[*] bring back tests + benchmarks + fuzzing + examples

- added convenience justfile rule to test like CI (w/ different feature combinations),
- removed executable_heap feature (heap is always executable now).
- fixed check_stack_guard functionality w/ stack cookie (currently broken in main).
- fixed logging to get proper output_data_region address (host vs. guest address space when
in process vs. in hypervisor).
- modified print_output to return the message length.

Signed-off-by: danbugs <[email protected]>

Author: danbugs

Justfile

@@ -62,6 +62,22 @@ clean-rust:
 
 # Note: most testing recipes take an optional "features" comma separated list argument. If provided, these will be passed to cargo as **THE ONLY FEATURES**, i.e. default features will be disabled.
 
+# run full CI test matrix
+test-like-ci config=default-target hypervisor="kvm":
+    @# with default features
+    just test {{config}} {{ if hypervisor == "mshv3" {"mshv3"} else {""} }}
+
+    @# with only one driver enabled + seccomp + inprocess
+    just test {{config}} inprocess,seccomp,{{ if hypervisor == "mshv" {"mshv2"} else if hypervisor == "mshv3" {"mshv3"} else {"kvm"} }}
+
+    @# make sure certain cargo features compile
+    cargo check -p hyperlight-host --features crashdump
+    cargo check -p hyperlight-host --features print_debug
+    cargo check -p hyperlight-host --features gdb
+
+    @# without any driver (should fail to compile)
+    just test-compilation-fail {{config}}
+
 # runs all tests
 test target=default-target features="": (test-unit target features) (test-isolated target features) (test-integration "rust" target features) (test-integration "c" target features) (test-seccomp target features)
 
@@ -83,11 +99,6 @@ test-isolated target=default-target features="":
 
 # runs integration tests. Guest can either be "rust" or "c"
 test-integration guest target=default-target features="":
-    @# run execute_on_heap test with feature "executable_heap" on and off
-    {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test --profile={{ if target == "debug" { "dev" } else { target } }} --test integration_test execute_on_heap {{ if features =="" {" --features executable_heap"} else {"--features executable_heap," + features} }} -- --ignored
-    {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test --profile={{ if target == "debug" { "dev" } else { target } }} --test integration_test execute_on_heap {{ if features =="" {""} else {"--features " + features} }} -- --ignored
-    
-    @# run the rest of the integration tests
     {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test -p hyperlight-host {{ if features =="" {''} else if features=="no-default-features" {"--no-default-features" } else {"--no-default-features -F " + features } }} --profile={{ if target == "debug" { "dev" } else { target } }} --test '*'
 
 # runs seccomp tests

fuzz/fuzz_targets/guest_call.rs

@@ -19,26 +19,28 @@ limitations under the License.
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{GuestBinary, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
+
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 
 // This fuzz target tests all combinations of ReturnType and Parameters for `call_guest_function_by_name`.
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

fuzz/fuzz_targets/host_call.rs

@@ -19,11 +19,9 @@ limitations under the License.
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
-use hyperlight_host::sandbox::SandboxConfiguration;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{HyperlightError, MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{HyperlightError, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
@@ -32,13 +30,15 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

fuzz/fuzz_targets/host_print.rs

@@ -3,10 +3,10 @@
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType, ReturnValue};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{GuestBinary, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::{fuzz_target, Corpus};
 
@@ -18,13 +18,15 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

src/hyperlight_common/src/peb.rs

@@ -27,7 +27,9 @@ pub struct MemoryRegion {
 #[repr(C)]
 #[derive(Clone, Default)]
 pub struct HyperlightPEB {
+    /// The minimum stack address is the lowest address of the stack.
     pub min_stack_address: u64,
+
     // - Host configured fields
     /// Hyperlight supports two primary modes:
     /// 1. Hypervisor mode
@@ -166,7 +168,7 @@ impl HyperlightPEB {
 
     /// Sets the guest stack data region.
     /// - HyperlightPEB is always set with a default size for stack from the guest binary, there's an
-    /// option to override this size with the `size_override` parameter.
+    ///     option to override this size with the `size_override` parameter.
 
     pub fn set_guest_stack_data_region(&mut self, offset: u64, size_override: Option<u64>) {
         let size = size_override.unwrap_or_else(|| {
@@ -237,7 +239,7 @@ impl HyperlightPEB {
 
     /// Sets the guest heap data region.
     /// - HyperlightPEB is always set with a default size for heap from the guest binary, there's an
-    /// option to override this size with the `size_override` parameter.
+    ///     option to override this size with the `size_override` parameter.
     pub fn set_guest_heap_data_region(&mut self, offset: u64, size_override: Option<u64>) {
         let size = size_override.unwrap_or_else(|| {
             self.guest_heap_data

src/hyperlight_guest/src/entrypoint.rs

@@ -86,7 +86,7 @@ pub extern "win64" fn entrypoint(peb_address: u64, seed: u64, max_log_level: u64
 
         // The guest sets the address to a "guest function dispatch" function, which is a function
         // that is called by the host to dispatch calls to guest functions.
-        (*PEB).set_guest_function_dispatch_ptr(dispatch_function as u64);
+        (*PEB).set_guest_function_dispatch_ptr(dispatch_function as usize as u64);
 
         // Set up the guest heap
         HEAP_ALLOCATOR

src/hyperlight_guest/src/guest_error.rs

@@ -30,7 +30,7 @@ pub(crate) fn write_error(error_code: ErrorCode, message: Option<&str>) {
     let output_data: OutputDataSection = peb.get_output_data_region().into();
 
     let guest_error = GuestError::new(
-        error_code.clone(),
+        error_code,
         message.map_or("".to_string(), |m| m.to_string()),
     );
 

src/hyperlight_guest/src/guest_function_call.rs

@@ -93,7 +93,7 @@ fn internal_dispatch_function() -> Result<()> {
         .expect("Function call deserialization failed");
 
     let result_vec = call_guest_function(function_call).inspect_err(|e| {
-        set_error(e.kind.clone(), e.message.as_str());
+        set_error(e.kind, e.message.as_str());
     })?;
 
     output_data_section

src/hyperlight_guest/src/logging.rs

@@ -44,9 +44,8 @@ fn write_log_data(
         .try_into()
         .expect("Failed to convert GuestLogData to bytes");
 
-    let output_data_section: OutputDataSection = unsafe { (*PEB).clone() }
-        .get_output_data_guest_region()
-        .into();
+    let output_data_section: OutputDataSection =
+        unsafe { (*PEB).clone() }.get_output_data_region().into();
 
     output_data_section
         .push_shared_output_data(bytes)

src/hyperlight_guest_capi/src/dispatch.rs

@@ -7,10 +7,10 @@ use core::mem;
 use hyperlight_common::flatbuffer_wrappers::function_call::FunctionCall;
 use hyperlight_common::flatbuffer_wrappers::function_types::{ParameterType, ReturnType};
 use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;
+use hyperlight_common::host_calling::call_host_function;
 use hyperlight_guest::error::{HyperlightGuestError, Result};
 use hyperlight_guest::guest_function_definition::GuestFunctionDefinition;
 use hyperlight_guest::guest_function_register::GuestFunctionRegister;
-use hyperlight_guest::host_function_call::call_host_function;
 
 use crate::types::{FfiFunctionCall, FfiVec};
 static mut REGISTERED_C_GUEST_FUNCTIONS: GuestFunctionRegister = GuestFunctionRegister::new();

src/hyperlight_guest_capi/src/flatbuffer.rs

@@ -2,7 +2,7 @@ use alloc::boxed::Box;
 use core::ffi::{c_char, CStr};
 
 use hyperlight_common::flatbuffer_wrappers::util::get_flatbuffer_result;
-use hyperlight_guest::host_function_call::get_host_return_value;
+use hyperlight_common::host_calling::get_host_return_value;
 
 use crate::types::FfiVec;
 

src/hyperlight_host/Cargo.toml

@@ -121,7 +121,6 @@ built = { version = "0.7.7", features = ["chrono", "git2"] }
 default = ["kvm", "mshv2", "seccomp"]
 seccomp = ["dep:seccompiler"]
 function_call_metrics = []
-executable_heap = []
 # This feature enables printing of debug information to stdout in debug builds
 print_debug = []
 crashdump = ["dep:tempfile"] # Dumps the VM state to a file on unexpected errors or crashes. The path of the file will be printed on stdout and logged. This feature can only be used in debug builds.

src/hyperlight_host/benches/benchmarks.rs

@@ -19,15 +19,20 @@ use std::sync::{Arc, Mutex};
 use criterion::{criterion_group, criterion_main, Criterion};
 use hyperlight_common::flatbuffer_wrappers::function_types::{ParameterValue, ReturnType};
 use hyperlight_host::func::HostFunction2;
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox::{MultiUseSandbox, UninitializedSandbox};
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
 use hyperlight_host::GuestBinary;
 use hyperlight_testing::simple_guest_as_string;
 
 fn create_uninit_sandbox() -> UninitializedSandbox {
-    let path = simple_guest_as_string().unwrap();
-    UninitializedSandbox::new(GuestBinary::FilePath(path), None, None, None).unwrap()
+    SandboxBuilder::new(GuestBinary::FilePath(
+        simple_guest_as_string().expect("Guest Binary Missing"),
+    ))
+    .expect("Failed to create sandbox")
+    .build()
+    .expect("Failed to build sandbox")
 }
 
 fn create_multiuse_sandbox() -> MultiUseSandbox {

src/hyperlight_host/examples/chrome-tracing/main.rs

@@ -1,20 +1,20 @@
-/*
-Copyright 2024 The Hyperlight Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// /*
+// Copyright 2024 The Hyperlight Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// */
 use hyperlight_host::func::{ParameterValue, ReturnType, ReturnValue};
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox::uninitialized::UninitializedSandbox;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
@@ -33,8 +33,7 @@ fn main() -> Result<()> {
         simple_guest_as_string().expect("Cannot find the guest binary at the expected location.");
 
     // Create a new sandbox.
-    let usandbox =
-        UninitializedSandbox::new(GuestBinary::FilePath(simple_guest_path), None, None, None)?;
+    let usandbox = SandboxBuilder::new(GuestBinary::FilePath(simple_guest_path))?.build()?;
 
     let mut sbox = usandbox
         .evolve(Noop::<UninitializedSandbox, MultiUseSandbox>::default())

src/hyperlight_host/examples/func_ctx/main.rs

@@ -1,22 +1,22 @@
-/*
-Copyright 2024 The Hyperlight Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// /*
+// Copyright 2024 The Hyperlight Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// */
 use hyperlight_common::flatbuffer_wrappers::function_types::{ParameterValue, ReturnType};
 use hyperlight_host::func::call_ctx::MultiUseGuestCallContext;
-use hyperlight_host::sandbox::{MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
+use hyperlight_host::sandbox::MultiUseSandbox;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
 use hyperlight_host::{new_error, GuestBinary, Result};
@@ -27,8 +27,10 @@ fn main() {
     // test guest binary
     let sbox1: MultiUseSandbox = {
         let path = simple_guest_as_string().unwrap();
-        let u_sbox =
-            UninitializedSandbox::new(GuestBinary::FilePath(path), None, None, None).unwrap();
+        let u_sbox = SandboxBuilder::new(GuestBinary::FilePath(path.clone()))
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
         u_sbox.evolve(Noop::default())
     }
     .unwrap();