIBC_ABI_GNU2_TLS
version.
Update elf_link_add_glibc_verneed to properly add the GLIBC_2.36 version
dependency when -z mark-plt -z nopack-relative-relocs passed to x86-64
ELF linker.
bfd/
PR ld/33130
* elf-bfd.h (_bfd_elf_link_add_glibc_version_dependency): Add
a pointer to bool argument.
* elf-linker-x86.h (elf_linker_x86_params): Add
gnu2_tls_version_tag.
* elf32-i386.c (elf_i386_scan_relocs): Set has_tls_desc_call to
1 for R_386_TLS_DESC_CALL.
(elf_i386_add_glibc_version_dependency): New. Undef before
FreeBSD support.
* elf64-x86-64.c (elf_x86_64_scan_relocs): Set has_tls_desc_call
to 1 for R_X86_64_TLSDESC_CALL.
(elf_x86_64_add_glibc_version_dependency): Add GLIBC_ABI_GNU2_TLS
version dependency if GLIBC_ABI_GNU2_TLS dependency isn't disabled
and has_tlsdesc_call isn't 0.
(elf_backend_add_glibc_version_dependency): Undef before FreeBSD
support and redefine for elf32-x86-64.
* elflink.c (elf_link_add_glibc_verneed): Changed to return bool.
Remove the pointer to elf_find_verdep_info argument. Add a
pointer to bool argument, auto_version. Return true if linked
against glibc. Otherwise return false. If the version dependency
is added, set *auto_version to true. If *auto_version is true,
add the version dependency only if libc.so defines the version.
(_bfd_elf_link_add_glibc_version_dependency): Add a pointer to
bool argument and pass it to elf_link_add_glibc_verneed.
(_bfd_elf_link_add_dt_relr_dependency): Pass NULL to
_bfd_elf_link_add_glibc_version_dependency.
* elfxx-x86.h (elf_x86_link_hash_table): Add has_tls_desc_call.
H.J. Lu [Tue, 19 Aug 2025 11:59:10 +0000 (04:59 -0700)]
ld: Compile some tests with -mdirect-extern-access
When GCC enables -mno-direct-extern-access by default, some tests fail
without -mdirect-extern-access. Define DIRECT_EXTERN_ACCESS_CFLAGS
to compile these tests with -mdirect-extern-access. Also pass
"-z noindirect-extern-access" to linker to support the C library
compiled with -mno-direct-extern-access.
PR ld/33267
* testsuite/config/default.exp (DIRECT_EXTERN_ACCESS_CFLAGS): New.
* testsuite/ld-elf/linux-x86.exp: Compile some tests with
$DIRECT_EXTERN_ACCESS_CFLAGS.
* testsuite/ld-elfvers/vers.exp (need_direct_extern_access): New
for i?86.
Compile tests with $need_direct_extern_access.
* testsuite/ld-i386/i386.exp: Compile some tests with
$DIRECT_EXTERN_ACCESS_CFLAGS.
* testsuite/ld-ifunc/ifunc.exp (need_direct_extern_access): New
for i?86.
Compile tests with $need_direct_extern_access.
* testsuite/ld-shared/shared.exp (need_direct_extern_access): New
for i?86.
Compile tests with $need_direct_extern_access.
* testsuite/ld-srec/srec.exp (CFLAGS_FOR_TARGET_TEST): Add
$DIRECT_EXTERN_ACCESS_CFLAGS.
(CXXFLAGS_FOR_TARGET_TEST): Likewise.
* testsuite/ld-vsb/vsb.exp (need_direct_extern_access): New
for i?86.
Compile tests with $need_direct_extern_access.
* testsuite/ld-x86-64/x86-64.exp: Compile some tests with
$DIRECT_EXTERN_ACCESS_CFLAGS and link some tests with
"-Wl,-z,noindirect-extern-access".
Co-Authored-By: Sam James <sam@gentoo.org> Signed-off-by: H.J. Lu <hjl.tools@gmail.com> Signed-off-by: Sam James <sam@gentoo.org>
Guinevere Larsen [Thu, 14 Aug 2025 14:25:38 +0000 (11:25 -0300)]
gdb: rework _active_linker_namespaces variable
This commit reworks the _active_linker_namespaces convenience variable
following Simon's feedback here:
https://sourceware.org/pipermail/gdb-patches/2025-August/219938.html
This patch implements the renaming to _linker_namespace_count (following
the standard set by _inferior_thread_count) and makes the convenience
variable more resilient in the multi-inferior case by providing a new
function, solib_linker_namespace_count, which counts gets the count of
namespaces using the solib_ops of the provided program_space
Approved-By: Simon Marchi <simon.marchi@efficios.com>
Nelson Chu [Wed, 20 Aug 2025 09:47:14 +0000 (17:47 +0800)]
RISC-V: PR33216, Fixed gcc testcases failed for commit 28520d7
I made a stupid mistake in the commit 28520d7, allow to assemble slli/srli/srai
with 0 immediate to hint c.slli/c.srli/c.srai. These hints will be regared as
illegal instruction for gdb and qemu, so at least I got following gcc testcases
failed,
=== g++: Unexpected fails for rv64gc lp64d medlow ===
FAIL: c-c++-common/torture/builtin-arith-overflow-17.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-6.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-p-17.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-p-6.c -O0 execution test
=== gfortran: Unexpected fails for rv64gc lp64d medlow ===
FAIL: gfortran.dg/leadz_trailz_2.f90 -O0 execution test
=== gcc: Unexpected fails for rv64gc lp64d medlow ===
FAIL: c-c++-common/torture/builtin-arith-overflow-17.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-6.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-p-17.c -O0 execution test
FAIL: c-c++-common/torture/builtin-arith-overflow-p-6.c -O0 execution test
So we should just allow c.slli/c.srli/c.srai with zero immediate as hints, but
don't allow slli/srli/srai with zero immediate.
gas/
PR 33216
* testsuite/gas/riscv/c-zero-imm.d: Only allow c.slli/c.srli/c.srai
with zero immediate as hints, but don't allow slli/srli/srai with
zero immediate.
* testsuite/gas/riscv/c-zero-imm.s: Likewise.
opcodes/
PR 33216
* riscv-opc.c (match_slli_as_c_slli): Added back.
(match_srxi_as_c_srxi): Likewise.
(riscv_opcodes): Only allow c.slli/c.srli/c.srai with zero immediate
as hints, but don't allow slli/srli/srai with zero immediate.
Pietro Monteiro [Wed, 20 Aug 2025 00:34:03 +0000 (20:34 -0400)]
Remove autoconf macro AC_HEADER_STDC
Stop using AC_HEADER_STDC since it is no longer supported in autoconf
2.72+. We require a C++ compiler that supports c++17, it's probably
safe to assume that the C compiler fully supports C89.
Approved-By: Simon Marchi <simon.marchi@efficios.com>
Indu Bhagat [Tue, 19 Aug 2025 16:54:15 +0000 (09:54 -0700)]
gas: testsuite: fix regression in cfi-common-10.d
A previous commit 09292f4ae2c introduced the new test cfi-common-10.d.
The testcase needs some adjustments for it to be useful on a variety of
targets.
Andrew Burgess [Mon, 18 Aug 2025 10:49:21 +0000 (11:49 +0100)]
gdb: remove some unnecessary watchpoint_addr_within_range overrides
While looking at the watchpoint code, I realised that AArch64, ARM,
and Loongarch all override watchpoint_addr_within_range with an
implementation that is the same as the default (but with the logic
written slightly differently).
Compare the deleted functions to default_watchpoint_addr_within_range
in target.c.
The only other targets that override watchpoint_addr_within_range are
ppc_linux_nat_target and remote_target, in both cases the
implementation is different to the default.
Lets remove these unnecessary overrides, and just use the default.
There should be no user visible changes after this commit.
Approved-By: Simon Marchi <simon.marchi@efficios.com>
Simon Marchi [Thu, 14 Aug 2025 20:14:06 +0000 (16:14 -0400)]
gdb: rename address_class -> location_class
The enum address_class and related fields and methods seem misnamed to
me. Generalize it to "location_class". The enumerators in
address_class are already prefixed with LOC, so the new name seems
logical to me. Rename related fields and methods as well.
Plus, address_class could easily be mistaken for other unrelated things
named "address class" in GDB or DWARF.
Tested by rebuilding.
Change-Id: I0dca3738df412b350715286c608041b08e9b4d82 Approved-by: Kevin Buettner <kevinb@redhat.com>
I spotted this while reviewing a patch adding a new
gdbarch_software_single_step implementation. I find the name
"software_single_step" a bit misleading or unclear. It makes it sounds
as if the function executed a single step. In reality, this function
returns the possible next PCs for current instructions.
We have a similar concept in GDBserver:
linux_process_target::low_get_next_pcs. I like that name, it's clear
and straight to the point.
Rename gdbarch_software_single_step to gdbarch_get_next_pcs. I find
this name more indicative of what happens.
There is some code for ARM shared between GDB and GDBserver to implement
both sides, also called "get next pcs", so I think it all fits well
together.
Tested by rebuilding.
Change-Id: Ide74011a5034ba11117b7e7c865a093ef0b1dece Approved-by: Kevin Buettner <kevinb@redhat.com> Acked-by: Luis Machado <luis.machado.foss@gmail.com>
Rainer Orth [Tue, 19 Aug 2025 13:38:55 +0000 (15:38 +0200)]
ld: testsuite: Mark vers26b3 unsupported on x86_64
After enabling the ld-elfvers tests on Solaris/x86, one of them FAILs on
Solaris/amd64 only:
FAIL: vers26b3
/ld-new: tmpdir/vers26b3.o: relocation R_X86_64_32 against symbol `foo' can not be used when making a shared object; recompile with -fPIC
./ld-new: failed to set dynamic section sizes: bad value
The error is strange: vers26b3.o *was* compiled with -fPIC and repeating
the link with /bin/ld just works. However, the resulting vers26b3.so
fails to load:
$ ldd -r tmpdir/vers26b3.so
[...]
ld.so.1: vers26b3.so.ld: fatal: relocation error: R_AMD64_32: file tmpdir/vers26b3.so.ld: symbol foo: value 0x7fff34d00830 does not fit
When running the test on Linux/x86_64, it fails with the same ld message
as above, so the test is marked unsupported for both Linux/x86_64 and
Solaris/amd64.
Tested on {amd64,i386}-pc-solaris2.11 and {x86_64,i686}-pc-linux-gnu.
Rainer Orth [Tue, 19 Aug 2025 13:34:44 +0000 (15:34 +0200)]
ld: testsuite: Fix ld-elfvers tests on Solaris
All ld-elfvers tests FAIL on Solaris/SPARC, always with the same failure
mode:
FAIL: vers1
./ld-new: _etext: undefined version: vers1.so
./ld-new: _end: undefined version: vers1.so
./ld-new: _edata: undefined version: vers1.so
./ld-new: failed to set dynamic section sizes: bad value
This is due to the use of --no-undefined-version, the error being
emitted by bfd/elflink.c (bfd_elf_size_dynamic_sections). The affected
symbols are mandated by the Solaris ABI in versioned shared objects and
are generated by ld/emultempl/solaris2.em
(elf_solaris2_before_allocation). The check in
bfd_elf_size_dynamic_sections fails since for the base version (vers1.so),
both symver and script are 0:
Given that those symbols are generated internally by ld, it seems
sensible to set script = 1 for them.
This patch does just that, at the same time enabling the tests for
Solaris/x86. Not doing this before looks like an oversight: there's no
difference between SPARC and x86 in this regard.
This introduces one failure on Solaris/amd64 (vers26b3), which I'll
address in a followup.
Tested no {sparc,sparcv9}-sun-solaris2.11, {i386,amd64}-pc-solaris2.11,
and {x86_64,i686}-pc-linux-gnu.
ld:
* emultempl/solaris2.em (elf_solaris2_before_allocation): Mark
global symbols as generated by linker script.
* testsuite/ld-elfvers/vers.exp: Enable on *-*-solaris2* rather
than sparc*-*-solaris2* only.
gdb: fix forward/reverse search, when no lines are printed
The TUI test added in this commit assumed that the opening '{' of main
would be the first statement line (in DWARF terms), and so, would be
the initial focus of the TUI src window.
This is true for some targets (e.g. x86), but not
others (e.g. AArch64), and so gdb.tui/source-search.exp was seen
failing on at least some AArch64 targets.
Fix this by adding a 'list' command to the test, which forces the
initial window contents to be as needed for the rest of the test.
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=33290 Approved-By: Tom de Vries <tdevries@suse.de>
Rainer Orth [Tue, 19 Aug 2025 10:52:41 +0000 (12:52 +0200)]
bfd: Fix Solaris/x86 ELF_MAXPAGESIZE
I noticed that the alignment of the .text and .data sections on
Solaris/x86 doesn't match what /bin/ld does: gld uses the original i386
psABI default of 0x1000, while Solaris has moved to larger values as can
be seen both in the Oracle Solaris 11.4 Linkers and Libraries Guide,
ch. 15, Program Loading and Dynamic Linking, p. 15-6 and the system
headers (<sys/elf_{i386,amd64}.h>) that have
while the Solaris/SPARC values are already correct.
To fix this, on i386 it's sufficient to redefine ELF_MAXPAGESIZE. On
x86_64, unlike i386, ELF_COMMONPAGESIZE is hardcoded as 0x1000, the
default, so setting ELF_MAXPAGESIZE has no effect on ELF_P_ALIGN.
Setting ELF_COMMONPAGESIZE to ELF_MAXPAGESIZE, too, fixes that and
brings both target in sync. ELF_MACHINE_CODE is just set to the original
value again, so it's removed.
Tested on {i386,amd64}-pc-solaris2.11, {i686,x86_64}-pc-linux-gnu, and
amd64-pc-freebsd14.0.
Indu Bhagat [Tue, 19 Aug 2025 08:08:06 +0000 (01:08 -0700)]
binutils: dwarf: fix display of large cfa_offset
eh_frame textual dump was not correct when the cfa_offset is a large
value. The reason is that the dumping code generally assumes the
cfa_offset is an 'int'.
cfa_offset values can be updated by various DWARF opcodes, like:
- DW_CFA_def_cfa, DW_CFA_def_cfa_offset which bring unsigned leb128
cfa_offset
- DW_CFA_def_cfa_sf, DW_CFA_def_cfa_offset_sf which bring signed
leb128 cfa_offset
Internally, the routines in dwarf.c keep the value as 'uint64_t
cfa_offset'. That size of the datatype is expected to work for most of
the real-world cases. Care, however, needs to be taken when it comes
to the signedness of the value. Fix the buggy behavior by adding an
additional field to track whether the value of cfa_offset is signed or
unsigned and display accordingly for "frames-interp" output.
The display of cfa_offset had issues in both "frames-interp" output
(objdump -WF or do_debug_frames_interp) and the "frames" output.
Add two new tests: cfi-common-10.s uses a large positive cfa_offset
(with "frames output), and cfi-x86_64-2.s uses a negative cfa_offset
(with "frames-interp" output).
ChangeLog:
* binutils/dwarf.c (frame_display_row): Update format string
based on signedness.
(display_debug_frames): Track signedness. Also fix display of
cfa_offset using PRIu64 or PRId64 as applicable.
* gas/testsuite/gas/cfi/cfi.exp: Add two new tests.
* gas/testsuite/gas/cfi/cfi-common-10.d: New test.
* gas/testsuite/gas/cfi/cfi-common-10.s: New test.
* gas/testsuite/gas/cfi/cfi-x86_64-2.d: New test.
* gas/testsuite/gas/cfi/cfi-x86_64-2.s: New test.
H.J. Lu [Mon, 18 Aug 2025 13:07:39 +0000 (06:07 -0700)]
Limit BFD_SUPPORTS_PLUGINS check to plugin.h and targets.c
Minimize the BFD_SUPPORTS_PLUGINS check to make code more readable and
maintainable by:
1. Update bfd/plugin.h to define plugin functions as static inline if
BFD_SUPPORTS_PLUGINS is 0.
2. Remove BFD_SUPPORTS_PLUGINS check from all bfd and binutils files
except plugin.h and targets.c.
3. Replace the remaining BFD_SUPPORTS_PLUGINS checks with a function so
that plugin availability is checked at run time.
bfd/
* archive.c: Include plugin.h unconditionally.
(_bfd_compute_and_write_armap): Remove the BFD_SUPPORTS_PLUGINS
check.
* bfd-in.h (bfd_plugin_enabled): New.
* bfd-in2.h: Regenerated.
* elflink.c: Include plugin.h unconditionally.
(elf_link_is_defined_archive_symbol): Remove the
BFD_SUPPORTS_PLUGINS check.
* format.c: Include plugin.h unconditionally.
(bfd_set_lto_type): Remove the BFD_SUPPORTS_PLUGINS check.
(bfd_check_format_matches): Replace the BFD_SUPPORTS_PLUGINS
check with the bfd_plugin_enabled call. Replace plugin_vec
with bfd_plugin_vec. Remove the BFD_SUPPORTS_PLUGINS check.
* plugin.c (bfd_plugin_target_p): Removed.
* plugin.h (bfd_plugin_vec): New.
(bfd_plugin_target_p): Likewise.
(bfd_plugin_set_program_name): New. Static inline
function if BFD_SUPPORTS_PLUGINS is 0.
(bfd_plugin_open_input): Likewise.
(bfd_plugin_set_plugin): Likewise.
(bfd_link_plugin_object_p): Likewise.
(register_ld_plugin_object_p): Likewise.
(bfd_plugin_close_file_descriptor): Likewise.
(bfd_plugin_vec): Likewise.
(bfd_plugin_target_p): Likewise.
* xtensa-dynconfig.c (xtensa_load_config): Replace the
BFD_SUPPORTS_PLUGINS check with the bfd_plugin_enabled call.
ar/
* ar.c: Include plugin.h unconditionally.
(plugin_target): Removed.
(usage): Replace the BFD_SUPPORTS_PLUGINS check with the
bfd_plugin_enabled call.
(ranlib_usage): Likewise.
(decode_options): Likewise.
(ranlib_main): Likewise.
(main): Call bfd_plugin_set_program_name unconditionally.
* nm.c: Include plugin.h unconditionally.
(plugin_target): Removed.
(usage): Replace the BFD_SUPPORTS_PLUGINS check with the
bfd_plugin_enabled call.
(filter_symbols): Remove the BFD_SUPPORTS_PLUGINS check.
(display_rel_file): Likewise.
(main): Call bfd_plugin_set_program_name unconditionally. Replace
the BFD_SUPPORTS_PLUGINS check with the bfd_plugin_enabled call.
* objcopy.c: Include plugin.h unconditionally.
(strip_usage): Replace the BFD_SUPPORTS_PLUGINS check with the
bfd_plugin_enabled call.
(copy_archive): Remove the BFD_SUPPORTS_PLUGINS check. Replace
BFD_SUPPORTS_PLUGINS with the bfd_plugin_enabled call.
(copy_file): Likewise.
(strip_main): Likewise.
ld/
* ldfile.c: Include plugin.h unconditionally.
(ldfile_try_open_bfd): Remove the BFD_SUPPORTS_PLUGINS check.
* ldlang.c: Include plugin.h unconditionally.
(plugin_insert): Remove the BFD_SUPPORTS_PLUGINS check.
(plugin_undefs): Likewise.
(open_input_bfds): Likewise.
(lang_check): Likewise.
(lang_gc_sections): Likewise.
(find_next_input_statement): Likewise.
(lang_process): Likewise.
* ldlang.h (lang_input_statement_flags): Likewise.
* ldlex.h (option_values): Likewise.
* ldmain.c: Include plugin.h unconditionally.
(ld_cleanup): Remove the BFD_SUPPORTS_PLUGINS check.
(main): Likewise.
(add_archive_element): Likewise.
* lexsup.c: Include plugin.h unconditionally.
(ld_options): Remove the BFD_SUPPORTS_PLUGINS check.
(parse_args): Replace the BFD_SUPPORTS_PLUGINS check with the
bfd_plugin_enabled call. Remove the BFD_SUPPORTS_PLUGINS check.
(help): Append " (ignored)" to plugin options if bfd_plugin_enabled
return false.
* libdep_plugin.c: Remove the BFD_SUPPORTS_PLUGINS check.
* plugin.c: Likewise.
* testplug.c: Likewise.
* testplug2.c: Likewise.
* testplug3.c: Likewise.
* testplug4.c: Likewise.
Co-Authored-By: Alan Modra <amodra@gmail.com> Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
some linker tests fail to disable address sanitizer options since
proc default_ld_compile has
set ccexe $cc
set ccparm [string first " " $cc]
set ccflags ""
if { $ccparm > 0 } then {
set ccflags [string range $cc $ccparm end]
set ccexe [string range $cc 0 $ccparm]
set cc $ccexe
}
...
set cmd "$cc $flags $ccflags -c $source -o $object"
Compiler flags in $CC and $CXX will be the last ones. Add
CFLAGS_FOR_TARGET_TEST and CXXFLAGS_FOR_TARGET_TEST to use them in
proc default_ld_compile
set cflag_test ""
set cxxflag_test ""
if {[string match "*++*" $ccexe]} {
append flags " $CXXFLAGS_FOR_TARGET"
set cflag_test "$CXXFLAGS_FOR_TARGET_TEST"
} else {
append flags " $CFLAGS_FOR_TARGET"
set cflag_test "$CFLAGS_FOR_TARGET_TEST"
}
...
set cmd "$cc $flags $ccflags $cflag_test -c $source -o $object"
so that they will be the last flags passed to compiler. Also update
run_ld_link_exec_tests and run_cc_link_tests to make
CFLAGS_FOR_TARGET_TEST and CXXFLAGS_FOR_TARGET_TEST the last flags
passed to compiler.
* testsuite/config/default.exp (CFLAGS_FOR_TARGET_TEST): New.
(CXXFLAGS_FOR_TARGET_TEST): Likewise.
* testsuite/ld-elf/dwarf.exp (CFLAGS_FOR_TARGET): Renamed to ...
(CFLAGS_FOR_TARGET_TEST): This.
* testsuite/ld-elf/shared.exp: Save, append and restore
CFLAGS_FOR_TARGET_TEST and CXXFLAGS_FOR_TARGET_TEST for
$build_tests. Save, append and restore CFLAGS_FOR_TARGET_TEST,
instead of CFLAGS_FOR_TARGET, for $dlopen_run_tests.
* testsuite/ld-plugin/plugin.exp (CFLAGS_FOR_TARGET): Renamed to
...
(CFLAGS_FOR_TARGET_TEST): This.
* testsuite/ld-shared/shared.exp (CFLAGS_FOR_TARGET): Renamed to
...
(CFLAGS_FOR_TARGET_TEST): This.
* testsuite/ld-srec/srec.exp (CFLAGS_FOR_TARGET): Renamed to ...
(CFLAGS_FOR_TARGET_TEST): This.
(CXXFLAGS_FOR_TARGET): Renamed to ...
(CXXFLAGS_FOR_TARGET_TEST): This.
* testsuite/lib/ld-lib.exp (default_ld_compile): Append
CFLAGS_FOR_TARGET_TEST/CXXFLAGS_FOR_TARGET_TEST to compiler flags.
(run_ld_link_exec_tests): Append CFLAGS_FOR_TARGET_TEST and
CXXFLAGS_FOR_TARGET_TEST to compiler.
(run_cc_link_tests): Likewise.
Tom de Vries [Mon, 18 Aug 2025 14:17:15 +0000 (16:17 +0200)]
[gdb/testsuite] Fix gdb.tui/tui-mode-switch.exp on aarch64
On aarch64-linux, occasionally I run into these warnings:
...
PASS: gdb.tui/tui-mode-switch.exp: set style enabled off
WARNING: timeout in accept_gdb_output
PASS: gdb.tui/tui-mode-switch.exp: no boo
WARNING: timeout in accept_gdb_output
...
The first in more detail:
...
Box Dump (40 x 1) @ (0, 11):
11 b(gdb) b
WARNING: timeout in accept_gdb_output
...
Fix this by waiting for a prompt after leaving TUI before sending "b".
Also, while we're at it generate a few more passes.
i.e. there's a positive offset from the GOT instead of the expected
negative one. AFAICS that's because there are additional GOT entries on
the Solaris side (printed with elfdump -G since there seems to be no
support for that in either readelf or objdump):
Alice Carlotti [Thu, 7 Aug 2025 17:03:54 +0000 (18:03 +0100)]
gas: Record file name in macro locations
This allows the correct file name to be used when emitting messages for
lines within a macro. The line numbers were already set and displayed
correctly, which resulted in mismatched file names and line numbers.
Alan Modra [Mon, 18 Aug 2025 09:03:54 +0000 (18:33 +0930)]
Don't choose plugin target in binutils/
Instead make bfd_check_format try the plugin target first when the
user hasn't supplied a target.
bfd/
* format.c (bfd_check_format_matches): Try for a plugin target
match first.
* targets.c (bfd_find_target): Don't specially treat "plugin".
binutils/
* ar.c (plugin_target): Delete.
(open_inarch): Don't set target of archive elements.
(replace_members): Use target rather than plugin_target when
opening replacement or additional files.
* arsup.c (plugin_target): Delete. Replace all uses with NULL.
(ar_open): Don't set element target.
* bucomm.h (set_plugin_target): Delete.
* nm.c (plugin_target): Delete.
(display_archive): Don't set element target.
(display_file): Alway use target when opening file.
* objcopy.c (copy_archive): Don't use plugin target for output
elements.
* NEWS: Mention stricter target checking.
H.J. Lu [Fri, 15 Aug 2025 13:18:30 +0000 (06:18 -0700)]
ld: Issue an error if group nested too deeply
If a linker script has a group nested too deeply by mistake, issue an
error instead of hanging forever without outputting any error message.
PR ld/33265
* ldlang.c (MAX_NESTED_GROUP_DEPTH): New.
(open_input_bfds): Add a pointer argument for the nested group
count. Increment the count before the while loop and decrement
it after the loop. Issue an error if the nested group count >=
MAX_NESTED_GROUP_DEPTH when processing input statement.
(lang_process): Update open_input_bfds calls.
(cmdline_emit_object_only_section): Likewise.
* testsuite/ld-scripts/libpr33265-1.a: New file.
* testsuite/ld-scripts/libpr33265-2.a: Likewise.
* testsuite/ld-scripts/libpr33265-3a.a: Likewise.
* testsuite/ld-scripts/libpr33265-3b.a: Likewise.
* testsuite/ld-scripts/libpr33265-3c.a: Likewise.
* testsuite/ld-scripts/pr33265-1.d: Likewise.
* testsuite/ld-scripts/pr33265-2.d: Likewise.
* testsuite/ld-scripts/pr33265-3.d: Likewise.
* testsuite/ld-scripts/script.exp: Run PR ld/33265 tests.
Indu Bhagat [Sun, 17 Aug 2025 22:29:44 +0000 (15:29 -0700)]
libsframe: testsuite: use SFrame V2 specific APIs
Use sframe_encoder_add_funcdesc_v2 instead of sframe_encoder_add_funcdesc.
Similarly, use sframe_decoder_get_funcdesc_v2 instead of
sframe_decoder_get_funcdesc.
sframe_encoder_add_funcdesc, and sframe_decoder_get_funcdesc were first
added for SFrame V1. For the purpose of these testcases, the two V2
APIs are (almost) functionally equivalent. In future, we may want to
make sframe_encoder_add_funcdesc and sframe_decoder_get_funcdesc
internal to libsframe only. Using the V2 named APIs is better for
clarity as well.
Indu Bhagat [Sun, 17 Aug 2025 22:26:34 +0000 (15:26 -0700)]
libsframe: testsuite: reduce usage of magic numbers from encode-1.c
Previously, some of the libsframe tests were updated to reduce the usage
of magic numbers. This patch makes encode-1.c follow similar coding
style as other tests, reducing the number of magic constants.
Alan Modra [Sun, 17 Aug 2025 12:04:17 +0000 (21:34 +0930)]
Sanity check windows resource version len
oss-fuzz generated a total length field of 32, when the header was 40
bytes. Subtracting gave -8ul for the remaining length..
I think we should be sanity checking the total length given in the
header against the remaining buffer length and the size of the header
each time get_version_header is called.
Possibly vallen should be sanity checked inside get_version_header
too, but I'll leave that to someone else.
PR 27686
* resbin.c (bin_to_res_version): Correct error message arg.
Move len vs. buffer length sanity check..
(get_version_header): ..to here. Also sanity check len
against off.
Rainer Orth [Sun, 17 Aug 2025 10:25:43 +0000 (12:25 +0200)]
ld: testsuite: Fix several CTF tests on 32-bit SPARC
Several ld CTF tests FAIL on 32-bit SPARC, e.g.
FAIL: Arrays (conflicted)
The failure mode is always the same:
./tmpdir/array-char-conflicting-1.s: Assembler messages:
./tmpdir/array-char-conflicting-1.s:89: Error: Architecture mismatch on "return %i7+8".
./tmpdir/array-char-conflicting-1.s:89: (Requires v9|v9a|v9b|v9c|v9d|v9e|v9v|v9m|m8; requested architecture is sparclite.)
The problem is that gcc emits v8plus code by default, and thus invokes
as with -xarch=v8plus (equivalent to -Av8plus), while the testcase lacks
the latter.
Fixed by setting ASFLAGS to match.
Tested on sparc-sun-solaris2.11, sparc-unknown-linux-gnu,
sparcv9-sun-solaris2.11, and sparc64-unknown-linux-gnu.
Tom de Vries [Sun, 17 Aug 2025 06:57:09 +0000 (08:57 +0200)]
[gdb/testsuite] Use regexp to match $_gdb_{major,minor}
Every time we update the gdb version number, test-case gdb.base/default.exp
needs updating because it matches the values of convenience variables
$_gdb_{major,minor} using hardcoded expected values:
...
{$_gdb_major = 17} \
{$_gdb_minor = 1} \
...
I'm assuming the values were hardcoded because gdb_test_list_exact was used.
Since the previous patch, that's not longer the case, so use regexps instead,
getting rid of this annoyance [1].
Alan Modra [Sun, 17 Aug 2025 05:43:06 +0000 (15:13 +0930)]
buffer overflow in process_sht_group_entries
An oss-fuzz testcase with a SHT_GROUP section named .debug managed to
break objcopy --compress-debug-sections. The underlying problem is
that SEC_DEBUGGING is set by section name tests, thus the SHT_GROUP
section gets compressed. The compressed section data is smaller than
the original section sh_size, and process_sht_group_entries tries to
look at sh_size worth of entries. The patch fixes this mess by simply
not setting SEC_DEBUGGING on SHT_GROUP sections.
Note that it isn't correct to restrict SEC_DEBUGGING to SHT_PROGBITS
sections, as that will break processor/os special sections for debug.
eg. SHT_MIPS_DEBUG.
* elf.c (_bfd_elf_make_section_from_shdr): Don't set
SEC_DEBUGGING on SEC_GROUP sections no matter their name.
Tom de Vries [Sun, 17 Aug 2025 06:32:13 +0000 (08:32 +0200)]
[gdb/testsuite] Handle remote host in some test-cases
I ran test-case gdb.base/default.exp with make-check-all.sh, and noticed a
FAIL with host/target board local-remote-host-native:
...
FAIL: $exp: show convenience ($_colorsupport = "monochrome" not found)
...
The problem is that part of the test-case relies on "setenv TERM dumb", and
setenv, which is a tcl command (which runs on build), only has effect in gdb
(which runs on host), if build == host, in other words, local host.
I grepped for test-cases using setenv, and ran them with the host/target
board, and fixed the FAILs I saw.
All FAILs have the same cause as I described above, except for
proc test_data_directory in gdb.python/py-parameter.exp, which handles files
assuming local host. I chose to leave it that way, and bail out but add a
comment.
Implementationwise, the change to test-case gdb.base/default.exp is the most
intrusive: it replaces a use of proc gdb_test_list_exact with a use of proc
gdb_get_lines_no_pass, because it allows specifying a regexp match.
In the process, I found out gdb_test_list_exact has a bug, filed as PR33038.
Because of this bug, I had to add matching of convenience variable $_tbl.
Tom de Vries [Sat, 16 Aug 2025 18:32:37 +0000 (20:32 +0200)]
[gdb/testsuite] Fix TUI tests on freebsd
While re-testing the TUI tests on x86_64-freebsd, I found that commit 06a53717f7c ("[gdb/testsuite] Handle unrecognized escape sequences better in
tuiterm") broke most test-cases.
Fix this by rewriting this gdb_test_multiple clause:
...
-re "^($re_csi_prefix?)($re_csi_args*)($re_csi_cmd)" {
...
into:
...
-re "^($re_csi_cmd)" {
...
-re "^($re_csi_args*)($re_csi_cmd)" {
...
-re "^($re_csi_prefix?)($re_csi_args*)($re_csi_cmd)" {
...
Tom de Vries [Sat, 16 Aug 2025 07:18:45 +0000 (09:18 +0200)]
[gdb/testsuite] Handle unrecognized escape sequences better in tuiterm
When encountering an unrecognized escape sequence in Term::accept_gdb_output,
a warning is issued:
...
WARNING: timeout in accept_gdb_output
...
and 0 is returned.
Subsequent calls run into the same problem, so matching doesn't progress.
Consequently, figuring out what the unrecognized escape sequence actually is
depends on analyzing gdb's output as echoed into gdb.log.
In the test added in this commit, gdb (well, a script gdb.tcl emulating gdb)
outputs escape sequence "ESC ( B", which doesn't show up in recognizable form
in gdb.log:
...
foo^M^M
...
and as mentioned the tuiterm screen only show:
...
foo
...
because matching doesn't progress beyond the unrecognized sequence.
Fix this by rewriting accept_gdb_output to match gdb output using a phased
approach that echoes unmatched escape sequences, giving us instead on the
tuiterm screen:
...
foo^[(B
...
[ Since "ESC ( B" is now supported, the test-case has been updated to use
"ESC ( % 5" instead. ]
Tom de Vries [Sat, 16 Aug 2025 07:18:45 +0000 (09:18 +0200)]
[gdb/testsuite] Move setting of Term::_last_char to Term::_insert
The variable Term::_last_char is meant to represent the last char inserted by
Term::_insert, but setting it is done alongside the only call to _insert in
lib/tuiterm.exp:
...
_insert $expect_out(0,string)
variable _last_char
set _last_char [string index $expect_out(0,string) end]
...
Fix this by moving the setting of _last_char to inside _insert.
Alan Modra [Mon, 4 Aug 2025 05:59:22 +0000 (15:29 +0930)]
Make bfd_check_format better respect given target
bfd_check_format currently does not take much notice of the target
set in its abfd arg, merely checking that target first if
target_defaulted is false. As the comment says this was due to
complications with archive handling which I think was fixed in
commit f832531609d0. It should now be possible to just check the
given target, except for linker input files. This will speed checking
the target of the first file in archives, which is done in the process
of matching archive targets.
This will no doubt expose some misuse of target options, as found in
the binutils "efi app" tests.
The stricter checking also exposed some errors. Cris targets gave
"FAIL: objcopy decompress debug sections in archive (reason: unexpected output)"
"FAIL: objcopy decompress debug sections in archive with zlib-gabi (reason: unexpected output)"
without the bfd_generic_archive_p fix. cris has a default target of
cris-aout which doesn't match objects for any of the cris-elf or
cris-linux targets. The problem here was that checking the first
object file in archives didn't match but a logic error there meant
bfd_error_wrong_object_format wasn't returned as it should be. There
was also a possibility of bfd_error_wrong_object_format persisting
from one target check to the next.
bfd/
* archive.c (bfd_generic_archive_p): Correct object in archive
target test.
* format.c (bfd_check_format_matches_lto): Try to match given
target first even when target_defaulted is set. Don't try
other targets if !target_defaulted except for linker input.
Clear bfd_error before attempted target matches.
* targets.c (bfd_find_target): Set target_defaulted for
plugin target.
binutils/
* bucomm.h (set_plugin_target): Set target_defaulted.
* testsuite/binutils-all/aarch64/pei-aarch64-little.d: Don't
wrongly specify both input and output target, just specify
output.
* testsuite/binutils-all/loongarch64/pei-loongarch64.d: Likewise.
* testsuite/binutils-all/riscv/pei-riscv64.d: Likewise.
Alan Modra [Tue, 12 Aug 2025 13:16:36 +0000 (22:46 +0930)]
archives and plugin target
Automatically choosing "plugin" for the archive target when plugins
are enabled can result in making archives as specified by the plugin
target vec, ie. COFF style archives (also used by most ELF
binutils targets). This is wrong for aix, hpux, vms, aout, macho
and possibly other targets, if compatibility with target system
archives matters.
This patch removes archive support entirely from the plugin target.
That means an archive will never get past bfd_check_format with a
target of plugin_vec, even if it is opened using "plugin". Instead,
archives will have their elements opened using the plugin target
selected is such a way that the plugin target will be tried first in
bfd_check_format and then continue to try other targets if that fails.
The patch tries to avoid opening archives using "plugin" because that
is guaranteed to fail the first target check in bfd_check_format, but
mm.c still does so, and nested archives will also be opened using
"plugin".
The patch also fixes poor arsup.c plugin support.
bfd/
* plugin.c (plugin_vec): Remove archive support.
* configure.ac: Remove plugin archive warning, and don't disable
plugins by default on anything but aout targets.
* configure: Regenerate.
binutils/
* bucomm.h (set_plugin_target): New inline function.
* ar.c: Remove unneeded forward declarations.
(open_inarch): Don't use "plugin" if defaulting target when
opening an archive, use "plugin" when opening elements.
(replace_members): Use "plugin" when opening replacement or
additional elements.
* arsup.c: Remove unneeded forward declarations.
(plugin_target): New.
(ar_open): Don't open archives using "plugin", use it when
opening elements.
(ar_addmod): Use plugin_target.
(ar_replace): Use plugin_target when opening replacement or
additional elements.
(ar_extract): Don't bfd_openr.
* nm.c (display_archive): Open archive elements using the
"plugin" target.
Indu Bhagat [Fri, 15 Aug 2025 17:28:59 +0000 (10:28 -0700)]
gas: sframe: const ptrs for args and local vars where applicable
Use const pointers for function arguments and local vars where
applicable. 'cfi_insn' contains the DWARF CFI instruction data which,
for the purpose of SFrame generation, is read-only. Similarly, some
getter APIs and output related APIs now document their argument as
read-only.
While at it, also remove the ATTRIBUTE_UNUSED from argument xlate_ctx in
sframe_xlate_do_register () because the argument is indeed conditionally
used.
Andrew Burgess [Wed, 13 Aug 2025 14:29:38 +0000 (15:29 +0100)]
gdb: fix forward/reverse search, when no lines are printed
This commit continues the theme of the previous commit, restoring the
behaviour of forward-search and reverse-search to what it was before
GDB 10, but adds tests to guard the behaviour. I believe this
restored behaviour is inline with the documentation of the two search
commands.
This time, I'm looking at what happens when no source lines end up
being printed. This can happen for two reasons, a request is made to
list a line number outside the file, or, a request is made to list a
reverse series of lines (e.g. line 100 to line 50).
Before GDB 10, a 'list' command that resulted in no lines being
printed would not change the notion of the last line listed. As a
result a future forward or reverse search would continue from the
previous last line. As an example, here's current master branch
behaviour:
(gdb) list 50
45 /* Line 45 */
46 /* Line 46 */
47 /* Line 47 */
48 /* Line 48 */
49 /* Line 49 */
50 /* Line 50 */
51 /* Line 51 */
52 /* Line 52 */
53 /* Line 53 */
54 /* Line 54 */
(gdb) list 1000
Line number 995 out of range; long-file.c has 101 lines.
(gdb) forward-search Line
Expression not found
(gdb)
But on GDB 9, the forward-search instead acts like this:
(gdb) forward-search Line
55 /* Line 55 */
(gdb)
Similarly, reverse-search reports "Expression not found" on master,
but would return line 53 on GDB 9.
The reverse-search result for master might be a little surprising,
surely, if we tried to list line 1000, then every line before that
should be searched.
The problem is that last_line_listed ends up being set to 995 (which
is 1000 minus half the listsize). Then, when the reverse-search kicks
in GDB tried to read line 994, fails, and abandons the search.
This commit wants last_line_listed updated so that the search
functions would work correctly (see notes below) when GDB is in TUI
mode. Without this commit last_line_listed would never be updated in
TUI mode, and so every search would effectively start from the
beginning of the file.
The fix I propose is to delay updating the current_source_location
until the source code has been printed successfully. That is, just
before we leave print_source_lines_base, after a successful print.
This update happens inside the 'if (noprint)' block, a the return here
isn't really considered an error condition, this is a specific choice
_not_ to print the source code.
However, in the 'if (stopline <= line)' block, the
current_source_location is not updated, that's because this 'if'
represents an error condition.
The last_line_listed is also updated at the end of the function still,
which is the path taken in CLI mode when source lines are actually
printed.
I've added some CLI tests to confirm the forward/reverse search
behaviour. And I've also added some TUI tests to check search works
within the TUI. The TUI tests cover more than just the fix for this
issue.
There is one slight issue with the TUI. At this point you should
definitively go read the previous commit. OK, so, the forward and
reverse searches are supposed to search from the last line listed.
The previous commit fixed this for CLI mode, but for the TUI the
last_line_listed is _still_ being set to the first line displayed.
The problem is that print_source_lines_base doesn't know the size of
the TUI src window, and so, doesn't know what the last line listed
will be, and so cannot set last_line_listed correctly.
This indicates to me that setting last_line_listed from the core GDB
code is likely the wrong approach, or, at least, the way it is done
now is the wrong approach.
Currently the 'list' command converts the arguments into a set of
lines to be printed based on the CLI environment, e.g. using the
'listsize' if necessary. But the 'listsize' doesn't make sense for
the TUI, where the src window height really overrides the 'listsize'.
The list command then calls the core GDB print_source_lines
function to do the printing, but for the TUI we don't actually print
anything, we just update the internal state (including
last_line_listed) and are done.
I think that the current interpreter, CLI or TUI, needs to get
involved in the 'list' command implementation much sooner. This would
allow, for example, the CLI to use 'listsize' and the TUI to use the
src window height. It might then be up to the interpreter to track
the last line listed maybe?
I mention all this only to acknowledge this issue. The problem
existed before this commit, and continues to exist after this commit.
I'm not proposing to fix this problem right now.
The TUI forward/reverse search continue to work as well as they have
since commit 8b7fcda2744.
The documentation for these commands is pretty clear:
'forward-search REGEXP'
'search REGEXP'
The command 'forward-search REGEXP' checks each line, starting with
the one following the last line listed, for a match for REGEXP. It
lists the line that is found. You can use the synonym 'search
REGEXP' or abbreviate the command name as 'fo'.
'reverse-search REGEXP'
The command 'reverse-search REGEXP' checks each line, starting with
the one before the last line listed and going backward, for a match
for REGEXP. It lists the line that is found. You can abbreviate
this command as 'rev'.
Both searches should start searching based on the last line listed.
But currently:
(gdb) list 3
1 int
2 main (void)
3 {
4 /* Line 4 */
5 /* Line 5 */
6 /* Line 6 */
7 /* Line 7 */
8 /* Line 8 */
9 /* Line 9 */
10 /* Line 10 */
(gdb) forward-search Line
4 /* Line 4 */
(gdb)
This should have found line 11. And for reverse-search:
(gdb) list 3
1 int
2 main (void)
3 {
4 /* Line 4 */
5 /* Line 5 */
6 /* Line 6 */
7 /* Line 7 */
8 /* Line 8 */
9 /* Line 9 */
10 /* Line 10 */
(gdb) reverse-search Line
Expression not found
(gdb)
The reverse-search should have returned line 9.
This new behaviour started with the above commits in GDB 10. On GDB 9
we see behaviour that matches the documentation.
Where the forward and reverse searches start from is controlled by a
global, last_line_listed, found in source.c.
Before commit 1dd588507782, in print_source_lines_base, the
last_line_listed variable was updated as each source line was printed,
and it was updated with the current line being printed.
After commit 1dd588507782, the current symtab and line are moved into
a current_source_location object, but the symtab and line member
variables are public. The last_line_listed is still set based on the
value held in the current_source_location object, and this object is
updated each time around the source printing loop. So despite the
restructure, the logic, and behaviour, is unchanged.
After commit a75cd9a2c129, the member variables of
current_source_location are now private. The source printing loop in
print_source_lines_base uses a local variable, new_lineno, to track
the current source line number, and updates the
current_source_location at the end of print_source_lines_base.
However, last_line_listed is still updated inside the loop, using the
original line value within current_source_location, which is no longer
being updated each time around the loop.
As a result, last_line_listed is now just the first line listed!
This didn't show up in testing because, as far as I can tell, the
last_line_listed is _only_ used for forward and reverse searching, and
the testing for these commands is minimal.
In this commit I move the setting of last_line_listed outside of the
source printing loop, this only needs to be updated once, when we have
finished printing the source lines.
I've also done a couple of other cleanups in the same area, I moved
'buf' a local variable into the most inner scope where it is required,
and I converted the 'while' loop into a 'for' loop, moving the
increment out of the loop body.
There's now a test which does some more detailed checks of the forward
and reverse search commands.
Jan Beulich [Fri, 15 Aug 2025 10:22:03 +0000 (12:22 +0200)]
bfd/TIC4x: correct COFF swapping functions for mixed-endianness binaries
Commit 3fa785190a4f ("Altered the CREATE_xxx_COFF_TARGET_VEC macro
arguments") pretty clearly screwed up the data swapping functions in the
new CREATE_BIGHDR_COFF_TARGET_VEC() macro. Since the flaw went unnoticed,
and since the correction doesn't cause any testsuite fallout, it further
seems pretty clear that all of this is entirely untested and largely
unused.
Jan Beulich [Fri, 15 Aug 2025 10:21:24 +0000 (12:21 +0200)]
bfd/ELF/PPC: make ppc_build_one_stub()'s stub_str[] static
There's no reason to have the compiler materialize objects onto the
stack.
In fact we can save some space and a level of indirection (and hence
relocation entries in the final binary) by converting to an array of
char[12] or larger. Pick char[16] for easier / faster calculations.
Jan Beulich [Fri, 15 Aug 2025 10:19:59 +0000 (12:19 +0200)]
gas/ELF: allow specifying entity size for arbitrary sections
The spec doesn't tie entity size to just SHF_MERGE and SHF_STRINGS
sections. Introduce a new "section letter" 'E' to allow recording (and
checking) of entity size even without 'M' or 'S'.
Jan Beulich [Fri, 15 Aug 2025 10:18:34 +0000 (12:18 +0200)]
gas/ELF: re-work SHF_GNU_* handling
Indicate to obj_elf_parse_section_letters() whether to recognize GNU-
specific flags by conditionally passing NULL in place of a pointer to
the GNU attributes. This way wrong use of d and R can be diagnosed just
like any other use of unrecognized letters.
Furthermore adjust the md_elf_section_letter() interface: Have targets
merely return the extra letters they support. There's no point having
them customize the entire diagnostic. Even more so that additions in
common code would then reflecting in every target's diagnostic as well,
which - as can be seen - wasn't always properly done.
There's also no reason for wrong letters to be a fatal error; switch to
as_bad() while making other adjustments there.
While making the target specific adjustments, also drop IA-64's dead
handling of 'o' (SHF_LINK_ORDER), which has been covered by common code
for a long time.
Also re-arrange the switch() in obj_elf_parse_section_letters() to be
alphabetically sorted again.
Jan Beulich [Fri, 15 Aug 2025 10:18:03 +0000 (12:18 +0200)]
gas/ELF: drop bogus check for ELFOSABI_STANDALONE
obj_elf_parse_section_letters() checking for that ABI, when the checking
at the bottom of obj_elf_section() and the logic in
_bfd_elf_final_write_processing() don't, makes no sense. Either
STANDALONE is meant to be GNU-ish, or it is not, I would think. Drop the
one inconsistent check.
If it was not GNU-ish (as the other two locations suggest), what did the
section23b testcase actually mean to check? The numeric attribute value
0x200000 has an entirely unknown (or more precisely, OS-defined, which
we may or may not know of) meaning then, so ought to be accepted. If it
was GNU-ish, the other testcase, elf/section23a, would want running for
those targets as well, and the testcase in question would still be wrong
to have. Hence that testcase is removed, and section23a is renamed to
just section23.
Jan Beulich [Fri, 15 Aug 2025 10:16:22 +0000 (12:16 +0200)]
bfd: have objcopy retain unknown ELF section flags
Silently zapping them is certainly wrong. When they're not replaced due
to user request, simply keeping them may not always be correct (we don't
know what such a flag means, after all), but is certainly at least
closer to having the output object still represent what the input object
had.
This introduces new binutils/ testsuite failures, but only for two
targets where most of the tests there fail anyway (amdgcn-elf and
nfp-elf), due to there not being an assembler available.
H.J. Lu [Tue, 12 Aug 2025 19:02:08 +0000 (12:02 -0700)]
strip: Treat slim GCC/LLVM IR objects the same
Slim LLVM IR object is a standalone file whose first 4 bytes are 'B',
'C', 0xc0, 0xde. GCC IR object is regular ELF object with sections
whose names start with .gnu.lto_.* or .gnu.debuglto_.*. GCC IR object
uses a .gnu.lto_.lto.<some_hash> section to encode the LTO bytecode
information:
/* Flags is a private field that is not defined publicly. */
uint16_t flags;
};
In slim GCC IR object, the slim_object field is non-zero. Strip should
treat slim GCC/LLVM IR objects the same. Since strip won't change slim
LLVM IR objects, it should leave slim GCC IR object unchanged even when
asked to remove all IR objects:
1. Set the lto_type field to lto_slim_ir_object for slim LLVM IR object.
2. Always copy slim IR object as unknown object.
bfd/
PR binutils/33271
* format.c (bfd_set_lto_type): Set the lto_type field to
lto_slim_ir_object for slim LLVM IR object.
binutils/
PR binutils/33271
* objcopy.c (lto_sections_removed): Removed.
(copy_archive): Always copy slim IR object as unknown object.
(copy_file): Likewise.
(strip_main): Updated.
ld/
PR binutils/33271
* testsuite/ld-plugin/lto-binutils.exp: Don't check if fat IR is
available when running slim IR tests.
* testsuite/ld-plugin/strip-1a-s-all.nd: Expect full symbol list.
Tom de Vries [Thu, 14 Aug 2025 20:31:06 +0000 (22:31 +0200)]
[gdb/testsuite] Fix gdb.base/dlmopen.exp on native-gdbserver
With test-case gdb.base/dlmopen.exp and target board native-gdbserver, I get:
...
(gdb) info breakpoints 3^M
Num Type Disp Enb Address What^M
3 breakpoint keep y 0x00007ffff7fc8000 ^M
stop only if (0) (target evals)^M
(gdb) FAIL: $exp: test_solib_unmap_events: check b/p status
...
The problem is that the regexp doesn't allow for the "(target evals)" part:
...
-re -wrap "$bpnum\\s+breakpoint\\s+keep\\s+y\\s+$::hex\\s*\[^\r\n\]+\r\n\\s+stop o
nly if \\(0\\)" {
...
Fix this by updating the regexp.
While we're at it:
- rewrite the regexp using multiline, string_to_regexp, join and string cat to
make it more readable, and
- remove the redundant failure clause from the same gdb_test_multiple.
projects / thirdparty / binutils-gdb.git / log
