Struct DualCommitStore 

pub struct DualCommitStore {
    pub slot0: Option<CommittedGenerationBytes>,
    pub slot1: Option<CommittedGenerationBytes>,
}

DualCommitStore

Dual-slot protected commit protocol for encoded ledger generations.

Writers stage a complete generation record into the inactive slot. Readers recover by selecting the highest-generation valid slot. A torn or partial write cannot become authoritative unless its marker and checksum validate.

The checksum is for torn-write and accidental-corruption detection only. It is not a cryptographic hash and does not provide adversarial tamper resistance.

Fields

slot0: Option<CommittedGenerationBytes>

First physical commit slot.

slot1: Option<CommittedGenerationBytes>

Second physical commit slot.

Implementations

impl DualCommitStore

pub const fn is_uninitialized(&self) -> bool

Return true when no commit slot has ever been written.

pub fn authoritative( &self, ) -> Result<&CommittedGenerationBytes, CommitRecoveryError>

Return the highest-generation valid committed record.

pub fn diagnostic(&self) -> CommitStoreDiagnostic

Build a read-only recovery diagnostic for the protected commit slots.

pub fn commit_payload( &mut self, payload: Vec<u8>, ) -> Result<&CommittedGenerationBytes, CommitRecoveryError>

Commit a new payload to the inactive slot.

The returned store models the post-write physical state. If a real substrate traps before the inactive slot is fully written, the prior valid slot remains authoritative under authoritative.

pub fn commit_payload_at_generation( &mut self, generation: u64, payload: Vec<u8>, ) -> Result<&CommittedGenerationBytes, CommitRecoveryError>

Commit payload as an explicitly numbered physical generation.

This is the preferred API for logical ledger commits: the physical slot generation is taken from the logical ledger generation and checked against the recovered physical predecessor.

pub fn write_corrupt_inactive_slot(&mut self, generation: u64, payload: Vec<u8>)

Simulate a torn write into the inactive slot.

This helper is intentionally part of the model because recovery behavior is an ABI requirement, not an implementation detail.

Trait Implementations

impl Clone for DualCommitStore

fn clone(&self) -> DualCommitStore

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for DualCommitStore

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for DualCommitStore

fn default() -> DualCommitStore

Returns the “default value” for a type.

impl<'de> Deserialize<'de> for DualCommitStore

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl DualProtectedCommitStore for DualCommitStore

type Slot = CommittedGenerationBytes

Protected slot record type.

fn slot0(&self) -> Option<&Self::Slot>

Borrow the first physical slot.

fn slot1(&self) -> Option<&Self::Slot>

Borrow the second physical slot.

fn is_uninitialized(&self) -> bool

Return true when no commit slot has ever been written.

fn authoritative_slot( &self, ) -> Result<AuthoritativeSlot<'_, Self::Slot>, CommitRecoveryError>

Return the highest-generation valid physical slot.

fn inactive_slot_index(&self) -> CommitSlotIndex

Return the slot that should receive the next staged generation write.

impl PartialEq for DualCommitStore

fn eq(&self, other: &DualCommitStore) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for DualCommitStore

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Eq for DualCommitStore

impl StructuralPartialEq for DualCommitStore