release v0.4beta

Release of Graphene SGX:
Supporting native Linux application in Intel SGX enclaves.
Most applications are supported. Some features may still be buggy.

Improving portability of Graphene:
Eliminating GCC-ism of the host-generic code.
Easier to port to non-Posix platform (e.g., Windows without Cygwin).

LibOS/.packed/glibc.sha384

@@ -1 +1 @@
-build/crt1.o build/crti.o build/crtn.o build/ld-linux-x86-64.so.2 build/libc.so.6 build/libdl.so.2 build/liblibos.so.1 build/libm.so.6 build/libpthread.so.0 build/libutil.so.1
+glibc-build/crt1.o glibc-build/crti.o glibc-build/crtn.o glibc-build/ld-linux-x86-64.so.2 glibc-build/libc.so.6 glibc-build/libdl.so.2 glibc-build/liblibos.so.1 glibc-build/libm.so.6 glibc-build/libpthread.so.0 glibc-build/libutil.so.1

LibOS/Makefile

@@ -1,18 +1,16 @@
 SYS ?= $(shell gcc -dumpmachine)
 export SYS
 
+export DEBUG
+
 GLIBC_SRC = glibc-2.19
 SHIM_DIR = shim
-BUILD_DIR = build
+BUILD_DIR = glibc-build
 GLIBC_TARGET = $(addprefix $(BUILD_DIR)/,libc.so.6 ld-linux-x86-64.so.2 libpthread.so.0 libm.so.6 libdl.so.2 libutil.so.1 crt1.o crti.o crtn.o liblibos.so.1)
 
 all: $(GLIBC_TARGET)
 	$(MAKE) -C $(SHIM_DIR) all
 
-debug: DEBUG=debug
-debug: $(GLIBC_TARGET)
-	$(MAKE) -C $(SHIM_DIR) debug
-
 install:
 	[ -d ../Runtime ] || mkdir -p ../Runtime
 	[ -f ../Runtime/libsysdb.so ] || ln -sf ../LibOS/shim/src/libsysdb.so ../Runtime/libsysdb.so
@@ -23,7 +21,11 @@ $(GLIBC_TARGET): $(BUILD_DIR)/Makefile
 	cd $(BUILD_DIR) && $(MAKE)
 
 $(BUILD_DIR)/Makefile: $(GLIBC_SRC)/configure
-	./buildglibc.py --quiet $(DEBUG)
+ifeq ($(DEBUG),1)
+	./buildglibc.py --quiet --debug
+else
+	./buildglibc.py --quiet
+endif
 
 $(GLIBC_SRC)/configure:
 	[ -f $(GLIBC_SRC).tar.gz ] || \

LibOS/buildglibc.py

@@ -27,7 +27,7 @@ home = os.getcwd()
 glibc = "glibc-2.19"
 glibcParent = "" # glibc parent directory
 glibcDir = ""    # glibc dir (ex. glibc-2.19)
-buildDir = "build"
+buildDir = "glibc-build"
 installDir = os.path.dirname(home) + '/Runtime/'
 do_install = False
 commandStr = ""
@@ -38,7 +38,7 @@ debug_flags = ""
 for arg in sys.argv[1:]:
     if arg == '--quiet' or arg == '-q':
         quiet = True
-    if arg == 'debug':
+    if arg == '--debug':
         debug_flags = "-g"
     if arg == 'install':
         do_install = True

LibOS/shim/src/Makefile

@@ -48,10 +48,11 @@ headers = ../include/*.h ../../../Pal/lib/*.h ../../../Pal/include/pal/*.h
 
 all: $(shim_target)
 
-debug: debug = debug
-debug: CC = gcc -gdwarf-2 -g3
-debug: CFLAGS += -DDEBUG
-debug: $(shim_target)
+ifeq ($(DEBUG),1)
+CC += -gdwarf-2 -g3
+CFLAGS += -DDEBUG
+endif
+export DEBUG
 
 ifeq ($(PROFILING), 1)
 CFLAGS += -DPROFILE

LibOS/shim/src/bookkeep/shim_signal.c

@@ -306,8 +306,6 @@ ret_exception:
     DkExceptionReturn(event);
 }
 
-bool ask_for_checkpoint = false;
-
 static void suspend_upcall (PAL_PTR event, PAL_NUM arg, PAL_CONTEXT * context)
 {
     if (IS_INTERNAL_TID(get_cur_tid()))

LibOS/shim/src/bookkeep/shim_vma.c

@@ -1167,8 +1167,8 @@ BEGIN_RS_FUNC(vma)
 
     unlock(vma_list_lock);
 
-    debug ("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr +
-           vma->length, vma->flags, vma->prot);
+    debug("vma: %p-%p flags %x prot %p\n", vma->addr, vma->addr + vma->length,
+          vma->flags, vma->prot);
 
     if (!(vma->flags & VMA_UNMAPPED)) {
         if (vma->file) {

LibOS/shim/src/fs/chroot/fs.c

@@ -67,11 +67,12 @@ static int chroot_mount (const char * uri, const char * root,
 {
     enum shim_file_type type;
 
-    if (!memcmp(uri, "file:", 5)) {
+    if (strpartcmp_static(uri, "file:")) {
         type = FILE_UNKNOWN;
         uri += 5;
-    } else if (!memcmp(uri, "dev:", 4)) {
-        type = memcmp(uri + 4, "tty", 3) ? FILE_DEV : FILE_TTY;
+    } else if (strpartcmp_static(uri, "dev:")) {
+        type = strpartcmp_static(uri + static_strlen("dev"), "tty") ?
+               FILE_DEV : FILE_TTY;
         uri += 4;
     } else
         return -EINVAL;
@@ -104,48 +105,42 @@ static inline int concat_uri (char * buffer, int size, int type,
                               const char * root, int root_len,
                               const char * trim, int trim_len)
 {
-    int len = 0;
+    char * tmp = NULL;
 
     switch (type) {
         case FILE_UNKNOWN:
         case FILE_REGULAR:
-            if (size < 7 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "file:", 6);
-            len += 5;
+            tmp = strcpy_static(buffer, "file:", size);
             break;
 
         case FILE_DIR:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dir:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dir:", size);
             break;
 
         case FILE_DEV:
         case FILE_TTY:
-            if (size < 6 + root_len + trim_len)
-                return -ENAMETOOLONG;
-            memcpy(buffer, "dev:", 5);
-            len += 4;
+            tmp = strcpy_static(buffer, "dev:", size);
             break;
 
         default:
             return -EINVAL;
     }
 
+    if (!tmp || tmp + root_len + trim_len + 2 > buffer + size)
+        return -ENAMETOOLONG;
+
     if (root_len) {
-        memcpy(buffer + len, root, root_len + 1);
-        len += root_len;
+        memcpy(tmp, root, root_len + 1);
+        tmp += root_len;
     }
 
     if (trim_len) {
-        buffer[len++] = '/';
-        memcpy(buffer + len, trim, trim_len + 1);
-        len += trim_len;
+        *(tmp++) = '/';
+        memcpy(tmp, trim, trim_len + 1);
+        tmp += trim_len;
     }
 
-    return len;
+    return tmp - buffer;
 }
 
 /* simply just create data, sometimes it is individually called when the
@@ -672,7 +667,7 @@ static int map_write (struct shim_handle * hdl, const void * buf,
     if (file->marker + count > file->size) {
         file->size = file->marker + count;
 
-        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL);
+        ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL);
 
         if (!ret) {
             ret = -PAL_ERRNO;
@@ -771,7 +766,7 @@ static int chroot_write (struct shim_handle * hdl, const void * buf,
         lock(hdl->lock);
     }
 
-    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, buf, NULL) ? :
+    ret = DkStreamWrite(hdl->pal_handle, file->marker, count, (void *) buf, NULL) ? :
           -PAL_ERRNO;
 
     if (ret > 0)
@@ -905,7 +900,7 @@ static int chroot_readdir (struct shim_dentry * dent,
 
     chroot_update_ino(dent);
 
-    assert(!memcmp(qstrgetstr(&data->host_uri), "dir:", 4));
+    assert(strpartcmp_static(qstrgetstr(&data->host_uri), "dir:"));
 
     PAL_HANDLE pal_hdl = DkStreamOpen(qstrgetstr(&data->host_uri),
                                       PAL_ACCESS_RDONLY, 0, 0, 0);

LibOS/shim/src/fs/dev/fs.c

@@ -152,7 +152,7 @@ static int dev_random_hstat (struct shim_handle * hdl, struct stat * stat)
 
 static int search_dev_driver (const char * name, struct shim_dev_ops * ops)
 {
-    if (!memcmp(name, "null", 5) || !memcmp(name, "tty", 4)) {
+    if (strcmp_static(name, "null") || strcmp_static(name, "tty")) {
         if (ops)
             ops->read   = &dev_null_read;
 null_dev:
@@ -166,13 +166,13 @@ null_dev:
         return 0;
     }
 
-    if (!memcmp(name, "zero", 5)) {
+    if (strcmp_static(name, "zero")) {
         if (ops)
             ops->read   = &dev_zero_read;
         goto null_dev;
     }
 
-    if (!memcmp(name, "random", 7)) {
+    if (strcmp_static(name, "random")) {
         if (ops)
             ops->read   = &dev_random_read;
 random_dev:
@@ -184,14 +184,14 @@ random_dev:
         return 0;
     }
 
-    if (!memcmp(name, "urandom", 8)) {
+    if (strcmp_static(name, "urandom")) {
         if (ops)
             ops->read   = &dev_urandom_read;
         goto random_dev;
     }
 
-    if (!memcmp(name, "stdin", 6) || !memcmp(name, "stdout", 7) ||
-        !memcmp(name, "stderr", 7))
+    if (strcmp_static(name, "stdin") || strcmp_static(name, "stdout") ||
+        strcmp_static(name, "stderr"))
         return -EISLINK;
 
     return -ENOENT;
@@ -426,13 +426,18 @@ static int dev_follow_link (struct shim_dentry * dent, struct shim_qstr * link)
 {
     const char * name = qstrgetstr(&dent->rel_path);
 
-    if (!memcmp(name, "stdin", 6))
-        qstrsetstr(link, "/proc/self/0", 13);
-    else if (!memcmp(name, "stdout", 7))
-        qstrsetstr(link, "/proc/self/1", 13);
-    else if (!memcmp(name, "stderr", 7))
-        qstrsetstr(link, "/proc/self/2", 13);
-    else if (!memcmp(name, "null", 5) || !memcmp(name, "zero", 5))
+    if (strcmp_static(name, "stdin")) {
+        qstrsetstr(link, "/proc/self/0", static_strlen("/proc/self/0"));
+        return 0;
+    } else if (strcmp_static(name, "stdout")) {
+        qstrsetstr(link, "/proc/self/1", static_strlen("/proc/self/1"));
+        return 0;
+    } else if (strcmp_static(name, "stderr")) {
+        qstrsetstr(link, "/proc/self/2", static_strlen("/proc/self/2"));
+        return 0;
+    }
+
+    if (strcmp_static(name, "null") || strcmp_static(name, "zero"))
         return -ENOTLINK;
 
     return -ENOENT;

LibOS/shim/src/fs/pipe/fs.c

@@ -65,7 +65,7 @@ static int pipe_write (struct shim_handle * hdl, const void * buf,
     if (!count)
         return 0;
 
-    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, buf, NULL);
+    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, (void *) buf, NULL);
 
     if (!bytes)
         return -PAL_ERRNO;

LibOS/shim/src/fs/proc/thread.c

@@ -33,8 +33,10 @@ static int parse_thread_name (const char * name,
     if (*p == '/')
         p++;
 
-    if (!memcmp(p, "self", 4) && (!*(p + 4) || *(p + 4) == '/')) {
-        p += 4;
+    if (strpartcmp_static(p, "self")) {
+        p += static_strlen("self");
+        if (*p && *p != '/')
+            return -ENOENT;
         pid = get_cur_tid();
     } else {
         for ( ; *p && *p != '/' ; p++) {
@@ -89,17 +91,17 @@ static int find_thread_link (const char * name, struct shim_qstr * link,
 
     lock(thread->lock);
 
-    if (next_len == 4 && !memcmp(next, "root", next_len)) {
+    if (next_len == static_strlen("root") && !memcmp(next, "root", next_len)) {
         dent = thread->root;
         get_dentry(dent);
     }
 
-    if (next_len == 3 && !memcmp(next, "cwd", next_len)) {
+    if (next_len == static_strlen("cwd") && !memcmp(next, "cwd", next_len)) {
         dent = thread->cwd;
         get_dentry(dent);
     }
 
-    if (next_len == 3 && !memcmp(next, "exe", next_len)) {
+    if (next_len == static_strlen("exe") && !memcmp(next, "exe", next_len)) {
         struct shim_handle * exec = thread->exec;
         if (!exec->dentry) {
             unlock(thread->lock);

LibOS/shim/src/fs/shim_dcache.c

@@ -50,10 +50,10 @@ static struct shim_dcache_stats dcache_stats;
 
 long get_dcache_stats (const char * name)
 {
-    if (memcmp(name, "memsize", 8) == 0)
+    if (strcmp_static(name, "memsize"))
         return dcache_stats.memsize;
 
-    if (memcmp(name, "nentries", 9) == 0)
+    if (strcmp_static(name, "nentries"))
         return dcache_stats.nentries;
 
     return 0;

LibOS/shim/src/fs/shim_fs.c

@@ -94,25 +94,11 @@ static bool mount_migrated = false;
 
 static int __mount_root (void)
 {
-    const char * root_type = "chroot", * root_uri = "file:";
     int ret;
-
-    if (root_config) {
-        char t[CONFIG_MAX], u[CONFIG_MAX];
-
-        if (get_config(root_config, "fs.mount.root.type", t, CONFIG_MAX) > 0)
-            root_type = t;
-        if (get_config(root_config, "fs.mount.root.uri",  u, CONFIG_MAX) > 0)
-            root_uri  = u;
-    }
-
-    debug("mounting as %s filesystem: from %s to root\n", root_type, root_uri);
-
-    if ((ret = mount_fs(root_type, root_uri, "/")) < 0) {
-        debug("mounting root filesystem failed( %e)\n", ret);
+    if ((ret = mount_fs("chroot", "file:", "/")) < 0) {
+        debug("mounting root filesystem failed (%e)\n", ret);
         return ret;
     }
-
     return 0;
 }
 
@@ -154,9 +140,9 @@ static int __mount_one_other (const char * key, int keylen)
     char * uri = NULL;
     int ret;
 
-    memcpy(k, "fs.mount.other.", 15);
-    memcpy(k + 15, key, keylen);
-    char * kp = k + 15 + keylen;
+    memcpy(k, "fs.mount.", 9);
+    memcpy(k + 9, key, keylen);
+    char * kp = k + 9 + keylen;
 
     memcpy(kp, ".path", 6);
     if (get_config(root_config, k, p, CONFIG_MAX) <= 0)
@@ -189,7 +175,7 @@ static int __mount_others (void)
     int nkeys, keybuf_size = CONFIG_MAX;
     char * keybuf = __alloca(keybuf_size);
 
-    while ((nkeys = get_config_entries(root_config, "fs.mount.other", keybuf,
+    while ((nkeys = get_config_entries(root_config, "fs.mount", keybuf,
                                        keybuf_size)) == -ENAMETOOLONG) {
         keybuf = __alloca(keybuf_size);
         keybuf_size *= 2;

LibOS/shim/src/fs/socket/fs.c

@@ -122,7 +122,7 @@ static int socket_write (struct shim_handle * hdl, const void * buf,
     if (!count)
         return 0;
 
-    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, buf, NULL);
+    int bytes = DkStreamWrite(hdl->pal_handle, 0, count, (void *) buf, NULL);
 
     if (!bytes) {
         int err;

LibOS/shim/src/ipc/shim_ipc_nsimpl.h

@@ -884,7 +884,7 @@ static int connect_owner (IDTYPE idx, struct shim_ipc_port ** portptr,
                                              0, 0, 0, 0);
 
         if (!pal_handle) {
-            ret = -PAL_ERRNO;
+            ret = -PAL_ERRNO ? : -EACCES;
             goto out;
         }
 

LibOS/shim/src/shim_checkpoint.c

@@ -405,7 +405,7 @@ static int send_checkpoint_by_gipc (PAL_HANDLE gipc_store,
         return -EPERM;
 
     int nentries = store->gipc_nentries;
-    PAL_PTR * gipc_addrs = __alloca(sizeof(PAL_BUF) * nentries);
+    PAL_PTR * gipc_addrs = __alloca(sizeof(PAL_PTR) * nentries);
     PAL_NUM * gipc_sizes = __alloca(sizeof(PAL_NUM) * nentries);
     int total_pages = 0;
     int cnt = nentries;
@@ -612,8 +612,8 @@ int restore_checkpoint (struct cp_header * cphdr, struct mem_header * memhdr,
         rs_func rs = (&__rs_func) [cpent->cp_type - CP_FUNC_BASE];
         ret = (*rs) (cpent, base, offset, rebase);
         if (ret < 0) {
-            debug("rs_%s failed at %p\n", CP_FUNC_NAME(cpent->cp_type),
-                  base + offset);
+            debug("restoring %s failed at %p (err=%d)\n", CP_FUNC_NAME(cpent->cp_type),
+                  base + offset, -ret);
             return ret;
         }
 next:

LibOS/shim/src/shim_init.c

@@ -147,7 +147,7 @@ long int glibc_option (const char * opt)
 {
     char cfg[CONFIG_MAX];
 
-    if (!memcmp(opt, "heap_size", 9)) {
+    if (strcmp_static(opt, "heap_size")) {
         int ret = get_config(root_config, "glibc.heap_size", cfg, CONFIG_MAX);
         if (ret < 0) {
             debug("no glibc option: %s (err=%d)\n", opt, ret);
@@ -390,19 +390,20 @@ int read_environs (const char ** envp)
     for (const char ** e = envp ; *e ; e++) {
         switch ((*e)[0]) {
             case 'L': {
-                if (!memcmp(*e, "LD_LIBRARY_PATH=", 16)) {
+                if (strpartcmp_static(*e, "LD_LIBRARY_PATH=")) {
+                    const char * s = *e + static_strlen("LD_LIBRARY_PATH=");
                     int npaths = 0;
-                    for (const char * s = (*e) + 16 ; *s ; s++)
-                        if (*s == ':')
+                    for (const char * tmp = s ; *tmp ; tmp++)
+                        if (*tmp == ':')
                             npaths++;
                     const char ** paths = malloc(sizeof(const char *) *
                                                  (npaths + 1));
                     if (!paths)
                         return -ENOMEM;
 
-                    const char * s = (*e) + 16, * next;
                     int cnt = 0;
                     while (*s) {
+                        const char * next;
                         for (next = s ; *next && *next != ':' ; next++);
                         int len = next - s;
                         char * str = malloc(len + 1);
@@ -421,7 +422,7 @@ int read_environs (const char ** envp)
                 break;
             }
             case 'I': {
-                if (!memcmp(*e, "IN_GDB=1", 8)) {
+                if (strcmp_static(*e, "IN_GDB=1")) {
                     in_gdb = true;
                     break;
                 }
@@ -528,7 +529,7 @@ static void set_profile_enabled (const char ** envp)
 {
     const char ** p;
     for (p = envp ; (*p) ; p++)
-        if (!memcmp(*p, "PROFILE_ENABLED=", 16))
+        if (strpartcmp_static(*p, "PROFILE_ENABLED="))
             break;
     if (!(*p))
         return;
@@ -707,7 +708,7 @@ int shim_init (int argc, void * args, void ** return_stack)
     debug("shim loaded at %p, ready to initialize\n", &__load_address);
 
     if (argc && argv[0][0] == '-') {
-        if (!memcmp(argv[0], "-resume", 8) && argc >= 2) {
+        if (strcmp_static(argv[0], "-resume") && argc >= 2) {
             const char * filename = *(argv + 1);
             argc -= 2;
             argv += 2;
@@ -922,7 +923,7 @@ static int open_pal_handle (const char * uri, void * obj)
 {
     PAL_HANDLE hdl;
 
-    if (!memcmp(uri, "dir:", 4))
+    if (strpartcmp_static(uri, "dev:"))
         hdl = DkStreamOpen(uri, 0,
                            PAL_SHARE_OWNER_X|PAL_SHARE_OWNER_W|
                            PAL_SHARE_OWNER_R,
@@ -1163,7 +1164,7 @@ int message_confirm (const char * message, const char * options)
     }
 
 #define WRITE(buf, len)                                             \
-    ({  int _ret = DkStreamWrite(hdl, 0, len, buf, NULL);           \
+    ({  int _ret = DkStreamWrite(hdl, 0, len, (void *) buf, NULL);  \
         _ret ? : -PAL_ERRNO; })
 
 #define READ(buf, len)                                              \

LibOS/shim/src/shim_parser.c

@@ -403,7 +403,7 @@ struct parser_table {
 
 static inline int is_pointer (const char * type)
 {
-    return type[strlen(type) - 1] == '*' || !memcmp(type, "long", 5);
+    return type[strlen(type) - 1] == '*' || strcmp_static(type, "long");
 }
 
 #define PRINTF(fmt, ...)                            \
@@ -442,7 +442,7 @@ static inline void parse_syscall_args (va_list * ap)
 {
     const char * arg_type = va_arg(ap, const char *);
 
-    if (memcmp(arg_type, "const char *", 13) == 0)
+    if (strcmp_static(arg_type, "const char *"))
         parse_string_arg(ap);
     else if (is_pointer(arg_type))
         parse_pointer_arg(ap);
@@ -454,7 +454,7 @@ static inline void skip_syscall_args (va_list * ap)
 {
     const char * arg_type = va_arg (ap, const char *);
 
-    if (memcmp(arg_type, "const char *", 13) == 0)
+    if (strcmp_static(arg_type, "const char *"))
         va_arg(ap, const char *);
     else if (is_pointer(arg_type))
         va_arg(ap, void *);

LibOS/shim/src/sys/shim_mmap.c

@@ -48,7 +48,7 @@ void * shim_do_mmap (void * addr, size_t length, int prot, int flags, int fd,
     assert(!(flags & (VMA_UNMAPPED|VMA_TAINTED)));
 
     if (flags & MAP_32BIT)
-        return -ENOSYS;
+        return (void *) -ENOSYS;
 
     int pal_alloc_type = 0;
 

LibOS/shim/src/sys/shim_sandbox.c

@@ -86,30 +86,30 @@ static int isolate_fs (struct config_store * cfg, const char * path)
         goto root;
 
     char k[CONFIG_MAX], p[CONFIG_MAX];
-    memcpy(k, "fs.mount.other.", 15);
+    char * tmp = strcpy_static(k, "fs.mount.other.", CONFIG_MAX);
     const char * key = keybuf, * next = NULL;
 
     for (int n = 0 ; n < nkeys ; key = next, n++) {
         for (next = key ; *next ; next++);
         next++;
         int key_len = next - key - 1;
-        memcpy(k + 15, key, key_len);
-        char * kp = k + 15 + key_len;
+        memcpy(tmp, key, key_len);
+        char * kp = tmp + key_len;
         int ulen, plen;
         bool is_chroot = false;
 
         /* Skip FS that are not chroot */
-        memcpy(kp, ".type", 6);
+        strcpy_static(kp, ".type", k + CONFIG_MAX - kp);
         if ((ret = get_config(cfg, k, t, CONFIG_MAX)) <= 0)
             continue;
-        if (ret == 6 || !memcmp(t, "chroot", 6))
+        if (strpartcmp_static(t, "chroot"))
             is_chroot = true;
 
-        memcpy(kp, ".uri", 5);
+        strcpy_static(kp, ".uri", k + CONFIG_MAX - kp);
         if ((ulen = get_config(cfg, k, u, CONFIG_MAX)) <= 0)
             continue;
 
-        memcpy(kp, ".path", 6);
+        strcpy_static(kp, ".path", k + CONFIG_MAX - kp);
         if ((plen = get_config(cfg, k, p, CONFIG_MAX)) <= 0)
             continue;
 
@@ -131,9 +131,9 @@ remove:
                     continue;
                 }
                 set_config(cfg, k, NULL);
-                memcpy(kp, ".type", 6);
+                strcpy_static(kp, ".type", k + CONFIG_MAX - kp);
                 set_config(cfg, k, NULL);
-                memcpy(kp, ".uri", 5);
+                strcpy_static(kp, ".uri", k + CONFIG_MAX - kp);
                 set_config(cfg, k, NULL);
                 debug("deleted file rule: %s => %s\n", p, u);
             }
@@ -152,7 +152,7 @@ remove:
 
             append_uri(u, ulen, dpath + plen, dpath_len - plen);
             set_config(cfg, k, dpath);
-            memcpy(kp, "uri", 5);
+            strcpy_static(kp, "uri", k + CONFIG_MAX - kp);
             set_config(cfg, k, u);
             root_created = true;
             debug("added file rule: %s => %s\n", dpath, u);
@@ -164,7 +164,7 @@ root:
         int prefix_len = ret;
 
         if ((ret = get_config(cfg, "fs.mount.root.type", t, CONFIG_MAX)) > 0 &&
-            ret == 6 && !memcmp(t, "chroot", 6)) {
+            strcmp_static(t, "chroot")) {
             /* remove the root FS */
             set_config(cfg, "fs.mount.root.uri",  NULL);
             set_config(cfg, "fs.mount.root.type", NULL);

LibOS/shim/src/utils/printf.c

@@ -37,7 +37,7 @@ struct debugbuf {
 static inline void
 debug_fputs (void * f, const char * buf, int len)
 {
-    DkStreamWrite(debug_handle, 0, len, buf, NULL);
+    DkStreamWrite(debug_handle, 0, len, (void *) buf, NULL);
 }
 
 static void
@@ -141,7 +141,7 @@ struct sysbuf {
 static inline void
 sys_fputs (void * f, const char * str, int len)
 {
-    DkStreamWrite((PAL_HANDLE) f, 0, len, str, NULL);
+    DkStreamWrite((PAL_HANDLE) f, 0, len, (void *) str, NULL);
 }
 
 static void

LibOS/shim/test/Makefile

@@ -1,36 +1,55 @@
-subdirs = native apps
+subdirs = native
 
 SYS ?= $(shell gcc -dumpmachine)
 export SYS
 
+PALDIR  = $(level)../../../Pal/src
+SHIMDIR = $(level)../src
+LIBCDIR = $(level)../../glibc-build
+
 CC = gcc
 CXX = g++
-CFLAGS 	= -std=gnu99 -I$(level)../include
-CFLAGS-debug = $(CFLAGS) -I$(level)../../../Pal/lib \
-	       -I$(level)../../../Pal/include/pal
+CFLAGS 	= -std=gnu99
+CFLAGS-debug = $(CFLAGS) -I$(PALDIR)/../include/pal -I$(PALDIR)/../lib
 LDFLAGS	=
-LDFLAGS-debug = $(LDFLAGS) -L$(level)../src -L$(level)../../../Pal/src \
-		-Wl,-rpath-link=$(abspath $(LEVEL)../src) \
-		-Wl,-rpath-link=$(abspath $(level)../../../Pal/src) \
+LDFLAGS-debug = $(LDFLAGS) -L$(SHIMDIR) \
+		-Wl,-rpath-link=$(abspath $(SHIMDIR)) \
+		-Wl,-rpath-link=$(abspath $(PALDIR)) \
 		-lpal -lsysdb_debug
 
-include $(level)../../../Pal/src/Makefile.Test
+default: all
+include $(PALDIR)/Makefile.Test
+
+all: $(target) $(if $(level),,build-subdirs) | $(call expand_target,$(exec_target))
+
+ifeq ($(DEBUG),1)
+CC += -g
+CXX += -g
+endif
+export DEBUG
 
-libs = $(level)../src/libsysdb_debug.so $(level)../../../Pal/src/libpal.so
-glibc_dir = $(level)../../build
+reldir = $(shell p=`dirname $(1)` ; d=; while [ "$$p" != "." ]; do p=`dirname $$p`; d=../$$d; done; echo $$d)
 
-all: $(call expand_target,$(exec_target)) $(target) $(if $(level),,build-subdirs)
+manifest_rules = \
+	-e 's:\$$(PALDIR):$(PALDIR):g' \
+	-e 's:\$$(PWD):$(PWD):g' \
+	-e 's:\$$(BIN):$(subst .manifest,,$(notdir $@)):g' \
+	-e 's:\$$(SHIMDIR):$(SHIMDIR):g' \
+	-e 's:\$$(SHIMPATH):$(SHIMDIR)/libsysdb.so:g' \
+	-e 's:\$$(LIBCDIR):$(LIBCDIR):g' \
+	$(extra_rules)
 
-debug: DEBUG=debug
-debug: CC=gcc -g
-debug: CXX=g++ -g
-debug: $(target) $(if $(level),,build-subdirs)
+%manifest: %manifest.template
+	@echo [ $@ ]
+	sed $(manifest_rules) $< > $@
+	(grep -q '^#!' $@ && chmod +x $@) || true
 
-pal:
-	[ ! -f $(level)../../../Pal/src/pal ] || ln -sf $(level)../../../Pal/src/pal pal
+manifest: manifest.template
+	@echo [ $@ ]
+	sed $(manifest_rules) $< > $@
 
-pal_sec:
-	[ ! -f $(level)../../../Pal/src/pal_sec ] || ln -sf $(level)../../../Pal/src/pal_sec pal_sec
+pal pal_sec:
+	ln -sf $(level)../../../Pal/src/$@ $@
 
 .PHONY: test clean
 
@@ -38,7 +57,7 @@ clean: $(clean-extra) $(if $(level),,clean-subdirs)
 	rm -rf $(call expand_target,$(exec_target)) $(target)
 
 build-subdirs:
-	for f in $(subdirs); do (cd $$f; $(MAKE) $(DEBUG); cd ..); done
+	for f in $(subdirs); do (cd $$f; $(MAKE); cd ..); done
 
 ifeq ($(SYS),x86_64-linux-gnu)
 ifeq ($(level),)

LibOS/shim/test/apps/apache/Makefile

@@ -16,15 +16,28 @@ INSTALL_DIR = $(PWD)/obj
 SRC_DIRS = $(HTTPD_DIR) $(APR_DIR) $(APRUTIL_DIR) $(PHP_DIR)
 HTDOC=$(INSTALL_DIR)/htdocs
 
-TARGET = $(INSTALL_DIR)/bin/httpd $(INSTALL_DIR)/modules/libphp5.so \
-	 $(INSTALL_DIR)/modules/mod_auth_basic_sandbox.so \
-	 conf httpd.manifest test-data
+exec_target = httpd.manifest
 
-all: $(TARGET)
+target = build-apache build-modules build-conf test-data
 
-debug: MAKE_FLAGS=CC="gcc -g"
-debug: APXS_FLAGS=-S CC="gcc -g"
-debug: $(TARGET)
+clean-extra = clean-apache
+
+extra_rules = \
+	-e 's:\$$(PAL):../pal_loader:g' \
+	-e 's:\$$(HOST):$(HOST):g' \
+	-e 's:\$$(PORT):$(PORT):g'
+
+level = ../../
+include ../../Makefile
+
+.PHONY: build-apache build-modules build-conf
+
+build-apache: $(INSTALL_DIR)/bin/httpd $(INSTALL_DIR)/modules/libphp5.so
+
+ifeq ($(DEBUG),1)
+MAKE_FLAGS = CC="gcc -g"
+APXS_FLAGS = -S CC="gcc -g"
+endif
 
 %: %.tar.gz
 	tar -xzf $<
@@ -45,9 +58,9 @@ $(INSTALL_DIR)/lib/libaprutil-1.so.0: $(APRUTIL_DIR) $(INSTALL_DIR)/lib/libapr-1
 
 $(INSTALL_DIR)/bin/httpd $(INSTALL_DIR)/bin/apxs: $(INSTALL_DIR)/lib/libapr-1.so.0 $(INSTALL_DIR)/lib/libaprutil-1.so.0
 	[ -d $(HTTPD_DIR) ] || tar -xzf $(HTTPD_DIR).tar.gz
-	[ -f $(HTTPD_DIR)/Makefile ] || \
+	[ -f $(HTTPD_DIR)/Makefile ] || ( \
 	cd $(HTTPD_DIR) && ./configure --prefix=$(INSTALL_DIR) --with-apr=$(INSTALL_DIR) \
-	--with-apr-util=$(INSTALL_DIR) --with-mpm=prefork
+	--with-apr-util=$(INSTALL_DIR) --with-mpm=prefork)
 	cd $(HTTPD_DIR) && $(MAKE) -j$(NPROCS) $(MAKE_FLAGS)
 	cd $(HTTPD_DIR) && $(MAKE) install
 
@@ -57,20 +70,14 @@ $(INSTALL_DIR)/modules/libphp5.so: $(PHP_DIR) $(INSTALL_DIR)/bin/apxs
 	cd $< && $(MAKE) -j$(NPROCS) $(MAKE_FLAGS)
 	cd $< && $(MAKE) install
 
-.PHONY: modules
-
-modules: $(INSTALL_DIR)/modules/mod_auth_basic_sandbox.so
+build-modules: $(INSTALL_DIR)/modules/mod_auth_basic_sandbox.so
 
 $(INSTALL_DIR)/modules/mod_auth_basic_sandbox.so: mod_auth_basic_sandbox.c $(INSTALL_DIR)/bin/apxs
 	$(INSTALL_DIR)/bin/apxs $(APXS_FLAGS) \
-		-S CFLAGS="-I../../../include" \
-		-S LDFLAGS="-L../../../../build/libos -llibos" -c -i -A $<
-
-%.manifest: %.manifest.template
-	$(MAKE) -C .. apache/$@ appdir=apache/ \
-		extra_rules="-e 's:\\\$$\$$(HOST):$(HOST):g' -e 's:\\\$$\$$(PORT):$(PORT):g'"
+		-S CFLAGS="-I$(SHIMDIR)/../include" \
+		-S LDFLAGS="-L$(LIBCDIR)/libos -llibos" -c -i -A $<
 
-conf:
+build-conf:
 	[ -f $(INSTALL_DIR)/conf/httpd.conf.old ] || \
 		mv $(INSTALL_DIR)/conf/httpd.conf $(INSTALL_DIR)/conf/httpd.conf.old
 	sed -e "s/Listen 80/#Listen 80/g" \
@@ -96,12 +103,12 @@ conf:
 
 start-native-server:
 	@echo "Listen on $(HOST):$(PORT)"
-	$(PREFIX) $(INSTALL_DIR)/bin/httpd -D FOREGROUND -C "Listen $(HOST):$(PORT)" -C "PidFile /httpd-$(HOST)-$(PORT).pid"
+	$(PREFIX) $(INSTALL_DIR)/bin/httpd -D FOREGROUND -C "Listen $(HOST):$(PORT)" -C "PidFile logs/httpd-$(HOST)-$(PORT).pid"
 
 start-graphene-server:
 	rm -rf httpd-$(HOST)-$(PORT).pid
 	@echo "Listen on $(HOST):$(PORT)"
-	$(PREFIX) ./httpd.manifest -D FOREGROUND -C "Listen $(HOST):$(PORT)" -C "PidFile /httpd-$(HOST)-$(PORT).pid"
+	$(PREFIX) ../pal_loader $(INSTALL_DIR)/bin/httpd -D FOREGROUND -C "Listen $(HOST):$(PORT)" -C "PidFile logs/httpd-$(HOST)-$(PORT).pid"
 
 random-data = $(foreach n,1 2 3 4 5 6 7 8 9 10,2K.$n.html) \
 	      $(foreach n,1 2 3 4 5,10K.$n.html) \
@@ -142,6 +149,5 @@ test-data: $(test-data)
 distclean: clean
 	rm -rf $(INSTALL_DIR) $(SRC_DIRS)
 
-clean:
-	rm -rf httpd.manifest $(test-data) \
-		$(addprefix mod_auth_basic_sandbox.,la lo o slo)
+clean-apache:
+	rm -rf $(test-data) $(addprefix mod_auth_basic_sandbox,.so .la .lo .o .slo)

LibOS/shim/test/apps/apache/httpd.manifest.template

@@ -6,24 +6,41 @@ loader.execname = httpd
 loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-fs.mount.other.cwd.type = chroot
-fs.mount.other.cwd.path = $(PWD)
-fs.mount.other.cwd.uri = file:
+fs.mount.cwd.type = chroot
+fs.mount.cwd.path = $(PWD)
+fs.mount.cwd.uri = file:
 
 # allow to bind on port for listening
 net.rules.1 = $(HOST):$(PORT):0.0.0.0:0-65535
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libapr = file:obj/lib/libapr-1.so.0
+sgx.trusted_files.libaprutil = file:obj/lib/libaprutil-1.so.0
+sgx.trusted_files.libexpat = file:/lib/x86_64-linux-gnu/libexpat.so.1
+sgx.trusted_files.libcrypt = file:/lib/x86_64-linux-gnu/libcrypt.so.1
+sgx.trusted_files.libresolv = file:/lib/x86_64-linux-gnu/libresolv.so.2
+sgx.trusted_files.libxml2 = file:/usr/lib/x86_64-linux-gnu/libxml2.so.2
+sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
+sgx.trusted_files.liblzma = file:/lib/x86_64-linux-gnu/liblzma.so.5
+
+sgx.allowed_files.modules = file:obj/modules
+sgx.allowed_files.conf = file:obj/conf
+sgx.allowed_files.htdocs = file:obj/htdocs
+sgx.allowed_files.logs = file:obj/logs

LibOS/shim/test/apps/bash/Makefile

@@ -1,34 +1,23 @@
-bash_src = bash-4.1
+BASH_DIR = bash-4.1
 
-manifests = bash.manifest bash-local.manifest
+manifests = $(addsuffix .manifest,bash ls cp rm)
+exec_target = $(manifests)
 
-all debug: $(manifests)
+extra_rules = -e 's:\$$(PAL):../pal_loader:g'
 
-test_targets =  testsamplebash
+level = ../../
+include ../../Makefile
 
-bash-local: $(bash_src)/bash
-	cp $< bash-local
-
-$(bash_src): $(bash_src).tar.gz
+$(bash_src): $(BASH_DIR).tar.gz
 	tar -xzf $<
 
-$(bash_src)/bash: $(bash_src)
-	cd $(bash_src) && ./configure --without-gnu-malloc
-	cd $(bash_src) && $(MAKE) CC="gcc -g"
-
-test: all $(test_targets)
-
-testsamplebash:
-	bash bash_test.sh
+$(bash_src)/bash: $(BASH_DIR)
+	cd $(BASH_DIR) && ./configure --without-gnu-malloc
+	cd $(BASH_DIR) && $(MAKE) CC="gcc -g"
 
-%.manifest: %.manifest.template
-	$(MAKE) -C .. bash/$@ appdir=bash/
-
-clean: clean-manifests
+bash-local: $(BASH_DIR)/bash
+	cp $< bash-local
 
 distclean: clean-manifests
 	rm -rf $(bash_src)
 	rm -rf bash result $(test_targets)
-
-clean-manifests:
-	rm -rf $(manifests)

LibOS/shim/test/apps/bash/bash-local.manifest.template

@@ -1,32 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:bash-local
-loader.execname = bash-local
-loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu
-loader.env.PATH = /bin:/usr/bin
-loader.env.USERNAME =
-loader.env.HOME =
-loader.env.PWD =
-loader.debug_type = none
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-sys.brk.size = 262144  # 256K

LibOS/shim/test/apps/bash/bash.manifest.template

@@ -10,23 +10,36 @@ loader.env.HOME =
 loader.env.PWD =
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
 
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+sys.brk.size = 256K
 
-sys.brk.size = 262144  # 256K
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libtinfo = file:/lib/x86_64-linux-gnu/libtinfo.so.5
+sgx.trusted_files.ls = file:/bin/ls
+sgx.trusted_files.rm = file:/bin/cp
+sgx.trusted_files.rm = file:/bin/rm
+
+sgx.trusted_children.ls = file:ls.sig
+sgx.trusted_children.cp = file:cp.sig
+sgx.trusted_children.rm = file:rm.sig
+
+sgx.allowed_files.test1 = file:bash_test.sh
+sgx.allowed_files.test2 = file:OUTPUT

LibOS/shim/test/apps/bash/cp.manifest.template

@@ -0,0 +1,29 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/ls
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.hostlib.type = chroot
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+# allow to bind on port 8000
+net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
+# allow to connect to port 8000
+net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
+
+# sgx-related
+sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1
+sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1

LibOS/shim/test/apps/bash/ls.manifest.template

@@ -0,0 +1,29 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/ls
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.hostlib.type = chroot
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+# allow to bind on port 8000
+net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
+# allow to connect to port 8000
+net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
+
+# sgx-related
+sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1
+sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1

LibOS/shim/test/apps/bash/rm.manifest.template

@@ -0,0 +1,25 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/rm
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.hostlib.type = chroot
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+# allow to bind on port 8000
+net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
+# allow to connect to port 8000
+net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
+
+# sgx-related
+sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6

LibOS/shim/test/apps/busybox/Makefile

@@ -1,38 +1,30 @@
-busybox_src = busybox-1.23.1
+exec_target = busybox.manifest busybox_nofork.manifest
+target = busybox busybox_gdb busybox_nofork busybox_nofork_gdb
 
-manifests = busybox.manifest busybox_nofork.manifest
-targets = busybox busybox_gdb busybox_nofork busybox_nofork_gdb $(manifests)
-test_targets =
+extra_rules = -e 's:\$$(PAL):../pal_loader:g'
 
-all: $(targets)
+level = ../../
+include ../../Makefile
 
-debug: MAKE_FLAGS=CC="gcc -g"
-debug: $(targets)
+BUSYBOX_DIR = busybox-1.23.1
 
-busybox busybox_gdb: config_for_graphene
-	[ -d $(busybox_src) ] || tar -xjf $(busybox_src).tar.bz2
-	cp config_for_graphene $(busybox_src)/.config
-	cd $(busybox_src) && $(MAKE) $(MAKE_FLAGS)
-	cp $(busybox_src)/busybox busybox
-	cp $(busybox_src)/busybox_unstripped busybox_gdb
+ifeq ($(DEBUG),1)
+MAKE_FLAGS = CC="gcc -g"
+endif
 
-busybox_nofork busybox_nofork_gdb: $(busybox_src) config_for_graphene_nofork
-	[ -d $(busybox_src) ] || tar -xjf $(busybox_src).tar.bz2
-	cp config_for_graphene_nofork $(busybox_src)/.config
-	cd $(busybox_src) && $(MAKE) $(MAKE_FLAGS)
-	cp $(busybox_src)/busybox busybox_nofork
-	cp $(busybox_src)/busybox_unstripped busybox_nofork_gdb
+busybox busybox_gdb: config-graphene
+	[ -d $(BUSYBOX_DIR) ] || tar -xjf $(BUSYBOX_DIR).tar.bz2
+	cp config-graphene $(BUSYBOX_DIR)/.config
+	cd $(BUSYBOX_DIR) && $(MAKE) $(MAKE_FLAGS)
+	cp $(BUSYBOX_DIR)/busybox busybox
+	cp $(BUSYBOX_DIR)/busybox_unstripped busybox_gdb
 
-test: all $(test_targets)
-
-%.manifest: %.manifest.template
-	$(MAKE) -C .. busybox/$@ appdir=busybox/
+busybox_nofork busybox_nofork_gdb: $(BUSYBOX_DIR) config-graphene-nofork
+	[ -d $(BUSYBOX_DIR) ] || tar -xjf $(BUSYBOX_DIR).tar.bz2
+	cp config-graphene-nofork $(BUSYBOX_DIR)/.config
+	cd $(BUSYBOX_DIR) && $(MAKE) $(MAKE_FLAGS)
+	cp $(BUSYBOX_DIR)/busybox busybox_nofork
+	cp $(BUSYBOX_DIR)/busybox_unstripped busybox_nofork_gdb
 
 distclean: clean
-	rm -rf $(busybox_src)
-
-clean: clean-manifests
-	rm -rf result $(test_targets) busybox busybox_gdb
-
-clean-manifests:
-	rm -rf $(manifests)
+	rm -rf $(BUSYBOX_DIR)

LibOS/shim/test/apps/busybox/busybox.manifest.template

@@ -8,16 +8,19 @@ loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
 loader.env.USERNAME =
 loader.env.HOME =
 loader.env.PWD =
-loader.env.HOSTNAME = $(HOSTNAME)
+loader.env.HOSTNAME = test
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libcrypt = file:/lib/x86_64-linux-gnu/libcrypt.so.1

LibOS/shim/test/apps/busybox/busybox_nofork.manifest.template

@@ -2,19 +2,25 @@
 
 loader.preload = file:$(SHIMPATH)
 loader.exec = file:busybox_nofork
+loader.execname = busybox_nofork
 loader.env.PATH = /:/usr/sbin:/usr/bin:/sbin:/bin
-loader.env.LD_LIBRARY_PATH = /lib:/lib64
-loader.exclude_env = USERNAME,HOME,PWD
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.env.USERNAME =
+loader.env.HOME =
+loader.env.PWD =
+loader.env.HOSTNAME = test
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib64
-fs.mount.other.lib2.uri = file:/lib
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib64
+fs.mount.lib2.uri = file:/lib
 
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libcrypt = file:/lib/x86_64-linux-gnu/libcrypt.so.1

LibOS/shim/test/apps/gcc/Makefile

@@ -1,36 +1,11 @@
-manifests = gcc g++ gcc-huge g++-huge gcc-local g++-local
+exec_target = $(addsuffix .manifest,gcc g++ gcc-huge g++-huge)
 
-all debug: $(addsuffix .manifest, $(manifests))
+clean-extra = clean-garbages
 
-c_targets = helloworld gzip oggenc.m single-gcc
+extra_rules = -e 's:\$$(PAL):../pal_loader:g'
 
-test_targets = $(c_targets) $(make_targets)
-
-test: all $(test_targets)
-
-%.manifest: %.manifest.template
-	$(MAKE) -C .. gcc/$@ appdir=gcc/
-
-$(c_targets): %: %.c
-	echo "$@ (native):" >> result
-	rm -rf $@
-	time -a -o result -p gcc -o $@ $^ \
-	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
-	sleep 0.5
-	echo "$@ (graphene):" >> result
-	rm -rf $@
-	time -a -o result -p ./gcc.manifest -o $@ $^ \
-	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
-
-$(make_targets): %:
-	echo "$@ (native2):" >> result
-	$(MAKE) -C $(dir $@) clean
-	time -a -o result -p $(MAKE) -C $(dir $@) $(notdir $@) CC=g++
-	echo "$@ (graphene):" >> result
-	$(MAKE) -C $(dir $@) clean
-	time -a -o result -p $(MAKE) -C $(dir $@) $(notdir $@) CC=$(shell pwd)/g++.manifest
-
-gcc-local: obj/bin/gcc
+level = ../../
+include ../../Makefile
 
 GCC_VER = 4.8.4
 BINUTILS_VER = 2.20.1
@@ -135,11 +110,5 @@ test-graphene:
 distclean: clean
 	rm -rf src obj
 
-clean: clean-manifests clean-garbages
-	rm -rf result $(test_targets)
-
-clean-manifests:
-	rm -rf $(addsuffix .manifest, $(manifests))
-
 clean-garbages:
 	rm -rf cc*.s cc*.c cc*.ld cc*.le cc*.o a.out

LibOS/shim/test/apps/gcc/g++-huge.manifest.template

@@ -7,20 +7,17 @@ loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64
 loader.env.PATH = /bin:/usr/bin
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-sys.stack.size = 67108864  # 64MB
-sys.brk.size = 268435456  # 256MB
+sys.stack.size = 64MB
+sys.brk.size = 256MB

LibOS/shim/test/apps/gcc/g++-local.manifest.template

@@ -1,22 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(PWD)obj/bin/g++
-loader.env.LD_LIBRARY_PATH = /obj/lib:/lib:/lib/x86_64-linux-gnu
-loader.env.PATH = /obj/bin:/obj/libexec/gcc/x86_64-linux-gnu/4.8.4
-loader.debug_type = none
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr

LibOS/shim/test/apps/gcc/gcc-huge.manifest.template

@@ -7,20 +7,17 @@ loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64
 loader.env.PATH = /bin:/usr/bin
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-sys.stack.size = 67108864  # 64MB
-sys.brk.size = 268435456  # 256MB
+sys.stack.size = 64MB
+sys.brk.size = 256MB

LibOS/shim/test/apps/gcc/gcc-local.manifest.template

@@ -1,22 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(PWD)obj/bin/gcc
-loader.env.LD_LIBRARY_PATH = /obj/lib:/lib:/lib/x86_64-linux-gnu
-loader.env.PATH = /obj/bin:/obj/libexec/gcc/x86_64-linux-gnu/4.8.4
-loader.debug_type = none
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr

LibOS/shim/test/apps/lighttpd/Makefile

@@ -1,4 +1,4 @@
-manifests = lighttpd.manifest lighttpd-angel.manifest 
+manifests = lighttpd.manifest lighttpd-angel.manifest
 SRCDIR = lighttpd-1.4.30
 HOST = $(firstword $(shell ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' -m 1 | cut -d: -f2))
 PORT = 8000
@@ -6,16 +6,19 @@ CORES = 4
 
 conf_files = lighttpd-server.conf lighttpd.conf lighttpd-multithreaded.conf
 
-target = build/sbin/lighttpd $(conf_files) test-data
+target = build-lighttpd $(conf_files) test-data
 exec_target = $(manifests)
 clean-extra = clean-others
 
+extra_rules = \
+	-e 's:\$$(PAL):../pal_loader:g' \
+	-e 's:\$$(HOST):$(HOST):g' \
+	-e 's:\$$(PORT):$(PORT):g'
+
 level = ../../
 include ../../Makefile
 
-$(manifests): %.manifest: %.manifest.template build/sbin/lighttpd build/sbin/lighttpd-angel
-	$(MAKE) -C .. lighttpd/$@ appdir=lighttpd/ \
-		extra_rules="-e 's:\\\$$\$$(HOST):$(HOST):g' -e 's:\\\$$\$$(PORT):$(PORT):g'"
+build-lighttpd: build/sbin/lighttpd
 
 build/sbin/lighttpd: $(SRCDIR)
 	cd $(SRCDIR) && ./configure --prefix=$(PWD)/build \
@@ -52,11 +55,11 @@ start-multithreaded-native-server:
                 $(if $(CONF),$(CONF),lighttpd-multithreaded.conf)
 
 start-graphene-server:
-	$(PREFIX) ./lighttpd.manifest -D -m /lighttpd -f \
+	$(PREFIX) ../pal_loader build/sbin/lighttpd -D -m /lighttpd -f \
 		$(if $(CONF),$(CONF),lighttpd.conf)
 
 start-multithreaded-graphene-server:
-	$(PREFIX) ./lighttpd.manifest -D -m /lighttpd -f \
+	$(PREFIX) ../pal_loader build/sbin/lighttpd -D -m /lighttpd -f \
                 $(if $(CONF),$(CONF),lighttpd-multithreaded.conf)
 
 

LibOS/shim/test/apps/lighttpd/lighttpd-angel.manifest.template

@@ -1,32 +1,29 @@
 #!$(PAL)
 
 loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(PWD)build/sbin/lighttpd-angel
+loader.exec = file:build/sbin/lighttpd-angel
 loader.env.LD_LIBRARY_PATH = /lib:/lighttpd
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.build.type = chroot
+fs.mount.build.path = /lighttpd
+fs.mount.build.uri = file:build/lib
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lighttpd
-fs.mount.other.lib2.uri = file:$(PWD)build/lib
+fs.mount.html.type = chroot
+fs.mount.html.path = $(PWD)/html
+fs.mount.html.uri = file:html
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.tmp.type = chroot
-fs.mount.other.tmp.path = /tmp
-fs.mount.other.tmp.uri = file:/tmp
-
-fs.mount.other.pwd.type = chroot
-fs.mount.other.pwd.path = $(PWD)
-fs.mount.other.pwd.uri = file:
+fs.mount.tmp.type = chroot
+fs.mount.tmp.path = /tmp
+fs.mount.tmp.uri = file:/tmp
 
 # allow to bind on port for listening
 net.rules.1 = $(HOST):$(PORT):0.0.0.0:0-65535
@@ -34,3 +31,22 @@ net.rules.1 = $(HOST):$(PORT):0.0.0.0:0-65535
 sys.stack.size = 256K
 sys.brk.size = 4M
 glibc.heap_size = 16M
+
+sgx.thread_num = 8
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+
+sgx.trusted_files.lib1 = file:build/lib/mod_indexfile.so
+sgx.trusted_files.lib2 = file:build/lib/mod_dirlisting.so
+sgx.trusted_files.lib3 = file:build/lib/mod_staticfile.so
+
+sgx.trusted_files.conf1 = file:lighttpd.conf
+sgx.trusted_files.conf2 = file:lighttpd-generic.conf
+sgx.trusted_files.conf3 = file:lighttpd-server.conf
+sgx.trusted_files.conf4 = file:lighttpd-multithreaded.conf
+
+sgx.allowed_files.html = file:html

LibOS/shim/test/apps/lighttpd/lighttpd.manifest.template

@@ -1,32 +1,29 @@
 #!$(PAL)
 
 loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(PWD)build/sbin/lighttpd
+loader.exec = file:build/sbin/lighttpd
 loader.env.LD_LIBRARY_PATH = /lib:/lighttpd
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.build.type = chroot
+fs.mount.build.path = /lighttpd
+fs.mount.build.uri = file:build/lib
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lighttpd
-fs.mount.other.lib2.uri = file:$(PWD)build/lib
+fs.mount.html.type = chroot
+fs.mount.html.path = $(PWD)/html
+fs.mount.html.uri = file:html
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.tmp.type = chroot
-fs.mount.other.tmp.path = /tmp
-fs.mount.other.tmp.uri = file:/tmp
-
-fs.mount.other.pwd.type = chroot
-fs.mount.other.pwd.path = $(PWD)
-fs.mount.other.pwd.uri = file:
+fs.mount.tmp.type = chroot
+fs.mount.tmp.path = /tmp
+fs.mount.tmp.uri = file:/tmp
 
 # allow to bind on port for listening
 net.rules.1 = $(HOST):$(PORT):0.0.0.0:0-65535
@@ -34,3 +31,22 @@ net.rules.1 = $(HOST):$(PORT):0.0.0.0:0-65535
 sys.stack.size = 256K
 sys.brk.size = 4M
 glibc.heap_size = 16M
+
+sgx.thread_num = 8
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+
+sgx.trusted_files.lib1 = file:build/lib/mod_indexfile.so
+sgx.trusted_files.lib2 = file:build/lib/mod_dirlisting.so
+sgx.trusted_files.lib3 = file:build/lib/mod_staticfile.so
+
+sgx.trusted_files.conf1 = file:lighttpd.conf
+sgx.trusted_files.conf2 = file:lighttpd-generic.conf
+sgx.trusted_files.conf3 = file:lighttpd-server.conf
+sgx.trusted_files.conf4 = file:lighttpd-multithreaded.conf
+
+sgx.allowed_files.html = file:html

LibOS/shim/test/apps/lmbench/.packed/lmbench.sha384

@@ -1 +1 @@
-host/bin/sh host/usr/include/x86_64-linux-gnu/sys/types.h lmbench-2.5/bin/linux test-list
+host/bin/sh host/usr/include/x86_64-linux-gnu/sys/types.h lmbench-2.5/bin/linux

LibOS/shim/test/apps/lmbench/Makefile

@@ -1,22 +1,16 @@
 LMBENCHDIR = lmbench-2.5
-LINUXDIR=$(LMBENCHDIR)/bin/linux/
-GRAPHENEDIR=$(LMBENCHDIR)/bin/graphene/
-RUNDIR=$(LMBENCHDIR)/bin/graphene.run/
-
-HOST_BINARIES = /bin/sh /usr/include/x86_64-linux-gnu/sys/types.h
-BINARIES = $(LINUXDIR) $(addprefix host,$(HOST_BINARIES))
-LMBENCH_TESTS = lat_syscall lat_connect lat_fcntl lat_select lat_fs \
-		lat_mmap lat_fifo lat_mem_rd lat_msg lat_tcp lat_udp \
-		lat_unix_connect lat_pagefault \
+LINUXDIR = $(LMBENCHDIR)/bin/linux/
+
+host_files = /bin/sh /usr/include/x86_64-linux-gnu/sys/types.h
+lmbench_tests = $(addprefix $(LINUXDIR),lat_syscall lat_connect lat_fcntl \
+		lat_select lat_fs lat_mmap lat_fifo lat_mem_rd lat_msg \
+		lat_tcp lat_udp lat_unix_connect lat_pagefault \
 		bw_tcp bw_mem bw_unix lat_proc lat_ctx lat_rpc \
 		lat_unix lat_sig lat_http lat_pipe \
-		bw_pipe bw_file_rd bw_mmap_rd lmhttp lmdd
-MANIFESTS = $(addsuffix .manifest,$(addprefix $(RUNDIR),$(LMBENCH_TESTS)))
-RUNTIME_BINS = $(LINUXDIR)hello /bin/sh
-RUNTIME_MANIFESTS=$(addsuffix .manifest,$(addprefix $(RUNDIR),$(foreach f,$(RUNTIME_BINS),$(notdir $(f)))))
+		bw_pipe bw_file_rd bw_mmap_rd lmhttp lmdd)
+manifests = $(addprefix $(LINUXDIR),$(patsubst %.template,%,$(wildcard *.manifest.template)) manifest)
 
-target = $(addprefix $(LINUXDIR),$(LMBENCH_TESTS)) $(GRAPHENEDIR)
-exec_target = $(MANIFESTS) $(RUNTIME_MANIFESTS)
+target = $(lmbench_tests)
 clean-extra = clean-lmbench
 
 level = ../../
@@ -25,50 +19,30 @@ include ../../Makefile
 export CC
 export CFLAGS
 
-servers = lat_udp lat_tcp lat_rpc lat_connect bw_tcp
-
-$(GRAPHENEDIR): $(MANIFESTS) $(addprefix $(RUNDIR),$(LMBENCH_TESTS)) $(LINUXDIR)
-	mkdir -p $@
-	for f in $(MANIFESTS); do \
-		f=$${f##*/}; f=$${f%.manifest}; \
-		echo "#!/bin/sh\ncd $(abspath $(RUNDIR)) && exec ./$$f.manifest \$$@" > $(GRAPHENEDIR)$$f; \
-		chmod +x $(GRAPHENEDIR)$$f; \
-	done
-	cd $(LINUXDIR) && for f in *; do \
-		if [ ! -f ../graphene/$$f ]; then cp $$f ../graphene/$$f; fi; \
-	done
-
-$(MANIFESTS): $(RUNDIR)%.manifest: $(RUNDIR)%.manifest.template $(LINUXDIR)%
-	$(MAKE) -C .. lmbench/$@ appdir=lmbench/
-
-$(addsuffix .template,$(MANIFESTS)): $(RUNDIR)%.manifest.template: manifest.template $(RUNDIR)
+$(LINUXDIR)Makefile: Makefile.lmbench
 	ln -sf ../../../$< $@
 
-$(RUNTIME_MANIFESTS): %.manifest: %.manifest.template
-	$(MAKE) -C .. lmbench/$@ appdir=lmbench/
+build-manifest: $(LINUXDIR) $(LINUXDIR)Makefile
+	$(MAKE) -C $(LINUXDIR)
 
-$(addsuffix .template,$(RUNTIME_MANIFESTS)): $(RUNDIR)%.manifest.template: %.manifest.template $(RUNDIR)
-	ln -sf ../../../$< $@
+ifeq ($(SYS),x86_64-linux-gnu)
 
-$(addprefix $(RUNDIR),$(LMBENCH_TESTS)): $(RUNDIR)%: $(LINUXDIR)%
-	ln -sf ../linux/$(notdir $@) $@
+$(lmbench_tests): $(LINUXDIR) build-manifest
 
-$(RUNDIR):
-	mkdir -p $@
+$(LINUXDIR): $(wildcard $(LMBENCHDIR)/src/*.c) $(wildcard $(LMBENCHDIR)/src/*.h)
+	$(MAKE) -C $(LMBENCHDIR)/src OS=linux
 
-ifeq ($(SYS),x86_64-linux-gnu)
-$(addprefix $(LINUXDIR),$(LMBENCH_TESTS)): \
-	$(wildcard $(LMBENCHDIR)/src/*.c) $(wildcard $(LMBENCHDIR)/src/*.h)
-	$(MAKE) -C $(LMBENCHDIR)/src OS=linux CC="gcc -g"
 .PHONY: pack
-$(addprefix host,$(HOST_BINARIES)):
+$(addprefix host,$(host_files)):
 	@echo "$(patsubst host%,%,$@) -> $@"
 	@mkdir -p $(dir $@)
 	@cp -LTrf $(patsubst host%,%,$@) $@
 
-pack: $(BINARIES)
+pack: $(host_files) $(lmbench_tests) $(manifests)
 	@../../../../../Scripts/pack_binaries.sh lmbench $^
+
 else
+
 all: $(addprefix /tmp/host,$(HOST_BINARIES))
 
 $(filter-out $(HOST_BINARIES),$(BINARIES)): .packed/lmbench.tar.gz
@@ -76,24 +50,21 @@ $(filter-out $(HOST_BINARIES),$(BINARIES)): .packed/lmbench.tar.gz
 
 $(addprefix /tmp/host,$(HOST_BINARIES)): .packed/lmbench.tar.gz
 	cd /tmp && tar -xmozf $(abspath $<) $(subst /tmp/,,$@)
+
 endif
 
-LMBENCHCONFIG = $(shell $(LMBENCHDIR)/scripts/config)
+lmbench_config = $(LINUXDIR)$(shell $(LMBENCHDIR)/scripts/config)
 
-$(LINUXDIR)$(LMBENCHCONFIG):
+$(lmbench_config):
 	cd $(LMBENCHDIR)/scripts && env OS=linux ./config-run
 
-/tmp/hello: $(LINUXDIR)hello
-	cp -f $< $@
-
-test-native: $(LINUXDIR) $(LINUXDIR)$(LMBENCHCONFIG) /tmp/hello
+test-native: $(lmbench_tests) $(lmbench_config)
 	cd $(LMBENCHDIR)/scripts && env OS=linux ./results
 
-$(RUNDIR)$(LMBENCHCONFIG): $(LINUXDIR)$(LMBENCHCONFIG)
-	sed -e "s/OS=\"linux\"/OS=\"graphene\"/g" $< > $@
-
-test-graphene: all $(RUNDIR)$(LMBENCHCONFIG) /tmp/hello
-	cd $(LMBENCHDIR)/scripts && env OS=graphene ./results
+test-graphene: all $(lmbench_config)
+	cd $(LMBENCHDIR)/scripts && \
+		env LOADER=./pal_loader OS=linux RESULTS=results/graphene \
+		./results
 
 clean-lmbench:
 	$(MAKE) -C $(LMBENCHDIR) clean

LibOS/shim/test/apps/lmbench/hello.manifest.template

@@ -0,0 +1,14 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:hello
+loader.env.LD_LIBRARY_PATH = /lib:/lib64
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+sys.brk.size = 32M
+sys.stack.size = 4M
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6

LibOS/shim/test/apps/lmbench/lmbench-2.5/scripts/lmbench

@@ -72,7 +72,7 @@ echo \[LOOP_O: ${LOOP_O}] 1>&2
 echo \[MB: ${MB}] 1>&2
 echo \[MHZ: ${MHZ}] 1>&2
 echo \[MOTHERBOARD: ${MOTHERBOARD}] 1>&2
-echo \[NETWORKS: ${NETWORKS}] 1>&2
+echo \[NETrunS: ${NETrunS}] 1>&2
 echo \[PROCESSORS: ${PROCESSORS}] 1>&2
 echo \[REMOTE: ${REMOTE}] 1>&2
 echo \[SLOWFS: ${SLOWFS}] 1>&2
@@ -115,114 +115,108 @@ then	echo "Can't make a file - $STAT - in $FSDIR" >> ${OUTPUT}
 	exit 1
 fi
 
-function work {
+function run {
 	echo "$@"
 	TMPOUT=/tmp/OUT
 	rm -rf $TMPOUT
-	"$@" 2>>$TMPOUT | tee -a $TMPOUT
+	$LOADER "$@" 2>>$TMPOUT | tee -a $TMPOUT
 	cat $TMPOUT 1>&2
 }
 
 date >> ${OUTPUT}
 echo Latency measurements >> ${OUTPUT}
 msleep 250
-work lat_syscall null
-work lat_syscall read
-work lat_syscall write
-work lat_syscall stat $STAT
-work lat_syscall fstat $STAT
-work lat_syscall open $STAT
+run lat_syscall null
+run lat_syscall read
+run lat_syscall write
+run lat_syscall stat $STAT
+run lat_syscall fstat $STAT
+run lat_syscall open $STAT
 
 #select file (500), select tcp (500)
-work lat_select file 500
-work lat_select tcp 500
+run lat_select file 500
+run lat_select tcp 500
 
 #sig install, sig_overhead, prot. Fault
-work lat_sig install
-work lat_sig catch
-work lat_sig prot lat_sig
+run lat_sig install
+run lat_sig catch
+run lat_sig prot lat_sig
 
 #AF_UNIX
 echo AF_UNIX socket latency >> ${OUTPUT}
 for i in $(eval echo "{1..$N_RUNS}")
-do	work lat_unix
+do	run lat_unix
 done
 
 #forks
 cp hello /tmp/hello
 for i in fork dfork vfork exec dforkexec shell
-do	work lat_proc $i
+do	run lat_proc $i
 done
-rm -f /tmp/hello 
+rm -f /tmp/hello
 
 for i in $(eval echo "{1..$N_RUNS}")
 do	rm -f $FILE
-	work lmdd label="File $FILE write bandwidth:" of=$FILE move=${MB}m fsync=1 print=3
+	run lmdd label="File $FILE write bandwidth:" of=$FILE move=${MB}m fsync=1 print=3
 done
 
-#work lat_pagefault $FILE
-#echo "" 1>&2
-#echo \"mappings 1>&2
-#for i in $ALL; do work lat_mmap $i $FILE; done
-#echo "" 1>&2
-
 #0,4,10KB create/delete
 date >> ${OUTPUT}
 	echo Calculating file system latency >> ${OUTPUT}
 	echo '"File system latency' 1>&2
-	work lat_fs $FSDIR
+	run lat_fs $FSDIR
 	echo "" 1>&2
 
 date >> ${OUTPUT}
-echo Local networking >> ${OUTPUT}
+echo Local netruning >> ${OUTPUT}
 
 echo UDP socket latency >> ${OUTPUT}
-work lat_udp -s &
+run lat_udp -s &
 sleep 3
 for i in $(eval echo "{1..$N_RUNS}")
-do	work lat_udp 127.0.0.1
+do	run lat_udp 127.0.0.1
 	sleep 1
 done
-work lat_udp -127.0.0.1
+run lat_udp -127.0.0.1
 sleep 3
 
 echo TCP socket latency >> ${OUTPUT}
-work lat_tcp -s &
+run lat_tcp -s &
 sleep 3
 for i in $(eval echo "{1..$N_RUNS}")
-do	work lat_tcp 127.0.0.1
+do	run lat_tcp 127.0.0.1
 	sleep 1
 done
-work lat_tcp -127.0.0.1
+run lat_tcp -127.0.0.1
 sleep 3
 
 echo TCP connect latency >> ${OUTPUT}
-work lat_connect -s &
+run lat_connect -s &
 sleep 3
-work lat_connect 127.0.0.1
+run lat_connect 127.0.0.1
 sleep 1
-work lat_connect -127.0.0.1
+run lat_connect -127.0.0.1
 sleep 3
 
 echo TCP socket bandwidth >> ${OUTPUT}
-work bw_tcp -s &
+run bw_tcp -s &
 sleep 3
 for i in $(eval echo "{1..$N_RUNS}")
-do	work bw_tcp 127.0.0.1
+do	run bw_tcp 127.0.0.1
 	sleep 1
 done
-work bw_tcp -127.0.0.1
+run bw_tcp -127.0.0.1
 sleep 3
 
 date >> ${OUTPUT}
 echo Bandwidth measurements >> ${OUTPUT}
 
 for i in $(eval echo "{1..$N_RUNS}")
-do	work bw_unix
+do	run bw_unix
 done
 
 for i in $(eval echo "{1..$N_RUNS}")
-do	work bw_pipe
+do	run bw_pipe
 done
 
 date >> ${OUTPUT}
@@ -238,7 +232,7 @@ fi
 	
 for size in $CTX
 do	for i in $(eval echo "{1..$N_RUNS}")
-	do	work lat_ctx -s $size $N
+	do	run lat_ctx -s $size $N
 	done
 done
 
@@ -248,8 +242,8 @@ msleep 250
 echo "" 1>&2
 echo "Memory load latency" 1>&2
 if [ X$FASTMEM = XYES ]
-then	work lat_mem_rd $MB 128
-else	work lat_mem_rd $MB 16 32 64 128 256 512 1024 
+then	run lat_mem_rd $MB 128
+else	run lat_mem_rd $MB 16 32 64 128 256 512 1024 
 fi
 date >> ${OUTPUT}
 echo '' 1>&2
@@ -261,51 +255,51 @@ msleep 250
 
 echo "" 1>&2
 echo \"read bandwidth 1>&2
-for i in $ALL; do work bw_file_rd $i io_only $FILE; done
+for i in $ALL; do run bw_file_rd $i io_only $FILE; done
 echo "" 1>&2
 
 echo "" 1>&2
 echo \"read open2close bandwidth 1>&2
-for i in $ALL; do work bw_file_rd $i open2close $FILE; done
+for i in $ALL; do run bw_file_rd $i open2close $FILE; done
 echo "" 1>&2
 
 echo \"Mmap read bandwidth 1>&2
-for i in $ALL; do work bw_mmap_rd $i mmap_only $FILE; done
+for i in $ALL; do run bw_mmap_rd $i mmap_only $FILE; done
 echo "" 1>&2
 
 echo \"Mmap read open2close bandwidth 1>&2
-for i in $ALL; do work bw_mmap_rd $i open2close $FILE; done
+for i in $ALL; do run bw_mmap_rd $i open2close $FILE; done
 echo "" 1>&2
 rm -f $FILE
 
 echo \"libc bcopy unaligned 1>&2
-for i in $HALF; do work bw_mem $i bcopy; done; echo "" 1>&2
+for i in $HALF; do run bw_mem $i bcopy; done; echo "" 1>&2
 
 echo \"libc bcopy aligned 1>&2
-for i in $HALF; do work bw_mem $i bcopy conflict; done; echo "" 1>&2
+for i in $HALF; do run bw_mem $i bcopy conflict; done; echo "" 1>&2
 
 echo \"unrolled bcopy unaligned 1>&2
-for i in $HALF; do work bw_mem $i fcp; done; echo "" 1>&2
+for i in $HALF; do run bw_mem $i fcp; done; echo "" 1>&2
 
 echo \"unrolled partial bcopy unaligned 1>&2
-for i in $HALF; do work bw_mem $i cp; done; echo "" 1>&2
+for i in $HALF; do run bw_mem $i cp; done; echo "" 1>&2
 
 echo "Memory read bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i frd; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i frd; done; echo "" 1>&2
 
 echo "Memory partial read bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i rd; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i rd; done; echo "" 1>&2
 
 echo "Memory write bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i fwr; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i fwr; done; echo "" 1>&2
 
 echo "Memory partial write bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i wr; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i wr; done; echo "" 1>&2
 
 echo "Memory partial read/write bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i rdwr; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i rdwr; done; echo "" 1>&2
 
 echo "Memory bzero bandwidth" 1>&2
-for i in $ALL; do work bw_mem $i bzero; done; echo "" 1>&2
+for i in $ALL; do run bw_mem $i bzero; done; echo "" 1>&2
 
 exit 0

LibOS/shim/test/apps/lmbench/lmbench-2.5/scripts/results

@@ -5,8 +5,12 @@
 if [ -z "$OS" ]; then
 	OS=`../scripts/os`
 fi
-CONFIG=`../scripts/config`
-RESULTS=results/$OS
+if [ -z "$CONFIG" ]; then
+	CONFIG=`../scripts/config`
+fi
+if [ -z "$RESULTS" ]; then
+	RESULTS=results/$OS
+fi
 BASE=../$RESULTS/`uname -n`
 EXT=0
 

LibOS/shim/test/apps/lmbench/manifest.template

@@ -1,38 +1,43 @@
-#!$(PAL)
-
 loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(BIN)
 loader.env.LD_LIBRARY_PATH = /lib:/lib64
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.tmp1.type = chroot
-fs.mount.other.tmp1.path = /tmp
-fs.mount.other.tmp1.uri = file:/tmp
-
-fs.mount.other.tmp2.type = chroot
-fs.mount.other.tmp2.path = /var/tmp
-fs.mount.other.tmp2.uri = file:/var/tmp
+fs.mount.tmp1.type = chroot
+fs.mount.tmp1.path = /tmp
+fs.mount.tmp1.uri = file:/tmp
 
-fs.mount.other.lib.type = chroot
-fs.mount.other.lib.path = /lib
-fs.mount.other.lib.uri = file:$(GLIBCDIR)
+fs.mount.tmp2.type = chroot
+fs.mount.tmp2.path = /var/tmp
+fs.mount.tmp2.uri = file:/var/tmp
 
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin/sh
-fs.mount.other.bin.uri = file:$(HOSTDIR)/bin/sh
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
 
-fs.mount.other.inc.type = chroot
-fs.mount.other.inc.path = /usr/include/x86_64-linux-gnu/sys/types.h
-fs.mount.other.inc.uri = file:$(HOSTDIR)/usr/include/x86_64-linux-gnu/sys/types.h
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin/sh
+fs.mount.bin.uri = file:/bin/sh
 
-fs.mount.other.tmp3.type = chroot
-fs.mount.other.tmp3.path = /tmp/hello
-fs.mount.other.tmp3.uri = file:../linux/hello
+fs.mount.inc.type = chroot
+fs.mount.inc.path = /usr/include/x86_64-linux-gnu/sys/types.h
+fs.mount.inc.uri = file:/usr/include/x86_64-linux-gnu/sys/types.h
 
 net.allow_bind.1 = 0.0.0.0:31233-31237
 net.allow_bind.2 = 0.0.0.0:34297-34298
 net.allow_peer.1 = 127.0.0.1:0-65535
 
+sys.brk.size = 32M
+sys.stack.size = 4M
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.sh = file:/bin/sh
+
+sgx.allowed_files.tmp1 = file:/tmp
+sgx.allowed_files.tmp2 = file:/var/tmp
+sgx.allowed_files.inc = file:/usr/include/x86_64-linux-gnu/sys/types.h
+
+sgx.trusted_children.sh = file:sh.sig

LibOS/shim/test/apps/lmbench/sh.manifest.template

@@ -0,0 +1,33 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/sh
+loader.env.LD_LIBRARY_PATH = /lib:/lib64
+loader.debug_type = none
+
+fs.mount.tmp1.type = chroot
+fs.mount.tmp1.path = /tmp
+fs.mount.tmp1.uri = file:/tmp
+
+fs.mount.tmp2.type = chroot
+fs.mount.tmp2.path = /var/tmp
+fs.mount.tmp2.uri = file:/var/tmp
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.inc.type = chroot
+fs.mount.inc.path = /usr/include/x86_64-linux-gnu/sys/types.h
+fs.mount.inc.uri = file:/usr/include/x86_64-linux-gnu/sys/types.h
+
+net.allow_bind.1 = 0.0.0.0:31233-31237
+net.allow_bind.2 = 0.0.0.0:34297-34298
+net.allow_peer.1 = 127.0.0.1:0-65535
+
+sys.brk.size = 32M
+sys.stack.size = 4M
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0

LibOS/shim/test/apps/make/Makefile

@@ -1,19 +1,22 @@
-manifests = make.manifest make-huge.manifest make-local.manifest
+manifests = make.manifest make-huge.manifest
 
 graphene_dirs = LibOS/shim/src LibOS/shim/include Pal/lib Pal/include Pal/src
 graphene_target = $(addprefix graphene/,$(graphene_dirs))
 graphene_libs = $(addprefix graphene/Pal/src/,libpal.so libpal.a)
 
-all debug: $(manifests) configure $(graphene_target) $(graphene_libs)
+target = configure $(graphene_target) $(graphene_libs)
+exec_target = $(manifests)
+
+clean-extra = clean-tests
+
+level = ../../
+include ../../Makefile
 
 test_tarballs = oggenc-1.4 bzip2-1.0.6
 test_targets = $(test_tarballs) helloworld graphene
 
 make_src = make-3.82
 
-make-local: $(make_src)/make
-	cp $< make-local
-
 $(make_src) $(test_tarballs): %: %.tar.gz
 	[ -d $@ ] || tar -zxf $<
 
@@ -28,11 +31,6 @@ $(graphene_libs): graphene/%: ../../../../../%
 	mkdir -p $(dir $@)
 	ln -sf $(shell readlink -f $<) $@
 
-test: all $(test_targets)
-
-$(manifests): %: %.template
-	$(MAKE) -C .. make/$@ appdir=make/
-
 configure: $(test_targets)
 	for d in $(test_targets); do \
 		if [ ! -f $$d/Makefile ] && [ -f $$d/configure ]; then \
@@ -40,13 +38,8 @@ configure: $(test_targets)
 		fi; \
 	done
 
-clean: clean-manifests clean-tests
-
 distclean: clean-manifests clean-tests
 	rm -rf $(make_src) $(MAKE) result $(test_tarballs) $(graphene_target) $(graphene_libs)
 
-clean-manifests:
-	rm -rf $(manifests)
-
 clean-tests:
 	for d in $(test_targets); do ([ ! -d $$d ] || $(MAKE) -C $$d clean); done

LibOS/shim/test/apps/make/make-local.manifest.template

@@ -1,40 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:make-local
-loader.execname = make-local
-loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu
-loader.env.PATH = /bin:/usr/bin
-loader.exclude_env = USERNAME,HOME,PWD
-loader.debug_type = none
-
-fs.start_dir = $(PWD)
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-fs.mount.other.tmp.type = chroot
-fs.mount.other.tmp.path = /tmp
-fs.mount.other.tmp.uri = file:/tmp
-
-fs.mount.other.pwd.type = chroot
-fs.mount.other.pwd.path = $(PWD)
-fs.mount.other.pwd.uri = file:
-
-sys.brk.size = 262144  # 256K

LibOS/shim/test/apps/openjdk/Makefile

@@ -4,15 +4,18 @@ ifeq ($(OS),Linux)
 	NPROCS := $(shell grep -c ^processor /proc/cpuinfo)
 endif
 
-TEST_CLASS = $(patsubst %.java,%,$(wildcard classes/*.java))
-
-target = java test java.manifest
+target = build-java $(patsubst %.java,%.class,$(wildcard classes/*.java))
 exec_target = java.manifest
+
 clean-extra = clean-classes
 
+extra_rules = -e 's:\$$(PAL):../pal_loader:g' -e 's:\$$(JAVA_HOME):$(JAVA_HOME):g'
+
 level = ../../
 include ../../Makefile
 
+TEST_CLASS = $(patsubst %.java,%,$(wildcard classes/*.java))
+
 USE_UBUNTU_SRC = no
 VERSION := 7
 
@@ -94,7 +97,6 @@ INSTALL_DIR = $(JAVA_DIR)/build/linux-amd64
 JRE_DIR = $(INSTALL_DIR)/j2sdk-image/jre
 JDK_DIR = $(INSTALL_DIR)/j2sdk-image
 JAVAC = $(JDK_DIR)/bin/javac
-TARGET = $(JAVA_HOME)/bin/java $(JAVAC)
 
 $(JRE_DIR)/bin/java $(JAVAC): $(JAVA_SRC)
 	cd $(JAVA_DIR) && \
@@ -126,12 +128,7 @@ distclean: clean
 
 endif
 
-java: $(TARGET)
-test: $(addsuffix .class,$(TEST_CLASS))
-
-%.manifest: %.manifest.template
-	$(MAKE) -C .. openjdk/$@ appdir=openjdk/ \
-		extra_rules="-e 's:\\\$$\$$(JAVA_HOME):$(JAVA_HOME):g'"
+build-java: $(JAVA_HOME)/bin/java $(JAVAC)
 
 java_home:
 	@echo $(JAVA_HOME)

LibOS/shim/test/apps/openjdk/java.manifest.template

@@ -7,25 +7,40 @@ loader.env.LD_LIBRARY_PATH = /jre/lib/amd64:/jre/lib/amd64/jli:/lib:/lib/x86_64-
 loader.env.PATH = /jre/bin:/bin:/usr/bin
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:classes
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.jre.type = chroot
+fs.mount.jre.path = /jre
+fs.mount.jre.uri = file:$(JAVA_HOME)
 
-fs.mount.other.jre.type = chroot
-fs.mount.other.jre.path = /jre
-fs.mount.other.jre.uri = file:$(JAVA_HOME)
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
 sys.stack.size = 256K
 sys.brk.size = 16M
 glibc.heap_size = 16M
+
+sgx.enclave_size = 512M
+sgx.thread_num = 16
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.librt = file:/lib/x86_64-linux-gnu/librt.so.1
+sgx.trusted_files.libgcc = file:/lib/x86_64-linux-gnu/libgcc_s.so.1
+sgx.trusted_files.libcpp = file:/usr/lib/x86_64-linux-gnu/libstdc++.so.6
+sgx.trusted_files.libnss1 = file:/lib/x86_64-linux-gnu/libnss_compat.so.2
+sgx.trusted_files.libnss2 = file:/lib/x86_64-linux-gnu/libnss_files.so.2
+sgx.trusted_files.libnsl = file:/lib/x86_64-linux-gnu/libnsl.so.1
+
+sgx.allowed_files.java_home = file:$(JAVA_HOME)
+sgx.allowed_files.classes = file:classes

LibOS/shim/test/apps/openjdk/run-bench

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-JAVA_FLAGS="-Xmx16m -Xss4m -XX:+UseSerialGC -XX:+DisableExplicitGC -XX:MaxPermSize=0"
-BENCH_ARGS="-jar jmh/target/benchmarks.jar -wi 3 -i 10 -f 0 -tu us -Djmh.ignoreLock=true"
-
-if [ "$1" = "-gdb" ]; then
-	shift
-	gdb --args ../libpal.so java.manifest $JAVA_FLAGS $* $BENCH_ARGS
-elif [ "$1" = "-native" ]; then
-	shift
-	`make java_home`/bin/java $JAVA_FLAGS $* $BENCH_ARGS
-else
-	./java.manifest $JAVA_FLAGS $* $BENCH_ARGS
-fi

LibOS/shim/test/apps/openjdk/run-java

@@ -1,13 +1,11 @@
 #!/bin/bash
 
-JAVA_FLAGS="-Xmx4m -Xms1m -XX:NewSize=256k -XX:MaxNewSize=1m -Xss1m -XX:+UseSerialGC -XX:-UsePerfData -XX:+DisableExplicitGC -XX:PermSize=1m -XX:MaxPermSize=4m -XX:MinHeapFreeRatio=0 -XX:MaxHeapFreeRatio=30"
+JAVA_FLAGS="-Xmx4m -Xms1m -XX:NewSize=256k -XX:MaxNewSize=1m -Xss1m -XX:+UseSerialGC -XX:-UsePerfData -XX:+DisableExplicitGC -XX:PermSize=4m -XX:MaxPermSize=16m -XX:MinHeapFreeRatio=0 -XX:MaxHeapFreeRatio=30 -XX:-UseCompiler"
 
+PAL=../pal_loader
 if [ "$1" = "-native" ]; then
 	shift
-	`make java_home`/bin/java $JAVA_FLAGS $*
-elif [ "$1" = "-gdb" ]; then
-	shift
-	./java.manifest -gdb $JAVA_FLAGS $*
-else
-	./java.manifest $JAVA_FLAGS $*
+	PAL=
 fi
+
+exec $PAL `make java_home`/bin/java $JAVA_FLAGS $*

LibOS/shim/test/apps/pal_loader

@@ -1,6 +1,7 @@
 #!/bin/bash
 
-PAL_DIR=$(readlink -f $(dirname ${BASH_SOURCE[0]})/../../../../Pal/src)
+PAL_LOADER=$(readlink -f ${BASH_SOURCE[0]})
+PAL_DIR=$(readlink -f $(dirname $PAL_LOADER)/../../../../Pal/src)
 PAL=$PAL_DIR/pal
 PAL_SEC=$PAL_DIR/pal_sec
 
@@ -9,7 +10,11 @@ GDB_CMD=
 PAL_CMD=$PAL
 
 if [ "$GDB" == "1" ]; then
-	GDB_CMD="gdb --args"
+	GDB="gdb"
+fi
+
+if [ "$GDB" != "" ] && [ "$GDB" != "0" ]; then
+	GDB_CMD="$GDB --args"
 fi
 
 if [ "$SEC" == "1" ]; then

LibOS/shim/test/apps/python/Makefile

@@ -1,18 +1,18 @@
-manifest = python$(if $(LOCAL),-local,).manifest
+PYTHON_SRC = Python-2.7.9
+PYTHON_INSTALL = $(PYTHON_SRC)/build
+
+manifests = python.manifest
 
 target = benchmarks
-exec_target = $(manifest)
-clean-extra = clean-local
+exec_target = $(manifests)
+
+extra_rules = \
+	-e 's:\$$(PAL):../pal_loader:g' \
+	-e 's:\$$(PYTHONDIR):$(PYTHON_INSTALL)/:g'
 
 level = ../../
 include ../../Makefile
 
-local:
-	make LOCAL=1
-
-PYTHON_SRC = Python-2.7.9
-PYTHON_INSTALL = $(PYTHON_SRC)/build
-
 $(PYTHON_INSTALL)/bin/python: $(PYTHON_SRC)/Makefile
 	cd $(PYTHON_SRC) && $(MAKE)
 	cd $(PYTHON_SRC) && $(MAKE) install
@@ -24,29 +24,10 @@ $(PYTHON_SRC)/Makefile: $(PYTHON_SRC)/configure
 $(PYTHON_SRC)/configure: $(PYTHON_SRC).tgz
 	tar -xzf $<
 
-test_targets =  testsamplebash
-
-test: all $(test_targets)
-
-python.manifest: python.manifest.template
-	$(MAKE) -C .. python/$@ appdir=python/
-
-python-local.manifest: python-local.manifest.template $(PYTHON_INSTALL)/bin/python
-	$(MAKE) -C .. python/$@ appdir=python/ \
-		extra_rules="-e 's:\\\$$\$$(PYTHONDIR):$(shell readlink -f $(PYTHON_INSTALL))/:g'"
-
 benchmarks: benchmarks.tar.gz
 	tar -xzf $<
 
 BENCHMARK = all,-rietveld,-spitfire,-tornado_http
 
-test-graphene: benchmarks
-	cd benchmarks && ./perf.py -b $(BENCHMARK) --csv ../results.csv /usr/bin/python $(PWD)/python.manifest
-
 distclean: clean
 	rm -rf $(PYTHON_SRC) benchmarks
-
-clean-local:
-ifneq ($(LOCAL),1)
-	make clean LOCAL=1
-endif

LibOS/shim/test/apps/python/python-local.manifest.template

@@ -1,40 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(PYTHONDIR)bin/python
-loader.execname = python
-loader.env.LD_LIBRARY_PATH = $(PYTHONDIR)lib:/graphene:/host:/usr/lib:/usr/lib/x86_64-linux-gnu
-loader.env.PATH = $(PYTHONDIR)/bin:/usr/bin:/bin
-loader.env.USERNAME =
-loader.env.HOME =
-loader.env.PWD =
-loader.env.PYTHONPATH = $(PYTHONDIR)bin/python
-loader.env.PYTHONHOME = $(PYTHONDIR)
-loader.debug_type = none
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.python.type = chroot
-fs.mount.other.python.path = $(PYTHONDIR)
-fs.mount.other.python.uri = file:$(PYTHONDIR)
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /graphene
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /host
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-sys.stack.size = 256K
-sys.brk.size = 4M
-glibc.heap_size = 16M

LibOS/shim/test/apps/python/python.manifest.template

@@ -10,25 +10,33 @@ loader.env.HOME =
 loader.env.PWD =
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /graphene
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /graphene
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /host
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /host
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
 
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
 sys.stack.size = 256K
 sys.brk.size = 4M
 glibc.heap_size = 16M
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.liburil = file:$(LIBCDIR)/libutil.so.1
+sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
+
+sgx.allowed_files.pyhome = file:/usr/lib/python2.7
+sgx.allowed_files.scripts = file:scripts

LibOS/shim/test/apps/r/Makefile

@@ -1,18 +1,18 @@
-manifest = R$(if $(LOCAL),-local,).manifest
+R_SRC = R-3.1.2
+R_INSTALL = $(R_SRC)/build
+
+manifests = R.manifest $(if $(wildcard R-local),R-local.manifest,)
 
 target =
-exec_target = $(manifest)
-clean-extra = clean-local
+exec_target = $(manifests)
+
+extra_rules = \
+	-e 's:\$$(PAL):../pal_loader:g' \
+	-e 's:\$$(RDIR):$(R_INSTALL)/lib/R/:g'
 
 level = ../../
 include ../../Makefile
 
-local:
-	make LOCAL=1
-
-R_SRC = R-3.1.2
-R_INSTALL = $(R_SRC)/build
-
 $(R_INSTALL)/lib/R/bin/exec/R: $(R_SRC)/Makefile
 	cd $(R_SRC) && $(MAKE)
 	cd $(R_SRC) && $(MAKE) install
@@ -24,21 +24,5 @@ $(R_SRC)/Makefile: $(R_SRC)/configure
 $(R_SRC)/configure: $(R_SRC).tar.gz
 	tar -xzf $<
 
-test_targets =
-
-test: all $(test_targets)
-
-R.manifest: R.manifest.template
-	$(MAKE) -C .. r/$@ appdir=r/
-
-R-local.manifest: R-local.manifest.template $(R_INSTALL)/lib/R/bin/exec/R
-	$(MAKE) -C .. r/$@ appdir=r/ \
-		extra_rules="-e 's:\\\$$\$$(RDIR):$(shell readlink -f $(R_INSTALL)/lib/R)/:g'"
-
 distclean: clean
 	rm -rf $(R_SRC)
-
-clean-local:
-ifneq ($(LOCAL),1)
-	make clean LOCAL=1
-endif

LibOS/shim/test/apps/r/R-local.manifest.template

@@ -1,47 +0,0 @@
-#!$(PAL)
-
-loader.preload = file:$(SHIMPATH)
-loader.exec = file:$(RDIR)/bin/exec/R
-loader.execname = $(RDIR)/bin/exec/R
-loader.env.LD_LIBRARY_PATH = $(RDIR)/lib:/lib:/lib/x86_64-linux-gnu:/usr/lib:/usr/lib/x86_64-linux-gnu
-loader.env.PATH = $(RDIR)/bin:/usr/bin:/bin
-loader.env.USERNAME =
-loader.env.HOME =
-loader.env.PWD =
-loader.env.R_ARCH =
-loader.env.R_HOME = $(RDIR)
-loader.env.R_SHARE_DIR = $(RDIR)/share
-loader.env.R_INCLUDE_DIR = $(RDIR)/include
-loader.env.R_DOC_DIR = $(RDIR)/doc
-loader.debug_type = none
-
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.other.r.type = chroot
-fs.mount.other.r.path = $(RDIR)
-fs.mount.other.r.uri = file:$(RDIR)
-
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
-
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
-
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
-
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.tmp.type = chroot
-fs.mount.other.tmp.path = /tmp
-fs.mount.other.tmp.uri = file:
-
-sys.stack.size = 256K
-sys.brk.size = 4M
-glibc.heap_size = 16M

LibOS/shim/test/apps/r/R.manifest.template

@@ -15,29 +15,46 @@ loader.env.R_INCLUDE_DIR = /usr/share/R/include
 loader.env.R_DOC_DIR = /usr/share/R/doc
 loader.debug_type = none
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib1.type = chroot
+fs.mount.lib1.path = /lib
+fs.mount.lib1.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib1.type = chroot
-fs.mount.other.lib1.path = /lib
-fs.mount.other.lib1.uri = file:$(GLIBCDIR)
+fs.mount.lib2.type = chroot
+fs.mount.lib2.path = /lib/x86_64-linux-gnu
+fs.mount.lib2.uri = file:/lib/x86_64-linux-gnu
 
-fs.mount.other.lib2.type = chroot
-fs.mount.other.lib2.path = /lib/x86_64-linux-gnu
-fs.mount.other.lib2.uri = file:/lib/x86_64-linux-gnu
+fs.mount.usr.type = chroot
+fs.mount.usr.path = /usr
+fs.mount.usr.uri = file:/usr
 
-fs.mount.other.usr.type = chroot
-fs.mount.other.usr.path = /usr
-fs.mount.other.usr.uri = file:/usr
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
 
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
-
-fs.mount.other.tmp.type = chroot
-fs.mount.other.tmp.path = /tmp
-fs.mount.other.tmp.uri = file:
+fs.mount.tmp.type = chroot
+fs.mount.tmp.path = /tmp
+fs.mount.tmp.uri = file:/tmp
 
 sys.stack.size = 256K
 sys.brk.size = 4M
 glibc.heap_size = 16M
+
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.libutil = file:$(LIBCDIR)/libutil.so.1
+sgx.trusted_files.librt = file:/lib/x86_64-linux-gnu/librt.so.1
+sgx.trusted_files.libreadline = file:/lib/x86_64-linux-gnu/libreadline.so.6
+sgx.trusted_files.libpcre = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.liblzma = file:/lib/x86_64-linux-gnu/liblzma.so.5
+sgx.trusted_files.libz2 = file:/lib/x86_64-linux-gnu/libbz2.so.1.0
+sgx.trusted_files.libz = file:/lib/x86_64-linux-gnu/libz.so.1
+sgx.trusted_files.libtinfo = file:/lib/x86_64-linux-gnu/libtinfo.so.5
+sgx.trusted_files.libgomp = file:/usr/lib/x86_64-linux-gnu/libgomp.so.1
+sgx.trusted_files.libR = file:/usr/lib/libR.so
+sgx.trusted_files.libblas = file:/usr/lib/libblas.so.3
+
+sgx.allowed_files.rhome = file:/usr/lib/R
+sgx.allowed_files.scripts = file:scripts

LibOS/shim/test/apps/r/run-R

@@ -1,10 +0,0 @@
-#!/bin/bash
-
-R_FLAGS="-no-save -f"
-
-if [ "$1" = "-native" ]; then
-	shift
-	R $R_FLAGS $*
-else
-	./R.manifest $R_FLAGS $*
-fi

LibOS/shim/test/inline/.gitignore

@@ -0,0 +1,5 @@
+*
+!*.c
+!*.cpp
+!*.template
+!Makefile*

LibOS/shim/test/native/.gitignore

@@ -0,0 +1,5 @@
+*
+!*.c
+!*.cpp
+!*.template
+!Makefile*

LibOS/shim/test/native/.packed/test.sha384

@@ -1 +1 @@
-alarm brk clone condvar.pthread cpuinfo dir divzero dup epoll epoll_socket errno exec exec_fork exec_victim file fork fork_bomb fork_exec fs futextest.pthread get_time.m helloworld helloworld.pthread kill malloc meminfo msg_create msg_create.libos msg_send msg_send.libos multiproc multisleep pid_alloc pid_kill pie pipe pipe_latency proc readdir rename sandbox_create.libos script sem sleep socketpair sqrt.m static sync.pthread system tcp time udp unix vfork vfork_exec 9a626f937e9e046299e96c5c730fea876c426178db3fdbd4028aef89846fcdea1628dd074cd89b3b651e2cbe77517ad0
+alarm brk clone condvar.pthread cpuinfo dir divzero dup epoll epoll_socket errno exec exec_fork exec_victim file fork fork_bomb fork_exec fs futextest.pthread get_time.m helloworld helloworld.pthread kill malloc meminfo msg_create msg_create.libos msg_send msg_send.libos multiproc multisleep pid_alloc pid_kill pie pipe pipe_latency proc readdir rename sandbox_create.libos script sem sleep socketpair sqrt.m start.pthread.m static sync.pthread system tcp test_start_pthread_m.m time udp unix vfork vfork_exec 3c639d63c9ff0015a3841d70bb63af6b9ae969d9130b6a3ab6820100d0c8fac53cb0605f9137cc253be503dbeaadc38d

LibOS/shim/test/native/Makefile

@@ -1,22 +1,15 @@
-CFLAGS-libos = -L../../../build/libos -I../../include
-
 special_executables = static pie
 c_executables = $(filter-out $(special_executables),$(patsubst %.c,%,$(wildcard *.c)))
 cxx_executables = $(patsubst %.cpp,%,$(wildcard *.cpp))
+manifests = $(patsubst %.template,%,$(wildcard *.manifest.template))
 
-exec_target = $(special_executables) $(c_executables) $(cxx_executables)
-target = $(exec_target) manifest static.manifest pal pal_sec
+exec_target = $(special_executables) $(c_executables) $(cxx_executables) ls.manifest
+target = $(exec_target) $(manifests) pal pal_sec
 
 level = ../
 include ../Makefile
 
-manifest: manifest.template
-	rm -rf $@
-	cp $@.template $@
-
-%.manifest: %.manifest.template
-	rm -rf $@
-	cp $@.template $@
+CFLAGS-libos = -I$(SHIMDIR)/../include -L$(LIBCDIR)/libos
 
 ifeq ($(SYS),x86_64-linux-gnu)
 $(c_executables): %: %.c
@@ -26,7 +19,7 @@ $(c_executables): %: %.c
 
 $(cxx_executables): %: %.cpp
 	@echo [ $@ ]
-	@$(CC) $(CFLAGS) -o $@ $< \
+	@$(CC) $(CFLAGS) $(if $(findstring .libos,$@),$(CFLAGS-libos),) -o $@ $< \
 	$(shell echo $@ | sed 's/^[^\.]*//g' | sed 's/\./ -l/g')
 
 static: %: %.c

LibOS/shim/test/native/exec_victim.manifest.template

@@ -0,0 +1,19 @@
+loader.preload = file:$(SHIMPATH)
+loader.env.LD_LIBRARY_PATH = /lib
+loader.debug_type = inline
+loader.syscall_symbol = syscalldb
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+sys.brk.size = 32M
+sys.stack.size = 4M
+
+# sgx-related
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6

LibOS/shim/test/native/ls.manifest.template

@@ -0,0 +1,30 @@
+loader.preload = file:$(SHIMPATH)
+loader.exec = file:/bin/ls
+loader.env.LD_LIBRARY_PATH = /lib:/lib/x86_64-linux-gnu
+loader.debug_type = none
+
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
+
+fs.mount.hostlib.type = chroot
+fs.mount.hostlib.path = /lib/x86_64-linux-gnu
+fs.mount.hostlib.uri = file:/lib/x86_64-linux-gnu
+
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
+
+# allow to bind on port 8000
+net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
+# allow to connect to port 8000
+net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
+
+# sgx-related
+sgx.trusted_files.ld.uri = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc.uri = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl.uri = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libselinux.uri = file:/lib/x86_64-linux-gnu/libselinux.so.1
+sgx.trusted_files.libacl.uri = file:/lib/x86_64-linux-gnu/libacl.so.1
+sgx.trusted_files.libpcre.uri = file:/lib/x86_64-linux-gnu/libpcre.so.3
+sgx.trusted_files.libattr.uri = file:/lib/x86_64-linux-gnu/libattr.so.1

LibOS/shim/test/native/manifest.template

@@ -1,22 +1,29 @@
-loader.preload = file:../../src/libsysdb.so
+loader.preload = file:$(SHIMPATH)
 loader.env.LD_LIBRARY_PATH = /lib
 loader.debug_type = inline
 loader.syscall_symbol = syscalldb
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)
 
-fs.mount.other.lib.type = chroot
-fs.mount.other.lib.path = /lib
-fs.mount.other.lib.uri = file:../../../build
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
 
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
+sys.brk.size = 32M
+sys.stack.size = 4M
 
 # allow to bind on port 8000
 net.allow_bind.1 = 127.0.0.1:8000
 # allow to connect to port 8000
 net.allow_peer.1 = 127.0.0.1:8000
 
-# sys.ask_for_checkpoint = 1
+# sgx-related
+sgx.trusted_files.ld = file:$(LIBCDIR)/ld-linux-x86-64.so.2
+sgx.trusted_files.libc = file:$(LIBCDIR)/libc.so.6
+sgx.trusted_files.libdl = file:$(LIBCDIR)/libdl.so.2
+sgx.trusted_files.libm = file:$(LIBCDIR)/libm.so.6
+sgx.trusted_files.libpthread = file:$(LIBCDIR)/libpthread.so.0
+sgx.trusted_files.victim = file:exec_victim
+sgx.trusted_children.victim = file:exec_victim.sig

LibOS/shim/test/native/start.pthread.m.c

@@ -0,0 +1,48 @@
+/* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
+/* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/time.h>
+#include <math.h>
+#include <pthread.h>
+
+#define OVERHEAD_TIMES  30000
+
+double my_sqrt(double num)
+{
+    return sqrt(num);
+}
+
+pthread_t my_pthread_self(void)
+{
+    return pthread_self();
+}
+
+int main (int argc, char ** argv, char ** envp)
+{
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+
+    if (argc < 2)
+        return -1;
+
+    unsigned long long msec1 = atoll(argv[1]);
+    unsigned long long msec2 = tv.tv_sec * 1000000ULL + tv.tv_usec;
+
+    struct timeval tv1, tv2;
+    gettimeofday(&tv1, NULL);
+    for (int j = 0 ; j < OVERHEAD_TIMES ; j++)
+        gettimeofday(&tv, NULL);
+    gettimeofday(&tv2, NULL);
+    unsigned long long msec3 = tv1.tv_sec * 1000000ULL + tv1.tv_usec;
+    unsigned long long msec4 = tv2.tv_sec * 1000000ULL + tv2.tv_usec;
+    unsigned long long overhead = (msec4 - msec3) / OVERHEAD_TIMES;
+
+    printf("%llu\n", msec2 - msec1 - overhead);
+
+    my_sqrt(1.0);
+    my_sqrt(2.0);
+    my_pthread_self();
+    return 0;
+}

LibOS/shim/test/native/static.manifest.template

@@ -1,14 +1,7 @@
-loader.preload = file:../../src/libsysdb.so
+loader.preload = file:$(SHIMPATH)
 loader.env.LD_LIBRARY_PATH = /lib
 loader.debug_type = inline
-# loader.debug_type = file
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
-
-fs.mount.tty.type = chroot
-fs.mount.tty.uri = dev:tty
-
-fs.mount.other.1.type = chroot
-fs.mount.other.1.path = /lib
-fs.mount.other.1.uri = file:../../../build
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:$(LIBCDIR)

LibOS/shim/test/native/test_start_pthread_m.m.c

@@ -0,0 +1,112 @@
+/* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
+/* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <math.h>
+
+/*
+ *  USAGE:
+ *      ./test_start [prefixes to the program ...]
+ *
+ *  EXAMPLES:
+ *      ./test_start                => native start time
+ *      ./test_start ./libpal.so    => graphene start time
+ */
+
+#define OVERHEAD_TIMES  30000
+#define TEST_TIMES      30
+
+void get_time (char * time_arg, unsigned long overhead)
+{
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+    unsigned long long msec = tv.tv_sec * 1000000ULL + tv.tv_usec;
+    snprintf(time_arg, 30, "%llu", msec + overhead);
+}
+
+int main (int argc, char ** argv, char ** envp)
+{
+    char * new_argv[argc + 2];
+    char time_arg[30];
+
+    for (int i = 1 ; i < argc ; i++)
+        new_argv[i - 1] = argv[i];
+
+    new_argv[argc - 1] = "./start.pthread.m";
+    new_argv[argc]     = time_arg;
+    new_argv[argc + 1] = NULL;
+
+    unsigned long long times[TEST_TIMES];
+    unsigned long long sum = 0, ssum = 0;
+    memset(times, 0, sizeof(times));
+
+    for (int i = 1 ; i < TEST_TIMES ; i++) {
+        int pipes[2];
+        if (pipe(pipes) < 0)
+            break;
+
+        pid_t pid = fork();
+
+        if (pid < 0)
+            break;
+
+        if (!pid) {
+            struct timeval tv1, tv2;
+            gettimeofday(&tv1, NULL);
+            for (int j = 0 ; j < OVERHEAD_TIMES ; j++)
+                get_time(time_arg, 0);
+            gettimeofday(&tv2, NULL);
+            unsigned long long msec1 = tv1.tv_sec * 1000000ULL + tv1.tv_usec;
+            unsigned long long msec2 = tv2.tv_sec * 1000000ULL + tv2.tv_usec;
+            unsigned long long overhead = (msec2 - msec1) / OVERHEAD_TIMES;
+
+            close(pipes[0]);
+            dup2(pipes[1], 1);
+
+            get_time(time_arg, overhead);
+
+            execve(new_argv[0], new_argv, envp);
+            exit(-1);
+        }
+
+        close(pipes[1]);
+
+        int status;
+        waitpid(pid, &status, 0);
+
+        if (read(pipes[0], time_arg, 30) < 0)
+            break;
+
+        times[i] = atoll(time_arg);
+        sum += times[i];
+        ssum += times[i] * times[i];
+
+        close(pipes[0]);
+    }
+
+    int compar (const void * arg1, const void * arg2)
+    {
+        register unsigned long long a1 = *((unsigned long long *) arg1);
+        register unsigned long long a2 = *((unsigned long long *) arg2);
+        return a1 < a2 ? -1 : (a1 == a2 ? 0 : 1);
+    }
+
+    qsort(times, TEST_TIMES, sizeof(unsigned long long), compar);
+
+    double median =
+            (TEST_TIMES % 2) ? (double) times[TEST_TIMES / 2] :
+            (double) (times[TEST_TIMES / 2 - 1] + times[TEST_TIMES / 2]) / 2;
+
+    double mean = (double) sum / TEST_TIMES;
+    double stddev = sqrt((double) ssum / TEST_TIMES - mean * mean);
+    double ci = 1.96 * stddev / sqrt((double) TEST_TIMES);
+
+    printf("median = %lf, mean = %lf (+/-%lf)\n", median, mean, ci);
+
+    return 0;
+}

LibOS/shim/test/regression/.gitignore

@@ -0,0 +1,5 @@
+*
+!*.c
+!*.cpp
+!*.template
+!Makefile*

LibOS/shim/test/regression/Makefile

@@ -4,18 +4,15 @@ special_executables = bootstrap_static bootstrap_pie
 c_executables = $(filter-out $(special_executables),$(patsubst %.c,%,$(wildcard *.c)))
 cxx_executables = $(patsubst %.cpp,%,$(wildcard *.cpp))
 
-target = $(special_executables) $(c_executables) $(cxx_executables) \
-	  manifest pal pal_sec
+exec_target = $(special_executables) $(c_executables) $(cxx_executables)
+target = $(exec_target) manifest pal pal_sec
 
 clean-extra += clean-tmp
 
+default: all
 level = ../
 include ../Makefile
 
-%.manifest: %.manifest.template
-	rm -rf $@
-	cp $@.template $@
-
 ifeq ($(SYS),x86_64-linux-gnu)
 $(c_executables): %: %.c
 	@echo [ $@ ]

LibOS/shim/test/regression/manifest.template

@@ -3,20 +3,15 @@ loader.env.LD_LIBRARY_PATH = /lib
 loader.debug_type = none
 loader.syscall_symbol = syscalldb
 
-fs.mount.root.type = chroot
-fs.mount.root.uri = file:
+fs.mount.lib.type = chroot
+fs.mount.lib.path = /lib
+fs.mount.lib.uri = file:../../../build
 
-fs.mount.other.lib.type = chroot
-fs.mount.other.lib.path = /lib
-fs.mount.other.lib.uri = file:../../../build
-
-fs.mount.other.bin.type = chroot
-fs.mount.other.bin.path = /bin
-fs.mount.other.bin.uri = file:/bin
+fs.mount.bin.type = chroot
+fs.mount.bin.path = /bin
+fs.mount.bin.uri = file:/bin
 
 # allow to bind on port 8000
 net.rules.1 = 127.0.0.1:8000:0.0.0.0:0-65535
 # allow to connect to port 8000
 net.rules.2 = 0.0.0.0:0-65535:127.0.0.1:8000
-
-# sys.ask_for_checkpoint = 1

Makefile

@@ -1,7 +1,7 @@
 SYS ?= $(shell gcc -dumpmachine)
 export SYS
 
-targets = all debug clean install
+targets = all clean install
 
 ifeq ($(SYS),x86_64-linux-gnu)
 targets += pack

Pal/Makefile

@@ -14,7 +14,7 @@ endif
 
 DIRS = src test regression
 
-all debug clean:
+all clean:
 	for d in $(DIRS); \
 	do \
 		$(MAKE) -C $$d $@; \

Pal/include/sysdeps/generic/sysdep.h

@@ -17,35 +17,7 @@
    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
    02111-1307 USA.  */
 
-#ifndef C_LABEL
-
-/* Define a macro we can use to construct the asm name for a C symbol.  */
-#ifdef	NO_UNDERSCORES
-#ifdef	__STDC__
-#define C_LABEL(name)		name##:
-#else
-#define C_LABEL(name)		name/**/:
-#endif
-#else
-#ifdef	__STDC__
-#define C_LABEL(name)		__##name##:
-#else
-#define C_LABEL(name)		__/**/name/**/:
-#endif
-#endif
-
-#endif
-
 #ifdef __ASSEMBLER__
-/* Mark the end of function named SYM.  This is used on some platforms
-   to generate correct debugging information.  */
-# ifndef END
-# define END(sym)
-# endif
-
-# ifndef JUMPTARGET
-# define JUMPTARGET(sym)	sym
-# endif
 
 /* Makros to generate eh_frame unwind information.  */
 # ifdef HAVE_ASM_CFI_DIRECTIVES

Pal/ipc/linux/graphene-ipc.c

@@ -312,10 +312,10 @@ static void fill_page_bit_map(struct mm_struct *mm,
 
 		if (pte_none(*pte))
 			goto next_locked;
-
+/*
 		if (unlikely(!pte_present(*pte)) && pte_file(*pte))
 			goto next_locked;
-
+*/
 		has_page = true;
 next_locked:
 		spin_unlock(ptl);

Pal/lib/Makefile

@@ -17,9 +17,10 @@ headers = asm-errlist.h api.h
 
 all: $(target)graphene-lib.a
 
-debug: CC = gcc -g
-debug: CFLAGS += -DDEBUG
-debug: $(target)graphene-lib.a
+ifeq ($(DEBUG),1)
+CC += -g
+CFLAGS += -DDEBUG
+endif
 
 $(target)graphene-lib.a: $(addprefix $(target),$(objs))
 	@echo [ $(notdir $@) ]

Pal/lib/api.h

@@ -24,6 +24,25 @@
 #include <stdint.h>
 #include <stdarg.h>
 
+/* Macros */
+
+#ifndef likely
+# define likely(x)	__builtin_expect((!!(x)),1)
+#endif
+#ifndef unlikely
+# define unlikely(x)	__builtin_expect((!!(x)),0)
+#endif
+
+#define __alloca __builtin_alloca
+
+#define XSTRINGIFY(x) STRINGIFY(x)
+#define STRINGIFY(x) #x
+
+#define static_strlen(str) (sizeof(str) - 1)
+
+/* Libc functions */
+
+/* Libc String functions */
 int strnlen (const char *str, int maxlen);
 int strlen (const char *str);
 
@@ -38,6 +57,26 @@ void * memmove (void *dstpp, void *srcpp, int len);
 void * memset (void *dstpp, int c, int len);
 int memcmp (const void *s1, const void *s2, int len);
 
+/* Some useful macro */
+/* force failure if str is not a static string */
+#define force_static(str)   ("" str "")
+
+/* check if the var is exactly the same as the static string */
+#define strcmp_static(var, str) \
+    (!memcmp((var), force_static(str), static_strlen(force_static(str)) + 1))
+
+/* check if the var starts with the static string */
+#define strpartcmp_static(var, str) \
+    (!memcmp((var), force_static(str), static_strlen(force_static(str))))
+
+/* copy static string and return the address of the null end (null if the dest
+ * is not large enough).*/
+#define strcpy_static(var, str, max) \
+    (static_strlen(force_static(str)) + 1 > max ? NULL : \
+     memcpy((var), force_static(str), static_strlen(force_static(str)) + 1) + \
+     static_strlen(force_static(str)))
+
+/* Libc printf functions */
 void fprintfmt (void (*_fputch)(void *, int, void *), void * f, void * putdat,
                 const char * fmt, ...);
 
@@ -46,6 +85,8 @@ void vfprintfmt (void (*_fputch)(void *, int, void *), void * f, void * putdat,
 
 int snprintf (char * buf, int n, const char * fmt, ...);
 
+/* Miscelleneous */
+
 int inet_pton4 (const char *src, int len, void *dst);
 int inet_pton6 (const char *src, int len, void *dst);
 
@@ -56,13 +97,14 @@ uint16_t __ntohs (uint16_t x);
 
 extern const char * const * sys_errlist_internal;
 
-#define __alloca __builtin_alloca
-
-#define XSTRINGIFY(x) STRINGIFY(x)
-#define STRINGIFY(x) #x
+/* Graphene functions */
 
 int get_norm_path (const char * path, char * buf, int offset, int size);
 
+int get_base_name (const char * path, char * buf, int size);
+
+/* Loading configs / manifests */
+
 #include <linux_list.h>
 
 struct config_store {

Pal/lib/graphene/path.c

@@ -94,4 +94,43 @@ int get_norm_path (const char * path, char * buf, int offset, int size)
     return offset;
 }
 
+int get_base_name (const char * path, char * buf, int size)
+{
+    const char * p = path;
 
+    for (; *p ; p++) {
+        if (*p == '/')
+            continue;
+        if (*p == '.') {
+            if (*(p + 1) == '/' || !*(p + 1)) {
+                p++;
+                continue;
+            }
+            if (*(p + 1) == '.') {
+                if (*(p + 2) == '/' || !*(p + 2)) {
+                    p += 2;
+                    continue;
+                }
+                return -PAL_ERROR_INVAL;
+            }
+        }
+
+        const char * e = p + 1;
+        for (; *e && *e != '/' ; e++);
+        if (*e) {
+            p = e - 1;
+            continue;
+        }
+
+        if (e - p > size - 1)
+            return -PAL_ERROR_TOOLONG;
+
+        int offset = 0;
+        for (; p < e ; p++, offset++)
+            buf[offset] = *p;
+        buf[offset] = 0;
+        return offset;
+    }
+
+    return 0;
+}

Pal/regression/.gitignore

@@ -1,2 +1,4 @@
-*.tmp
-*.manifest
+*
+!*.c
+!*.template
+!Makefile*

Pal/regression/.packed/test.sha384

@@ -1 +1 @@
-Bootstrap Bootstrap2 Bootstrap3 Directory Exception File Ipc Memory Misc Pipe Preload1.so Preload2.so Process Process2 SendHandle Socket Symbols Thread 2df98c64d513201049e48f4d6645a94567f4a60b8a997a91d29d46c3699b761b1f39a305bc43e8f52b6c4c5d1e5f03de
+Bootstrap Bootstrap2 Bootstrap3 Directory Exception File Ipc Memory Misc Pipe Preload1.so Preload2.so Process Process2 Process3 SendHandle Socket Symbols Thread acacabbb77227418b9442ca05ee56c5b884e6db4561907c3ac66ba611286675ea89f9e37f9bb86ff5d54b8f0d1e06391

Pal/regression/00_Bootstrap.py

@@ -5,6 +5,12 @@ from regression import Regression
 
 loader = '../src/pal'
 
+def manifest_file(file):
+    if 'SGX_RUN' in os.environ and os.environ['SGX_RUN'] == '1':
+        return file + '.manifest.sgx'
+    else:
+        return file + '.manifest'
+
 # Running Bootstrap
 regression = Regression(loader, "Bootstrap")
 
@@ -14,9 +20,6 @@ regression.add_check(name="Basic Bootstrapping",
 regression.add_check(name="Control Block: Executable Name",
     check=lambda res: "Loaded Executable: file:Bootstrap" in res[0].log)
 
-regression.add_check(name="Control Block: Default Manifest",
-    check=lambda res: "Loaded Manifest: file:manifest" in res[0].log)
-
 regression.add_check(name="One Argument Given",
     check=lambda res: "# of Arguments: 1" in res[0].log and \
             "argv[0] = file:Bootstrap" in res[0].log)
@@ -24,7 +27,6 @@ regression.add_check(name="One Argument Given",
 regression.add_check(name="Five Arguments Given",
     args = ['a', 'b', 'c', 'd'],
     check=lambda res: "# of Arguments: 5" in res[0].log and \
-           "argv[0] = file:Bootstrap" in res[0].log and \
            "argv[1] = a" in res[0].log and "argv[2] = b" in res[0].log and \
            "argv[3] = c" in res[0].log and "argv[4] = d" in res[0].log)
 
@@ -46,7 +48,7 @@ regression.run_checks()
 regression = Regression(loader, "Bootstrap2")
 
 regression.add_check(name="Control Block: Manifest as Executable Name",
-    check=lambda res: "Loaded Manifest: file:Bootstrap2.manifest" in res[0].log)
+    check=lambda res: "Loaded Manifest: file:" + manifest_file("Bootstrap2") in res[0].log)
 
 regression.run_checks()
 
@@ -64,10 +66,10 @@ regression.add_check(name="Preload Libraries Linking",
 regression.run_checks()
 
 # Running Bootstrap4
-regression = Regression(loader, "Bootstrap4.manifest")
+regression = Regression(loader, manifest_file("Bootstrap4"))
 
 regression.add_check(name="Control Block: Manifest as Argument",
-    check=lambda res: "Loaded Manifest: file:Bootstrap4.manifest" in res[0].log)
+    check=lambda res: any([line.startswith("Loaded Manifest: file:" + manifest_file("Bootstrap4")) for line in res[0].log]))
 
 regression.add_check(name="Control Block: Executable as in Manifest",
     check=lambda res: "Loaded Executable: file:Bootstrap" in res[0].log)
@@ -75,10 +77,10 @@ regression.add_check(name="Control Block: Executable as in Manifest",
 regression.run_checks()
 
 # Running Bootstrap4.manifest
-regression = Regression(executable = "./Bootstrap4.manifest")
+regression = Regression(executable = "./" + manifest_file("Bootstrap4"))
 
 regression.add_check(name="Control Block: Manifest as Argument (Load by Shebang)",
-    check=lambda res: "Loaded Manifest: file:./Bootstrap4.manifest" in res[0].log)
+    check=lambda res: "Loaded Manifest: file:" + manifest_file("Bootstrap4") in res[0].log)
 
 regression.add_check(name="Control Block: Executable as in Manifest (Load by Shebang)",
     check=lambda res: "Loaded Executable: file:Bootstrap" in res[0].log)
@@ -89,7 +91,7 @@ regression.add_check(name="Arguments: loader.execname in Manifest",
 regression.run_checks()
 
 # Running Bootstrap5.manifest
-regression = Regression(loader, "Bootstrap5.manifest")
+regression = Regression(loader, manifest_file("Bootstrap5"))
 
 regression.add_check(name="Bootstrap without Executable but Preload Libraries",
     check=lambda res: "Binary 1 Preloaded" in res[0].log and

Pal/regression/01_Exception.py

@@ -7,49 +7,17 @@ loader = '../src/pal'
 
 regression = Regression(loader, "Exception")
 
-def check_exception1(res):
-    for line in res[0].log:
-        if not line:
-            continue
-        if line.startswith('Div-by-Zero Exception Handler'):
-            return True
-    return False
-
-regression.add_check(name="Exception Handling (Div-by-Zero)", check=check_exception1)
-
-def check_exception2(res):
-    for line in res[0].log:
-        if not line:
-            continue
-        if line.startswith('Memory Fault Exception Handler'):
-            return True
-    return False
-
-regression.add_check(name="Exception Handling (Memory Fault)", check=check_exception2)
-
-def check_exception3(res):
-    found1 = False
-    found2 = False
-    for line in res[0].log:
-        if not line:
-            continue
-        if line.startswith('Div-by-Zero Exception Handler 1'):
-            found1 = True
-        if line.startswith('Div-by-Zero Exception Handler 2'):
-            found2 = True
-    return found1 and found2
-
-regression.add_check(name="Exception Handler Swap", check=check_exception3)
-
-def check_exception4(res):
-    found = 0
-    for line in res[0].log:
-        if not line:
-            continue
-        if line.startswith('Div-by-Zero Exception Handler 1'):
-            found += 1
-    return found == 1
-
-regression.add_check(name="Exception Handling (Set Context)", check=check_exception4)
+regression.add_check(name="Exception Handling (Div-by-Zero)",
+    check=lambda res: any([line.startswith("Div-by-Zero Exception Handler") for line in res[0].log]))
+
+regression.add_check(name="Exception Handling (Memory Fault)",
+    check=lambda res: any([line.startswith("Memory Fault Exception Handler") for line in res[0].log]))
+
+regression.add_check(name="Exception Handler Swap",
+    check=lambda res: any([line.startswith("Div-by-Zero Exception Handler 1") for line in res[0].log]) and
+                      any([line.startswith("Div-by-Zero Exception Handler 2") for line in res[0].log]))
+
+regression.add_check(name="Exception Handling (Set Context)",
+    check=lambda res: any([line.startswith("Div-by-Zero Exception Handler 1") for line in res[0].log]))
 
 regression.run_checks()

Pal/regression/03_Process.py

@@ -35,6 +35,13 @@ regression.run_checks()
 
 regression = Regression(loader, "Process2")
 
+regression.add_check(name="Process Creation with a Different Binary",
+    check=lambda res: check_times("User Program Started", res[0].log, 1))
+
+regression.run_checks()
+
+regression = Regression(loader, "Process3")
+
 regression.add_check(name="Process Creation without Executable",
     check=lambda res: check_times("Binary 1 Preloaded", res[0].log, 2) and
                       check_times("Binary 2 Preloaded", res[0].log, 2))

Pal/regression/Bootstrap2.manifest.template

@@ -1,10 +1 @@
-# the executable to run
-# loader.exec = file:./HelloWorld
-
-# debug type: inline|file
 loader.debug_type = inline
-
-# debug as file
-# loader.debug_file = <path>
-
-fs.mount.root.uri = file:

Pal/regression/Bootstrap3.manifest.template

@@ -1,13 +1,2 @@
-# the executable to run
-# loader.exec = file:./HelloWorld
-
-# debug type: inline|file
 loader.debug_type = inline
-
-# preload library
 loader.preload = file:Preload1.so,file:Preload2.so
-
-# debug as file
-# loader.debug_file = <path>
-
-fs.mount.root.uri = file:

Pal/regression/Bootstrap4.manifest.template

@@ -1,13 +1,4 @@
 #!$(PAL)
 
-# the executable to run
 loader.exec = file:Bootstrap
 loader.execname = Bootstrap
-
-# debug type: inline|file
-# loader.debug_type = inline
-
-# debug as file
-# loader.debug_file = <path>
-
-fs.mount.root.uri = file:

Pal/regression/Bootstrap5.manifest.template

@@ -1,13 +1,2 @@
-# the executable to run
-# loader.exec = file:./HelloWorld
-
-# debug type: inline|file
 loader.debug_type = inline
-
-# preload library
 loader.preload = file:Preload1.so,file:Preload2.so
-
-# debug as file
-# loader.debug_file = <path>
-
-fs.mount.root.uri = file:

Pal/regression/File.manifest.template

@@ -0,0 +1,20 @@
+# the executable to run
+# loader.exec = file:./HelloWorld
+
+# debug type: inline|file
+loader.debug_type = inline
+
+# debug as file
+# loader.debug_file = <path>
+
+fs.mount.root.uri = file:
+
+# allow to bind on port 8000
+net.allow_bind.1 = 127.0.0.1:8000
+# allow to connect to port 8000
+net.allow_peer.1 = 127.0.0.1:8000
+
+sgx.allowed_files.tmp1 = file:file_exist.tmp
+sgx.allowed_files.tmp2 = file:../regression/file_exist.tmp
+sgx.allowed_files.tmp3 = file:file_nonexist.tmp
+sgx.allowed_files.tmp4 = file:file_delete.tmp

Pal/regression/Makefile

@@ -1,6 +1,6 @@
 SYS ?= $(shell gcc -dumpmachine)
 
-CC	= gcc -g
+CC	= gcc
 CFLAGS	= -Wall -O2 -std=gnu99 -fgnu89-inline -fno-builtin -nostdlib \
 	  -I../include/pal -I../lib
 
@@ -8,15 +8,21 @@ preloads    = $(patsubst %.c,%,$(wildcard *.so.c))
 executables = $(filter-out $(preloads),$(patsubst %.c,%,$(wildcard *.c)))
 manifests   = manifest $(patsubst %.manifest.template,%.manifest,$(wildcard *.manifest.template))
 
-target = $(executables) $(preloads) $(manifests)
+target = $(executables) $(manifests)
 
 graphene_lib = .lib/graphene-lib.a
 pal_lib = ../src/libpal.so
 headers = $(wildcard ../include/pal/*.h)
 
+default: all
 include ../src/Makefile.Test
 
-all:	$(call expand_target,$(target))
+all: $(call expand_target,$(target)) $(preloads)
+
+ifeq ($(DEBUG),1)
+CC += -g
+endif
+export DEBUG
 
 manifest_rules = \
 	-e 's:\$$(PAL):$(abspath ../src/pal):g' \
@@ -24,14 +30,11 @@ manifest_rules = \
 	$(extra_rules)
 
 manifest: manifest.template
-	rm -f $@
 	sed $(manifest_rules) $< >$@
-	chmod +x $@
 
 %.manifest: %.manifest.template
-	rm -f $@
 	sed $(manifest_rules) $< >$@
-	chmod +x $@
+	(grep -q "#\!" $@ && chmod +x $@) || true
 
 ../src/user_shared_start.o ../src/user_start.o: ../src/user_start.S
 	$(MAKE) -C ../src $(notdir $@)
@@ -48,7 +51,7 @@ $(executables): %: %.c ../src/user_start.o \
 	@$(CC) $(CFLAGS) $^ -o $@
 
 $(graphene_lib):
-	$(MAKE) -C ../lib target=$(shell pwd)/.lib/ $(debug)
+	$(MAKE) -C ../lib target=$(shell pwd)/.lib/
 
 .PHONY: pack
 pack: $(preloads) $(executables)
@@ -60,6 +63,10 @@ endif
 
 PYTHONENV = "PYTHONPATH=../../Scripts"
 
+ifeq ($(SGX_RUN),1)
+	PYTHONENV += "TIMEOUT=5000"
+endif
+
 regression: $(call expand_target,$(target))
 	@printf "\n\nBasic Bootstrapping:\n"
 	@for f in $(wildcard 00_*.py); do env $(PYTHONENV) python $$f; done
@@ -76,4 +83,4 @@ regression: $(call expand_target,$(target))
 	@printf "\n\n"
 
 clean:
-	rm -rf $(call expand_target,$(target)) *.tmp .lib
+	rm -rf $(call expand_target,$(target)) $(preloads) *.tmp .lib *.cached