During the initial partitioning analysis each partition is assigned the set of globals it is using (modifying and/or referencing). This set needs to be updated after a partition optimization is applied, as during the optimization functions are moved between two partitions, thus the globals used in each partition may also be changed.

A global setter is added even if the other partition is not using that global.

I am interested in this line of work. Can I have pointer to your thesis/publication to learn about the underlying theory/concepts?

Partition Functions' optimization moves a function into a partition if this function is called from a partition only. However it is possible that moved function calls non-enclave functions in a loop. In this case it is better to leave it outside of an enclave.

This scenario can be observed for the snake game, where optimizer moves draw_line function into the partition. draw_line is called two times from enclave function, but it is calling non-enclave functions (library functions that can not be moved into an enclave) in a loop.

Create proto messages only for partition's in-interface, i.e. functions that are called from outside, rather than all functions in a partition.

Augmented Call Graph is built using the LLVM Call Graph, which does not contain edges for indirect call sites. As a result the ACG is not accurate.
Change the ACG builder to use PDG instead, which has the indirect calls in it.

Global setters does not exist in the original sources, they are created during the library extraction pass. As such they are not analyzed by the clang tool and are not added to the edl file.

Normalize costs for each factor to be in a range [0, 1]

Running partitioned program with actual SGX use (no simulator) fails with the following error:

2020-02-02T18:39:16.016755Z [(H)ERROR] tid(0x7f79c35d4740) | :OE_INVALID_PARAMETER [/home/jenkins/work_dir/workspace/OpenEnclave-v0.7.x_packages/host/calls.c:oe_call_enclave_function_by_table_id:68]
Failed to invoke ecall eat_goldMakefile:13: recipe for target 'run' failed     |
make: *** [run] Error 1

Consider the following code snippet

void F(callbackType callback)
{
    int i = 13;
    if (i > 0) {
        callback = &print1;
    } else {
        callback = &print2;
    }
    callback(13);
}

there can be following cases after the partition optimization:

1. F, print1, print2 are all in secure/insecure partitions - then we are good
2. F is in one partition and print1 and/or print2 are in another partition
   2.1) print1/print2 do not have any use in the partition they are placed (this may not be the case if a optimization has been applied) -
   then need to move print1/print2 to the partition of F
   2.2) print1/print2 do have usage in the partition their are included in - then need to include copies of print1/print2 in the partition of F

Include function size and the level of its' relation to security sensitive functions into KL optimizer's gain function.

Right now it is done manually.

Header files may be detected during clang tool run. The files where data structures used by app/enclave function are defined should be included in app/enclave_driver.