Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1514 Discussions

Why do release enclave DLLs export `g_peak_heap_used`?

Fredrik_T_
Beginner
‎04-27-2016 05:03 AM
1,267 Views

While tinkering around with the generated enclave DLLs I noticed that release (non-simulation, non-debug) enclave DLLs seem to export the following two functions:

  • enclave_entry
  • g_peak_heap_used
<sdk-examples-dir>\LocalAttestation>dumpbin /EXPORTS Release\Enclave1.dll
...
    ordinal hint RVA      name
          1    0 00002EEE enclave_entry = _enclave_entry
          2    1 000AE304 g_peak_heap_used = _g_peak_heap_used

 

g_peak_heap_used seems to be exported into the dll by sgx_tstdc.lib
$ dlltool -z def <sgx-install-dir>/bin/win32/Release/sgx_tstdc.lib; cat def
EXPORTS
        _g_peak_heap_used @ 1 DATA

 

I have two questions:

  1. Does it make sense to export g_peak_heap_used in release enclave DLLs?
  2. Does it work? Can the peak heap usage of an actual enclave, not running in debug mode, be accessed through this function?

I understand that the enclave DLL is not the same as an actual loaded enclave, protected by the CPU. But as the loading mechanism performed by the SDK (sgx_create_enclave()) is a black box to me, I cannot judge how this exported function affects security.

0 Kudos

Link Copied

1 Reply
Derek_B_Intel
Employee
‎04-27-2016 07:22 AM
1,267 Views

The Intel(R) Software Guard Extensions SDK provides a tool called sgx_emmt, Enclave Memory Measurement Tool, which measures the real usage of protected memory (EPC - Enclave Page Cache) by the enclave at run-time.  The symbol, g_peak_heap_used, contains the maximum heap usage of the enclave.  The tool provides the actual max heap usage data to allow an optimized configuration of the EPC reserved for this enclave's heap.  EPC is a limited resource in the system.

Currently the enclave memory measurement tool provides the following two functions:
1. Obtains the stack peak usage value for the enclave.
2. Obtains the heap peak usage value for the enclave.
With the accurate runtime stack and heap usage information for your enclaves, you can rework the enclave configuration file to optimize (limit) the use of the protected memory (EPC).

The Intel(R) Software Guard Extensions Developers Reference provides additional details on the use of this tool. 

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.