work: various changes to enable benefits of cow in wasm

Author: syntactically

Cargo.lock

@@ -13,4 +13,4 @@ repository = "https://github.com/hyperlight-dev/hyperlight-wasm"
 readme = "README.md"
 
 [workspace.dependencies]
-hyperlight-host = { version = "0.12.0", default-features = false, features = ["executable_heap", "init-paging"] }
+hyperlight-host = { git = "https://github.com/hyperlight-dev/hyperlight", branch = "lm/cow-wasm-work", default-features = false, features = ["executable_heap", "init-paging"] }

Cargo.toml

@@ -0,0 +1,282 @@
+{
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  inputs.nixpkgs-mozilla.url = "github:mozilla/nixpkgs-mozilla/master";
+  outputs = { self, nixpkgs, nixpkgs-mozilla, ... } @ inputs:
+    rec {
+      overlays.fix-rust = self: super: {
+        # Work around the nixpkgs-mozilla equivalent of
+        # https://github.com/NixOS/nixpkgs/issues/278508 and an
+        # incompatibility between nixpkgs-mozilla and makeRustPlatform
+        rustChannelOf = args: let
+          orig = super.rustChannelOf args;
+          patchRustPkg = pkg: (pkg.overrideAttrs (oA: {
+            buildCommand = (builtins.replaceStrings
+              [ "rustc,rustdoc" ]
+              [ "rustc,rustdoc,clippy-driver,cargo-clippy,miri,cargo-miri" ]
+              oA.buildCommand) + (let
+                wrapperPath = self.path + "/pkgs/build-support/bintools-wrapper/ld-wrapper.sh";
+                baseOut = self.clangStdenv.cc.bintools.out;
+                getStdenvAttrs = drv: (drv.overrideAttrs (oA: {
+                  passthru.origAttrs = oA;
+                })).origAttrs;
+                baseEnv = (getStdenvAttrs self.clangStdenv.cc.bintools).env;
+                baseSubstitutedWrapper = self.replaceVars wrapperPath
+                  {
+                    inherit (baseEnv)
+                      shell coreutils_bin suffixSalt mktemp rm;
+                    use_response_file_by_default = "0";
+                    prog = null;
+                    out = null;
+                  };
+              in ''
+                # work around a bug in the overlay
+                ${oA.postInstall}
+
+                # copy over helper scripts that the wrapper needs
+                (cd "${baseOut}"; find . -type f \( -name '*.sh' -or -name '*.bash' \) -print0) | while read -d $'\0' script; do
+                  mkdir -p "$out/$(dirname "$script")"
+                  substitute "${baseOut}/$script" "$out/$script" --replace-quiet "${baseOut}" "$out"
+                done
+
+                # TODO: Work out how to make this work with cross builds
+                ldlld="$out/lib/rustlib/${self.clangStdenv.targetPlatform.config}/bin/gcc-ld/ld.lld";
+                if [ -e "$ldlld" ]; then
+                  export prog="$(readlink -f "$ldlld")"
+                  rm "$ldlld"
+                  substitute ${baseSubstitutedWrapper} "$ldlld" --subst-var "out" --subst-var "prog"
+                  chmod +x "$ldlld"
+                fi
+              '');
+          })) // {
+            targetPlatforms = [ "x86_64-linux" ];
+            badTargetPlatforms = [ ];
+          };
+          overrideRustPkg = pkg: self.lib.makeOverridable (origArgs:
+            patchRustPkg (pkg.override origArgs)
+          ) {};
+        in builtins.mapAttrs (_: overrideRustPkg) orig;
+      };
+      gcroots =
+        let gcrootForShell = pkg: pkg // derivation (pkg.drvAttrs // {
+              origArgs = pkg.drvAttrs.args;
+              # assume the builder is bash for now (it always is for
+              # stdenv, which is the only thing that we will encounter
+              # in this flake).
+              args = [ "-c" "declare > $out" ];
+            });
+        in {
+          shells.default = gcrootForShell devShells.x86_64-linux.default;
+        };
+      devShells.x86_64-linux.default =
+        let pkgs = import nixpkgs {
+              system = "x86_64-linux";
+              overlays = [ (import (nixpkgs-mozilla + "/rust-overlay.nix")) overlays.fix-rust ];
+            };
+        in with pkgs; let
+          customisedRustChannelOf = args:
+            lib.flip builtins.mapAttrs (rustChannelOf args) (_: pkg: pkg.override {
+              targets = [
+                "x86_64-unknown-linux-gnu"
+                "x86_64-pc-windows-msvc" "x86_64-unknown-none"
+                "wasm32-wasip1" "wasm32-wasip2" "wasm32-unknown-unknown"
+                "i686-unknown-linux-gnu"
+              ];
+              extensions = [ "rust-src" ] ++ (if args.channel == "nightly" then [ "miri-preview" ] else []);
+            });
+
+          # Hyperlight needs a variety of toolchains, since we use Nightly
+          # for rustfmt and old toolchains to verify MSRV
+          toolchains = lib.mapAttrs (_: customisedRustChannelOf) {
+            stable = {
+              date = "2025-12-11";
+              channel = "stable";
+              sha256 = "sha256-sqSWJDUxc+zaz1nBWMAJKTAGBuGWP25GCftIOlCEAtA=";
+            };
+            nightly = {
+              date = "2026-01-19";
+              channel = "nightly";
+              sha256 = "sha256-Ye65U/qzilPLte800N5oxFOY96shgG8bST8dbrF6Qh0=";
+            };
+            "1.89" = {
+              date = "2025-08-07";
+              channel = "stable";
+              sha256 = "sha256-+9FmLhAOezBZCOziO0Qct1NOrfpjNsXxc/8I0c7BdKE=";
+            };
+          };
+
+          rust-platform = makeRustPlatform {
+            cargo = toolchains.stable.rust;
+            rustc = toolchains.stable.rust;
+          };
+
+          manifests = [
+            "Cargo.toml"
+            "src/hyperlight_wasm_macro/Cargo.toml"
+            "src/rust_wasm_samples/Cargo.toml"
+            "src/wasm_runtime/Cargo.toml"
+            "src/component_sample/Cargo.toml"
+          ];
+          manifestDeps = builtins.map (manifest:
+            let lockPath = builtins.replaceStrings [ "toml" ] [ "lock" ] manifest; in
+            let lockFile = ./${lockPath}; in
+            rust-platform.importCargoLock { inherit lockFile; }) manifests;
+          # when building a guest with cargo-hyperlight, or when
+          # building a miri sysroot for the main workspace, we need to
+          # include any crates.io dependencies of the standard library
+          # (e.g. rustc-literal-escaper)
+          stdlibLocks = lib.mapAttrsToList (_: toolchain:
+            "${toolchain.rust}/lib/rustlib/src/rust/library/Cargo.lock"
+          ) toolchains;
+          stdlibDeps = builtins.map (lockFile:
+            rust-platform.importCargoLock { inherit lockFile; }) stdlibLocks;
+          deps = pkgs.symlinkJoin {
+            name = "cargo-deps";
+            paths = stdlibDeps ++ manifestDeps;
+          };
+
+          # Script snippet, used in the cargo/rustc wrappers below,
+          # which creates a number of .cargo/config.toml files in
+          # order to allow using Nix-fetched dependencies (this must
+          # be done for the guests, as well as for the main
+          # workspace).  Ideally, we would just use environment
+          # variables or the --config option to Cargo, but
+          # unfortunately that tends not to play well with subcommands
+          # like `cargo clippy` and `cargo hyperlight` (see
+          # https://github.com/rust-lang/cargo/issues/11031).
+          materialiseDeps = let
+            sortedManifests = lib.lists.sort (p: q: p > q) manifests;
+            matchClause = path: ''  */${path}) root="''${manifest%${path}}" ;;'';
+            matchClauses = lib.strings.concatStringsSep "\n"
+              (builtins.map matchClause sortedManifests);
+          in ''
+            base_cargo() {
+              PATH="$base/bin:$PATH" "$base/bin/cargo" "$@"
+            }
+
+            manifest=$(base_cargo locate-project --message-format plain --workspace)
+            case "$manifest" in
+              ${matchClauses}
+            esac
+            if [ -f ''${root}/flake.nix ]; then
+
+              mkdir -p $root/$.cargo
+              cat >$root/.cargo/config.toml2 <<EOF
+              [source.crates-io]
+              replace-with = "vendored-sources"
+
+              [source.vendored-sources]
+              directory = "${deps}"
+            EOF
+
+              sed -i '/# vendor dependency configuration generated by nix/{N;d;}' $root/.git/info/exclude
+              printf "# vendor dependency configuration generated by nix\n%s\n" "/.cargo" >> $root/.git/info/exclude
+            fi
+
+            # libgit2-sys copies a vendored git2 into the target/
+            # directory somewhere. In certain, rare, cases,
+            # libgit2-sys is rebuilt in the same incremental dep
+            # directory as it was before, and then this copy fails,
+            # because the files, copied from the nix store, already
+            # exist and do not have w permission. Hack around this
+            # issue by making any existing libgit2-sys vendored git2
+            # files writable before a build can be run
+            find "$(base_cargo metadata --format-version 1 | jq -r '.target_directory')" -path '*/build/libgit2-sys-*/out/include' -print0 | xargs -r -0 chmod u+w -R
+          '';
+
+          # Hyperlight scripts use cargo in a bunch of ways that don't
+          # make sense for Nix cargo, including the `rustup +toolchain`
+          # syntax to use a specific toolchain and `cargo install`, so we
+          # build wrappers for rustc and cargo that enable this.  The
+          # scripts also use `rustup toolchain install` in some cases, in
+          # order to work in CI, so we provide a fake rustup that does
+          # nothing as well.
+          rustup-like-wrapper = name: pkgs.writeShellScriptBin name
+            (let
+              clause = name: toolchain:
+                "+${name}) base=\"${toolchain.rust}\"; shift 1; ;;";
+              clauses = lib.strings.concatStringsSep "\n"
+                (lib.mapAttrsToList clause toolchains);
+            in ''
+              base="${toolchains.stable.rust}"
+              ${materialiseDeps}
+              case "$1" in
+                ${clauses}
+                install) exit 0; ;;
+              esac
+              export PATH="$base/bin:$PATH"
+              exec "$base/bin/${name}" "$@"
+            '');
+          fake-rustup = pkgs.symlinkJoin {
+            name = "fake-rustup";
+            paths = [
+              (pkgs.writeShellScriptBin "rustup" "")
+              (rustup-like-wrapper "rustc")
+              (rustup-like-wrapper "cargo")
+            ];
+          };
+
+          buildRustPackageClang = rust-platform.buildRustPackage.override { stdenv = clangStdenv; };
+
+          cargo-hyperlight = buildRustPackageClang rec {
+            pname = "cargo-hyperlight";
+            version = "0.1.5";
+            src = fetchFromGitHub {
+              owner = "hyperlight-dev";
+              repo = "cargo-hyperlight";
+              tag = "v${version}";
+              hash = "sha256-xq4/c69N0wG/I8WOYVloo0J0JqoSIKiWWtECdSKrsxo=";
+            };
+            cargoHash = "sha256-muiMVrK1TydQiMitihfo7xYidqUIIQ+Hw3BIeo5rLFw=";
+          };
+        in (buildRustPackageClang (mkDerivationAttrs: {
+          pname = "hyperlight";
+          version = "0.0.0";
+          src = lib.cleanSource ./.;
+          cargoDeps = deps;
+
+          nativeBuildInputs = [
+            azure-cli
+            just
+            dotnet-sdk_9
+            llvmPackages_18.llvm
+            gh
+            lld
+            valgrind
+            pkg-config
+            ffmpeg
+            mkvtoolnix
+            wasm-tools
+            jq
+            jaq
+            gdb
+            zlib
+            cargo-hyperlight
+            typos
+            flatbuffers
+            cargo-fuzz
+            wit-bindgen
+            cargo-component
+          ];
+          buildInputs = [
+            pango
+            cairo
+            openssl
+          ];
+
+          auditable = false;
+
+          LIBCLANG_PATH = "${pkgs.llvmPackages_18.libclang.lib}/lib";
+          # Use unwrapped clang for compiling guests
+          HYPERLIGHT_GUEST_clang = "${clang.cc}/bin/clang";
+
+          RUST_NIGHTLY = "${toolchains.nightly.rust}";
+          # Set this through shellHook rather than nativeBuildInputs to be
+          # really sure that it overrides the real cargo.
+          postHook = ''
+            export PATH="${fake-rustup}/bin:$PATH"
+          '';
+        })).overrideAttrs(oA: {
+          hardeningDisable = [ "all" ];
+        });
+    };
+}

flake.lock

@@ -47,6 +47,7 @@ fn main() {
     let state = State::new();
     let mut sb: hyperlight_wasm::ProtoWasmSandbox = hyperlight_wasm::SandboxBuilder::new()
         .with_guest_input_buffer_size(70000000)
+        .with_guest_scratch_size(70995968)
         .with_guest_heap_size(200000000)
         .with_guest_stack_size(100000000)
         .build()

flake.nix

@@ -112,7 +112,7 @@ fn main() -> Result<()> {
             "RoundToInt test case {idx} failed: got {}, expected {}",
             result, expected_result
         );
-        loaded_wasm_sandbox.restore(&snapshot)?
+        loaded_wasm_sandbox.restore(snapshot.clone())?
     }
     Ok(())
 }

src/hyperlight_wasm/examples/component_example/main.rs

@@ -97,7 +97,7 @@ fn main() -> Result<()> {
 
     // Recovery option 1: Use restore() to recover the sandbox
     println!("\n7. Recovering sandbox using restore()...");
-    loaded.restore(&snapshot)?;
+    loaded.restore(snapshot)?;
     assert!(!loaded.is_poisoned()?);
     println!("   is_poisoned after restore: {}", loaded.is_poisoned()?);
 

src/hyperlight_wasm/examples/helloworld/main.rs

@@ -42,7 +42,7 @@ pub struct LoadedWasmSandbox {
     // because of this we cannot implement drop without making inner an Option (alternatively we could make MultiUseSandbox Copy but that would introduce other issues)
     inner: Option<MultiUseSandbox>,
     // The state the sandbox was in before loading a wasm module. Used for transitioning back to a `WasmSandbox` (unloading the wasm module).
-    runtime_snapshot: Option<Snapshot>,
+    runtime_snapshot: Option<Arc<Snapshot>>,
 }
 
 impl LoadedWasmSandbox {
@@ -86,9 +86,9 @@ impl LoadedWasmSandbox {
     /// Returns `Err(HyperlightError::PoisonedSandbox)` if the sandbox is in a
     /// poisoned state. Use [`restore()`](Self::restore) with a previously
     /// taken snapshot to recover before taking a new snapshot.
-    pub fn snapshot(&mut self) -> Result<Snapshot> {
+    pub fn snapshot(&mut self) -> Result<Arc<Snapshot>> {
         match &mut self.inner {
-            Some(inner) => inner.snapshot(),
+            Some(inner) => inner.snapshot(None),
             None => log_then_return!("No inner MultiUseSandbox to snapshot"),
         }
     }
@@ -105,7 +105,8 @@ impl LoadedWasmSandbox {
     /// 1. Clear the poisoned state
     /// 2. Reset memory to the snapshot state
     /// 3. Allow subsequent [`call_guest_function()`](Self::call_guest_function) calls to succeed
-    pub fn restore(&mut self, snapshot: &Snapshot) -> Result<()> {
+    pub fn restore(&mut self, snapshot: Arc<Snapshot>) -> Result<()> {
+        eprintln!("did a restore (2)");
         match &mut self.inner {
             Some(inner) => inner.restore(snapshot),
             None => log_then_return!("No inner MultiUseSandbox to restore"),
@@ -135,7 +136,7 @@ impl LoadedWasmSandbox {
 
     pub(super) fn new(
         inner: MultiUseSandbox,
-        runtime_snapshot: Snapshot,
+        runtime_snapshot: Arc<Snapshot>,
     ) -> Result<LoadedWasmSandbox> {
         metrics::gauge!(METRIC_ACTIVE_LOADED_WASM_SANDBOXES).increment(1);
         metrics::counter!(METRIC_TOTAL_LOADED_WASM_SANDBOXES).increment(1);