Add basic Intel SGX support

.gitignore

@@ -52,6 +52,7 @@
 /es5-tests.zip
 /JS-Interpreter/
 /runtests/node_modules/
+/runtests/package-lock.json
 /d067d2f0ca30.tar.bz2
 /595a36b252ee97110724e6fa89fc92c9aa9a206a.zip
 /regfuzz-0.1.tar.gz
@@ -90,3 +91,4 @@
 /references/ECMA-262 5.1 edition June 2011.pdf
 /references/ECMA-262.pdf
 /tests/octane/octane
+/.ccls-cache

AUTHORS.rst

@@ -66,6 +66,7 @@ and agreed to irrevocably license their contributions under the Duktape
 * Rick Sayre (https://github.com/whorfin)
 * Craig Leres (https://github.com/leres)
 * Maurici Abad (https://github.com/mauriciabad)
+* Stojan Dimitrovski (https://github.com/hf)
 
 Other contributions
 ===================

config/config-options/DUK_USE_DATE_GET_LOCAL_TZOFFSET.yaml

@@ -7,3 +7,6 @@ tags:
 description: >
   Mandatory macro for getting the local time offset for a given datetime,
   see datetime.rst.
+
+  When used in Intel SGX enclaves it must be implemented by the enclave
+  developer, otherwise it will fail with a compilation error.

config/config-options/DUK_USE_DATE_GET_NOW.yaml

@@ -13,3 +13,6 @@ description: >
   If the time provided experiences time jumps or doesn't advance in realtime
   (which is useful in some time virtualization scenarios), consider defining
   DUK_USE_GET_MONOTONIC_TIME.
+
+  When used in Intel SGX enclaves it must be implemented by the enclave
+  developer, otherwise it will fail with a compilation error.

config/config-options/DUK_USE_MEMBASED_POINTER_ENCODING.yaml

@@ -0,0 +1,13 @@
+define: DUK_USE_MEMBASED_POINTER_ENCODING
+introduced: 3.0.0
+default: false
+tags:
+  - ecmascript
+description: >
+  All pointers that need to be encoded as string will be encoded in
+  lowercase hexadecimal encoding in the byte order they are laid out in
+  memory. Decoding will also work the same way. Using this will also
+  skip reliance on sscanf for platforms that don't support it.
+
+  When turned off, pointer encoding to string is done via the %p format
+  specifier in the printf and scanf family of functions.

config/config-options/DUK_USE_STANDARDIZED_POINTER_ENCODING.yaml

@@ -0,0 +1,13 @@
+define: DUK_USE_MEMBASED_POINTER_ENCODING
+introduced: 2.7.0
+default: false
+tags:
+  - ecmascript
+description: >
+  All pointers that need to be encoded as string will be encoded in
+  lowercase hexadecimal encoding in the byte order they are laid out in
+  memory. Decoding will also work the same way. Using this will also
+  skip reliance on sscanf for platforms that don't support it.
+
+  When turned off, pointer encoding to string is done via the %p format
+  specifier in the printf and scanf family of functions.

config/helper-snippets/DUK_F_INTELSGX.h.in

@@ -0,0 +1,9 @@
+/**
+ * Automatic Intel SGX detection is not possible at compile time.
+ * Therefore Intel SGX enclave developers wanting to use Duktape
+ * should either manually specify --platform=intelsgx to configure.py
+ * or manually define INTELSGX when compiling.
+ */
+#if defined(INTELSGX)
+#define DUK_F_INTELSGX
+#endif

config/platforms.yaml

@@ -31,6 +31,10 @@ autodetect:
     name: Durango (XboxOne)
     check: DUK_F_DURANGO
     include: platform_durango.h.in
+  -
+    name: Intel SGX # Keep this above Linux or Windows.
+    check: DUK_F_INTELSGX
+    include: platform_intelsgx.h.in
   -
     name: Windows
     check: DUK_F_WINDOWS

config/platforms/platform_intelsgx.h.in

@@ -0,0 +1,74 @@
+#include <endian.h>
+#include <stdint.h>
+#include <sys/types.h>
+#include <mbusafecrt.h>
+
+/*
+ * Intel SGX enclaves are completely isolated from the underlying
+ * kernel and therefore syscalls are not allowed by default. This
+ * means that getting the current time and locale information is
+ * impossible unless there is intervention by the enclave developers.
+ *
+ * Thus enclave developers must define DUK_USE_DATE_GET_NOW and
+ * DUK_USE_DATE_GET_LOCAL_TZOFFSET for their enclave either manually
+ * in duk_config.h or via other means (other config header, compiler
+ * flags). If these are not defined compilation will fail with a
+ * preprocessor error.
+ *
+ * DUK_USE_DATE_GET_NOW should return a duk_double_t value containing
+ * the current ECMASCript time.
+ * DUK_USE_DATE_GET_LOCAL_TZOFFSET should return a duk_int_t value
+ * containing the offset from UTC in seconds of the current time.
+ * See the datetime.rst file for more information, as well as the
+ * duk_bi_date.c, duk_bi_date_unix.c files for inspiration.
+ *
+ * DUK_USE_DATE_FORMAT_STRING and DUK_USE_DATE_PARSE_STRING macros are
+ * not mandatory and are therefore not defined here, but enclave
+ * developers are free to define them via duk_config.h or other means
+ * if they are implementing platform or locale scpecific date parsing
+ * and formatting.
+ *
+ * All related Duktape provided implementations regarding date and
+ * time are intentionally disabled, since date and time functions are
+ * not generally available in Intel SGX enclaves.
+ */
+
+#undef DUK_USE_DATE_FMT_STRFTIME
+#undef DUK_USE_DATE_NOW_GETTIMEOFDAY
+#undef DUK_USE_DATE_NOW_TIME
+#undef DUK_USE_DATE_NOW_WINDOWS
+#undef DUK_USE_DATE_NOW_WINDOWS_SUBMS
+#undef DUK_USE_DATE_PRS_GETDATE
+#undef DUK_USE_DATE_PRS_STRPTIME
+#undef DUK_USE_DATE_TZO_GMTIME
+#undef DUK_USE_DATE_TZO_GMTIME_R
+#undef DUK_USE_DATE_TZO_GMTIME_S
+#undef DUK_USE_DATE_TZO_WINDOWS
+#undef DUK_USE_DATE_TZO_WINDOWS_NO_DST
+
+/*
+ * Intel SGX enclaves don't have access to sscanf, so pointer parsing must
+ * be without using sscanf.
+ */
+#define DUK_USE_MEMBASED_POINTER_ENCODING
+
+#define DUK_SNPRINTF(a,b,c,...) _snprintf_s(a,b,b,c,__VA_ARGS__)
+#define DUK_VSNPRINTF(a,b,c,...) _vsnprintf_s(a,b,b,c,__VA_ARGS__)
+
+#if defined(DUK_F_WINDOWS)
+/*
+ * On Windows, assume we're little endian.  Even Itanium which has a
+ * configurable endianness runs little endian in Windows.
+ */
+#if !defined(DUK_USE_BYTEORDER)
+#define DUK_USE_BYTEORDER 1
+#endif
+#endif
+
+#if defined(DUK_F_WINDOWS)
+#define DUK_USE_OS_STRING "intelsgx-windows"
+#elif defined(DUK_F_LINUX)
+#define DUK_USE_OS_STRING "intelsgx-linux"
+#else
+#error Intel SGX is supported only on Linux or Windows.
+#endif

doc/json.rst

@@ -151,7 +151,9 @@ detection:
   need to maintain yet another growing data structure for the stack, and don't
   need to do linear stack scans to detect loops.  The downside is relatively
   large memory footprint and lots of additional string table operations.
-  However, these effects only come into play for very deep objects.
+  However, these effects only come into play for very deep objects.  The option
+  ``DUK_USE_MEMBASED_POINTER_ENCODING`` can be used to remove the reliance
+  on ``%p``, however pointer values will still be platform-dependent.
 
 There's much room for improvement in the loop detection:
 
@@ -546,6 +548,8 @@ specific form, using the format ``(%p)``, e.g.::
   (0x1ff0e10)          // 32-bit Linux
   (000FEFF8)           // 32-bit Windows
   (000000000026A8A0)   // 64-bit Windows
+  (0d0c0b0a00000000)   // 0x0A0B0C0D in 64-bit little-endian x64
+                       // with DUK_USE_MEMBASED_POINTER_ENCODING
 
 A pointer value parses back correctly when serialized and parsed by the same
 program.  Other than that there is no guarantee that a pointer value can be
@@ -561,6 +565,14 @@ an error.
 
   (null)
 
+By enabling the ``DUK_USE_MEMBASED_POINTER_ENCODING`` option you can make
+the pointer encoding and decoding be "standard" across Duktape builds, but it
+is still platform dependant. It would depend on the memory layout and size in
+bytes of a pointer value, rather than ``%p``. Pointers can, therefore, be
+parsed across different Duktape builds for the same platform. The pointers are
+encoded in lowercase hex and there are 2 hex characters for each byte of the
+pointer value, as it appears in memory, including heading / trailing 0s.
+
 ASCII only output
 -----------------
 
@@ -674,6 +686,9 @@ specific form, using the format ``%p``, but wrapped in a marker table::
 Note that compared to JX, the difference is that there are no surrounding
 parentheses outside the pointer value.
 
+The option ``DUK_USE_MEMBASED_POINTER_ENCODING`` will also be used here as
+well. 
+
 ASCII only output
 -----------------
 

src-input/duk_api_stack.c

@@ -3345,6 +3345,12 @@ DUK_INTERNAL duk_int_t duk_to_int_check_range(duk_hthread *thr, duk_idx_t idx, d
 	return duk_to_int_clamped_raw(thr, idx, minval, maxval, NULL);  /* out_clamped==NULL -> RangeError if outside range */
 }
 
+DUK_INTERNAL void duk_pointer_to_string(duk_hthread *thr, void *ptr) {
+	char ptrstr[DUK_MAX_POINTER_ENCODING_SIZE];
+	duk_size_t size = duk_encode_pointer_cstr(ptrstr, sizeof(ptrstr), (void *) ptr);
+	duk_push_lstring(thr, ptrstr, size);
+}
+
 DUK_EXTERNAL const char *duk_to_string(duk_hthread *thr, duk_idx_t idx) {
 	duk_tval *tv;
 
@@ -3408,7 +3414,7 @@ DUK_EXTERNAL const char *duk_to_string(duk_hthread *thr, duk_idx_t idx) {
 	case DUK_TAG_POINTER: {
 		void *ptr = DUK_TVAL_GET_POINTER(tv);
 		if (ptr != NULL) {
-			duk_push_sprintf(thr, DUK_STR_FMT_PTR, (void *) ptr);
+			duk_pointer_to_string(thr, ptr);
 		} else {
 			/* Represent a null pointer as 'null' to be consistent with
 			 * the JX format variant.  Native '%p' format for a NULL

src-input/duk_bi_date.c

@@ -957,8 +957,7 @@ DUK_LOCAL duk_ret_t duk__set_this_timeval_from_dparts(duk_hthread *thr, duk_doub
 	return 1;
 }
 
-/* 'out_buf' must be at least DUK_BI_DATE_ISO8601_BUFSIZE long. */
-DUK_LOCAL void duk__format_parts_iso8601(duk_int_t *parts, duk_int_t tzoffset, duk_small_uint_t flags, duk_uint8_t *out_buf) {
+DUK_LOCAL void duk__format_parts_iso8601(duk_int_t *parts, duk_int_t tzoffset, duk_small_uint_t flags, duk_uint8_t *out_buf, duk_size_t bufsize) {
 	char yearstr[8];   /* "-123456\0" */
 	char tzstr[8];     /* "+11:22\0" */
 	char sep = (flags & DUK_DATE_FLAG_SEP_T) ? DUK_ASC_UC_T : DUK_ASC_SPACE;
@@ -1008,16 +1007,16 @@ DUK_LOCAL void duk__format_parts_iso8601(duk_int_t *parts, duk_int_t tzoffset, d
 	 * is portable.
 	 */
 	if ((flags & DUK_DATE_FLAG_TOSTRING_DATE) && (flags & DUK_DATE_FLAG_TOSTRING_TIME)) {
-		DUK_SPRINTF((char *) out_buf, "%s-%02d-%02d%c%02d:%02d:%02d.%03d%s",
+		DUK_SNPRINTF((char *) out_buf, bufsize, "%s-%02d-%02d%c%02d:%02d:%02d.%03d%s",
 		            (const char *) yearstr, (int) parts[DUK_DATE_IDX_MONTH], (int) parts[DUK_DATE_IDX_DAY], (int) sep,
 		            (int) parts[DUK_DATE_IDX_HOUR], (int) parts[DUK_DATE_IDX_MINUTE],
 		            (int) parts[DUK_DATE_IDX_SECOND], (int) parts[DUK_DATE_IDX_MILLISECOND], (const char *) tzstr);
 	} else if (flags & DUK_DATE_FLAG_TOSTRING_DATE) {
-		DUK_SPRINTF((char *) out_buf, "%s-%02d-%02d",
+		DUK_SNPRINTF((char *) out_buf, bufsize, "%s-%02d-%02d",
 		            (const char *) yearstr, (int) parts[DUK_DATE_IDX_MONTH], (int) parts[DUK_DATE_IDX_DAY]);
 	} else {
 		DUK_ASSERT(flags & DUK_DATE_FLAG_TOSTRING_TIME);
-		DUK_SPRINTF((char *) out_buf, "%02d:%02d:%02d.%03d%s",
+		DUK_SNPRINTF((char *) out_buf, bufsize, "%02d:%02d:%02d.%03d%s",
 		            (int) parts[DUK_DATE_IDX_HOUR], (int) parts[DUK_DATE_IDX_MINUTE],
 		            (int) parts[DUK_DATE_IDX_SECOND], (int) parts[DUK_DATE_IDX_MILLISECOND],
 		            (const char *) tzstr);
@@ -1074,7 +1073,7 @@ DUK_LOCAL duk_ret_t duk__to_string_helper(duk_hthread *thr, duk_small_uint_t fla
 	/* Different calling convention than above used because the helper
 	 * is shared.
 	 */
-	duk__format_parts_iso8601(parts, tzoffset, flags, buf);
+	duk__format_parts_iso8601(parts, tzoffset, flags, buf, sizeof(buf));
 	duk_push_string(thr, (const char *) buf);
 	return 1;
 }