add C-level compartmentalization micropolicy

c_policies/compartmentalization/composite_entities.yml

@@ -0,0 +1,33 @@
+- elf_name: ucHeap
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.ucHeap
+  optional: true
+  tag_all: true
+- elf_name: dover_ptr_zero
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_ptr_zero
+  tag_all: true
+- elf_name: pvPortMalloc
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.pvPortMalloc
+  tag_all: true
+- elf_name: dover_tag
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_tag
+  tag_all: true
+- elf_name: dover_untag
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_untag
+  tag_all: true
+- elf_name: dover_remove_tag
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_remove_tag
+  tag_all: true
+- elf_name: dover_ptr_tag
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_ptr_tag
+  tag_all: true
+- elf_name: dover_ptr_untag
+  kind: symbol
+  name: dover.Kernel.Code.ApplyTag.dover_ptr_untag
+  tag_all: true

c_policies/compartmentalization/include/comp_ht.h

@@ -0,0 +1,44 @@
+// Simple hashtable implementation for compartmentalization policy
+// to track various kinds of interactions (read, write, call, return)
+
+#ifndef COMP_HT_H
+#define COMP_HT_H
+
+#include <stdio.h>
+
+/* Number of top-level bins in the hash table.
+ * For FreeRTOS alone, we're looking at ~1000 interactions stored
+ * total. With mid-sized applications, can get to 6-10k. Can turn this
+ * knob below, only impacts space-time tradeoff. 1024-8192 seem
+ * reasonable. Too small will impact performance, too large wasteful
+ * of memory for HT array. TODO automatically resizing based on use
+ * obviosly better. */
+#define HT_SIZE 32768
+
+struct comp_bucket {
+  int src, dest, edge_type;
+  unsigned long count;
+  struct comp_bucket * next;
+};
+
+struct comp_ht {
+  int num_buckets;
+  int stored_objects;
+  int new_additions;
+  int initialized;
+  int reads, writes, calls, returns;
+  struct comp_bucket ** buckets;
+};
+
+// The edge types: 
+#define EDGE_READ 1
+#define EDGE_WRITE 2
+#define EDGE_CALL 3
+#define EDGE_RETURN 4
+
+struct comp_ht * ht_create(int size);
+struct comp_bucket * ht_lookup(struct comp_ht *, int src, int dest, int edge_type);
+void ht_insert(struct comp_ht *, int src, int dest, int edge_type);
+void print_func_data(struct comp_ht *, int func, int weights, FILE * outfile);
+
+#endif

c_policies/compartmentalization/include/func_defs.h

@@ -0,0 +1 @@
+const char * func_defs[] = {};

c_policies/compartmentalization/include/object_defs.h

@@ -0,0 +1 @@
+const char * object_defs[] = {};

c_policies/compartmentalization/include/policy_meta.h

@@ -0,0 +1,77 @@
+/*
+ * Generated header. Modified for compartmentalization policy.
+ */
+
+#ifndef POLICY_META_H
+#define POLICY_META_H
+
+// A map of which argument fields are being used for which
+// purposes. See policy_meta_set.h. Current policy uses three
+// arguments, although there is some reuse in cases where it is
+// safe. Words 0 and 1 are for membership bits, 2 is for object
+// or subject ID, and 3 and 4 are for heap ptr/cell color.
+#define SUBJ_INDEX 2
+#define OBJ_INDEX 2
+#define PC_CONTROL_INDEX 2
+#define CELL_COLOR_INDEX 3
+#define POINTER_COLOR_INDEX 4
+
+#define opcode_begin				0x1a
+#define opcode_end				0x26
+
+#define osv_heap_AntiPointer                    0x18    // QTag ["osv","heap","AntiPointer"]
+#define osv_heap_ApplyColor                     0x13    // QTag ["osv","heap","ApplyColor"]
+#define osv_heap_Cell                           0x10    // QTag ["osv","heap","Cell"]
+#define osv_heap_DelColor                       0x16    // QTag ["osv","heap","DelColor"]
+#define osv_heap_ModColor                       0x17    // QTag ["osv","heap","ModColor"]
+#define osv_heap_NewColor                       0x15    // QTag ["osv","heap","NewColor"]
+#define osv_heap_Pointer                        0x11    // QTag ["osv","heap","Pointer"]
+#define osv_heap_RawHeap                        0x12    // QTag ["osv","heap","RawHeap"]
+#define osv_heap_RemoveColor                    0x14    // QTag ["osv","heap","RemoveColor"]
+#define osv_heap_SpecialCaseVFPRINTF            0x19    // QTag ["osv","heap","SpecialCaseVFPRINTF"]
+
+#define osv_riscv_og_andiGrp                    0x1e    // QGroup ["osv","riscv","og","andiGrp"]
+#define osv_riscv_og_arithGrp                   0x20    // QGroup ["osv","riscv","og","arithGrp"]
+#define osv_riscv_og_branchGrp                  0x1a    // QGroup ["osv","riscv","og","branchGrp"]
+#define osv_riscv_og_csrGrp                     0x24    // QGroup ["osv","riscv","og","csrGrp"]
+#define osv_riscv_og_csriGrp                    0x25    // QGroup ["osv","riscv","og","csriGrp"]
+#define osv_riscv_og_immArithGrp                0x1f    // QGroup ["osv","riscv","og","immArithGrp"]
+#define osv_riscv_og_jumpGrp                    0x1c    // QGroup ["osv","riscv","og","jumpGrp"]
+#define osv_riscv_og_jumpRegGrp                 0x1b    // QGroup ["osv","riscv","og","jumpRegGrp"]
+#define osv_riscv_og_loadGrp                    0x21    // QGroup ["osv","riscv","og","loadGrp"]
+#define osv_riscv_og_loadUpperGrp               0x1d    // QGroup ["osv","riscv","og","loadUpperGrp"]
+#define osv_riscv_og_mulDivRemGrp               0x23    // QGroup ["osv","riscv","og","mulDivRemGrp"]
+#define osv_riscv_og_privGrp                    0x26    // QGroup ["osv","riscv","og","privGrp"]
+#define osv_riscv_og_storeGrp                   0x22    // QGroup ["osv","riscv","og","storeGrp"]
+
+// Compartmentalization function labeling
+#define osv_Comp_funcID                         0x27	// Comp.funcID
+
+// Compartmentalization global object labeling
+#define osv_Comp_globalID                       0x28	// Comp.globalID
+
+// Compartmentalization control-flow. Decimal encoding because policy_meta.yml uses decimal
+// and I'm lazy
+#define osv_threeClass_Branch_Instr             46    // QTag ["osv","threeClass","Branch-Instr"]
+#define osv_threeClass_Branch_Tgt               43    // QTag ["osv","threeClass","Branch-Tgt"]
+#define osv_threeClass_Call_Instr               44    // QTag ["osv","threeClass","Call-Instr"]
+#define osv_threeClass_Call_Tgt                 41    // QTag ["osv","threeClass","Call-Tgt"]
+#define osv_threeClass_Jumping_Branch           49    // QTag ["osv","threeClass","Jumping-Branch"]
+#define osv_threeClass_Jumping_Call             47    // QTag ["osv","threeClass","Jumping-Call"]
+#define osv_threeClass_Jumping_NoCFI            51    // QTag ["osv","threeClass","Jumping-NoCFI"]
+#define osv_threeClass_Jumping_Return           48    // QTag ["osv","threeClass","Jumping-Return"]
+#define osv_threeClass_NoCFI                    50    // QTag ["osv","threeClass","NoCFI"]
+#define osv_threeClass_Return_Instr             45    // QTag ["osv","threeClass","Return-Instr"]
+#define osv_threeClass_Return_Tgt               42    // QTag ["osv","threeClass","Return-Tgt"]
+
+// Special objects
+#define osv_Comp_special_obj_IO                 52	// Comp.special-obj-IO
+#define osv_Comp_special_obj_RAM                53	// Comp.special-obj-RAM
+#define osv_Comp_special_obj_FLASH              54	// Comp.special-obj-FLASH
+#define osv_Comp_special_obj_UART		55	// Comp.special-obj-UART
+#define osv_Comp_special_obj_PLIC	 	56	// Comp.special-obj-PLIC
+#define osv_Comp_special_obj_ETHERNET	 	57	// Comp.special-obj-PLIC
+
+// A special tag for indicating saving / restoring PC context
+#define osv_Comp_context_switch              	58	// Comp.context-switch
+#endif // POLICY_META_H

c_policies/compartmentalization/include/policy_meta_set.h

@@ -0,0 +1,46 @@
+#ifndef META_SET_H
+#define META_SET_H
+
+#include <stdint.h>
+#include <stdbool.h>
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+// The size of a whole tag set, in uint32s
+#define META_SET_WORDS 5
+
+// The number of bitfields in ms->tags
+#define META_SET_BITFIELDS 2
+
+// The number of tag argument postions following the bitfields in ms->tags
+#define META_SET_ARGS 3
+
+// Arg1 = Subject ID on code, Object ID for globals
+// Arg2 = Heap Cell Color
+// Arg3 = Heap Pointer Color
+
+// The maximum tag.  Tags are positions in the 'tags' bitfield.
+// With two words for bitfields, 64 is logical max before we need to
+// redesign the meta set
+#define MAX_TAG 58
+
+typedef uintptr_t meta_t;
+typedef struct {
+  uint32_t tags[META_SET_WORDS];
+} meta_set_t;
+
+bool ms_contains(const meta_set_t *ms, meta_t m);
+bool ms_eq(const meta_set_t *ms1, const meta_set_t *ms2);
+void ms_bit_add(meta_set_t *ms, meta_t m);
+void ms_bit_remove(meta_set_t *ms, meta_t m);
+int ms_union(meta_set_t *ms1, const meta_set_t *ms2);
+
+extern const char * func_defs[];
+extern const char * object_defs[];
+
+#ifdef __cplusplus
+}
+#endif
+#endif

c_policies/compartmentalization/include/policy_rule.h

@@ -0,0 +1,27 @@
+#ifndef POLICY_RULE_H
+#define POLICY_RULE_H
+
+#include "policy_eval.h"
+#include "comp_ht.h"
+
+
+#define POLICY_EXP_FAILURE 0
+#define POLICY_IMP_FAILURE -1
+#define POLICY_SUCCESS 1
+
+#define DEBUG_STUFF 0
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void logRuleInit();
+void logRuleEval(const char* ruleDescription);
+const char* nextLogRule(int* idx);
+void load_inital_CAPMAP();
+void set_max_subjs_objs();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // POLICY_RULE_H

c_policies/compartmentalization/include/policy_utils.h

@@ -0,0 +1,18 @@
+#ifndef POLICY_UTILS_H
+#define POLICY_UTILS_H
+#include <stdlib.h>
+#include "policy_meta_set.h"
+
+ #ifdef __cplusplus
+extern "C" {
+#endif
+
+void pretty_print_rule(char * buf, const meta_set_t *ci, const meta_set_t *rs1, const meta_set_t *rs2, const meta_set_t *mem, const meta_set_t *pc);
+void print_meta_set(const meta_set_t *meta_set);
+int meta_set_to_string(const meta_set_t *meta_set, char *buf, size_t buf_len);
+void print_debug(const meta_set_t *ci, const meta_set_t *rs1, const meta_set_t *rs2, const meta_set_t *rs3, const meta_set_t *mem, const meta_set_t *pc);
+
+#ifdef __cplusplus
+}
+#endif
+#endif // POLICY_UTILS_H

c_policies/compartmentalization/include/prefetch_ht.h

@@ -0,0 +1,33 @@
+// Simple hashtable implementation for compartmentalization policy
+// to track various kinds of interactions (read, write, call, return)
+
+#ifndef PREFETCH_HT_H
+#define PREFETCH_HT_H
+
+#include <stdio.h>
+
+#define HT_PREFETCH_SIZE 4096
+
+#define PREFETCH_NUM 4
+
+struct prefetch_bucket {
+  operands_t * key;
+  int num_rules;
+  operands_t ** prefetch_ops;
+  results_t ** prefetch_res;
+  struct prefetch_bucket * next;
+};
+
+struct prefetch_ht {
+  int num_buckets;
+  int initialized;
+  int stored_objects;
+  struct prefetch_bucket ** buckets;
+};
+
+struct prefetch_ht * ht_create_prefetch(int size);
+struct prefetch_bucket * ht_lookup_prefetch(struct prefetch_ht *, operands_t * key);
+void ht_insert_prefetch(struct prefetch_ht *, operands_t * key, operands_t ** prefetch_ops, results_t ** prefetch_res, int num_rules);
+
+struct prefetch_ht * prefetch_ht = NULL;
+#endif

c_policies/compartmentalization/policy_entities.yml

@@ -0,0 +1,24 @@
+-
+  name: SOC.IO.UART_0
+  kind: soc
+-
+  name: SOC.Memory.Flash_0
+  kind: soc
+-
+  name: SOC.IO.TEST
+  kind: soc
+-
+  name: ISA.RISCV.CSR.Default
+  kind: isa
+-
+  name: ISA.RISCV.CSR.MTVec
+  kind: isa
+-
+  name: ISA.RISCV.Reg.Default
+  kind: isa
+-
+  name: ISA.RISCV.Reg.Env
+  kind: isa
+-
+  name: ISA.RISCV.Reg.RZero
+  kind: isa