Skip to content

chore: migrate from bincode to bitcode #5617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kalyazin wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: migrate from bincode to bitcode #5617

kalyazin wants to merge 1 commit into from
+392 −508

Conversation

@kalyazin
Copy link
Contributor

@kalyazin kalyazin commented Jan 9, 2026
edited
Loading

Changes

Notable changes made during the migration:

  • Firecracker versions using bitcode can no longer parse snapshots produced by Firecracker versions using bincode and vice versa. Note that Firecracker does not support snapshot compatibility across its versions anyway.
  • RSS overhead has increased and exceeded 5 MB limit in certain tests. The memory monitor's threshold has been updated to 6 MB.
  • Since, unlike bincode, bitcode does not support with_fixed_int_encoding mode, the snapshot CRC field is now written as plain bytes to guarantee that its length is not going to change due to potential future changes in the serialisation logic.
  • Added a new argument to the seccompiler-bin to produce per-thread filter files to facilitate testing. Previously, the test_validate_filter was parsing the bincode-encoded filters itself. With individual per-thread filter files this is no longer required.

1 https://rustsec.org/advisories/RUSTSEC-2025-0141

Reason

The bincode crate is no longer maintained 1.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkbuild --all to verify that the PR passes
    build checks on all supported architectures.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

@codecov
Copy link

codecov bot commented Jan 9, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 52.70270% with 35 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.15%. Comparing base (9fb6fcc) to head (0c2a4b1).

Files with missing lines Patch % Lines
src/seccompiler/src/lib.rs 0.00% 22 Missing ⚠️
src/vmm/src/snapshot/mod.rs 75.00% 10 Missing ⚠️
src/vmm/src/seccomp.rs 75.00% 2 Missing ⚠️
src/seccompiler/src/bin.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5617      +/-   ##
==========================================
- Coverage   83.23%   83.15%   -0.09%     
==========================================
  Files         277      277              
  Lines       29312    29356      +44     
==========================================
+ Hits        24399    24412      +13     
- Misses       4913     4944      +31
Flag Coverage Δ
5.10-m5n.metal 83.47% <52.70%> (-0.10%) ⬇️
5.10-m6a.metal 82.81% <52.70%> (-0.10%) ⬇️
5.10-m6g.metal 80.19% <52.70%> (-0.10%) ⬇️
5.10-m6i.metal 83.48% <52.70%> (-0.09%) ⬇️
5.10-m7a.metal-48xl 82.80% <52.70%> (-0.10%) ⬇️
5.10-m7g.metal 80.19% <52.70%> (-0.10%) ⬇️
5.10-m7i.metal-24xl 83.45% <52.70%> (-0.10%) ⬇️
5.10-m7i.metal-48xl 83.45% <52.70%> (-0.10%) ⬇️
5.10-m8g.metal-24xl 80.19% <52.70%> (-0.10%) ⬇️
5.10-m8g.metal-48xl 80.19% <52.70%> (-0.10%) ⬇️
6.1-m5n.metal 83.51% <52.70%> (-0.09%) ⬇️
6.1-m6a.metal 82.84% <52.70%> (-0.09%) ⬇️
6.1-m6g.metal 80.19% <52.70%> (-0.10%) ⬇️
6.1-m6i.metal 83.50% <52.70%> (-0.09%) ⬇️
6.1-m7a.metal-48xl 82.83% <52.70%> (-0.10%) ⬇️
6.1-m7g.metal 80.19% <52.70%> (-0.10%) ⬇️
6.1-m7i.metal-24xl 83.52% <52.70%> (-0.10%) ⬇️
6.1-m7i.metal-48xl 83.52% <52.70%> (-0.10%) ⬇️
6.1-m8g.metal-24xl 80.19% <52.70%> (-0.10%) ⬇️
6.1-m8g.metal-48xl 80.19% <52.70%> (-0.10%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@kalyazin
chore: migrate from bincode to bitcode
0c2a4b1 
Reason: the bincode crate is no longer maintained [1].

Notable changes made during the migration:
 - Firecracker versions using bitcode can no longer parse snapshots
   produced by Firecracker versions using bincode and vice versa.
   Note that Firecracker does not support snapshot compatibility across
   its versions anyway.
 - RSS overhead has increased and exceeded 5 MB limit in certain tests.
   The memory monitor's threshold has been updated to 6 MB.
 - Since, unlike bincode, bitcode does not support
   with_fixed_int_encoding mode, the snapshot CRC field is now written
   as plain bytes to guarantee that its length is not going to change
   due to potential future changes in the serialisation logic.
 - Added a new argument to the seccompiler-bin to produce per-thread
   filter files to facilitate testing.  Previously, the
   test_validate_filter was parsing the bincode-encoded filters itself.
   With individual per-thread filter files this is no longer required.

[1] https://rustsec.org/advisories/RUSTSEC-2025-0141

Signed-off-by: Nikita Kalyazin <[email protected]>
@kalyazin kalyazin marked this pull request as ready for review January 12, 2026 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xmarcalx xmarcalx Awaiting requested review from xmarcalx xmarcalx is a code owner

@pb8o pb8o Awaiting requested review from pb8o pb8o is a code owner

@Manciukic Manciukic Awaiting requested review from Manciukic Manciukic is a code owner

1 more reviewer

@P4X-ng P4X-ng P4X-ng approved these changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kalyazin @P4X-ng