change: raise on invalid input in numeric/data builtins (silent-tolerance batch-2)#514
Merged
Merged
Conversation
…ance batch-2) Second batch of the silent-tolerance audit (#490–#512). Builtins that folded bad input to a null/0/""/wrong-order sentinel — the hardest class of bug to spot in a data or numeric pipeline — now raise a catchable error from the closed error-kind set: - matmul (#512): incompatible shapes -> value, non-matrix -> type_mismatch, oversized result -> limit. - sha256/md5/sha256_file/md5_file/hmac_sha256 (#511): non-string -> type_mismatch (was the "" sentinel = a silent wrong digest); _file variants raise io on open failure. - range (#497/#498): non-numeric arg -> type_mismatch; past the 1M cap -> limit instead of silently building an unbounded list (the cap sized only the prealloc while the loop ran to the original bound — an OOM). - sort_by (#501): non-numeric key -> type_mismatch (was coerced to 0.0); mirrors sort (#368). - get_at/set_at + buf_get/buf_set (#499/#502): out-of-range -> index_range, non-list/non-buffer target or non-integer index -> type_mismatch, matching the xs[i] operator. Load-bearing check: no stdlib (lib/) reliance; the only reliance was three tests asserting the old silent behavior (range-of-string, get_at/buf_get OOB, sha of null, get_at/set_at past-the-start, matmul overflow) — updated to assert the raise. The get_at/set_at -4 case was asserting an inconsistency with [] (which already raises on -4); the change makes them consistent, which is exactly #312's stated goal. New regression: suite section [116] (test_raise_on_bad_input.eigs, 21 checks). Release + ASan/leak suites green (2646/2646, leak tally 0). Closes #497 Closes #498 Closes #499 Closes #501 Closes #502 Closes #511 Closes #512 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Second batch of the silent-tolerance audit (#490–#512). Builtins that folded bad input to a
null/0/""/ wrong-order sentinel — the hardest class of bug to spot in a data or numeric pipeline — now raise a catchable error from the closed error-kind set.Changes
matmul(#512)nullvalue/type_mismatch/limitsha256md5*_filehmac_sha256(#511)""sentinel (silent wrong digest)type_mismatch(ioon open fail)range(#497, #498)[]; unbounded build → OOMtype_mismatch;limitsort_by(#501)0.0(silent wrong order)type_mismatch(mirrorssort#368)get_atset_atbuf_getbuf_set(#499, #502)index_range/type_mismatch, matchingxs[i]range's #498 was a genuine latent OOM: the 1M cap sized only the prealloc while the loop still ran to the original bound.Load-bearing check
No stdlib (
lib/) reliance on any silent path. The only reliance was three tests asserting the old buggy behavior, updated to assert the raise:test_hash.eigs—sha256/md5 of null,sha256_filemissingtest_coverage_v2.eigs—range of "hello",get_atOOB (via the file'sexpect_errorhelper)test_builtin_indirect.eigs—buf_getOOBtest_builtin_contracts.eigs—get_at/set_atpast-the-start (this asserted an inconsistency with[], which already raises on-4; the change makes them consistent — exactly get_at / set_at / char_at silently ignore negative indices, diverging from the[]operator's documented negative indexing #312's stated goal)test_builtin_overflow.sh— matmul overflow now catchable (crash-safety intent preserved)Tests
New suite section [116] —
test_raise_on_bad_input.eigs, 21 checks (each raise + a happy-path sanity check).detect_leaks=1: 2646/2646, leak tally 0Deferred to a batch-2b follow-up (genuine design calls / larger changes):
#500regex invalid-pattern,#508len,#506append,#504substr,#495json_decode leniency,#507json_path,#494parser,#491for-in,#503list_truncate.Closes #497
Closes #498
Closes #499
Closes #501
Closes #502
Closes #511
Closes #512
🤖 Generated with Claude Code