Expand description
A persistent, fsync-durable binary stack backed by a single file.
§Overview
BStack treats a file as a flat byte buffer that grows and shrinks from
the tail. Every mutating operation — push,
pop, and (with the set feature) set —
calls a durable sync before returning, so the data survives a process
crash or an unclean system shutdown. Read-only operations —
peek, peek_into,
get, and get_into — never modify
the file and on Unix and Windows can run concurrently with each other.
pop_into is the buffer-passing counterpart of pop,
carrying the same durability and atomicity guarantees.
The crate depends on libc (Unix) and windows-sys (Windows) for
platform-specific syscalls, and uses no unsafe code beyond the required
FFI calls.
§File format
Every file begins with a fixed 16-byte header:
┌────────────────────────┬──────────────┬──────────────┐
│ header (16 B) │ payload 0 │ payload 1 │ ...
│ magic[8] | clen[8 LE] │ │ │
└────────────────────────┴──────────────┴──────────────┘
^ ^ ^ ^
file offset 0 offset 16 16+n0 EOFmagic— 8 bytes:BSTK+ major(1 B) + minor(1 B) + patch(1 B) + reserved(1 B). This version writesBSTK\x00\x01\x03\x00(0.1.3).openaccepts any file whose first 6 bytes matchBSTK\x00\x01(any 0.1.x) and rejects anything with a different major or minor.clen— little-endianu64recording the committed payload length. It is updated atomically with eachpushorpopand is used for crash recovery on the nextopen.
All user-visible offsets are logical (0-based from the start of the payload region, i.e. from file byte 16).
§Crash recovery
On open, the header’s committed length is compared against
the actual file size:
| Condition | Cause | Recovery |
|---|---|---|
file_size − 16 > clen | partial tail write (push crashed before header update) | truncate to 16 + clen |
file_size − 16 < clen | partial truncation (pop crashed before header update) | set clen = file_size − 16 |
After recovery a durable_sync ensures the repaired state is on stable
storage before any caller can observe or modify the file.
§Durability
| Operation | Syscall sequence |
|---|---|
push | lseek(END) → write(data) → lseek(8) → write(clen) → durable_sync |
pop, pop_into | lseek → read → ftruncate → lseek(8) → write(clen) → durable_sync |
set (feature) | lseek(offset) → write(data) → durable_sync |
peek, peek_into, get, get_into | pread(2) on Unix; ReadFile+OVERLAPPED on Windows; lseek → read elsewhere (no sync — read-only) |
durable_sync on macOS issues fcntl(F_FULLFSYNC), which flushes the
drive’s hardware write cache. Plain fdatasync is not sufficient on macOS
because the kernel may acknowledge it before the drive controller has
committed the data. If F_FULLFSYNC is not supported by the device the
implementation falls back to sync_data (fdatasync).
durable_sync on other Unix calls sync_data (fdatasync), which is
sufficient on Linux and BSD.
durable_sync on Windows calls sync_data, which maps to
FlushFileBuffers. This flushes the kernel write-back cache and waits for
the drive to acknowledge, providing equivalent durability to fdatasync.
§Multi-process safety
On Unix, open acquires an exclusive advisory flock
on the file (LOCK_EX | LOCK_NB). If another process already holds the
lock, open returns immediately with io::ErrorKind::WouldBlock rather
than blocking indefinitely. The lock is released automatically when the
BStack is dropped (the underlying file descriptor is closed).
On Windows, open acquires an exclusive LockFileEx
lock (LOCKFILE_EXCLUSIVE_LOCK | LOCKFILE_FAIL_IMMEDIATELY) covering the
entire file range. If another process already holds the lock, open
returns immediately with io::ErrorKind::WouldBlock
(ERROR_LOCK_VIOLATION). The lock is released when the BStack is
dropped (the underlying file handle is closed).
Note: Both
flock(Unix) andLockFileEx(Windows) are advisory and per-process. They prevent well-behaved concurrent opens across processes but do not protect against processes that bypass the lock or against raw writes to the file.
§Correct usage
bstack files must only be opened through this crate or a compatible
implementation that understands the file format, the header protocol, and
the locking semantics. Reading or writing the underlying file with raw
tools or syscalls while a BStack instance is live — or manually editing
the header fields — can silently corrupt the committed-length sentinel or
bypass the advisory lock.
The authors make no guarantees about the behaviour of this crate — including freedom from data loss or logical corruption — when the file has been accessed outside of this crate’s controlled interface.
§Thread safety
BStack wraps the file in a std::sync::RwLock.
| Operation | Lock (Unix / Windows) | Lock (other) |
|---|---|---|
push, pop, pop_into | write | write |
set (feature) | write | write |
peek, peek_into, get, get_into | read | write |
len | read | read |
On Unix and Windows, peek, peek_into, get, and get_into use a
cursor-safe positional read (pread(2) on Unix; ReadFile with
OVERLAPPED on Windows) that does not modify the file-position cursor.
This allows multiple concurrent calls to any of these methods to run in
parallel while any ongoing push, pop, or pop_into still serialises
all writers via the write lock.
On other platforms a seek is required, so peek, peek_into, get, and
get_into fall back to the write lock and all reads serialise.
§Standard I/O adapters
§Writing
BStack implements std::io::Write (and so does &BStack, mirroring
[std::io::Write for &File]). Each call to write is forwarded to
push, so every write is atomically appended and durably
synced before returning. flush is a no-op.
use std::io::Write;
use bstack::BStack;
let mut stack = BStack::open("log.bin")?;
stack.write_all(b"hello")?;
stack.write_all(b"world")?;§Reading
BStackReader wraps a &BStack with a cursor and implements
std::io::Read and std::io::Seek. Use BStack::reader or
BStack::reader_at to construct one.
use std::io::{Read, Seek, SeekFrom};
use bstack::BStack;
let stack = BStack::open("log.bin")?;
stack.push(b"hello world")?;
let mut reader = stack.reader();
let mut buf = [0u8; 5];
reader.read_exact(&mut buf)?; // b"hello"
reader.seek(SeekFrom::Start(6))?;
reader.read_exact(&mut buf)?; // b"world"§Feature flags
| Feature | Description |
|---|---|
set | Enables [BStack::set] — in-place overwrite of existing payload bytes without changing the file size. |
Enable with:
[dependencies]
bstack = { version = "0.1", features = ["set"] }§Examples
use bstack::BStack;
let stack = BStack::open("log.bin")?;
// push returns the logical byte offset where the payload starts.
let off0 = stack.push(b"hello")?; // 0
let off1 = stack.push(b"world")?; // 5
assert_eq!(stack.len()?, 10);
// peek reads from a logical offset to the end without removing anything.
assert_eq!(stack.peek(off1)?, b"world");
// get reads an arbitrary half-open logical byte range.
assert_eq!(stack.get(3, 8)?, b"lowor");
// pop removes bytes from the tail and returns them.
assert_eq!(stack.pop(5)?, b"world");
assert_eq!(stack.len()?, 5);Structs§
- BStack
- A persistent, fsync-durable binary stack backed by a single file.
- BStack
Reader - A cursor-based reader over a
BStackpayload.