sdk: typed prerun/postrun hooks

Introduce typed C++ wrappers for the per-statement lifecycle hooks
(prerun and postrun). Extension authors no longer touch raw ABI
structs to write these hooks; only the typed signatures are accepted.

Why
---
Extension authors writing prerun/postrun previously had to:

  void my_prerun(vef_context_t *, vef_prerun_args_t *args,
                 vef_prerun_result_t *result) {
    if (args->arg_count == 0) {
      result->type = VEF_RESULT_ERROR;
      snprintf(result->error_msg, VEF_MAX_ERROR_LEN, "...");
      return;
    }
    result->result_buffer_size = N;
    result->user_data = new MyState{};
  }

Two problems: raw ABI in the user-facing API (against the SDK's
direction; see #548) and bespoke error-reporting plumbing.

After this PR:

  void my_prerun(vsql::PrerunArgs args, vsql::PrerunResult out) {
    if (args.size() == 0) {
      out.error("at least one argument required");
      return;
    }
    out.request_buffer_size(N);
    out.set_user_data(new MyState{});
  }

  void my_postrun(vsql::PostrunArgs args) {
    args.delete_state<MyState>();
  }

  void my_vdf(MyState &state, IntResult out) { ... }

State lifetime stays explicit in this PR: prerun stashes the pointer,
postrun frees it. A follow-up will add auto-cleanup (see "Not in this
PR" below).

Where to start reviewing
------------------------
Read the layers in this order:

1. villagesql/sdk/include/villagesql/vsql/pre_post_run.h
   New public types: PrerunArgs, PrerunArgType, PrerunResult,
   PostrunArgs. This is what extension authors see.

2. villagesql/examples/vsql-simple/src/extension.cc
   The ba_call_index demo: set_user_data in prerun, mutable State&
   in the VDF, delete_state in postrun.

3. mysql-test/suite/villagesql/extension/t/extension_simple_type_usage.test
   What it looks like at the SQL surface.

4. villagesql/sdk/include/villagesql/extension.h
   Refreshed user-facing docs for the typed hook shape.

The remaining file is SDK plumbing:

5. villagesql/sdk/include/villagesql/vsql/func_builder.h
   - .prerun<>() / .postrun<>() are typed-only; static_assert
     rejects raw vef_prerun_func_t / vef_postrun_func_t.
   - WrapperTypedState / WrapperVoidState dispatch on the first
     param of the VDF: State& / const State& / void* selects how
     user_data is forwarded.
   - typed_prerun_thunk / typed_postrun_thunk adapt the user's
     typed signature to the raw ABI shape the server invokes.

Not in this PR
--------------
- Auto-cleanup for SDK-allocated state. Requires an ABI side channel
  (e.g. a user_data_deleter slot on vef_prerun_result_t) so the SDK
  can register a destructor independent of the user_data pointer
  that extensions also use for raw/custom allocations. Marked
  TODO(villagesql-beta) in pre_post_run.h.
- A `.state<T>()` builder that records State at the template level
  and routes typed signatures of the form `void(T&, ...)`. Will land
  with the auto-cleanup mechanism above.
- Typed VarArgs/AnyArg wrappers for varargs VDFs (the other raw-ABI
  place in extension code, only reached via PR #254).
- vef_postrun_result_t is empty in the ABI today, so there is no
  PostrunResult wrapper. Will add when the struct grows.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: dbentley-vsql

villagesql/examples/vsql-simple/src/extension.cc

@@ -113,24 +113,27 @@ void odd_chars(CustomArg in, CustomResult out) {
 }
 
 // BA_CALL_INDEX: return the 1-based index of this call within the current
-// statement. Demonstrates the typed prerun + State& pattern: prerun
-// allocates a counter via emplace_state<T> and each row reads-and-
-// increments. No postrun needed — the SDK's installed deleter frees the
-// CallCounter after the last row.
+// statement. Demonstrates the typed prerun/postrun + State& pattern: prerun
+// allocates a counter, each row reads-and-increments via the VDF's State&
+// first parameter, and postrun frees.
 
 struct CallCounter {
   long long n = 0;
 };
 
 void ba_call_index_prerun(PrerunArgs, PrerunResult out) {
-  out.emplace_state<CallCounter>();
+  out.set_user_data(new CallCounter{});
 }
 
 void ba_call_index(CallCounter &state, IntResult out) {
   state.n++;
   out.set(state.n);
 }
 
+void ba_call_index_postrun(PostrunArgs args) {
+  args.delete_state<CallCounter>();
+}
+
 // BA_CONCAT: concatenate two bytearrays (returns STRING with 16 bytes)
 void ba_concat(CustomArg a, CustomArg b, StringResult out) {
   if (a.is_null() || b.is_null()) {
@@ -176,4 +179,5 @@ VEF_GENERATE_ENTRY_POINTS(make_extension()
                               .func(make_func<&ba_call_index>("ba_call_index")
                                         .returns(INT)
                                         .prerun<&ba_call_index_prerun>()
+                                        .postrun<&ba_call_index_postrun>()
                                         .build()))

villagesql/sdk/include/villagesql/abi/types.h

@@ -519,16 +519,6 @@ typedef struct {
   // Extension-allocated state. Set this to pass data to vdf and postrun.
   // Caller initializes to NULL.
   void *user_data;
-
-  // Optional SDK-managed deleter for user_data. If non-NULL, the server
-  // calls user_data_deleter(user_data) after the postrun returns (or after
-  // the last vdf call, if no postrun was registered). Used by the C++ SDK's
-  // PrerunResult::emplace_state<T> to install typed_delete<T> so extensions
-  // do not have to write a postrun just to free state.
-  //
-  // Raw C ABI users typically leave this NULL and free user_data themselves
-  // in their postrun.
-  void (*user_data_deleter)(void *user_data);
 } vef_prerun_result_t;
 
 typedef void (*vef_prerun_func_t)(vef_context_t *ctx, vef_prerun_args_t *args,

villagesql/sdk/include/villagesql/extension.h

@@ -120,11 +120,12 @@
 //
 //   void my_prerun(vsql::PrerunArgs args, vsql::PrerunResult out) {
 //     // validate args.type_at(i), call out.error(...) on failure,
-//     // out.emplace_state<MyState>(...) for per-statement state, etc.
+//     // request a larger result buffer with out.request_buffer_size(N),
+//     // and/or stash per-statement state with out.set_user_data(...).
 //   }
 //   void my_postrun(vsql::PostrunArgs args) {
-//     // optional; only needed if you used set_user_data with a non-C++
-//     // allocator. emplace_state<T> is auto-freed by the SDK.
+//     // pair with prerun's set_user_data to free state, e.g.
+//     // args.delete_state<MyState>().
 //   }
 //
 //   make_func<&my_impl>("my_func")

villagesql/sdk/include/villagesql/vsql/pre_post_run.h

@@ -29,50 +29,33 @@
 // compile time. Extensions that need to drop to the raw ABI for these
 // hooks would have to skip the vsql builder entirely.
 //
-// State lifetime:
-//   emplace_state<T>(args...)  — SDK-owned. The SDK installs a deleter via
-//                                vef_prerun_result_t::user_data_deleter and
-//                                the server calls it after the user's
-//                                postrun. No leak even if the extension
-//                                does not write a postrun.
-//   set_user_data(void *)      — caller-owned. The SDK does not install a
-//                                deleter; the extension is responsible for
-//                                freeing in its own postrun.
+// State lifetime is explicit: if prerun stores a pointer via set_user_data,
+// postrun is responsible for freeing it. PostrunArgs::delete_state<T>() is
+// the typed convenience for the common case of `new T{}` + `delete`.
 //
 // vef_postrun_result_t is currently empty in the ABI, so there is no
 // PostrunResult wrapper. If/when the result struct gains fields, a typed
 // wrapper class will be added and the postrun signature will become
 // `void(PostrunArgs, PostrunResult)`.
 //
-// TODO(villagesql-beta): add a `.state<T>()` builder method on FuncBuilder
-// that records the State type at the template level, auto-installs the
-// prerun (default-constructed T) and routes typed prerun/postrun/VDF
-// signatures of the form `void(T&, ...)`. Once this lands, the explicit
-// emplace_state<T>/state<T>/delete_state<T> pattern becomes optional sugar.
+// TODO(villagesql-beta): add a typed-state mechanism (working name
+// `.state<T>()` on FuncBuilder) so extensions can declare a per-statement
+// state type and have the SDK manage its lifetime automatically — no
+// matched prerun/postrun pair required just to free state. The shape is
+// blocked on adding an ABI side channel (e.g. a user_data_deleter slot on
+// vef_prerun_result_t) so the SDK can register the destructor without
+// reserving the user_data pointer slot for SDK use.
 
 #include <cstddef>
 #include <cstring>
 #include <optional>
 #include <string_view>
-#include <type_traits>
 #include <utility>
 
 #include <villagesql/abi/types.h>
 
 namespace vsql {
 
-namespace detail {
-
-// Type-erased deleter installed by PrerunResult::emplace_state<T>. Stored in
-// vef_prerun_result_t::user_data_deleter so the server can free the
-// SDK-owned state without knowing T.
-template <typename T>
-inline void typed_delete(void *p) {
-  delete static_cast<T *>(p);
-}
-
-}  // namespace detail
-
 // =============================================================================
 // Prerun
 // =============================================================================
@@ -129,37 +112,10 @@ class PrerunResult {
  public:
   explicit PrerunResult(vef_prerun_result_t *r) : r_(r) {}
 
-  // Heap-allocate a T as the per-statement state, accessible from the VDF
-  // and postrun via PostrunArgs::state<T>() (or as a `T&` first param on the
-  // VDF/postrun). The SDK installs a deleter via the ABI's
-  // user_data_deleter slot, so the server frees the T automatically after
-  // postrun — no postrun is required just to clean up state.
-  //
-  // Allocator boundary: both the `new T` here and the matching `delete` in
-  // the SDK-installed deleter run inside the extension's .so via the
-  // extension's allocator. The server only invokes the deleter through a
-  // function pointer; it never touches extension-heap memory directly. So
-  // it is safe for the extension to link a different malloc/free than
-  // mysqld.
-  //
-  // For non-C++ allocations (malloc/arena/pool) or polymorphic state, use
-  // set_user_data instead and own the lifetime yourself.
-  template <typename T, typename... Args>
-  T *emplace_state(Args &&...args) {
-    static_assert(!std::is_pointer_v<T>,
-                  "emplace_state<T> allocates a T on the heap. To store an "
-                  "existing pointer in user_data, call set_user_data(p) "
-                  "instead.");
-    auto *p = new T(std::forward<Args>(args)...);
-    r_->user_data = p;
-    r_->user_data_deleter = &detail::typed_delete<T>;
-    return p;
-  }
-
-  // Stash an arbitrary void* the extension owns. Use this for non-C++
-  // allocations (malloc/arena/pool), polymorphic state, or anything that
-  // doesn't fit the typed emplace_state pattern. Postrun reads back via
-  // PostrunArgs::user_data().
+  // Stash a pointer the extension owns. The VDF and postrun read it back
+  // via PostrunArgs::user_data() or PostrunArgs::state<T>(). The SDK does
+  // not free anything stashed here; pair this with a postrun that calls
+  // PostrunArgs::delete_state<T>() (or free()) on the same pointer.
   void set_user_data(void *p) { r_->user_data = p; }
 
   // Request that the per-row result buffer be at least n bytes. The server
@@ -188,22 +144,20 @@ class PostrunArgs {
  public:
   explicit PostrunArgs(const vef_postrun_args_t *a) : a_(a) {}
 
-  // Read the raw user_data slot. Use this when prerun set it via
-  // set_user_data (raw / non-C++ allocation).
+  // Read the raw user_data slot — whatever prerun stored via set_user_data.
+  // Use this for non-C++ allocations (malloc/arena/pool) or anything that
+  // doesn't fit a single typed T.
   void *user_data() const { return a_->user_data; }
 
-  // Convenience: cast user_data to a T*. Use this when prerun set it via
-  // emplace_state<T>().
+  // Convenience: static_cast user_data to a T*. Pair with prerun's
+  // set_user_data(new T{...}).
   template <typename T>
   T *state() const {
     return static_cast<T *>(a_->user_data);
   }
 
-  // Convenience: `delete state<T>()` in one call. Use this only when prerun
-  // called set_user_data with a heap-allocated T and you want a typed free.
-  // Do NOT call this if prerun used emplace_state<T> — the SDK already
-  // frees the state via the installed deleter, and calling delete_state
-  // would be a double-free.
+  // Convenience: `delete state<T>()` in one call. Pair with prerun's
+  // set_user_data(new T{...}).
   template <typename T>
   void delete_state() const {
     delete state<T>();

villagesql/vdf/vdf_handler.cc

@@ -195,26 +195,18 @@ bool vdf_handler::fix_fields(THD *thd [[maybe_unused]],
     prerun_result.error_msg = error_msg;
     prerun_result.result_buffer_size = 0;
     prerun_result.user_data = nullptr;
-    prerun_result.user_data_deleter = nullptr;
 
     m_udf->vdf_func_desc->prerun(&m_context, &prerun_args, &prerun_result);
 
     if (prerun_result.type == VEF_RESULT_WARNING ||
         prerun_result.type == VEF_RESULT_ERROR) {
-      // Prerun reported failure. If it had already installed user_data and a
-      // deleter (e.g. allocation succeeded but a later validation failed),
-      // honor the deleter so we don't leak before propagating the error.
-      if (prerun_result.user_data_deleter != nullptr) {
-        prerun_result.user_data_deleter(prerun_result.user_data);
-      }
       my_error(ER_CANT_INITIALIZE_UDF, MYF(0), m_udf->name.str,
                error_msg[0] ? error_msg : "prerun failed");
       return true;
     }
 
     // Store user_data for subsequent calls
     m_vdf_args.user_data = prerun_result.user_data;
-    m_user_data_deleter = prerun_result.user_data_deleter;
 
     // Handle buffer size request
     if (prerun_result.result_buffer_size > m_result_buffer_size) {
@@ -274,21 +266,12 @@ void vdf_handler::accumulate(bool *null_value) {
 }
 
 void vdf_handler::cleanup() {
-  if (m_active) {
-    // Run the user's postrun first so it can inspect state before we free it.
-    if (m_udf->vdf_func_desc->postrun) {
-      vef_postrun_args_t postrun_args{};
-      postrun_args.user_data = m_vdf_args.user_data;
-      vef_postrun_result_t postrun_result{};
-      m_udf->vdf_func_desc->postrun(&m_context, &postrun_args, &postrun_result);
-    }
-    // SDK-installed deleter (from PrerunResult::emplace_state<T>) frees the
-    // typed state without requiring the extension to write a postrun.
-    if (m_user_data_deleter != nullptr) {
-      m_user_data_deleter(m_vdf_args.user_data);
-      m_user_data_deleter = nullptr;
-      m_vdf_args.user_data = nullptr;
-    }
+  // Call postrun if VDF was active and postrun exists
+  if (m_active && m_udf->vdf_func_desc->postrun) {
+    vef_postrun_args_t postrun_args{};
+    postrun_args.user_data = m_vdf_args.user_data;
+    vef_postrun_result_t postrun_result{};
+    m_udf->vdf_func_desc->postrun(&m_context, &postrun_args, &postrun_result);
   }
   m_active = false;
 }

villagesql/vdf/vdf_handler.h

@@ -74,9 +74,6 @@ class vdf_handler {
   size_t m_result_buffer_size{0};
   char *m_error_msg{nullptr};
   bool m_active{false};
-  // Optional SDK-managed deleter for m_vdf_args.user_data, captured from
-  // prerun_result.user_data_deleter and invoked after postrun in cleanup().
-  void (*m_user_data_deleter)(void *){nullptr};
   const villagesql::TypeContext *m_return_type_context{nullptr};
 
   // Marshal arguments into m_invalues array based on declared parameter types