WIP: snapshot goldens: split fixtures by hv/cpu/profile + cross-load CI

Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>

Author: ludfjig

.github/workflows/RegenSnapshotGoldens.yml

@@ -15,14 +15,17 @@ defaults:
     shell: bash
 
 jobs:
-  # Build guests once, upload as artifacts for the regen jobs to
-  # download. Mirrors `build-guests` in `ValidatePullRequest.yml`.
+  # Build guests once per config, upload as artifacts for the regen
+  # jobs to download. Mirrors `build-guests` in
+  # `ValidatePullRequest.yml`. Both debug and release simpleguest
+  # binaries are needed because the captured memory blob differs
+  # between them, so each ends up in a separate fixture cell.
   build-guests:
     if: github.event.label.name == 'regen-goldens'
     strategy:
       fail-fast: false
       matrix:
-        config: [debug]
+        config: [debug, release]
     uses: ./.github/workflows/dep_build_guests.yml
     secrets: inherit
     with:
@@ -38,12 +41,14 @@ jobs:
       matrix:
         hypervisor: ['hyperv-ws2025', mshv3, kvm]
         cpu: [amd, intel]
+        config: [debug, release]
     runs-on: ${{ fromJson(
-        format('["self-hosted", "{0}", "X64", "1ES.Pool=hld-{1}-{2}", "JobId=regen-goldens-{3}-{4}-{5}-{6}"]',
+        format('["self-hosted", "{0}", "X64", "1ES.Pool=hld-{1}-{2}", "JobId=regen-goldens-{3}-{4}-{5}-{6}-{7}"]',
           matrix.hypervisor == 'hyperv-ws2025' && 'Windows' || 'Linux',
           matrix.hypervisor == 'hyperv-ws2025' && 'win2025' || matrix.hypervisor == 'mshv3' && 'azlinux3-mshv' || matrix.hypervisor,
           matrix.cpu,
           matrix.hypervisor,
+          matrix.config,
           github.run_id,
           github.run_number,
           github.run_attempt)) }}
@@ -64,33 +69,32 @@ jobs:
       - name: Rust cache
         uses: Swatinem/rust-cache@v2
         with:
-          shared-key: "${{ runner.os }}-debug"
+          shared-key: "${{ runner.os }}-${{ matrix.config }}"
           cache-on-failure: "true"
 
       - name: Download Rust guests
         uses: actions/download-artifact@v8
         with:
-          name: rust-guests-debug
-          path: src/tests/rust_guests/bin/debug/
+          name: rust-guests-${{ matrix.config }}
+          path: src/tests/rust_guests/bin/${{ matrix.config }}/
 
       - name: Run regen
         env:
           HYPERLIGHT_REGEN_GOLDENS: "1"
         run: |
-          cargo test -p hyperlight-host --lib \
+          cargo test --profile=${{ matrix.config == 'debug' && 'dev' || matrix.config }} \
+            -p hyperlight-host --lib \
             sandbox::snapshot::golden_tests::golden_regen \
             -- --nocapture
 
       - name: Upload regenerated fixtures
         uses: actions/upload-artifact@v4
         with:
-          name: goldens-${{ matrix.hypervisor }}-${{ matrix.cpu }}
-          # Map the runner's hypervisor input to the fixture filename
-          # suffix that golden_regen produces for that runner: mshv3 -> mshv,
-          # hyperv-ws2025 -> whp, kvm -> kvm. Restricting the glob this way
-          # avoids uploading stale fixtures for other HVs that happened to
-          # be checked in alongside this branch.
+          name: goldens-${{ matrix.hypervisor }}-${{ matrix.cpu }}-${{ matrix.config }}
+          # Restrict the glob to fixtures matching this cell's
+          # `{hv}_{cpu}_{config}` suffix. mshv3 maps to the `mshv`
+          # filename suffix, hyperv-ws2025 maps to `whp`.
           path: |
-            src/hyperlight_host/tests/snapshot_goldens/fixtures/*_${{ matrix.hypervisor == 'mshv3' && 'mshv' || matrix.hypervisor == 'hyperv-ws2025' && 'whp' || matrix.hypervisor }}.hls
+            src/hyperlight_host/tests/snapshot_goldens/fixtures/*_${{ matrix.hypervisor == 'mshv3' && 'mshv' || matrix.hypervisor == 'hyperv-ws2025' && 'whp' || matrix.hypervisor }}_${{ matrix.cpu }}_${{ matrix.config }}.hls
           if-no-files-found: error
           retention-days: 14

.github/workflows/dep_build_test.yml

@@ -103,6 +103,48 @@ jobs:
           # with default features
           just test ${{ inputs.config }}
 
+      - name: Cross-load snapshot goldens from every (hv, cpu, profile) cell
+        # The committed snapshot fixtures are tagged
+        # `{hv}_{cpu}_{config}`; the regular `just test` step
+        # above already loaded the fixture matching this runner's
+        # triple without bypass. This step additionally cross-
+        # loads every other committed fixture into the local slot
+        # with `HYPERLIGHT_SNAPSHOT_BYPASS_VALIDATION=1`. That
+        # exercises that the on-disk format is portable across HVs
+        # and CPU vendors and that the host can restore a snapshot
+        # built against a foreign guest profile. Missing fixture
+        # cells are warned about but skipped so the step is
+        # forward-compatible while regen catches up.
+        env:
+          HYPERLIGHT_SNAPSHOT_BYPASS_VALIDATION: "1"
+        run: |
+          case "${{ inputs.hypervisor }}" in
+            mshv3)         LOCAL_HV=mshv ;;
+            hyperv-ws2025) LOCAL_HV=whp  ;;
+            *)             LOCAL_HV=kvm  ;;
+          esac
+          LOCAL_SUFFIX="${LOCAL_HV}_${{ inputs.cpu }}_${{ inputs.config }}"
+          FIX=src/hyperlight_host/tests/snapshot_goldens/fixtures
+          PROFILE=${{ inputs.config == 'debug' && 'dev' || inputs.config }}
+          for hv in kvm mshv whp; do
+            for cpu in intel amd; do
+              for cfg in debug release; do
+                SRC_SUFFIX="${hv}_${cpu}_${cfg}"
+                if [ "$SRC_SUFFIX" = "$LOCAL_SUFFIX" ]; then continue; fi
+                if [ ! -f "$FIX/init_${SRC_SUFFIX}.hls" ] || [ ! -f "$FIX/call_${SRC_SUFFIX}.hls" ]; then
+                  echo "::warning::missing fixture pair for ${SRC_SUFFIX}, skipping cross-load"
+                  continue
+                fi
+                echo "::group::cross-load source=${SRC_SUFFIX} into local=${LOCAL_SUFFIX}"
+                cp -f "$FIX/init_${SRC_SUFFIX}.hls" "$FIX/init_${LOCAL_SUFFIX}.hls"
+                cp -f "$FIX/call_${SRC_SUFFIX}.hls" "$FIX/call_${LOCAL_SUFFIX}.hls"
+                cargo test --profile=$PROFILE -p hyperlight-host --lib sandbox::snapshot::golden_tests
+                echo "::endgroup::"
+              done
+            done
+          done
+          git checkout -- "$FIX"
+
       - name: Run Rust tests with single driver
         if: runner.os == 'Linux'
         run: |

Justfile

@@ -598,21 +598,28 @@ fetch-snapshot-goldens run_id:
     gh run download {{run_id}} --dir target/snapshot-goldens-cross-load -p 'goldens-*'
     ls target/snapshot-goldens-cross-load/
 
-# Cross-load test: copy the chosen artifact's `.hls` files over the
-# committed fixtures (renamed to the local HV's suffix) and run
-# goldens with validation bypassed. `source` is the artifact dir
-# name (e.g. `goldens-kvm-intel`). `source_hv` is the suffix used
-# inside that artifact (`kvm`, `mshv`, or `whp`). `local_hv` is the
-# locally-detected hypervisor's suffix (`kvm`, `mshv`, or `whp`).
+# Cross-load test: copy the chosen artifact's `.hls` files over
+# the locally-named fixtures and run goldens with validation
+# bypassed so the HV-tag mismatch (and the resulting hash
+# mismatch) does not fail the load.
 #
-# Example (load AMD-on-KVM CI artifact on a local Intel KVM box):
-#   just cross-load-snapshot-goldens goldens-kvm-amd kvm kvm
+# `source` is the artifact dir name produced by the regen
+# workflow, e.g. `goldens-kvm-amd-debug`. `source_suffix` is the
+# `{hv}_{cpu}_{config}` suffix of the files inside that artifact
+# (e.g. `kvm_amd_debug`; mshv3 -> `mshv`, hyperv-ws2025 -> `whp`).
+# `local_suffix` is the `{hv}_{cpu}_{config}` suffix the local
+# `golden_tests` detection will look for on this machine.
 #
-# Example (load Intel-on-MSHV CI artifact on a local KVM box):
-#   just cross-load-snapshot-goldens goldens-mshv3-intel mshv kvm
-cross-load-snapshot-goldens source source_hv local_hv:
-    {{ if os() == "windows" { "Copy-Item -Force target/snapshot-goldens-cross-load/" + source + "/init_" + source_hv + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/init_" + local_hv + ".hls" } else { "cp target/snapshot-goldens-cross-load/" + source + "/init_" + source_hv + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/init_" + local_hv + ".hls" } }}
-    {{ if os() == "windows" { "Copy-Item -Force target/snapshot-goldens-cross-load/" + source + "/call_" + source_hv + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/call_" + local_hv + ".hls" } else { "cp target/snapshot-goldens-cross-load/" + source + "/call_" + source_hv + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/call_" + local_hv + ".hls" } }}
+# Example (load AMD-on-KVM-debug CI artifact on a local Intel KVM
+# debug box):
+#   just cross-load-snapshot-goldens goldens-kvm-amd-debug kvm_amd_debug kvm_intel_debug
+#
+# Example (load Intel-on-MSHV-release CI artifact on a local
+# KVM-debug box):
+#   just cross-load-snapshot-goldens goldens-mshv3-intel-release mshv_intel_release kvm_intel_debug
+cross-load-snapshot-goldens source source_suffix local_suffix:
+    {{ if os() == "windows" { "Copy-Item -Force target/snapshot-goldens-cross-load/" + source + "/init_" + source_suffix + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/init_" + local_suffix + ".hls" } else { "cp target/snapshot-goldens-cross-load/" + source + "/init_" + source_suffix + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/init_" + local_suffix + ".hls" } }}
+    {{ if os() == "windows" { "Copy-Item -Force target/snapshot-goldens-cross-load/" + source + "/call_" + source_suffix + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/call_" + local_suffix + ".hls" } else { "cp target/snapshot-goldens-cross-load/" + source + "/call_" + source_suffix + ".hls src/hyperlight_host/tests/snapshot_goldens/fixtures/call_" + local_suffix + ".hls" } }}
     {{ if os() == "windows" { "$env:HYPERLIGHT_SNAPSHOT_BYPASS_VALIDATION = '1'; cargo test -p hyperlight-host --lib sandbox::snapshot::golden_tests" } else { "HYPERLIGHT_SNAPSHOT_BYPASS_VALIDATION=1 cargo test -p hyperlight-host --lib sandbox::snapshot::golden_tests" } }}
     git checkout src/hyperlight_host/tests/snapshot_goldens/fixtures/
 

src/hyperlight_host/src/sandbox/snapshot/golden_tests.rs

@@ -40,17 +40,19 @@ limitations under the License.
 //!
 //! ## Skipping
 //!
-//! At test time we detect the locally available hypervisor. If no
-//! fixture is committed for that HV (e.g. KVM-only fixtures
-//! present, test runs on WHP), the test silently skips with a
-//! message. CI matrices ensure each HV is exercised by at least
-//! one job.
+//! At test time we detect the locally available hypervisor, the
+//! CPU vendor, and the build profile (`debug` vs `release`) and
+//! resolve the fixture file `{name}_{hv}_{cpu}_{profile}.hls`. If
+//! no matching fixture is committed (e.g. only Intel KVM fixtures
+//! checked in, test runs on AMD MSHV), the test silently skips
+//! with a message. CI matrices ensure every (hv, cpu, profile)
+//! combination is exercised by at least one job.
 //!
 //! ## Regeneration
 //!
 //! Set `HYPERLIGHT_REGEN_GOLDENS=1` and run `cargo test
-//! golden_regen` to overwrite every fixture for the locally
-//! available hypervisor. Always overwrites; the test is
+//! golden_regen` to overwrite every fixture matching the local
+//! `{hv}_{cpu}_{profile}` triple. Always overwrites; the test is
 //! deliberate. See `tests/snapshot_goldens/fixtures/README.md`
 //! for when this is needed.
 
@@ -116,16 +118,83 @@ impl LocalHypervisor {
     }
 }
 
+/// Detected CPU vendor. Used as a fixture-name suffix because the
+/// snapshot byte stream depends on the underlying CPU's CPUID
+/// (folded into sregs and the page tables we relocate on load).
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
+enum LocalCpu {
+    Intel,
+    Amd,
+}
+
+impl LocalCpu {
+    fn short_name(self) -> &'static str {
+        match self {
+            Self::Intel => "intel",
+            Self::Amd => "amd",
+        }
+    }
+
+    /// Detect the running CPU vendor via CPUID leaf 0. Returns
+    /// `None` for any vendor string we do not recognize so the
+    /// test simply skips on exotic hardware rather than guessing.
+    fn detect() -> Option<Self> {
+        #[cfg(target_arch = "x86_64")]
+        unsafe {
+            let r = std::arch::x86_64::__cpuid(0);
+            let mut vendor = [0u8; 12];
+            vendor[0..4].copy_from_slice(&r.ebx.to_le_bytes());
+            vendor[4..8].copy_from_slice(&r.edx.to_le_bytes());
+            vendor[8..12].copy_from_slice(&r.ecx.to_le_bytes());
+            match &vendor {
+                b"GenuineIntel" => Some(Self::Intel),
+                b"AuthenticAMD" => Some(Self::Amd),
+                _ => None,
+            }
+        }
+        #[cfg(not(target_arch = "x86_64"))]
+        {
+            None
+        }
+    }
+}
+
+/// Locally selected build profile, detected at test-time. The
+/// profile picks which guest binary `simple_guest_as_string`
+/// resolves to (debug vs release simpleguest), which changes the
+/// memory blob, so it is part of the fixture name.
+fn local_profile() -> &'static str {
+    if cfg!(debug_assertions) {
+        "debug"
+    } else {
+        "release"
+    }
+}
+
 fn fixtures_dir() -> PathBuf {
     PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/snapshot_goldens/fixtures")
 }
 
-/// Resolve the path to a fixture file for the current hypervisor.
-/// Returns `None` if no hypervisor is available, or if the fixture
-/// is missing from the checked-in set.
-fn fixture_path(name: &str) -> Option<PathBuf> {
+/// Filename suffix used for fixtures matching the current host:
+/// `{hv}_{cpu}_{profile}`. Returns `None` if any dimension is not
+/// detectable.
+fn fixture_suffix() -> Option<String> {
     let hv = LocalHypervisor::detect()?;
-    let path = fixtures_dir().join(format!("{}_{}.hls", name, hv.short_name()));
+    let cpu = LocalCpu::detect()?;
+    Some(format!(
+        "{}_{}_{}",
+        hv.short_name(),
+        cpu.short_name(),
+        local_profile()
+    ))
+}
+
+/// Resolve the path to a fixture file for the current hypervisor,
+/// CPU vendor and build profile. Returns `None` if any dimension is
+/// missing or the fixture is not checked in.
+fn fixture_path(name: &str) -> Option<PathBuf> {
+    let suffix = fixture_suffix()?;
+    let path = fixtures_dir().join(format!("{}_{}.hls", name, suffix));
     path.exists().then_some(path)
 }
 
@@ -141,7 +210,7 @@ fn load_golden(
         Some(p) => p,
         None => {
             eprintln!(
-                "snapshot_goldens: skipping {} (no fixture for local hypervisor)",
+                "snapshot_goldens: skipping {} (no fixture matching local hv/cpu/profile)",
                 name,
             );
             return None;
@@ -267,10 +336,8 @@ fn register_host_echo_fns<R: Registerable>(r: &mut R) {
 type FixtureBuilder = fn() -> Arc<Snapshot>;
 
 /// Master list of fixtures regenerated by the regen test.
-const FIXTURES: &[(&str, FixtureBuilder)] = &[
-    (INIT_FIXTURE, build_init),
-    (CALL_FIXTURE, build_call),
-];
+const FIXTURES: &[(&str, FixtureBuilder)] =
+    &[(INIT_FIXTURE, build_init), (CALL_FIXTURE, build_call)];
 
 // ============================================================================
 // Regeneration test (env-var-gated, not run in CI)
@@ -293,21 +360,21 @@ fn golden_regen() {
         }
     }
 
-    let hv = match LocalHypervisor::detect() {
-        Some(h) => h,
+    let suffix = match fixture_suffix() {
+        Some(s) => s,
         None => {
-            eprintln!("golden_regen: no hypervisor available, nothing to write");
+            eprintln!("golden_regen: skipping (no detected hypervisor / cpu vendor on this host)",);
             return;
         }
     };
-    eprintln!("golden_regen: using hypervisor {}", hv.short_name());
+    eprintln!("golden_regen: writing fixtures for suffix {}", suffix);
 
     let dir = fixtures_dir();
     std::fs::create_dir_all(&dir).expect("create fixtures dir");
 
     let mut wrote = 0usize;
     for (name, build) in FIXTURES {
-        let path = dir.join(format!("{}_{}.hls", name, hv.short_name()));
+        let path = dir.join(format!("{}_{}.hls", name, suffix));
         let snap = build();
         snap.to_file(&path).unwrap_or_else(|e| {
             panic!(

src/hyperlight_host/tests/snapshot_goldens/fixtures/README.md

@@ -1,17 +1,21 @@
 # Snapshot golden fixtures
 
 These are checked-in `.hls` snapshot files that exhaustively pin
-the on-disk snapshot format. Two fixtures per (arch, hypervisor):
+the on-disk snapshot format. Two fixtures per
+`(hypervisor, cpu, profile)` cell:
 
-* `init_{hv}.hls`: Initialise (preinit) snapshot
+* `init_{hv}_{cpu}_{profile}.hls`: Initialise (preinit) snapshot
   built with non-default layout sizes plus an init-data blob.
-* `call_{hv}.hls`: Call (mid-execution) snapshot
+* `call_{hv}_{cpu}_{profile}.hls`: Call (mid-execution) snapshot
   built after the guest has bumped a static, allocated and pinned
   a heap buffer with a known pattern, and round-tripped a value
   through every primitive-typed host function.
 
-`{hv}` is one of `kvm`, `mshv`, `whp`. Tests that don't match the
-local hypervisor skip silently.
+`{hv}` is one of `kvm`, `mshv`, `whp`. `{cpu}` is `intel` or
+`amd`. `{profile}` is `debug` or `release` (it changes which
+`simpleguest` binary the fixture was built against, which changes
+the captured memory blob). Tests that don't find a fixture
+matching the local triple skip silently.
 
 See `docs/snapshot-golden-tests-plan.md` for the full design and
 A-P surface enumeration.
@@ -44,9 +48,9 @@ every (HV, CPU) cell yourself.
    relevant assertion. Resolve those first.
 2. Apply the `regen-goldens` label to the PR.
 3. The `Regenerate Snapshot Goldens` workflow runs once per
-   `(hypervisor, cpu)` cell and uploads the produced `.hls`
-   files as artifacts named `goldens-{hv}-{cpu}`. If you re-add
-   the label the workflow runs again from scratch.
+   `(hypervisor, cpu, config)` cell and uploads the produced
+   `.hls` files as artifacts named `goldens-{hv}-{cpu}-{config}`.
+   If you re-add the label the workflow runs again from scratch.
 4. Download the artifacts from the workflow run page (or with
    `gh run download`).
 5. Drop the files into this directory, replacing existing fixtures.
@@ -64,8 +68,8 @@ HYPERLIGHT_REGEN_GOLDENS=1 cargo test -p hyperlight-host \
     --lib sandbox::snapshot::golden_tests::golden_regen -- --nocapture
 ```
 
-This always overwrites the fixtures for the locally available
-hypervisor.
+This always overwrites the fixtures matching the local
+`(hv, cpu, profile)` triple.
 
 **Do not commit fixtures generated this way.** Use the CI workflow
 artifacts instead. Local regen exists for ad-hoc debugging.
@@ -77,5 +81,7 @@ artifacts instead. Local regen exists for ad-hoc debugging.
   at the diff and confirm "this is just bytes that match the new
   format" rather than mixing it with logic changes.
 * Do not include unrelated `.hls` files in the same commit.
-* Total fixture size is ~10 MB per HV today. Keep an eye on the
-  size if adding more fixtures.
+* Total fixture size is ~10 MB per (hv, cpu, profile) cell
+  today. With 12 cells (3 hv * 2 cpu * 2 profile) the on-disk
+  total is around 120 MB. Keep an eye on the size if adding more
+  fixtures.