From 324bd1170642cf2c2fd963350aa428e0cc5a88fb Mon Sep 17 00:00:00 2001 From: Nick Clifton Date: Mon, 18 May 2015 14:14:28 +0100 Subject: [PATCH] Add a check that the data area does not overrun the stack. * msp430/msp430-sim.ld (.stack): Add an assertion to make sure that the data area does not overrun the stack. PROVIDE a new symbol __stack_size to allow the user to set the limit. * msp430/msp430xl-sim.ld (.stack): Likewise. * rl78/rl78-sim.ld (.stack): Likewise. * rl78/rl78.ld (.stack): Likewise. * rx/rx-sim.ld (.stack): Likewise. * rx/rx.ld (.stack): Likewise. --- libgloss/ChangeLog | 11 +++++++++++ libgloss/msp430/msp430-sim.ld | 16 ++++++++++++++++ libgloss/msp430/msp430xl-sim.ld | 18 +++++++++++++++++- libgloss/rl78/rl78-sim.ld | 16 ++++++++++++++++ libgloss/rl78/rl78.ld | 16 ++++++++++++++++ libgloss/rx/rx-sim.ld | 18 +++++++++++++++++- libgloss/rx/rx.ld | 18 +++++++++++++++++- 7 files changed, 110 insertions(+), 3 deletions(-) diff --git a/libgloss/ChangeLog b/libgloss/ChangeLog index 5c96c23e8..9988189be 100644 --- a/libgloss/ChangeLog +++ b/libgloss/ChangeLog @@ -1,3 +1,14 @@ +2015-05-18 Nick Clifton + + * msp430/msp430-sim.ld (.stack): Add an assertion to make sure + that the data area does not overrun the stack. PROVIDE a new + symbol __stack_size to allow the user to set the limit. + * msp430/msp430xl-sim.ld (.stack): Likewise. + * rl78/rl78-sim.ld (.stack): Likewise. + * rl78/rl78.ld (.stack): Likewise. + * rx/rx-sim.ld (.stack): Likewise. + * rx/rx.ld (.stack): Likewise. + 2015-05-05 Nick Clifton * msp430/msp430.ld: Delete. diff --git a/libgloss/msp430/msp430-sim.ld b/libgloss/msp430/msp430-sim.ld index 6147cbe72..39fb67f7a 100644 --- a/libgloss/msp430/msp430-sim.ld +++ b/libgloss/msp430/msp430-sim.ld @@ -175,10 +175,26 @@ SECTIONS _end = .; PROVIDE (end = .); + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + .stack (ORIGIN (RAM) + LENGTH(RAM)) : { PROVIDE (__stack = .); *(.stack) + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } /* Make sure that .upper sections are not used without -mlarge support. */ diff --git a/libgloss/msp430/msp430xl-sim.ld b/libgloss/msp430/msp430xl-sim.ld index 1dca58afb..d59cdbf48 100644 --- a/libgloss/msp430/msp430xl-sim.ld +++ b/libgloss/msp430/msp430xl-sim.ld @@ -61,7 +61,7 @@ SECTIONS The same reasoning applies to the absence of definitions for the .either.text, .either.data and .either.bss sections as well. */ - + . = ALIGN(2); *(.rodata .rodata.* .gnu.linkonce.r.* .const .const:*) *(.rodata1) @@ -318,6 +318,17 @@ SECTIONS LONG(0); } > HIFRAM + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + /* Note: We place the stack in HIFRAM because then there is less chance that it will collide with allocated data in the RAM region. In scripts targeted at real MCUs however it may be better to place @@ -329,6 +340,11 @@ SECTIONS .stack (ORIGIN (HIFRAM) + LENGTH (HIFRAM)) : { PROVIDE (__stack = .); + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } .text : diff --git a/libgloss/rl78/rl78-sim.ld b/libgloss/rl78/rl78-sim.ld index 26d62ac40..49442d11e 100644 --- a/libgloss/rl78/rl78-sim.ld +++ b/libgloss/rl78/rl78-sim.ld @@ -122,10 +122,26 @@ SECTIONS } > RAM PROVIDE (__bsssize = SIZEOF(.bss)); + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + .stack (ORIGIN (STACK)) : { PROVIDE (__stack = .); *(.stack) + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } .saddr : { diff --git a/libgloss/rl78/rl78.ld b/libgloss/rl78/rl78.ld index d560b1409..271104af2 100644 --- a/libgloss/rl78/rl78.ld +++ b/libgloss/rl78/rl78.ld @@ -122,10 +122,26 @@ SECTIONS } > RAM PROVIDE (__bsssize = SIZEOF(.bss)); + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + .stack (ORIGIN (STACK)) : { PROVIDE (__stack = .); *(.stack) + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } .saddr : { diff --git a/libgloss/rx/rx-sim.ld b/libgloss/rx/rx-sim.ld index b5802c511..a9bbf1fec 100644 --- a/libgloss/rx/rx-sim.ld +++ b/libgloss/rx/rx-sim.ld @@ -155,10 +155,26 @@ SECTIONS } > RAM PROVIDE (__bsssize = SIZEOF(.bss) / 4); + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + .stack (ORIGIN (STACK)) : { PROVIDE (__stack = .); *(.stack) + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } > STACK /* Providing one of these symbols in your code is sufficient to have @@ -213,7 +229,7 @@ SECTIONS /* DWARF 2 */ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } .debug_abbrev 0 : { *(.debug_abbrev) } - .debug_line 0 : { *(.debug_line) } + .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } .debug_frame 0 : { *(.debug_frame) } .debug_str 0 : { *(.debug_str) } .debug_loc 0 : { *(.debug_loc) } diff --git a/libgloss/rx/rx.ld b/libgloss/rx/rx.ld index f56fe01ea..1a56d8daf 100644 --- a/libgloss/rx/rx.ld +++ b/libgloss/rx/rx.ld @@ -159,10 +159,26 @@ SECTIONS } > RAM PROVIDE (__bsssize = SIZEOF(.bss) / 4); + /* The __stack_size value of 0x100 is just a guess, but since it is + PROVIDEd the user can override it on the command line. It has to be + set here, rather than inside the .stack section, as symbols defined + inside sections are only evaluated during the final phase of the link, + long after the ASSERT is checked. An ASSERT referencing a PROVIDED but + not yet evaluated symbol will automatically fail. + + FIXME: It would be nice if this value could be automatically set via + gcc's -fstack-usage command line option somehow. */ + PROVIDE (__stack_size = 0x100); + .stack (ORIGIN (STACK)) : { PROVIDE (__stack = .); *(.stack) + + /* Linker section checking ignores empty sections like + this one so we have to have our own test here. */ + ASSERT ((__stack > (_end + __stack_size)), + "Error: Too much data - no room left for the stack"); } /* Providing one of these symbols in your code is sufficient to have @@ -217,7 +233,7 @@ SECTIONS /* DWARF 2 */ .debug_info 0 : { *(.debug_info .gnu.linkonce.wi.*) } .debug_abbrev 0 : { *(.debug_abbrev) } - .debug_line 0 : { *(.debug_line) } + .debug_line 0 : { *(.debug_line .debug_line.* .debug_line_end ) } .debug_frame 0 : { *(.debug_frame) } .debug_str 0 : { *(.debug_str) } .debug_loc 0 : { *(.debug_loc) }