66#include < debug.hh>
77#include < optional>
88#include < priv/riscv.h>
9- #include < token.h>
109#include < timeout.hh>
10+ #include < token.h>
1111#include < unwind.h>
1212
1313using namespace CHERI ;
@@ -44,7 +44,8 @@ compartment_error_handler(struct ErrorState *frame, size_t mcause, size_t mtval)
4444 * chosen by compiler. The exception is PCC. */
4545 if (expectedRegisterNumber.has_value ())
4646 {
47- TEST_EQUAL (registerNumber, *expectedRegisterNumber, " wrong register num"
47+ TEST_EQUAL (
48+ registerNumber, *expectedRegisterNumber, " wrong register num"
4849 expectedRegisterNumber = std::nullopt ;
4950 }
5051 }
@@ -126,8 +127,8 @@ namespace
126127 void run_test ()
127128 {
128129 debug_log (" Set bounds test reqBase={} reqLen={}"
129- RequestedBase,
130- RequestedLength);
130+ RequestedBase,
131+ RequestedLength);
131132 // Sanity checks on the test case TODO check statically?
132133 TEST (ExpectedBase <= ExpectedTop,
133134 " Invalid test case: exp_base > exp_top"
@@ -136,7 +137,7 @@ namespace
136137 TEST (ExpectedTop >= RequestedBase + RequestedLength,
137138 " Invalid test case: exp_top < req_top"
138139 TEST (ExpectedTopRoundDown <= (RequestedBase + RequestedLength),
139- " Invalid test case: exp_top_rndwn > req_base+req_len"
140+ " Invalid test case: exp_top_rndwn > req_base+req_len"
140141
141142 /*
142143 * Attempt set bounds with requested bounds. By starting with NULL
@@ -166,15 +167,18 @@ namespace
166167 0x3ff ,
167168 0xd00 ,
168169 0x1100 , // exact top, inexact base, e bump
169- 0xd01 + 0x1ff ),
170- SetBoundsTestCase (0x9f3 , 0x7ff ,
171- 0x000009F0 , 0x000011F8 ,
172- 0x9F3 + 0x1ff ), // T-B = 0x201
170+ 0xd01 + 0x1ff ),
171+ SetBoundsTestCase (0x9f3 ,
172+ 0x7ff ,
173+ 0x000009F0 ,
174+ 0x000011F8 ,
175+ 0x9F3 + 0x1ff ), // T-B = 0x201
173176 SetBoundsTestCase (0xbeef9793 ,
174177 0x3fb ,
175178 0xBEEF9792 ,
176179 0xBEEF9B8E ,
177- 0xbeef9793 + 0x1ff ), // monotonicity failure regression part i
180+ 0xbeef9793 +
181+ 0x1ff ), // monotonicity failure regression part i
178182 SetBoundsTestCase (0xbeef9792 ,
179183 0x3fc ,
180184 0xBEEF9792 ,
@@ -210,7 +214,8 @@ namespace
210214 requestedPermissions.to_representable ();
211215 capability.permissions () &= mask;
212216 TEST_EQUAL (PermissionSet (capability.permissions ()),
213- expectedPermissions, " permissions did not match expected"
217+ expectedPermissions,
218+ " permissions did not match expected"
214219 }
215220
216221 void test_and_perms ()
@@ -239,15 +244,17 @@ namespace
239244 * Returns the return capability passed to this function by the caller. To
240245 * ensure this works we need to disable inlining and tail call optimisation.
241246 */
242- __noinline __attribute__ ((not_tail_called)) void *get_return_address() {
247+ __noinline __attribute__ ((not_tail_called)) void *get_return_address()
248+ {
243249 return __builtin_return_address (0 );
244250 }
245251
246252 /* *
247253 * Returns an interrupt disabling return sentry by calling the above helper
248254 * from an interrupts disabled context.
249255 */
250- [[cheri::interrupt_state(disabled)]] void *get_interrupts_disabled_return_sentry ()
256+ [[cheri::interrupt_state(disabled)]] void *
257+ get_interrupts_disabled_return_sentry ()
251258 {
252259 return get_return_address ();
253260 }
@@ -256,7 +263,8 @@ namespace
256263 * Returns an interrupt enabling return sentry by calling the above helper
257264 * from an interrupts enabled context.
258265 */
259- [[cheri::interrupt_state(enabled)]] void *get_interrupts_enabled_return_sentry ()
266+ [[cheri::interrupt_state(enabled)]] void *
267+ get_interrupts_enabled_return_sentry ()
260268 {
261269 return get_return_address ();
262270 }
@@ -268,9 +276,9 @@ namespace
268276 // '__library_export_isa_test__ZN12_GLOBAL__N_129get_interrupts_enabled_sentryEv'
269277 // as cross-compartment call possible compiler / linker bug?
270278
271- // Capability interruptsEnabledSentry = {get_interrupts_enabled_return_sentry};
272- // debug_log("interrupts enabled sentry {}",
273- // reinterpret_cast<void*>(interruptsEnabledSentry.get()));
279+ // Capability interruptsEnabledSentry =
280+ // {get_interrupts_enabled_return_sentry}; debug_log("interrupts enabled
281+ // sentry {}", reinterpret_cast<void*>(interruptsEnabledSentry.get()));
274282 // TEST(interruptsEnabledSentry.type() == 3,
275283 // "Expected type 3 but got {}",
276284 // interruptsEnabledSentry.type());
@@ -282,21 +290,21 @@ namespace
282290 // "Expected type 2 but got {}",
283291 // interruptsDisabledSentry.type());
284292
285- Capability interruptsEnabledReturnSentry = get_interrupts_enabled_return_sentry ();
286- debug_log ( " interrupts enabled return sentry {} " , interruptsEnabledReturnSentry );
287- TEST_EQUAL (
288- interruptsEnabledReturnSentry. type (),
289- CheriSealTypeReturnSentryEnabling ,
290- " Wrong type for enabling return sentry. "
291- );
292-
293- Capability interruptsDisabledReturnSentry = get_interrupts_disabled_return_sentry ();
294- debug_log ( " interrupts disabled return sentry {} " , interruptsDisabledReturnSentry );
295- TEST_EQUAL (
296- interruptsDisabledReturnSentry. type (),
297- CheriSealTypeReturnSentryDisabling ,
298- " Wrong type for disabling return sentry. "
299- );
293+ Capability interruptsEnabledReturnSentry =
294+ get_interrupts_enabled_return_sentry ( );
295+ debug_log ( " interrupts enabled return sentry {} " ,
296+ interruptsEnabledReturnSentry);
297+ TEST_EQUAL (interruptsEnabledReturnSentry. type () ,
298+ CheriSealTypeReturnSentryEnabling,
299+ " Wrong type for enabling return sentry. "
300+
301+ Capability interruptsDisabledReturnSentry =
302+ get_interrupts_disabled_return_sentry ( );
303+ debug_log ( " interrupts disabled return sentry {} " ,
304+ interruptsDisabledReturnSentry);
305+ TEST_EQUAL (interruptsDisabledReturnSentry. type () ,
306+ CheriSealTypeReturnSentryDisabling,
307+ " Wrong type for disabling return sentry. "
300308 }
301309
302310 /* *
@@ -415,9 +423,7 @@ namespace
415423 int previousCrashes = crashes;
416424 // on_error with no handler will just skip the rest of the lambda
417425 // after an unwind, which is what we want.
418- on_error ([&]() {
419- perform_load (capToIntPointer);
420- });
426+ on_error ([&]() { perform_load (capToIntPointer); });
421427 TEST (crashes == previousCrashes + 1 ,
422428 " Expected load via {} to crash"
423429 capToIntPointer);
@@ -468,9 +474,7 @@ namespace
468474 expectedErrorPC = Capability{perform_store}.address ();
469475 }
470476 int previousCrashes = crashes;
471- on_error ([&]() {
472- perform_store (storeData, capToIntPointer);
473- });
477+ on_error ([&]() { perform_store (storeData, capToIntPointer); });
474478 TEST (crashes == previousCrashes + (expectCrash ? 1 : 0 ),
475479 " {} store of {} via {} to crash"
476480 expectCrash ? " Expected" " Did not expect"
@@ -617,9 +621,7 @@ namespace
617621 expectedMCause = MCauseCheri;
618622 expectedCauseCode = exception;
619623 int previousCrashes = crashes;
620- on_error ([&]() {
621- capToFunction.get ()();
622- });
624+ on_error ([&]() { capToFunction.get ()(); });
623625 TEST (crashes == previousCrashes + 1 ,
624626 " Expected jalr to {} to crash"
625627 capToFunction);
@@ -691,9 +693,7 @@ namespace
691693 expectedRegisterNumber = RegisterNumber::PCC;
692694 debug_log (" Calling function with too small PCC bounds {}"
693695 int previousCrashes = crashes;
694- on_error ([&]() {
695- (*capToTarget)();
696- });
696+ on_error ([&]() { (*capToTarget)(); });
697697 TEST (crashes == previousCrashes + 1 ,
698698 " Call with too small PCC bounds did not crash."
699699 }
@@ -728,12 +728,14 @@ namespace
728728int test_isa ()
729729{
730730 // get some sealing and sealed capabilities for use in tests
731- sealingCapability = token_key_new ();
731+ sealingCapability = token_key_new ();
732732 sealedDataCapability = blocking_forever<token_sealed_alloc>(
733- MALLOC_CAPABILITY, sealingCapability, sizeof (void *));
733+ MALLOC_CAPABILITY, sealingCapability, sizeof (void *));
734734 // Do some sanity checks on above
735- TEST (Capability{sealingCapability}.permissions ().contains (Permission::Seal), " sealing key dosen't have seal permission"
736- TEST (Capability{sealedDataCapability}.is_sealed (), " sealedDataCap is not sealed"
735+ TEST (Capability{sealingCapability}.permissions ().contains (Permission::Seal),
736+ " sealing key dosen't have seal permission"
737+ TEST (Capability{sealedDataCapability}.is_sealed (),
738+ " sealedDataCap is not sealed"
737739 test_set_bounds ();
738740 test_and_perms ();
739741 test_sentries ();
@@ -742,6 +744,7 @@ int test_isa()
742744 test_restricted_loads ();
743745 test_store_faults ();
744746 test_jalr_faults ();
745- token_obj_destroy (MALLOC_CAPABILITY, sealingCapability, sealedDataCapability);
747+ token_obj_destroy (
748+ MALLOC_CAPABILITY, sealingCapability, sealedDataCapability);
746749 return 0 ;
747750}
0 commit comments