grafos_locator/

handoff.rs

//! Handoff records: durable writer/reader for locator rendezvous.
//!
//! A [`HandoffWriter`] publishes locators with monotonically increasing
//! [`FenceEpoch`] generations to block storage. A [`HandoffReader`] polls
//! the same block storage and detects when a new generation has been written.
//!
//! The underlying persistence uses the same checkpoint shape as
//! `grafos-collections` durable snapshots: a header block followed by
//! postcard-serialized data blocks.
//!
//! # Fail-closed
//!
//! Corrupt or unreadable records cause the reader to return an error, never
//! a stale or default value.

extern crate alloc;
use alloc::vec::Vec;

use grafos_fence::FenceEpoch;
use grafos_std::block::{BlockLease, FabricBlock, BLOCK_SIZE};
use grafos_std::error::{FabricError, Result};
use serde::{de::DeserializeOwned, Deserialize, Serialize};

/// Durable checkpoint constants (matching grafos-collections Durable format).
const MAGIC: [u8; 4] = *b"DCHK";
const DURABLE_VERSION: u32 = 1;
const HEADER_BLOCK: u64 = 0;
const DATA_START_BLOCK: u64 = 1;

/// The state persisted to block storage by [`HandoffWriter`].
///
/// Contains the locator value, a monotonic generation counter, and a
/// stage identifier for multi-phase handoff protocols.
#[derive(Clone, Debug, PartialEq, Serialize, Deserialize)]
pub struct HandoffState<T> {
    /// Logical stage identifier for multi-stage workflows.
    pub stage_id: u64,
    /// Monotonic generation used for stale-state rejection.
    pub generation: FenceEpoch,
    /// Published locator payload.
    pub locator: T,
}

/// Checkpoint a `HandoffState<T>` to a `FabricBlock` handle using the Durable
/// format (header block + postcard data blocks).
fn checkpoint_to_block<T: Serialize>(state: &HandoffState<T>, blk: &FabricBlock) -> Result<()> {
    let data = postcard::to_allocvec(state).map_err(|_| FabricError::IoError(-1))?;
    let data_len = data.len() as u64;

    // Write header block
    let mut header = [0u8; BLOCK_SIZE];
    header[0..4].copy_from_slice(&MAGIC);
    header[4..8].copy_from_slice(&DURABLE_VERSION.to_le_bytes());
    header[8..16].copy_from_slice(&data_len.to_le_bytes());
    blk.write_block(HEADER_BLOCK, &header)?;

    // Write data blocks
    let num_blocks = data.len().div_ceil(BLOCK_SIZE);
    let available = blk.num_blocks() as usize;
    if num_blocks + 1 > available {
        return Err(FabricError::CapacityExceeded);
    }

    for i in 0..num_blocks {
        let start = i * BLOCK_SIZE;
        let end = core::cmp::min(start + BLOCK_SIZE, data.len());
        let mut block = [0u8; BLOCK_SIZE];
        block[..end - start].copy_from_slice(&data[start..end]);
        blk.write_block(DATA_START_BLOCK + i as u64, &block)?;
    }

    Ok(())
}

/// Restore a `HandoffState<T>` from a `FabricBlock` handle using the Durable
/// format. Returns an error on corrupt data (fail closed).
fn restore_from_block<T: DeserializeOwned>(blk: &FabricBlock) -> Result<HandoffState<T>> {
    let header = blk.read_block(HEADER_BLOCK)?;

    if header[0..4] != MAGIC {
        return Err(FabricError::IoError(-2));
    }
    let version = u32::from_le_bytes([header[4], header[5], header[6], header[7]]);
    if version != DURABLE_VERSION {
        return Err(FabricError::IoError(-3));
    }
    let data_len = u64::from_le_bytes([
        header[8], header[9], header[10], header[11], header[12], header[13], header[14],
        header[15],
    ]) as usize;

    let num_blocks = data_len.div_ceil(BLOCK_SIZE);
    let mut data = Vec::with_capacity(data_len);
    for i in 0..num_blocks {
        let block = blk.read_block(DATA_START_BLOCK + i as u64)?;
        let remaining = data_len - data.len();
        let take = core::cmp::min(BLOCK_SIZE, remaining);
        data.extend_from_slice(&block[..take]);
    }

    postcard::from_bytes(&data).map_err(|_| FabricError::IoError(-1))
}

/// Writes locator handoff records to block storage.
///
/// Each [`publish`](HandoffWriter::publish) call bumps the generation,
/// updates the locator, and checkpoints the state to the underlying
/// [`BlockLease`].
///
/// # Example
///
/// ```rust,no_run
/// use grafos_locator::handoff::{HandoffWriter, HandoffState};
/// use grafos_locator::locator::QueueLocator;
/// use grafos_fence::FenceEpoch;
/// use grafos_std::block::BlockBuilder;
///
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbbu_num_blocks(64);
/// let lease = BlockBuilder::new().acquire().unwrap();
/// let initial = QueueLocator::new(1, 0, 0);
/// let mut writer = HandoffWriter::new(
///     HandoffState { stage_id: 0, generation: FenceEpoch::zero(), locator: initial },
///     lease,
/// );
/// let new_loc = QueueLocator::new(2, 512, 1);
/// let gen = writer.publish(new_loc).unwrap();
/// assert_eq!(gen.value(), 1);
/// ```
pub struct HandoffWriter<T> {
    state: HandoffState<T>,
    block_lease: BlockLease,
}

impl<T: Serialize + DeserializeOwned> HandoffWriter<T> {
    /// Create a new handoff writer with the given initial state.
    ///
    /// Does **not** checkpoint the initial state to disk. Call
    /// [`publish`](Self::publish) to persist.
    pub fn new(state: HandoffState<T>, block_lease: BlockLease) -> Self {
        Self { state, block_lease }
    }

    /// Publish a new locator, bumping the generation and checkpointing to
    /// block storage.
    ///
    /// Returns the new [`FenceEpoch`] after the bump.
    ///
    /// # Errors
    ///
    /// Propagates block I/O or serialization errors.
    pub fn publish(&mut self, new_locator: T) -> Result<FenceEpoch> {
        self.state.generation = self.state.generation.bump();
        self.state.locator = new_locator;
        checkpoint_to_block(&self.state, self.block_lease.block())?;
        Ok(self.state.generation)
    }

    /// Returns the current generation.
    pub fn generation(&self) -> FenceEpoch {
        self.state.generation
    }

    /// Returns a reference to the current locator.
    pub fn current_locator(&self) -> &T {
        &self.state.locator
    }

    /// Consume the writer and return the underlying block lease.
    ///
    /// This allows transferring the lease to a [`HandoffReader`] so that
    /// both sides access the same underlying block storage.
    pub fn into_block_lease(self) -> BlockLease {
        self.block_lease
    }
}

/// Reads locator handoff records from block storage.
///
/// Each [`poll`](HandoffReader::poll) call reads the block lease, deserializes
/// the handoff state, and returns `Some(state)` if the generation has changed
/// since the last successful poll.
///
/// # Fail-closed
///
/// If the block data is corrupt or deserialization fails, `poll` returns an
/// error — never a stale or default value.
///
/// # Example
///
/// ```rust,no_run
/// use grafos_locator::handoff::HandoffReader;
/// use grafos_locator::locator::QueueLocator;
/// use grafos_std::block::BlockBuilder;
///
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbbu_num_blocks(64);
/// let lease = BlockBuilder::new().acquire().unwrap();
/// let mut reader: HandoffReader<QueueLocator> = HandoffReader::new(lease);
/// match reader.poll() {
///     Ok(Some(state)) => println!("new locator: {:?}", state.locator),
///     Ok(None) => println!("no change"),
///     Err(e) => println!("read error: {e}"),
/// }
/// ```
pub struct HandoffReader<T> {
    block_lease: BlockLease,
    last_generation: Option<FenceEpoch>,
    last_locator: Option<T>,
}

impl<T: Serialize + DeserializeOwned + Clone> HandoffReader<T> {
    /// Create a new handoff reader attached to the given block lease.
    pub fn new(block_lease: BlockLease) -> Self {
        Self {
            block_lease,
            last_generation: None,
            last_locator: None,
        }
    }

    /// Poll the block storage for a new handoff state.
    ///
    /// Returns `Ok(Some(state))` if the generation has changed since the
    /// last successful poll, `Ok(None)` if unchanged, or `Err` on I/O or
    /// deserialization failure.
    pub fn poll(&mut self) -> Result<Option<HandoffState<T>>> {
        let state: HandoffState<T> = restore_from_block(self.block_lease.block())?;

        if self.last_generation == Some(state.generation) {
            return Ok(None);
        }

        self.last_generation = Some(state.generation);
        self.last_locator = Some(state.locator.clone());

        Ok(Some(state))
    }

    /// Returns `true` if the last [`poll`](Self::poll) returned a new generation.
    pub fn changed(&self) -> bool {
        self.last_generation.is_some()
    }

    /// Returns the last generation seen by [`poll`](Self::poll), if any.
    pub fn last_generation(&self) -> Option<FenceEpoch> {
        self.last_generation
    }

    /// Returns a reference to the last locator seen by [`poll`](Self::poll), if any.
    pub fn last_locator(&self) -> Option<&T> {
        self.last_locator.as_ref()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::locator::{MemRegionLocator, QueueLocator, RpcArenaLocator};
    use grafos_std::block::BlockBuilder;
    use grafos_std::host;

    fn setup_block(num_blocks: u64) -> BlockLease {
        host::reset_mock();
        host::mock_set_fbbu_num_blocks(num_blocks);
        BlockBuilder::new().acquire().expect("acquire")
    }

    #[test]
    fn publish_bumps_generation() {
        let lease = setup_block(64);
        let initial = QueueLocator::new(1, 0, 0);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        assert_eq!(writer.generation(), FenceEpoch::zero());

        let new_loc = QueueLocator::new(2, 512, 1);
        let gen = writer.publish(new_loc).expect("publish");
        assert_eq!(gen, FenceEpoch::new(1));
        assert_eq!(writer.generation(), FenceEpoch::new(1));
    }

    #[test]
    fn reader_detects_change() {
        let lease = setup_block(64);
        let initial = QueueLocator::new(1, 0, 0);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        let loc = QueueLocator::new(1, 0, 0);
        writer.publish(loc).expect("publish");

        // Transfer the block lease from writer to reader (same lease_id,
        // same underlying block data in the mock).
        let reader_lease = writer.into_block_lease();
        let mut reader: HandoffReader<QueueLocator> = HandoffReader::new(reader_lease);

        let result = reader.poll().expect("poll");
        assert!(result.is_some());
        let state = result.unwrap();
        assert_eq!(state.generation, FenceEpoch::new(1));
        assert_eq!(state.locator.lease_id, 1);
    }

    #[test]
    fn reader_returns_none_when_no_change() {
        let lease = setup_block(64);
        let initial = QueueLocator::new(1, 0, 0);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        writer.publish(QueueLocator::new(1, 0, 0)).expect("publish");

        let reader_lease = writer.into_block_lease();
        let mut reader: HandoffReader<QueueLocator> = HandoffReader::new(reader_lease);

        // First poll sees the change
        let result = reader.poll().expect("poll 1");
        assert!(result.is_some());

        // Second poll with same generation returns None
        let result = reader.poll().expect("poll 2");
        assert!(result.is_none());
    }

    #[test]
    fn multiple_publishes_monotonic_generation() {
        let lease = setup_block(64);
        let initial = MemRegionLocator::new(1, 0, 1024);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        let g1 = writer
            .publish(MemRegionLocator::new(1, 0, 2048))
            .expect("publish 1");
        let g2 = writer
            .publish(MemRegionLocator::new(1, 0, 4096))
            .expect("publish 2");
        let g3 = writer
            .publish(MemRegionLocator::new(2, 0, 1024))
            .expect("publish 3");

        assert!(g2.is_newer(&g1));
        assert!(g3.is_newer(&g2));
        assert_eq!(g1.value(), 1);
        assert_eq!(g2.value(), 2);
        assert_eq!(g3.value(), 3);
    }

    #[test]
    fn corrupt_record_returns_error() {
        let lease = setup_block(64);
        // Write garbage to block 0 (corrupt the Durable header)
        let mut garbage = [0u8; BLOCK_SIZE];
        garbage[0..4].copy_from_slice(b"BAAD");
        lease.block().write_block(0, &garbage).expect("write");

        let mut reader: HandoffReader<QueueLocator> = HandoffReader::new(lease);

        let result = reader.poll();
        assert!(result.is_err());
    }

    #[test]
    fn current_locator_reflects_publish() {
        let lease = setup_block(64);
        let initial = RpcArenaLocator::new(1, 0, 4096, 0);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        assert_eq!(writer.current_locator().request_offset, 0);

        let new_loc = RpcArenaLocator::new(1, 1024, 8192, 1);
        writer.publish(new_loc).expect("publish");

        assert_eq!(writer.current_locator().request_offset, 1024);
        assert_eq!(writer.current_locator().response_offset, 8192);
    }

    #[test]
    fn reader_last_locator_and_generation() {
        let lease = setup_block(64);
        let initial = QueueLocator::new(1, 0, 0);
        let mut writer = HandoffWriter::new(
            HandoffState {
                stage_id: 0,
                generation: FenceEpoch::zero(),
                locator: initial,
            },
            lease,
        );

        writer
            .publish(QueueLocator::new(42, 256, 7))
            .expect("publish");

        let reader_lease = writer.into_block_lease();
        let mut reader: HandoffReader<QueueLocator> = HandoffReader::new(reader_lease);

        // Before first poll
        assert!(reader.last_generation().is_none());
        assert!(reader.last_locator().is_none());

        reader.poll().expect("poll");

        assert_eq!(reader.last_generation(), Some(FenceEpoch::new(1)));
        let loc = reader.last_locator().unwrap();
        assert_eq!(loc.lease_id, 42);
        assert_eq!(loc.base_offset, 256);
    }

    #[test]
    fn handoff_state_serialization_roundtrip() {
        let state = HandoffState {
            stage_id: 99,
            generation: FenceEpoch::new(7),
            locator: MemRegionLocator::new(0xABCD, 128, 512),
        };
        let bytes = postcard::to_allocvec(&state).expect("serialize");
        let decoded: HandoffState<MemRegionLocator> =
            postcard::from_bytes(&bytes).expect("deserialize");
        assert_eq!(state, decoded);
    }
}