Add circular call dependency check between partitions

romkuz01 · Michael Schwarcz · commit 4fc878e55f1a · 2018-06-07T11:53:07.000+03:00
diff --git a/tools/spm/generate_partition_code.py b/tools/spm/generate_partition_code.py
@@ -1,5 +1,4 @@
 #!/usr/bin/python
-import fnmatch
 import glob
 import itertools
 import json
@@ -56,7 +55,7 @@ def __init__(
         Secure Function C'tor (Aligned with json schema)
 
         :param name: Secure function identifier (available to user)
-        :param identifier: Secure function numeric enumaration.
+        :param identifier: Secure function numeric enumeration.
         :param signal: Secure Function identifier inside the partition
         :param non_secure_clients: True to allow connections from non-secure
                partitions
@@ -286,6 +285,7 @@ def from_json(cls, manifest_file, skip_src=False):
         Load a partition manifest file
 
         :param manifest_file: Manifest file path
+        :param skip_src: Ignore the `source_files` entry
         :return: Manifest object
         """
 
@@ -402,6 +402,48 @@ def templates_to_files(self, templates, output_dir):
         return generated_files
 
 
+def check_circular_call_dependencies(manifests):
+    """
+    Check if there is a circular dependency between the partitions described by the manifests.
+    A circular dependency might happen if there is a scenario in which a partition calls a secure function in another
+    partition which than calls another secure function which resides in the originating partition.
+    For example: Partition A has a secure function A1 and extern sfid B1, partition B has a secure function B1 and
+                 extern sfid A1.
+
+    :param manifests: List of the partition manifests.
+    :return: True if a circular dependency exists, false otherwise.
+    """
+
+    # Construct a call graph.
+    call_graph = {}
+    for manifest in manifests:
+        call_graph[manifest.name] = {
+            'calls': manifest.find_dependencies(manifests),
+            'called_by': set()
+        }
+    for manifest_name in call_graph:
+        for called in call_graph[manifest_name]['calls']:
+            call_graph[called]['called_by'].add(manifest_name)
+
+    # Run topological sort on the call graph.
+    while len(call_graph) > 0:
+        # Find all the nodes that aren't called by anyone and
+        # therefore can be removed.
+        nodes_to_remove = filter(lambda x: len(call_graph[x]['called_by']) == 0, call_graph.keys())
+
+        # If no node can be removed we have a circle.
+        if not nodes_to_remove:
+            return True
+
+        # Remove the nodes.
+        for node in nodes_to_remove:
+            for called in call_graph[node]['calls']:
+                call_graph[called]['called_by'].remove(node)
+            call_graph.pop(node)
+
+    return False
+
+
 def validate_partition_manifests(manifests):
     """
     Check the correctness of the manifests list
@@ -514,6 +556,9 @@ def validate_partition_manifests(manifests):
                     ', '.join(missing_sfids), manifest.file)
             )
 
+    if check_circular_call_dependencies(manifests):
+        raise ValueError("Detected a circular call dependency between the partitions.")
+
 
 def get_latest_timestamp(*files):
     """
diff --git a/tools/test/spm/test_data.py b/tools/test/spm/test_data.py
@@ -98,11 +98,177 @@
         'irqs': [
             {"line_num": 22, "signal": "ISR22"},
             {"line_num": 23, "signal": "ISR23"}
+        ]
+    }
+]
+
+manifests_for_circular_call_dependency_checks = [
+    {
+        'name': 'PARTITION1',
+        'id': '0x7FFFFFFF',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src1.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID1',
+                'identifier': '0x00000001',
+                'signal': 'SFID1',
+                'non_secure_clients': False
+            },
+            {
+                'name': 'SFID2',
+                'identifier': '0x00000002',
+                'signal': 'SFID2',
+                'non_secure_clients': False
+            }
+        ],
+        'extern_sfids': ['SFID3', 'SFID4']
+    },
+    {
+        'name': 'PARTITION2',
+        'id': '0x7FFFFFFE',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src2.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID3',
+                'identifier': '0x00000003',
+                'signal': 'SFID3',
+                'non_secure_clients': False
+            },
+            {
+                'name': 'SFID4',
+                'identifier': '0x00000004',
+                'signal': 'SFID4',
+                'non_secure_clients': False
+            }
         ],
         'extern_sfids': ['SFID1', 'SFID2']
+    },
+    {
+        'name': 'PARTITION3',
+        'id': '0x7FFFFFFD',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src3.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID5',
+                'identifier': '0x00000005',
+                'signal': 'SFID5',
+                'non_secure_clients': False
+            }
+        ],
+        'extern_sfids': ['SFID7']
+    },
+    {
+        'name': 'PARTITION4',
+        'id': '0x7FFFFFFC',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src4.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID6',
+                'identifier': '0x00000006',
+                'signal': 'SFID6',
+                'non_secure_clients': False
+            },
+            {
+                'name': 'SFID7',
+                'identifier': '0x00000007',
+                'signal': 'SFID7',
+                'non_secure_clients': False
+            },
+        ],
+        'extern_sfids': ['SFID9']
+    },
+    {
+        'name': 'PARTITION5',
+        'id': '0x7FFFFFFB',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src5.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID8',
+                'identifier': '0x00000008',
+                'signal': 'SFID8',
+                'non_secure_clients': False
+            },
+            {
+                'name': 'SFID9',
+                'identifier': '0x00000009',
+                'signal': 'SFID9',
+                'non_secure_clients': False
+            }
+        ],
+        'extern_sfids': ['SFID5']
+    },
+    {
+        'name': 'PARTITION6',
+        'id': '0x7FFFFFFA',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src6.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID10',
+                'identifier': '0x0000000A',
+                'signal': 'SFID10',
+                'non_secure_clients': False
+            },
+            {
+                'name': 'SFID11',
+                'identifier': '0x0000000B',
+                'signal': 'SFID11',
+                'non_secure_clients': False
+            }
+        ],
+        'extern_sfids': ['SFID7', 'SFID5']
+    },
+    {
+        'name': 'PARTITION7',
+        'id': '0x7FFFFFF9',
+        'type': 'SECURE',
+        'priority': 'NORMAL',
+        'entry_point': 'test_main',
+        'stack_size': 512,
+        'heap_size': 2048,
+        'source_files': ['src6.cpp'],
+        'secure_functions': [
+            {
+                'name': 'SFID12',
+                'identifier': '0x0000000C',
+                'signal': 'SFID12',
+                'non_secure_clients': False
+            }
+        ]
     }
 ]
 
+
+
 invalid_minor_version_policy_sf = [
     {
         'name': 'SFID1',
@@ -286,6 +452,13 @@
         {{"}" if loop.last else "},"}}
 {% endfor %}
     ],
+{% if partition.extern_sfids %}
+    "extern_sfids": [
+{% for ext_sfid in partition.extern_sfids %}
+        "{{ext_sfid}}"{{"" if loop.last else ","}}
+{% endfor %}
+    ],
+{% endif %}
     "source_files": [
 {% for src in partition.source_files %}
         "{{src|basename}}"{{"" if loop.last else ","}}
@@ -297,11 +470,6 @@
             "line_num": {{irq.line_num}},
             "signal": "{{irq.signal}}"
         {{"}" if loop.last else "},"}}
-{% endfor %}
-    ],
-    "extern_sfids": [
-{% for ext_sfid in partition.extern_sfids %}
-        "{{ext_sfid}}"{{"" if loop.last else ","}}
 {% endfor %}
     ]
 }
diff --git a/tools/test/spm/test_generate_partition_code.py b/tools/test/spm/test_generate_partition_code.py
@@ -317,6 +317,14 @@ def test_valid_json(temp_test_data):
                     r'External SFID\(s\) .* can\'t be found in any partition manifest.'
             ),
             id='orphan_extern_ids'
+        ),
+        pytest.param(
+            dict(manifests[1], extern_sfids=[manifests[0]['secure_functions'][0]['name']]),
+            (
+                    ValueError,
+                    r'Detected a circular call dependency between the partitions.'
+            ),
+            id='circular_call_dependency'
         )
     ]
 )
@@ -707,7 +715,7 @@ def test_generate_partitions_sources(monkeypatch, test_template_setup):
        still exist and that modified times of the generated files didn't
        change.
 
-    :param monkeypatch: The 'monkeypath' fixture
+    :param monkeypatch: The 'monkeypatch' fixture
            (https://docs.pytest.org/en/latest/monkeypatch.html).
     :param test_template_setup: The 'test_template_setup' fixture.
     :return:
@@ -763,3 +771,78 @@ def test_generate_partitions_sources(monkeypatch, test_template_setup):
 
     for f in os.listdir(spm_output_dir):
         assert autogen_files[f] == os.path.getmtime(os.path.join(spm_output_dir, f))
+
+
+circular_call_dependency_params = {
+    'no manifests': {
+        'manifests': [],
+        'result': False
+    },
+    'one manifest': {
+        'manifests': ['PARTITION1'],
+        'result': False
+    },
+    '2 manifests with dependency': {
+        'manifests': ['PARTITION1', 'PARTITION2'],
+        'result': True
+    },
+    '2 manifests without dependency': {
+        'manifests': ['PARTITION1', 'PARTITION3'],
+        'result': False
+    },
+    '5 manifests with dependency': {
+        'manifests': ['PARTITION1', 'PARTITION3', 'PARTITION4', 'PARTITION5', 'PARTITION6'],
+        'result': True
+    },
+    '5 manifests without dependency': {
+        'manifests': ['PARTITION1', 'PARTITION3', 'PARTITION4', 'PARTITION6', 'PARTITION7'],
+        'result': False
+    }
+}
+
+
+@pytest.fixture(params=circular_call_dependency_params.values(),
+                ids=circular_call_dependency_params.keys())
+def circular_dependencies(request, tmpdir_factory):
+    """
+    Fixture (https://docs.pytest.org/en/latest/fixture.html) function to be
+    used by the tests.
+    This fixture function Creates a JSON manifest file from a given partition
+    dictionary and save it
+    to a temporary directory.
+    This fixture uses the 'temp_test_data' fixture.
+    This fixture is a parametrized fixture
+    (https://docs.pytest.org/en/latest/fixture.html#parametrizing-fixtures).
+    The scope of this fixture is a specific test.
+
+    :param request: Request object which contain the current parameter from
+           'circular_call_dependency_params'.
+    :param temp_test_data: The 'temp_test_data' fixture.
+    :return: A Dictionary containing these values:
+             - files - list of manifest filesgenerated
+             - The expected result from check_circular_call_dependencies
+    """
+    test_dir = tmpdir_factory.mktemp('test_data')
+
+    test_manifests = filter(lambda x: x['name'] in request.param['manifests'],
+                            manifests_for_circular_call_dependency_checks)
+    manifest_files = [
+        dump_manifest_to_json(manifest, manifest['name'], test_dir) for
+        manifest in test_manifests]
+
+    return {'files': manifest_files, 'result': request.param['result']}
+
+
+def test_check_circular_call_dependencies(circular_dependencies):
+    """
+    Test detection of circular call dependencies between the partitions.
+    The test performs the circular call dependency check in a few
+    predefined partition topologies and compares the result with the expected value.
+
+    :param circular_dependencies: the 'circular_dependencies' fixture
+    :return:
+    """
+
+    objects = [Manifest.from_json(_file) for _file in circular_dependencies['files']]
+
+    assert check_circular_call_dependencies(objects) == circular_dependencies['result']
