dualcache-ff 0.2.0

A wait-free, high-performance concurrent cache optimized for extreme read-to-write ratios.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213

/// State Turnstile MPSC LossyQueue — zero external dependencies.
///
/// Replaces `crossbeam_channel::bounded` with a wait-free, lossy ring buffer
/// designed specifically for the DualCache-FF Worker→Daemon pipeline.
///
/// # Design Rationale
/// crossbeam_channel is a general-purpose channel with thread wake-up
/// machinery (Parker/Unparker), select! support, and complex state machines.
/// DualCache-FF only needs an extreme-speed, lossy, single-direction pipe.
///
/// # State Turnstile (per-slot AtomicU8)
/// Each slot carries a 3-state gate to prevent Daemon from reading
/// half-written data and to prevent Ring Buffer wraparound corruption:
///
///   EMPTY(0) ──[Producer CAS]──► WRITING(1) ──[store]──► READY(2)
///     ▲                                                        │
///     └──────────────[Daemon store after read]────────────────┘
///
/// # MPSC guarantee
/// Multiple producers atomically CAS EMPTY→WRITING to claim unique slots.
/// A single Daemon reads sequentially from `head`. No locks required.
///
/// # Lossy guarantee
/// If a slot is not EMPTY (e.g., WRITING or READY — ring buffer lapped),
/// the producer immediately returns Err(item). No blocking, ever.
use core::cell::UnsafeCell;
use core::mem::MaybeUninit;
use core::sync::atomic::{AtomicBool, AtomicUsize, AtomicU8, Ordering};

#[cfg(not(feature = "std"))]
use alloc::{boxed::Box, sync::Arc, vec::Vec};
#[cfg(feature = "std")]
use std::sync::Arc;

// ── Slot state constants ───────────────────────────────────────────────────

const EMPTY: u8 = 0;
const WRITING: u8 = 1;
const READY: u8 = 2;

// ── Slot ──────────────────────────────────────────────────────────────────

struct Slot<T> {
    state: AtomicU8,
    data: UnsafeCell<MaybeUninit<T>>,
}

unsafe impl<T: Send> Send for Slot<T> {}
unsafe impl<T: Send> Sync for Slot<T> {}

// ── LossyQueue ────────────────────────────────────────────────────────────

/// MPSC wait-free lossy ring buffer.
pub struct LossyQueue<T> {
    mask: usize,
    /// Producer cursor — FAA, unbounded (wraps via mask).
    tail: AtomicUsize,
    /// Consumer (Daemon) cursor — single-threaded advance.
    head: AtomicUsize,
    buffer: Box<[Slot<T>]>,
}

unsafe impl<T: Send> Send for LossyQueue<T> {}
unsafe impl<T: Send> Sync for LossyQueue<T> {}

impl<T> LossyQueue<T> {
    /// Create a new queue with the given capacity (must be a power of two).
    pub fn new(capacity: usize) -> Self {
        assert!(
            capacity.is_power_of_two(),
            "LossyQueue capacity must be a power of two"
        );
        let mut buf = Vec::with_capacity(capacity);
        for _ in 0..capacity {
            buf.push(Slot {
                state: AtomicU8::new(EMPTY),
                data: UnsafeCell::new(MaybeUninit::uninit()),
            });
        }
        Self {
            mask: capacity - 1,
            tail: AtomicUsize::new(0),
            head: AtomicUsize::new(0),
            buffer: buf.into_boxed_slice(),
        }
    }

    /// Worker path — try to enqueue an item.
    ///
    /// Uses FAA to claim a slot index, then CAS EMPTY→WRITING as a physical
    /// gate. If the slot is occupied (ring buffer lapped or concurrent writer),
    /// returns `Err(item)` immediately — never blocks.
    #[inline(always)]
    pub fn try_send(&self, item: T) -> Result<(), T> {
        let tail = self.tail.load(Ordering::Relaxed);
        let head = self.head.load(Ordering::Acquire);

        // Pre-check: if physically full, don't even try to FAA.
        // This prevents tail from flying away and causing massive overlaps.
        if tail.wrapping_sub(head) >= self.buffer.len() {
            return Err(item);
        }

        // FAA claims a position.
        let idx = self.tail.fetch_add(1, Ordering::Relaxed) & self.mask;
        let slot = &self.buffer[idx];

        // Physical gate: only proceed if the slot is truly empty.
        if slot
            .state
            .compare_exchange(EMPTY, WRITING, Ordering::Acquire, Ordering::Relaxed)
            .is_err()
        {
            return Err(item);
        }

        unsafe { (*slot.data.get()).write(item) };
        slot.state.store(READY, Ordering::Release);
        Ok(())
    }

    /// Blocking send for critical commands (Sync, Clear).
    /// Spins until the item is successfully enqueued.
    pub fn send_blocking(&self, mut item: T) {
        loop {
            match self.try_send(item) {
                Ok(_) => return,
                Err(returned_item) => {
                    item = returned_item;
                    core::hint::spin_loop();
                }
            }
        }
    }

    /// Daemon path — try to dequeue one item.
    ///
    /// Single-consumer: only Daemon ever calls this.
    /// Reads from `head`, returns `None` if the slot is not yet READY.
    #[inline(always)]
    pub fn try_recv(&self) -> Option<T> {
        let idx = self.head.load(Ordering::Relaxed) & self.mask;
        let slot = &self.buffer[idx];

        if slot.state.load(Ordering::Acquire) == READY {
            // Safe read: we are the exclusive consumer.
            let item = unsafe { (*slot.data.get()).assume_init_read() };

            // Reset gate and advance head.
            slot.state.store(EMPTY, Ordering::Release);
            self.head.fetch_add(1, Ordering::Relaxed);
            Some(item)
        } else {
            None
        }
    }
}

impl<T> Drop for LossyQueue<T> {
    fn drop(&mut self) {
        // Drain any READY items that were never consumed.
        loop {
            let idx = self.head.load(Ordering::Relaxed) & self.mask;
            let slot = &self.buffer[idx];
            if slot.state.load(Ordering::Acquire) == READY {
                unsafe { (*slot.data.get()).assume_init_drop() };
                slot.state.store(EMPTY, Ordering::Relaxed);
                self.head.fetch_add(1, Ordering::Relaxed);
            } else {
                break;
            }
        }
    }
}

// ── OneshotAck ────────────────────────────────────────────────────────────

/// Lightweight one-shot acknowledgment channel.
///
/// Replaces `crossbeam_channel::bounded(1)` used for `Sync` and `Clear`
/// command round-trips. Works in both `std` and `no_std` environments.
///
/// The caller creates an `Arc<OneshotAck>`, sends it in a `Command`, and
/// blocks on `wait()`. The Daemon calls `signal()` after processing.
pub struct OneshotAck {
    ready: AtomicBool,
}

impl OneshotAck {
    /// Allocate a new, unsignalled ack handle.
    pub fn new() -> Arc<Self> {
        Arc::new(Self {
            ready: AtomicBool::new(false),
        })
    }

    /// Daemon: signal that the command has been processed.
    #[inline(always)]
    pub fn signal(&self) {
        self.ready.store(true, Ordering::Release);
    }

    /// Caller: spin until the signal arrives.
    ///
    /// In `std` mode this is a brief spin (Sync/Clear commands are rare).
    /// In `no_std` / RTOS mode the RTOS scheduler preempts the spinning task.
    #[inline(always)]
    pub fn wait(&self) {
        while !self.ready.load(Ordering::Acquire) {
            core::hint::spin_loop();
        }
    }
}