Linux 2.1.3 Open Source Gold Release

Security updates to Linux SDK and PSW
Support for Intel SGX Protected Code Loader

Signed-off-by: Li, Xun <xun.li@intel.com>

Linux_SGXEclipsePlugin/build_directory/features/com.intel.sgx.feature/feature.xml

@@ -114,15 +114,15 @@ This Agreement is governed by the laws of the State of New York and the intellec
    </url>
 
    <requires>
-      <import plugin="org.eclipse.cdt.ui" version="5.11.0" match="compatible"/>
-      <import plugin="org.eclipse.core.expressions" version="3.5.0" match="compatible"/>
-      <import plugin="org.eclipse.ui.ide" version="3.11.0" match="compatible"/>
-      <import plugin="org.eclipse.cdt.core" version="5.11.0" match="compatible"/>
-      <import plugin="org.eclipse.core.runtime" version="3.11.1" match="compatible"/>
-      <import plugin="org.eclipse.ui" version="3.107.0" match="compatible"/>
-      <import plugin="org.eclipse.cdt.managedbuilder.ui" version="8.2.2" match="compatible"/>
-      <import plugin="org.eclipse.cdt.managedbuilder.core" version="8.3.0" match="compatible"/>
-      <import plugin="org.eclipse.core.resources" version="3.10.1" match="compatible"/>
+      <import plugin="org.eclipse.cdt.ui" version="5.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.expressions" version="3.5.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.ui.ide" version="3.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.core" version="5.11.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.runtime" version="3.11.1" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.ui" version="3.107.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.managedbuilder.ui" version="8.2.2" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.cdt.managedbuilder.core" version="8.3.0" match="greaterOrEqual"/>
+      <import plugin="org.eclipse.core.resources" version="3.10.1" match="greaterOrEqual"/>
    </requires>
 
    <plugin

Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html

@@ -123,7 +123,7 @@ developers by the Intel(R) SGX SDK.</p>
         <h2>Pre-requisites</h2>
         <p>To use Intel(R) Software Guard Extensions Eclipse Plug-in, install the following softwares:</p>
         <ul>
-            <li>Eclipse* Mars 1 with CDT IDE for C/C++ Developers (version 4.5.1).   To use this version, install Java* Development Kit (JDK) or Java* Runtime Environment (JRE)  version 1.8 or above.</li>
+            <li>Eclipse* Oxygen 3 with CDT IDE for C/C++ Developers (version 4.7.3).   To use this version, install Java* Development Kit (JDK) or Java* Runtime Environment (JRE)  version 1.8 or above.</li>
             <li>gcc/g++ tools</li>
             <li>Openssl*</li>
             <li>Intel(R) SGX SDK for Linux* OS</li>

Linux_SGXEclipsePlugin/clean.sh

@@ -13,7 +13,7 @@ rm -fv build_directory/features/com.intel.sgx.feature/build.xml
 rm -fv build_directory/features/com.intel.sgx.feature/*.zip
 rm -rfv build_directory/nestedJars
 rm -rfv build_directory/updatesite/sgx-eclipse-plugin
-find . -name "*.zip" ! -name  "eclipse_mars.v4.5.1_x64.zip" | xargs rm -rfv
+find . -name "*.zip" ! -name  "eclipse_oxygen.v4.7.3_x64.zip" | xargs rm -rfv
 find . -name "javaCompiler*" | xargs rm -rfv
 find . -name "@*" | xargs rm -rfv
 find build_directory -maxdepth 1 -mindepth 1 | grep -v "features" | grep -v "plugins" | grep -v "sites" | grep -v "updatesite" | xargs rm -frv

Linux_SGXEclipsePlugin/readme.txt

@@ -6,8 +6,8 @@ $DELETE_CURRENT_ECLIPSE - Delete current eclipse or not. Generally this variable
 
 The following plugins are pre-requisites to be installed in Eclipse before trying to build the plugin.
 
-1. Eclipse IDE for C/C++ Developers  4.5.1.20150917-1200 (tested_version)
-2. Eclipse PDE Plug-in Developer Resources   3.11.1.v20150904-0345 (tested_version)
+1. Eclipse IDE for C/C++ Developers  4.7.3.20180308-1800 (tested_version)
+2. Eclipse PDE Plug-in Developer Resources   3.13.3.v20180301-11 (tested_version)
 
 run ./build.sh from command line under current directory.
 Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation.

SampleCode/SampleEnclavePCL/App/App.cpp

@@ -0,0 +1,367 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+# include <unistd.h>
+# include <pwd.h>
+# define MAX_PATH FILENAME_MAX
+
+#include "sgx_urts.h"
+#include "App.h"
+#include "Enclave_u.h"
+#include "Seal_u.h"
+
+#define SEAL_FILENAME             "Seal.signed.so"
+#define SEALED_KEY_FILE_NAME     "sealed_key.bin"
+#define TOKEN_FILENAME            "enclave.token"
+
+/* Global EID shared by multiple threads */
+sgx_enclave_id_t global_eid = 0;
+
+typedef struct _sgx_errlist_t {
+    sgx_status_t err;
+    const char *msg;
+    const char *sug; /* Suggestion */
+} sgx_errlist_t;
+
+/* Error code returned by sgx_create_enclave */
+static sgx_errlist_t sgx_errlist[] = {
+    {
+        SGX_ERROR_UNEXPECTED,
+        "Unexpected error occurred.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_PARAMETER,
+        "Invalid parameter.",
+        NULL
+    },
+    {
+        SGX_ERROR_OUT_OF_MEMORY,
+        "Out of memory.",
+        NULL
+    },
+    {
+        SGX_ERROR_ENCLAVE_LOST,
+        "Power transition occurred.",
+        "Please refer to the sample \"PowerTransition\" for details."
+    },
+    {
+        SGX_ERROR_INVALID_ENCLAVE,
+        "Invalid enclave image.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_ENCLAVE_ID,
+        "Invalid enclave identification.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_SIGNATURE,
+        "Invalid enclave signature.",
+        NULL
+    },
+    {
+        SGX_ERROR_OUT_OF_EPC,
+        "Out of EPC memory.",
+        NULL
+    },
+    {
+        SGX_ERROR_NO_DEVICE,
+        "Invalid Intel(R) SGX device.",
+        "Please make sure Intel(R) SGX module is enabled in the BIOS, and install Intel(R) SGX driver afterwards."
+    },
+    {
+        SGX_ERROR_MEMORY_MAP_CONFLICT,
+        "Memory map conflicted.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_METADATA,
+        "Invalid enclave metadata.",
+        NULL
+    },
+    {
+        SGX_ERROR_DEVICE_BUSY,
+        "Intel(R) SGX device was busy.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_VERSION,
+        "Enclave version was invalid.",
+        NULL
+    },
+    {
+        SGX_ERROR_INVALID_ATTRIBUTE,
+        "Enclave was not authorized.",
+        NULL
+    },
+    {
+        SGX_ERROR_ENCLAVE_FILE_ACCESS,
+        "Can't open enclave file.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_ENCRYPTED,
+        "sgx_create_enclave can't open encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_NOT_ENCRYPTED,
+        "sgx_create_encrypted_enclave can't open not-encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_MAC_MISMATCH,
+        "PCL detected invalid section in encrypted enclave.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_SHA_MISMATCH,
+        "PCL sealed key SHA mismatch.",
+        NULL
+    },
+    {
+        SGX_ERROR_PCL_GUID_MISMATCH,
+        "PCL sealed key GUID mismatch.",
+        NULL
+    },
+};
+
+/* Check error conditions for loading enclave */
+void print_error_message(sgx_status_t ret)
+{
+    size_t idx = 0;
+    size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
+
+    for (idx = 0; idx < ttl; idx++) {
+        if(ret == sgx_errlist[idx].err) {
+            if(NULL != sgx_errlist[idx].sug)
+                printf("Info: %s\n", sgx_errlist[idx].sug);
+            printf("Error: %s\n", sgx_errlist[idx].msg);
+            break;
+        }
+    }
+    
+    if (idx == ttl)
+        printf("Error: Unexpected error occurred.\n");
+}
+
+/* Initialize the enclave:
+ *   Step 1: try to retrieve the launch token saved by last transaction
+ *   Step 2: call sgx_create_enclave to initialize an enclave instance
+ *   Step 3: save the launch token if it is updated
+ */
+sgx_status_t  initialize_enclave ( const char *file_name, sgx_enclave_id_t* eid )
+{
+    char token_path[MAX_PATH] = {'\0'};
+    sgx_launch_token_t token = {0};
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    int updated = 0;
+    size_t read_num = 0;
+    
+    /* Step 1: try to retrieve the launch token saved by last transaction 
+     *         if there is no token, then create a new one.
+     */
+    /* try to get the token saved in $HOME */
+    const char *home_dir = getpwuid(getuid())->pw_dir;
+    
+    if (home_dir != NULL && 
+        (strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
+        /* compose the token path */
+        strncpy(token_path, home_dir, strlen(home_dir));
+        strncat(token_path, "/", strlen("/"));
+        strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
+    } else {
+        /* if token path is too long or $HOME is NULL */
+        strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
+    }
+
+    FILE *fp = fopen(token_path, "rb");
+    if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
+        printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
+    }
+
+    if (fp != NULL) {
+        /* read the token from saved file */
+        read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
+        if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
+            /* if token is invalid, clear the buffer */
+            memset(&token, 0x0, sizeof(sgx_launch_token_t));
+            printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
+        }
+    }
+    /* Step 2: call sgx_create_enclave to initialize an enclave instance */
+    /* Debug Support: set 2nd parameter to 1 */
+#ifdef SGX_USE_PCL        
+    bool open_seal_enclave = true;
+    uint8_t* sealed_blob = NULL;
+    FILE *fsealp = fopen(SEALED_KEY_FILE_NAME, "rb");
+    size_t sealed_blob_size = 0;
+    if(NULL != fsealp)
+    {   
+        // Read file size:
+        fseek(fsealp, 0L, SEEK_END);
+        sealed_blob_size = ftell(fsealp);
+        fseek(fsealp, 0L, SEEK_SET);
+        // Read file into buffer:
+        sealed_blob = new uint8_t[sealed_blob_size];
+        read_num = fread(sealed_blob, 1, sealed_blob_size, fsealp);
+        if ( read_num != sealed_blob_size )
+        {
+            printf ( "Warning: Failed to read sealed blob.\n" );
+        }
+        else
+        {
+            open_seal_enclave = false;
+        }
+        fclose(fsealp);
+    }
+    if (true == open_seal_enclave)
+    {
+        printf ("Open Seal Enclave: %s\n", SEAL_FILENAME );
+        sgx_enclave_id_t seal_eid = 0;
+        ret = sgx_create_enclave(
+            SEAL_FILENAME, 
+            SGX_DEBUG_FLAG, 
+            &token, 
+            &updated, 
+            &seal_eid, 
+            NULL);
+        if (SGX_SUCCESS != ret) 
+        {
+            print_error_message(ret);
+            if(NULL != fp)
+            {
+               fclose(fp);
+            }
+            return ret;
+        }        
+        ret = ecall_get_sealed_blob_size(seal_eid, &sealed_blob_size);
+        if (ret != SGX_SUCCESS || UINT32_MAX == sealed_blob_size)
+        {
+            printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size);
+            sgx_destroy_enclave(seal_eid);
+            return ret;
+        }
+        //printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size);
+        sealed_blob = new uint8_t[sealed_blob_size];
+        sgx_status_t gret = SGX_ERROR_UNEXPECTED;
+        ret = ecall_generate_sealed_blob(seal_eid, &gret, sealed_blob, sealed_blob_size);
+        if ((SGX_SUCCESS != ret) || (SGX_SUCCESS != gret)) 
+        {
+            printf("ecall_generate_sealed_blob: ret = %d, gret = 0x%x\n", ret, gret);
+            sgx_destroy_enclave(seal_eid);
+            delete sealed_blob;
+            return ret;
+        }
+        sgx_destroy_enclave(seal_eid);
+        fsealp = fopen(SEALED_KEY_FILE_NAME, "wb");
+        if(NULL != fsealp)
+        {
+            fwrite(sealed_blob, 1, sealed_blob_size, fsealp);
+            fclose(fsealp);
+        }
+    }
+    // Load the PCL protected Enclave:
+    ret = sgx_create_encrypted_enclave(file_name, SGX_DEBUG_FLAG, &token, &updated, eid, NULL, sealed_blob);
+    delete sealed_blob;
+#else  // SGX_USE_PCL
+    ret = sgx_create_enclave(file_name, SGX_DEBUG_FLAG, &token, &updated, eid, NULL);
+#endif // SGX_USE_PCL
+    if (ret != SGX_SUCCESS) {
+        print_error_message(ret);
+        if (fp != NULL) fclose(fp);
+        return ret;
+    }
+
+    /* Step 3: save the launch token if it is updated */
+    if (updated == FALSE || fp == NULL) {
+        /* if the token is not updated, or file handler is invalid, do not perform saving */
+        if (fp != NULL) fclose(fp);
+        return SGX_SUCCESS;
+    }
+
+    /* reopen the file with write capablity */
+    fp = freopen(token_path, "wb", fp);
+    if (fp == NULL) return SGX_SUCCESS;
+    size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
+    if (write_num != sizeof(sgx_launch_token_t))
+        printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
+    fclose(fp);
+    return SGX_SUCCESS;
+}
+
+/* OCall functions */
+void ocall_print_string(const char *str)
+{
+    /* Proxy/Bridge will check the length and null-terminate 
+     * the input string to prevent buffer overflow. 
+     */
+    printf("%s", str);
+}
+
+
+/* Application entry */
+int SGX_CDECL main(int argc, char *argv[])
+{
+    (void)(argc);
+    (void)(argv);
+
+
+    /* Initialize the enclave */
+    if ( initialize_enclave ( ENCLAVE_FILENAME, &global_eid ) < 0 ){
+        return -1; 
+    }
+ 
+    /* Utilize edger8r attributes */
+    edger8r_array_attributes();
+    edger8r_pointer_attributes();
+    edger8r_type_attributes();
+    edger8r_function_attributes();
+    
+    /* Utilize trusted libraries */
+    ecall_libc_functions();
+    ecall_libcxx_functions();
+    ecall_thread_functions();
+
+    /* Destroy the enclave */
+    sgx_destroy_enclave(global_eid);
+    
+    printf("Info: SampleEnclave successfully returned.\n");
+
+    return 0;
+}
+

SampleCode/SampleEnclavePCL/App/App.h

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef _APP_H_
+#define _APP_H_
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "sgx_error.h"       /* sgx_status_t */
+#include "sgx_eid.h"     /* sgx_enclave_id_t */
+
+#ifndef TRUE
+# define TRUE 1
+#endif
+
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+#define TOKEN_FILENAME   "enclave.token"
+#define ENCLAVE_FILENAME "enclave.signed.so"
+#define SEAL_TOKEN_FILENAME   "seal.token"
+#define SEAL_FILENAME "Seal.signed.so"
+#define SEALED_KEY_FILE_NAME "sealed_key.bin"
+
+extern sgx_enclave_id_t global_eid;    /* global enclave id */
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+void edger8r_array_attributes(void);
+void edger8r_type_attributes(void);
+void edger8r_pointer_attributes(void);
+void edger8r_function_attributes(void);
+
+void ecall_libc_functions(void);
+void ecall_libcxx_functions(void);
+void ecall_thread_functions(void);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_APP_H_ */

SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Arrays.cpp

@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_array_attributes:
+ *   Invokes ECALLs declared with array attributes.
+ */
+void edger8r_array_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    /* user_check */
+    int arr1[4] = {0, 1, 2, 3};
+    ret = ecall_array_user_check(global_eid, arr1);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    /* make sure arr1 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr1[i] == (3 - i));
+
+    /* in */
+    int arr2[4] = {0, 1, 2, 3};
+    ret = ecall_array_in(global_eid, arr2);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr2 is not changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr2[i] == i);
+    
+    /* out */
+    int arr3[4] = {0, 1, 2, 3};
+    ret = ecall_array_out(global_eid, arr3);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr3 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr3[i] == (3 - i));
+    
+    /* in, out */
+    int arr4[4] = {0, 1, 2, 3};
+    ret = ecall_array_in_out(global_eid, arr4);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr4 is changed */
+    for (int i = 0; i < 4; i++)
+        assert(arr4[i] == (3 - i));
+    
+    /* isary */
+    array_t arr5 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
+    ret = ecall_array_isary(global_eid, arr5);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* arr5 is changed */
+    for (int i = 0; i < 10; i++)
+        assert(arr5[i] == (9 - i));
+}

SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Functions.cpp

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* No need to implement memccpy here! */
+
+/* edger8r_function_attributes:
+ *   Invokes ECALL declared with calling convention attributes.
+ *   Invokes ECALL declared with [public].
+ */
+void edger8r_function_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_function_calling_convs(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    ret = ecall_function_public(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    /* user shall not invoke private function here */
+    int runned = 0;
+    ret = ecall_function_private(global_eid, &runned);
+    if (ret != SGX_ERROR_ECALL_NOT_ALLOWED || runned != 0)
+        abort();
+}
+
+/* ocall_function_allow:
+ *   The OCALL invokes the [allow]ed ECALL 'edger8r_private'.
+ */
+void ocall_function_allow(void)
+{
+    int runned = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    
+    ret = ecall_function_private(global_eid, &runned);
+    if (ret != SGX_SUCCESS || runned != 1)
+        abort();
+}

SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Pointers.cpp

@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_pointer_attributes:
+ *   Invokes the ECALLs declared with pointer attributes.
+ */
+void edger8r_pointer_attributes(void)
+{
+    int val = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    char c[128] = {0};
+    size_t len = 0;
+    memset(c, 0xe, 128);
+    ret = ecall_pointer_user_check(global_eid, &len, &c, 128);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(strcmp(c, "SGX_SUCCESS") == 0);
+
+
+    val = 0;
+    ret = ecall_pointer_in(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 0);
+    
+    val = 0;
+    ret = ecall_pointer_out(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+    
+    val = 0;
+    ret = ecall_pointer_in_out(global_eid, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+    
+    ret = ocall_pointer_attr(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    char str1[] = "1234567890";
+    ret = ecall_pointer_string(global_eid, str1);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str1, "0987654321", strlen(str1)) == 0);
+
+    const char str2[] = "1234567890";
+    ret = ecall_pointer_string_const(global_eid, str2);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str2, "1234567890", strlen(str2)) == 0);
+
+    char str3[] = "1234567890";
+    ret = ecall_pointer_size(global_eid, (void*)str3, strlen(str3));
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str3, "0987654321", strlen(str3)) == 0);
+
+    char str4[] = "1234567890";
+    ret = ecall_pointer_isptr_readonly(global_eid, (buffer_t)str4, strlen(str4));
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(str4, "1234567890", strlen(str4)) == 0);
+
+    int arr[10] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
+    ret = ecall_pointer_count(global_eid, arr, 10);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    for (int i = 0; i < 10; i++)
+        assert(arr[i] == (9 - i));
+    
+    return;
+}
+
+/* ocall_pointer_user_check:
+ *   The OCALL declared with [user_check].
+ */
+void ocall_pointer_user_check(int* val)
+{
+    (void)val;
+    assert(val != NULL);
+}
+
+/* ocall_pointer_in:
+ *   The OCALL declared with [in].
+ */
+void ocall_pointer_in(int* val)
+{
+    *val = 1234;
+}
+
+/* ocall_pointer_out:
+ *   The OCALL declared with [out].
+ */
+void ocall_pointer_out(int* val)
+{
+    *val = 1234;
+}
+
+/* ocall_pointer_in_out:
+ *   The OCALL declared with [in, out].
+ */
+void ocall_pointer_in_out(int* val)
+{
+    *val = 1234;
+}

SampleCode/SampleEnclavePCL/App/Edger8rSyntax/Types.cpp

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* edger8r_type_attributes:
+ *   Invokes ECALLs declared with basic types.
+ */
+void edger8r_type_attributes(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_type_char(global_eid, (char)0x12);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_int(global_eid, (int)1234);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_float(global_eid, (float)1234.0);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_double(global_eid, (double)1234.5678);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_size_t(global_eid, (size_t)12345678);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_type_wchar_t(global_eid, (wchar_t)0x1234);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    struct struct_foo_t g = {1234, 5678};
+    ret = ecall_type_struct(global_eid, g);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    union union_foo_t val = {0};
+    ret = ecall_type_enum_union(global_eid, ENUM_FOO_0, &val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val.union_foo_0 == 2);
+}

SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libc.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* ecall_libc_functions:
+ *   Invokes standard C functions.
+ */
+void ecall_libc_functions(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_malloc_free(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    int cpuid[4] = {0x1, 0x0, 0x0, 0x0};
+    ret = ecall_sgx_cpuid(global_eid, cpuid, 0x0);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

SampleCode/SampleEnclavePCL/App/TrustedLibrary/Libcxx.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+/* ecall_libcxx_functions:
+ *   Invokes standard C++ functions.
+ */
+void ecall_libcxx_functions(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ecall_exception(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    ret = ecall_map(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

SampleCode/SampleEnclavePCL/App/TrustedLibrary/Thread.cpp

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdio.h>
+#include <thread>
+using namespace std;
+
+#include "../App.h"
+#include "Enclave_u.h"
+
+static size_t counter = 0;
+
+void increase_counter(void)
+{
+    size_t cnr = 0;
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_increase_counter(global_eid, &cnr);
+    if (cnr != 0) counter = cnr; 
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+void data_producer(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_producer(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+void data_consumer(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+    ret = ecall_consumer(global_eid);
+    if (ret != SGX_SUCCESS)
+        abort();
+}
+
+/* ecall_thread_functions:
+ *   Invokes thread functions including mutex, condition variable, etc.
+ */
+void ecall_thread_functions(void)
+{
+    thread adder1(increase_counter);
+    thread adder2(increase_counter);
+    thread adder3(increase_counter);
+    thread adder4(increase_counter);
+
+    adder1.join();
+    adder2.join();
+    adder3.join();
+    adder4.join();
+
+    assert(counter == 4*LOOPS_PER_THREAD);
+
+    printf("Info: executing thread synchronization, please wait...  \n");
+    /* condition variable */
+    thread consumer1(data_consumer);
+    thread producer0(data_producer);
+    thread consumer2(data_consumer);
+    thread consumer3(data_consumer);
+    thread consumer4(data_consumer);
+    
+    consumer1.join();
+    consumer2.join();
+    consumer3.join();
+    consumer4.join();
+    producer0.join();
+}

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.cpp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Test Array Attributes */
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_array_user_check:
+ *   [user_check] parameter does not perfrom copy operations.
+ */
+void ecall_array_user_check(int arr[4])
+{
+    if (sgx_is_outside_enclave(arr, 4 * sizeof(int)) != 1)
+        abort();
+    
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = 3 - i;
+    }
+}
+
+/* ecall_array_in:
+ *   arr[] is copied to trusted domain, but modified 
+ *   results will not be reflected to the untrusted side.
+ */
+void ecall_array_in(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_out:
+ *   arr[] is allocated inside the enclave, and it will be copied
+ *   to the untrusted side
+ */
+void ecall_array_out(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        /* arr is not copied from App */
+        assert(arr[i] == 0);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_in_out:
+ *   arr[] will be allocated inside the enclave, content of arr[] will be copied either.
+ *   After ECALL returns, the results will be copied to the outside.
+ */
+void ecall_array_in_out(int arr[4])
+{
+    for (int i = 0; i < 4; i++) {
+        assert(arr[i] == i);
+        arr[i] = (3 - i);
+    }
+}
+
+/* ecall_array_isary:
+ *   [isary] tells Edger8r that user defined 'array_t' is an array type.
+ */
+void ecall_array_isary(array_t arr)
+{
+    if (sgx_is_outside_enclave(arr, sizeof(array_t)) != 1)
+        abort();
+
+    int n = sizeof(array_t)/sizeof(arr[0]);
+    for (int i = 0; i < n; i++) {
+        assert(arr[i] == i);
+        arr[i] = (n - 1 - i);
+    }
+}

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Arrays.edl

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Arrays.edl - Samples for array attributes. */
+
+enclave {
+    
+    /* 
+     *  Only for fixed-size array (size is explicitly specified).
+     */
+    
+    trusted {
+        
+        /*
+         * []:  can be used to declare an array.
+         * [user_check]:
+         *      pointer of the array won't be valified, and the buffer pointed by 'arr' 
+         *      is not copied into the enclave either. But enclave can modify the memory outside.
+         */
+        
+        public void ecall_array_user_check([user_check] int arr[4]);
+        
+        /*
+         * [in]:
+         *      buffer for the array will be allocated inside the enclave, 
+         *      content of the array will be copied into the new allocated memory inside. 
+         *      Any changes performed inside the enclave will not affect the array outside.
+         */
+        
+        public void ecall_array_in([in] int arr[4]);
+        
+        /*
+         * [out]:
+         *      buffer for the array will be allocated inside the enclave,
+         *      but the content of the array won't be copied. After ECALL returns, 
+         *      the buffer inside the enclave will copied into outside array.
+         */
+        
+        public void ecall_array_out([out] int arr[4]);
+        
+        /*
+         * [in, out]:
+         *      buffer for the array will be allocated inside the enclave,
+         *      the content of the array will be copied either. After ECALL returns, 
+         *      the buffer inside the enclave will by copied into outside array again.
+         */
+        
+        public void ecall_array_in_out([in, out] int arr[4]);
+        
+        /*
+         * [isary]:
+         *      tells Edger8r the user defined 'array_t' is an array type, 'arr' will be 
+         *      treated as a pointer, no memory copied either due to [user_check].
+         *      For OCALLs, 'arr' shall point to the memory outside the enclave. 
+         */
+        
+        public void ecall_array_isary([user_check, isary] array_t arr);
+    
+    };
+
+    untrusted {
+    
+        /*
+         * [user_check|in|out|in,out|isary] can also be used in OCALLs, refer to the "User Guide" for details.
+         */
+
+    };
+
+};

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.cpp

@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Calling Conventions */
+
+#include <string.h>
+#include <stdio.h>
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_function_calling_convs:
+ *   memccpy is defined in system C library.
+ */
+void ecall_function_calling_convs(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    char s1[] = "1234567890";
+    char s2[] = "0987654321";
+
+    char buf[BUFSIZ] = {'\0'};
+    memcpy(buf, s1, strlen(s1));
+
+    ret = memccpy(NULL, s1, s2, '\0', strlen(s1));
+    
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(memcmp(s1, s2, strlen(s1)) == 0);
+
+    return;
+}
+
+/* ecall_function_public:
+ *   The public ECALL that invokes the OCALL 'ocall_function_allow'.
+ */
+void ecall_function_public(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    ret = ocall_function_allow();
+    if (ret != SGX_SUCCESS)
+        abort();
+    
+    return;
+}
+
+/* ecall_function_private:
+ *   The private ECALL that only can be invoked in the OCALL 'ocall_function_allow'.
+ */
+int ecall_function_private(void)
+{
+    return 1;
+}
+

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Functions.edl

@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Functions.edl - Samples for function attributes. */
+
+enclave {
+    
+    /* 
+     * Following keywords/attributes are supported for untrusted functions: 
+     *      cdecl, stdcall, fastcall, dllimport (only for Windows).
+     *      [public] is only supported for the trusted functions.
+     * Trusted function will be treated as [private] w/o the [public].
+     */
+
+    trusted {
+
+        public void ecall_function_calling_convs(void);
+        
+        /*
+         * [public]:
+         *      public ECALL can be called directly in App.
+         */
+        
+        public void ecall_function_public(void);
+
+        /*
+         * [private]:
+         *      private ECALL cannot be called directly in App.
+         */
+        
+        int ecall_function_private(void);
+    
+    };
+
+    untrusted {
+        
+        /*
+         * [cdecl]:
+         *      tells edger8r the calling convention of the OCALLs is 'cdecl'.
+         * [dllimport]:
+         *      indicats the OCALL is provided in DLLs.
+         *
+         * Note: memccpy() is provided by MS system DLL, we don't need to implement it in App side.
+         */
+        
+        [cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len);
+        
+        /*
+         * [allow]:
+         *      OCALL 'ocall_function_allow' can invoke ECALL 'ecall_function_private' in App side. 
+         *
+         * Note: No ECALL can be called in OCALL w/o [allow].
+         */
+        
+        void ocall_function_allow(void) allow(ecall_function_private);
+    
+    };
+
+};

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.cpp

@@ -0,0 +1,197 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Pointer Auttributes */
+
+#include <sys/types.h>
+#include <string.h>
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* checksum_internal:
+ *   get simple checksum of input buffer and length
+ */
+int32_t checksum_internal(char *buf, size_t count)
+{
+    register int32_t sum = 0;
+    int16_t *ptr = (int16_t *)buf;
+
+    /* Main summing loop */
+    while(count > 1) {
+        sum = sum + *ptr++;
+        count = count - 2;
+    }
+
+    /* Add left-over byte, if any */
+    if (count > 0)
+        sum = sum + *((char *)ptr);
+
+	return ~sum;
+}
+
+/* ecall_pointer_user_check, ecall_pointer_in, ecall_pointer_out, ecall_pointer_in_out:
+ *   The root ECALLs to test [in], [out], [user_check] attributes.
+ */
+size_t ecall_pointer_user_check(void *val, size_t sz)
+{
+    /* check if the buffer is allocated outside */
+    if (sgx_is_outside_enclave(val, sz) != 1)
+        abort();
+
+    char tmp[100] = {0};
+    size_t len = sz>100?100:sz;
+    
+    /* copy the memory into the enclave to make sure 'val' 
+     * is not being changed in checksum_internal() */
+    memcpy(tmp, val, len);
+    
+    int32_t sum = checksum_internal((char *)tmp, len);
+    printf("Checksum(0x%p, %zu) = 0x%x\n", 
+            val, len, (unsigned int)sum);
+    
+    /* modify outside memory directly */
+    memcpy(val, "SGX_SUCCESS", len>12?12:len);
+
+	return len;
+}
+
+/* ecall_pointer_in:
+ *   the buffer of val is copied to the enclave.
+ */
+
+void ecall_pointer_in(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    *val = 1234;
+}
+
+/* ecall_pointer_out:
+ *   the buffer of val is copied to the untrusted side.
+ */
+void ecall_pointer_out(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    assert(*val == 0);
+    *val = 1234;
+}
+
+/* ecall_pointer_in_out:
+ * the buffer of val is double-copied.
+ */
+void ecall_pointer_in_out(int *val)
+{
+    if (sgx_is_within_enclave(val, sizeof(int)) != 1)
+        abort();
+    *val = 1234;
+}
+
+/* ocall_pointer_attr:
+ *   The root ECALL that test OCALL [in], [out], [user_check].
+ */
+void ocall_pointer_attr(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    int val = 0;
+    ret = ocall_pointer_user_check(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+
+    val = 0;
+    ret = ocall_pointer_in(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 0);
+
+    val = 0;
+    ret = ocall_pointer_out(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+
+    val = 0;
+    ret = ocall_pointer_in_out(&val);
+    if (ret != SGX_SUCCESS)
+        abort();
+    assert(val == 1234);
+
+    return;
+}
+
+/* ecall_pointer_string:
+ *   [string] defines a string.
+ */
+void ecall_pointer_string(char *str)
+{
+    strncpy(str, "0987654321", strlen(str));
+}
+
+/* ecall_pointer_string_const:
+ *   const [string] defines a string that cannot be modified.
+ */
+void ecall_pointer_string_const(const char *str)
+{
+    char* temp = new char[strlen(str)];
+    strncpy(temp, str, strlen(str));
+    delete []temp;
+}
+
+/* ecall_pointer_size:
+ *   'len' needs to be specified to tell Edger8r the length of 'str'.
+ */
+void ecall_pointer_size(void *ptr, size_t len)
+{
+    strncpy((char*)ptr, "0987654321", len);
+}
+
+/* ecall_pointer_count:
+ *   'cnt' needs to be specified to tell Edger8r the number of elements in 'arr'.
+ */
+void ecall_pointer_count(int *arr, int cnt)
+{
+    for (int i = (cnt - 1); i >= 0; i--)
+        arr[i] = (cnt - 1 - i);
+}
+
+/* ecall_pointer_isptr_readonly:
+ *   'buf' is user defined type, shall be tagged with [isptr].
+ *   if it's not writable, [readonly] shall be specified. 
+ */
+void ecall_pointer_isptr_readonly(buffer_t buf, size_t len)
+{
+    strncpy((char*)buf, "0987654321", len);
+}
+

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Pointers.edl

@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Pointers.edl - Samples for pointer attributes. */
+
+enclave {
+    
+    /* 
+     * Following keywords/attributes are supported for pointers in Edger8r: 
+     *      in, out, user_check, 
+     *      string, wstring,
+     *      const, size, count, isptr, readonly
+     */
+
+    trusted {
+        
+        /*
+         * [user_check]:
+         *      the pointer won't be validated, and the buffer pointed by
+         *      'val' is not copied into the enclave either. But Enclave 
+         *      can modify the memory pointed by 'val'.
+         */
+        
+        public size_t ecall_pointer_user_check([user_check] void *val, size_t sz);
+        
+        /*
+         * [in]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      content pointed by 'val' will be copied into the new allocated
+         *      memory inside. Any changes performed inside the enclave will not 
+         *      affect the buffer outside.
+         */
+        
+        public void ecall_pointer_in([in] int *val);
+        
+        /*
+         * [out]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      but the content pointed by 'val' won't be copied. But after return, 
+         *      the buffer inside the enclave will copied into outside 'val'.
+         */
+        
+        public void ecall_pointer_out([out] int *val);
+
+        /*
+         * [in, out]:
+         *      buffer with the same size will be allocated inside the enclave,
+         *      the content pointed by 'val' will be copied either. After return, 
+         *      the buffer inside the enclave will by copied into outside 'val' again.
+         */
+        
+        public void ecall_pointer_in_out([in, out] int *val);
+        
+        /*
+         * [string]:
+         *      the attribute tells Edger8r 'str' is NULL terminated string, so strlen 
+         *      will be used to count the length of buffer pointed by 'str'.
+         */
+        
+        public void ecall_pointer_string([in, out, string] char *str);
+
+        /*
+         * [const]:
+         *      the attribute tells Edger8r the buffer pointed by 'str' cannot be modified,
+         *      so users cannot decorate 'str' with [out] attribute anymore.
+         */
+        
+        public void ecall_pointer_string_const([in, string] const char *str);
+
+        /*
+         * [size]:
+         *      the attribute tells Edger8r the length of buffer in byte pointed by 'ptr' 
+         *      (shall be copied or not). 
+         * Note: Users shall not specify [size] on [string] parameters.
+         */
+        
+        public void ecall_pointer_size([in, out, size=len] void *ptr, size_t len);
+
+        /*
+         * [count]:
+         *      the attribute tells Edger8r the number of integers to be copied from 'arr'.
+         */
+        
+        public void ecall_pointer_count([in, out, count=cnt] int *arr, int cnt);
+
+        /*
+         * [isptr]:
+         *      tells Edger8r the user defined type is a pointer; 
+         * [readonly]:
+         *      forbids the buffer allocated inside the enclave to be copied back to App
+         *      (cannot use with [out]).
+         */
+        
+        public void ecall_pointer_isptr_readonly([in, isptr, readonly, size=len] buffer_t buf, size_t len);
+        
+    };
+
+    /*
+     * Users can define multiple trusted/untrusted blocks, 
+     * edger8r will merged them into one trusted/untrusted block.
+     */
+    trusted {
+        /*
+         * Test pointer attributes in OCALLs
+         */
+        
+        public void ocall_pointer_attr(void);
+    
+    };
+
+    untrusted {
+    
+        /*
+         * [user_check]:
+         *      the pointer won't be valified, and the buffer pointed by 'val' is not 
+         *      copied to outside buffer either. Besides 'App' cannot modify the memory 
+         *      pointer by 'val'.
+         */
+        
+        void ocall_pointer_user_check([user_check] int *val);
+        
+        /*
+         * [in]:
+         *      buffer with the same size will be allocated in 'App' side, the content 
+         *      pointed by 'val' will be copied into the new allocated memory outside. 
+         *      Any changes performed by 'App' will not affect the buffer pointed by 'val'.
+         */
+        
+        void ocall_pointer_in([in] int *val);
+        
+        /*
+         * [out]:
+         *      buffer with the same size will be allocated in 'App' side, the content
+         *      pointed by 'val' won't be copied. But after return, the buffer outside
+         *      will be copied into the enclave.
+         */
+        
+        void ocall_pointer_out([out] int *val);
+
+        /*
+         * [in, out]:
+         *      buffer with the same size will be allocated in 'App' side, the content
+         *      pointed by 'val' will be copied either. After return, the buffer outside 
+         *      will copied into the enclave.
+         */
+        
+        void ocall_pointer_in_out([in, out] int *val);
+    
+    };
+
+};

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.cpp

@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Test Basic Types */
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+#include <limits>
+#include <cmath>
+
+/* used to eliminate `unused variable' warning */
+#define UNUSED(val) (void)(val)
+
+#define ULP 2
+
+/* used to compare double variables in order to avoid compile warnings */
+bool  almost_equal(double x, double y)
+{
+    /* the machine epsilon has to be scaled to the magnitude of the larger value
+       and multiplied by the desired precision in ULPs (units in the last place) */
+    return std::abs(x-y) <= std::numeric_limits<double>::epsilon() * std::abs(x+y) * ULP;
+}
+
+/* used to compare double variables in order to avoid compile warnings */
+bool  almost_equal(float x, float y)
+{
+    /* the machine epsilon has to be scaled to the magnitude of the larger value
+       and multiplied by the desired precision in ULPs (units in the last place) */
+    return std::abs(x-y) <= std::numeric_limits<float>::epsilon() * std::abs(x+y) * ULP;
+}
+
+/* ecall_type_char:
+ *   [char] value passed by App.
+ */
+void ecall_type_char(char val)
+{
+    assert(val == 0x12);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_int:
+ *   [int] value passed by App.
+ */
+void ecall_type_int(int val)
+{
+    assert(val == 1234);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_float:
+ *   [float] value passed by App.
+ */
+void ecall_type_float(float val)
+{
+    assert(almost_equal(val, (float)1234.0));
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_double:
+ *   [double] value passed by App.
+ */
+void ecall_type_double(double val)
+{
+    assert(almost_equal(val, (double)1234.5678));
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_size_t:
+ *   [size_t] value passed by App.
+ */
+void ecall_type_size_t(size_t val)
+{
+    assert(val == (size_t)12345678);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_wchar_t:
+ *   [wchar_t] value passed by App.
+ */
+void ecall_type_wchar_t(wchar_t val)
+{
+    assert(val == (wchar_t)0x1234);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/* ecall_type_struct:
+ *   struct_foo_t is defined in EDL and can be used in ECALL.
+ */
+void ecall_type_struct(struct struct_foo_t val)
+{
+    assert(val.struct_foo_0 == 1234);
+    assert(val.struct_foo_1 == 5678);
+#ifndef DEBUG
+    UNUSED(val);
+#endif
+}
+
+/*
+ * ecall_type_enum_union:
+ *   enum_foo_t/union_foo_t is defined in EDL 
+ *   and can be used in ECALL.
+ */
+void ecall_type_enum_union(enum enum_foo_t val1, union union_foo_t *val2)
+{
+    if (sgx_is_outside_enclave(val2, sizeof(union union_foo_t)) != 1)
+        abort();
+    val2->union_foo_0 = 1;
+    val2->union_foo_1 = 2; /* overwrite union_foo_0 */
+    assert(val1 == ENUM_FOO_0);
+#ifndef DEBUG
+    UNUSED(val1);
+#endif
+}

SampleCode/SampleEnclavePCL/Enclave/Edger8rSyntax/Types.edl

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Types.edl - Samples for basic types. */
+
+enclave {
+
+    /* 
+     * Following types can be supported in Edger8r: 
+     *      char, short, int, float, double, void, 
+     *      int8_t, int16_t, int32_t, int64_t,
+     *      size_t, wchar_t, 
+     *      uint8_t, uint16_t, uint32_t, uint64_t, 
+     *      unsigned, struct, enum, union.
+     */
+
+    /*
+     * We will demo few types in ECALL functions, data 
+     * types in OCALL functions can be handled either.
+     */
+
+     /* structure definition */
+    struct struct_foo_t {
+        /* Basic types can be used in structure. */
+        uint32_t struct_foo_0;
+        uint64_t struct_foo_1;
+    };
+
+    /* enum definition */
+    enum enum_foo_t {
+        ENUM_FOO_0 = 0,
+        ENUM_FOO_1 = 1
+    };
+
+    /* union definition */
+    union union_foo_t {
+        uint32_t union_foo_0;
+        uint32_t union_foo_1;
+        uint64_t union_foo_3;
+    };
+
+    trusted {
+
+        public void ecall_type_char(char val);
+        public void ecall_type_int(int val);
+
+        public void ecall_type_float(float val);
+        public void ecall_type_double(double val);
+
+        public void ecall_type_size_t(size_t val);
+        public void ecall_type_wchar_t(wchar_t val);
+
+        public void ecall_type_struct(struct struct_foo_t val);
+        public void ecall_type_enum_union(enum enum_foo_t val1, [user_check] union union_foo_t *val2);
+        
+        /* for using user defined types, please refer to Pointers.edl, Arrays.edl. */
+    };
+
+};

SampleCode/SampleEnclavePCL/Enclave/Enclave.config.xml

@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

SampleCode/SampleEnclavePCL/Enclave/Enclave.cpp

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <stdarg.h>
+#include <stdio.h>      /* vsnprintf */
+
+#include "Enclave.h"
+#include "Enclave_t.h"  /* print_string */
+
+/* 
+ * printf: 
+ *   Invokes OCALL to display the enclave buffer to the terminal.
+ */
+void printf(const char *fmt, ...)
+{
+    char buf[BUFSIZ] = {'\0'};
+    va_list ap;
+    va_start(ap, fmt);
+    vsnprintf(buf, BUFSIZ, fmt, ap);
+    va_end(ap);
+    ocall_print_string(buf);
+}

SampleCode/SampleEnclavePCL/Enclave/Enclave.edl

@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Enclave.edl - Top EDL file. */
+
+enclave {
+    
+    include "user_types.h" /* buffer_t */
+
+    /* Import ECALL/OCALL from sub-directory EDLs.
+     *  [from]: specifies the location of EDL file. 
+     *  [import]: specifies the functions to import, 
+     *  [*]: implies to import all functions.
+     */
+    
+    from "Edger8rSyntax/Types.edl" import *;
+    from "Edger8rSyntax/Pointers.edl" import *;
+    from "Edger8rSyntax/Arrays.edl" import *;
+    from "Edger8rSyntax/Functions.edl" import *;
+
+    from "TrustedLibrary/Libc.edl" import *;
+    from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map;
+    from "TrustedLibrary/Thread.edl" import *;
+
+    /* 
+     * ocall_print_string - invokes OCALL to display string buffer inside the enclave.
+     *  [in]: copy the string buffer to App outside.
+     *  [string]: specifies 'str' is a NULL terminated buffer.
+     */
+    untrusted {
+        void ocall_print_string([in, string] const char *str);
+    };
+
+};

SampleCode/SampleEnclavePCL/Enclave/Enclave.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#ifndef _ENCLAVE_H_
+#define _ENCLAVE_H_
+
+#include <stdlib.h>
+#include <assert.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+void printf(const char *fmt, ...);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_ENCLAVE_H_ */

SampleCode/SampleEnclavePCL/Enclave/Enclave.lds

@@ -0,0 +1,10 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

SampleCode/SampleEnclavePCL/Enclave/Enclave_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.cpp

@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <string.h>
+#include "sgx_cpuid.h"
+
+#include "sgx_trts.h"
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/* ecall_malloc_free:
+ *   Uses malloc/free to allocate/free trusted memory.
+ */
+void ecall_malloc_free(void)
+{
+    void *ptr = malloc(100);
+    assert(ptr != NULL);
+    memset(ptr, 0x0, 100);
+    free(ptr);
+}
+
+/* ecall_sgx_cpuid:
+ *   Uses sgx_cpuid to get CPU features and types.
+ */
+void ecall_sgx_cpuid(int cpuinfo[4], int leaf)
+{
+    sgx_status_t ret = sgx_cpuid(cpuinfo, leaf);
+    if (ret != SGX_SUCCESS)
+        abort();
+}

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libc.edl

@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Libc.edl - EDL sample for trusted C library. */
+
+enclave {
+    
+    from "sgx_tstdc.edl" import sgx_oc_cpuidex;
+
+    /* 
+     * A subset of the C99 standard is supported as well as SGX customized functions: 
+     *  sgx_cpuid, etc.
+     */
+
+    trusted {
+        /*
+         * Utilize malloc/free in enclave.
+         */
+        public void ecall_malloc_free(void);
+
+        /*
+         * Utilize SGX version __cpuid() in enclave.
+         */
+        public void ecall_sgx_cpuid([in, out] int cpuinfo[4], int leaf);
+    };
+};

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.cpp

@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include <cstdlib>
+#include <string>
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+/*
+ * ecall_exception:
+ *   throw/catch C++ exception inside the enclave.
+ */
+
+void ecall_exception(void)
+{
+    std::string foo = "foo";
+    try {
+        throw std::runtime_error(foo);
+    }
+    catch (std::runtime_error const& e) {
+        assert( foo == e.what() );
+        std::runtime_error clone("");
+        clone = e;
+        assert(foo == clone.what() );
+    }
+    catch (...) {
+        assert( false );
+    }
+}
+
+#include <map>
+#include <algorithm>
+
+using namespace std;
+
+/*
+ * ecall_map:
+ *   Utilize STL <map> in the enclave.
+ */
+void ecall_map(void)
+{
+    typedef map<char, int, less<char> > map_t;
+    typedef map_t::value_type map_value;
+    map_t m;
+
+    m.insert(map_value('a', 1));
+    m.insert(map_value('b', 2));
+    m.insert(map_value('c', 3));
+    m.insert(map_value('d', 4));
+
+    assert(m['a'] == 1);
+    assert(m['b'] == 2);
+    assert(m['c'] == 3);
+    assert(m['d'] == 4);
+
+    assert(m.find('e') == m.end());
+    
+    return;
+}

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Libcxx.edl

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+/* Libcxx.edl - EDL sample for trusted C++ library. */
+
+enclave {
+    
+    /* 
+     * A subset of the C++03 standard is supported.
+     */
+
+    trusted {
+        /*
+         * Throw/catch exception inside the enclave.
+         */
+        public void ecall_exception(void);
+
+        /*
+         * Utilize <map> inside the enclave.
+         */
+        public void ecall_map(void);
+    };
+};

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.cpp

@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
+#include "../Enclave.h"
+#include "Enclave_t.h"
+
+#include "sgx_thread.h"
+
+static size_t global_counter = 0;
+static sgx_thread_mutex_t global_mutex = SGX_THREAD_MUTEX_INITIALIZER;
+
+#define BUFFER_SIZE 50
+
+typedef struct {
+    int buf[BUFFER_SIZE];
+    int occupied;
+    int nextin;
+    int nextout;
+    sgx_thread_mutex_t mutex;
+    sgx_thread_cond_t more;
+    sgx_thread_cond_t less;
+} cond_buffer_t;
+
+static cond_buffer_t buffer = {{0, 0, 0, 0, 0, 0}, 0, 0, 0,
+    SGX_THREAD_MUTEX_INITIALIZER, SGX_THREAD_COND_INITIALIZER, SGX_THREAD_COND_INITIALIZER};
+
+/*
+ * ecall_increase_counter:
+ *   Utilize thread APIs inside the enclave.
+ */
+size_t ecall_increase_counter(void)
+{
+    size_t ret = 0;
+    for (int i = 0; i < LOOPS_PER_THREAD; i++) {
+        sgx_thread_mutex_lock(&global_mutex);
+        /* mutually exclusive adding */
+        size_t tmp = global_counter;
+        global_counter = ++tmp;
+        if (4*LOOPS_PER_THREAD == global_counter)
+            ret = global_counter;
+        sgx_thread_mutex_unlock(&global_mutex);
+    }
+    return ret;
+}
+
+void ecall_producer(void)
+{
+    for (int i = 0; i < 4*LOOPS_PER_THREAD; i++) {
+        cond_buffer_t *b = &buffer;
+        sgx_thread_mutex_lock(&b->mutex);
+        while (b->occupied >= BUFFER_SIZE)
+            sgx_thread_cond_wait(&b->less, &b->mutex);
+        b->buf[b->nextin] = b->nextin;
+        b->nextin++;
+        b->nextin %= BUFFER_SIZE;
+        b->occupied++;
+        sgx_thread_cond_signal(&b->more);
+        sgx_thread_mutex_unlock(&b->mutex);
+    }
+}
+
+void ecall_consumer(void)
+{
+    for (int i = 0; i < LOOPS_PER_THREAD; i++) {
+        cond_buffer_t *b = &buffer;
+        sgx_thread_mutex_lock(&b->mutex);
+        while(b->occupied <= 0)
+            sgx_thread_cond_wait(&b->more, &b->mutex);
+        b->buf[b->nextout++] = 0;
+        b->nextout %= BUFFER_SIZE;
+        b->occupied--;
+        sgx_thread_cond_signal(&b->less);
+        sgx_thread_mutex_unlock(&b->mutex);
+    }
+}

SampleCode/SampleEnclavePCL/Enclave/TrustedLibrary/Thread.edl

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/* Thread.edl - EDL sample for trusted thread library. */
+
+enclave {
+
+    from "sgx_tstdc.edl" import sgx_thread_wait_untrusted_event_ocall, sgx_thread_set_untrusted_event_ocall, sgx_thread_setwait_untrusted_events_ocall, sgx_thread_set_multiple_untrusted_events_ocall;
+
+    trusted {
+        /*
+         * Use SGX mutex.
+         */
+        public size_t ecall_increase_counter();
+
+        /*
+         * Use SGX condition variables.
+         */
+        public void ecall_producer();
+        public void ecall_consumer();
+
+    };
+};

SampleCode/SampleEnclavePCL/Include/user_types.h

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.