ringkernel-core 1.1.0

Core traits and types for RingKernel GPU-native actor system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369

//! Resource guard for preventing system overload.

use std::sync::atomic::{AtomicBool, AtomicU64, Ordering};
use std::sync::OnceLock;

use super::error::{ResourceError, ResourceResult};
use super::estimate::MemoryEstimate;
use super::system::get_available_memory;
use super::{DEFAULT_MAX_MEMORY_BYTES, SYSTEM_MEMORY_MARGIN};

/// Resource guard for preventing system overload.
///
/// Tracks memory allocation and provides checks before large allocations.
#[derive(Debug)]
pub struct ResourceGuard {
    /// Maximum allowed memory usage.
    max_memory_bytes: AtomicU64,
    /// Current tracked memory usage.
    current_memory_bytes: AtomicU64,
    /// Current reserved memory.
    reserved_bytes: AtomicU64,
    /// Whether to enforce limits (can be disabled for testing).
    enforce_limits: AtomicBool,
    /// Safety margin ratio (0.0-1.0).
    safety_margin: f32,
}

impl Default for ResourceGuard {
    fn default() -> Self {
        Self::new()
    }
}

impl ResourceGuard {
    /// Creates a new resource guard with default limits.
    #[must_use]
    pub fn new() -> Self {
        Self {
            max_memory_bytes: AtomicU64::new(DEFAULT_MAX_MEMORY_BYTES),
            current_memory_bytes: AtomicU64::new(0),
            reserved_bytes: AtomicU64::new(0),
            enforce_limits: AtomicBool::new(true),
            safety_margin: 0.3, // 30% headroom
        }
    }

    /// Creates a resource guard with a specific memory limit.
    #[must_use]
    pub fn with_max_memory(max_bytes: u64) -> Self {
        Self {
            max_memory_bytes: AtomicU64::new(max_bytes),
            current_memory_bytes: AtomicU64::new(0),
            reserved_bytes: AtomicU64::new(0),
            enforce_limits: AtomicBool::new(true),
            safety_margin: 0.3,
        }
    }

    /// Creates a resource guard with custom safety margin.
    #[must_use]
    pub fn with_safety_margin(mut self, margin: f32) -> Self {
        self.safety_margin = margin.clamp(0.0, 0.9);
        self
    }

    /// Creates a resource guard that doesn't enforce limits (for testing).
    #[must_use]
    pub fn unguarded() -> Self {
        let guard = Self::new();
        guard.enforce_limits.store(false, Ordering::SeqCst);
        guard
    }

    /// Sets the maximum memory limit.
    pub fn set_max_memory(&self, max_bytes: u64) {
        self.max_memory_bytes.store(max_bytes, Ordering::SeqCst);
    }

    /// Gets the maximum memory limit.
    #[must_use]
    pub fn max_memory(&self) -> u64 {
        self.max_memory_bytes.load(Ordering::SeqCst)
    }

    /// Gets the current tracked memory usage.
    #[must_use]
    pub fn current_memory(&self) -> u64 {
        self.current_memory_bytes.load(Ordering::SeqCst)
    }

    /// Gets the currently reserved memory.
    #[must_use]
    pub fn reserved_memory(&self) -> u64 {
        self.reserved_bytes.load(Ordering::SeqCst)
    }

    /// Gets the effective available memory (max - current - reserved).
    #[must_use]
    pub fn available_memory(&self) -> u64 {
        let max = self.max_memory();
        let current = self.current_memory();
        let reserved = self.reserved_memory();
        max.saturating_sub(current).saturating_sub(reserved)
    }

    /// Checks if a given allocation can proceed.
    #[must_use]
    pub fn can_allocate(&self, bytes: u64) -> bool {
        if !self.enforce_limits.load(Ordering::SeqCst) {
            return true;
        }

        bytes <= self.available_memory()
    }

    /// Checks if an allocation can proceed, also checking system memory.
    pub fn can_allocate_safe(&self, bytes: u64) -> ResourceResult<()> {
        if !self.enforce_limits.load(Ordering::SeqCst) {
            return Ok(());
        }

        // Check against our limit
        let current = self.current_memory();
        let reserved = self.reserved_memory();
        let max = self.max_memory();
        let used = current.saturating_add(reserved);

        if used.saturating_add(bytes) > max {
            return Err(ResourceError::MemoryLimitExceeded {
                requested: bytes,
                current: used,
                max,
            });
        }

        // Check system memory
        if let Some(available) = get_available_memory() {
            if bytes > available.saturating_sub(SYSTEM_MEMORY_MARGIN) {
                return Err(ResourceError::InsufficientSystemMemory {
                    requested: bytes,
                    available,
                    margin: SYSTEM_MEMORY_MARGIN,
                });
            }
        }

        Ok(())
    }

    /// Records a memory allocation.
    pub fn record_allocation(&self, bytes: u64) {
        self.current_memory_bytes.fetch_add(bytes, Ordering::SeqCst);
    }

    /// Records a memory deallocation.
    pub fn record_deallocation(&self, bytes: u64) {
        self.current_memory_bytes.fetch_sub(bytes, Ordering::SeqCst);
    }

    /// Reserves memory for a future allocation.
    ///
    /// Returns a guard that releases the reservation on drop.
    pub fn reserve(&self, bytes: u64) -> ResourceResult<ReservationGuard<'_>> {
        self.can_allocate_safe(bytes)?;
        self.reserved_bytes.fetch_add(bytes, Ordering::SeqCst);
        Ok(ReservationGuard {
            guard: self,
            bytes,
            committed: false,
        })
    }

    /// Validates a memory estimate before allocation.
    pub fn validate(&self, estimate: &MemoryEstimate) -> ResourceResult<()> {
        self.can_allocate_safe(estimate.peak_bytes)
    }

    /// Returns the maximum safe element count for a given per-element byte cost.
    #[must_use]
    pub fn max_safe_elements(&self, bytes_per_element: usize) -> usize {
        if bytes_per_element == 0 {
            return usize::MAX;
        }

        let available = self.available_memory();
        let safe_bytes = (available as f64 * (1.0 - self.safety_margin as f64)) as u64;

        (safe_bytes / bytes_per_element as u64) as usize
    }

    /// Enables or disables limit enforcement.
    pub fn set_enforce_limits(&self, enforce: bool) {
        self.enforce_limits.store(enforce, Ordering::SeqCst);
    }

    /// Returns whether limits are being enforced.
    #[must_use]
    pub fn is_enforcing(&self) -> bool {
        self.enforce_limits.load(Ordering::SeqCst)
    }
}

/// RAII guard for memory reservations.
///
/// Releases the reservation when dropped, unless committed.
#[derive(Debug)]
pub struct ReservationGuard<'a> {
    guard: &'a ResourceGuard,
    bytes: u64,
    committed: bool,
}

impl<'a> ReservationGuard<'a> {
    /// Returns the reserved bytes.
    #[must_use]
    pub fn bytes(&self) -> u64 {
        self.bytes
    }

    /// Commits the reservation by recording it as an allocation.
    ///
    /// The reservation is released and replaced with an actual allocation record.
    pub fn commit(mut self) {
        self.guard
            .reserved_bytes
            .fetch_sub(self.bytes, Ordering::SeqCst);
        self.guard.record_allocation(self.bytes);
        self.committed = true;
    }

    /// Releases the reservation without allocating.
    pub fn release(mut self) {
        self.guard
            .reserved_bytes
            .fetch_sub(self.bytes, Ordering::SeqCst);
        self.committed = true; // Prevent double-release in drop
    }
}

impl<'a> Drop for ReservationGuard<'a> {
    fn drop(&mut self) {
        if !self.committed {
            self.guard
                .reserved_bytes
                .fetch_sub(self.bytes, Ordering::SeqCst);
        }
    }
}

// ============================================================================
// Global Guard
// ============================================================================

static GLOBAL_GUARD: OnceLock<ResourceGuard> = OnceLock::new();

/// Gets the global resource guard.
pub fn global_guard() -> &'static ResourceGuard {
    GLOBAL_GUARD.get_or_init(ResourceGuard::new)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_resource_guard_new() {
        let guard = ResourceGuard::new();
        assert_eq!(guard.current_memory(), 0);
        assert_eq!(guard.max_memory(), DEFAULT_MAX_MEMORY_BYTES);
    }

    #[test]
    fn test_resource_guard_allocation() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        // Should allow small allocation
        assert!(guard.can_allocate(100_000));

        // Should deny large allocation
        assert!(!guard.can_allocate(2_000_000));

        // After recording, should update current
        guard.record_allocation(500_000);
        assert_eq!(guard.current_memory(), 500_000);

        // Now should deny medium allocation
        assert!(!guard.can_allocate(600_000));
        assert!(guard.can_allocate(400_000));
    }

    #[test]
    fn test_resource_guard_deallocation() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        guard.record_allocation(500_000);
        assert_eq!(guard.current_memory(), 500_000);

        guard.record_deallocation(200_000);
        assert_eq!(guard.current_memory(), 300_000);
    }

    #[test]
    fn test_reservation_guard() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        {
            let reservation = guard.reserve(500_000).unwrap();
            assert_eq!(guard.reserved_memory(), 500_000);
            assert_eq!(reservation.bytes(), 500_000);

            // Can't allocate more than remaining
            assert!(!guard.can_allocate(600_000));
        } // Reservation released on drop

        assert_eq!(guard.reserved_memory(), 0);
        assert!(guard.can_allocate(600_000));
    }

    #[test]
    fn test_reservation_commit() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        let reservation = guard.reserve(500_000).unwrap();
        reservation.commit();

        assert_eq!(guard.reserved_memory(), 0);
        assert_eq!(guard.current_memory(), 500_000);
    }

    #[test]
    fn test_reservation_release() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        let reservation = guard.reserve(500_000).unwrap();
        reservation.release();

        assert_eq!(guard.reserved_memory(), 0);
        assert_eq!(guard.current_memory(), 0);
    }

    #[test]
    fn test_max_safe_elements() {
        let guard = ResourceGuard::with_max_memory(1_000_000);

        // With 30% safety margin, can use ~70% = ~700_000 bytes
        // At 100 bytes per element, that's ~7000 elements
        // Allow +/- 1 for floating point rounding
        let max_elements = guard.max_safe_elements(100);
        assert!(
            (6999..=7001).contains(&max_elements),
            "max_elements {} not in range [6999, 7001]",
            max_elements
        );
    }

    #[test]
    fn test_unguarded() {
        let guard = ResourceGuard::unguarded();

        // Should always allow allocation
        assert!(guard.can_allocate(u64::MAX / 2));
    }

    #[test]
    fn test_global_guard() {
        let guard = global_guard();
        assert_eq!(guard.current_memory(), 0);
    }
}