Validation AoT files

[lum1n0us]

WAMR traditionally placed full trust in AOT files, as they originated from WASM modules and the AOT compiler, wamrc, which is under the control of trustworthy customers. However, as we learn from an increasing number of product cases, it seems the situation is changing.

In one scenario, WAMR is integrated with a Function as a Service (FaaS) framework. Developers have the option to upload .aot files as functions instead of uploading .wasm files and relying on the platform for online compilation.

In another scenario, WAMR is part of the system services on an embedded device. Developers can execute Wasm applications using either .wasm or .aot files, with the .aot files also being supplied by the developers themselves.

It appears to be the right time to reinforce the principle of not easily trusting any input. We may need to validate AOT files in the same way we currently validate WASM files (while considering compatibility).

Please share your thoughts on this.

[TianlongLiang]

Maybe it's a good idea to use a macro to control the validation AOT, making users choose based on the actual scenario. By our original design, the aot file should be from a trusted source, so should we turn off validation by default?