lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

comptime VM: harden against malformed lowering-time IR (P3.4-prep)

Browse Source 
Prerequisite for wiring the VM at the lowering-time comptime site
(runComptimeTypeFunc), where IR can be malformed (an unresolved name lowers to a
dangling / Ref.none operand — the 0737 crash). Close the remaining panic vectors
so the VM bails (-> legacy fallback) instead of aborting:

- Vm.refTy(ref_types, r): a bounds-checked accessor replacing every raw
  ref_types[ref.index()] in exec — the type-side companion to Frame.get's
  bad_ref value-side guard.
- aggType is now a bailing method (Error!TypeId) routed through refTy.
- the block-dispatch loop bounds-checks the branch target before indexing
  func.blocks.items (a malformed br target). global_get was already guarded.

No behavior change: gate OFF and -Dcomptime-flat both 697/0. Unit test added
(a cmp_lt with a Ref.none operand bails, not panics).
This commit is contained in:
agra
2026-06-18 11:45:40 +03:00
parent 9ae3934f0f
commit 34734d415b
3 changed files with 61 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
current/CHECKPOINT-COMPILER-API.md
View File

@@ -325,6 +325,21 @@ when reached (sentinels or accessor fns; see the design doc Risks).
`List` growth; orthogonal, see `current/CHECKPOINT-METATYPE.md`.)
## Log
- **Phase 3 P3.4-prep (VM plan) — harden the VM against malformed lowering-time IR (2026-06-18).**
Prerequisite for wiring the VM at the LOWERING-time comptime site (`runComptimeTypeFunc`),
where IR can be malformed (an unresolved name lowers to a dangling / `Ref.none` operand —
the 0737 crash). Closed the remaining panic vectors so the VM BAILS (→ legacy fallback)
instead of aborting: (1) a checked `Vm.refTy(ref_types, r)` replaces every raw
`ref_types[ref.index()]` in `exec` (the type-side companion to `Frame.get`'s `bad_ref`
value-side guard); (2) `aggType` is now a bailing method (`Error!TypeId`) using `refTy`;
(3) the block-dispatch loop bounds-checks the branch target before indexing
`func.blocks.items`. `global_get` was already guarded. No behavior change — gate OFF and
ON both **697/0**; unit test added (a `cmp_lt` with a `Ref.none` operand bails, not
panics). **Next:** wire `tryEval` into `runComptimeTypeFunc` behind the flag with legacy
fallback and measure (most minting type-fns will still bail at the welded-write call /
`Type`-result conversion until the VM models `Type` values + the VM-native write side land
— those are the steps that actually move lowering-time comptime onto the VM, toward
deleting legacy).
- **Phase 3 P3.3 (VM plan) — WRITE side: declare_type + pointer_to + ONE kind-branching register_type (2026-06-18).**
The mutating compiler-API: `declare_type(name) -> Type` (forward handle), `pointer_to(t) -> Type`
(build `*T`), and `register_type(handle, kind, members: []Member) -> Type` which branches on