TDBIN Reader Roadmap

TDBIN Future Reader Specification

Status: NOT IMPLEMENTED; highest-priority Rust performance track after v1 wire-conformance blockers. The structural verifier prerequisite exists, but current decode still eagerly materializes ADTs. Depends on: tdbin-wire-format.md, tdbin-rust-api.md, and the implementation audit.

Scope

[TDBIN-FUTURE-READER] adds generated verify-once views for Rust ADTs. An unpacked message is structurally verified once, then typed accessors borrow scalars and payload slices directly from the verified body. This implements the research path that the current materializing reader stops short of.

Packed bytes cannot be borrowed as random-access words. Packed-framed input MUST first unpack into one bounded owned arena; views then borrow that arena. The API and benchmarks MUST distinguish this owned-unpack cost from true zero-copy access to bare or unpacked-framed bodies.

API shape

The implementation may refine names, but it MUST preserve these ownership boundaries:

pub struct VerifiedMessage<'wire> { /* verified borrowed word body */ }
pub struct VerifiedPackedMessage { /* bounded owned unpack arena */ }
pub trait View<'wire>: Sized {
    fn from_verified(message: &'wire VerifiedMessage<'wire>) -> Result<Self, DecodeError>;
}

Requirements

Implementation stages

  1. Split frame parsing/unpacking from structural verification and return a proof-bearing verified body without changing wire bytes.
  2. Generate borrowed views for scalars, strings/bytes, child records, and struct-unions; implement materialization through those views to prevent two decoding rule sets.
  3. Add borrowed bit/raw-word/pointer/composite-list views and zero-stride list handling.
  4. Add the owned packed wrapper and expose unpack, verify, and traversal timing separately in benchmarks.
  5. Profile the production corpus. Consider a fused packed traversal only if the retained profile shows it beats the bounded arena design.

Acceptance