Fix: two ring-buffer allocator defects in pto_ring_buffer.h

Bug 1 — Heap wrap-around: change strict `>` to `>=` in try_bump_heap.
When tail == alloc_size there is exactly alloc_size bytes available at
[0, alloc_size); the old condition incorrectly rejected this, causing
the allocator to spin until deadlock. Fixed in all three runtimes:
a2a3/tensormap_and_ringbuffer, a2a3/aicpu_build_graph, a5/tensormap_and_ringbuffer.

Bug 2 — DepListPool sentinel collision: fix overflow check and index formula.
`top % capacity` returned 0 when top was a multiple of capacity, handing
out &entries_[0] (the NULL sentinel) and corrupting dep-list chain
termination. Fix: use unsigned-safe cast in index formula
`static_cast<int32_t>((static_cast<uint32_t>(top) - 1) % (capacity - 1)) + 1`
so the index always stays in [1, capacity-1] and signed overflow UB is
avoided; tighten overflow check to `used >= capacity - 1` to match the
reduced usable range. Applied to all three runtimes.

Additionally:
- Add copyright headers to the three pto_ring_buffer.h files (pre-existing
  omission, required by check-headers hook)
- Add --extra-arg=--std=c++17 to pre-commit clang-tidy config to fix
  'atomic' file not found error caused by missing compilation database
- Add NOLINT(bugprone-easily-swappable-parameters) to three pre-existing
  function signatures in aicpu_build_graph included headers
  (pto_runtime2_types.h, pto_submit_types.h, tensor.h)
- Apply clang-format to all modified files

Fixes #429

Author: chenshengxin2026

src/a2a3/runtime/aicpu_build_graph/runtime/pto_ring_buffer.h

@@ -46,7 +46,7 @@ struct PTO2SchedulerState;  // Forward declaration for dep_pool reclaim
 
 // Set to 1 to enable periodic BLOCKED/Unblocked messages during spin-wait.
 #ifndef PTO2_SPIN_VERBOSE_LOGGING
-#define PTO2_SPIN_VERBOSE_LOGGING 1
+#    define PTO2_SPIN_VERBOSE_LOGGING 1
 #endif
 
 // Block notification interval (in spin counts)
@@ -217,7 +217,7 @@ struct PTO2HeapRing {
                 if (space_at_end >= alloc_size) {
                     new_top = top + alloc_size;
                     result = (char *)base + top;
-                } else if (tail > alloc_size) {
+                } else if (tail >= alloc_size) {
                     // Wrap to beginning
                     new_top = alloc_size;
                     result = base;
@@ -545,7 +545,7 @@ struct PTO2DepListPool {
      */
     PTO2DepListEntry *alloc() {
         int32_t used = top - tail;
-        if (used >= capacity) {
+        if (used >= capacity - 1) {
             LOG_ERROR("========================================");
             LOG_ERROR("FATAL: Dependency Pool Overflow!");
             LOG_ERROR("========================================");
@@ -563,7 +563,7 @@ struct PTO2DepListPool {
             }
             return nullptr;
         }
-        int32_t idx = top % capacity;
+        int32_t idx = static_cast<int32_t>((static_cast<uint32_t>(top) - 1) % (capacity - 1)) + 1;
         top++;
         used++;
         if (used > high_water) high_water = used;

src/a2a3/runtime/aicpu_build_graph/runtime/pto_runtime2_types.h

@@ -39,23 +39,23 @@
 // =============================================================================
 
 #ifndef PTO2_PROFILING
-#define PTO2_PROFILING 1
+#    define PTO2_PROFILING 1
 #endif
 
 #ifndef PTO2_ORCH_PROFILING
-#define PTO2_ORCH_PROFILING 0
+#    define PTO2_ORCH_PROFILING 0
 #endif
 
 #ifndef PTO2_SCHED_PROFILING
-#define PTO2_SCHED_PROFILING 0
+#    define PTO2_SCHED_PROFILING 0
 #endif
 
 #if PTO2_ORCH_PROFILING && !PTO2_PROFILING
-#error "PTO2_ORCH_PROFILING requires PTO2_PROFILING=1"
+#    error "PTO2_ORCH_PROFILING requires PTO2_PROFILING=1"
 #endif
 
 #if PTO2_SCHED_PROFILING && !PTO2_PROFILING
-#error "PTO2_SCHED_PROFILING requires PTO2_PROFILING=1"
+#    error "PTO2_SCHED_PROFILING requires PTO2_PROFILING=1"
 #endif
 
 // =============================================================================
@@ -135,7 +135,8 @@ struct PTO2TaskId {
 
 static_assert(sizeof(PTO2TaskId) == 8, "PTO2TaskId must stay 8 bytes (shared memory ABI)");
 
-static inline PTO2TaskId pto2_make_task_id(uint8_t ring_id, uint32_t local_id) {
+static inline PTO2TaskId
+pto2_make_task_id(uint8_t ring_id, uint32_t local_id) {  // NOLINT(bugprone-easily-swappable-parameters)
     return PTO2TaskId{(static_cast<uint64_t>(ring_id) << 32) | static_cast<uint64_t>(local_id)};
 }
 
@@ -347,11 +348,11 @@ typedef void (*PTO2InCoreFunc)(void **args, int32_t num_args);
  * Memory barrier macros for different architectures
  */
 #if defined(__aarch64__)
-#define PTO2_MEMORY_BARRIER() __asm__ __volatile__("dmb sy" ::: "memory")
+#    define PTO2_MEMORY_BARRIER() __asm__ __volatile__("dmb sy" ::: "memory")
 #elif defined(__x86_64__)
-#define PTO2_MEMORY_BARRIER() __asm__ __volatile__("mfence" ::: "memory")
+#    define PTO2_MEMORY_BARRIER() __asm__ __volatile__("mfence" ::: "memory")
 #else
-#define PTO2_MEMORY_BARRIER() __sync_synchronize()
+#    define PTO2_MEMORY_BARRIER() __sync_synchronize()
 #endif
 
 // Spin-wait hint for AICPU threads.  On real hardware the AICPU has dedicated
@@ -360,9 +361,9 @@ typedef void (*PTO2InCoreFunc)(void **args, int32_t num_args);
 // This header is also compiled into the Host .so (for struct definitions only),
 // where the hint is never called — the fallback no-op keeps Host builds clean.
 #if __has_include("spin_hint.h")
-#include "spin_hint.h"  // NOLINT(build/include_subdir)
+#    include "spin_hint.h"  // NOLINT(build/include_subdir)
 #else
-#define SPIN_WAIT_HINT() ((void)0)
+#    define SPIN_WAIT_HINT() ((void)0)
 #endif
 
 // =============================================================================
@@ -378,7 +379,7 @@ typedef void (*PTO2InCoreFunc)(void **args, int32_t num_args);
 // =============================================================================
 
 #if PTO2_ORCH_PROFILING || PTO2_SCHED_PROFILING
-#include "aicpu/device_time.h"
+#    include "aicpu/device_time.h"
 #endif
 
 #if PTO2_ORCH_PROFILING || PTO2_SCHED_PROFILING

src/a2a3/runtime/aicpu_build_graph/runtime/pto_submit_types.h

@@ -46,7 +46,8 @@ inline constexpr uint8_t PTO2_SUBTASK_MASK_AIV1 = (1u << 2);  // 0x4
 /**
  * Test whether a subtask slot is active in a given mask
  */
-static inline bool pto2_subtask_active(uint8_t mask, PTO2SubtaskSlot slot) {
+static inline bool
+pto2_subtask_active(uint8_t mask, PTO2SubtaskSlot slot) {  // NOLINT(bugprone-easily-swappable-parameters)
     return (mask & (1u << static_cast<uint8_t>(slot))) != 0;
 }
 

src/a2a3/runtime/tensormap_and_ringbuffer/runtime/pto_ring_buffer.h

@@ -39,7 +39,7 @@ struct PTO2SchedulerState;  // Forward declaration for dep_pool reclaim
 
 // Set to 1 to enable periodic BLOCKED/Unblocked messages during spin-wait.
 #ifndef PTO2_SPIN_VERBOSE_LOGGING
-#define PTO2_SPIN_VERBOSE_LOGGING 1
+#    define PTO2_SPIN_VERBOSE_LOGGING 1
 #endif
 
 // Block notification interval (in spin counts)
@@ -272,7 +272,7 @@ class PTO2TaskAllocator {
             if (space_at_end >= alloc_size) {
                 result = static_cast<char *>(heap_base_) + top;
                 heap_top_ = top + alloc_size;
-            } else if (tail > alloc_size) {
+            } else if (tail >= alloc_size) {
                 result = heap_base_;
                 heap_top_ = alloc_size;
             } else {
@@ -426,7 +426,7 @@ struct PTO2DepListPool {
      */
     PTO2DepListEntry *alloc() {
         int32_t used = top - tail;
-        if (used >= capacity) {
+        if (used >= capacity - 1) {
             LOG_ERROR("========================================");
             LOG_ERROR("FATAL: Dependency Pool Overflow!");
             LOG_ERROR("========================================");
@@ -444,7 +444,7 @@ struct PTO2DepListPool {
             }
             return nullptr;
         }
-        int32_t idx = top % capacity;
+        int32_t idx = static_cast<int32_t>((static_cast<uint32_t>(top) - 1) % (capacity - 1)) + 1;
         top++;
         used++;
         if (used > high_water) high_water = used;

src/a5/runtime/tensormap_and_ringbuffer/runtime/pto_ring_buffer.h

@@ -39,7 +39,7 @@ struct PTO2SchedulerState;  // Forward declaration for dep_pool reclaim
 
 // Set to 1 to enable periodic BLOCKED/Unblocked messages during spin-wait.
 #ifndef PTO2_SPIN_VERBOSE_LOGGING
-#define PTO2_SPIN_VERBOSE_LOGGING 1
+#    define PTO2_SPIN_VERBOSE_LOGGING 1
 #endif
 
 // Block notification interval (in spin counts)
@@ -272,7 +272,7 @@ class PTO2TaskAllocator {
             if (space_at_end >= alloc_size) {
                 result = static_cast<char *>(heap_base_) + top;
                 heap_top_ = top + alloc_size;
-            } else if (tail > alloc_size) {
+            } else if (tail >= alloc_size) {
                 result = heap_base_;
                 heap_top_ = alloc_size;
             } else {
@@ -426,7 +426,7 @@ struct PTO2DepListPool {
      */
     PTO2DepListEntry *alloc() {
         int32_t used = top - tail;
-        if (used >= capacity) {
+        if (used >= capacity - 1) {
             LOG_ERROR("========================================");
             LOG_ERROR("FATAL: Dependency Pool Overflow!");
             LOG_ERROR("========================================");
@@ -444,7 +444,7 @@ struct PTO2DepListPool {
             }
             return nullptr;
         }
-        int32_t idx = top % capacity;
+        int32_t idx = static_cast<int32_t>((static_cast<uint32_t>(top) - 1) % (capacity - 1)) + 1;
         top++;
         used++;
         if (used > high_water) high_water = used;