arkhe-kernel 0.13.0

Domain-neutral deterministic microkernel for virtual worlds. WAL-backed, bit-identical replay, invariant-lifetime shell brand, no async / no unsafe / no floating-point in canonical paths.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293

//! `KernelSnapshot` — serializable point-in-time capture of kernel state.
//!
//! Snapshot is **independent** from the WAL: WAL stores history (full
//! replay from a fresh state), snapshot stores a single state at tick
//! N. Hybrid recovery (snapshot at N + WAL from N+1) is the future
//! integration; they ship as orthogonal mechanisms.
//!
//! What snapshot includes:
//! - All instances (entities, components, scheduler, ledger, id_counters,
//!   inflight_refs, wall_remainder, local_tick).
//! - Kernel-level `next_instance_id` counter.
//!
//! What snapshot **excludes**:
//! - `Box<dyn KernelObserver>` (not Serialize).
//! - `ActionRegistry` (fn pointers, not Serialize).
//! - Attached `WalWriter` (independent persistence layer).
//!
//! After `Kernel::from_snapshot(...)`, the caller must re-register every
//! Action that was active when the snapshot was taken, and re-attach
//! observers/WAL as needed.
//!
//! Determinism (A1): identical kernel state produces identical snapshot
//! bytes — postcard-canonical encoding + BTreeMap iteration (A5).

use std::collections::BTreeMap;

use serde::{Deserialize, Serialize};

use crate::abi::InstanceId;
use crate::state::instance::InstanceSnapshot;

/// Opaque point-in-time snapshot of kernel state.
///
/// Pub struct, pub(crate) fields — external callers see the type at the
/// API boundary and can hold a value, but cannot inspect its internals
/// (use [`serialize`](Self::serialize) / [`deserialize`](Self::deserialize)
/// for round-trip persistence). Fed to
/// [`Kernel::from_snapshot`](crate::Kernel::from_snapshot) for restore.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KernelSnapshot {
    pub(crate) instances: BTreeMap<InstanceId, InstanceSnapshot>,
    pub(crate) next_instance_id: u64,
}

impl KernelSnapshot {
    /// Encode to canonical postcard bytes.
    pub fn serialize(&self) -> Result<Vec<u8>, SnapshotError> {
        postcard::to_allocvec(self).map_err(|e| SnapshotError::SerializeFailed(format!("{}", e)))
    }

    /// Decode from canonical postcard bytes.
    pub fn deserialize(bytes: &[u8]) -> Result<Self, SnapshotError> {
        postcard::from_bytes(bytes).map_err(|e| SnapshotError::DeserializeFailed(format!("{}", e)))
    }

    /// Number of instances captured.
    pub fn instance_count(&self) -> usize {
        self.instances.len()
    }

    /// Iterate captured instance ids in canonical (`InstanceId` ascending) order.
    pub fn instance_ids(&self) -> impl Iterator<Item = InstanceId> + '_ {
        self.instances.keys().copied()
    }

    /// Crate-internal constructor used by `Kernel::snapshot`.
    #[doc(hidden)]
    pub fn __construct(
        instances: BTreeMap<InstanceId, InstanceSnapshot>,
        next_instance_id: u64,
    ) -> Self {
        Self {
            instances,
            next_instance_id,
        }
    }

    /// Crate-internal destructor used by `Kernel::from_snapshot`.
    #[doc(hidden)]
    pub fn __into_parts(self) -> (BTreeMap<InstanceId, InstanceSnapshot>, u64) {
        (self.instances, self.next_instance_id)
    }
}

/// Snapshot postcard round-trip failures.
#[non_exhaustive]
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum SnapshotError {
    /// Postcard refused to encode the snapshot.
    SerializeFailed(String),
    /// Postcard refused to decode the bytes.
    DeserializeFailed(String),
}

impl core::fmt::Display for SnapshotError {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        match self {
            Self::SerializeFailed(m) => write!(f, "snapshot serialize failed: {}", m),
            Self::DeserializeFailed(m) => write!(f, "snapshot deserialize failed: {}", m),
        }
    }
}

impl std::error::Error for SnapshotError {}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::abi::{CapabilityMask, EntityId, Principal, Tick, TypeCode};
    use crate::state::traits::_sealed::Sealed;
    use crate::state::{ActionCompute, ActionContext, ActionDeriv, InstanceConfig, Op};
    use crate::Kernel;
    use bytes::Bytes;
    use serde::{Deserialize as De, Serialize as Ser};

    /// Test action: spawn entity `id` and attach a 4-byte component
    /// under TypeCode(7).
    #[derive(Ser, De)]
    struct SpawnSetAction {
        id: u64,
    }
    impl Sealed for SpawnSetAction {}
    impl ActionDeriv for SpawnSetAction {
        const TYPE_CODE: TypeCode = TypeCode(900);
        const SCHEMA_VERSION: u32 = 1;
    }
    impl ActionCompute for SpawnSetAction {
        fn compute(&self, _ctx: &ActionContext) -> Vec<Op> {
            let entity = EntityId::new(self.id).unwrap();
            vec![
                Op::SpawnEntity {
                    id: entity,
                    owner: Principal::System,
                },
                Op::SetComponent {
                    entity,
                    type_code: TypeCode(7),
                    bytes: Bytes::from(vec![0xCDu8; 4]),
                    size: 4,
                },
            ]
        }
    }

    fn submit(k: &mut Kernel, inst: InstanceId, id: u64) {
        use crate::state::Action;
        let bytes = Action::canonical_bytes(&SpawnSetAction { id });
        k.submit(
            inst,
            Principal::System,
            None,
            Tick(0),
            SpawnSetAction::TYPE_CODE,
            bytes,
        )
        .unwrap();
    }

    fn boot_with_state(actions: &[u64]) -> (Kernel, InstanceId) {
        let mut k = Kernel::new();
        k.register_action::<SpawnSetAction>();
        let inst = k.create_instance(InstanceConfig::default());
        for id in actions {
            submit(&mut k, inst, *id);
            let _ = k.step(Tick(0), CapabilityMask::SYSTEM);
        }
        (k, inst)
    }

    #[test]
    fn snapshot_empty_kernel_serdes_roundtrip() {
        let k = Kernel::new();
        let snap = k.snapshot();
        assert_eq!(snap.instance_count(), 0);
        let bytes = snap.serialize().unwrap();
        let back = KernelSnapshot::deserialize(&bytes).unwrap();
        assert_eq!(back.instance_count(), 0);
    }

    #[test]
    fn snapshot_captures_instance_state() {
        let (k, inst) = boot_with_state(&[1, 2, 3]);
        let snap = k.snapshot();
        assert_eq!(snap.instance_count(), 1);
        let ids: Vec<InstanceId> = snap.instance_ids().collect();
        assert_eq!(ids, vec![inst]);
    }

    #[test]
    fn snapshot_preserves_entities_and_components() {
        let (k1, inst) = boot_with_state(&[1, 2]);
        let snap = k1.snapshot();
        let bytes = snap.serialize().unwrap();
        let snap2 = KernelSnapshot::deserialize(&bytes).unwrap();
        let mut k2 = Kernel::from_snapshot(snap2);
        // Caller MUST re-register the action types they care about; for
        // the read assertions below this isn't required.

        let v1 = k1.instance_view(inst).unwrap();
        let v2 = k2.instance_view(inst).unwrap();
        assert_eq!(v1.entity_count(), v2.entity_count());
        assert_eq!(v1.component_count(), v2.component_count());
        assert_eq!(
            v1.component(EntityId::new(1).unwrap(), TypeCode(7)),
            v2.component(EntityId::new(1).unwrap(), TypeCode(7)),
        );
        assert_eq!(
            v1.component(EntityId::new(2).unwrap(), TypeCode(7)),
            v2.component(EntityId::new(2).unwrap(), TypeCode(7)),
        );
        // After from_snapshot, k2 is mutable; verify we can re-register the
        // action and submit on the restored kernel without panic.
        k2.register_action::<SpawnSetAction>();
        submit(&mut k2, inst, 3);
        let _ = k2.step(Tick(0), CapabilityMask::SYSTEM);
        assert_eq!(k2.instance_view(inst).unwrap().entity_count(), 3);
    }

    #[test]
    fn snapshot_preserves_id_counters() {
        // create_instance increments next_instance_id; verify the round
        // trip produces a kernel that issues the same next id.
        let mut k1 = Kernel::new();
        let _ = k1.create_instance(InstanceConfig::default());
        let _ = k1.create_instance(InstanceConfig::default());
        let _ = k1.create_instance(InstanceConfig::default()); // next_instance_id = 3
        let snap = k1.snapshot();
        let bytes = snap.serialize().unwrap();
        let snap2 = KernelSnapshot::deserialize(&bytes).unwrap();
        let mut k2 = Kernel::from_snapshot(snap2);
        // Both kernels' next create_instance returns id=4.
        let next1 = k1.create_instance(InstanceConfig::default());
        let next2 = k2.create_instance(InstanceConfig::default());
        assert_eq!(next1, next2);
        assert_eq!(next1.get(), 4);
    }

    #[test]
    fn snapshot_preserves_local_tick_and_wall_remainder() {
        // Round-trip a kernel that has progressed; the restored kernel's
        // view exposes the same local_tick. (apply_stage doesn't auto-
        // advance local_tick — both readings should be 0.)
        let (k1, inst) = boot_with_state(&[1]);
        let snap = k1.snapshot();
        let bytes = snap.serialize().unwrap();
        let k2 = Kernel::from_snapshot(KernelSnapshot::deserialize(&bytes).unwrap());
        assert_eq!(
            k1.instance_view(inst).unwrap().local_tick(),
            k2.instance_view(inst).unwrap().local_tick(),
        );
    }

    #[test]
    fn snapshot_deserialize_fresh_kernel_no_observers_no_registry() {
        // After from_snapshot, observer count is 0 and action registry is
        // empty. Submitting an unknown TypeCode silently skips (per
        // existing kernel semantics).
        let (k1, inst) = boot_with_state(&[1]);
        let snap = k1.snapshot();
        let mut k2 =
            Kernel::from_snapshot(KernelSnapshot::deserialize(&snap.serialize().unwrap()).unwrap());
        assert_eq!(k2.stats().observer_count, 0);
        // Action registry empty: submit + step skips the action (no
        // deserializer registered).
        k2.submit(
            inst,
            Principal::System,
            None,
            Tick(0),
            TypeCode(900),
            vec![1u8],
        )
        .unwrap();
        let report = k2.step(Tick(0), CapabilityMask::SYSTEM);
        assert_eq!(report.actions_executed, 1);
        assert_eq!(report.effects_applied, 0);
    }

    #[test]
    fn snapshot_deterministic_same_state_same_bytes() {
        // A1 D1 extension: identical kernel state ⇒ identical snapshot bytes.
        // Build two independent kernels through the same sequence of
        // operations and compare the postcard outputs byte-for-byte.
        let (k1, _) = boot_with_state(&[1, 2, 3]);
        let (k2, _) = boot_with_state(&[1, 2, 3]);
        let b1 = k1.snapshot().serialize().unwrap();
        let b2 = k2.snapshot().serialize().unwrap();
        assert_eq!(
            b1, b2,
            "identical state must produce identical snapshot bytes"
        );
    }
}