xref: /illumos-gate/usr/src/tools/scripts/check_rtime.1onbld (revision e912cc3d5decbbfbb3005d9f678e9fc3ccbcf91f)
1.\" Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
2.\"
3.\" CDDL HEADER START
4.\"
5.\" The contents of this file are subject to the terms of the
6.\" Common Development and Distribution License (the "License").
7.\" You may not use this file except in compliance with the License.
8.\"
9.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10.\" or http://www.opensolaris.org/os/licensing.
11.\" See the License for the specific language governing permissions
12.\" and limitations under the License.
13.\"
14.\" When distributing Covered Code, include this CDDL HEADER in each
15.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16.\" If applicable, add the following below this CDDL HEADER, with the
17.\" fields enclosed by brackets "[]" replaced with your own identifying
18.\" information: Portions Copyright [yyyy] [name of copyright owner]
19.\"
20.\" CDDL HEADER END
21.\"
22.Dd February 3, 2020
23.Dt CHECK_RTIME 1ONBLD
24.Os
25.Sh NAME
26.Nm check_rtime
27.Nd check ELF runtime attributes
28.Sh SYNOPSIS
29.Nm check_rtime
30.Op Fl imosv
31.Op Fl D Ar depfile | Fl d depdir
32.Op Fl E Ar errfile
33.Op Fl e Ar exfile
34.Op Fl f Ar listfile
35.Op Fl I Ar infofile
36.Op Fl w Ar outdir
37.Ar file | dir ...
38.Sh DESCRIPTION
39.Nm check_rtime
40attempts to check a number of ELF runtime attributes
41for consistency with common build rules.
42These checks involve running
43.Xr ldd 1
44and
45.Xr elfdump 1
46against a family of dynamic objects.
47A dynamic object can be defined explicitly as a
48.Ar file
49or multiple dynamic objects can be located under the directory
50.Ar dir .
51.Pp
52.Nm check_rtime
53is typically called from
54.Xr nightly 1ONBLD
55when the
56.Fl r
57option is in effect.
58In this case the dynamic objects under
59the associated
60.Em proto area
61.Pq Ev $ROOT
62are checked.
63.Nm check_rtime
64can also be run standalone against any set of dynamic objects.
65.Pp
66.Nm check_rtime
67uses
68.Xr  ldd 1
69to verify dependencies.
70This implies that by default any object inspected will bind to its dependencies
71as they are found in the
72.Em underlying system .
73Use of the
74.Fl D ,
75.Fl d
76option, or the existence of the environment variables
77.Ev $CODEMGR_WS
78or
79.Ev $ROOT
80instruct
81.Nm check_rtime
82to establish an alternative dependency mapping using
83runtime configuration files generated with
84.Xr crle 1 .
85.Pp
86.Nm check_rtime
87uses
88.Xr ldd 1
89to completely relocate any dynamic object and thus detect missing
90dependencies, unsatisfied symbol relocations, unused and unreferenced
91dependencies.
92These checks are carried out for the following reasons:
93.Bl -bullet
94.It
95An object that cannot find its dependencies may fail to load
96at runtime.
97This error condition often goes unnoticed because the existing use of the
98object is as a dependency itself, and the objects' dependencies are already
99satisfied by the caller.
100However, if the object itself is unable to satisfy its dependencies, its use
101in new environments may be compromised.
102.Pp
103A missing or erroneous
104.Em runpath
105is the typical reason why an object can not locate its dependencies.
106Use of the link-editors
107.Fl zdefs
108option when building a shared object ensures required dependencies are
109established.
110This flag is inherited from
111.Dv $(DYNFLAGS)
112in
113.Pa lib/Makefile.lib .
114Missing dependencies are displayed as:
115.Pp
116.Dl foo: bar.so.1 => (file not found)  <no -zdefs?>
117.It
118Unsatisfied symbol relocations indicate that some thread of
119execution through the object will fail when it is unable to
120locate a referenced symbol.
121.Pp
122A missing, or mismatched version of a dependency is the typical
123reason for unsatisfied symbol relocations (see missing dependency
124discussion above). Unsatisfied symbol relocations are displayed as:
125.Pp
126.Dl foo: symbol not found: bar  <no -zdefs?>
127.Pp
128Note: Shared objects can make reference to symbol definitions
129that are expected to be defined by the caller.
130To indicate that such symbols are not undefined in the usual sense, you must
131specify these symbols in a
132.Em mapfile ,
133using the
134.Va EXTERN
135or
136.Va PARENT
137symbol attributes.
138Without these symbol attributes,
139.Xr ldd 1
140is unable to determine the symbols special nature, and
141.Nm check_rtime
142will report these symbols as undefined.
143.It
144Unused dependencies are wasteful at runtime, as they take time to
145load and relocate, but will not be used by the calling object.
146They also result in unnecessary processing at link-edit time.
147.Pp
148Dependency lists (typically defined via
149.Dv $(LDLIBS) )
150that have been copy and pasted
151between
152.Pa Makefiles
153without verifying their need, are a typicalreason why unused dependencies
154exist.
155Unused dependencies are displayed as:
156.Pp
157.Dl foo: unused object=bar.so.1  <remove lib or -zignore?>
158.It
159Unreferenced dependencies are also wasteful at runtime, although not
160to the extent of unused dependencies.
161They also result in unnecessary processing at link-edit time.
162.Pp
163Unreferenced dependency removal guards against a dependency becoming
164unused when combined with
165different objects, or as the other object dependencies evolve.
166Unreferenced dependencies are displayed as:
167.Bd -literal
168foo: unreferenced object=bar.so.1;  \\
169    unused dependency of libfoo.so.1  \\
170    <remove lib or -zignore?>
171.Ed
172.Pp
173See also the section
174.Sx ENVIRONMENT VARIABLES .
175.It
176Unused search paths are wasteful at runtime.
177Unused search paths are displayed as:
178.Bd -literal
179foo: unused search path=/usr/foo/lib  \\
180    (RUNPATH/RPATH from file libfoo.so.1)  \\
181    <remove search path?>
182.Ed
183.El
184.Pp
185.Nm check_rtime
186uses
187.Xr elfdump 1
188to look for a concatenated relocation section in shared objects, the existence
189of text relocations, whether debugging or symbol table information exists,
190whether applications have a non-executable stack defined, duplicate entries in
191the symbol sorting sections, and for direct bindings.
192These checks are carried out for the following reasons:
193.Bl -bullet
194.It
195A concatenated relocation section
196.Pq Em .SUNW_reloc
197provides optimal symbol table access at runtime, and thus reduces the overhead
198of relocating the shared object.
199In past releases, the link-edit of a dynamic object with the
200.Fl z Ar combreloc
201option was required to generate a combined relocation section.
202However, with the integration of 6642769, this section combination is a default behavior of
203the link-editor.
204.Pp
205In past releases, not inheriting
206.Dv $(DYNFLAGS)
207from
208.Pa lib/Makefile.lib
209was the typical reason for not having a concatenated relocation section.
210The misguided use of the
211.Fl z Ar nocombreloc
212option will also prevent the creation of a concatenated relocation section.
213A missing concatenated relocation section is displayed as:
214.Pp
215.Dl foo: .SUNW_reloc section missing  <no -zcombreloc?>
216.It
217Text relocations result in impure text segments.
218As text segments are typically read-only, they can be shared between numerous
219processes.
220If they must be updated as part of the relocation then the updated pages
221become unsharable and swap space must be allocated to back these pages.
222These events consume unnecessary system resources and reduce overall system
223performance.
224.Pp
225Not inheriting the
226.Dv $(PICS)
227rules from
228.Pa lib/Makefile.lib
229is the typical reason for having non-pic code in shared objects.
230Text relocations are displayed as:
231.Pp
232.Dl foo: TEXTREL .dynamic tag  <no -Kpic?>
233.It
234Debugging information is unnecessary in released objects.
235Although extensive when compiled
236.Fl g ,
237small quantities of debugging information are stored in
238.Em .stabs
239sections under normal compilations.
240This debugging information is geared towards aiding debuggers locate
241relocatable objects associated with the dynamic objects being debugged.
242As relocatable objects aren't made available as part of a software release
243this information has no use.
244.Pp
245Not inheriting the correct
246.Dv $(LDFLAGS)
247from
248.Pa cmd/Makefile.cmd
249.Pq which asserts Fl s
250or
251.Dv $(POST_PROCESS_SO)
252.Pq which asserts Ic strip -x
253are typical reasons for not removing debugging information.
254Note, removal of debugging information is only enabled
255for release builds.
256The existence of debugging information is displayed as:
257.Bd -literal
258foo: debugging sections should be deleted  \\
259    <no strip -x?>
260.Ed
261.It
262All objects should retain their full
263.Em .symtab
264symbol table.
265Although this consumes disk space, it provides for more extensive stack
266tracing when debugging user applications.
267.Pp
268Hard coding a
269.Fl s
270flag with
271.Dv $(LDFLAGS) or
272.Dv $(DYNFLAGS)
273is the typical reason for symbol tables being removed.
274Objects that do not contain a symbol table are displayed as:
275.Bd -literal
276foo.so.1: symbol table should not be stripped  \\
277    <remove -s?>
278.Ed
279.It
280Applications should have a non-executable stack defined to make
281them less vulnerable to buffer overflow attacks.
282.Pp
283Not inheriting the
284.Dv $(LDFLAGS)
285macro in
286.Pa cmd/Makefile.cmd
287is the typical reason for not having a non-executable stack definition.
288Applications without this definition are displayed as:
289.Bd -literal
290foo: application requires non-executable stack \\
291	<no -Mmapfile_noexstk?>
292.Ed
293.It
294x86 applications should have a non-executable data segment defined to make
295them less vulnerable to buffer overflow attacks.
296.Pp
297Not inheriting the
298.Dv $(LDFLAGS)
299macro in
300.Pa cmd/Makefile.cmd
301is the typical reason for not having a non-executable data definition.
302Applications without this definition are displayed as:
303.Bd -literal
304foo: application requires non-executable data \\
305	<no -Mmapfile_noexdata?>
306.Ed
307.It
308Solaris ELF files contain symbol sort sections used by DTrace to
309map addresses in memory to the related function or variable symbols.
310There are two such sections,
311.Em .SUNW_dynsymsort
312for regular symbols, and
313.Em .SUNW_dyntlssort
314for thread-local symbols.
315To ensure that the best names are shown for each such address, and that the
316same name is given across Solaris releases,
317.Nm check_rtime
318enforces the rule that only one symbol can appear in the sort sections for
319any given address.
320There are two common ways in which multiple symbols
321or a given address occur in the ON distribution.
322The first is from code written in assembly language.
323The second is as a result of using
324.Ic #pragma weak
325in C to create weak symbols.
326The best solution to this situation is to modify the code to avoid symbol
327aliasing.
328Alternatively, the
329.Va NODYNSORT
330mapfile attribute can be used to eliminate the unwanted symbol.
331.Pp
332Duplicate entries in a symbol sort section are
333displayed in one of the following ways, depending on
334whether the section is for regular or thread-local symbols:
335.Bd -literal
336foo: .SUNW_dynsymsort: duplicate ADDRESS: sym1, sym2
337foo: .SUNW_dyntlssort: duplicate OFFSET: sym1, sym2
338.Ed
339.It
340illumos dynamic ELF objects are expected to employ direct bindings whenever
341feasible.
342This runtime binding technique helps to avoid accidental interposition
343problems, and provides a more optimal runtime symbol search model.
344.Pp
345Not inheriting the correct
346.Dv $(LDFLAGS) from
347.Pa cmd/Makefile.cmd ,
348or the correct
349.Dv $(DYNFLAGS)
350from
351.Pa lib/Makefile.lib ,
352are the typical reasons for not enabling direct bindings.
353Dynamic objects that do not contain direct binding information are displayed
354as:
355.Bd -literal
356foo: object has no direct bindings \\
357	<no -B direct or -z direct?>
358.Ed
359.El
360.Pp
361.Nm check_rtime
362also
363uses
364.Xr elfdump 1
365to display useful dynamic entry information under the
366.Fl -i
367option.
368This doesn't necessarily indicate an error condition, but
369provides information that is often useful for gatekeepers to track
370changes in a release.
371Presently the information listed is:
372.Bl -bullet
373.It
374Runpaths are printed for any dynamic object.
375This is a historic sanity check to insure compiler supplied runpaths
376(typically from
377.Nm CC )
378are not recorded in any objects.
379Runpaths are displayed as:
380.Pp
381.Dl foo: RPATH=/usr/bar/lib
382.It
383Needed dependencies are printed for any dynamic object.
384In the freeware world this often helps the introducer of a new
385shared object discover that an existing binary has become its
386consumer, and thus that binaries package dependencies may require updating.
387Dependencies are printed as:
388.Pp
389.Dl foo: NEEDED=bar.so.1
390.It
391Dependencies may be marked as forbidden
392.Pq see Sx EXCEPTION FILE FORMAT
393this allows the build to warn should people use them accidentally.
394Forbidden dependencies are printed as:
395.Pp
396.Dl foo: NEEDED=bar.so.1  <forbidden dependency, missing -nodefaultlibs?>
397.El
398.Pp
399.Nm check_rtime
400uses
401.Xr mcs 1
402to inspect an object's
403.Em .comment
404section.
405During development, this section contains numerous file identifiers
406marked with the tag
407.Qq @(#) .
408For release builds these sections are deleted and rewritten under control of
409the
410.Dv $(POST_PROCESS)
411macro to produce a common release identifier.
412This identifier typically consists of three lines including a single comment
413starting with the string
414.Qq @(#) SunOS .
415If this common identifier isn't found the following diagnostic is generated:
416.Pp
417.Dl foo: non-conforming mcs(1) comment  <no $(POST_PROCESS)?>
418.Pp
419.Nm check_rtime
420uses
421.Xr pvs 1
422to display version definitions under the
423.Fl v
424option.
425Each symbol defined by the object is shown along with the version it belongs to.
426Changes to the symbols defined by an object, or the versions they belong to,
427do not necessarily indicate an error condition, but
428provides information that is often useful for gatekeepers to track
429changes in a release.
430.Sh OPTIONS
431The following options are supported:
432.Bl -tag -width indent
433.It Fl D Ar depfile
434Use
435.Ar depfile
436to generate an alternative dependency mapping.
437.Ar depfile
438must be created by
439.Ic find_elf -r .
440The
441.Fl D
442and
443.Fl d
444options are mutually exclusive.
445.It Fl d Ar depfile
446Use
447.Ar depdir
448to generate an alternative dependency mapping.
449.Xr find_elf 1ONBLD
450is used to locate the ELF sharable objects for which alternative mappings are
451required.
452The
453.Fl D
454and
455.Fl d
456options are mutually exclusive.
457.It Fl E Ar errfile
458Direct error messages for the analyzed objects to
459.Ar errfile
460instead of stdout.
461.It Fl e Ar exfile
462An exception file is used to exclude objects from
463the usual rules.
464See
465.Sx EXCEPTION FILE FORMAT .
466.It Fl f Ar listfile
467Normally,
468.Ic interface_check
469runs
470.Ic find_elf
471to locate the ELF objects to analyze.
472The
473.Fl f
474option can be used to instead provide a file containing the list of objects to
475analyze, in the format produced by
476.Ic find_elf -r .
477.It Fl I Ar infofile
478Direct informational messages (
479.Fl i ,
480and
481.Fl v
482options) for the analyzed objects to
483.Ar infofile
484instead of stdout.
485.It Fl i
486Provide dynamic entry information.
487Presently only dependencies and runpaths are printed.
488.It Fl m
489Enable
490.Xr mcs 1
491checking.
492.It Fl o
493Produce a one-line output for each condition discovered, prefixed
494by the objects name.
495This output style is more terse, but is more appropriate for sorting and
496diffing with previous build results.
497.It Fl s
498Determine whether
499.Em .stabs
500sections exist.
501.It Fl v
502Provide version definition information.
503Each symbol defined by the object is printed along with the version it is
504assigned to.
505.It Fl w Ar outdir
506Interpret the paths of all input and output files relative to
507.Ar outdir .
508.El
509.Sh EXCEPTION FILE FORMAT
510Exceptions to the rules enforced by
511.Nm check_rtime
512are specified using an exception file.
513The
514.Fl -e
515option is used to specify an explicit exception file.
516Otherwise, if used in an activated workspace, the default exception file is
517.Pa $CODEMGR_WS/exception_list/check_rtime
518if that file exists.
519If not used in an activated workspace, or if
520.Pa $CODEMGR_WS/exception_list/check_rtime
521does not exist,
522.Nm check_rtime
523will use
524.Pa /opt/onbld/etc/exception_list/check_rtime
525as a fallback default exception file.
526.Pp
527To run
528.Nm check_rtime
529without applying exceptions, specify
530.Fl e
531with a value of
532.Pa /dev/null .
533.Pp
534A
535.Ql #
536character at the beginning of a line, or at any point in
537a line when preceded by whitespace, introduces a comment.
538Empty lines, and lines containing only comments, are ignored by
539.Nm check_rtime .
540Exceptions are specified as space separated keyword, and
541.Xr perl 1
542regular expression:
543.Pp
544.Dl keyword  perl-regex
545.Pp
546Since whitespace is used as a separator, the regular
547expression cannot itself contain whitespace.
548Use of the
549.Ql \es
550character class to represent whitespace within the regular expression is
551recommended.
552.Pp
553Before the perl regular expression is used, constructs of the form
554.Em MACH(dir)
555are expanded into a regular expression that matches the directory given, as
556well as any 64-bit architecture subdirectory that might be present
557(i.e. amd64, sparcv9). For instance,
558.Em MACH(lib)
559will match any of the following:
560.Bl -tag -width indent
561.It Pa lib
562.It Pa lib/amd64
563.It Pa lib/sparcv9
564.El
565.Pp
566The exceptions understood by
567.Nm check_rtime
568are:
569.Bl -tag -width indent
570.It EXEC_DATA
571Executables that are not required to have non-executable writable
572data segments
573.It EXEC_STACK
574Executables that are not required to have a non-executable stack
575.It NOCRLEALT
576Objects that should be skipped when building the alternative dependency
577mapping via the
578.Fl d
579option.
580.It NODIRECT
581Directories and files that are allowed to have no direct bound symbols.
582.It NOSYMSORT
583Files for which we skip checking of duplicate addresses in the
584symbol sort sections.
585.It OLDDEP
586Objects that used to contain system functionality that has since
587migrated to libc.
588We preserve these libraries as pure filters for backward compatibility but
589nothing needs to link to them.
590.It SKIP
591Directories and/or individual objects to skip.
592Note that SKIP should be a last resort, used only when one of the other
593exceptions will not suffice.
594.It STAB
595Objects that are allowed to contain debugging information (stabs).
596.It TEXTREL
597Objects for which we allow relocations to the text segment.
598.It UNREF_OBJ
599Objects that are allowed to be unreferenced.
600.It UNDEF_REF
601Objects that are allowed undefined references.
602.It UNUSED_DEPS
603Objects that are allowed to have unused dependencies.
604.It UNUSED_OBJ
605Objects that are always allowed to be unused dependencies.
606.It UNUSED_RPATH
607Objects that are allowed to have unused runpath directories.
608.It FORBIDDEN
609Specifies that dependencies on a given object are forbidden.
610.It FORBIDDEN_DEP
611Specifies that a given object is permitted a forbidden dependency.
612.El
613.Sh ALTERNATIVE DEPENDENCY MAPPING
614.Nm check_rtime
615was primarily designed to process a nightly builds
616.Ev $ROOT
617hierarchy.
618It is often the case that objects within this hierarchy must bind to
619dependencies within the same hierarchy to satisfy their requirements.
620.Pp
621To achieve this,
622.Nm check_rtime
623uses the shared objects specified with the
624.Fl D
625or
626.Fl d
627options.
628If neither option is specified, and the
629.Ev $CODEMGR_WS
630and
631.Ev $ROOT
632environment variables are defined, the proto area for the workspace is
633used.
634The objects found are used to create runtime configuration files via
635.Xr crle 1 ,
636that establish the new shared objects as alternatives to their underlying
637system location.
638.Nm check_rtime
639passes these configuration files as
640.Ev LD_CONFIG
641environment variable settings to
642.Xr ldd 1
643using its
644.Fl -e
645option.
646.Pp
647The effect of these configuration files is that the execution of an
648object under
649.Xr ldd 1
650will bind to the dependencies defined as alternatives.
651Simply put, an object inspected in the
652.Pa proto
653area will bind to its dependencies found in the
654.Pa proto
655area.
656Dependencies that have no alternative mapping will continue to bind to the
657underlying system.
658.Sh ENVIRONMENT VARIABLES
659When the
660.Fl D
661or
662.Fl d
663option isn't in use,
664.Nm check_rtime
665uses the following environment variables to
666establish an alternative dependency mapping:
667.Bl -tag -width indent
668.It Ev CODEMGR_WS
669The root of your workspace, which is the directory
670containing
671.Pa .git .
672Existence of this environment variable indicates that
673.Ev $ROOT
674should be investigated.
675.It Ev ROOT
676Root of the
677.Pa proto
678area of your workspace.
679Any shared objects under this directory will be used to establish an
680alternative dependency mapping.
681.El
682If
683.Xr ldd 1
684supports the
685.Fl U
686option, it will be used to determine any unreferenced dependencies.
687Otherwise
688.Xr ldd 1
689uses the older
690.Fl u
691option which only detects unused references.
692If the following environment variable exists, and indicates an earlier release
693than \fB5.10\fP then
694.Xr ldd 1
695also falls back to using the
696.Fl u
697option.
698.Bl -tag -width indent
699.It Ev RELEASE
700The release version number of the environment being built.
701.El
702.Sh ERROR CONDITIONS
703Inspection of an object with
704.Xr ldd 1
705assumes it is compatible with the machine on which
706.Nm check_rtime
707is being run.
708Incompatible objects such as a 64-bit object encountered on a 32-bit system,
709or an i386 object encountered on a sparc system, can not be fully inspected.
710These objects are displayed as:
711.Pp
712.Dl foo: has wrong class or data encoding
713.Sh FILES
714.Bl -tag -width indent
715.It Pa $CODEMGR_WS/exception_list/check_rtime
716.It Pa /opt/onbld/etc/exception_list/check_rtime
717.El
718.Sh SEE ALSO
719.Xr crle 1 ,
720.Xr elfdump 1 ,
721.Xr ld.so.1 1 ,
722.Xr ldd 1 ,
723.Xr mcs 1 ,
724.Xr find_elf 1ONBLD
725