Snapshot persistence to disk

Save snapshots to disk via Snapshot::to_file(), load them back via
Snapshot::from_file(). Create sandboxes directly from loaded snapshots via
MultiUseSandbox::from_snapshot(), bypassing ELF parsing and guest init.

Signed-off-by: Ludvig Liljenberg <4257730+ludfjig@users.noreply.github.com>

Author: ludfjig

src/hyperlight_host/benches/benchmarks.rs

@@ -556,6 +556,93 @@ fn shared_memory_benchmark(c: &mut Criterion) {
     group.finish();
 }
 
+// ============================================================================
+// Benchmark Category: Snapshot Files
+// ============================================================================
+
+fn snapshot_file_benchmark(c: &mut Criterion) {
+    use hyperlight_host::sandbox::snapshot::Snapshot;
+
+    let mut group = c.benchmark_group("snapshot_files");
+
+    // Pre-create snapshot files for all sizes
+    let dirs: Vec<_> = SandboxSize::all()
+        .iter()
+        .map(|size| {
+            let dir = tempfile::tempdir().unwrap();
+            let snap_path = dir.path().join(format!("{}.hls", size.name()));
+            let snapshot = {
+                let mut sbox = create_multiuse_sandbox_with_size(*size);
+                sbox.snapshot().unwrap()
+            };
+            snapshot.to_file(&snap_path).unwrap();
+            (dir, snapshot)
+        })
+        .collect();
+
+    // Benchmark: save_snapshot
+    for (i, size) in SandboxSize::all().iter().enumerate() {
+        let snap_dir = tempfile::tempdir().unwrap();
+        let path = snap_dir.path().join("bench.hls");
+        let snapshot = &dirs[i].1;
+        group.bench_function(format!("save_snapshot/{}", size.name()), |b| {
+            b.iter(|| {
+                snapshot.to_file(&path).unwrap();
+            });
+        });
+    }
+
+    // Benchmark: load_snapshot (mmap + header parse + hash verify)
+    for (i, size) in SandboxSize::all().iter().enumerate() {
+        let snap_path = dirs[i].0.path().join(format!("{}.hls", size.name()));
+        group.bench_function(format!("load_snapshot/{}", size.name()), |b| {
+            b.iter(|| {
+                let _ = Snapshot::from_file(&snap_path).unwrap();
+            });
+        });
+    }
+
+    // Benchmark: cold_start_via_evolve (new + evolve + call)
+    for size in SandboxSize::all() {
+        group.bench_function(format!("cold_start_via_evolve/{}", size.name()), |b| {
+            b.iter(|| {
+                let mut sbox = create_multiuse_sandbox_with_size(size);
+                sbox.call::<String>("Echo", "hello\n".to_string()).unwrap();
+            });
+        });
+    }
+
+    // Benchmark: cold_start_via_snapshot (load + from_snapshot + call)
+    for (i, size) in SandboxSize::all().iter().enumerate() {
+        let snap_path = dirs[i].0.path().join(format!("{}.hls", size.name()));
+        group.bench_function(format!("cold_start_via_snapshot/{}", size.name()), |b| {
+            b.iter(|| {
+                let loaded = Snapshot::from_file(&snap_path).unwrap();
+                let mut sbox = MultiUseSandbox::from_snapshot(std::sync::Arc::new(loaded)).unwrap();
+                sbox.call::<String>("Echo", "hello\n".to_string()).unwrap();
+            });
+        });
+    }
+
+    // Benchmark: cold_start_via_snapshot_unchecked (no hash verify)
+    for (i, size) in SandboxSize::all().iter().enumerate() {
+        let snap_path = dirs[i].0.path().join(format!("{}.hls", size.name()));
+        group.bench_function(
+            format!("cold_start_via_snapshot_unchecked/{}", size.name()),
+            |b| {
+                b.iter(|| {
+                    let loaded = Snapshot::from_file_unchecked(&snap_path).unwrap();
+                    let mut sbox =
+                        MultiUseSandbox::from_snapshot(std::sync::Arc::new(loaded)).unwrap();
+                    sbox.call::<String>("Echo", "hello\n".to_string()).unwrap();
+                });
+            },
+        );
+    }
+
+    group.finish();
+}
+
 criterion_group! {
     name = benches;
     config = Criterion::default();
@@ -566,6 +653,7 @@ criterion_group! {
         guest_call_benchmark_large_param,
         function_call_serialization_benchmark,
         sample_workloads_benchmark,
-        shared_memory_benchmark
+        shared_memory_benchmark,
+        snapshot_file_benchmark
 }
 criterion_main!(benches);

src/hyperlight_host/src/hypervisor/hyperlight_vm/x86_64.rs

@@ -352,20 +352,27 @@ impl HyperlightVm {
         self.vm.set_debug_regs(&CommonDebugRegs::default())?;
         self.vm.reset_xsave()?;
 
+        self.apply_sregs(cr3, sregs)
+    }
+
+    /// Apply special registers and mark TLB for flush. Used by both
+    /// `reset_vcpu` (which also resets GPRs/debug/FPU) and
+    /// `from_snapshot` (which skips the redundant resets).
+    pub(crate) fn apply_sregs(
+        &mut self,
+        cr3: u64,
+        sregs: &CommonSpecialRegisters,
+    ) -> std::result::Result<(), RegisterError> {
         #[cfg(not(feature = "nanvix-unstable"))]
         {
-            // Restore the full special registers from snapshot, but update CR3
-            // to point to the new (relocated) page tables
             let mut sregs = *sregs;
             sregs.cr3 = cr3;
             self.pending_tlb_flush = true;
             self.vm.set_sregs(&sregs)?;
         }
         #[cfg(feature = "nanvix-unstable")]
         {
-            let _ = (cr3, sregs); // suppress unused warnings
-            // TODO: This is probably not correct.
-            // Let's deal with it when we clean up the nanvix-unstable feature
+            let _ = (cr3, sregs);
             self.vm
                 .set_sregs(&CommonSpecialRegisters::standard_real_mode_defaults())?;
         }

src/hyperlight_host/src/hypervisor/surrogate_process.rs

@@ -94,7 +94,6 @@ impl SurrogateProcess {
                 Ok(oe.get().surrogate_base)
             }
             Entry::Vacant(ve) => {
-                // Derive the page protection from the mapping type
                 let page_protection = match mapping {
                     SurrogateMapping::SandboxMemory => PAGE_READWRITE,
                     SurrogateMapping::ReadOnlyFile => PAGE_READONLY,
@@ -123,9 +122,6 @@ impl SurrogateProcess {
                     );
                 }
 
-                // Only set guard pages for SandboxMemory mappings.
-                // File-backed read-only mappings do not need guard pages
-                // because the host does not write to them.
                 if *mapping == SurrogateMapping::SandboxMemory {
                     let mut unused_out_old_prot_flags = PAGE_PROTECTION_FLAGS(0);
 

src/hyperlight_host/src/mem/layout.rs

@@ -225,16 +225,16 @@ pub(crate) struct SandboxMemoryLayout {
     /// The size of the guest code section.
     pub(crate) code_size: usize,
     /// The size of the init data section (guest blob).
-    init_data_size: usize,
+    pub(crate) init_data_size: usize,
     /// Permission flags for the init data region.
     #[cfg_attr(feature = "nanvix-unstable", allow(unused))]
-    init_data_permissions: Option<MemoryRegionFlags>,
+    pub(crate) init_data_permissions: Option<MemoryRegionFlags>,
     /// The size of the scratch region in physical memory.
-    scratch_size: usize,
+    pub(crate) scratch_size: usize,
     /// The size of the snapshot region in physical memory.
-    snapshot_size: usize,
+    pub(crate) snapshot_size: usize,
     /// The size of the page tables (None if not yet set).
-    pt_size: Option<usize>,
+    pub(crate) pt_size: Option<usize>,
 }
 
 impl SandboxMemoryLayout {
@@ -394,12 +394,6 @@ impl SandboxMemoryLayout {
         self.peb_file_mappings_offset()
     }
 
-    /// Get the offset in guest memory to the file_mappings pointer field.
-    #[cfg(feature = "nanvix-unstable")]
-    fn get_file_mappings_pointer_offset(&self) -> usize {
-        self.get_file_mappings_size_offset() + size_of::<u64>()
-    }
-
     /// Get the offset in snapshot memory where the FileMappingInfo array starts
     /// (immediately after the PEB struct, within the same page).
     #[cfg(feature = "nanvix-unstable")]

src/hyperlight_host/src/mem/memory_region.rs

@@ -158,7 +158,9 @@ impl MemoryRegionType {
     /// shared memory mapping with guard pages.
     pub fn surrogate_mapping(&self) -> SurrogateMapping {
         match self {
-            MemoryRegionType::MappedFile => SurrogateMapping::ReadOnlyFile,
+            MemoryRegionType::MappedFile | MemoryRegionType::Snapshot => {
+                SurrogateMapping::ReadOnlyFile
+            }
             _ => SurrogateMapping::SandboxMemory,
         }
     }