Skip to content

test(fact): LS-A-8 regression for inner-list rep_func selection#169

Open
avrabe wants to merge 1 commit into
mainfrom
test/ls-a-8-inner-list-rep-func
Open

test(fact): LS-A-8 regression for inner-list rep_func selection#169
avrabe wants to merge 1 commit into
mainfrom
test/ls-a-8-inner-list-rep-func

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 19, 2026

Summary

The final missing-bucket entry. Drives the LS-N verification gate to 19/19 verified — full coverage.

PR f0e981b fixed the resource_rep_imports.values().next() HashMap-iteration-order bug in analyze_call_site (inner-list borrow rep_func selection) by threading a pre-resolved rep_import: Option<(String, String)> through InnerResource and looking up per-type. The fix landed without a regression test; the LS-N verification gate has been flagging this since #161.

Why this matters

For list<record { x: borrow<A>, y: borrow<B> }>, the pre-fix code picked the same arbitrary rep_func for both A and B handles. Borrow handles of resource A then routed through resource B's rep_func (silent rep-vs-handle confusion across cross-component handle boundary, H-4 / H-4.2, UCA-A-7). Wasm validator accepts (both [resource-rep]X and [resource-rep]Y are (i32) -> i32); divergence only surfaces at downstream runtime execution.

Test approach

Test What it pins
ls_a_8_inner_list_rep_func_selected_by_type_not_iteration_order Adversarial 2-resource fixture, sampled 32× across rebuilt HashMaps (fresh hash seed per sample). If any residual iteration-order dependence leaked, at least one sample would pair wrongly; assertion pins the per-type lookup as deterministic.
ls_a_8_no_rep_import_skips_fixup_rather_than_picking_arbitrary Pre-fix .values().next() fall-back-on-miss would fabricate a fixup pointing at an arbitrary rep_func when the resolver couldn't map the type id. The post-fix path correctly skips with log::warn. This test pins that skip-not-fabricate behaviour.

Gate verdict

State Before After
Verified 18/19 19/19
Missing 1 (LS-A-8) 0
Failed 0 0

Advisory missing-bucket is now empty. Every status: approved LS entry has a passing regression test.

Local test run

running 2 tests
..
test result: ok. 2 passed; 0 failed; 0 ignored; ...

Full lib: 237/237 → 239/239.

End-to-end mythos-auto status

This PR touches meld-core/src/adapter/fact.rs (Tier-5) so the auto-runner fires. Same unzip-missing infra block as PR #166 expected (#167). LS-A-9 test itself was admin-merged via #166; same path likely needed here.

🤖 Generated with Claude Code

@avrabe @claude
test(fact): LS-A-8 regression for inner-list rep_func selection
05fa7e3 
Final missing-bucket entry. Drives the LS-N verification gate to
19/19 verified — full coverage.

For a `list<record { x: borrow<A>, y: borrow<B> }>` (or any list
whose elements carry borrows to multiple distinct resource types),
`analyze_call_site` walks the inner-resources slot and emits a
fixup per slot mapping its byte_offset to the merged-module index
of the right `[resource-rep]` import.

The pre-fix code did `resource_rep_imports.values().next()` —
HashMap iteration order, so the rep_func picked for each slot was
effectively random. Borrow handles of resource A then routed
through resource B's rep_func and vice versa, producing silent
rep-vs-handle confusion across the cross-component handle
boundary (H-4 / H-4.2, UCA-A-7). Wasm validator accepts (both
`[resource-rep]X` and `[resource-rep]Y` are `(i32) -> i32`); the
divergence only surfaces when downstream runtimes execute the
fused module against typed callers.

Two tests:

- `ls_a_8_inner_list_rep_func_selected_by_type_not_iteration_order`
  Adversarial fixture with two InnerResources at distinct
  byte_offsets, each pointing at a different rep_import key.
  Sampled 32× across rebuilt HashMaps (so each sample sees a
  fresh hash seed). If any residual iteration-order dependence
  leaked, at least one sample would pair wrongly; the assertion
  pins the per-type lookup as deterministic.

- `ls_a_8_no_rep_import_skips_fixup_rather_than_picking_arbitrary`
  InnerResource.rep_import = None — the resolver couldn't map the
  type id to an import. Pre-fix `.values().next()` would fall back
  to whatever entry the HashMap iterated first, emitting a fixup
  pointing at the WRONG rep_func. The post-fix path correctly
  skips the slot (with a `log::warn`) rather than fabricating an
  arbitrary mapping.

Gate verdict: 18/19 → 19/19 verified. The advisory missing-bucket
is now empty.

237/237 → 239/239 in `meld-core --lib`.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 19, 2026

Mythos delta-pass required

This PR modifies one or more Tier-5 source files (per
scripts/mythos/rank.md):

meld-core/src/adapter/fact.rs

Before merge, run the Mythos discover protocol on the
modified Tier-5 files:

  1. Follow scripts/mythos/discover.md
    — one fresh agent session per touched Tier-5 file.
  2. For each finding, the agent must produce both a Kani
    harness and a failing PoC test (per the protocol's
    "if you cannot produce both, do not report" rule).
  3. Attach a comment on this PR with either the findings
    (formatted per discover.md's output schema) or
    NO FINDINGS.
  4. Add the mythos-pass-done label to this PR.

Why this gate exists: LS-A-10
(CABI alignment padding in async-lift retptr writeback) was
found by the v0.8.0 pre-release Mythos pass — but it had
lived in the callback emitter since #128, across six
releases. A PR-time gate would have caught it at review
time instead of at the release boundary.

The gate check on this PR will pass once the label is
applied.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe