Skip to main content

oxgraph_snapshot/
lib.rs

1//! Topology-agnostic byte-level snapshot container.
2//!
3//! `oxgraph-snapshot` defines a sectioned, zero-copy checkpoint format that
4//! can validate, package, and read immutable topology snapshots without
5//! knowing whether their contents are graphs, hypergraphs, or anything
6//! else. Section semantics belong to upper layers (`oxgraph-csr`,
7//! `oxgraph-graph`, `oxgraph-hyper`); the container only validates and
8//! exposes byte-aligned section payloads.
9//!
10//! # Format overview
11//!
12//! Every snapshot consists of a fixed [`HEADER_SIZE`]-byte header, a
13//! [`SECTION_ENTRY_SIZE`]-byte entry per section, and a payload region
14//! whose offsets and lengths are recorded in the entries. All multi-byte
15//! integer fields are little-endian and stored unaligned, so snapshots can
16//! be borrowed from any byte slice — `Vec<u8>`, mmap'd files, sub-slices —
17//! without an alignment requirement on the base pointer.
18//!
19//! The container mandates two integrity invariants. Every section entry carries a
20//! CRC-32C over its payload bytes and the header carries a CRC-32C over the
21//! section-table bytes; the crate is `no_std` and bundles no CRC
22//! implementation, so writers and the checked/verify read paths take a
23//! [`Checksum32`] function (e.g. [`oxgraph_layout_util::crc32c_append`]).
24//! Section kinds must be strictly ascending across the table, which makes
25//! the table duplicate-free and [`Snapshot::section`] a binary search.
26//!
27//! Section payloads are exposed as byte slices via [`Section::bytes`]; the
28//! [`Section::try_as_slice`] helper checks the actual payload pointer's
29//! alignment against `align_of::<T>()` so consumers can reinterpret
30//! `&[u8]` as `&[T]` only when it is safe to do so.
31//!
32//! # Cargo features
33//!
34//! - default: reader-only API; `no_std`, no allocation.
35//! - `alloc`: enables [`SnapshotWriter`], the owning write-through encoder that returns encoded
36//!   `Vec<u8>` bytes.
37//! - `std`: reserved for future mmap helpers; no effect beyond activating `alloc`.
38//!
39//! # Stability
40//!
41//! The bytes are intentionally not yet promised as a stable ABI: a snapshot
42//! whose format major does not match this library is rejected at open.
43//! Format minor bumps will preserve backward read compatibility once they
44//! ship.
45#![no_std]
46
47#[cfg(kani)]
48extern crate kani;
49
50#[cfg(feature = "alloc")]
51extern crate alloc;
52
53mod container;
54mod container_error;
55
56#[cfg(kani)]
57mod proofs;
58
59#[cfg(feature = "alloc")]
60pub use crate::container::{SectionSink, SnapshotWriter};
61pub use crate::{
62    container::{
63        CRC32C_CHECK_INPUT, CRC32C_CHECK_VALUE, Checksum32, FORMAT_MAGIC, FORMAT_MAJOR,
64        FORMAT_MINOR, HEADER_SIZE, HeaderOnlySnapshot, MAX_ALIGNMENT_LOG2, MAX_SECTION_COUNT,
65        MAX_SUPPORTED_MINOR, PendingSection, SECTION_ENTRY_SIZE, Section, SectionIter, SectionKind,
66        Snapshot, SnapshotPlan, ValidationLevel, kinds, patch_section_crc,
67    },
68    container_error::{PlanError, SectionBindError, SectionViewError, SnapshotError},
69};