Formatting fixes from clang-format

From review comments from [Laurie](capablevms#88 (comment)) and
[Andrei](capablevms#88 (comment)). Thanks both!

example_allocators/compartment_alloc/compartment_alloc.c

@@ -1,10 +1,10 @@
+#include "compartment_alloc.h"
+#include "utils.h"
 #include <cheriintrin.h>
 #include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/mman.h>
-#include "compartment_alloc.h"
-#include "utils.h"
 
 heap_compartment compartments[maxCompartments];
 int numCompartments = 0;
@@ -14,14 +14,14 @@ int numCompartments = 0;
  * allocations will be constrained by `dc` as if it was the DDC when allocation
  * occurred.
  */
-void
-*__capability init_compartment(size_t size_in_bytes, void *__capability dc)
+void *__capability init_compartment(size_t size_in_bytes, void *__capability dc)
 {
     void *buf;
     void *__capability compartment_id;
 
     // We impose a limit on our # of compartments
-    if (numCompartments + 1 == maxCompartments) {
+    if (numCompartments + 1 == maxCompartments)
+    {
         perror("Too many compartments requested.");
         exit(1);
     }
@@ -37,11 +37,11 @@ void
     // Create the new compartment
     compartment_id = sealed_reference(buf);
     compartments[numCompartments] = (heap_compartment){
-        buf,              // Space on the heap
-        0,                // bytes allocated (currently none!)
-        size_in_bytes,    // Our maximum size, to check when allocating
-        dc,               // The data capability to allocate against (like a DDC)
-        compartment_id    // An identifier which allows a holder to allocate in this component
+        buf,           // Space on the heap
+        0,             // bytes allocated (currently none!)
+        size_in_bytes, // Our maximum size, to check when allocating
+        dc,            // The data capability to allocate against (like a DDC)
+        compartment_id // An identifier which allows a holder to allocate in this component
     };
     numCompartments++;
 
@@ -63,14 +63,15 @@ void *__capability malloc_compartment(size_t len, void *__capability compartment
     int i;
 
     // Search for a compartment with the given identifier
-    for (i = 0; i < maxCompartments && compartments[i].identifier != compartment_id; i++){}
+    for (i = 0; i < maxCompartments && compartments[i].identifier != compartment_id; i++)
+    {
+    }
     if (i == maxCompartments)
     {
         perror("Given an ID for a non-existent compartment");
         exit(1);
     }
 
-
     compartment = compartments[i];
 
     // Try to "bump-allocate" some space in the compartment's buffer
@@ -80,7 +81,8 @@ void *__capability malloc_compartment(size_t len, void *__capability compartment
     rounded_length = cheri_representable_length(len);
 
     new_allocated = (addr + rounded_length) - compartment.buffer;
-    if (new_allocated > compartment.max_allocated) {
+    if (new_allocated > compartment.max_allocated)
+    {
         perror("Maximum # bytes in compartment exceeded.");
         exit(1);
     }
@@ -90,8 +92,9 @@ void *__capability malloc_compartment(size_t len, void *__capability compartment
     // We allocated some space!
     // Create a capability pointing to it and return it.
     // The capability is bounded by the data capability for this compartment.
-    allocated = cheri_cap_build((void *__capability)addr, (__uintcap_t)compartment.datacap);
-    allocated = cheri_address_set(allocated, (long)addr); // not sure why this is necessary...cheri_cap_build should do this
+    allocated = cheri_cap_build((void *__capability) addr, (__uintcap_t) compartment.datacap);
+    allocated = cheri_address_set(
+        allocated, (long) addr); // not sure why this is necessary...cheri_cap_build should do this
     allocated = cheri_bounds_set_exact(allocated, rounded_length);
 
     return allocated;

example_allocators/compartment_alloc/compartment_alloc.h

@@ -1,11 +1,12 @@
 #define maxCompartments 5
 
-typedef struct _heap_compartment {
-  void *buffer;
-  size_t bytes_allocated;
-  size_t max_allocated;
-  void *__capability datacap;
-  void *__capability identifier; // NOTE: THIS IS SEALED
+typedef struct _heap_compartment
+{
+    void *buffer;
+    size_t bytes_allocated;
+    size_t max_allocated;
+    void *__capability datacap;
+    void *__capability identifier; // NOTE: THIS IS SEALED
 } heap_compartment;
 
 void *__capability init_compartment(size_t size_in_bytes, void *__capability dc);

example_allocators/compartment_alloc/main.c

@@ -1,29 +1,32 @@
-#include "compartment_alloc.c"
 #include "../../include/common.h"
+#include "compartment_alloc.c"
 
-int main() {
-  // Create capabilities which the heap compartments will construct capabilities against
-  // (as if they were the DDC when the allocation is made).
-  // One will be read-only, the other write-only, so we can differentiate when printing.
-  void *__capability dc1 = cheri_perms_and(cheri_ddc_get(), CHERI_PERM_STORE);
-  void *__capability dc2 = cheri_perms_and(cheri_ddc_get(), CHERI_PERM_LOAD);
+int main()
+{
+    // Create capabilities which the heap compartments will construct capabilities against
+    // (as if they were the DDC when the allocation is made).
+    // One will be read-only, the other write-only, so we can differentiate when printing.
+    void *__capability dc1 = cheri_perms_and(cheri_ddc_get(), CHERI_PERM_STORE);
+    void *__capability dc2 = cheri_perms_and(cheri_ddc_get(), CHERI_PERM_LOAD);
 
-  // Create two compartments, and receive the capability that gives us authority to use them
-  void *__capability compartment1 = init_compartment(4096, dc1);
-  void *__capability compartment2 = init_compartment(4096, dc2);
+    // Create two compartments, and receive the capability that gives us authority to use them
+    void *__capability compartment1 = init_compartment(4096, dc1);
+    void *__capability compartment2 = init_compartment(4096, dc2);
 
-  // Allocate memory in each compartment
-  void *__capability c1_allocated_memory = malloc_compartment(64, compartment1);
-  void *__capability c2_allocated_memory = malloc_compartment(256, compartment2);
+    // Allocate memory in each compartment
+    void *__capability c1_allocated_memory = malloc_compartment(64, compartment1);
+    void *__capability c2_allocated_memory = malloc_compartment(256, compartment2);
 
-  // Print an explainer of each allocation (and the capability itself)
-  printf("\n\n\tThis capability is heap-allocated within our first compartment, which is write-only.\n\tWe allocated 64 bytes.\n");
-  pp_cap(c1_allocated_memory);
+    // Print an explainer of each allocation (and the capability itself)
+    printf("\n\n\tThis capability is heap-allocated within our first compartment, which is "
+           "write-only.\n\tWe allocated 64 bytes.\n");
+    pp_cap(c1_allocated_memory);
 
-  printf("\n\n\tThis capability is heap-allocated within our second compartment, which is read-only.\n\tWe allocated 256 bytes.\n");
-  pp_cap(c2_allocated_memory);
+    printf("\n\n\tThis capability is heap-allocated within our second compartment, which is "
+           "read-only.\n\tWe allocated 256 bytes.\n");
+    pp_cap(c2_allocated_memory);
 
-  printf("\nCompleted successfully.\n");
+    printf("\nCompleted successfully.\n");
 
-  return 0;
+    return 0;
 }

example_allocators/compartment_alloc/utils.h

@@ -1,16 +1,16 @@
 #include <sys/sysctl.h>
 
 // A shortcut to turn a pointer into a sealed capability
-#define sealed_reference(ptr) cheri_seal((void *__capability)ptr, cheri_get_sealcap())
+#define sealed_reference(ptr) cheri_seal((void *__capability) ptr, cheri_get_sealcap())
 
-void *__capability cheri_get_sealcap() {
-  void *__capability sealcap;
-  size_t sealcap_size = sizeof(sealcap);
-  if (sysctlbyname("security.cheri.sealcap", &sealcap, &sealcap_size, NULL, 0) < 0)
+void *__capability cheri_get_sealcap()
+{
+    void *__capability sealcap;
+    size_t sealcap_size = sizeof(sealcap);
+    if (sysctlbyname("security.cheri.sealcap", &sealcap, &sealcap_size, NULL, 0) < 0)
     {
-      printf("Fatal error. Cannot get `security.cheri.sealcap`.");
-      exit(1);
+        printf("Fatal error. Cannot get `security.cheri.sealcap`.");
+        exit(1);
     }
-  return sealcap;
+    return sealcap;
 }
-