grafos_std/

mem.rs

//! Safe wrappers for FBMU (Fabric Bootstrap Memory Unit) host functions.
//!
//! This module provides byte-addressable fabric memory access through the
//! FBMU data-plane protocol. The primary type is [`FabricMem`], which wraps
//! the raw host function calls with a safe Rust API.
//!
//! # Usage
//!
//! ```rust
//! use grafos_std::mem::FabricMem;
//!
//! # grafos_std::host::reset_mock();
//! # grafos_std::host::mock_set_fbmu_arena_size(4096);
//! let mem = FabricMem::hello()?;
//! mem.write(0, b"hello fabric")?;
//! let data = mem.read(0, 12)?;
//! assert_eq!(&data, b"hello fabric");
//! # Ok::<(), grafos_std::FabricError>(())
//! ```
//!
//! For capacity-checked allocation, use [`MemBuilder`]:
//!
//! ```rust
//! use grafos_std::mem::MemBuilder;
//!
//! # grafos_std::host::reset_mock();
//! # grafos_std::host::mock_set_fbmu_arena_size(8192);
//! let lease = MemBuilder::new().min_bytes(4096).acquire()?;
//! lease.mem().write(0, &[42; 100])?;
//! # Ok::<(), grafos_std::FabricError>(())
//! ```

extern crate alloc;
use alloc::vec;
use alloc::vec::Vec;

use crate::error::{FabricError, Result};
use crate::host;
use crate::lease::{self, LeaseInfo, LeaseStatus, SharedLeaseState};

const LEASE_TAG_MEM: u8 = 0x01;

fn lease_status_from_host(code: u8) -> LeaseStatus {
    match code {
        host::LEASE_STATUS_ACTIVE => LeaseStatus::Active,
        host::LEASE_STATUS_EXPIRED => LeaseStatus::Expired,
        host::LEASE_STATUS_REVOKED => LeaseStatus::Revoked,
        _ => LeaseStatus::Revoked,
    }
}

fn sync_state_from_host(state: &SharedLeaseState, info: &host::FbmuLeaseInfo) {
    lease::set_expires_at_unix_secs(state, info.expires_at_unix_secs);
    lease::set_status(state, lease_status_from_host(info.status));
}

/// Safe handle to fabric memory via FBMU host functions.
///
/// Created by [`FabricMem::hello`], which performs the FBMU HELLO handshake
/// to establish a memory data-plane session. Once created, the handle can
/// be used for byte-addressable reads and writes within the arena.
///
/// # Examples
///
/// ```rust
/// use grafos_std::mem::FabricMem;
///
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbmu_arena_size(4096);
/// let mem = FabricMem::hello()?;
///
/// // Write and read back
/// mem.write(0, b"test data")?;
/// let data = mem.read(0, 9)?;
/// assert_eq!(&data, b"test data");
///
/// // Check arena capacity
/// let size = mem.arena_size()?;
/// assert_eq!(size, 4096);
/// # Ok::<(), grafos_std::FabricError>(())
/// ```
#[derive(Debug)]
pub struct FabricMem {
    lease_state: Option<SharedLeaseState>,
    host_lease_id: Option<u128>,
}

impl FabricMem {
    /// Perform the FBMU HELLO handshake and return a memory handle.
    ///
    /// This establishes the memory data-plane session with the host. On
    /// WASM targets, this calls the real `fbmu_hello` host import. On
    /// native targets, it initializes the mock state.
    ///
    /// # Errors
    ///
    /// - [`FabricError::Disconnected`] if the host connection is unavailable.
    /// - Other [`FabricError`] variants based on the host status code.
    pub fn hello() -> Result<FabricMem> {
        host::fbmu_hello()?;
        Ok(FabricMem {
            lease_state: None,
            host_lease_id: None,
        })
    }

    /// Write `data` at the given byte offset in the arena.
    ///
    /// # Errors
    ///
    /// Returns a [`FabricError`] if the host reports a write failure.
    pub fn write(&self, offset: u64, data: &[u8]) -> Result<()> {
        #[cfg(feature = "observe")]
        let start = std::time::Instant::now();
        let result = if let Some(lease_id) = self.host_lease_id {
            if let Some(state) = &self.lease_state {
                let info = host::fbmu_query(lease_id)?;
                sync_state_from_host(state, &info);
                lease::ensure_active(state)?;
            }
            host::fbmu_write_lease(lease_id, offset, data)
        } else {
            if let Some(state) = &self.lease_state {
                lease::ensure_active(state)?;
            }
            host::fbmu_write(offset, data)
        };
        #[cfg(feature = "observe")]
        match &result {
            Ok(()) => {
                let duration_us = start.elapsed().as_micros() as u64;
                crate::observe_hooks::on_mem_write(data.len() as u64);
                crate::observe_hooks::on_op_completed(
                    grafos_observe::OpType::Write,
                    duration_us,
                    data.len() as u64,
                );
            }
            Err(e) => {
                crate::observe_hooks::on_op_error();
                crate::observe_hooks::on_op_failed(
                    grafos_observe::OpType::Write,
                    &alloc::format!("{e:?}"),
                );
            }
        }
        result
    }

    /// Read `len` bytes starting at `offset` from the arena.
    ///
    /// Returns a `Vec<u8>` containing the data read. The returned vector
    /// may be shorter than `len` if the host returned fewer bytes.
    ///
    /// # Errors
    ///
    /// Returns a [`FabricError`] if the host reports a read failure.
    pub fn read(&self, offset: u64, len: u32) -> Result<Vec<u8>> {
        #[cfg(feature = "observe")]
        let start = std::time::Instant::now();
        let result = if let Some(lease_id) = self.host_lease_id {
            if let Some(state) = &self.lease_state {
                let info = host::fbmu_query(lease_id)?;
                sync_state_from_host(state, &info);
                lease::ensure_active(state)?;
            }
            let mut buf = vec![0u8; len as usize];
            let n = host::fbmu_read_lease(lease_id, offset, &mut buf)?;
            buf.truncate(n);
            Ok(buf)
        } else {
            if let Some(state) = &self.lease_state {
                lease::ensure_active(state)?;
            }
            let mut buf = vec![0u8; len as usize];
            let n = host::fbmu_read(offset, &mut buf)?;
            buf.truncate(n);
            Ok(buf)
        };
        #[cfg(feature = "observe")]
        match &result {
            Ok(buf) => {
                let duration_us = start.elapsed().as_micros() as u64;
                crate::observe_hooks::on_mem_read(buf.len() as u64);
                crate::observe_hooks::on_op_completed(
                    grafos_observe::OpType::Read,
                    duration_us,
                    buf.len() as u64,
                );
            }
            Err(e) => {
                crate::observe_hooks::on_op_error();
                crate::observe_hooks::on_op_failed(
                    grafos_observe::OpType::Read,
                    &alloc::format!("{e:?}"),
                );
            }
        }
        result
    }

    /// Query the total arena size in bytes.
    ///
    /// # Errors
    ///
    /// Returns [`FabricError::IoError`] if the host returns a negative value.
    pub fn arena_size(&self) -> Result<u64> {
        if let Some(lease_id) = self.host_lease_id {
            let info = host::fbmu_query(lease_id)?;
            if let Some(state) = &self.lease_state {
                sync_state_from_host(state, &info);
            }
            Ok(info.arena_size)
        } else {
            host::fbmu_get_arena_size()
        }
    }
}

/// A memory lease that auto-frees on drop.
///
/// Wraps a [`FabricMem`] handle with RAII lifecycle management. When the
/// `MemLease` is dropped, the underlying resource will be released (once
/// the host provides an explicit `fbmu_free()` call).
///
/// Created via [`MemBuilder::acquire`].
///
/// # Examples
///
/// ```rust
/// use grafos_std::mem::MemBuilder;
///
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbmu_arena_size(8192);
/// let lease = MemBuilder::new().min_bytes(4096).acquire()?;
/// lease.mem().write(0, b"leased memory")?;
/// // lease is freed when it goes out of scope
/// # Ok::<(), grafos_std::FabricError>(())
/// ```
#[derive(Debug)]
pub struct MemLease {
    state: SharedLeaseState,
    mem: FabricMem,
    _size: u64,
}

impl MemLease {
    fn sync_from_host(&self) {
        let Some(lease_id) = self.mem.host_lease_id else {
            return;
        };
        if let Ok(info) = host::fbmu_query(lease_id) {
            sync_state_from_host(&self.state, &info);
        }
    }

    /// Access the underlying [`FabricMem`] handle for I/O operations.
    pub fn mem(&self) -> &FabricMem {
        &self.mem
    }

    /// Lease metadata snapshot (id, creation time, expiry, and status).
    pub fn info(&self) -> LeaseInfo {
        self.sync_from_host();
        lease::info(&self.state)
    }

    /// Unique lease identifier.
    pub fn lease_id(&self) -> u128 {
        lease::lease_id(&self.state)
    }

    /// Lease creation timestamp (unix seconds).
    pub fn created_at_unix_secs(&self) -> u64 {
        lease::created_at_unix_secs(&self.state)
    }

    /// Lease expiry timestamp (unix seconds).
    pub fn expires_at_unix_secs(&self) -> u64 {
        self.sync_from_host();
        lease::expires_at_unix_secs(&self.state)
    }

    /// Current lease status.
    pub fn status(&self) -> LeaseStatus {
        self.sync_from_host();
        lease::status(&self.state)
    }

    /// Renew the lease TTL by `duration_secs`.
    ///
    /// Extends `expires_at` to at least `now + duration_secs`.
    pub fn renew(&self, duration_secs: u64) -> Result<()> {
        if let Some(lease_id) = self.mem.host_lease_id {
            let expires_at_unix_secs = host::fbmu_renew(lease_id, duration_secs)?;
            lease::set_expires_at_unix_secs(&self.state, expires_at_unix_secs);
            lease::set_status(&self.state, LeaseStatus::Active);
            return Ok(());
        }
        lease::renew(&self.state, duration_secs)
    }

    /// Explicitly revoke/free this lease.
    pub fn free(&self) {
        if let Some(lease_id) = self.mem.host_lease_id {
            let _ = host::fbmu_free(lease_id);
        }
        lease::free(&self.state);
    }

    /// Create a second handle to the same underlying lease.
    ///
    /// The returned `MemLease` shares the same `host_lease_id` and lease
    /// state, so reads and writes go to the same arena. This models the
    /// real-world case where sender and receiver both hold handles to the
    /// same remote memory region.
    #[cfg(any(test, feature = "test-support"))]
    pub fn dup(&self) -> MemLease {
        MemLease {
            state: self.state.clone(),
            mem: FabricMem {
                lease_state: self.mem.lease_state.clone(),
                host_lease_id: self.mem.host_lease_id,
            },
            _size: self._size,
        }
    }
}

impl Drop for MemLease {
    fn drop(&mut self) {
        #[cfg(feature = "observe")]
        crate::observe_hooks::on_lease_dropped(LEASE_TAG_MEM, lease::lease_id(&self.state));
        lease::free(&self.state);
    }
}

/// Builder for acquiring a fabric memory lease with capacity constraints.
///
/// Use the builder pattern to specify minimum capacity requirements, then
/// call [`acquire`](MemBuilder::acquire) to perform the HELLO handshake
/// and validate the arena size.
///
/// # Examples
///
/// ```rust
/// use grafos_std::mem::MemBuilder;
///
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbmu_arena_size(65536);
/// // Require at least 8 KiB
/// let lease = MemBuilder::new().min_bytes(8192).acquire()?;
/// assert!(lease.mem().arena_size()? >= 8192);
/// # Ok::<(), grafos_std::FabricError>(())
/// ```
pub struct MemBuilder {
    min_bytes: u64,
    lease_secs: u64,
}

impl MemBuilder {
    /// Create a new builder with no minimum capacity constraint.
    pub fn new() -> Self {
        MemBuilder {
            min_bytes: 0,
            lease_secs: 300,
        }
    }

    /// Set the minimum number of bytes required from the arena.
    ///
    /// If the arena reported by the host is smaller than this value,
    /// [`acquire`](MemBuilder::acquire) will return
    /// [`FabricError::CapacityExceeded`].
    pub fn min_bytes(mut self, n: u64) -> Self {
        self.min_bytes = n;
        self
    }

    /// Set the lease TTL in seconds.
    pub fn lease_secs(mut self, secs: u64) -> Self {
        self.lease_secs = secs.max(1);
        self
    }

    /// Acquire the memory lease by performing the HELLO handshake and
    /// verifying that the arena meets the requested minimum.
    ///
    /// # Errors
    ///
    /// - [`FabricError::CapacityExceeded`] if the arena size is less than
    ///   the configured [`min_bytes`](MemBuilder::min_bytes).
    /// - [`FabricError::Disconnected`] if the HELLO handshake fails.
    pub fn acquire(self) -> Result<MemLease> {
        let result = match host::fbmu_alloc(self.min_bytes, self.lease_secs) {
            Ok(info) => {
                if info.arena_size < self.min_bytes {
                    return Err(FabricError::CapacityExceeded);
                }
                let created_at_unix_secs = info
                    .expires_at_unix_secs
                    .saturating_sub(self.lease_secs.max(1));
                let state = lease::new_shared_lease_from_parts(
                    info.lease_id,
                    created_at_unix_secs,
                    info.expires_at_unix_secs,
                    lease_status_from_host(info.status),
                );
                Ok(MemLease {
                    state: state.clone(),
                    mem: FabricMem {
                        lease_state: Some(state),
                        host_lease_id: Some(info.lease_id),
                    },
                    _size: info.arena_size,
                })
            }
            Err(FabricError::Unsupported) => {
                let state = lease::new_shared_lease(LEASE_TAG_MEM, self.lease_secs);
                let mut mem = FabricMem::hello()?;
                mem.lease_state = Some(state.clone());
                let arena = mem.arena_size()?;
                if arena < self.min_bytes {
                    return Err(FabricError::CapacityExceeded);
                }
                Ok(MemLease {
                    state,
                    mem,
                    _size: arena,
                })
            }
            Err(e) => Err(e),
        };
        #[cfg(feature = "observe")]
        if let Ok(ref lease) = result {
            crate::observe_hooks::on_lease_acquired(
                LEASE_TAG_MEM,
                lease.lease_id(),
                "local",
                lease._size,
            );
        }
        result
    }

    /// Attach to an existing memory lease by ID.
    ///
    /// Instead of allocating a new lease, this queries the host for the
    /// given `lease_id` and returns a [`MemLease`] bound to it if the
    /// lease is still active. This enables crash recovery: a replacement
    /// tasklet can reconnect to storage that survived the previous
    /// tasklet's death.
    ///
    /// # Errors
    ///
    /// - [`FabricError::LeaseExpired`] if the lease has expired.
    /// - [`FabricError::Revoked`] if the lease has been revoked.
    /// - [`FabricError::Disconnected`] if the query fails.
    pub fn attach(lease_id: u128) -> Result<MemLease> {
        let info = host::fbmu_query(lease_id)?;
        let status = lease_status_from_host(info.status);
        match status {
            LeaseStatus::Active => {}
            LeaseStatus::Expired => return Err(FabricError::LeaseExpired),
            LeaseStatus::Revoked => return Err(FabricError::Revoked),
        }
        // We don't know the original lease duration, so estimate created_at
        // from the current expiry. This is imprecise but sufficient for
        // status tracking — the authoritative state comes from the host.
        let created_at_unix_secs = 0;
        let state = lease::new_shared_lease_from_parts(
            info.lease_id,
            created_at_unix_secs,
            info.expires_at_unix_secs,
            status,
        );
        let result = MemLease {
            state: state.clone(),
            mem: FabricMem {
                lease_state: Some(state),
                host_lease_id: Some(info.lease_id),
            },
            _size: info.arena_size,
        };
        #[cfg(feature = "observe")]
        crate::observe_hooks::on_lease_acquired(
            LEASE_TAG_MEM,
            result.lease_id(),
            "attach",
            result._size,
        );
        Ok(result)
    }
}

impl Default for MemBuilder {
    fn default() -> Self {
        Self::new()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::host;

    #[test]
    fn mem_hello_write_read_roundtrip() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        let mem = FabricMem::hello().expect("hello");
        assert_eq!(mem.arena_size().unwrap(), 4096);

        let data = b"fabricBIOS-grafos-std";
        mem.write(0, data).expect("write");

        let readback = mem.read(0, data.len() as u32).expect("read");
        assert_eq!(&readback, data);
    }

    #[test]
    fn mem_hello_error_propagates() {
        host::reset_mock();
        host::mock_set_fbmu_hello_error(Some(-1));

        let result = FabricMem::hello();
        assert!(result.is_err());
        assert_eq!(result.unwrap_err(), FabricError::Disconnected);

        host::mock_set_fbmu_hello_error(None);
    }

    #[test]
    fn mem_builder_checks_capacity() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(1024);

        // Request more than available
        let result = MemBuilder::new().min_bytes(2048).acquire();
        assert_eq!(result.unwrap_err(), FabricError::CapacityExceeded);

        // Request exactly available
        let lease = MemBuilder::new()
            .min_bytes(1024)
            .acquire()
            .expect("acquire");
        assert_eq!(lease.mem().arena_size().unwrap(), 1024);
    }

    #[test]
    fn mem_builder_default_acquires() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(65536);

        let lease = MemBuilder::new().acquire().expect("acquire");
        let data = b"test";
        lease.mem().write(100, data).expect("write");
        let readback = lease.mem().read(100, 4).expect("read");
        assert_eq!(&readback, data);
    }

    #[test]
    fn mem_lease_expires_and_can_be_renewed() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);
        host::mock_set_unix_time_secs(1_000);

        let lease = MemBuilder::new().lease_secs(10).acquire().expect("acquire");
        assert_eq!(lease.status(), LeaseStatus::Active);
        assert_eq!(lease.expires_at_unix_secs(), 1_010);

        lease.renew(20).expect("renew");
        assert_eq!(lease.expires_at_unix_secs(), 1_020);

        host::mock_advance_time_secs(21);
        assert_eq!(lease.status(), LeaseStatus::Expired);
        assert_eq!(
            lease.mem().write(0, b"x").unwrap_err(),
            FabricError::LeaseExpired
        );
    }

    #[test]
    fn mem_lease_free_revokes_operations() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        let lease = MemBuilder::new().acquire().expect("acquire");
        lease.free();
        assert_eq!(lease.status(), LeaseStatus::Revoked);
        assert_eq!(lease.mem().read(0, 1).unwrap_err(), FabricError::Revoked);
    }

    #[test]
    fn mem_attach_reconnects_to_active_lease() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        let lease = MemBuilder::new()
            .lease_secs(300)
            .acquire()
            .expect("acquire");
        let id = lease.lease_id();

        // Write data through the original lease.
        lease.mem().write(0, b"hello").expect("write");

        // Attach to the same lease by ID.
        let attached = MemBuilder::attach(id).expect("attach");
        assert_eq!(attached.lease_id(), id);
        assert_eq!(attached.status(), LeaseStatus::Active);

        // Read back data through the attached lease.
        let readback = attached.mem().read(0, 5).expect("read");
        assert_eq!(&readback, b"hello");
    }

    #[test]
    fn mem_attach_expired_returns_error() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);
        host::mock_set_unix_time_secs(1_000);

        let lease = MemBuilder::new().lease_secs(5).acquire().expect("acquire");
        let id = lease.lease_id();

        // Advance past expiry.
        host::mock_advance_time_secs(10);

        let result = MemBuilder::attach(id);
        assert_eq!(result.unwrap_err(), FabricError::LeaseExpired);
    }

    #[test]
    fn mem_attach_revoked_returns_error() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        let lease = MemBuilder::new().acquire().expect("acquire");
        let id = lease.lease_id();
        lease.free(); // revoke

        let result = MemBuilder::attach(id);
        assert_eq!(result.unwrap_err(), FabricError::Revoked);
    }

    #[test]
    fn mem_attach_unknown_lease_returns_error() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        // Attach to a lease ID that was never allocated.
        let result = MemBuilder::attach(0xDEADBEEF);
        assert!(result.is_err());
    }

    #[test]
    fn mem_leases_are_isolated_by_lease_id() {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);

        let lease_a = MemBuilder::new().acquire().expect("acquire a");
        let lease_b = MemBuilder::new().acquire().expect("acquire b");

        lease_a.mem().write(0, b"aaa").expect("write a");
        lease_b.mem().write(0, b"bbb").expect("write b");

        let read_a = lease_a.mem().read(0, 3).expect("read a");
        let read_b = lease_b.mem().read(0, 3).expect("read b");
        assert_eq!(&read_a, b"aaa");
        assert_eq!(&read_b, b"bbb");
    }
}