Add SGX doc

README.md

@@ -34,6 +34,16 @@ Please refer to our [release announcement](https://github.com/PaddlePaddle/Anaki
       - Assembly level optimization. Saber is a underlying DNN library for Anakin, which
       is deeply optimized at assembly level.
 
+- **Security**
+
+    Anakin now supports Intel Software Guard Extensions
+    ([SGX](https://software.intel.com/en-us/sgx)). SGX is a set of instructions
+    that can set up a extremely secure execution enironment that prevents other
+    software from inspecting the execution state of your application. Even
+    privileged code like OS and VMM cannot pry into or tamper with the data and
+    code of Anakin. To learn more about Anakin for SGX, refer to the
+    [tutorial](docs/Manual/run_on_sgx.md). 
+
 ## NV GPU Benchmark
 ### Machine And Enviornment
 >  CPU: `Intel(R) Xeon(R) CPU 5117 @ 2.0GHz`  

cmake/compiler_options.cmake

@@ -22,17 +22,8 @@ set(CMAKE_CXX_STANDARD_REQUIRED ON)
 anakin_add_compile_option(-std=c++11)
 anakin_add_compile_option(-fPIC)
 
-if(NOT USE_SGX)
-    anakin_add_compile_option(-ldl)
-    anakin_add_compile_option(-pthread)
-    if(USE_ARM_PLACE)
-    elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
-    else()
-        anakin_add_compile_option(-lrt)
-    endif()
-endif()
-
 if(USE_X86_PLACE)
+    anakin_add_compile_option(-march=native)
     if (BUILD_X86_TARGET MATCHES "knl" OR ${BUILD_X86_ARCH} MATCHES "knl")
         anakin_add_compile_option(-mavx512bw)
         anakin_add_compile_option(-mavx512f)

cmake/find_modules.cmake

@@ -19,6 +19,7 @@ set(ANAKIN_LINKER_LIBS "")
 
 if(UNIX)
 	if(USE_ARM_PLACE )
+    elseif(USE_SGX)
 	elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
 	else()
 		find_library(RTLIB rt)
@@ -29,11 +30,14 @@ if(UNIX)
 		endif()
 	endif()
 
-    find_library(DLLIB dl)
-    if(DLLIB)
-        list(APPEND ANAKIN_LINKER_LIBS ${DLLIB})
+    if(USE_SGX)
     else()
-        message(SEND_ERROR "Could not found -ldl !")
+        find_library(DLLIB dl)
+        if(DLLIB)
+            list(APPEND ANAKIN_LINKER_LIBS ${DLLIB})
+        else()
+            message(SEND_ERROR "Could not found -ldl !")
+        endif()
     endif()
 endif()
 

docs/Manual/run_on_sgx.md

@@ -0,0 +1,41 @@
+# Compile Anakin for Intel SGX
+Currently, only Linux is supported. You can either use Ubuntu or Cent OS, with
+the versions supported by Intel SGX Linux driver. Check out the latest versions
+of SGX software stack [here](https://01.org/intel-software-guard-extensions/downloads). 
+
+## Steps
+
+Follow these steps to build and run Anakin in an SGX secure enclave.
+
+  1. Check out if your CPU and motherboard support SGX. Boot into your BIOS
+     and see if there is an option controlling the availability of SGX. If
+there is such an option, turn it on.
+  2. Download and Install Intel SGX SDK and driver. The software packages and
+     documentation can be found at [Intel Open
+Source](https://01.org/intel-software-guard-extensions/downloads).
+  3. Download and Install Intel MKL (not MKL-ML or MKL-DNN). You will need
+     MKL 2019 Update 3. Older versions of MKL may cause problems like memory
+leak. 
+  4. Run the [SGX build script](../../tools/sgx_build.sh).
+  5. If the build succeeds, you will find an executable called `anakin_app`
+     under the `sgx_build/sgx` directory. The executable provides basic
+interfaces to help you quickly deploy a model and run some inference tasks.
+However, if you really need to use Anakin for SGX in production, you have to
+customize the ECALL/OCALL interfaces your self. the corresponding code can be
+found at [here](../../sgx).
+
+## Support
+
+SGX can be a complicated concept to understand for beginners. Feel free to
+submit any issues if you are interested in extra security but new to SGX. In
+case you are a systems developer and are knowledgeable about Intel chip
+technology, you may find this [paper](https://eprint.iacr.org/2016/086.pdf)
+helpful.
+
+## Disclaimer
+
+Anakin for SGX is still experimental and under active development. It is not
+extensively tested as on other platforms. Some operators and models may not be
+supported. Also, due to the limitations of the hardware, you will likely suffer
+from some performance degradation. You can report considerably slow cases to us
+to help improve Anakin for SGX.

framework/graph/graph.cpp

@@ -394,7 +394,7 @@ Status Graph<Ttype, Ptype>::Optimize(bool with_fusion) EXCLUSIVE_LOCKS_REQUIRED(
                 }
             }
 
-            ///*
+            /*
             restore_from_vgraph(_vgraph);
             graph_strategy<Ttype, Ptype> _strategy;
             if (std::is_same<Ttype,X86>::value) {
@@ -406,7 +406,7 @@ Status Graph<Ttype, Ptype>::Optimize(bool with_fusion) EXCLUSIVE_LOCKS_REQUIRED(
             }
             _strategy.apply_stride_up(this);
             *_vgraph = this->get_vgraph();
-            //*/
+            */
 
             DLOG(WARNING) <<
                           "Schedule the vgraph for memory optimization and exec lanes ,as well as sync flags.";

framework/utils/parameter_fusion.cpp

@@ -14,6 +14,7 @@
 */
 
 #include "framework/utils/parameter_fusion.h"
+#include <cmath>
 namespace anakin {
 
 static void basic_x86_gemm(const int m, const int n, const int k,

saber/funcs/debug.h

@@ -21,6 +21,7 @@
 #include <iostream>
 #include <sstream>
 #include <vector>
+#include <immintrin.h>
 
 #ifndef USE_SGX
 #include "saber/core/tensor.h"

saber/funcs/saber_util.h

@@ -4,6 +4,7 @@
 #include "saber/core/common.h"
 #include "saber/core/tensor.h"
 #include "saber/core/shape.h"
+#include <cmath>
 namespace anakin {
 
 namespace saber {

test/saber/test_saber_func.h

@@ -21,6 +21,7 @@
 #include "core/tensor.h"
 #include <fstream>
 #include <vector>
+#include <cmath>
 
 using namespace anakin::test;
 

tools/sgx_build.sh

@@ -14,7 +14,7 @@ echo "-- Build anakin sgx into: $BUILD_ROOT"
 echo "-- Building anakin ..."
 cd $BUILD_ROOT
 
-cmake .. \
+cmake --graphviz=sgx.dot .. \
        -DCMAKE_BUILD_TYPE=Release \
        -DUSE_ARM_PLACE=NO \
        -DUSE_GPU_PLACE=NO \