Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Threading in Enclave - any plans for OpenMP, TBB?

Matthias_H_Intel
Employee
1,665 Views

I can find sgx_threads as well as STL threads. But that's all I can spot.

Is there any plan to provide OpenMP support? What about TBB, Cilk+ (haven't tried Cilk yet within Enclave but I guess it won't work)

0 Kudos
1 Solution
Kuppusamy_R_Intel
1,665 Views

Yes, to the first. Each thread enters the enclave using the same eid. To answer the second questions, the “PowerTransition” sample included with the SDK makes use of threads.

 

View solution in original post

0 Kudos
11 Replies
Alexander_L_Intel
1,665 Views

Where are sgx_threads, Matthias?

0 Kudos
Juan_d_Intel
Employee
1,665 Views

SGX doesn't support thread creation/destruction inside an enclave. Thus, OpenMP and other threading libraries and/or parallel programming models cannot be easily supported. However, it is perfectly fine to write an OpenMP program that calls into an enclave during a parallel construct. Thread management is done outside the enclave and a part of the computation happens inside an enclave. Be aware that calling into an enclave has a latency higher than a normal function call so you would have to partition the work differently to minimize the overhead.

sgx_threads, which I believe refers to sgx_thread.h, provide thread synchronization mechanisms (mutex and condition variables) inside an enclave.

0 Kudos
Alexander_L_Intel
1,665 Views

Thanks Juan,

Are there syscalls allowed from an enclave?
 

Thanks in advance,

Alexander

0 Kudos
PadmaPriya_M_Intel
1,665 Views

Syscall is not supported inside the enclave. Refer the following link.

https://software.intel.com/en-us/forums/intel-software-guard-extensions-intel-sgx/topic/539803

0 Kudos
Matthias_H_Intel
Employee
1,665 Views

I don't get it - what sense does it make to provide sgx_thread as well as STL threads within an enclave? (see e.g. https://software.intel.com/sites/products/sgx-sdk-users-guide-windows/Default.htm). Why can you specify the number of supported threads in the SGX project properties if there is no support for threads at all? Quite puzzled

 

0 Kudos
Juan_d_Intel
Employee
1,665 Views

The enclave is signed at build time, which means that EPC memory pages (including thread contexts - stack, TLS, etc.) that will be allocated to the enclave have to be measured. This means, we need to specify the maximum number of threads that can run inside the enclave simultaneously. If several threads may run inside the enclave and access shared data, you'll have to synchronize them to avoid data race conditions. That's when sgx_thread.h comes into place. It provides thread synchronization mechanisms (mutex and conditional variable). However, threads are created and destroyed outside the enclave.

0 Kudos
Kuppusamy_R_Intel
1,666 Views

Yes, to the first. Each thread enters the enclave using the same eid. To answer the second questions, the “PowerTransition” sample included with the SDK makes use of threads.

 

0 Kudos
Juan_d_Intel
Employee
1,665 Views

Matthias, I'm not sure I understand your comment that OpenMP and Clik+ implicit thread won't work.

Can you elaborate more? As long as you can replace some form of computation in a multithreaded application with a function call (ECALL), your OpenMP/Cilk+/TBB SGX application should work. The compiler/thread library is pretty much oblivious to the fact the application is ECALLing into an enclave.

0 Kudos
Matthias_H_Intel
Employee
1,665 Views

more explicit threads, yes. But something like

#pragma omp parallel for
for (size_t i =0; i<n; ++i) do some work (no ecalls but e.g. mathematical functions);

which are typical usecases I wouldn'T know how to easily transfer 

0 Kudos
Juan_d_Intel
Employee
1,665 Views

You may replace "do some work", i.e. the actual calls to mathematical functions with an ECALL, do_some_work(). Then implement this trusted function inside the enclave, which will be what you originally had in "do_some_work". Of course, you would need to marshal the data before or during the ECALL.

0 Kudos
Matthias_H_Intel
Employee
1,665 Views

and that would quite hit the performance.

Hence you probably need to pretty much redesign your algos

0 Kudos
Reply