selene-db-graph 1.3.0

In-memory property-graph storage core (ArcSwap + imbl CoW, label/typed indexes, write funnel) for selene-db.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181

//! Generic rkyv/postcard section codec plumbing shared by the `CORE/*` snapshot
//! encoders and decoders.
//!
//! Split out of `sections.rs` (700-LOC cap): the section-specific encode/decode
//! functions live in the parent module; the cap check, the rkyv (snapshot) and
//! postcard (property-blob) round-trip wrappers, and the row-ordering /
//! id-uniqueness validators that every positional section reuses live here.

use std::sync::Arc;

use selene_core::PropertyMap;
use selene_persist::MAX_SECTION_PAYLOAD_BYTES;

use crate::core_provider::{inconsistent, invalid_payload, serialization_failed};

/// Reject a section payload that exceeds the per-section byte cap.
pub(in crate::core_provider) fn ensure_section_within_cap(
    section: &'static str,
    len: usize,
) -> Result<(), crate::ProviderError> {
    if len > MAX_SECTION_PAYLOAD_BYTES {
        return Err(inconsistent(format!(
            "{section} core section exceeds 1 GiB cap; multi-section split is a future v1.x hardening"
        )));
    }
    Ok(())
}

/// Encode `value` to an rkyv section payload, enforcing the byte cap.
pub(in crate::core_provider::sections) fn encode_rkyv<T>(
    value: &T,
    section: &'static str,
) -> Result<Vec<u8>, crate::ProviderError>
where
    T: for<'a> rkyv::Serialize<
            rkyv::api::high::HighSerializer<
                rkyv::util::AlignedVec,
                rkyv::ser::allocator::ArenaHandle<'a>,
                rkyv::rancor::Error,
            >,
        >,
{
    let bytes = rkyv::to_bytes::<rkyv::rancor::Error>(value)
        .map_err(|error| serialization_failed(format!("{section} rkyv encode failed: {error}")))?
        .into_vec();
    ensure_section_within_cap(section, bytes.len())?;
    Ok(bytes)
}

/// Decode (bytecheck + deserialize) an rkyv section payload, enforcing the cap.
pub(in crate::core_provider::sections) fn decode_rkyv<T>(
    bytes: &[u8],
    section: &'static str,
) -> Result<T, crate::ProviderError>
where
    T: rkyv::Archive,
    T::Archived: for<'a> rkyv::bytecheck::CheckBytes<rkyv::api::high::HighValidator<'a, rkyv::rancor::Error>>
        + rkyv::Deserialize<T, rkyv::api::high::HighDeserializer<rkyv::rancor::Error>>,
{
    ensure_section_within_cap(section, bytes.len())?;
    rkyv::from_bytes::<T, rkyv::rancor::Error>(bytes).map_err(|error| {
        invalid_payload(format!("{section} rkyv bytecheck/decode failed: {error}"))
    })
}

/// Encode a property map to a postcard blob (the per-row property column form).
pub(in crate::core_provider::sections) fn encode_properties_blob(
    properties: &PropertyMap,
    section: &'static str,
) -> Result<Arc<[u8]>, crate::ProviderError> {
    let bytes = postcard::to_stdvec(properties).map_err(|error| {
        serialization_failed(format!(
            "{section} property postcard encode failed: {error}"
        ))
    })?;
    Ok(Arc::from(bytes.into_boxed_slice()))
}

/// Decode a per-row property postcard blob.
pub(in crate::core_provider::sections) fn decode_properties_blob(
    bytes: &[u8],
    section: &'static str,
) -> Result<PropertyMap, crate::ProviderError> {
    postcard::from_bytes(bytes).map_err(|error| {
        invalid_payload(format!(
            "{section} property postcard decode failed: {error}"
        ))
    })
}

/// Validate that rows in a key-sorted section are strictly ascending and unique.
pub(in crate::core_provider::sections) fn validate_sorted_unique<K, V>(
    rows: &[(K, V)],
    section: &'static str,
) -> Result<(), crate::ProviderError>
where
    K: Ord + std::fmt::Debug,
{
    for pair in rows.windows(2) {
        if pair[0].0 >= pair[1].0 {
            return Err(invalid_payload(format!(
                "{section} rows must be strictly sorted by key with no duplicates; observed {:?} then {:?}",
                pair[0].0, pair[1].0
            )));
        }
    }
    Ok(())
}

/// Validate that every *non-tombstone* id in a positional row section is unique.
///
/// BRIEF-Item-4a STEP 9: the `CORE/NODE` and `CORE/EDGE` sections are positional
/// (row order = section order) and store the explicit external id per row, so
/// they are NOT sorted by id — a 4b-compacted snapshot may store ids in any
/// order. Aborted-tx hole rows all carry the type's `TOMBSTONE` sentinel and are
/// exempt from the uniqueness check (many holes share it). Every committed id
/// must still appear at most once; a duplicate is a corrupt snapshot.
pub(in crate::core_provider::sections) fn validate_ids_unique<K, V>(
    rows: &[(K, V)],
    tombstone: K,
    section: &'static str,
) -> Result<(), crate::ProviderError>
where
    K: Copy + Eq + std::hash::Hash + std::fmt::Debug,
{
    // `HashSet::new()` (not `with_capacity(rows.len())`): the row count comes
    // from a decoded section whose length is only byte-capped, so pre-sizing
    // would let a crafted file force an oversized up-front allocation. The set
    // grows organically as real (non-tombstone) ids are inserted.
    let mut seen = std::collections::HashSet::new();
    for (id, _) in rows {
        if *id == tombstone {
            continue;
        }
        if !seen.insert(*id) {
            return Err(invalid_payload(format!(
                "{section} rows must have unique non-tombstone ids; observed duplicate {id:?}"
            )));
        }
    }
    Ok(())
}

#[cfg(test)]
mod validate_ids_unique_tests {
    use super::validate_ids_unique;
    use selene_core::NodeId;

    // BRIEF-Item-4a STEP 9: the two contract branches the positional format
    // introduces — duplicate-real-id rejection and many-holes-exempt — under
    // direct test (the round-trip tests only cover them incidentally).

    #[test]
    fn rejects_duplicate_non_tombstone_id() {
        let rows = [
            (NodeId::new(5), ()),
            (NodeId::TOMBSTONE, ()),
            (NodeId::new(5), ()),
        ];
        let err = validate_ids_unique(&rows, NodeId::TOMBSTONE, "CORE/NODE")
            .expect_err("a duplicate committed id is a corrupt snapshot");
        assert!(
            format!("{err}").contains("unique non-tombstone"),
            "unexpected error: {err}"
        );
    }

    #[test]
    fn allows_multiple_tombstone_hole_rows() {
        // Aborted-tx hole rows all share the sentinel and are exempt; only the
        // real ids between them must be unique.
        let rows = [
            (NodeId::new(1), ()),
            (NodeId::TOMBSTONE, ()),
            (NodeId::TOMBSTONE, ()),
            (NodeId::new(2), ()),
        ];
        validate_ids_unique(&rows, NodeId::TOMBSTONE, "CORE/NODE")
            .expect("multiple tombstone hole rows are valid");
    }
}