[*] bring back tests + benchmarks + fuzzing + examples

- added convenience justfile rule to test like CI (w/ different feature combinations),
- removed executable_heap feature (heap is always executable now).
- fixed check_stack_guard functionality w/ stack cookie (currently broken in main).
- fixed logging to get proper output_data_region address (host vs. guest address space when
in process vs. in hypervisor).
- modified print_output to return the message length.

Signed-off-by: danbugs <[email protected]>

Author: danbugs

Justfile

@@ -62,6 +62,22 @@ clean-rust:
 
 # Note: most testing recipes take an optional "features" comma separated list argument. If provided, these will be passed to cargo as **THE ONLY FEATURES**, i.e. default features will be disabled.
 
+# run full CI test matrix
+test-like-ci config=default-target hypervisor="kvm":
+    @# with default features
+    just test {{config}} {{ if hypervisor == "mshv3" {"mshv3"} else {""} }}
+
+    @# with only one driver enabled + seccomp + inprocess
+    just test {{config}} inprocess,seccomp,{{ if hypervisor == "mshv" {"mshv2"} else if hypervisor == "mshv3" {"mshv3"} else {"kvm"} }}
+
+    @# make sure certain cargo features compile
+    cargo check -p hyperlight-host --features crashdump
+    cargo check -p hyperlight-host --features print_debug
+    cargo check -p hyperlight-host --features gdb
+
+    @# without any driver (should fail to compile)
+    just test-compilation-fail {{config}}
+
 # runs all tests
 test target=default-target features="": (test-unit target features) (test-isolated target features) (test-integration "rust" target features) (test-integration "c" target features) (test-seccomp target features)
 
@@ -83,11 +99,6 @@ test-isolated target=default-target features="":
 
 # runs integration tests. Guest can either be "rust" or "c"
 test-integration guest target=default-target features="":
-    @# run execute_on_heap test with feature "executable_heap" on and off
-    {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test --profile={{ if target == "debug" { "dev" } else { target } }} --test integration_test execute_on_heap {{ if features =="" {" --features executable_heap"} else {"--features executable_heap," + features} }} -- --ignored
-    {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test --profile={{ if target == "debug" { "dev" } else { target } }} --test integration_test execute_on_heap {{ if features =="" {""} else {"--features " + features} }} -- --ignored
-    
-    @# run the rest of the integration tests
     {{if os() == "windows" { "$env:" } else { "" } }}GUEST="{{guest}}"{{if os() == "windows" { ";" } else { "" } }} cargo test -p hyperlight-host {{ if features =="" {''} else if features=="no-default-features" {"--no-default-features" } else {"--no-default-features -F " + features } }} --profile={{ if target == "debug" { "dev" } else { target } }} --test '*'
 
 # runs seccomp tests

fuzz/fuzz_targets/guest_call.rs

@@ -19,26 +19,28 @@ limitations under the License.
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{GuestBinary, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
+
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 
 // This fuzz target tests all combinations of ReturnType and Parameters for `call_guest_function_by_name`.
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

fuzz/fuzz_targets/host_call.rs

@@ -19,11 +19,9 @@ limitations under the License.
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
-use hyperlight_host::sandbox::SandboxConfiguration;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{HyperlightError, MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{HyperlightError, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::fuzz_target;
 static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
@@ -32,13 +30,15 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

fuzz/fuzz_targets/host_print.rs

@@ -3,10 +3,10 @@
 use std::sync::{Mutex, OnceLock};
 
 use hyperlight_host::func::{ParameterValue, ReturnType, ReturnValue};
-use hyperlight_host::sandbox::uninitialized::GuestBinary;
+use hyperlight_host::sandbox::sandbox_builder::SandboxBuilder;
 use hyperlight_host::sandbox_state::sandbox::EvolvableSandbox;
 use hyperlight_host::sandbox_state::transition::Noop;
-use hyperlight_host::{MultiUseSandbox, UninitializedSandbox};
+use hyperlight_host::{GuestBinary, MultiUseSandbox};
 use hyperlight_testing::simple_guest_for_fuzzing_as_string;
 use libfuzzer_sys::{fuzz_target, Corpus};
 
@@ -18,13 +18,15 @@ static SANDBOX: OnceLock<Mutex<MultiUseSandbox>> = OnceLock::new();
 // For fuzzing efficiency, we create one Sandbox and reuse it for all fuzzing iterations.
 fuzz_target!(
     init: {
-        let u_sbox = UninitializedSandbox::new(
-            GuestBinary::FilePath(simple_guest_for_fuzzing_as_string().expect("Guest Binary Missing")),
-            None,
-            None,
-            None,
+        let u_sbox = SandboxBuilder::new(
+            GuestBinary::FilePath(
+                simple_guest_for_fuzzing_as_string()
+                    .expect("Guest Binary Missing")
+            )
         )
-        .unwrap();
+            .expect("Failed to create sandbox")
+            .build()
+            .expect("Failed to build sandbox");
 
         let mu_sbox: MultiUseSandbox = u_sbox.evolve(Noop::default()).unwrap();
         SANDBOX.set(Mutex::new(mu_sbox)).unwrap();

src/hyperlight_common/src/peb.rs

@@ -27,7 +27,9 @@ pub struct MemoryRegion {
 #[repr(C)]
 #[derive(Clone, Default)]
 pub struct HyperlightPEB {
+    /// The minimum stack address is the lowest address of the stack.
     pub min_stack_address: u64,
+
     // - Host configured fields
     /// Hyperlight supports two primary modes:
     /// 1. Hypervisor mode
@@ -166,7 +168,7 @@ impl HyperlightPEB {
 
     /// Sets the guest stack data region.
     /// - HyperlightPEB is always set with a default size for stack from the guest binary, there's an
-    /// option to override this size with the `size_override` parameter.
+    ///     option to override this size with the `size_override` parameter.
 
     pub fn set_guest_stack_data_region(&mut self, offset: u64, size_override: Option<u64>) {
         let size = size_override.unwrap_or_else(|| {
@@ -237,7 +239,7 @@ impl HyperlightPEB {
 
     /// Sets the guest heap data region.
     /// - HyperlightPEB is always set with a default size for heap from the guest binary, there's an
-    /// option to override this size with the `size_override` parameter.
+    ///     option to override this size with the `size_override` parameter.
     pub fn set_guest_heap_data_region(&mut self, offset: u64, size_override: Option<u64>) {
         let size = size_override.unwrap_or_else(|| {
             self.guest_heap_data

src/hyperlight_guest/src/entrypoint.rs

@@ -86,7 +86,7 @@ pub extern "win64" fn entrypoint(peb_address: u64, seed: u64, max_log_level: u64
 
         // The guest sets the address to a "guest function dispatch" function, which is a function
         // that is called by the host to dispatch calls to guest functions.
-        (*PEB).set_guest_function_dispatch_ptr(dispatch_function as u64);
+        (*PEB).set_guest_function_dispatch_ptr(dispatch_function as usize as u64);
 
         // Set up the guest heap
         HEAP_ALLOCATOR

src/hyperlight_guest/src/guest_error.rs

@@ -30,7 +30,7 @@ pub(crate) fn write_error(error_code: ErrorCode, message: Option<&str>) {
     let output_data: OutputDataSection = peb.get_output_data_region().into();
 
     let guest_error = GuestError::new(
-        error_code.clone(),
+        error_code,
         message.map_or("".to_string(), |m| m.to_string()),
     );
 

src/hyperlight_guest/src/guest_function_call.rs

@@ -93,7 +93,7 @@ fn internal_dispatch_function() -> Result<()> {
         .expect("Function call deserialization failed");
 
     let result_vec = call_guest_function(function_call).inspect_err(|e| {
-        set_error(e.kind.clone(), e.message.as_str());
+        set_error(e.kind, e.message.as_str());
     })?;
 
     output_data_section

src/hyperlight_guest/src/logging.rs

@@ -44,9 +44,8 @@ fn write_log_data(
         .try_into()
         .expect("Failed to convert GuestLogData to bytes");
 
-    let output_data_section: OutputDataSection = unsafe { (*PEB).clone() }
-        .get_output_data_guest_region()
-        .into();
+    let output_data_section: OutputDataSection =
+        unsafe { (*PEB).clone() }.get_output_data_region().into();
 
     output_data_section
         .push_shared_output_data(bytes)

src/hyperlight_guest_capi/src/dispatch.rs

@@ -7,10 +7,10 @@ use core::mem;
 use hyperlight_common::flatbuffer_wrappers::function_call::FunctionCall;
 use hyperlight_common::flatbuffer_wrappers::function_types::{ParameterType, ReturnType};
 use hyperlight_common::flatbuffer_wrappers::guest_error::ErrorCode;
+use hyperlight_common::host_calling::call_host_function;
 use hyperlight_guest::error::{HyperlightGuestError, Result};
 use hyperlight_guest::guest_function_definition::GuestFunctionDefinition;
 use hyperlight_guest::guest_function_register::GuestFunctionRegister;
-use hyperlight_guest::host_function_call::call_host_function;
 
 use crate::types::{FfiFunctionCall, FfiVec};
 static mut REGISTERED_C_GUEST_FUNCTIONS: GuestFunctionRegister = GuestFunctionRegister::new();