From cc39189fb91a1f1d08079e933cd9cb2a2ea60061 Mon Sep 17 00:00:00 2001
From: Pei Wang <wangpei10@baidu.com>
Date: Fri, 12 Jul 2019 13:37:46 -0700
Subject: [PATCH 1/3] Add SGX doc

---
 README.md                 | 10 ++++++++++
 docs/Manual/run_on_sgx.md | 41 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 docs/Manual/run_on_sgx.md

diff --git a/README.md b/README.md
index 7a9391b06..addfce90a 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,16 @@ Please refer to our [release announcement](https://github.com/PaddlePaddle/Anaki
       - Assembly level optimization. Saber is a underlying DNN library for Anakin, which
       is deeply optimized at assembly level.
 
+- **Security**
+
+    Anakin now supports Intel Software Guard Extensions
+    ([SGX](https://software.intel.com/en-us/sgx)). SGX is a set of instructions
+    that can set up a extremely secure execution enironment that prevents other
+    software from inspecting the execution state of your application. Even
+    privileged code like OS and VMM cannot pry into or tamper with the data and
+    code of Anakin. To learn more about Anakin for SGX, refer to the
+    [tutorial](docs/Manual/run_on_sgx.md). 
+
 ## NV GPU Benchmark
 ### Machine And Enviornment
 >  CPU: `Intel(R) Xeon(R) CPU 5117 @ 2.0GHz`  
diff --git a/docs/Manual/run_on_sgx.md b/docs/Manual/run_on_sgx.md
new file mode 100644
index 000000000..81a972576
--- /dev/null
+++ b/docs/Manual/run_on_sgx.md
@@ -0,0 +1,41 @@
+# Compile Anakin for Intel SGX
+Currently, only Linux is supported. You can either use Ubuntu or Cent OS, with
+the versions supported by Intel SGX Linux driver. Check out the latest versions
+of SGX software stack [here](https://01.org/intel-software-guard-extensions/downloads). 
+
+## Steps
+
+Follow these steps to build and run Anakin in an SGX secure enclave.
+
+  1. Check out if your CPU and motherboard support SGX. Boot into your BIOS
+     and see if there is an option controlling the availability of SGX. If
+there is such an option, turn it on.
+  2. Download and Install Intel SGX SDK and driver. The software packages and
+     documentation can be found at [Intel Open
+Source](https://01.org/intel-software-guard-extensions/downloads).
+  3. Download and Install Intel MKL (not MKL-ML or MKL-DNN). You will need
+     MKL 2019 Update 3. Older versions of MKL may cause problems like memory
+leak. 
+  4. Run the [SGX build script](../../tools/sgx_build.sh).
+  5. If the build succeeds, you will find an executable called `anakin_app`
+     under the `sgx_build/sgx` directory. The executable provides basic
+interfaces to help you quickly deploy a model and run some inference tasks.
+However, if you really need to use Anakin for SGX in production, you have to
+customize the ECALL/OCALL interfaces your self. the corresponding code can be
+found at [here](../../sgx).
+
+## Support
+
+SGX can be a complicated concept to understand for beginners. Feel free to
+submit any issues if you are interested in extra security but new to SGX. In
+case you are a systems developer and are knowledgeable about Intel chip
+technology, you may find this [paper](https://eprint.iacr.org/2016/086.pdf)
+helpful.
+
+## Disclaimer
+
+Anakin for SGX is still experimental and under active development. It is not
+extensively tested as on other platforms. Some operators and models may not be
+supported. Also, due to the limitations of the hardware, you will likely suffer
+from some performance degradation. You can report considerably slow cases to us
+to help improve Anakin for SGX.

From 450150f457b8151445a7a811ca41057e9c7a3881 Mon Sep 17 00:00:00 2001
From: Pei Wang <wangpei10@baidu.com>
Date: Sun, 15 Sep 2019 20:44:37 -0700
Subject: [PATCH 2/3] Strip dependencies on libdl and librt when building for
 SGX

---
 cmake/compiler_options.cmake | 10 ----------
 cmake/find_modules.cmake     | 12 ++++++++----
 tools/sgx_build.sh           |  2 +-
 3 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/cmake/compiler_options.cmake b/cmake/compiler_options.cmake
index f5aad6836..b6620123e 100644
--- a/cmake/compiler_options.cmake
+++ b/cmake/compiler_options.cmake
@@ -22,16 +22,6 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON)
 anakin_add_compile_option(-std=c++11)
 anakin_add_compile_option(-fPIC)
 
-if(NOT USE_SGX)
-    anakin_add_compile_option(-ldl)
-    anakin_add_compile_option(-pthread)
-    if(USE_ARM_PLACE)
-    elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-    else()
-        anakin_add_compile_option(-lrt)
-    endif()
-endif()
-
 if(USE_X86_PLACE)
     if (BUILD_X86_TARGET MATCHES "knl" OR ${BUILD_X86_ARCH} MATCHES "knl")
         anakin_add_compile_option(-mavx512bw)
diff --git a/cmake/find_modules.cmake b/cmake/find_modules.cmake
index a98b834fd..bfb74f434 100644
--- a/cmake/find_modules.cmake
+++ b/cmake/find_modules.cmake
@@ -19,6 +19,7 @@ set(ANAKIN_LINKER_LIBS "")
 
 if(UNIX)
 	if(USE_ARM_PLACE )
+    elseif(USE_SGX)
 	elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
 	else()
 		find_library(RTLIB rt)
@@ -29,11 +30,14 @@ if(UNIX)
 		endif()
 	endif()
 
-    find_library(DLLIB dl)
-    if(DLLIB)
-        list(APPEND ANAKIN_LINKER_LIBS ${DLLIB})
+    if(USE_SGX)
     else()
-        message(SEND_ERROR "Could not found -ldl !")
+        find_library(DLLIB dl)
+        if(DLLIB)
+            list(APPEND ANAKIN_LINKER_LIBS ${DLLIB})
+        else()
+            message(SEND_ERROR "Could not found -ldl !")
+        endif()
     endif()
 endif()
 
diff --git a/tools/sgx_build.sh b/tools/sgx_build.sh
index d59fc0d4b..20e264ff0 100755
--- a/tools/sgx_build.sh
+++ b/tools/sgx_build.sh
@@ -14,7 +14,7 @@ echo "-- Build anakin sgx into: $BUILD_ROOT"
 echo "-- Building anakin ..."
 cd $BUILD_ROOT
 
-cmake .. \
+cmake --graphviz=sgx.dot .. \
        -DCMAKE_BUILD_TYPE=Release \
        -DUSE_ARM_PLACE=NO \
        -DUSE_GPU_PLACE=NO \

From 5512d561f5f4964940b32dd296ef32edf5c4dc07 Mon Sep 17 00:00:00 2001
From: Pei Wang <wangpei10@baidu.com>
Date: Mon, 9 Dec 2019 16:11:03 -0800
Subject: [PATCH 3/3] Disable graph optimizations that crash ResNet50

---
 cmake/compiler_options.cmake         | 1 +
 framework/graph/graph.cpp            | 4 ++--
 framework/utils/parameter_fusion.cpp | 1 +
 saber/funcs/debug.h                  | 1 +
 saber/funcs/saber_util.h             | 1 +
 test/saber/test_saber_func.h         | 1 +
 6 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/cmake/compiler_options.cmake b/cmake/compiler_options.cmake
index b6620123e..d7230592d 100644
--- a/cmake/compiler_options.cmake
+++ b/cmake/compiler_options.cmake
@@ -23,6 +23,7 @@ anakin_add_compile_option(-std=c++11)
 anakin_add_compile_option(-fPIC)
 
 if(USE_X86_PLACE)
+    anakin_add_compile_option(-march=native)
     if (BUILD_X86_TARGET MATCHES "knl" OR ${BUILD_X86_ARCH} MATCHES "knl")
         anakin_add_compile_option(-mavx512bw)
         anakin_add_compile_option(-mavx512f)
diff --git a/framework/graph/graph.cpp b/framework/graph/graph.cpp
index 5823f96c5..f0d0cb2e2 100644
--- a/framework/graph/graph.cpp
+++ b/framework/graph/graph.cpp
@@ -394,7 +394,7 @@ Status Graph<Ttype, Ptype>::Optimize(bool with_fusion) EXCLUSIVE_LOCKS_REQUIRED(
                 }
             }
 
-            ///*
+            /*
             restore_from_vgraph(_vgraph);
             graph_strategy<Ttype, Ptype> _strategy;
             if (std::is_same<Ttype,X86>::value) {
@@ -406,7 +406,7 @@ Status Graph<Ttype, Ptype>::Optimize(bool with_fusion) EXCLUSIVE_LOCKS_REQUIRED(
             }
             _strategy.apply_stride_up(this);
             *_vgraph = this->get_vgraph();
-            //*/
+            */
 
             DLOG(WARNING) <<
                           "Schedule the vgraph for memory optimization and exec lanes ,as well as sync flags.";
diff --git a/framework/utils/parameter_fusion.cpp b/framework/utils/parameter_fusion.cpp
index fded34f36..de50087b6 100644
--- a/framework/utils/parameter_fusion.cpp
+++ b/framework/utils/parameter_fusion.cpp
@@ -14,6 +14,7 @@
 */
 
 #include "framework/utils/parameter_fusion.h"
+#include <cmath>
 namespace anakin {
 
 static void basic_x86_gemm(const int m, const int n, const int k,
diff --git a/saber/funcs/debug.h b/saber/funcs/debug.h
index bd245339e..a2c66f1e2 100644
--- a/saber/funcs/debug.h
+++ b/saber/funcs/debug.h
@@ -21,6 +21,7 @@
 #include <iostream>
 #include <sstream>
 #include <vector>
+#include <immintrin.h>
 
 #ifndef USE_SGX
 #include "saber/core/tensor.h"
diff --git a/saber/funcs/saber_util.h b/saber/funcs/saber_util.h
index 15a7cf7dc..a80305ef9 100644
--- a/saber/funcs/saber_util.h
+++ b/saber/funcs/saber_util.h
@@ -4,6 +4,7 @@
 #include "saber/core/common.h"
 #include "saber/core/tensor.h"
 #include "saber/core/shape.h"
+#include <cmath>
 namespace anakin {
 
 namespace saber {
diff --git a/test/saber/test_saber_func.h b/test/saber/test_saber_func.h
index f3267c31f..fff1a4521 100644
--- a/test/saber/test_saber_func.h
+++ b/test/saber/test_saber_func.h
@@ -21,6 +21,7 @@
 #include "core/tensor.h"
 #include <fstream>
 #include <vector>
+#include <cmath>
 
 using namespace anakin::test;