grafos_sync/

mutex.rs

//! Distributed mutual exclusion backed by a fabric memory lease.
//!
//! A [`FabricMutex<T>`] stores lock metadata and a `Copy`-typed value `T`
//! in leased fabric memory. The holder is identified by a `u128` id; a
//! zero holder means "unlocked". A generation counter increments on each
//! acquire, letting observers detect ownership transitions even when the
//! holder id wraps or is reused.
//!
//! # Memory layout at `base_offset`
//!
//! ```text
//! offset +0:  holder_id   (u128, 16 bytes) — 0 = unlocked
//! offset +16: generation  (u64, 8 bytes)   — incremented on each acquire
//! offset +24: data_len    (u32, 4 bytes)   — byte length of serialized T
//! offset +28: data        ([u8])           — serialized T value
//! ```
//!
//! Total header overhead: 28 bytes before the user data.

extern crate alloc;
use core::marker::PhantomData;

use grafos_std::error::{FabricError, Result};
use grafos_std::mem::{FabricMem, MemLease};

const HOLDER_ID_OFFSET: u64 = 0;
const GENERATION_OFFSET: u64 = 16;
const DATA_LEN_OFFSET: u64 = 24;
const DATA_OFFSET: u64 = 28;

/// Distributed mutex backed by a fabric memory lease.
///
/// The lock state is stored in leased fabric memory. When a holder crashes
/// without releasing the lock, the lease expires and the lock auto-releases.
///
/// `T` must be `Copy` — the value is stored via raw byte copy in the leased
/// arena. For complex types, use the `serde` feature on `grafos-std`.
///
/// # Example
///
/// ```rust
/// # grafos_std::host::reset_mock();
/// # grafos_std::host::mock_set_fbmu_arena_size(65536);
/// use grafos_sync::FabricMutex;
/// use grafos_std::mem::MemBuilder;
///
/// let lease = MemBuilder::new().acquire().unwrap();
/// let mtx = FabricMutex::new(lease, 0, 42u64).unwrap();
///
/// // Acquire with holder_id=1, up to 100 spin attempts
/// let guard = mtx.lock(1, 100).unwrap();
/// assert_eq!(*guard, 42);
/// guard.unlock().unwrap();
///
/// assert_eq!(mtx.holder().unwrap(), 0); // unlocked
/// assert_eq!(mtx.generation().unwrap(), 1); // one acquire happened
/// ```
pub struct FabricMutex<T> {
    lease: MemLease,
    base_offset: u64,
    _marker: PhantomData<T>,
}

/// RAII guard returned by [`FabricMutex::lock`] and [`FabricMutex::try_lock`].
///
/// Provides [`Deref`](core::ops::Deref) and [`DerefMut`](core::ops::DerefMut)
/// access to the locked value. On drop, writes the (potentially modified) value
/// back to leased memory and clears the holder_id, releasing the lock.
///
/// You can also call [`unlock`](FabricMutexGuard::unlock) explicitly to check
/// for write errors instead of silently ignoring them in `Drop`.
pub struct FabricMutexGuard<'a, T: Copy> {
    mutex: &'a FabricMutex<T>,
    value: T,
    #[allow(dead_code)]
    holder_id: u128,
}

impl<'a, T: Copy + core::fmt::Debug> core::fmt::Debug for FabricMutexGuard<'a, T> {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_struct("FabricMutexGuard")
            .field("value", &self.value)
            .field("holder_id", &self.holder_id)
            .finish()
    }
}

fn read_u128(mem: &FabricMem, offset: u64) -> Result<u128> {
    let data = mem.read(offset, 16)?;
    if data.len() < 16 {
        return Ok(0);
    }
    let mut buf = [0u8; 16];
    buf.copy_from_slice(&data[..16]);
    Ok(u128::from_le_bytes(buf))
}

fn write_u128(mem: &FabricMem, offset: u64, val: u128) -> Result<()> {
    mem.write(offset, &val.to_le_bytes())
}

fn read_u64(mem: &FabricMem, offset: u64) -> Result<u64> {
    let data = mem.read(offset, 8)?;
    if data.len() < 8 {
        return Ok(0);
    }
    let mut buf = [0u8; 8];
    buf.copy_from_slice(&data[..8]);
    Ok(u64::from_le_bytes(buf))
}

fn write_u64(mem: &FabricMem, offset: u64, val: u64) -> Result<()> {
    mem.write(offset, &val.to_le_bytes())
}

fn write_u32(mem: &FabricMem, offset: u64, val: u32) -> Result<()> {
    mem.write(offset, &val.to_le_bytes())
}

impl<T: Copy> FabricMutex<T> {
    /// Create a new mutex with the given initial value, stored at `base_offset`
    /// in the provided lease's memory arena.
    ///
    /// Initializes holder_id to 0 (unlocked) and generation to 0. The caller
    /// is responsible for ensuring that distinct mutexes use non-overlapping
    /// offset ranges. The total space consumed is 28 + `size_of::<T>()` bytes.
    pub fn new(lease: MemLease, base_offset: u64, initial: T) -> Result<Self> {
        let mem = lease.mem();
        // Initialize: holder_id = 0 (unlocked), generation = 0
        write_u128(mem, base_offset + HOLDER_ID_OFFSET, 0)?;
        write_u64(mem, base_offset + GENERATION_OFFSET, 0)?;

        // Write initial value
        let size = core::mem::size_of::<T>();
        let bytes = unsafe { core::slice::from_raw_parts(&initial as *const T as *const u8, size) };
        write_u32(mem, base_offset + DATA_LEN_OFFSET, size as u32)?;
        mem.write(base_offset + DATA_OFFSET, bytes)?;

        Ok(FabricMutex {
            lease,
            base_offset,
            _marker: PhantomData,
        })
    }

    /// Acquire the lock, spinning up to `max_attempts` times.
    ///
    /// On each iteration, reads the holder_id from leased memory. If it is
    /// zero (unlocked), writes `holder_id`, increments the generation counter,
    /// and returns an RAII [`FabricMutexGuard`] with `Deref`/`DerefMut` access
    /// to the protected value.
    ///
    /// Returns [`FabricError::LeaseExpired`] if `max_attempts` is exhausted
    /// without acquiring the lock.
    pub fn lock(&self, holder_id: u128, max_attempts: u32) -> Result<FabricMutexGuard<'_, T>> {
        let mem = self.lease.mem();
        let base = self.base_offset;

        for _ in 0..max_attempts {
            let current = read_u128(mem, base + HOLDER_ID_OFFSET)?;
            if current == 0 {
                // Lock is free — acquire it
                write_u128(mem, base + HOLDER_ID_OFFSET, holder_id)?;

                // Increment generation
                let gen = read_u64(mem, base + GENERATION_OFFSET)?;
                write_u64(mem, base + GENERATION_OFFSET, gen + 1)?;

                // Read the current value
                let value = self.read_value()?;

                return Ok(FabricMutexGuard {
                    mutex: self,
                    value,
                    holder_id,
                });
            }
            // Lock is held — in a real system we'd backoff, but in tests
            // this is effectively a spin.
        }
        Err(FabricError::LeaseExpired)
    }

    /// Non-blocking lock attempt.
    ///
    /// Reads the holder_id once. Returns `Ok(Some(guard))` if the lock was
    /// free and successfully acquired, `Ok(None)` if it was already held, or
    /// `Err` on an underlying I/O failure.
    pub fn try_lock(&self, holder_id: u128) -> Result<Option<FabricMutexGuard<'_, T>>> {
        let mem = self.lease.mem();
        let base = self.base_offset;

        let current = read_u128(mem, base + HOLDER_ID_OFFSET)?;
        if current != 0 {
            return Ok(None);
        }

        write_u128(mem, base + HOLDER_ID_OFFSET, holder_id)?;

        let gen = read_u64(mem, base + GENERATION_OFFSET)?;
        write_u64(mem, base + GENERATION_OFFSET, gen + 1)?;

        let value = self.read_value()?;

        Ok(Some(FabricMutexGuard {
            mutex: self,
            value,
            holder_id,
        }))
    }

    /// Read the current generation counter.
    ///
    /// The generation is incremented by one each time the lock is successfully
    /// acquired (via [`lock`](Self::lock) or [`try_lock`](Self::try_lock)).
    /// Starts at 0 when the mutex is created.
    pub fn generation(&self) -> Result<u64> {
        read_u64(self.lease.mem(), self.base_offset + GENERATION_OFFSET)
    }

    /// Read the current holder_id (0 = unlocked).
    ///
    /// Returns the `u128` identifier of the party currently holding the lock,
    /// or 0 if the lock is not held. This is a snapshot; the value may change
    /// between the read and any action taken on it.
    pub fn holder(&self) -> Result<u128> {
        read_u128(self.lease.mem(), self.base_offset + HOLDER_ID_OFFSET)
    }

    /// Returns the lease ID of the underlying memory lease for external
    /// renewal management (e.g. via [`grafos_leasekit::RenewalManager`]).
    pub fn lease_id(&self) -> u128 {
        self.lease.lease_id()
    }

    /// Returns the expiry time (unix seconds) of the underlying memory
    /// lease for external renewal management.
    pub fn expires_at_unix_secs(&self) -> u64 {
        self.lease.expires_at_unix_secs()
    }

    fn read_value(&self) -> Result<T> {
        let mem = self.lease.mem();
        let size = core::mem::size_of::<T>();
        let data = mem.read(self.base_offset + DATA_OFFSET, size as u32)?;
        if data.len() < size {
            return Err(FabricError::IoError(-99));
        }
        let value = unsafe { core::ptr::read_unaligned(data.as_ptr() as *const T) };
        Ok(value)
    }

    fn write_value(&self, value: &T) -> Result<()> {
        let mem = self.lease.mem();
        let size = core::mem::size_of::<T>();
        let bytes = unsafe { core::slice::from_raw_parts(value as *const T as *const u8, size) };
        mem.write(self.base_offset + DATA_OFFSET, bytes)
    }
}

impl<'a, T: Copy> FabricMutexGuard<'a, T> {
    /// Explicitly unlock, writing the (potentially modified) value back
    /// to leased memory and clearing the holder_id.
    ///
    /// Prefer this over relying on `Drop` when you need to handle write errors.
    pub fn unlock(self) -> Result<()> {
        self.release_inner()
    }

    fn release_inner(&self) -> Result<()> {
        self.mutex.write_value(&self.value)?;
        write_u128(
            self.mutex.lease.mem(),
            self.mutex.base_offset + HOLDER_ID_OFFSET,
            0,
        )
    }
}

impl<'a, T: Copy> core::ops::Deref for FabricMutexGuard<'a, T> {
    type Target = T;
    fn deref(&self) -> &T {
        &self.value
    }
}

impl<'a, T: Copy> core::ops::DerefMut for FabricMutexGuard<'a, T> {
    fn deref_mut(&mut self) -> &mut T {
        &mut self.value
    }
}

impl<'a, T: Copy> Drop for FabricMutexGuard<'a, T> {
    fn drop(&mut self) {
        let _ = self.release_inner();
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use grafos_std::host;
    use grafos_std::mem::MemBuilder;

    fn setup() -> MemLease {
        host::reset_mock();
        host::mock_set_fbmu_arena_size(4096);
        MemBuilder::new().acquire().expect("acquire lease")
    }

    #[test]
    fn mutex_lock_unlock_roundtrip() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 42u64).expect("new mutex");

        let guard = mtx.lock(1, 10).expect("lock");
        assert_eq!(*guard, 42);
        guard.unlock().expect("unlock");

        // Lock is released — holder should be 0
        assert_eq!(mtx.holder().unwrap(), 0);
    }

    #[test]
    fn mutex_guard_drops_on_scope_exit() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 100u32).expect("new mutex");

        {
            let _guard = mtx.lock(42, 10).expect("lock");
            assert_eq!(mtx.holder().unwrap(), 42);
            // guard drops here
        }

        // After drop, lock should be released
        assert_eq!(mtx.holder().unwrap(), 0);
    }

    #[test]
    fn mutex_try_lock_returns_none_when_held() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 7u8).expect("new mutex");

        let _guard = mtx.lock(1, 10).expect("lock");

        // try_lock should see holder_id != 0 and return None
        let result = mtx.try_lock(2).expect("try_lock io");
        assert!(result.is_none());
    }

    #[test]
    fn mutex_generation_increments() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 0u64).expect("new mutex");

        assert_eq!(mtx.generation().unwrap(), 0);

        {
            let _g = mtx.lock(1, 10).expect("lock 1");
        }
        assert_eq!(mtx.generation().unwrap(), 1);

        {
            let _g = mtx.lock(2, 10).expect("lock 2");
        }
        assert_eq!(mtx.generation().unwrap(), 2);

        {
            let _g = mtx.lock(3, 10).expect("lock 3");
        }
        assert_eq!(mtx.generation().unwrap(), 3);
    }

    #[test]
    fn mutex_deref_mut_modifies_value() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 10u64).expect("new mutex");

        {
            let mut guard = mtx.lock(1, 10).expect("lock");
            *guard = 99;
            // guard drops, writing 99 back
        }

        // Re-lock and verify updated value
        let guard = mtx.lock(2, 10).expect("lock 2");
        assert_eq!(*guard, 99);
    }

    #[test]
    fn mutex_lock_timeout() {
        let lease = setup();
        let mtx = FabricMutex::new(lease, 0, 0u32).expect("new mutex");

        // Hold the lock
        let _guard = mtx.lock(1, 10).expect("lock");

        // Another lock attempt should timeout
        let result = mtx.lock(2, 5);
        assert_eq!(result.unwrap_err(), FabricError::LeaseExpired);
    }
}