byteor_pipeline_backings_shm/

sequenced_slots.rs

//! SequencedSlots (SingleRing substrate) over SHM.

use std::sync::Arc;

use core::sync::atomic::{AtomicBool, Ordering};

use byteor_pipeline_kernel::{LaneTx, LaneTxError};

use crate::{attach_sequenced_slots_region, AttachOptions, BackingError};

/// Errors returned by sequenced-slots operations.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum SequencedSlotsError {
    /// Ring is full (producer would wrap past the minimum gating sequence).
    Full,
    /// Attempted to publish out of order.
    BadPublish {
        /// Expected next publish sequence.
        expected: u64,
        /// Sequence that was attempted to be published.
        got: u64,
    },
    /// Consumer/stage attempted to move its gating sequence backwards.
    BadGating {
        /// Previous gating sequence.
        prev: u64,
        /// Proposed next gating sequence.
        next: u64,
    },
    /// Slot payload is too large for the fixed slot size.
    TooLarge {
        /// Maximum supported/available bytes.
        max: usize,
        /// Requested/observed bytes.
        len: usize,
    },
    /// Layout is incompatible or corrupt.
    Incompatible,

    /// Operation was interrupted by a cooperative stop request.
    Stopped,
}

impl core::fmt::Display for SequencedSlotsError {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        match self {
            SequencedSlotsError::Full => write!(f, "full"),
            SequencedSlotsError::BadPublish { expected, got } => {
                write!(f, "bad publish: expected={expected} got={got}")
            }
            SequencedSlotsError::BadGating { prev, next } => {
                write!(f, "bad gating: prev={prev} next={next}")
            }
            SequencedSlotsError::TooLarge { max, len } => {
                write!(f, "too large: max={max} len={len}")
            }
            SequencedSlotsError::Incompatible => write!(f, "incompatible"),
            SequencedSlotsError::Stopped => write!(f, "stopped"),
        }
    }
}

impl std::error::Error for SequencedSlotsError {}

#[inline]
pub(crate) fn wait_for_or_stop<
    B: ?Sized + byteor_pipeline_kernel::SeqBarrier,
    W: byteor_pipeline_kernel::WaitStrategy,
>(
    barrier: &B,
    seq: u64,
    wait: &mut W,
    stop: &AtomicBool,
) -> Result<(), SequencedSlotsError> {
    loop {
        if stop.load(Ordering::Relaxed) {
            return Err(SequencedSlotsError::Stopped);
        }
        if barrier.available() >= seq {
            return Ok(());
        }
        wait.wait();
    }
}

/// A shared handle to a mapped `SequencedSlotsLayout4` region.
pub struct ShmSequencedSlots {
    pub(crate) region: Arc<byteor_transport_shm::SequencedSlotsRegion<4>>,
    pub(crate) ptr: *mut byteor_abi::layouts::SequencedSlotsLayout<4>,
}

/// Minimal observability snapshot for SingleRing / sequenced-slots.
///
/// This is intentionally read-only and cheap to gather. It can be sampled without stopping
/// the pipeline.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct SingleRingSnapshot {
    /// Current producer cursor.
    pub cursor: u64,
    /// Per-stage/consumer gating sequences (Layout4).
    pub gating: [u64; 4],
}

impl SingleRingSnapshot {
    /// Compute `cursor - gating[stage]` (saturating).
    pub fn lag(&self, stage: usize) -> u64 {
        let g = self.gating.get(stage).copied().unwrap_or(0);
        self.cursor.saturating_sub(g)
    }

    /// Return the minimum gating sequence across the first `active` gating cells.
    ///
    /// If `active == 0`, returns `0`.
    pub fn min_gating(&self, active: usize) -> u64 {
        let active = active.min(self.gating.len());
        if active == 0 {
            return 0;
        }
        let mut min = u64::MAX;
        for &g in self.gating[..active].iter() {
            min = min.min(g);
        }
        if min == u64::MAX {
            0
        } else {
            min
        }
    }

    /// Compute `cursor - min_gating(active)` (saturating).
    pub fn min_lag(&self, active: usize) -> u64 {
        self.cursor.saturating_sub(self.min_gating(active))
    }

    /// Compute the producer wrap point for the next claim/publish.
    ///
    /// This corresponds to the producer's internal check:
    /// `wrap_point = (next_seq) - window_capacity`.
    ///
    /// When `wrap_point > min_gating(active)`, the producer is full.
    pub fn wrap_point(&self, window_capacity: u64) -> u64 {
        self.cursor
            .saturating_add(1)
            .saturating_sub(window_capacity)
    }

    /// Compute producer wrap pressure (saturating).
    ///
    /// Returns `wrap_point(window_capacity) - min_gating(active)` (saturating).
    ///
    /// - `0` means the producer can still claim/publish without wrapping past min-gating.
    /// - `>0` means the next claim would be blocked (`Full`).
    pub fn wrap_pressure(&self, active: usize, window_capacity: u64) -> u64 {
        self.wrap_point(window_capacity)
            .saturating_sub(self.min_gating(active))
    }

    /// Compute the number of in-flight sequences against the slowest (min) gating cell.
    pub fn outstanding(&self, active: usize) -> u64 {
        self.min_lag(active)
    }

    /// Compute remaining headroom before backpressure triggers (saturating).
    pub fn headroom(&self, active: usize, window_capacity: u64) -> u64 {
        window_capacity.saturating_sub(self.outstanding(active))
    }
}

unsafe impl Send for ShmSequencedSlots {}
unsafe impl Sync for ShmSequencedSlots {}

impl ShmSequencedSlots {
    /// Attach to a shared region (reusing the transport's validation).
    pub fn attach(opts: &AttachOptions, lane: &str) -> Result<Self, BackingError> {
        let region = attach_sequenced_slots_region(opts, lane)?;
        let ptr = region.as_ptr();
        Ok(Self {
            region: Arc::new(region),
            ptr,
        })
    }

    #[inline]
    pub(crate) fn layout_ptr(&self) -> *mut byteor_abi::layouts::SequencedSlotsLayout<4> {
        self.ptr
    }

    /// Snapshot cursor + gating sequences.
    pub fn snapshot(&self) -> SingleRingSnapshot {
        let layout = self.layout_ptr();
        unsafe {
            let cursor = crate::ss_internal::load_cursor(layout);
            let mut gating = [0u64; 4];
            for (i, g) in gating.iter_mut().enumerate() {
                *g = crate::ss_internal::atomic_u64(&(*layout).gating[i].seq)
                    .load(Ordering::Acquire);
            }
            SingleRingSnapshot { cursor, gating }
        }
    }

    /// Effective maximum number of outstanding sequences before producer backpressure triggers.
    ///
    /// This is currently `min(INDEXBUS_QUEUE_CAPACITY, INDEXBUS_SLOTS_CAPACITY)`.
    pub fn window_capacity(&self) -> u64 {
        crate::ss_internal::effective_window_capacity()
    }
}

/// Single-producer handle over `SequencedSlotsLayout4`.
///
/// v1: single-writer claim/publish (no MPMC claiming).
pub struct ShmSequencedSlotsProducer {
    shm: ShmSequencedSlots,
    ring_capacity: u64,
    window_capacity: u64,
    refcnt_on_publish: u32,
    active_gating: usize,
    next_to_claim: u64,
    next_to_publish: u64,
    cached_min_gating: u64,
}

impl ShmSequencedSlotsProducer {
    /// Attach a producer.
    ///
    /// `refcnt_on_publish` controls the slot refcount initialized for each published entry.
    /// - Use `1` for single-ring pipelines where only the final stage releases.
    /// - Use `k` for multicast scenarios with `k` independent consumers.
    pub fn attach(
        opts: &AttachOptions,
        lane: &str,
        refcnt_on_publish: u32,
        active_gating: usize,
    ) -> Result<Self, BackingError> {
        let shm = ShmSequencedSlots::attach(opts, lane)?;
        if refcnt_on_publish == 0 {
            return Err(BackingError::Invalid("refcnt_on_publish must be > 0"));
        }
        if active_gating == 0 || active_gating > 4 {
            return Err(BackingError::Invalid("active_gating must be 1..=4"));
        }

        let ring_capacity = crate::ss_internal::ring_capacity();
        let window_capacity = crate::ss_internal::effective_window_capacity();
        let cursor = unsafe { crate::ss_internal::load_cursor(shm.layout_ptr()) };
        let cached_min_gating =
            unsafe { crate::ss_internal::min_gating(shm.layout_ptr(), active_gating) };
        Ok(Self {
            shm,
            ring_capacity,
            window_capacity,
            refcnt_on_publish,
            active_gating,
            next_to_claim: cursor,
            next_to_publish: cursor.saturating_add(1),
            cached_min_gating,
        })
    }

    /// Maximum number of outstanding unpublished/ungated sequences permitted by this backing.
    ///
    /// This is currently `min(INDEXBUS_QUEUE_CAPACITY, INDEXBUS_SLOTS_CAPACITY)`.
    pub fn window_capacity(&self) -> u64 {
        self.window_capacity
    }

    /// Try to reserve the next sequence.
    pub fn try_claim_next(&mut self) -> Result<u64, SequencedSlotsError> {
        let next = self.next_to_claim.saturating_add(1);
        let wrap_point = next.saturating_sub(self.window_capacity);
        if wrap_point > self.cached_min_gating {
            let min_gating = unsafe {
                crate::ss_internal::min_gating(self.shm.layout_ptr(), self.active_gating)
            };
            self.cached_min_gating = min_gating;
            if wrap_point > min_gating {
                return Err(SequencedSlotsError::Full);
            }
        }
        self.next_to_claim = next;
        Ok(next)
    }

    /// Publish bytes as the next sequenced entry.
    pub fn publish_bytes(&mut self, bytes: &[u8]) -> Result<u64, SequencedSlotsError> {
        if bytes.len() > indexbus_core::INDEXBUS_SLOT_DATA_SIZE {
            return Err(SequencedSlotsError::TooLarge {
                max: indexbus_core::INDEXBUS_SLOT_DATA_SIZE,
                len: bytes.len(),
            });
        }

        let seq = self.try_claim_next()?;
        self.publish_claimed_with(seq, |slot_bytes| {
            slot_bytes[..bytes.len()].copy_from_slice(bytes);
            Ok(bytes.len())
        })
    }

    /// Publish a previously-claimed sequence by writing into the slot buffer.
    pub fn publish_claimed_with<F>(&mut self, seq: u64, f: F) -> Result<u64, SequencedSlotsError>
    where
        F: FnOnce(&mut [u8]) -> Result<usize, SequencedSlotsError>,
    {
        if seq != self.next_to_publish {
            return Err(SequencedSlotsError::BadPublish {
                expected: self.next_to_publish,
                got: seq,
            });
        }

        let layout = self.shm.layout_ptr();
        let pool = unsafe { core::ptr::addr_of_mut!((*layout).slot_pool) };
        let slot_idx =
            unsafe { crate::ss_internal::pool_alloc_ptr(pool) }.ok_or(SequencedSlotsError::Full)?;

        let wrote = unsafe {
            let s = &mut *core::ptr::addr_of_mut!((*pool).slots[slot_idx as usize]);
            crate::ss_internal::atomic_u32(&s.refcnt)
                .store(self.refcnt_on_publish, Ordering::Release);
            let len = f(&mut s.data)?;
            if len > indexbus_core::INDEXBUS_SLOT_DATA_SIZE {
                crate::ss_internal::slot_dec_refcnt_and_free_if_zero(pool, slot_idx);
                return Err(SequencedSlotsError::TooLarge {
                    max: indexbus_core::INDEXBUS_SLOT_DATA_SIZE,
                    len,
                });
            }
            s.len = len as u32;
            len
        };

        let _ = wrote;
        let ring_idx = (seq % self.ring_capacity) as usize;
        unsafe {
            crate::ss_internal::atomic_u32(&(*layout).ring[ring_idx])
                .store(slot_idx, Ordering::Release);
            crate::ss_internal::publish_cursor(layout, seq);
        }

        self.next_to_publish = self.next_to_publish.saturating_add(1);
        Ok(seq)
    }
}

impl LaneTx for ShmSequencedSlotsProducer {
    fn publish(&mut self, msg: &[u8]) -> Result<(), LaneTxError> {
        self.publish_bytes(msg).map(|_| ()).map_err(|e| match e {
            SequencedSlotsError::Full => LaneTxError::Full,
            SequencedSlotsError::TooLarge { max, len } => LaneTxError::TooLarge { max, len },
            _ => LaneTxError::Failed,
        })
    }
}