Change guest tracing to use flatbuffers serialization

Signed-off-by: Doru Blânzeanu <dblnz@pm.me>

Author: dblnz

.github/event.json

@@ -0,0 +1,7 @@
+{
+  "pull_request": {
+    "number": 844,
+    "base": { "ref": "main" },
+    "head": { "ref": "HEAD" }
+  }
+}

AI_PROMPT.md

@@ -0,0 +1,91 @@
+# AI Prompt: Hyperlight sandbox correlation ID and logging improvements
+
+## Context
+- Project: Hyperlight (Rust). This crate provides the host-side runtime for executing guest code in micro VMs.
+- Target area: `hyperlight-host` crate. We need robust per-sandbox correlation to filter/attribute logs and traces in multi-tenant hosts.
+- Platform: Linux and Windows; primary dev focus often Linux with KVM/MSHV.
+
+## Repo standards and constraints
+- Follow existing Rust style and lint checks. Run: `just fmt-apply`, `just Clippy debug`, `just Clippy release`.
+- No new crates/dependencies without discussion. Prefer zero public API breakage.
+- Add tests for new behavior; follow existing testing patterns under `src/hyperlight_host/{tests,examples}` and top-level `tests/`.
+- Docs: Add Rust documentation comments on public APIs; update docs/ if user-facing behavior changes.
+- CI/dev flow: `just build`, `just guests` (before tests) and for CI-like runs `just test-like-ci`.
+- Commit hygiene: signed and DCO sign-off; keep commits small and logically ordered.
+
+## Current implementation snapshot (Done)
+- A per-sandbox correlation ID is generated upon `UninitializedSandbox::new()` using a UUID v4 hyphenated string.
+- The ID is stored on `UninitializedSandbox` and propagated on evolve into `MultiUseSandbox`.
+- Public getters exist on both:
+  - `impl UninitializedSandbox { pub fn correlation_id(&self) -> &str }`
+  - `impl MultiUseSandbox { pub fn correlation_id(&self) -> &str }`
+- Thread-safety: ID is immutable string owned by the sandbox, safe to share by reference.
+- Tests: A unit test asserts ID is generated and preserved across evolve.
+
+## Goals next (this iteration)
+1. Ensure correlation ID is consistently attached to all host-emitted logs/traces/metrics related to a sandbox instance.
+2. Make it easy for callers to include the correlation ID in their own logs when handling a sandbox handle.
+3. Keep changes additive and backwards-compatible.
+
+## Scope in this phase (What to implement)
+- Tracing/logging attachment:
+  - When creating a sandbox (both uninitialized and multi-use lifecycle), create a tracing span or log context field that includes `correlation_id` and is parented appropriately for subsequent operations.
+  - Ensure guest call paths (`MultiUseSandbox::call` and friends) include `correlation_id` either by span field or structured log fields on events.
+  - Ensure error logs produced during sandbox creation/evolution and guest calls include `correlation_id`.
+- Metrics tags (if practical and already supported): include `correlation_id` as a label on per-sandbox metrics where cardinality is acceptable; otherwise, document why we avoid this and limit to logs/traces.
+- Examples: Update logging example(s) to print the sandbox `correlation_id()` to demonstrate usage.
+
+## Non-goals in this phase
+- Changing guest binaries or guest-side logging wire format.
+- Persisting correlation ID in snapshots beyond in-memory association (ID is already part of snapshot ownership via sandbox ID; do not serialize correlation ID unless needed).
+
+## API contract (public)
+- Keep the two getters as implemented; no additional public API required right now.
+- Avoid adding new types in public API unless justified.
+
+## Implementation guidelines
+- Use existing `tracing` integration. Prefer `#[instrument]` spans or manual spans with `correlation_id` as a field.
+- Keep correlation ID value as the hyphenated UUID string already generated. Do not regenerate after evolve.
+- Do not add new dependencies.
+- File touch points likely include:
+  - `src/hyperlight_host/src/sandbox/uninitialized.rs` (span at `new()`),
+  - `src/hyperlight_host/src/sandbox/uninitialized_evolve.rs` (span during evolve/initialization),
+  - `src/hyperlight_host/src/sandbox/initialized_multi_use.rs` (spans for `call()`, `snapshot()`, `restore()`, error paths),
+  - Possibly error/log helpers to append a structured `correlation_id` field.
+
+## Edge cases to consider
+- Multiple sandboxes created concurrently: ensure spans/fields don’t leak between instances.
+- Errors early in `new()` before correlation ID would be used elsewhere — still include `correlation_id` in emitted logs from that point onward.
+- Reused sandboxes: ID must remain stable.
+- Multi-threaded guest calls and interrupt handles: ensure context propagation does not require thread-local state; prefer explicit span entry.
+
+## Testing requirements
+- Unit tests:
+  - Correlation ID is present and non-empty on `UninitializedSandbox` and equals the one on `MultiUseSandbox` after evolve.
+  - Logs/traces for guest call include the expected `correlation_id` field (use existing tracing test harness patterns under `sandbox::uninitialized::tests::{test_trace_trace, test_log_trace}` as a model to assert fields; add analogous tests for guest calls).
+- Integration tests:
+  - Update a simple example or integration test to print correlation ID and verify basic behavior without changing guest artifacts.
+
+## Documentation updates
+- Add Rust documentation comments for the new getters (already present) explaining purpose.
+- Update docs/examples to show how to fetch and use the correlation ID.
+
+## How to build and run
+- Before tests: `just guests`
+- Build: `just build`
+- Tests: `just test` (or `just test-like-ci`)
+
+## Acceptance criteria
+- All tests pass (unit and integration) on Linux.
+- No new linter warnings in debug and release.
+- Correlation ID appears in tracing/log outputs for sandbox lifecycle and guest call paths, and remains consistent for the sandbox.
+
+## Reviewer checklist
+- Backwards compatibility preserved; no breaking API changes.
+- No new dependencies added.
+- Adequate tests added, including a minimal happy-path and at least one error-path assertion with `correlation_id` field present.
+- Logging/tracing fields are consistent and not duplicated; no span leaks across sandboxes.
+
+---
+
+Add more requirements below (product or engineering), or mark items as out of scope for this iteration:

Cargo.lock

@@ -0,0 +1,188 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+help() {
+  echo "Usage: $0 [options] <BASE> <BRANCH>"
+  echo ""
+  echo "Options:"
+  echo "  -a, --all-runs     Fetch logs for all workflow runs associated with the PR"
+  echo "  -f, --failed-only  Only download logs for failed jobs"
+  echo "  -L, --with-logs    Also download job logs (by default prints summary only)"
+  echo "  -h, --help         Show this help"
+  echo ""
+  echo "Arguments:"
+  echo "  BASE    Upstream repository as OWNER/REPO (e.g. hyperlight-dev/hyperlight) or a git remote name (e.g. upstream)"
+  echo "  BRANCH  Head branch selector for PR search: either 'owner:branch' or just 'branch'"
+  echo ""
+  echo "Examples"
+  echo ""
+  echo "    $0 hyperlight-dev/hyperlight dblnz:tracing-improvements"
+  echo "    $0 -a -f hyperlight-dev/hyperlight dblnz:tracing-improvements"
+}
+
+parse_args() {
+  ALL_RUNS=0
+  FAILED_ONLY=0
+  WITH_LOGS=0
+
+  # Parse options
+  while [[ "$1" == -* ]]; do
+    case "$1" in
+      -a|--all-runs) ALL_RUNS=1; shift ;;
+      -f|--failed-only) FAILED_ONLY=1; shift ;;
+      -L|--with-logs) WITH_LOGS=1; shift ;;
+      -h|--help) help; exit 0 ;;
+      *) echo "Unknown option: $1" >&2; help; exit 1 ;;
+    esac
+  done
+
+  BASE="$1"; shift || true
+  BRANCH="$1"; shift || true
+}
+
+pr_ci_logs_from_fork() {
+  local BASE="${1:-hyperlight-dev/hyperlight}"   # remote name or OWNER/REPO
+  local BRANCH="${2:-tracing-improvements}"
+  local ALL_RUNS_FLAG="${3:-0}"
+  local FAILED_ONLY_flag="${4:-0}"
+  local WITH_LOGS_flag="${5:-0}"
+
+  resolve_base_repo() {
+    local ref="$1"
+    if [[ "$ref" != */* ]]; then
+      local resolved
+      resolved=$(gh repo view "$ref" --json nameWithOwner --jq .nameWithOwner 2>/dev/null) || true
+      if [[ -n "$resolved" ]]; then
+        echo "$resolved"
+        return 0
+      fi
+    fi
+    echo "$ref"
+  }
+
+  find_pr_number() {
+    local base="$1" branch_q="$2"
+    gh pr list --repo "$base" --state all \
+      --search "$branch_q" \
+      --json number --jq '.[0].number'
+  }
+
+  get_pr_head_sha() {
+    local base="$1" pr="$2"
+    gh pr view "$pr" --repo "$base" --json headRefOid --jq .headRefOid
+  }
+
+  list_run_ids_all_commits() {
+    local base="$1" pr="$2"
+    gh api "repos/${base}/actions/runs" --paginate -f event=pull_request \
+      --jq ".workflow_runs[] | select(any(.pull_requests[]; .number == ${pr})) | .id"
+  }
+
+  list_run_ids_for_sha() {
+    local base="$1" sha="$2"
+    gh run list --repo "$base" --event pull_request --limit 200 \
+      --json databaseId,headSha,createdAt \
+      --jq "[.[] | select(.headSha==\"${sha}\")] | sort_by(.createdAt) | .[].databaseId"
+  }
+
+  summarize_run() {
+    local base="$1" rid="$2"
+    gh run view "$rid" --repo "$base" \
+      --json databaseId,headSha,headBranch,status,conclusion,url,jobs,createdAt,updatedAt \
+      --jq '{
+        run_id: .databaseId,
+        head_sha: .headSha,
+        head_branch: (.headBranch // null),
+        status: .status,
+        conclusion: .conclusion,
+        url: .url,
+        created_at: (.createdAt // null),
+        updated_at: (.updatedAt // null),
+        jobs: (.jobs | map({id:.databaseId, name, status, conclusion}))
+      }'
+  }
+
+  download_logs_for_summary() {
+    local base="$1" pr="$2" rid="$3" summary_json="$4" failed_only="$5"
+    echo "$summary_json" | jq '.jobs[]' > "pr${pr}-run${rid}-jobs.json"
+    local jq_filter
+    if [[ "$failed_only" == "1" ]]; then
+      jq_filter='.jobs[] | select(.conclusion=="failure") | [.id, .name] | @tsv'
+    else
+      jq_filter='.jobs[] | [.id, .name] | @tsv'
+    fi
+    echo "$summary_json" | jq -r "$jq_filter" | while IFS=$'\t' read -r jid name; do
+      [[ -z "$jid" ]] && continue
+      local safe
+      safe=$(echo "$name" | tr -cs '[:alnum:]._-' '-')
+      echo "Fetching log for job $jid ($name) from run $rid..." >&2
+      gh run view "$rid" --repo "$base" --job "$jid" --log > "pr${pr}-run${rid}-${safe}-${jid}.log"
+    done
+  }
+
+  aggregate_summaries() {
+    local sha="$1" tmp_file="$2" pr="$3"
+    local short_sha
+    short_sha=${sha:0:7}
+    if command -v jq >/dev/null 2>&1; then
+      jq -s '.' "$tmp_file" | tee "pr${pr}-sha${short_sha}-runs-summary.json"
+    else
+      {
+        echo '['
+        paste -sd, "$tmp_file"
+        echo ']'
+      } | tee "pr${pr}-sha${short_sha}-runs-summary.json"
+    fi
+  }
+
+  # Resolve repo reference
+  BASE=$(resolve_base_repo "$BASE")
+
+  # Find PR and head SHA
+  local pr sha run
+  pr=$(find_pr_number "$BASE" "$BRANCH") || return 1
+  [[ -z "$pr" ]] && { echo "No PR found for ${BRANCH} in $BASE" >&2; return 1; }
+  sha=$(get_pr_head_sha "$BASE" "$pr") || return 1
+
+  # Determine run ids
+  local run_ids=()
+  if [[ "$ALL_RUNS_FLAG" == "1" ]]; then
+    while IFS= read -r rid; do
+      [[ -n "$rid" ]] && run_ids+=("$rid")
+    done < <(list_run_ids_all_commits "$BASE" "$pr")
+  else
+    while IFS= read -r rid; do
+      [[ -n "$rid" ]] && run_ids+=("$rid")
+    done < <(list_run_ids_for_sha "$BASE" "$sha")
+    [[ ${#run_ids[@]} -eq 0 ]] && { echo "No workflow runs found for PR #$pr (sha $sha) in $BASE" >&2; return 1; }
+  fi
+
+  echo "Using $BASE PR #$pr, SHA $sha, runs (${#run_ids[@]}): ${run_ids[*]}" >&2
+
+  local rid
+  local tmp_summary_ndjson
+  tmp_summary_ndjson=$(mktemp)
+
+  for rid in "${run_ids[@]}"; do
+    echo "Inspecting run $rid" >&2
+    local summary
+    summary=$(summarize_run "$BASE" "$rid") || { echo "Failed to load run details for $rid" >&2; continue; }
+    echo "$summary" | tee "pr${pr}-run${rid}-summary.json" >/dev/null
+    echo "$summary" >> "$tmp_summary_ndjson"
+    if [[ "$WITH_LOGS_flag" == "1" ]]; then
+      download_logs_for_summary "$BASE" "$pr" "$rid" "$summary" "$FAILED_ONLY_flag"
+    fi
+  done
+
+  aggregate_summaries "$sha" "$tmp_summary_ndjson" "$pr"
+  rm -f "$tmp_summary_ndjson"
+}
+
+main() {
+  # Parse CLI arguments
+  parse_args $@
+
+  pr_ci_logs_from_fork "$BASE" "$BRANCH" "$ALL_RUNS" "$FAILED_ONLY" "$WITH_LOGS"
+}
+
+main $@

automate.sh

@@ -0,0 +1,9 @@
+
+file ./src/tests/rust_guests/bin/debug/simpleguest
+target remote :8080
+set disassembly-flavor intel
+set disassemble-next-line on
+enable pretty-printer
+layout regs
+layout src
+

gdb-cmds.txt

@@ -0,0 +1,9 @@
+lldb /path/to/executable -c /path/to/core/dump
+
+image list
+setting show target.source-map
+bt
+frame select 0
+source list
+
+disassemble --frame