From 06924c0e470eeac462953e687a67b02961bd498c Mon Sep 17 00:00:00 2001
From: Tate Tian <tate.thl@antfin.com>
Date: Sat, 1 Jun 2019 11:18:52 +0800
Subject: [PATCH] Add C++ support in the Occlum Docker image

---
 README.md                       |   4 +-
 tools/docker/Dockerfile         |  28 ++------
 tools/docker/build_toolchain.sh | 121 ++++++++++++++++++++++++++++++++
 3 files changed, 127 insertions(+), 26 deletions(-)
 create mode 100755 tools/docker/build_toolchain.sh

diff --git a/README.md b/README.md
index 2017c0ca..59629d4f 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Occlum
 [![All Contributors](https://img.shields.io/badge/all_contributors-7-orange.svg?style=flat-square)](CONTRIBUTORS.md)
 
-Occlum is a *memory-safe*, *multi-process* library OS (LibOS) for [Intel SGX](https://software.intel.com/en-us/sgx). As a LibOS, it enables *unmodified* applications to run on SGX, thus protecting the confidentiality and integrity of user workloads transparently. 
+Occlum is a *memory-safe*, *multi-process* library OS (LibOS) for [Intel SGX](https://software.intel.com/en-us/sgx). As a LibOS, it enables *legacy** applications to run on SGX with *little or even no modifications* of source code, thus protecting the confidentiality and integrity of user workloads transparently. 
 
 Compared to existing LibOSes for SGX, Occlum has the following salient features:
 
@@ -52,7 +52,7 @@ git clone https://github.com/occlum/libos
 docker run -it \
   --mount type=bind,source=/your/path/to/libos,target=/root/occlum/libos \
   --device /dev/isgx \
-  occlum
+  occlum/occlum:latest
 ```
 Step 5-8 are to be done on the guest OS running inside the container:
 
diff --git a/tools/docker/Dockerfile b/tools/docker/Dockerfile
index 7d21ef09..73d0bbdf 100644
--- a/tools/docker/Dockerfile
+++ b/tools/docker/Dockerfile
@@ -57,28 +57,8 @@ RUN curl https://sh.rustup.rs -sSf | \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git
 
-# Install Occlum LLVM
-WORKDIR /root/occlum/llvm
-RUN git clone -b for_occlum https://github.com/occlum/llvm . && \
-    cd /root/occlum/llvm/tools && \
-    git clone https://github.com/llvm-mirror/clang && \
-        cd clang && \
-        git checkout 0513b409d5e && \
-    cd /root/occlum/llvm/tools && \
-        git clone -b for_occlum https://github.com/occlum/lld && \
-    mkdir /root/occlum/llvm-build && cd /root/occlum/llvm-build && \
-        cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=True -DLLVM_TARGETS_TO_BUILD="X86" -DCMAKE_INSTALL_PREFIX=/usr/local/occlum/ ../llvm/ && \
-        make && \
-        make install && \
-    rm -rf /root/occlum/llvm && rm -rf /root/occlum/llvm-build
-ENV PATH="/usr/local/occlum/bin:$PATH"
-
-# Install Occlum musl libc
-WORKDIR /root/occlum/musl
-RUN git clone -b for_occlum https://github.com/occlum/musl . && \
-    CC=clang ./configure --prefix=/usr/local/occlum --enable-wrapper=clang && \
-    make && \
-    make install && \
-    rm -rf /root/occlum/musl
-
+# Install Occlum toolchain
 WORKDIR /root/occlum/
+COPY build_toolchain.sh /root/occlum/
+RUN ./build_toolchain.sh
+ENV PATH="/usr/local/occlum/bin:$PATH"
diff --git a/tools/docker/build_toolchain.sh b/tools/docker/build_toolchain.sh
new file mode 100755
index 00000000..c5970f4d
--- /dev/null
+++ b/tools/docker/build_toolchain.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+BUILD_DIR=/root/occlum/toolchain
+INSTALL_DIR=/usr/local/occlum
+
+# Exit if any command fails
+set -e
+
+# Clean previous build and installation if any
+rm -rf ${BUILD_DIR}
+rm -rf ${INSTALL_DIR}
+
+# Create the build directory
+mkdir -p ${BUILD_DIR}
+cd ${BUILD_DIR}
+
+# Download all source code
+git clone -b for_occlum https://github.com/occlum/llvm
+git clone -b for_occlum https://github.com/occlum/musl
+git clone -b for_occlum https://github.com/occlum/lld
+git clone -b release_70 https://github.com/llvm-mirror/clang
+git clone -b release_70 https://github.com/llvm-mirror/libcxx
+git clone -b release_70 https://github.com/llvm-mirror/libcxxabi
+git clone -b release_70 https://github.com/llvm-mirror/libunwind
+git clone -b release_70 https://github.com/llvm-mirror/compiler-rt
+
+# Build LLVM
+mkdir llvm-build
+cd llvm-build
+cmake -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
+    -DLLVM_ENABLE_PROJECTS="clang;lld" \
+    -DLLVM_TARGETS_TO_BUILD="X86" \
+    ../llvm
+# Compile LLVM in a single thread (parallel compilation would consume too much memory)
+make install
+cd ..
+
+# Make LLVM binaries visible
+export PATH=${INSTALL_DIR}/bin:${PATH}
+
+# Build musl libc
+cd musl
+CC=clang ./configure --prefix=${INSTALL_DIR} --enable-wrapper=clang
+make install -j
+cd ..
+
+# Link Linux headers
+ln -s /usr/include/linux ${INSTALL_DIR}/include/linux
+ln -s /usr/include/asm ${INSTALL_DIR}/include/asm
+ln -s /usr/include/asm-generic ${INSTALL_DIR}/include/asm-generic
+
+# Build libunwind
+mkdir libunwind-build
+cd libunwind-build
+cmake -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_C_COMPILER=musl-clang \
+    -DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_CXX_COMPILER=musl-clang \
+    -DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
+    -DLIBUNWIND_ENABLE_SHARED=OFF \
+    -DLLVM_ENABLE_LIBCXX=ON \
+    ../libunwind
+make install -j
+cd ..
+
+# Build libcxx (the intermediate version)
+mkdir libcxx-prebuild
+cd libcxx-prebuild
+cmake -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_C_COMPILER=musl-clang \
+    -DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_CXX_COMPILER=musl-clang \
+    -DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
+    -DLIBCXX_ENABLE_SHARED=OFF \
+    -DLIBCXX_HAS_MUSL_LIBC=ON \
+    ../libcxx
+make install -j
+cd ..
+
+# Build libcxxabi with libcxx
+mkdir libcxxabi-build
+cd libcxxabi-build
+cmake -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_C_COMPILER=musl-clang \
+    -DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_CXX_COMPILER=musl-clang \
+    -DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
+    -DLIBCXXABI_ENABLE_PIC=ON \
+    -DLIBCXXABI_ENABLE_SHARED=OFF \
+    -DLIBCXXABI_ENABLE_STATIC_UNWINDER=OFF \
+    -DLIBCXXABI_LIBCXX_PATH=${INSTALL_DIR} \
+    -DLIBCXXABI_USE_LLVM_UNWINDER=ON \
+    -DLLVM_ENABLE_LIBCXX=ON \
+    ../libcxxabi
+make install -j
+cd ..
+
+# Build libcxx (the final version) again, but this time with the libcxxabi above
+mkdir libcxx-build
+cd libcxx-build
+cmake -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_C_COMPILER=musl-clang \
+    -DCMAKE_C_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_CXX_COMPILER=musl-clang \
+    -DCMAKE_CXX_FLAGS="-O2 -fPIC -locclum_stub" \
+    -DCMAKE_INSTALL_PREFIX=${INSTALL_DIR} \
+    -DLIBCXX_ENABLE_SHARED=OFF \
+    -DLIBCXX_HAS_MUSL_LIBC=ON \
+    -DLIBCXX_CXX_ABI=libcxxabi \
+    -DLIBCXX_CXX_ABI_INCLUDE_PATHS=../libcxxabi/include \
+    -DLIBCXX_CXX_ABI_LIBRARY_PATH=${INSTALL_DIR}/lib \
+    -DLIBCXXABI_USE_LLVM_UNWINDER=ON \
+    ../libcxx
+make install -j
+cd ..
+
+# Remove all source code and build files
+rm -rf ${BUILD_DIR}