Censorship, Freedom of Speech, Privacy

Please join the Electronic Frontier Foundation ( EFF.org ) and the fight for your rights on the Internet. I have not received any National Security Letter.

HOME Software Lotus Cars DWARF Kindle eeepc PALM RPM Building

graphic with lotus europa and lotus elan

David A's DWARF Page


libdwarf and dwarfdump are Free Software.

Though the software is free to you it takes time and effort to improve it. Any financial support you can provide would most welcome. Thank you.

The distribution consists of C and C++ source code that you compile with your C/C++ compiler (documentation is included).

Beginning May 4, 2016 there is a list of critical vulnerabilities in libdwarf. Critical because these lead to serious difficulties where the calling application could crash (segfault, etc).

For a list of current known vulnerabilities and status, see https://www.prevanders.net/dwarfbug.html

For an xml version of the same data one should refer to https://www.prevanders.net/dwarfbug.xml

The DWARF Debugging Information Format is of interest to programmers working on compilers and debuggers (and anyone interested in reading or writing DWARF information). It was developed by a committee (known as the PLSIG at the time) starting around 1991. Starting around 1991 SGI got involved with the committee and then developed the libdwarf and dwarfdump tools for SGI-internal use and as part of SGI IRIX developer tools. From around 1993 dwarfdump and libdwarf were shipped (as an executable and archive respectively, not source) with every release of the SGI MIPS/IRIX C compiler. In 1994 (I think the correct year) SGI agreed (at my request) to open-source libdwarf (and in 1999 to open-source dwarfdump) so anyone could use them.

License terms are mostly GPL (version 2) or LGPL (version 2.1). The details are discussed in the license page.

DWARF specifications and the dwarf email forums are at http://www.dwarfstd.org. You can sign up for an email discussion list there.

Email about libdwarf and dwarfdump may be sent to libdwarf-list -at- linuxmail -dot- org (replace -at- and -dot- with the normal single characters to form the email address).


Work In Progress 2018-11-30

Thanks to the absolutely crucial work of Vincent Torri libdwarf now also reads (and dwarfdump dumps) the DWARF4 from Microsoft PE object files created by GNU tools. The code is on sourceforge. In addition libdwarf now supports DW_FORM_implicit_const properly thanks to dark-dork on sourceforge asking whether libdwarf was correct (it was not, but now it is). (November 30, 2018)

Thanks to Eeri Kask for finding a big-endian host to build and execute dwarfdump. Now that works for Elf and mach-o objects (either-endian build reading either-endian objects). (November 24, 2018)

Thanks entirely to Carlos Alberto Enciso dwarfdump now has very nice long-option-names for all options (the existing options continue to work). Try "dwarfdump --help-extended" to see both long and short forms of the options. Cmake works again. Version is 20181024. dwarfdump (and libdwarf) now read mach-o dSYM DWARF data as well as Elf (no new libraries required). (October 25, 2018)

New source files in libdwarf and restructuring in dwarfdump so we can dump DWARF from more than one object file type. Only the Elf portions known to work. Some configure.ac additions for the new code break cmake build. Sorry. If you need cmake use git version c3cf01f5294e1cdb22cbc2fa9bbbab96aa2b933e (Oct 15). (October 19, 2018)

Thanks to Doug Gilmore for advising us that readelf was sometimes complaining about a wasted byte in a libdwarf-generated .debug_info section and for providing a trivial a.out demonstrating the issue. dwarfdump does not notice because libdwarf has no notion of returning the 'null-die' wheither it is ending a sibling list or just an extra zero byte. (October 15, 2018)

Over the next few months the dwarf_elf_init_b() and dwarf_elf_init() libdwarf interfaces are going to be officially deprecated. Instead the existing interface dwarf_init_b( which takes a linux/unix fd) and a new interface dwarf_init_path(which takes a file name) will be preferred. Please switch to using dwarf_init_b() when convenient, something that has long been available. In addition, support for Mach-o objects (dSYM DWARF specifically) will be added soon. All the object reading will be through new object readers implemented from scratch and using new function interfaces (not libelf interfaces). (October 3, 2018)

Release generation fixed so cmake works on future released .tar.gz distributions. Thanks to Tetsuya Ooka for letting us know about the breakage from the new configure. A few other files of interest are also included in releases (left out by accident). (September 21, 2018)

Changes commited today fixed the cmake build. As git does not maintain timestamps when retrieving from the repository, and as the new configure depends on timestamps you may see a warning about aclocal 1.15 being missing. From the top level directory do "sh scripts/FIX-CONFIGURE-TIMES" to restore appropriate timestamp relationships and fix the problem. It's always safe to run this command. The command checks that it is being run from an appropriate top-level libdwarf directory before doing anything. (August 23, 2018)

The configure was released 2018-08-09 and it allows but ignores --enable-wall. The commit today ( 3df4ba4cdfe ...) restores --enable-wall functionality. It also removes a small number of unused local variables. And fixes a nonsensical dwarfdump naming of a .debug_names section as .debug_str (not that one has yet seen the .debug_names section in an object file.) (August 21, 2018)

The new configure pushed to sourceforge A complete rewrite of the configure code is on sourceforge. It will all be simpler, easier to maintain, more accurate across the wide variety of systems that can use configure, and follow modern standard practices. Default simple configure/build will work as always, but those doing special configure options or special builds may have to change their configure options. See the README and NEWS files in the source. Thanks to Vincent Torri for undertaking this project. (July 19, 2018)

Simplifications of the current configure code are done (some pushed to sourceforge already), along with simplification of the source in some places to reflect the changes and a configure rewrite. (June 15, 2018)

dwarfdump has a new option: --print-str-offsets . Combined with new interfaces in libdwarf (such as dwarf_open_str_offsets_table_access(), see libdwarf2.1.pdf around page 133) it is possible to print the entire .debug_str_offsets section independently of anything else. It's a good idea to try this yourself on any DWARF5 objects you have on hand as at least one compiler seems to have gotten the section a bit wrong. If there is no .debug_str_offsets section --print-str-offsets generates no output. (April 14, 2018)

Vincent Torri noticed that some aspects of the configure files were using deprecated (old) features. With his help we are now only using current features of configure, one thinks. Regrettably, the cmake build files have ceased working properly. We do not have a fix for this currently. (April 10, 2018)

Carlos Alberto-Enciso provided a DWARF5 object file created by clang/llvm which exposed omissions in handling DWARF5 FORM codes. There are not enough tests in hand to suggest how much of DWARF5 is read correctly, but this is progress. (March 24, 2018)

Thanks to Agostino Sarubbo for finding inadequate checks for corrupted DWARF data in libdwarf and dwarfdump when reading a corrupted frame section. And for providing small test cases. Dwarfdump is decoding the frame instructions itself so most of the corruption checking has to be in dwarfdump. Pushed to sourceforge. Assigned vulnerability DW201801-001. (January 29, 2018)

Thanks to David Binderman for pointing out that a few lines in dwarf_macro5.c were dead code. The dead code has been removed and the change pushed to sourceforge. (January 05, 2018)

Thanks to Eeri Kask for pointing out a memory leak in the example program simplereader.c (December 21, 2017)

Thanks to James Lowden for contributing a much more complete dwarfgen.1 man page. (December 4, 2017)

Thanks to Agostino Sarubbo for finding a bug in libdwarf when reading a carefully corrupted .eh_frame section and providing a small test case. This is assigned DW201712-001. The fix has been pushed to sourceforge. (December 1, 2017)

Thanks to Agostino Sarubbo for finding bugs in dwarfdump when reading an archive file: memory was used after free() and there were other problems. (The -k options worked poorly with archives before these fixes.) Fixes pushed to sourceforge. Sarubbo also reported cases of dereferences reading a corrupted (fuzzed) object and several such problems are now fixed. (November 08, 2017)

Option handling now allows --longnamearguments, something that will help with dwarfgen and dwarfdump as new features are added (dwarfdump uses up nearly all single letters, and dwarfgen will benefit from having meaningful names for new command line arguments). (October 16, 2017)

dwarf.h said DW_AT_ranges_base and DW_SECT_LOC but the final released DWARF5 used DW_AT_rnglists_base and DW_SECT_LOCLISTS, respectively. Now dwarf.h is correct. (October 5, 2017)

Thanks to Agostino Sarubbo for finding a vulnerability in libdwarf. A carefully constructed invalid abbrev section could crash an application using libdwarf. Assigned DW201709-001 as the identifier. (Fix will be pushed to Sourceforge.net when Sourceforge comes back on line. Sept 26, 2017)

Thanks to Dvir Yitzchaki for helping correct cmake builds and Windows builds. One cannot use cmake to build on FreeBSD as the cmake configury does not yet deal with 'struct _Elf'. The VMs for testing on FreeBSD are now at 11.1 (previously used 9.1) (August 22, 2017)

Thanks to Norm Jacobs for noticing a SPARC relocation type was missing from EM_SPARC32PLUS machine relocation checks and for providing a very concise testcase. (June 29, 2017)

dwarfdump can list Elf section and relocation details but it was not dealing sensibly with objects containing section-groups (COMDAT) and left out some DWARF-related relocation sections until now. There are better section and relocation listing programs (readelf, for example) but dwarfdump can do it too. Pushed to sourceforge. (May 28, 2017)

Now libdwarf and dwarfdump can deal with split dwarf and COMDAT sections in a sensible fashion. A next task is to document the new functions in libdwarf2.1.mm If you do not need these sorts of DWARF handling then there is nothing new or different here for you. Given recent compiler changes you might be surprised how much COMDAT is emitted in DWARF4, and dwarfdump will tell you about it. Pushed to sourceforge. (May 17, 2017)

Beginning work on emitting at least basic DWARF5 from the producer code and dwarfgen with the intent of also emitting the .debug_names section. At this point some basic DWARF5 can be emitted from dwarfgen and read properly by dwarfdump. (April 21, 2017)

Thanks to Sid Price for reporting three functions named in libdwarf.h that were not implemented. Deleted from the header since those serve no purpose. After that change issued a tar.gz release as there have been a few fixes since the last release. (April 16,2017)

Thanks to Alexandr Terekhov for noticing that dwarf_dietype_offset() leaked memory essentially every time it was called. The fix is a single additional line, a call to dwarf_dealloc(). Remembered to update dwarfdump version strings. (March 23,2017)

Thanks to Marcel Bohme and Van-Thuan Pham for finding some out of bounds reads and providing test cases. The fixes have been pushed to SourceForge. (March 22, 2017)

Thanks to Emre Kultursay for reporting a bug (and providing a test case!) in the handling of location expressions for DWP/DWO DWARF5 content in DWARF4. (A combination that only a few will encounter). The fix has been pushed to sourceforge. (March 04, 2017)

Profound thanks to Carlos Alberto Enciso for finding a long-standing bug in dwarfdump/esb.c. What should be a final DWARF5 dwarf.h is on sourceforge (in libdwarf source as usual) and on this web site. (January 31, 2017)

Sture Carlson reports a new problem compiling libdwarf/dwarf_elf_access.c in CentOS. CentOS-7.3 libelf.h makes an assumption of the connection between SHF_COMPRESSED and Elf32(64)_Chdr that conflicts with libdwarf coding. Moving the SHF_COMPRESSED from a libdwarf header to a C file in libdwarf source fixes the problem very simply. The libdwarf fix is now on sourceforge. (December 20, 2016)

Thanks to Dvir Yitzchaki for contributing cmake files so cmake enthusiasts can build libdwarf etc with their favorite tool, and that is on sourceforge now. He also contributed some changes to make a build on Windows easier and those are under review now. (November 30, 2016)

The release was done 2016-09-23, then redone on 2016-09-29, and redone again on 2016-10-01... Then the questionable operation (1<<bit) in dwarfdump tag_tree.c and tag_attr.c where 'bit' can be 31, was flagged as an error by -fsanitize=undefined during the dwarfdump build. That and similar errors doing left-shift are now fixed in several places in the top of trunk version of libdwarf and dwarfdump on sourceforge. (October 9, 2016)

Using latest libdwarf (not available to the public as of September 22) all the tests have run with an address sanitizer (gcc option -fsanitize=address) and the sanitizer is not finding problems. As soon as we're satisfied with test results we will will issue a new release. (September 22, 2016)

dwarfdump cpu time spent doing -f or -F is now reduced by 25-50 percent. On one X86_64 machine user cpu went from 508 down to 323 seconds (to run 17K tests of a regression test run). One pattern of libdwarf use by dwarfdump made a small memoization effort inside libdwarf work well. Your mileage may vary. (June 13, 2016)

Corrupt relocation records are noticed and prevented from corrupting in-memory data. Thanks to to Yue Liu for the new test case. (May 17, 2016)

Many checks added to catch corrupt DWARF thanks to Yue Liu and his test cases. Thanks to Sture Carlson for pointing out a mistake in the code used to generate tables in the dwarfdump build. Fixes pushed to Sourceforge. (May 12, 2016)

Thanks to Etienne Berg for reporting a missing comma in libdwarf/dwarf_error.c which meant error numbers 264 and higher returned incorrect strings from dwarf_errmsg(). Now that string table is checked by test code. Now, at build time, the array size is checked for correctness. Thanks to Tom Murphy for passing on a report by lieanu of a bug where libdwarf failed to check for a NULL when it really should have checked. Thanks to Yue Liu for providing small test cases showing where libdwarf was not careful to check for erroneous DWARF. Fixes pushed to Sourceforge. (April 27, 2016)

Fixed problems in the -k checking code of DIEs and improved reporting of abbreviations information in DIEs and with -b (try adding -G -v). Fixed a problem where (with a NULL error pointer argument) libdwarf attempted to dereference NULL. (March 12, 2016)

Recent commits to sourceforge have been cleanups provoked by compiler warnings (the --enable-wall configure option adds a bunch of gcc warning options). Cross-compilation of libdwarf is a little easier as a result of makefile/configure suggestions by Hannes Domani. The SHF_COMPRESSED Elf section flag (meaning zlib compression) is supported for reading DWARF2 through DWARF5 in libdwarf. (February 14, 2016)

Thanks to Hannes Domani for providing a link to some work by Jose Fonseca. Work of interest to folks wanting to access DWARF in a PE object file. See https://github.com/jrfonseca/drmingw/tree/master/src/mgwhelp . It presumes one is using MinGW as a Windows development environment. The C++ source file dwarf_pe.cpp shows how to use existing facilities in libdwarf to access an object format that libdwarf knows nothing about. Basically one creates a set of properly defined function pointers and calls dwarf_object_init() and then the libdwarf function calls are available.. The mgwhelp source is LGPL. (February 07, 2016)

Added support for DWARF5 DW_FORM_line_strp in dwarf_formstring().

Added checks for too-small .debug_frame .eh_frame sections. However this is just the tip of the iceberg when it comes to preventing crashes in the face of bogus input. Most places that are reading bytes of DWARF data simply assume the read won't run off the end of anything. With a little macro magic it's not difficult to do MUCH more thorough testing while reading from memory and yet let one turn off all that testing. It's is not at all clear how much a performance-hit thorough checking would be. For example, checking reads of leb numbers would likely mean checking every byte for still-allowed-pointer. Is such protection from damaged objects a critical feature? (January 19, 2016)

libdwarf.h: in one new macro function interface the argument names were not commented out. Normally not a problem but formally a mistake. Sorry. It's fixed on sourceforge. The new DWARF5 (and DWARF4 with currrent gcc) macro section (.debug_macro) interface functions are now documented in version 2.38 of libdwarf2.1.pdf on sourceforge. (January 16, 2016)

Thanks to Tom Hughes for bringing a problem reading a badly-damaged (fuzzed) elf object to my attention: now libdwarf gets an error not a coredump. Thanks to Tom Kittel for suggesting a 4 line fix to a Makefile that lets one easily build and use a shared-library (.so) libdwarf with dwarfdump (or, just as easily, build and use an archive version). Thanks for Emre Kultursay for finding a couple of bugs in libdwarf location list handling and providing the fix. (December 30, 2015)

Libdwarf reads compressed 'zdebug' dwarf sections (transparently, automatically). Thanks to Gernot Klingler for providing an example executable and demonstrating the GNU objcopy option that creates zdebug sections from ordinary DWARF debug sections. Libdwarf now uses zlib if zlib is present at configure time. If zlib is not present at configure time it all still builds but the result won't deal with zdebug sections. (November 27, 2015)

Now allows building libdwarf dwarfdump dwarfgen and dwarfexample separate from the source tree. The build uses configure everywhere now. Thanks to Kubo Takehiro for some configure and Makefile suggestions and for motivating me to complete this feature. (November 15, 2015)

Libdwarf/dwarfdump now supports reading gcc's two-level line tables and split dwarf location lists and some other DWARF5 data.. Thanks to Cary Coutant and Emre Kultursay as their assistance was crucial to getting it done. (November 14, 2015)

Thanks to Edward Williamson, Arnaud Diederen, and Remi Gurski for noticing incompleteness in error condition tests in the libdwarf consumer source code. Fixes for all these issues are in the SourceForge source as of today (one new fix February 13 2015).

Corrections in the use of va_end() pushed to sourceforge on 12 January, 2015. And addition of includes of stdarg.h in dwarfdump source pushed to sourceforge 15 January 2015. New options for checking DWARF use (in dwarfdump) pushed to Sourceforge on 08 January, 2015. The regressiontests file set has new tests. Some improvements in handling malloc-failure are included in the source. Thanks to Carlos Alberto Enciso for doing the dwarfdump enhancement.

There no longer seems much need for dwarfdump2 now that dwarfdump has search code built in (dwarf_tsearch). As of the 20150115 release dwarfdump2 is no longer present.

"Code Testing Through Fault Injection" in :login; magazine (December, 2014. Usenix.org) by Peter Gutmann offered a simple idea from an unnamed friend: instrument malloc() so on call N malloc() returns NULL. Here are the details

Results from tests based on this idea make it clear that having the dwarf_error() return be dependent on malloc is not such a good idea when malloc is out of space. The change creates no change in interfaces or semantics, it just uses a static Dwarf_Error_s struct when the alternative is to not really report an error.


Producer Incompatibility May 2014

Code using the consumer (reader) calls need not change. Binary and source compatibility is retained for consumer code.

The dwarf_producer_init() function interface changed so existing calls will fail at caller compile time. The producer callback function name changed too. This returns the code to a single producer-init function and one with an easier to understand option list. It also results in the elimination of extremely messy producer configure-time options and code #ifdefs relating to relocation generation in favor of simple run-time choices. Though this change is a problem for a few users it seemed inevitable and waiting for some future date did not seem productive.

Go and DW_FORM_ref_addr, April 2014

A correspondent reports that a Go language implementation emitted DW_FORM_ref_addr according to DWARF V2 for the case of 64 bit addresses with 32 bit DWARF offsets. Libdwarf was assuming no one was going to do that in the odd way DWARF2 documented. Now libdwarf follows the standard (as it really should have all along). Thanks to Arnaud Diederen for pointing out this blunder and for providing a tiny Go test source.


Tsearch, January 2014


Because tsearch() itself is not universally available (and even when tsearch() is available tdestroy() is sometimes not available) I implemented some tree algorithms using the standard tsearch interface definitions.

The basic four tsearch Standard interface declarations are quite old, traditional, incompletely documented, hard to use, and not at all what anyone would design as an interface today. But these four functions are declared in the Posix/SingleUnixSpecification standard.

The algorithms implemented are binary tree, binary tree with Eppinger delete, balanced binary tree, red black tree, and even a hashing version). The function interfaces implemented include tsearch(), tdelete(), tdestroy(), tfind(), and twalk(). All these are in a directory named tsearch beginning with the 20140131 release of libdwarf. The test data for tsearch testing was moved to the regressiontests git repository as of the 20140208 release (to save space in the release source tar file).

To avoid conflicts with standard library versions all the function names are prefixed with dwarf_. Libdwarf and dwarfdump now use the new tsearch.

STACK: Libdwarf checked November 2013


I ran all the distribution's source code through the checker called STACK from mit.edu. It checks C/C++ source for many sorts of errors. For example, it finds undefined-effect C code. Code optimizers increasingly delete code with undefined-effect so what used to work in your code can stop working. STACK depends on building llvm and clang with specific options and all this is nicely defined on the STACK web page.

I highly recommend this checker for any code you ship.

With Ubuntu 13.10 I found it easy to run C code through the tests. With C++ there were issues with missing gcc headers which required an annoying workaround. I fixed the two errors STACK found, both of which were in libwarf's producer code. The errors involved using a pointer before testing it for NULL. The tests involved would only have effect if callers passed in invalid arguments and meant callers could coredump instead of seeing an error return.

Incompatible Change June 2013


January 31, 2013: Announcing this incompatible change!

In June 2013 there will be an incompatible change to libdwarf.h which will mean those compiling against the producer code in libdwarf will encounter an error. The Callback function prototype will add 'const' to a char * argument in the Callback functions whose types are named below. This is not a binary incompatibility it is a source compile time incompatibility.

Generally the only people affected are those compiling a compiler that uses libdwarf to generate DWARF2. The function prototypes in libdwarf.h are named Dwarf_Callback_Func_c, Dwarf_Callback_Func_b, and Dwarf_Callback_Func.

It will not affect folks linking against libdwarf but not recompiling the code calling libdwarf.

The fix is simple: add 'const' to the char* argument to your libdwarf callback prototypes and implementation.

This change will let us eliminate several compiler warning messages from the build of libdwarf. It will not affect folks calling only the consumer interfaces of libdwarf. Only those who coded callback functions using the libdwarf producer callbacks are affected.


Building libdwarf

Note about distribution contents

All libdwarf distributions contain C source plus the DWARF2 specification plus libdwarf specifications. Implementors often extend DWARF by adding new attributes and other things. Those that we are aware of are defined in dwarf.h which is provided here for reference. If you have corrections or additions, please let me know! The file is in every distribution of libdwarf.

Anonymous Git Access


libdwarf/dwarfdump source

Beginning 19 March 2011 libdwarf source code is available via anonymous access with git. The git source code is the most recent: it may have features or fixes not in a tar.gz release, but if so the features or fixes are not needed by most people. Top-of-trunk code in the git repository has been fully tested.

"git clone git://git.code.sf.net/p/libdwarf/code"
initializes a git repository in the local directory it will create named "code" and populates it with the most up to date libdwarf source.

When you build after a clone or pull you may see an error about aclocal.m4 1.15 when you configure or build. Git does not maintain timestamps (which configure depends on) so after cloning the source (or at any time) go to the top level and run:

      sh scripts/FIX-CONFIGURE-TIMES

That will fix the configure-related file timestamps so configure will be happy. The command is safe to run at any time. The command checks that it is being run from an appropriate libdwarf top-level directory before doing anything.

Object File Tools

Some new small object tools are available in source via anonymous access using
"git clone git://git.code.sf.net/p/readelfobj/code readelfobj-code"
which creates and populates a directory named "readelfobj-code". None of these tools uses any library other than libc.

object_detector prints a few simple facts about Elf or mach-o dsym files. It does not require you have any Elf or mach-o object headers or libraries.

readelfobj prints Elf object file headers by default. It does not, in general, print section contents, just headers. It currently requires elf.h to build,but it does not require libelf.h or libelf.

readobjmacho prints a limited set MacOS mach-o object file header information including the list of sections that contain DWARF information (if any such exist in the object). It does not require you have any mach-o object headers or libraries.

Regression Tests of libdwarf/dwarfdump

The libdwarf/dwarfdump regression tests (which you really don't need or want) are available via
"git clone git://git.code.sf.net/p/libdwarf/regressiontests"
which creates and populates a directory named "regressiontests".

Indentation-checking Tool

The indent-checking tool dicheck is useful in case you make changes and want to preserve proper libdwarf indentation. Clone a copy of the source code with
"git clone git://git.code.sf.net/p/dicheck-da/code dicheck-code"
which creates and populates a directory named "dicheck-code".

Building and Testing libdwarf


Building libdwarf

The libdwarf build process involves a simple traditional approach (at least for personal use, people generating binary releases or a corporate library will have their own internal requirements to consider). In the base directory of the source distribution (either expanded from a tar.gz or from git) do the following:


If all goes well, this will build libdwarf and dwarfdump.

It's common to do the build in a separate directory. As an example of building all the executables using a separate directory, do something like:

# Assuming the source top-level is in /a/libdwarf-20180809
mkdir /tmp/bld
cd /tmp/bld
/a/libdwarf-20180809/configure --enable-dwarfexample --enable-dwarfgen

which will build libdwarf, dwarfdump, dwarfgen, and dwarfexample in a minute or two. You don't need dwarfgen or dwarfexample. If libdwarf and dwarfdump complete their build you have most of the functionality you need. dwarfdump (written in C) lets you dump out, in readable form, the DWARF2, DWARF3, DWARF4, and some DWARF5 data from an object file. (the DWARF5 standard was released on dwarfstd.org in February 2017).

There are some prerequisites you must have installed on your build machine:

C compiler (Conformant with the 1989 or later C standard.
  Support for the 'long long' datatype is required.)
C++ compiler (only needed to build dwarfgen)
libelf (for libdwarf, dwarfdump and dwarfgen).
zlib (if your compiler uses compressed sections) 
See the top-level README in the source for
specific references for libelf and zlib.

None of this understands the object files in Apple MacOSX. I don't have time to provide such, and no one else has proposed contributing such support. Contact the libdwarf-list email address before attempting to contribute any code.

None of this understands the object files in Microsoft Windows. Some people have made libdwarf and dwarfdump work on Windows, but generally just to read Elf objects when using Windows as the development environment. Contact the libdwarf-list email address before attempting to contribute any code. Note that libdwarf has specific design features that enable reading of non-Elf object files without very much difficulty, but you will have to write your own code to read those files and will need to do a special build of libdwarf that does not use Elf related headers (which should be relatively easy and anyway libelf and zlib source is available). Use of one of the POSIX-like environments like mingw or cygwin or the like will likely ease your way considerably.


Testing libdwarf

The regression test build process involves rather more work, and few will want to bother with it. There is no tar.gz available, you have to use git. In the base directory of the regressiontests distribution do the following (if the base of the libdwarf source tree is at ../code this should work, but if not see the regressiontests/README.txt file):

Rather than keeping known-good output in the regression-tests, we keep a dwarfdump.O (O for Old) to compare its output against the new dwarfdump. We do it this way as the test output is much too large to save.

To run the dwarfextract test successfully, bfd.h needs to be installed in a standard place, so install binutils-dev (or the equivalent for your release) to get bfd.h.


On a modern 3GHz-cpu Linux environment running directly on the host the tests should run in about 22 minutes and the final message should say PASS. Running in a KVM Virtual Machine the tests run in about 45 minutes. Unless all the components in the libdwarf source build correctly the tests cannot pass.

Unless you are running Ubuntu GNU/Linux or FreeBSD 11.1 on a i386- or X86_64-compatible cpu you may have more work to do to run the tests, partly because the tests depend on having a known-good version of dwarfdump in the distribution.

If the Ubuntu or FreeBSD dwarfdump executables in the distribution won't run in your test environment you could build dwarfdump.O to run tests:



filename, download-link Bytes Reason for release
libdwarf-20181024.tar.gz 2192118

Dwarfdump now has meaningful long-option-names available for all its options. dwarfdump --help-extended shows the list of all options. Thanks to Carlos Alberto Enciso for conceiving and creating the long options. Now libdwarf/dwarfdump can read/print DWARF from mach-o dSYM objects as well as Elf object. Thanks to Eeri Kask for providing help, the impetus to make it happen, and test objects. A libdwarf init call (dwarf_init_path()) is now available. dwarf_object_detector_path() (and dwarf_object_detector_fd()) inform callers information on what an object file actually is (elf, mach-o, or PE). (post release discovery: "dwarfdump -h" does not work usefully. Oops. Use the long-option --help-extended instead.)

md5sum: b5f8de647dcecfb218ec04174d44fd2f

sha512sum (remove spaces following colon): 134f8639c4a2ddf012ab196551bcc9afc65c729b36 299ebf807de94561fe878473ea58443d33daaa96f0 08b28dd169ab29f65616e9f1e44a6e7921cfde6e3f19

libdwarf-20180809.tar.gz 2061108

The new configure seem to be working properly now. For example, 'make check', 'make install' and 'make dist' do the right things whether run in-source-tree or from a build directory. In addition, dwarfdump prints information on section compression (for sections that are compressed) and always prints the actual section name from the object file.

md5sum: ff90e044b3074797d0e9d5b4e485abb5

sha512sum (remove spaces following colon): 3c1a97e5b0bae0f18d02402c7b67b1e7 4aacd26b68b738afe5be8e446bdbdd9b 1189658779b8c65cddba40dbd7848d40 510c03eec258708956209b2d76f5dd66

libdwarf-20180724.tar.gz 2029211

News 2018-07-31. While usable there are issues here: make install does not install the dwarfdump.1 man page . make install installs more into /usr/local/share/libdwarf than was really intended. libdwarf.so shows as version 1.5.0 which was not intended. Replacement coming soon. But if the issues don't matter to you it's fine to use. Replaces 20180723. This release has the new configure. The configure options are mostly identical to previous releases. See the README in the top-level. Profound thanks to Vincent Torri for writing the new configure (any mistakes here are undoubtedly mine, though). Thanks to Hannes Domani for applying Coverity to libdwarf which identified over twenty previously-unknown bugs quite precisely (all fixed now). Thanks to Tom Hughes who noticed an omission in the alpha-non-release July 6. It is quite possible that something important to you is broken. Get in touch as soon as possible if you think something is wrong.

md5sum: 0889ce6d2c144f20d928ee3f86616c3a

sha512sum (remove spaces following colon): 8eaa9f6ef147a1f59035a4ced24912b4 d1adecf6338a8ae7a061ab396519011c 2c98bc3d58534fefa2bac2a68d3f1871 999f75a3a820c6a58ca7b34dccf9a9c1

libdwarf-20180723.tar.gz withdrawn

Withdrawn. The tar.gz file is missing libdwarf.h.in so attempts to build on FreeBSD (and possibly other platforms) will not succeed.

alpha-libdwarf-20180706.tar.gz 1976106

NOT A NORMAL RELEASE: this is a test release that will be added to sourceforge on or after July 17, 2018. It uses a completely rewritten configure setup that uses automake and libtool yet one uses configure almost identically to releases of the past; the point is easier source maintenance and additional automation. It passes the usual tests on both Ubuntu 16.04 and FreeBSD 11.1 with 32bit and 64bit pointer environments. See the top-level README. This source is not on sourceforge, it is only available in this .tar.gz Try it out. Let us know of any difficulties. Make install fails to install dwarf.h and libdwarf.h . The tar.gz here does not have the one-line fix. Email to: libdwarf-list -at- linuxmail -dot- org

md5sum: f1a8319e8b482597bd0c2f25fd5aabea

sha512sum (remove spaces following colon): 3db4f472906bcb108493b0c85085d635 dde1df59a285989f6720554243ae8ec7 1510c9fadd1c59abf43c6211cf446f62 fb78f2276193adb1a8230d6c1ab6e971

libdwarf-20180527.tar.gz 1861570

libdwarf: Improved error checking and made cross compiling possible. Possibly all DWARF5 is supported. dwarfdump: Brought configure closer to current standards, enabled cross compiling. Now supports --longoptionnames. Refactored option/flag handling for easier maintenance. Now can print the .debug_str_offsets section with option --print-str-offsets. Thanks to David Blaikie,Carlos Alberto Enciso, Helmut Grohne,Eeri Kask,Pedro Navarro, Vincent Torri,Fabian Wolff, and Keith Walker for their test cases,assistence, and advice.

md5sum: c35a5b2d7d07e1addfb951c23f5e91f7

sha512sum (remove spaces following colon): f8f285373d03498e0bcf607d61cc0fb1 7b555ca48bbeda7c133a9c620e34b727 973aceecfa5402b53189211e3a0f15db e49951c2cf3e63e43775fbc8e9fbfa5d

libdwarf-20180129.tar.gz 1823832

Fixes libdwarf/dwarfdump vulnerabilities related to detecting corrupt DWARF and includes other small improvements. Thanks to Agostino Sarubbo, David Binderman, Eeri Kask, James Lowden, and Dvir Yitzchaki for their help.

md5sum: c5e90fad4640f0d713ae8b986031f959

sha512sum (remove spaces following colon): 02f8024bb9959c91a1fe322459f7587a589d096595 6d643921a173e6f9e0a184db7aef66f0fd2548d669 5be7f9ee368f1cc8940cea4ddda01ff99d28bbf1fe58

libdwarf-20170709.tar.gz 1809834

Fixes a libdwarf vulnerability. Thanks to Team OWL337 for finding the vulnerability and to Fabian Wolff for emailing an alert. Has updates to documentation on DWARF5 consumer interfaces.

md5sum: 68a3c9aa7d01a433924a74bda588b378

sha512sum (remove spaces following colon): afff6716ef1af5d8aae2b887f36b9a6547fb576770 bc6f630b82725ed1e59cbd387779aa729bbd1a5ae0 26a25ac76aacf64b038cd898b2419a8676f9aa8c59f1

libdwarf-20170416.tar.gz 1777385

Begins to support the DWARF5 .debug_names section and other DWARF5 changes. (not tested, no test cases yet available). Now supports DWARF5 split dwarf sensibly. The few new function interfaces can be ignored by those not needing split dwarf support. The tools can now be built with cmake (the default build is still with configure), thank you Dvir Yitzchaki. Carlos Alberto-Enciso, Emre Kultursay, Marcel Bohme, Van-Thuan Pham, and Alexandr Terekhov all noted bugs or vulnerabilities and these are all fixed.

md5sum: 6a53d2b55d3ee2da396d4d0711e5c251

sha512sum (remove spaces following colon): 85be7ec806029200648514b965e23e163a54cbdc6f2 feba0d4cc96180bab441f85d22640c7a96d6350b8f8 749b7bcbe2f0f1af0865f9a427f2acce5135c4e630

libdwarf-20161124.tar.gz 1732155

Fixes some newly discovered vulnerabilities (most due to corrupted DWARF). Thanks to Puzzor (Shi Ji) and Agostino Sarubbo for finding and reporting these and for providing short test cases.

md5sum: 35526477c0bb572d9e3dab54b7ae5cc0

sha512sum (remove spaces following colon): 38e480bce5ae8273fd585ec1d8ba94dc3e865a0ef3fcfcf3 8b5d92fa1ce41f8b8c95a7cf8a6e69e7c6f638a3cc56ebbf b37b6317047309725fa17e7929096799

libdwarf-20161021.tar.gz 1728742

Fixes one place where erroenous dwarf not caught, Updates version strings, adds a bit more DWARF5 support, and converts the few Python scripts from python2 to python3.

md5sum: a9006f2110d886d9b084a3ab4c75e66c

sha512sum (remove spaces following colon): 733523fd5c58f878d65949c1812b2f46b40c4cc3177bc 780c703ec71f83675d4b84e81bc1bcca42adf69b5e122 562e4ce8e9a8743af29cc6fafe78ed9f8213fd

libdwarf-20161001.tar.gz 1725257

Fixes serious bugs in release 20160929 and all earlier releases relating to encoding/decoding leb numbers. It is unlikely anyone will see any difference in output, but values showing a difference can be constructed. libdwarf/dwarf_leb.c has new test code and a few of the tests there demonstrated problems. gcc -fsanitize=undefined found problems as well.

md5sum: f9f23ebc20f82dabcd5c61507092fcac

sha512sum (remove spaces following colon): 2c522ae0b6e2afffd09e2e79562987fd819b197c9b ce4900b6a4fd176b5ff229e88c6b755cfbae7831e7 160ddeb3bfe2afbf39d756d7e75ec31ace0668554048

libdwarf-20160929.tar.gz Withdrawn. See 20161001.

Fixes three serious bugs in release 20160923. Two of them old bugs, one new in 20160923. The bugs were exposed by occasional inconsistent behavior in one or two regression tests.

libdwarf-20160923.tar.gz 1721186

DO NOT USE: use libdwarf-20161001 instead. Think of this as withdrawn. Many improvements in the code catching corrupt dwarf. Quite a number of places with out-of-bound read/write of memory fixed. Trivial but annoying memory leaks in dwarfdump fixed. Thanks to Puzzor, STARLAB, Salvatore Bonaccorso, Agostino Sarubbo, Vul, James Grumbach, and others for reporting memory corruption and other issues.

md5sum: 4818ffb3f682e6ade023458a4f43e760

sha512sum (remove spaces following colon): 941c16dd487e152e34f83a8d1f5eb2992fb8c9fb7a 6309c7c33825267c95614c2a07ef24b205de287344 9b16df1749f9e9a0b9d1c85b64a635180ade073aeb66

libdwarf-20160613.tar.gz 1622221

Incorporates code detecting malformed DWARF and malformed Elf object files. Dwarfdump and libdwarf performance reading frame data improved significantly, though the improvements don't apply to all frame data interface functions. The configure/make system now builds libdwarf shared objects (when asked to) with a proper soname. Thanks to Sture Carlson, Hannes Domani, etienneberg, Steve Kaufman, Yue Liu, and Fabian Wolff for their help/comments on libdwarf. Major thanks to Carlos Alberto Enciso for his collaboration.

md5sum: 2e0f0ef6546b2155f53e2a4ed65bc44a

sha512sum (remove spaces following colon): 430978587e284f4c63e54790a7cbbfdf13c7a4154b 9e130dc788869b6c6584981c5af46b7b363d3b181e aaafd5190bcb17e5383f8600cb1d2627c423a7042dc2

libdwarf-20160507.tar.gz 1606305

Incorporates many additional checks so that corrupt dwarf will not crash an executable calling libdwarf. Thanks to Yue Liu for providing a number of small and corrupted objects.

md5sum: ae32d6f9ece5daf05e2d4b14822ea811

sha512sum (remove spaces following colon): 8a4d3721390d4d79fbf8d01fb27995ac9871f1d3e 19d85aa25c108ee4cc45968a5331e2b477f559168 c4597513235fb508bfe4ee1664c6dfbede3a47d48490b5

libdwarf-20160115.tar.gz 1538930

Now reads and prints DWARF5/4 macro data (The new .debug_macro section). Added some checks of abbreviation codes. Thanks to Emre Kultursay, Tom Kittel, Gernot Klingler, and Kubo Takehiro for suggestions and test cases. See the top-level README for hints on building the package outside of the source tree and building and using the shared-library version of libdwarf.

md5sum: 6d51b55210ebb349d23dde89cfd41089

sha512sum (remove spaces following colon): 594519460d3cd3f60f7e97931ce3e3d775393e03068a 2c932d72ba95d8cdb2c53b622671c5af8a798712937b 62dbf9594e2da8945553a0021a275cf677f4d90a

libdwarf-20151114.tar.gz 1457586

Support for reading Split Dwarf object files provided. New location and location-list interfaces added for Split Dwarf and DWARF5. Uses new functions to pass location list data to callers, not publicly defined structures, as functions make any future changes to location information easier to support. Existing DWARF 2,3,4 location information interfaces retained for compatibility so existing calling code is not affected..

md5sum: 99809436d7494607bd3c296d8b17ebc0

sha512sum (remove spaces following colon): 22c6a233cf156f3e7a8ad65c6b0f3c6b0de5a7ddc0f 1c71c9b2dc7efa59a4ee1c9714e981bb26d40a0c212 7501a3e853a7605af10be96bdcb0486723d4a1443c

libdwarf-20150915.tar.gz 1382772

Corrected accidental C99-isms, added missing return statements, and improved checking. Thanks to Carlos Alberto Enciso for these enhancements. I suggest using the git source base, it has some small fixes beyond this release related to new code for the .debug_addr and the .debug_str_offsets sections (DWARF5) and for reading gcc experimental two-level line tables.. Thanks to Emre Kultursay for encouraging me to add some needed DWARF5 features and for reporting bugs so the git source base gets corrected quickly.

md5sum: 08d243ea44e39ceb15f72c1066857cc1

sha512sum (remove spaces following colon): a567e653fdad598d911e2ed7e219945adbf0f00ef 8e81806e993916aacfc8075657ec3ca925e1efa85 c7860a0d9515cae2b04677dfb25ac416fb4cc47933441a

libdwarf-20150913.tar.gz withdrawn

Strings are checked thoroughly to ensure they do not run off the end of their section without a termination and cause chaos in libdwarf. Now with DWARF5 (and DWARF4) Debug Fission support, so one can nearly transparently (see dwarf_set_tied_dbg()) extract addresses denoted DW_FORM_addrx in a package file from the executable with the .debug_addr section. Withdrawn as 20150915 has this and more.


sha512sum (remove spaces following colon):

libdwarf-20150507.tar.gz 1365912

Now with DWARF5 (and DWARF4) Package File reader support. Package Files are a way to keep DWARF debug information in a separate object file. DWARF5 is not a released standard, so the new features must be considered tentative.

md5sum: 25e25c1659a2e74f6c145b8a668da89e

sha512sum (remove spaces following colon): 3495f6c17b5ade3a9f38e4d92b63f318e1f69d8841 95e6eafecb99c49e9366ed5c0fbdabd15f6d3b79c9 426565a5960364bb1ac1d1cb185363318872cdf83520

libdwarf-20150310.tar.gz 1346271

Improved range checking. Fixed bugs in dwgetopt(). Added omitted tags and attributes lists in dwarfdump to make error checking more accurate. Where pc checks make no sense in a line table (meaning on DW_TAG_type_unit and children) such dwarfdump checks are now omitted.

md5sum: 5707b4b15c33211ef1312e2c47fda713

sha512sum (remove spaces following colon): 983c0bb5d70f59e95b8b9de9cda74d714795526220 ac944b6e058554b1f1e831063ae5524d6a2de557e1 fe829ccbf17b1ab71195fa5589504ead3d94396ab0a4

libdwarf-20150115.tar.gz 1327921

The omission of an include of stdarg.h in the 20150112 release meant that standard-conforming compilers could get an error compiling dwarfdump due to va_list not being defined, though Ubuntu and Freebsd compiles did not see such an error. Now dwarfdump does the include. The dwarfdump2 source has been removed as of this tar.gz file. Dwarfdump2 is no longer needed.

md5sum: 3d17bef568e24b4bc5913c0a60cbb342

sha512sum (remove spaces following colon): abcc465f3fcc369143cb34976ad2874b5a9d2a6b4f732be2 b83b0e7620799747778947aed0c10872a5fad73443cfa986 48bdc50a3b17c98292a6439b54d60222

libdwarf-20150112.tar.gz 1517394

New checking options added to dwarfdump. Dwarfdump2 no longer updated or compiled. Improvements in internal checking to handle badly formed Elf and Dwarf files. Better recovery from malloc failure.

md5sum: be8bcf2236058a0223be656cf748de1a

sha512sum (remove spaces following colon): 23fe3dec516a90c2cedb851971f2fd902e056bf4471a32 a2237881354d71af866fcdbc9d3ff55d4e83b75fdafd9f 7790bf90165506e9285259c67f342c4eccba

libdwarf-20140519.tar.gz 1448784

Source incompatibility for users of producer code: dwarf_producer_init() now has a new interface and a sensible way to select the output ABI/ISA for relocation numbers. Part of preparation to emit DWARF3,4,5. The reader code now handles DebugFission, called Split Dwarf objects in the draft DWARF5 standard.

md5sum: 4f7331cb8fe7acb6fe1ca4e45d13d55e

sha512sum (remove spaces following colon): ccf8180b69cdb47902564dda1fca52d15c10239ce6bb8c c9f5af5a67d37f888811572e314414372bfbc2b640c1fff 7cf87542f782f8390f733d884a24d9a16fb

libdwarf-20140413.tar.gz 1440545

Libdwarf now follows the DWARF2 standard properly in reading DW_FORM_ref_addr. The original DWARF2 standard is on dwarfstd.org so it's gone from the libdwarf source.

md5sum: 6cfa1c4f165ad312de9d213159073e05

sha512sum (remove spaces following colon): 7ecd27b40418fd98bb24ee59b9779efe30dca26384b4a36f5 a1b0a99805f4d8ff281b2e3d4470fb8e8da28045c34bf6b53 fdf85e9dfc5fa76c0eac8462ae8467

libdwarf-20140208.tar.gz 1718546

Fixed a bug in dwarfdump[2] Makefile.in so parallel make works reliably. Removed remaining trailing-whitespace. Moved tsearch testcases over to the libdwarf regressiontests repository as the tests seemed too large to keep in the source.

md5sum: 4dc74e08a82fa1d3cab6ca6b9610761e

sha512sum (remove spaces following colon): d8ba3eeaf36d98a1ee26397208fff1658a2b7a41c 25d3742a81617c74d6359aeff08bb6221f99b9937 9030575578e11cd66be1d906a5832a6edd362229ce2e7e

libdwarf-20140131.tar.gz 5633991

Radically simplifies libdwarf allocation code. Adds GNU-specific DW_FORM codes so recent gcc objects can be read usefully. Adds tsearch implementations (see the tsearch directory). Removes trailing whitespace (it appeared all over). Adds new functions to libdwarf for new DWARF reference types. The tsearch test cases have bloated this source release, but in future those test cases won't be in the tar file (instead they are in the libdwarf regressiontests repository on sourceforge).

md5sum: ad758cf1715fc170ff248efc085feebe

sha512sum (remove spaces following colon): d41ebe4e7b76ad91f93b17e33da878fb0a35d7a35 32d641108b217bf93bcd9f10c1d52f0dd5f2ece08 3152d8dafe637ae343633f894122cbb77825b7a3350ed2

libdwarf-20130729.tar.gz 1533828

Added AARCH64 relocation support. Fixed some simple compiler warnings.

md5sum: 4cc5e48693f7b93b7aa0261e63c0e21d

sha512sum (remove spaces following colon): f9d25cfd6c6b15bebf6cd63c7014ecf4123798fce637c 0da103008758d6a9d5705c3797216a8d1ab3e210c4235 f199ab19d7ed0bf6c3582f49eacba1629c5cc0

libdwarf-20130207.tar.gz 1534527

Now with a simplified build (see README) and with checks for most compiler errors in producing DW_AT_sibling attributes. Verified on Ubuntu 12.10 and FreeBSD 9.1.

md5sum: 64b42692e947d5180e162e46c689dfbf

sha512sum (remove spaces following colon): 1cb272f80745a789d592d57e6a64b1b4ec6e1b646653 da2f19c2e2d803b8e90b52f5c69597360bf1703b1c25 7844c53c3f43a80cd9f45a2adb314ad2511c19e9

libdwarf-20130126.tar.gz 1488410

A mistake in handling DW_OP_GNU_const_type could lead to a libdwarf coredump at times, and even when it appeared to work the value printed was wrong. Thanks to Tom Hughes and Andrew Bernat for pointing out the DW_OP_GNU_const_type problem. This release has libdwarf interfaces compatible with releases before 20130125. Compared to 20130125 this restores the libdwarf.h interface Dwarf_Loc structure and changes the way the lr_number2 member is used for the new location expression operator DW_OP_GNU_const_type.

md5sum: ded74a5e90edb5a12aac3c29d260c5db

sha512sum (remove spaces following colon): c9911ce0b9725400ec1a70e809e185b122095c534f05687 ea0be16a0e9bfe3b8128e353834c43b5fe80e1b149b11 f113fcce53c57bad0a12b3b091dd0e31d043

Older information -

For information on previous releases, see the older release list

Comments on Testing


Every release of libdwarf/dwarfdump is tested with many options and option-combinations. There is no real reason libdwarf/dwarfdump users should need to redo this testing work. However, if you do wish to try running the regression tests, you will find them in git in sourceforge via anonymous access "git clone git://git.code.sf.net/p/libdwarf/regressiontests". See the file README.txt in the base directory of the tests for an overview of the test process. We do not provide a tar file of the regression tests. The regression tests are updated with every libdwarf release.

Additional tests (simple object files or shared-objects or executables) are accepted here should you wish to submit such, but the goal is to add tests that represent previously-untested aspects of DWARF/libdwarf, not to duplicate existing tests. Smallish object files are preferred. No source need be provided. The submitter has to be sure, and state, that releasing the objects here is appropriate.

Nothing in libdwarf looks at very many sections of an Elf file: the other section contents can be zeroed out without affecting the object use for testing libdwarf (see the directory named 'zero' in the testing distribution for a convenient byte-zeroing helper application in C++ source). Sections like .text and .data (and closely related sections) are of no value for testing libdwarf. It may be that otherwise-proprietary objects can be released for use in this test suite once the instruction and data sections are zeroed out.