Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Preprocessing and Edger8r

Matteus_Sthefano_L_
1,299 Views

Hello guys!

I'm trying to expose some functions that are inside an enclave to perform unit tests.

I saw that the Edger8r is able to identify when a macro is defined in an EDL file. Like the example below:

enclave {
    
    include "user_types.h" /* buffer_t */

    /* Import ECALL/OCALL from sub-directory EDLs.
     *  [from]: specifies the location of EDL file. 
     *  [import]: specifies the functions to import, 
     *  
  • : implies to import all functions. */ from "Edger8rSyntax/Types.edl" import *; from "Edger8rSyntax/Pointers.edl" import *; from "Edger8rSyntax/Arrays.edl" import *; from "Edger8rSyntax/Functions.edl" import *; from "TrustedLibrary/Libc.edl" import *; from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map; from "TrustedLibrary/Thread.edl" import *; /* * ocall_print_string - invokes OCALL to display string buffer inside the enclave. * [in]: copy the string buffer to App outside. * [string]: specifies 'str' is a NULL terminated buffer. */ trusted { public int trusted_sum(int a, int b); public int ecall_that_calls_another_function(); /* * Here are the functions/procedures exposed only when the * test suite is running. */ // NOTE: if we have a "#define TEST_ON" here, it works fine #define TEST_ON #ifdef TEST_ON public int private_increment_inside_enclave(int value); #endif }; untrusted { void ocall_print_string([in, string] const char *str); }; };
  • This works fine, but I want to define (or not) the TEST_ON macro within the Makefile just like we do when using gcc or g++ (-DTEST_ON).

    Is there any way to do that using Edger8r + Makefile?

    Thanks in advance.

     

    Matteus.

    0 Kudos
    6 Replies
    ENOTTY
    Beginner
    1,299 Views

    Running into the same issue, so bumping this thread.  Has anyone else tried this?

    0 Kudos
    JesusG_Intel
    Moderator
    1,299 Views

    Hello Joman,

    You have to make the macro definitions inside the EDL file. You cannot define a macro in a Makefile and have it propagated to the EDL file (or vice versa). See the section, "Enclave Definition Language Syntax - Preprocessor Capability" in the Intel Software Guard Extensions Developer Reference:

    "The current sgx_edger8r does not propagate macro definitions from the EDL file into the generated edge-routines. As a result, you need to duplicate macro definitions in both the EDL file as well as in the compiler arguments or other source files.

    We recommend you only use simple macro definitions and conditional compilation directives in your EDL files."

    Regards,

    Jesus

    0 Kudos
    ENOTTY
    Beginner
    1,299 Views

    The Developer Reference makes a reference to a --preprocessor option.  Is that supposed to be an option to sgx_edger8r?  If so, it doesn't seem to work, and it isn't one of the command line options parsed in Util.ml

    0 Kudos
    JesusG_Intel
    Moderator
    1,299 Views

    Hello Joman,

    The --preprocessor option is for the edger8r tool and it is not mandatory. Use this option only if you want to override the compiler found in the system path or the registry.The Developer Reference states that:

    "The sgx_edger8r starts searching the PATH for the Intel® compiler. If it does not find the Intel compiler, then it searches for the Microsoft* Visual Studio compiler. The sgx_edger8r uses the first compiler it finds. However, if the sgx_edger8r does not find any compiler in the PATH, it then looks for the Visual Studio compiler in the registry. If the sgx_edger8r still cannot find a compiler, it will then generate a warning message and will parse the EDL directly. to parse macros and conditional compilation directives that might be in the EDL file. You may override the default search behavior or even specify a different preprocessor with the --preprocessor option."
     

    You are right, Util.ml does not parse the --preprocessor option. Edger8r.ml calls CodeGen.ml which calls Preprocessor.ml.

    Remember, you have to define the macro inside of the EDL file like you initially wrote:

    #define TEST_ON
    #ifdef TEST_ON
      public int private_increment_inside_enclave(int value);
    #endif
        };
        untrusted {
            void ocall_print_string([in, string] const char *str);
        };

    You cannot define the TEST_ON macro outside of the EDL and have it recognized inside the EDL.

    How is it not working for you?

    Regards,

    Jesus

     

    0 Kudos
    ENOTTY
    Beginner
    1,299 Views

    Garcia, Jesus L (Intel) wrote:

    The --preprocessor option is for the edger8r tool and it is not mandatory. Use this option only if you want to override the compiler found in the system path or the registry.The Developer Reference states that:

    "The sgx_edger8r starts searching the PATH for the Intel® compiler. If it does not find the Intel compiler, then it searches for the Microsoft* Visual Studio compiler. The sgx_edger8r uses the first compiler it finds. However, if the sgx_edger8r does not find any compiler in the PATH, it then looks for the Visual Studio compiler in the registry. If the sgx_edger8r still cannot find a compiler, it will then generate a warning message and will parse the EDL directly. to parse macros and conditional compilation directives that might be in the EDL file. You may override the default search behavior or even specify a different preprocessor with the --preprocessor option."
     

    You are right, Util.ml does not parse the --preprocessor option. Edger8r.ml calls CodeGen.ml which calls Preprocessor.ml.

    I was hoping to use --preprocessor to override the default preprocessor, and point it to a shell script that calls my system preprocessor with the the correct -D arguments appended to the original arguments.

    Because Util.ml does not parse the --preprocessor option, can you confirm that the --preprocessor option passed to sgx_edger8r will have no effect?

    0 Kudos
    JesusG_Intel
    Moderator
    1,299 Views

    Hello Joman,

    Passing the --preprocessor option to sgx_edger8r does have an effect. It is processed by the preprocessor.ml script, rather than util.ml script. If you read the file edger8r.ml, you will see that it calls CodeGen.ml, which then calls Preprocessor.ml, which processes the --preprocessor option.

    Regards,

    Jesus

    0 Kudos
    Reply