From 2e6e031233e1ea53a24cb467264d97b20c3af2ad Mon Sep 17 00:00:00 2001
From: agra <alex@swipelab.co>
Date: Mon, 1 Jun 2026 22:44:20 +0300
Subject: [PATCH] ERR/E5.1: reject closure-value into bare function-pointer
 slot
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A closure VALUE (a pre-bound variable) flowing into a bare (T)->U slot
was passed unsoundly: the bare ABI calls fn_ptr(ctx, args) with no env
channel, so the closure's underlying fn (which takes an env slot) had its
env dropped and args shifted — UB for a matching ABI, a wrong-tuple read
for the non-failable->failable widening (returned -1), and a segfault when
the closure captured.

coerceToType now rejects a .closure -> .function coercion with a
diagnostic pointing at the idiom (pass the literal directly, which gets
the static adapter, or type the parameter Closure(...) so the env is
carried). Closure LITERALS are unaffected — lowerLambda pre-adapts them to
a .function-typed value before coercion.

Regression: 1045-errors-closure-var-bare-slot-reject.sx.
---
 ...045-errors-closure-var-bare-slot-reject.sx | 27 +++++++++++++++++++
 ...5-errors-closure-var-bare-slot-reject.exit |  1 +
 ...errors-closure-var-bare-slot-reject.stderr | 17 ++++++++++++
 ...errors-closure-var-bare-slot-reject.stdout |  1 +
 src/ir/lower.zig                              | 18 +++++++++++++
 5 files changed, 64 insertions(+)
 create mode 100644 examples/1045-errors-closure-var-bare-slot-reject.sx
 create mode 100644 examples/expected/1045-errors-closure-var-bare-slot-reject.exit
 create mode 100644 examples/expected/1045-errors-closure-var-bare-slot-reject.stderr
 create mode 100644 examples/expected/1045-errors-closure-var-bare-slot-reject.stdout

diff --git a/examples/1045-errors-closure-var-bare-slot-reject.sx b/examples/1045-errors-closure-var-bare-slot-reject.sx
new file mode 100644
index 0000000..a200580
--- /dev/null
+++ b/examples/1045-errors-closure-var-bare-slot-reject.sx
@@ -0,0 +1,27 @@
+// A closure VALUE (a pre-bound variable) cannot be passed into a bare
+// function-pointer slot `(...) -> ...` (ERR E5.1). The bare ABI calls
+// `fn_ptr(ctx, args)` with no env channel, so a closure's environment can't be
+// carried — passing one is unsound (drops env / shifts args / segfaults on a
+// capturing closure). Only a closure LITERAL crosses this boundary (lowerLambda
+// emits a static adapter); a variable is rejected with a pointer to the idiom.
+//
+// The fix for these is either to pass the literal directly, or to type the
+// parameter `Closure(...)` so the environment is carried (the idiomatic form).
+
+#import "modules/std.sx";
+
+E :: error { Z }
+
+bare  :: (cb: (s64) -> s64, n: s64) -> s64 { return cb(n); }
+baref :: (cb: (s64) -> (s64, !E), n: s64) -> s64 { return cb(n) catch e -1; }
+
+main :: () -> s32 {
+    inc := closure((x: s64) -> s64 => x + 1);          // capture-free closure var
+    base := 100;
+    add := closure((x: s64) -> s64 => x + base);       // CAPTURING closure var
+
+    _ := bare(inc, 9);          // reject: closure value → bare slot
+    _ := baref(inc, 9);         // reject: also the ∅-widening crossing
+    _ := bare(add, 9);          // reject: capturing closure → bare slot
+    return 0;
+}
diff --git a/examples/expected/1045-errors-closure-var-bare-slot-reject.exit b/examples/expected/1045-errors-closure-var-bare-slot-reject.exit
new file mode 100644
index 0000000..d00491f
--- /dev/null
+++ b/examples/expected/1045-errors-closure-var-bare-slot-reject.exit
@@ -0,0 +1 @@
+1
diff --git a/examples/expected/1045-errors-closure-var-bare-slot-reject.stderr b/examples/expected/1045-errors-closure-var-bare-slot-reject.stderr
new file mode 100644
index 0000000..bf5ba16
--- /dev/null
+++ b/examples/expected/1045-errors-closure-var-bare-slot-reject.stderr
@@ -0,0 +1,17 @@
+error: a closure value cannot be passed as a bare function-pointer `(...) -> ...` — its environment can't be carried across the bare ABI; pass the closure literal directly at the call site, or declare the parameter type as `Closure(...)`
+  --> /Users/agra/projects/sx/examples/1045-errors-closure-var-bare-slot-reject.sx:23:10
+   |
+23 |     _ := bare(inc, 9);          // reject: closure value → bare slot
+   |          ^^^^^^^^^^^^
+
+error: a closure value cannot be passed as a bare function-pointer `(...) -> ...` — its environment can't be carried across the bare ABI; pass the closure literal directly at the call site, or declare the parameter type as `Closure(...)`
+  --> /Users/agra/projects/sx/examples/1045-errors-closure-var-bare-slot-reject.sx:24:10
+   |
+24 |     _ := baref(inc, 9);         // reject: also the ∅-widening crossing
+   |          ^^^^^^^^^^^^^
+
+error: a closure value cannot be passed as a bare function-pointer `(...) -> ...` — its environment can't be carried across the bare ABI; pass the closure literal directly at the call site, or declare the parameter type as `Closure(...)`
+  --> /Users/agra/projects/sx/examples/1045-errors-closure-var-bare-slot-reject.sx:25:10
+   |
+25 |     _ := bare(add, 9);          // reject: capturing closure → bare slot
+   |          ^^^^^^^^^^^^
diff --git a/examples/expected/1045-errors-closure-var-bare-slot-reject.stdout b/examples/expected/1045-errors-closure-var-bare-slot-reject.stdout
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/examples/expected/1045-errors-closure-var-bare-slot-reject.stdout
@@ -0,0 +1 @@
+
diff --git a/src/ir/lower.zig b/src/ir/lower.zig
index 029228d..cc0e090 100644
--- a/src/ir/lower.zig
+++ b/src/ir/lower.zig
@@ -15364,6 +15364,24 @@ pub const Lowering = struct {
             return self.builder.boxAny(val, src_ty);
         }
 
+        // Closure VALUE → bare function-pointer slot: not soundly representable.
+        // A bare `(T) -> U` slot is called as `fn_ptr(ctx, args)` with NO env
+        // arg, but a closure's underlying fn takes an env slot — so passing a
+        // closure value's fn_ptr drops the env and shifts the args (UB for a
+        // matching ABI, a wrong-tuple read for ∅-widening, a segfault when the
+        // closure captures). Only a closure LITERAL can cross this boundary,
+        // via the static adapter `lowerLambda` emits (so a literal arrives here
+        // already typed `.function`). Reject the variable case loudly.
+        if (!src_ty.isBuiltin() and !dst_ty.isBuiltin()) {
+            if (self.module.types.get(src_ty) == .closure and self.module.types.get(dst_ty) == .function) {
+                if (self.diagnostics) |d| {
+                    const cs = self.builder.current_span;
+                    d.addFmt(.err, ast.Span{ .start = cs.start, .end = cs.end }, "a closure value cannot be passed as a bare function-pointer `(...) -> ...` — its environment can't be carried across the bare ABI; pass the closure literal directly at the call site, or declare the parameter type as `Closure(...)`", .{});
+                }
+                return val;
+            }
+        }
+
         // Tuple → Tuple element-wise coercion (e.g. a `(s64, s64)` literal
         // flowing into a `(s32, s32)` slot — the multi-value failable success
         // tuple). Same arity, at least one differing field (src_ty == dst_ty