indexbus_abi/

header.rs

use core::cell::UnsafeCell;

/// Shared-memory layout header for ABI/version checks.
///
/// Keep this at the start of any region you expect to map across processes (and potentially
/// across versions).
#[repr(C)]
#[derive(Copy, Clone)]
pub struct LayoutHeader {
    /// Magic value identifying an IndexBus-mapped region.
    pub magic: u32,
    /// ABI version number.
    pub version: u16,
    /// Layout flags (reserved for future use).
    pub flags: u16,
    /// Capability bitset indicating which optional features/sections are present.
    pub capabilities: u32,
    /// v1: total size in bytes of the shared layout that starts with this header.
    ///
    /// Initializers should set this to the full byte length of the mapped layout they created.
    /// Consumers should validate that their mapping is at least this length before accessing
    /// appended sections.
    pub layout_bytes: u32,
}

/// Magic used to identify IndexBus-mapped regions.
///
/// Encodes the ASCII bytes `IBUS`.
pub const INDEXBUS_MAGIC_IBUS: u32 = 0x5355_4249; // 'IBUS'

/// ABI version number for IndexBus v1.
pub const INDEXBUS_ABI_VERSION_1: u16 = 1;

impl LayoutHeader {
    const MAGIC_INDEXBUS: u32 = INDEXBUS_MAGIC_IBUS;
    const VERSION_1: u16 = INDEXBUS_ABI_VERSION_1;

    #[inline]
    /// Construct a v1 header with `layout_bytes` left as 0.
    ///
    /// Initializers should fill `layout_bytes` after they know the full mapping length.
    pub const fn new_v1(capabilities: u32, flags: u16) -> Self {
        Self {
            magic: Self::MAGIC_INDEXBUS,
            version: Self::VERSION_1,
            flags,
            capabilities,
            layout_bytes: 0,
        }
    }

    #[inline]
    /// Construct a v1 header with an explicit `layout_bytes` value.
    pub const fn new_v1_with_layout_bytes(
        capabilities: u32,
        flags: u16,
        layout_bytes: u32,
    ) -> Self {
        Self {
            magic: Self::MAGIC_INDEXBUS,
            version: Self::VERSION_1,
            flags,
            capabilities,
            layout_bytes,
        }
    }

    #[inline]
    /// Returns `true` if this header matches the v1 magic and version.
    ///
    /// This only checks the ABI identifier and version. Callers should separately validate
    /// `layout_bytes` and required `capabilities`.
    pub const fn is_compatible_v1(&self) -> bool {
        self.magic == Self::MAGIC_INDEXBUS && self.version == Self::VERSION_1
    }
}

/// Capability bits stored in `LayoutHeader::capabilities`.
pub mod caps {
    /// Region supports the shared events queues (SPSC + MPSC).
    pub const INDEXBUS_CAP_SUPPORTS_EVENTS: u32 = 1u32 << 0;
    /// Region supports the state stream layout.
    pub const INDEXBUS_CAP_SUPPORTS_STATE: u32 = 1u32 << 1;
    /// Region supports fanout queues.
    pub const INDEXBUS_CAP_SUPPORTS_FANOUT: u32 = 1u32 << 2;
    /// Region has an appended wake section suitable for OS blocking.
    pub const INDEXBUS_CAP_SUPPORTS_BLOCKING: u32 = 1u32 << 3;

    /// Sequencer region: sequencer + gating sequences (new region type).
    pub const INDEXBUS_CAP_SUPPORTS_SEQUENCER: u32 = 1u32 << 4;

    /// Journal region: replayable append-only journal (new region type).
    pub const INDEXBUS_CAP_SUPPORTS_JOURNAL: u32 = 1u32 << 5;

    /// Optional appended stats/counters section for journal regions.
    pub const INDEXBUS_CAP_SUPPORTS_JOURNAL_STATS: u32 = 1u32 << 6;
}

/// Layout flag bits stored in `LayoutHeader::flags`.
///
/// v1 guidance:
/// - `flags` are not capability bits; they should be used for **disambiguation** and metadata.
/// - The low 8 bits are reserved for a **region kind** discriminator so tools can classify a
///   mapping without guessing from capability combinations.
pub mod flags {
    /// Mask for the low 8 bits containing the region kind discriminator.
    pub const INDEXBUS_FLAGS_REGION_KIND_MASK: u16 = 0x00ff;

    /// `LayoutHeader.flags` kind value: shared events region (`layouts::SharedLayout`).
    pub const INDEXBUS_REGION_KIND_EVENTS: u16 = 1;
    /// `LayoutHeader.flags` kind value: fanout events region (`layouts::SharedFanoutLayout4`).
    pub const INDEXBUS_REGION_KIND_FANOUT: u16 = 2;
    /// `LayoutHeader.flags` kind value: state region (`layouts::StateLayout256`).
    pub const INDEXBUS_REGION_KIND_STATE: u16 = 3;
    /// `LayoutHeader.flags` kind value: sequencer region (`layouts::SequencerLayout4`).
    pub const INDEXBUS_REGION_KIND_SEQUENCER: u16 = 4;
    /// `LayoutHeader.flags` kind value: journal region (`layouts::JournalLayout4`).
    pub const INDEXBUS_REGION_KIND_JOURNAL: u16 = 5;

    #[inline]
    /// Extract the region kind discriminator from `LayoutHeader.flags`.
    pub const fn region_kind(flags: u16) -> u16 {
        flags & INDEXBUS_FLAGS_REGION_KIND_MASK
    }
}

/// ABI atomics are represented as integer-backed newtypes in layout structs.
///
/// Why this exists:
/// - The ABI needs C-friendly integer storage.
/// - Rust needs an interior-mutability marker so atomic ops don't violate aliasing rules.
///
/// Contract:
/// - Atomic operations are performed at the address of the inner integer.
/// - Size/alignment must match `AtomicU32`/`AtomicU64` on the platform.
///
/// When the containing layout is accessed concurrently, callers should treat these fields as
/// atomic storage and avoid non-atomic reads/writes to the inner integer.
///
#[repr(transparent)]
/// Integer-backed ABI atomic `u32`.
pub struct IndexbusAtomicU32(UnsafeCell<u32>);

#[repr(transparent)]
/// Integer-backed ABI atomic `u64`.
pub struct IndexbusAtomicU64(UnsafeCell<u64>);

impl IndexbusAtomicU32 {
    #[inline]
    /// Construct an ABI atomic with an initial value.
    pub const fn new(value: u32) -> Self {
        Self(UnsafeCell::new(value))
    }
}

impl IndexbusAtomicU64 {
    #[inline]
    /// Construct an ABI atomic with an initial value.
    pub const fn new(value: u64) -> Self {
        Self(UnsafeCell::new(value))
    }
}

// These types are used in shared-memory layouts and are accessed via atomics.
// They must be Send+Sync to allow the *containing* layout to be shared across threads.
unsafe impl Send for IndexbusAtomicU32 {}
unsafe impl Sync for IndexbusAtomicU32 {}
unsafe impl Send for IndexbusAtomicU64 {}
unsafe impl Sync for IndexbusAtomicU64 {}

// ABI contract checks for integer-backed atomics.
//
// If these fail, the layout cannot be safely accessed using Rust atomics at the same address.
#[allow(dead_code)]
const _: () = {
    use core::mem::{align_of, size_of};
    use core::sync::atomic::{AtomicU32, AtomicU64};

    assert!(size_of::<IndexbusAtomicU32>() == size_of::<AtomicU32>());
    assert!(align_of::<IndexbusAtomicU32>() == align_of::<AtomicU32>());

    assert!(size_of::<IndexbusAtomicU64>() == size_of::<AtomicU64>());
    assert!(align_of::<IndexbusAtomicU64>() == align_of::<AtomicU64>());
};

// Compile-time ABI sanity checks.
#[allow(dead_code)]
const _LAYOUT_HEADER_SIZE_CHECK: [u8; 16] = [0u8; core::mem::size_of::<LayoutHeader>()];