xref: /illumos-gate/usr/src/tools/scripts/check_rtime.pl (revision 43b9c05035ac59f7f7a8e7827598db5a15f30ed3)
1#!/usr/perl5/bin/perl -w
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"%Z%%M%	%I%	%E% SMI"
28#
29
30#
31# Check ELF information.
32#
33# This script descends a directory hierarchy inspecting ELF dynamic executables
34# and shared objects.  The general theme is to verify that common Makefile rules
35# have been used to build these objects.  Typical failures occur when Makefile
36# rules are re-invented rather than being inherited from "cmd/lib" Makefiles.
37#
38# As always, a number of components don't follow the rules, and these are
39# excluded to reduce this scripts output.  Pathnames used for this exclusion
40# assume this script is being run over a "proto" area.  The -a (all) option
41# skips any exclusions.
42#
43# By default any file that has conditions that should be reported is first
44# listed and then each condition follows.  The -o (one-line) option produces a
45# more terse output which is better for sorting/diffing with "nightly".
46#
47# NOTE: missing dependencies, symbols or versions are reported by running the
48# file through ldd(1).  As objects within a proto area are built to exist in a
49# base system, standard use of ldd(1) will bind any objects to dependencies
50# that exist in the base system.  It is frequently the case that newer objects
51# exist in the proto area that are required to satisfy other objects
52# dependencies, and without using these newer objects an ldd(1) will produce
53# misleading error messages.  To compensate for this, the -d option (or the
54# existence of the CODEMSG_WS/ROOT environment variables) cause the creation of
55# alternative dependency mappings via crle(1) configuration files that establish
56# any proto shared objects as alternatives to their base system location.  Thus
57# ldd(1) can be executed against these configuration files so that objects in a
58# proto area bind to their dependencies in the same proto area.
59
60
61# Define all global variables (required for strict)
62use vars  qw($SkipDirs $SkipFiles $SkipTextrelFiles $SkipDirectBindFiles);
63use vars  qw($SkipUndefFiles $SkipUnusedDirs);
64use vars  qw($SkipStabFiles $SkipNoExStkFiles $SkipCrleConf);
65use vars  qw($SkipUnusedSearchPath $SkipUnrefObject);
66use vars  qw($Prog $Mach $Isalist $Env $Ena64 $Tmpdir $Error $Gnuc);
67use vars  qw($UnusedPaths $LddNoU $Crle32 $Crle64 $Conf32 $Conf64);
68use vars  qw($SkipDirectBindDirs $SkipInterps $SkipSymSort $OldDeps %opt);
69
70use strict;
71
72
73# Define any directories we should skip completely.
74$SkipDirs = qr{
75	usr/lib/devfsadm |		# 4382889
76	usr/lib/libc |			# optimized libc
77	usr/lib/rcm |			# 4426119
78	usr/perl5 |			# alan's taking care of these :-)
79	usr/src				# no need to look at shipped source
80}x;
81
82# Define any files we should skip completely.
83$SkipFiles = qr{ ^(?:
84	lddstub |			# lddstub has no dependencies
85	geniconvtbl\.so |		# 4384329
86	libssagent\.so\.1 |		# 4328854
87	libpsvcplugin_psr\.so\.1 |	# 4385799
88	libpsvcpolicy_psr\.so\.1 |	#  "  "
89	libpsvcpolicy\.so\.1 |		#  "  "
90	picl_slm\.so |			#  "  "
91	mod_ipp\.so |			# Apache loadable module
92	fptest |	# USIII specific extns. cause ldd noise on USII bld. m/c
93	grub
94	)$
95}x;
96
97# Define any files that are allowed text relocations.
98$SkipTextrelFiles = qr{ ^(?:
99	unix |				# kernel models are non-pic
100	mdb				# relocations against __RTC (dbx)
101	)$
102}x;
103
104# Define any directories or files that are allowed to have no direct bound
105# symbols
106$SkipDirectBindDirs = qr{
107	usr/ucb
108}x;
109
110$SkipDirectBindFiles = qr{ ^(?:
111	unix |
112	sbcp |
113	libproc.so.1 |
114	libnisdb.so.2
115	)$
116}x;
117
118# Define any files that are allowed undefined references.
119
120$SkipUndefFiles = qr{ ^(?:
121	libsvm\.so\.1 |			# libspmicommon.so.1 lacking
122	libnisdb\.so\.2			# C++
123	)$
124}x;
125
126# Define any files that have unused dependencies.
127$SkipUnusedDirs = qr{
128	lib/picl/plugins/ |		# require devtree dependencies
129	/lib/libp			# profile libc makes libm an unused
130}x;					#	dependency of standard libc
131
132# Define any files that should contain debugging information.
133$SkipStabFiles = qr{ ^(?:
134	unix
135	)$
136}x;
137
138# Define any files that don't require a non-executable stack definition.
139$SkipNoExStkFiles = qr{ ^(?:
140	forth |
141	unix |
142	multiboot
143	)$
144}x;
145
146# Identify any files that should be skipped when building a crle(1)
147# configuration file.  As the hwcap libraries can be loop-back mounted onto
148# libc, these can confuse crle(1) because of their identical dev/inode.
149$SkipCrleConf = qr{
150	lib/libc/libc_hwcap
151}x;
152
153# Skip "unused search path=" ldd(1) diagnostics.
154$SkipUnusedSearchPath = qr{
155	/usr/lib/fs/autofs.*\ from\ .automountd |		# dlopen()
156	/etc/ppp/plugins.*\ from\ .*pppd |			# dlopen()
157	/usr/lib/inet/ppp.*\ from\ .*pppd |			# dlopen()
158	/usr/sfw/lib.*\ from\ .*libipsecutil.so.1 |		# dlopen()
159	/usr/platform/.*rsmlib.*\ from\ .*librsm.so.2 |		# dlopen()
160	\$ORIGIN.*\ from\ .*fcode.so |				# dlopen()
161	/usr/platform/.*\ from\ .*/usr/platform |		# picl
162	/usr/lib/picl/.*\ from\ .*/usr/platform |		# picl
163	/usr/platform/.*\ from\ .*/usr/lib/picl |		# picl
164	/usr/lib/smbsrv.*\ from\ .*libsmb\.so\.1 |		# future needs
165	/usr/lib/mps/secv1.*\ from\ .*libnss3\.so |		# non-OSNet
166	/usr/lib/mps.*\ from\ .*libnss3\.so |			# non-OSNet
167	/usr/sfw/lib.*\ from\ .*libdbus-1\.so\.3 |		# non-OSNet
168	/usr/sfw/lib.*\ from\ .*libdbus-glib-1\.so\.2 |		# non-OSNet
169	/usr/sfw/lib.*\ from\ .*libglib-2\.0\.so\.0 |		# non-OSNet
170	/usr/X11/lib.*\ from\ .*libglib-2\.0\.so\.0 |		# non-OSNet
171	/usr/sfw/lib.*\ from\ .*libgobject-2\.0\.so\.0 |	# non-OSNet
172	/usr/X11/lib.*\ from\ .*libgobject-2\.0\.so\.0 |	# non-OSNet
173	/usr/sfw/lib.*\ from\ .*libcrypto\.so\.0\.9\.8 |	# non-OSNet
174	/usr/sfw/lib.*\ from\ .*libnetsnmp\.so\.5 |		# non-OSNet
175	/usr/sfw/lib.*\ from\ .*libgcc_s\.so\.1			# non-OSNet
176}x;
177
178# Skip "unreferenced object=" ldd(1) diagnostics.
179$SkipUnrefObject = qr{
180	/libmapmalloc\.so\.1;\ unused\ dependency\ of |		# interposer
181	/libstdc\+\+\.so\.6;\ unused\ dependency\ of |		# gcc build
182	/libm\.so\.2.*\ of\ .*libstdc\+\+\.so\.6 |		# gcc build
183	/lib.*\ of\ .*/lib/picl/plugins/ |			# picl
184	/lib.*\ of\ .*libcimapi\.so |				# non-OSNET
185	/lib.*\ of\ .*libjvm\.so |				# non-OSNET
186	/lib.*\ of\ .*libnetsnmp\.so\.5 |			# non-OSNET
187	/lib.*\ of\ .*libnetsnmpagent\.so\.5 |			# non-OSNET
188	/lib.*\ of\ .*libnetsnmpmibs\.so\.5 |			# non-OSNET
189	/lib.*\ of\ .*libnetsnmphelpers\.so\.5 |		# non-OSNET
190	/lib.*\ of\ .*libnspr4\.so |				# non-OSNET
191	/lib.*\ of\ .*libsoftokn3\.so |				# non-OSNET
192	/lib.*\ of\ .*libspmicommon\.so\.1 |			# non-OSNET
193	/lib.*\ of\ .*libspmocommon\.so\.1 |			# non-OSNET
194	/lib.*\ of\ .*libssl3\.so |				# non-OSNET
195	/lib.*\ of\ .*libxml2\.so\.2 |				# non-OSNET
196	/lib.*\ of\ .*libxslt\.so\.1				# non-OSNET
197}x;
198
199# Define any files that should only have unused (ldd -u) processing.
200$UnusedPaths = qr{
201	ucb/shutdown			# libucb interposes on libc and makes
202					# dependencies on libc seem unnecessary
203}x;
204
205# Define interpreters we should ignore.
206$SkipInterps = qr{
207	misc/krtld |
208	misc/amd64/krtld |
209	misc/sparcv9/krtld
210}x;
211
212# Catch libintl and libw, although ld(1) will bind to these and thus determine
213# they're needed, their content was moved into libc as of on297 build 7.
214# libthread and libpthread were completely moved into libc as of on10 build 53.
215# libdl was moved into libc as of on10 build 49.  librt and libaio were moved
216# into libc as of Nevada build 44.
217$OldDeps = qr{ ^(?:
218	libintl\.so\.1 |
219	libw\.so\.1 |
220	libthread\.so\.1 |
221	libpthread\.so\.1 |
222	libdl\.so\.1 |
223	librt\.so\.1 |
224	libaio\.so\.1
225	)$
226}x;
227
228# Files for which we skip checking of duplicate addresses in the
229# symbol sort sections. Such exceptions should be rare --- most code will
230# not have duplicate addresses, since it takes assember or a "#pragma weak"
231# to do such aliasing in C. C++ is different: The compiler generates aliases
232# for implementation reasons, and the mangled names used to encode argument
233# and return value types are difficult to handle well in mapfiles.
234# Furthermore, the Sun compiler and gcc use different and incompatible
235# name mangling conventions. Since ON must be buildable by either, we
236# would have to maintain two sets of mapfiles for each such object.
237# C++ use is rare in ON, so this is not worth pursuing.
238#
239$SkipSymSort = qr{ ^.*(?:
240	opt/SUNWdtrt/tst/common/pid/tst.weak2.exe |	# DTrace test
241	lib/amd64/libnsl\.so\.1 |			# C++
242	lib/sparcv9/libnsl\.so\.1 |			# C++
243	lib/sparcv9/libfru\.so\.1 |			# C++
244	usr/lib/sgml/nsgmls |				# C++
245	ld\.so\.1					# libc_pic.a user
246	)$
247}x;
248
249use Getopt::Std;
250
251# -----------------------------------------------------------------------------
252
253# Reliably compare two OS revisions.  Arguments are <ver1> <op> <ver2>.
254# <op> is the string form of a normal numeric comparison operator.
255sub cmp_os_ver {
256	my @ver1 = split(/\./, $_[0]);
257	my $op = $_[1];
258	my @ver2 = split(/\./, $_[2]);
259
260	push @ver2, ("0") x $#ver1 - $#ver2;
261	push @ver1, ("0") x $#ver2 - $#ver1;
262
263	my $diff = 0;
264	while (@ver1 || @ver2) {
265		if (($diff = shift(@ver1) - shift(@ver2)) != 0) {
266			last;
267		}
268	}
269	return (eval "$diff $op 0" ? 1 : 0);
270}
271
272# This script relies on ldd returning output reflecting only the binary
273# contents.  But if LD_PRELOAD* environment variables are present, libraries
274# named by them will also appear in the output, disrupting our analysis.
275# So, before we get too far, scrub the environment.
276
277delete($ENV{LD_PRELOAD});
278delete($ENV{LD_PRELOAD_32});
279delete($ENV{LD_PRELOAD_64});
280
281# Establish a program name for any error diagnostics.
282chomp($Prog = `basename $0`);
283
284# Determine what machinery is available.
285$Mach = `uname -p`;
286$Isalist = `isalist`;
287$Env = "";
288if ($Mach =~ /sparc/) {
289	if ($Isalist =~ /sparcv9/) {
290		$Ena64 = "ok";
291	}
292} elsif ($Mach =~ /i386/) {
293	if ($Isalist =~ /amd64/) {
294		$Ena64 = "ok";
295	}
296}
297
298# Check that we have arguments.
299if ((getopts('ad:imos', \%opt) == 0) || ($#ARGV == -1)) {
300	print "usage: $Prog [-a] [-d depdir] [-m] [-o] [-s] file | dir, ...\n";
301	print "\t[-a]\t\tprocess all files (ignore any exception lists)\n";
302	print "\t[-d dir]\testablish dependencies from under directory\n";
303	print "\t[-i]\t\tproduce dynamic table entry information\n";
304	print "\t[-m]\t\tprocess mcs(1) comments\n";
305	print "\t[-o]\t\tproduce one-liner output (prefixed with pathname)\n";
306	print "\t[-s]\t\tprocess .stab and .symtab entries\n";
307	exit 1;
308} else {
309	my($Proto);
310
311	if ($opt{d}) {
312		# User specified dependency directory - make sure it exists.
313		if (! -d $opt{d}) {
314			print "$Prog: $opt{d} is not a directory\n";
315			exit 1;
316		}
317		$Proto = $opt{d};
318
319	} elsif ($ENV{CODEMGR_WS}) {
320		my($Root);
321
322		# Without a user specified dependency directory see if we're
323		# part of a codemanager workspace and if a proto area exists.
324		if (($Root = $ENV{ROOT}) && (-d $Root)) {
325			$Proto = $Root;
326		}
327	}
328
329	if (!($Tmpdir = $ENV{TMPDIR}) || (! -d $Tmpdir)) {
330		$Tmpdir = "/tmp";
331	}
332
333	# Determine whether this is a __GNUC build.  If so, unused search path
334	# processing is disabled.
335	if (defined $ENV{__GNUC}) {
336		$Gnuc = 1;
337	} else {
338		$Gnuc = 0;
339	}
340
341	# Look for dependencies under $Proto.
342	if ($Proto) {
343		# To support alternative dependency mapping we'll need ldd(1)'s
344		# -e option.  This is relatively new (s81_30), so make sure
345		# ldd(1) is capable before gathering any dependency information.
346		if (system('ldd -e /usr/lib/lddstub 2> /dev/null')) {
347			print "ldd: does not support -e, unable to ";
348			print "create alternative dependency mappingings.\n";
349			print "ldd: option added under 4390308 (s81_30).\n\n";
350		} else {
351			# Gather dependencies and construct a alternative
352			# dependency mapping via a crle(1) configuration file.
353			GetDeps($Proto, "/");
354			GenConf();
355		}
356	}
357
358	# To support unreferenced dependency detection we'll need ldd(1)'s -U
359	# option.  This is relatively new (4638070), and if not available we
360	# can still fall back to -u.  Even with this option, don't use -U with
361	# releases prior to 5.10 as the cleanup for -U use only got integrated
362	# into 5.10 under 4642023.  Note, that nightly doesn't typically set a
363	# RELEASE from the standard <env> files.  Users who wish to disable use
364	# of ldd(1)'s -U should set (or uncomment) RELEASE in their <env> file
365	# if using nightly, or otherwise establish it in their environment.
366	if (system('ldd -U /usr/lib/lddstub 2> /dev/null')) {
367		$LddNoU = 1;
368	} else {
369		my($Release);
370
371		if (($Release = $ENV{RELEASE}) &&
372		    (cmp_os_ver($Release, "<", "5.10"))) {
373			$LddNoU = 1;
374		} else {
375			$LddNoU = 0;
376		}
377	}
378
379	# For each argument determine if we're dealing with a file or directory.
380	foreach my $Arg (@ARGV) {
381		# Ignore symbolic links.
382		if (-l $Arg) {
383			next;
384		}
385
386		if (!stat($Arg)) {
387			next;
388		}
389
390		# Process simple files.
391		if (-f _) {
392			my($RelPath) = $Arg;
393			my($File) = $Arg;
394			my($Secure) = 0;
395
396			$RelPath =~ s!^.*/!./!;
397			$File =~ s!^.*/!!;
398
399			if (-u _ || -g _) {
400				$Secure = 1;
401			}
402
403			ProcFile($Arg, $RelPath, $File, $Secure);
404			next;
405		}
406		# Process directories.
407		if (-d _) {
408			ProcDir($Arg, ".");
409			next;
410		}
411
412		print "$Arg is not a file or directory\n";
413		$Error = 1;
414	}
415
416	# Cleanup
417	CleanUp();
418}
419
420$Error = 0;
421
422# Clean up any temporary files.
423sub CleanUp {
424	if ($Crle64) {
425		unlink $Crle64;
426	}
427	if ($Conf64) {
428		unlink $Conf64;
429	}
430	if ($Crle32) {
431		unlink $Crle32;
432	}
433	if ($Conf32) {
434		unlink $Conf32;
435	}
436}
437
438# Create an output message, either a one-liner (under -o) or preceded by the
439# files relative pathname as a title.
440sub OutMsg {
441	my($Ttl, $Path, $Msg) = @_;
442
443	if ($opt{o}) {
444		$Msg =~ s/^[ \t]*//;
445		print "$Path: $Msg\n";
446	} else {
447		if ($Ttl eq 0) {
448			print "==== $Path ====\n";
449		}
450		print "$Msg\n";
451	}
452}
453
454# Determine whether this a ELF dynamic object and if so investigate its runtime
455# attributes.
456sub ProcFile {
457	my($FullPath, $RelPath, $File, $Secure) = @_;
458	my(@Elf, @Ldd, $Dyn, $Intp, $Dll, $Ttl, $Sym, $Interp, $Stack);
459	my($Sun, $Relsz, $Pltsz, $Tex, $Stab, $Strip, $Lddopt, $SymSort);
460	my($Val, $Header, $SkipLdd, $IsX86, $RWX, $UnDep);
461	my($HasDirectBinding);
462
463	# Ignore symbolic links.
464	if (-l $FullPath) {
465		return;
466	}
467
468	$Ttl = 0;
469	@Ldd = 0;
470
471	# Determine whether we have access to inspect the file.
472	if (!(-r $FullPath)) {
473		OutMsg($Ttl++, $RelPath,
474		    "\tunable to inspect file: permission denied");
475		return;
476	}
477
478	# Determine if this is a file we don't care about.
479	if (!$opt{a}) {
480		if ($File =~ $SkipFiles) {
481			return;
482		}
483	}
484
485	# Determine whether we have a executable (static or dynamic) or a
486	# shared object.
487	@Elf = split(/\n/, `elfdump -epdicy $FullPath 2>&1`);
488
489	$Dyn = $Intp = $Dll = $Stack = $IsX86 = $RWX = 0;
490	$Interp = 1;
491	$Header = 'None';
492	foreach my $Line (@Elf) {
493		# If we have an invalid file type (which we can tell from the
494		# first line), or we're processing an archive, bail.
495		if ($Header eq 'None') {
496			if (($Line =~ /invalid file/) ||
497			    ($Line =~ /$FullPath(.*):/)) {
498				return;
499			}
500		}
501
502		if ($Line =~ /^ELF Header/) {
503			$Header = 'Ehdr';
504
505		} elsif ($Line =~ /^Program Header/) {
506			$Header = 'Phdr';
507			$RWX = 0;
508
509		} elsif ($Line =~ /^Interpreter/) {
510			$Header = 'Intp';
511
512		} elsif ($Line =~ /^Dynamic Section/) {
513			# A dynamic section indicates we're a dynamic object
514			# (this makes sure we don't check static executables).
515			$Dyn = 1;
516
517		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_type:/)) {
518			# The e_type field indicates whether this file is a
519			# shared object (ET_DYN) or an executable (ET_EXEC).
520			if ($Line =~ /ET_DYN/) {
521				$Dll = 1;
522			} elsif ($Line !~ /ET_EXEC/) {
523				return;
524			}
525		} elsif (($Header eq 'Ehdr') && ($Line =~ /ei_class:/)) {
526			# If we encounter a 64-bit object, but we're not running
527			# on a 64-bit system, suppress calling ldd(1).
528			if (($Line =~ /ELFCLASS64/) && !$Ena64) {
529				$SkipLdd = 1;
530			}
531		} elsif (($Header eq 'Ehdr') && ($Line =~ /e_machine:/)) {
532			# If it's a X86 object, we need to enforce RW- data.
533			if (($Line =~ /(EM_AMD64|EM_386)/)) {
534				$IsX86 = 1;
535			}
536		} elsif (($Header eq 'Phdr') &&
537		    ($Line =~ /\[ PF_X  PF_W  PF_R \]/)) {
538			# RWX segment seen.
539			$RWX = 1;
540
541		} elsif (($Header eq 'Phdr') &&
542		    ($Line =~ /\[ PT_LOAD \]/ && $RWX && $IsX86)) {
543			# Seen an RWX PT_LOAD segment.
544			if ($File !~ $SkipNoExStkFiles) {
545				OutMsg($Ttl++, $RelPath,
546				    "\tapplication requires non-executable " .
547				    "data\t<no -Mmapfile_noexdata?>");
548			}
549
550		} elsif (($Header eq 'Phdr') &&
551		    ($Line =~ /\[ PT_SUNWSTACK \]/)) {
552			# This object defines a non-executable stack.
553			$Stack = 1;
554
555		} elsif (($Header eq 'Intp') && !$opt{a} &&
556		    ($Line =~ $SkipInterps)) {
557			# This object defines an interpretor we should skip.
558			$Interp = 0;
559		}
560	}
561
562	# Determine whether this ELF executable or shared object has a
563	# conforming mcs(1) comment section.  If the correct $(POST_PROCESS)
564	# macros are used, only a 3 or 4 line .comment section should exist
565	# containing one or two "@(#)SunOS" identifying comments (one comment
566	# for a non-debug build, and two for a debug build). The results of
567	# the following split should be three or four lines, the last empty
568	# line being discarded by the split.
569	if ($opt{m}) {
570		my(@Mcs, $Con, $Dev);
571
572		@Mcs = split(/\n/, `mcs -p $FullPath 2>&1`);
573
574		$Con = $Dev = $Val = 0;
575		foreach my $Line (@Mcs) {
576			$Val++;
577
578			if (($Val == 3) && ($Line !~ /^@\(#\)SunOS/)) {
579				$Con = 1;
580				last;
581			}
582			if (($Val == 4) && ($Line =~ /^@\(#\)SunOS/)) {
583				$Dev = 1;
584				next;
585			}
586			if (($Dev == 0) && ($Val == 4)) {
587				$Con = 1;
588				last;
589			}
590			if (($Dev == 1) && ($Val == 5)) {
591				$Con = 1;
592				last;
593			}
594		}
595		if ($opt{m} && ($Con == 1)) {
596			OutMsg($Ttl++, $RelPath,
597			    "\tnon-conforming mcs(1) comment\t<no \$(POST_PROCESS)?>");
598		}
599	}
600
601	# Applications should contain a non-executable stack definition.
602	if (($Dll == 0) && ($Stack == 0)) {
603		if (!$opt{a}) {
604			if ($File =~ $SkipNoExStkFiles) {
605				goto DYN;
606			}
607		}
608		OutMsg($Ttl++, $RelPath,
609		    "\tapplication requires non-executable stack\t<no -Mmapfile_noexstk?>");
610	}
611
612DYN:
613	# Having caught any static executables in the mcs(1) check and non-
614	# executable stack definition check, continue with dynamic objects
615	# from now on.
616	if ($Dyn eq 0) {
617		return;
618	}
619
620	# Only use ldd unless we've encountered an interpreter that should
621	# be skipped.
622	if (!$SkipLdd && $Interp) {
623		my $LDDFullPath = $FullPath;
624
625		if ($Secure) {
626			# The execution of a secure application over an nfs file
627			# system mounted nosuid will result in warning messages
628			# being sent to /var/adm/messages.  As this type of
629			# environment can occur with root builds, move the file
630			# being investigated to a safe place first.  In addition
631			# remove its secure permission so that it can be
632			# influenced by any alternative dependency mappings.
633
634			my($TmpPath) = "$Tmpdir/$File";
635
636			system('cp', $LDDFullPath, $TmpPath);
637			chmod 0777, $TmpPath;
638			$LDDFullPath = $TmpPath;
639		}
640
641		# Use ldd(1) to determine the objects relocatability and use.
642		# By default look for all unreferenced dependencies.  However,
643		# some objects have legitimate dependencies that they do not
644		# reference.
645		if ($LddNoU || ($RelPath =~ $UnusedPaths)) {
646			$Lddopt = "-ru";
647		} else {
648			$Lddopt = "-rU";
649		}
650		@Ldd = split(/\n/, `ldd $Lddopt $Env $LDDFullPath 2>&1`);
651		if ($Secure) {
652			unlink $LDDFullPath;
653		}
654	}
655
656	$Val = 0;
657	$Sym = 5;
658	$UnDep = 1;
659
660	foreach my $Line (@Ldd) {
661
662		if ($Val == 0) {
663			$Val = 1;
664			# Make sure ldd(1) worked.  One possible failure is that
665			# this is an old ldd(1) prior to -e addition (4390308).
666			if ($Line =~ /usage:/) {
667				$Line =~ s/$/\t<old ldd(1)?>/;
668				OutMsg($Ttl++, $RelPath, $Line);
669				last;
670			} elsif ($Line =~ /execution failed/) {
671				OutMsg($Ttl++, $RelPath, $Line);
672				last;
673			}
674
675			# It's possible this binary can't be executed, ie. we've
676			# found a sparc binary while running on an intel system,
677			# or a sparcv9 binary on a sparcv7/8 system.
678			if ($Line =~ /wrong class/) {
679				OutMsg($Ttl++, $RelPath,
680				    "\thas wrong class or data encoding");
681				next;
682			}
683
684			# Historically, ldd(1) likes executable objects to have
685			# their execute bit set.  Note that this test isn't
686			# applied unless the -a option is in effect, as any
687			# non-executable files are skipped by default to reduce
688			# the cost of running this script.
689			if ($Line =~ /not executable/) {
690				OutMsg($Ttl++, $RelPath,
691				    "\tis not executable");
692				next;
693			}
694		}
695
696		# Look for "file" or "versions" that aren't found.  Note that
697		# these lines will occur before we find any symbol referencing
698		# errors.
699		if (($Sym == 5) && ($Line =~ /not found\)/)) {
700			if ($Line =~ /file not found\)/) {
701				$Line =~ s/$/\t<no -zdefs?>/;
702			}
703			OutMsg($Ttl++, $RelPath, $Line);
704			next;
705		}
706		# Look for relocations whose symbols can't be found.  Note, we
707		# only print out the first 5 relocations for any file as this
708		# output can be excessive.
709		if ($Sym && ($Line =~ /symbol not found/)) {
710			# Determine if this file is allowed undefined
711			# references.
712			if ($Sym == 5) {
713				if (!$opt{a}) {
714					if ($File =~ $SkipUndefFiles) {
715						$Sym = 0;
716						next;
717					}
718				}
719			}
720			if ($Sym-- == 1) {
721				if (!$opt{o}) {
722					OutMsg($Ttl++, $RelPath,
723					    "\tcontinued ...");
724				}
725				next;
726			}
727			# Just print the symbol name.
728			$Line =~ s/$/\t<no -zdefs?>/;
729			OutMsg($Ttl++, $RelPath, $Line);
730			next;
731		}
732		# Look for any unused search paths.
733		if ($Line =~ /unused search path=/) {
734			# Note, skip this comparison for __GNUC builds, as the
735			# gnu compilers insert numerous unused search paths.
736			if ($Gnuc == 1) {
737				next;
738			}
739			if (!$opt{a}) {
740				if ($Line =~ $SkipUnusedSearchPath) {
741					next;
742				}
743			}
744			if ($Secure) {
745				$Line =~ s!$Tmpdir/!!;
746			}
747			$Line =~ s/^[ \t]*(.*)/\t$1\t<remove search path?>/;
748			OutMsg($Ttl++, $RelPath, $Line);
749			next;
750		}
751		# Look for unreferenced dependencies.  Note, if any unreferenced
752		# objects are ignored, then set $UnDep so as to suppress any
753		# associated unused-object messages.
754		if ($Line =~ /unreferenced object=/) {
755			if (!$opt{a}) {
756				if ($Line =~ $SkipUnrefObject) {
757					$UnDep = 0;
758					next;
759				}
760			}
761			if ($Secure) {
762				$Line =~ s!$Tmpdir/!!;
763			}
764			$Line =~ s/^[ \t]*(.*)/\t$1\t<remove lib or -zignore?>/;
765			OutMsg($Ttl++, $RelPath, $Line);
766			next;
767		}
768		# Look for any unused dependencies.
769		if ($UnDep && ($Line =~ /unused/)) {
770			if (!$opt{a}) {
771				if ($RelPath =~ $SkipUnusedDirs) {
772					$UnDep = 0;
773					next;
774				}
775			}
776			if ($Secure) {
777				$Line =~ s!$Tmpdir/!!;
778			}
779			$Line =~ s/^[ \t]*(.*)/\t$1\t<remove lib or -zignore?>/;
780			OutMsg($Ttl++, $RelPath, $Line);
781			next;
782		}
783	}
784
785	# Reuse the elfdump(1) data to investigate additional dynamic linking
786	# information.
787
788	$Sun = $Relsz = $Pltsz = $Dyn = $Stab = $SymSort = 0;
789	$Tex = $Strip = 1;
790	$HasDirectBinding = 0;
791
792	$Header = 'None';
793ELF:	foreach my $Line (@Elf) {
794		# We're only interested in the section headers and the dynamic
795		# section.
796		if ($Line =~ /^Section Header/) {
797			$Header = 'Shdr';
798
799			if (($Sun == 0) && ($Line =~ /\.SUNW_reloc/)) {
800				# This object has a combined relocation section.
801				$Sun = 1;
802
803			} elsif (($Stab == 0) && ($Line =~ /\.stab/)) {
804				# This object contain .stabs sections
805				$Stab = 1;
806			} elsif (($SymSort == 0) &&
807				 ($Line =~ /\.SUNW_dyn(sym)|(tls)sort/)) {
808				# This object contains a symbol sort section
809				$SymSort = 1;
810			}
811
812			if (($Strip == 1) && ($Line =~ /\.symtab/)) {
813				# This object contains a complete symbol table.
814				$Strip = 0;
815			}
816			next;
817
818		} elsif ($Line =~ /^Dynamic Section/) {
819			$Header = 'Dyn';
820			next;
821		} elsif ($Line =~ /^Syminfo Section/) {
822			$Header = 'Syminfo';
823			next;
824		} elsif (($Header ne 'Dyn') && ($Header ne 'Syminfo')) {
825			next;
826		}
827
828		# Look into the Syminfo section.
829		# Does this object have at least one Directly Bound symbol?
830		if (($Header eq 'Syminfo')) {
831			my(@Symword);
832
833			if ($HasDirectBinding == 1) {
834				next;
835			}
836
837			@Symword = split(' ', $Line);
838
839			if (!defined($Symword[1])) {
840				next;
841			}
842			if ($Symword[1] =~ /B/) {
843				$HasDirectBinding = 1;
844			}
845			next;
846		}
847
848		# Does this object contain text relocations.
849		if ($Tex && ($Line =~ /TEXTREL/)) {
850			# Determine if this file is allowed text relocations.
851			if (!$opt{a}) {
852				if ($File =~ $SkipTextrelFiles) {
853					$Tex = 0;
854					next ELF;
855				}
856			}
857			OutMsg($Ttl++, $RelPath,
858			    "\tTEXTREL .dynamic tag\t\t\t<no -Kpic?>");
859			$Tex = 0;
860			next;
861		}
862
863		# Does this file have any relocation sections (there are a few
864		# psr libraries with no relocations at all, thus a .SUNW_reloc
865		# section won't exist either).
866		if (($Relsz == 0) && ($Line =~ / RELA?SZ/)) {
867			$Relsz = hex((split(' ', $Line))[2]);
868			next;
869		}
870
871		# Does this file have any plt relocations.  If the plt size is
872		# equivalent to the total relocation size then we don't have
873		# any relocations suitable for combining into a .SUNW_reloc
874		# section.
875		if (($Pltsz == 0) && ($Line =~ / PLTRELSZ/)) {
876			$Pltsz = hex((split(' ', $Line))[2]);
877			next;
878		}
879
880		# Does this object have any dependencies.
881		if ($Line =~ /NEEDED/) {
882			my($Need) = (split(' ', $Line))[3];
883
884			if ($Need =~ $OldDeps) {
885				# Catch any old (unnecessary) dependencies.
886				OutMsg($Ttl++, $RelPath,
887				    "\tNEEDED=$Need\t<dependency no longer necessary>");
888			} elsif ($opt{i}) {
889				# Under the -i (information) option print out
890				# any useful dynamic entries.
891				OutMsg($Ttl++, $RelPath, "\tNEEDED=$Need");
892			}
893			next;
894		}
895
896		# Is this object built with -B direct flag on?
897		if ($Line =~ / DIRECT /) {
898			$HasDirectBinding = 1;
899		}
900
901		# Does this object specify a runpath.
902		if ($opt{i} && ($Line =~ /RPATH/)) {
903			my($Rpath) = (split(' ', $Line))[3];
904			OutMsg($Ttl++, $RelPath, "\tRPATH=$Rpath");
905			next;
906		}
907	}
908
909	# A shared object, that contains non-plt relocations, should have a
910	# combined relocation section indicating it was built with -z combreloc.
911	if ($Dll && $Relsz && ($Relsz != $Pltsz) && ($Sun == 0)) {
912		OutMsg($Ttl++, $RelPath,
913		    "\tSUNW_reloc section missing\t\t<no -zcombreloc?>");
914	}
915
916	# No objects released to a customer should have any .stabs sections
917	# remaining, they should be stripped.
918	if ($opt{s} && $Stab) {
919		if (!$opt{a}) {
920			if ($File =~ $SkipStabFiles) {
921				goto DONESTAB;
922			}
923		}
924		OutMsg($Ttl++, $RelPath,
925		    "\tdebugging sections should be deleted\t<no strip -x?>");
926	}
927
928	# Identify an object that is not built with either -B direct or
929	# -z direct.
930	if (($RelPath =~ $SkipDirectBindDirs) ||
931	    ($File =~ $SkipDirectBindFiles)) {
932		goto DONESTAB;
933	}
934	if ($Relsz && ($HasDirectBinding == 0)) {
935		OutMsg($Ttl++, $RelPath,
936		    "\tobject has no direct bindings\t<no -B direct or -z direct?>");
937	}
938
939DONESTAB:
940
941	# All objects should have a full symbol table to provide complete
942	# debugging stack traces.
943	if ($Strip) {
944		OutMsg($Ttl++, $RelPath,
945		    "\tsymbol table should not be stripped\t<remove -s?>");
946	}
947
948	# If there are symbol sort sections in this object, report on
949	# any that have duplicate addresses.
950	ProcSymSort($FullPath, $RelPath, \$Ttl) if $SymSort;
951}
952
953
954## ProcSymSortOutMsg(RefTtl, RelPath, secname, addr, names...)
955#
956# Call OutMsg for a duplicate address error in a symbol sort
957# section
958#
959sub ProcSymSortOutMsg {
960	my($RefTtl, $RelPath, $secname, $addr, @names) = @_;
961
962	OutMsg($$RefTtl++, $RelPath,
963	    "$secname: duplicate $addr: ". join(', ', @names));
964}
965
966
967## ProcSymSort(FullPath, RelPath)
968#
969# Examine the symbol sort sections for the given object and report
970# on any duplicate addresses found.  Ideally, mapfile directives
971# should be used when building objects that have multiple symbols
972# with the same address so that only one of them appears in the sort
973# section. This saves space, reduces user confusion, and ensures that
974# libproc and debuggers always display public names instead of symbols
975# that are merely implementation details.
976#
977sub ProcSymSort {
978
979	my($FullPath, $RelPath, $RefTtl) = @_;
980
981	# If this object is exempt from checking, return quietly
982	return if ($FullPath =~ $SkipSymSort);
983
984
985	open(SORT, "elfdump -S $FullPath|") ||
986	    die "$Prog: Unable to execute elfdump (symbol sort sections)\n";
987
988	my $line;
989	my $last_addr;
990	my @dups = ();
991	my $secname;
992	while ($line = <SORT>) {
993		chomp $line;
994
995		next if ($line eq '');
996
997		# If this is a header line, pick up the section name
998		if ($line =~ /^Symbol Sort Section:\s+([^\s]+)\s+/) {
999			$secname = $1;
1000
1001			# Every new section is followed by a column header line
1002			$line = <SORT>;		# Toss header line
1003
1004			# Flush anything left from previous section
1005			ProcSymSortOutMsg($RefTtl, $RelPath, $secname,
1006			    $last_addr, @dups) if (scalar(@dups) > 1);
1007
1008			# Reset variables for new sort section
1009			$last_addr = '';
1010			@dups = ();
1011
1012			next;
1013		}
1014
1015		# Process symbol line
1016		my @fields = split /\s+/, $line;
1017		my $new_addr = $fields[2];
1018		my $new_name = $fields[9];
1019
1020		if ($new_addr eq $last_addr) {
1021			push @dups, $new_name;
1022		} else {
1023			ProcSymSortOutMsg($RefTtl, $RelPath, $secname,
1024			    $last_addr, @dups) if (scalar(@dups) > 1);
1025			@dups = ( $new_name );
1026			$last_addr = $new_addr;
1027		}
1028	}
1029
1030	ProcSymSortOutMsg($RefTtl, $RelPath, $secname, $last_addr, @dups)
1031		if (scalar(@dups) > 1);
1032
1033	close SORT;
1034}
1035
1036
1037sub ProcDir {
1038	my($FullDir, $RelDir) = @_;
1039	my($NewFull, $NewRel);
1040
1041	# Determine if this is a directory we don't care about.
1042	if (!$opt{a}) {
1043		if ($RelDir =~ $SkipDirs) {
1044			return;
1045		}
1046	}
1047
1048	# Open the directory and read each entry, omit files starting with "."
1049	if (opendir(DIR, $FullDir)) {
1050		foreach my $Entry (readdir(DIR)) {
1051			if ($Entry =~ /^\./) {
1052				next;
1053			}
1054			$NewFull = "$FullDir/$Entry";
1055
1056			# Ignore symlinks.
1057			if (-l $NewFull) {
1058				next;
1059			}
1060			if (!stat($NewFull)) {
1061				next;
1062			}
1063			$NewRel = "$RelDir/$Entry";
1064
1065			# Descend into and process any directories.
1066			if (-d _) {
1067				ProcDir($NewFull, $NewRel);
1068				next;
1069			}
1070
1071			# Typically dynamic objects are executable, so we can
1072			# reduce the overall cost of this script (a lot!) by
1073			# screening out non-executables here, rather than pass
1074			# them to file(1) later.  However, it has been known
1075			# for shared objects to be mistakenly left non-
1076			# executable, so with -a let all files through so that
1077			# this requirement can be verified (see ProcFile()).
1078			if (!$opt{a}) {
1079				if (! -x _) {
1080					next;
1081				}
1082			}
1083
1084			# Process any standard files.
1085			if (-f _) {
1086				my($Secure) = 0;
1087
1088				if (-u _ || -g _) {
1089					$Secure = 1;
1090				}
1091
1092				ProcFile($NewFull, $NewRel, $Entry, $Secure);
1093				next;
1094			}
1095
1096		}
1097		closedir(DIR);
1098	}
1099}
1100
1101# Create a crle(1) script for any 64-bit dependencies we locate.  A runtime
1102# configuration file will be generated to establish alternative dependency
1103# mappings for all these dependencies.
1104
1105sub Entercrle64 {
1106	my($FullDir, $RelDir, $Entry) = @_;
1107
1108	if (!$Crle64) {
1109		# Create and initialize the script if is doesn't already exit.
1110
1111		$Crle64 = "$Tmpdir/$Prog.crle64.$$";
1112		open(CRLE64, "> $Crle64") ||
1113			die "$Prog: open failed: $Crle64: $!";
1114
1115		print CRLE64 "#!/bin/sh\ncrle -64\\\n";
1116	}
1117	print CRLE64 "\t-o $FullDir -a $RelDir/$Entry \\\n";
1118}
1119
1120# Create a crle(1) script for any 32-bit dependencies we locate.  A runtime
1121# configuration file will be generated to establish alternative dependency
1122# mappings for all these dependencies.
1123
1124sub Entercrle32 {
1125	my($FullDir, $RelDir, $Entry) = @_;
1126
1127	if (!$Crle32) {
1128		# Create and initialize the script if is doesn't already exit.
1129
1130		$Crle32 = "$Tmpdir/$Prog.crle32.$$";
1131		open(CRLE32, "> $Crle32") ||
1132			die "$Prog: open failed: $Crle32: $!";
1133
1134		print CRLE32 "#!/bin/sh\ncrle \\\n";
1135	}
1136	print CRLE32 "\t-o $FullDir -a $RelDir/$Entry \\\n";
1137}
1138
1139# Having finished gathering dependencies, complete any crle(1) scripts and
1140# execute them to generate the associated runtime configuration files.  In
1141# addition establish the environment variable required to pass the configuration
1142# files to ldd(1).
1143
1144sub GenConf {
1145	if ($Crle64) {
1146		$Conf64 = "$Tmpdir/$Prog.conf64.$$";
1147		print CRLE64 "\t-c $Conf64\n";
1148
1149		chmod 0755, $Crle64;
1150		close CRLE64;
1151
1152		if (system($Crle64)) {
1153			undef $Conf64;
1154		}
1155	}
1156	if ($Crle32) {
1157		$Conf32 = "$Tmpdir/$Prog.conf32.$$";
1158		print CRLE32 "\t-c $Conf32\n";
1159
1160		chmod 0755, $Crle32;
1161		close CRLE32;
1162
1163		if (system($Crle32)) {
1164			undef $Conf32;
1165		}
1166	}
1167
1168	if ($Crle64 && $Conf64 && $Crle32 && $Conf32) {
1169		$Env = "-e LD_FLAGS=config_64=$Conf64,config_32=$Conf32";
1170	} elsif ($Crle64 && $Conf64) {
1171		$Env = "-e LD_FLAGS=config_64=$Conf64";
1172	} elsif ($Crle32 && $Conf32) {
1173		$Env = "-e LD_FLAGS=config_32=$Conf32";
1174	}
1175}
1176
1177# Recurse through a directory hierarchy looking for appropriate dependencies.
1178
1179sub GetDeps {
1180	my($FullDir, $RelDir) = @_;
1181	my($NewFull);
1182
1183	# Open the directory and read each entry, omit files starting with "."
1184	if (opendir(DIR, $FullDir)) {
1185		 foreach my $Entry (readdir(DIR)) {
1186			if ($Entry =~ /^\./) {
1187				next;
1188			}
1189			$NewFull = "$FullDir/$Entry";
1190
1191			# We need to follow links so that any dependencies
1192			# are expressed in all their available forms.
1193			# Bail on symlinks like 32 -> .
1194			if (-l $NewFull) {
1195				if (readlink($NewFull) =~ /^\.$/) {
1196					next;
1197				}
1198			}
1199			if (!stat($NewFull)) {
1200				next;
1201			}
1202
1203			if (!$opt{a}) {
1204				if ($NewFull =~ $SkipCrleConf) {
1205					next;
1206				}
1207			}
1208
1209			# If this is a directory descend into it.
1210			if (-d _) {
1211				my($NewRel);
1212
1213				if ($RelDir =~ /^\/$/) {
1214					$NewRel = "$RelDir$Entry";
1215				} else {
1216					$NewRel = "$RelDir/$Entry";
1217				}
1218
1219				GetDeps($NewFull, $NewRel);
1220				next;
1221			}
1222
1223			# If this is a regular file determine if its a
1224			# valid ELF dependency.
1225			if (-f _) {
1226				my($File);
1227
1228				# Typically shared object dependencies end with
1229				# ".so" or ".so.?", hence we can reduce the cost
1230				# of this script (a lot!) by screening out files
1231				# that don't follow this pattern.
1232				if (!$opt{a}) {
1233					if ($Entry !~ /\.so(?:\.\d+)*$/) {
1234						next;
1235					}
1236				}
1237
1238				$File = `file $NewFull`;
1239				if ($File !~ /dynamic lib/) {
1240					next;
1241				}
1242
1243				if ($File =~ /32-bit/) {
1244					Entercrle32($FullDir, $RelDir, $Entry);
1245				} elsif ($Ena64) {
1246					Entercrle64($FullDir, $RelDir, $Entry);
1247				}
1248				next;
1249			}
1250		}
1251		closedir(DIR);
1252	}
1253}
1254exit $Error
1255