spsc-ringbuf-core 0.1.0

Heapless ring buffer
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379

//! Fixed capacity Single Producer Single Consumer Ringbuffer with no mutex protection.
//! Implementation based on https://www.snellman.net/blog/archive/2016-12-13-ring-buffers/

use core::mem::MaybeUninit;
use core::{cell::Cell, cell::UnsafeCell};

/// Internal Index struct emcapsulating masking and wrapping operations
/// according to size const size N. Note that we deliberately use u32
/// to limit the index to 4 bytes and max supported capacity to 2^31-1
#[derive(Eq, PartialEq)]
pub struct Index<const RANGE: usize> {
    cell: Cell<u32>,
}

#[derive(Debug)]
pub enum ErrCode {
    BufFull,
    BufEmpty,
}

impl<const N: usize> Index<N> {

    const OK: () = assert!(N < (u32::MAX/2) as usize, "Ringbuf capacity must be < u32::MAX/2");

    #[inline(always)]
    pub fn wrap_inc(&self) {

        let n = N as u32;
        // Wrapping increment by 1 first
        let val = self.cell.get().wrapping_add(1);

        // Wrap index between [0, 2*N-1]
        // For power 2 of values, the natural overflow wrap
        // matches the wraparound of N. Hence the manual wrap
        // below is not required for power of 2 N
        if !n.is_power_of_two() && val > 2 * n - 1 {
            // val = val - 2*N
            self.cell.set(val.wrapping_sub(2 * n));
        } else {
            self.cell.set(val);
        }
    }
    
    #[inline(always)]
    pub fn wrap_dist(&self, val: &Index<N>) -> u32 {
        
        let n = N as u32;
        // If N is power of two, just return wrapp_sub(val)
        // If N is not power of two, wrap value between [0, 2*N-1]
        // Assumes current value is in the range of [-2*N, 4*N-1]
        // Not asserting here since we only take Index, which cannot be
        // incremented beyong 2*N-1
        let raw = self.cell.get().wrapping_sub(val.get());
        if !n.is_power_of_two() {
            if (raw as i32) < 0 {
                return raw.wrapping_add(2 * n);
            } else if raw > 2 * n - 1 {
                return raw.wrapping_sub(2 * n);
            }
        }
        raw
    }

    // Mask the value for indexing [0, N-1]
    #[inline(always)]
    pub fn mask(&self) -> u32 {
        let n = N as u32;
        let val = self.cell.get();
        if n.is_power_of_two() {
            val & (n - 1)
        } else if val > n - 1 {
            val - n
        } else {
            val
        }
    }

    #[inline(always)]
    pub fn get(&self) -> u32 {
        self.cell.get()
    }
    
    #[allow(clippy::let_unit_value)]
    #[inline(always)]
    pub const fn new(val: u32) -> Self {
        let _: () = Index::<N>::OK;
        Index {
            cell: Cell::new(val),
        }
    }
}

/// A ring buffer of capacity N holding items of type T.
/// Non power-of-two N is supported but less efficient.
pub struct RingBufRef<T, const N: usize> {
    // this is from where we dequeue items
    rd_idx: Index<N>,
    //  where we enqueue new items
    wr_idx: Index<N>,
    // this is the backend array
    buffer_ucell: [UnsafeCell<MaybeUninit<T>>; N],
}
// Delcare this is thread safe due to the owner protection
// sequence (Producer-> consumer , consumer -> owner)
unsafe impl<T, const N: usize> Sync for RingBufRef<T, N> {}

impl<T, const N: usize> RingBufRef<T, N> {
    // Need to prevent N = 0 instances since the code would compile but crash
    // on the 2*N-1 usize subtracts
    // https://users.rust-lang.org/t/how-do-i-static-assert-a-property-of-a-generic-u32-parameter/76307/2
    const OK: () = assert!(N > 0, "Ringbuf capacity must be larger than 0!");

    const INIT_U: UnsafeCell<MaybeUninit<T>> = UnsafeCell::new(MaybeUninit::uninit());
    pub const INIT_0: RingBufRef<T, N> = Self::new();

    #[allow(clippy::let_unit_value)]
    #[inline]
    pub const fn new() -> Self {
        // This dummy statement evaluates the assert to prevent 0 sized RingBufRef
        // from being compiled.
        let _: () = RingBufRef::<T, N>::OK;
        RingBufRef {
            rd_idx: Index::new(0),
            wr_idx: Index::new(0),
            buffer_ucell: [Self::INIT_U; N],
        }
    }

    #[inline(always)]
    pub fn is_empty(&self) -> bool {
        self.rd_idx == self.wr_idx
    }

    #[inline(always)]
    pub fn len(&self) -> u32 {
        // returns the number of elements between read and write pointer
        // use wrapping sub
        self.wr_idx.wrap_dist(&self.rd_idx)
    }
    #[inline(always)]
    pub fn is_full(&self) -> bool {
        self.len() as usize == N
    }

    #[inline(always)]
    pub fn capacity(&self) -> usize {
        N
    }

    /// Returns the write index location as mutable reference.
    /// The Result<> return enforces handling of return type
    /// I.e. if user does not check for push success, the compiler
    /// generates warnings
    /// Calling stage twice without commit in between results in the same
    /// location written! We could add some protection by remembering this
    /// during alloc but this will incur runtime cost
    #[inline(always)]
    pub fn writer_front(&self) -> Option<&mut T> {
        if !self.is_full() {
            // buffer_ucell contains UnsafeCell<MaybeUninit<T>>
            // UnsafeCell's get is defined as "fn get(&self) -> *mut T"
            let m: *mut MaybeUninit<T> = self.buffer_ucell[self.wr_idx.mask() as usize].get();
            let t: &mut T = unsafe { &mut *(m as *mut T) };
            Some(t)
        } else {
            None
        }
    }
    /// Commit whatever at the write index location by moving the write index
    #[inline(always)]
    pub fn commit(&self) -> Result<(), ErrCode> {
        if !self.is_full() {
            self.wr_idx.wrap_inc();
            Ok(())
        } else {
            Err(ErrCode::BufFull)
        }
    }

    /// Alloc and commit in one step by providing the value T to be written
    /// val's ownership is moved. (Question: it seems if T implements Clone,
    /// compiler copies T)
    #[inline(always)]
    pub fn push(&self, val: T) -> Result<(), ErrCode> {
        if !self.is_full() {
            // buffer_ucell contains UnsafeCell<MaybeUninit<T>>
            // UnsafeCell's get is defined as "fn get(&self) -> *mut T"
            // * (* mut T) deference allows the MaybeUninit.write() to be called to
            // Set the value
            unsafe {
                (*self.buffer_ucell[self.wr_idx.mask() as usize].get()).write(val);
            }
            self.wr_idx.wrap_inc();
            Ok(())
        } else {
            Err(ErrCode::BufFull)
        }
    }
    /// Returns an Option of reference to location at read index
    #[inline(always)]
    pub fn reader_front(&self) -> Option<&T> {
        if self.is_empty() {
            None
        } else {
            let x: *mut MaybeUninit<T> = self.buffer_ucell[self.rd_idx.mask() as usize].get();
            let t: &T = unsafe { &*(x as *const T) };
            Some(t)
        }
    }
    /// Returns an Option of mutable reference to location at read index
    #[inline(always)]
    pub fn reader_front_mut(&self) -> Option<&mut T> {
        if self.is_empty() {
            None
        } else {
            let x: *mut MaybeUninit<T> = self.buffer_ucell[self.rd_idx.mask() as usize].get();
            let t: &mut T = unsafe { &mut *(x as *mut T) };
            Some(t)
        }
    }

    /// Consume the item at rd_idx
    #[inline(always)]
    pub fn pop(&self) -> Result<(), ErrCode> {
        if !self.is_empty() {
            self.rd_idx.wrap_inc();
            Ok(())
        } else {
            Err(ErrCode::BufEmpty)
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    impl<T, const N: usize> RingBufRef<T, N> {
        
        // Test only method for testing wraparound
        // at extremes
        pub fn test_init_wr_rd(&self, val: u32) {
            self.wr_idx.cell.set(val);
            self.rd_idx.cell.set(val);
        }
    }
 
    // Test for static allocation
    // A 4-deep ring buffer
    const CMD_Q_DEPTH: usize = 4;
    pub struct SomeStruct {
        id: u32,
    }
    pub struct Interface {
        cmd_q: RingBufRef<SomeStruct, CMD_Q_DEPTH>,
    }

    // Set up 2 entries of interfaces
    const NUM_INTFS: usize = 2;
    // Init value, suppress the clippy warning for declaring const interior mutable "A “non-constant”
    // const item is a legacy way to supply an initialized value to downstream"
    #[allow(clippy::declare_interior_mutable_const)]
    const INTF_INIT: Interface = Interface {
        cmd_q: RingBufRef::INIT_0,
    };

    // Final instantiation as global
    static SHARED_INTF: [Interface; NUM_INTFS] = [INTF_INIT; NUM_INTFS];

    fn test_operations<const N: usize>(rbufr1: RingBufRef<u32, N>, iter: usize) {

        for i in 0..iter {
            let loc = rbufr1.writer_front();

            if let Some(v) = loc {
                *v = i as u32;
            }
            assert!(rbufr1.commit().is_ok());
            if let Some(v) = rbufr1.reader_front() {
                assert!(*v == i as u32);
                assert!(rbufr1.pop().is_ok());
            }
        }

        assert!(rbufr1.reader_front().is_none());

        for _ in 0..N {
            assert!(rbufr1.writer_front().is_some());
            assert!(rbufr1.commit().is_ok());
        }
        // should fail
        assert!(rbufr1.writer_front().is_none());
        assert!(rbufr1.commit().is_err());

        //println!("wr {} rd {}, len {}",
        //    rbufr1.wr_idx.cell.get(),
        //    rbufr1.rd_idx.cell.get(),
        //    rbufr1.len());

        // pop half
        for _ in 0..N / 2 {
            assert!(rbufr1.pop().is_ok());
        }
        //println!("wr {} rd {}, len {}",
        //    rbufr1.wr_idx.cell.get(),
        //    rbufr1.rd_idx.cell.get(),
        //    rbufr1.len());

        // alloc half
        for _ in 0..N / 2 {
            assert!(rbufr1.writer_front().is_some());
            assert!(rbufr1.commit().is_ok());
        }
    }

    #[test]
    fn validate_size() {
        // 4 bytes of wr_idx, 4 bytes of rd_idx, 16*4 for buffer
        assert!(core::mem::size_of::<RingBufRef<u32, 16>>() == (4 + 4 + 16*4));

        // 4 bytes of wr_idx, 4 bytes of rd_idx, 16*2 for buffer
        assert!(core::mem::size_of::<RingBufRef<u16, 16>>() == (4 + 4 + 16*2));

        // 4 bytes of wr_idx, 4 bytes of rd_idx, 32*1 for buffer
        assert!(core::mem::size_of::<RingBufRef<u8, 32>>() == (4 + 4 + 32));
    }

    #[test]
    fn power_of_two_len() {
        let rbufr1: RingBufRef<u32, 16> = RingBufRef::new();
        test_operations::<16>(rbufr1, 2 * 16 - 1 + 16 / 2);
    }
    #[test]
    fn ping_pong() {
        let rbufr1: RingBufRef<u32, 2> = RingBufRef::new();
        test_operations::<2>(rbufr1, 2 * 2 - 1 + 2 / 2);
    }
    #[test]
    fn single() {
        let rbufr1: RingBufRef<u32, 1> = RingBufRef::new();
        test_operations::<1>(rbufr1, 7);
    }
    #[test]
    fn non_power_of_two_len() {
        let rbufr1: RingBufRef<u32, 15> = RingBufRef::new();
        test_operations::<15>(rbufr1, 2 * 15 - 1 + 15 / 2);
    }
    #[test]
    fn power_of_two_len_wrap() {
        // Test wr and rd near wraparound of u32
        let rbufr1: RingBufRef<u32, {(u16::MAX) as usize + 1}> = RingBufRef::new();
        // Caution - direct initialization must guarantee the value is valid
        // i.e. any value if N is power of 2; 
        // otherwise must be [0, 2*N-1]
        rbufr1.test_init_wr_rd(u32::MAX-2);
        test_operations::<{(u16::MAX) as usize + 1}>(rbufr1, 32768);
    }
    #[test]
    fn static_instance_example() {
        let intf: &'static Interface = &SHARED_INTF[0];

        let alloc_res = intf.cmd_q.writer_front();

        if let Some(cmd) = alloc_res {
            cmd.id = 42;

            assert!(intf.cmd_q.commit().is_ok());
        }

        let cmd = intf.cmd_q.reader_front();

        assert!(cmd.is_some());
        assert!(cmd.unwrap().id == 42);
    }
    //#[test]
    //fn zero_len() {
    //    test_operations::<0>();
    //}
}