WASM: Run a WASM binary on Wasmtime running in SGX

[mbestavros]

We'd like to build out a series of demos for our progress on Enarx's WASM support.

This one is the most advanced: running WASM through Wasmtime running on top of SGX. This is the closest representation of the eventual use case we envision for WASM in Enarx.

Some additional possibilities include building out architecture for an eventual end-user, and setting this up in a client-server setting.

[kevingzhang]

I watched a youtube video https://youtu.be/8IvWPeavjiQ?t=1957 . They have wasmi in SGX back in 2018.May I ask what the benefit is to run wasmtime (rather than wasmi) in SGX?

[npmccallum]

@kevingzhang wasmi is an interpreter (slow). wasmtime is a JIT (fast).

[kevingzhang]

Thank you @npmccallum for your super quick response. I never expect an answer so soon. Yeah, the interpreter is slower than JIT or AoT. I think there is at least one advantage: Metering. If running a wasm need some kind of metering such as Gas in Etherium, I am not sure wasmtime can meter how much gas a wasm consume and force to quit when running out of gas.

[npmccallum]

@kevingzhang Can you explain that situation in greater detail?

[kevingzhang]

Sure. Gas is a payment model for Etherium and other major blockchain projects. A client has a bunch of functions to be run by others (in Etherium case, they are called miners, in our cases, they may be called hosts). The miners or hosts won't do the job for free, they need to earn some money called Gas. The client will set a gas limit upfront. The client think the gas limit would be enough to run his function, and if the gas is run out before the function exits, the miner will quit execution and take the gas already metered. If the gas is not run out for the whole computation, the remaining gas will return to the client.

This is similar to cloud computing but a prepaid model.

This model can protect the miners from DDoS or Infinity Loop attack. If there is not such a gas system, the attacker simply submits an infinity loop in function to exhaust all miners' computing power to stop the blockchain.

In Etherium, code is running inside EVM, a special virtual machine. All opcode is measured with a predefined price. When code is running inside the EVM, the gas meter calculates how much gas remains. The gas limit runs out, EVM will throw a gas-run-out exception then exit. In this case, the state of blockchain will roll back to the original state without any change, as if the function is never run.

From the business point of view, likely our Knarx will be run as a cloud / edge / blockchain computing platform, metering is an important part.

Have you already designed something on metering wasm execution?