Raise wasi-sdk to 25 and wabt to 1.0.37. It includes
- Refactor CI workflow to install WASI-SDK and WABT from a composite action
- Use ExternalProject to bring wasm-apps for few samples. file/ wasi-threads/
- Refactor sample build and test steps in SGX compilation workflow for improved clarity and efficiency (workaround)
Add CMake support for EMSCRIPTEN and WAMRC, update module paths
3.14 is used and tested by linux mini-product
to fix
```
CMake Error at CMakeLists.txt:4 (cmake_minimum_required):
Compatibility with CMake < 3.5 has been removed from CMake.
Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
to tell CMake that the project requires at least <min> but has been updated
to work with policies introduced by <max> or earlier.
Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
```
Implement the GC (Garbage Collection) feature for interpreter mode,
AOT mode and LLVM-JIT mode, and support most features of the latest
spec proposal, and also enable the stringref feature.
Use `cmake -DWAMR_BUILD_GC=1/0` to enable/disable the feature,
and `wamrc --enable-gc` to generate the AOT file with GC supported.
And update the AOT file version from 2 to 3 since there are many AOT
ABI breaks, including the changes of AOT file format, the changes of
AOT module/memory instance layouts, the AOT runtime APIs for the
AOT code to invoke and so on.
With this approach we can omit using memset() for the newly allocated memory
therefore the physical pages are not being used unless touched by the program.
This also simplifies the implementation.
Compilation error was reported when `cmake -DWAMR_BUILD_LIBC_WASI=0`
on linux-sgx platform:
```
core/shared/platform/linux-sgx/sgx_socket.c:8:10:
fatal error: libc_errno.h: No such file or directory
8 | #include "libc_errno.h"
| ^~~~~~~~~~~~~~
```
After fixing, both `cmake -DWAMR_BUILD_LIBC_WASI=1` and
`WAMR_BUILD_LIBC_WASI=0` work good.
Add an extra argument `os_file_handle file` for `os_mmap` to support
mapping file from a file fd, and remove `os_get_invalid_handle` from
`posix_file.c` and `win_file.c`, instead, add it in the `platform_internal.h`
files to remove the dependency on libc-wasi.
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
Support collecting code coverage with wamr-test-suites script by using
lcov and genhtml tools, eg.:
cd tests/wamr-test-suites
./test_wamr.sh -s spec -b -P -C
The default code coverage and html files are generated at:
tests/wamr-test-suites/workspace/wamr.lcov
tests/wamr-test-suites/workspace/wamr-lcov.zip
And update wamr-test-suites scripts to support testing GC spec cases to
avoid frequent synchronization conflicts between branch main and dev/gc.
Current SGX lib-rats wasm module hash is stored in a global buffer,
which may be overwritten if there are multiple wasm module loadings.
We move the module hash into the enclave module to resolve the issue.
And rename the SGX_IPFS macro/variable in Makefile and Enclave.edl to
make the code more consistent.
And refine the sgx-ra sample document.
Enlarge the default wasm operand stack size to 64KB since the original default
size 16KB is a little small, and the operand stack overflow exception is often
thrown when running wasm apps.
The current implementation of remote attestation does not take into
account the integrity of the wasm module. The SHA256 of the wasm
module has been put into user_data to generate the quote, and more
parameters are exposed for further verification.
Use the cmake variable `WAMR_BUILD_GLOBAL_HEAP_POOL` and
`WAMR_BUILD_GLOBAL_HEAP_SIZE` to enable/disable the global heap pool
and set its size. And set the default global heap size in core/config.h and
the cmake files.
As a result, the developers who build iwasm can easily enable/disable the
global heap pool and change its size regardless of the iwasm implementation,
without manually finding and patching the right location for that value.
This PR integrates an Intel SGX feature called Intel Protection File System Library (IPFS)
into the runtime to create, operate and delete files inside the enclave, while guaranteeing
the confidentiality and integrity of the data persisted. IPFS can be referred to here:
https://www.intel.com/content/www/us/en/developer/articles/technical/overview-of-intel-protected-file-system-library-using-software-guard-extensions.html
Introduce a cmake variable `WAMR_BUILD_SGX_IPFS`, when enabled, the files interaction
API of WASI will leverage IPFS, instead of the regular POSIX OCALLs. The implementation
has been written with light changes to sgx platform layer, so all the security aspects
WAMR relies on are conserved.
In addition to this integration, the following changes have been made:
- The CI workflow has been adapted to test the compilation of the runtime and sample
with the flag `WAMR_BUILD_SGX_IPFS` set to true
- Introduction of a new sample that demonstrates the interaction of the files (called `file`),
- Documentation of this new feature
Use the semantic versioning (https://semver.org) to replace the current date
versioning system, which is more general and is requested by some developers,
e.g. issue #1357.
There are three parts in the new version string:
- major. Any incompatible modification on ABIs and APIs will lead to an increment
in the value of major, which mainly includes: AOT calling conventions, AOT file
format, wasm_export.h, wasm_c_api.h, and so on.
- minor. It represents new features, including MVP/POST-MVP features, libraries,
WAMR private ones, and so one.
- patch. It represents patches.
The new version will start from 1.0.0. Update the help info and version showing for
iwasm and wamrc.
Upgrade `cmake_minimum_required` from `(VERSION 2.8)` to `(VERSION 2.9)` to
yield the warning:
"Compatibility with CMake < 2.8.12 will be removed from a future version of CMake"
Add "-Wno-unused" for CMAKE_CXX_FLAGS to yield the compilation warnings
when build LLVM JIT.
Fix the link error when code coverage is enabled.
Let iwasm return non-zero value when running failed
so that the caller (e.g. test framework) can check the
running status according to the return value.
Import WAMR Fast JIT which is a lightweight JIT with quick startup, small footprint,
relatively good performance (~40% to ~50% of LLVM JIT) and good portability.
Platforms supported: Linux, MacOS and Linux SGX.
Arch supported: x86-64.
When WAMR_BUILD_TARGET isn't set, choosing right target is decided
by checking `CMAKE_SIZEOF_VOID_P` variable. However, choosing `X86_32`
target is not doing specifically checking size of void pointer. It is kind
a fallback target for others.
This patch explicitly checks the size of void pointer before setting the target
to `X86_32` to fix the issue.
Implement Berkeley Socket API for Intel SGX
- bring Berkeley socket API in Intel SGX enclaves,
- adapt the documentation of the socket API to mention Intel SGX enclaves,
- adapt _iwasm_ in the mini-product _linux-sgx_ to support the same option as the one for _linux_,
- tested on the socket sample as provided by WAMR (the TCP client/server).
Refine is_xip_file check, when e_type isn't E_TYPE_XIP, just return false
and no need to go through all the other sections of the AOT file.
Refine pointer range check, convert pointer to uintptr_t type before
comparison to yield possible sanitizer pointer overflow error.
Auto detect whether file is XIP file before loading module in posix like and
linux-sgx platforms, and if yes, mmap executable memory automatically to
run the XIP file.
Add document about XIP feature.
Enable test spec cases with XIP feature.
fix the warnings as below:
App/App.cpp: In function ‘int wamr_pal_init(const wamr_pal_attr*)’:
App/App.cpp:759:1: warning: control reaches end of non-void function [-Wreturn-type]
759 | }
| ^
In file included from /usr/include/string.h:495,
from App/App.cpp:9:
In function ‘char* strncpy(char*, const char*, size_t)’,
inlined from ‘int enclave_init(sgx_enclave_id_t*)’ at App/App.cpp:104:16:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:34: warning: ‘char* __builtin___strncpy_chk(char*, const char*, long unsigned int, long unsigned int)’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
App/App.cpp: In function ‘int enclave_init(sgx_enclave_id_t*)’:
App/App.cpp:102:16: note: length computed here
102 | (strlen(home_dir) + strlen("/") + sizeof(TOKEN_FILENAME) + 1) <= MAX_PATH) {
| ~~~~~~^~~~~~~~~~
Signed-off-by: LiFeng <lifeng68@huawei.com>
The global doc/linux_sgx.md needs to explicitly describe the methods to
build a debug enclave and hardware running mode. Because using debug key
to signing enclave image rather than production key is still not trivial
in reality.
For the adaption of Inclavare Containers part, add a prolog and give
more details in order to enhance the readability.
Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
* Implement the PAL interface for rune
Work in progress
Signed-off-by: Le Yao <le.yao@intel.com>
* Support PAL for one runtime with multi-instances
Load runtime into enclave and run multi-instances
Signed-off-by: Le Yao <le.yao@intel.com>
