lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: validate protocol impl method signatures vs the protocol declaration (issue 0178)

Browse Source 
The issue-0176 conformance gate was name-only, so an impl P for T with a
mismatched return/param type (or arity) built a wrong-ABI thunk that
silently miscompiled (exit 0, wrong value). firstUnimplementedMethod now
validates arity (after self), each param type, and the return type
against the protocol declaration, substituting protocol Self->concrete
via resolveProtoTypeSubSelf (recurses through pointer/many-pointer/
optional/slice/array so []Self<->[]T match; conservative .unresolved for
Self-in-generic-arg). Comparison is by structural formatTypeName
(alias/module/spelling independent); typesClearlyDiffer skips when either
side has an unresolved leaf at any depth, biasing against false-positives.

Regressions: diagnostics/1201 (negative), protocols/0420 (positive,
[]Self param). Verified by 3+3 adversarial reviews (a mid-fix []Self
false-positive was found and closed); suite 792/0.
This commit is contained in:
agra
2026-06-23 08:48:31 +03:00
parent 8b613af96b
commit c41f51aed3
10 changed files with 293 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
issues/0178-protocol-impl-signature-mismatch-silent-miscompile.md
View File

@@ -1,5 +1,24 @@
# 0178 — protocol impl method with a mismatched return/param TYPE silently miscompiles
> **RESOLVED.** The issue-0176 conformance gate was name-only, so an `impl P for
> T` with a mismatched return/param type (or arity) built a wrong-ABI thunk that
> silently miscompiled (exit 0, wrong value). Fix (`src/ir/lower/protocol.zig`):
> `firstUnimplementedMethod` now validates each impl method's signature against
> the protocol declaration — arity (after `self`), every param type, and the
> return type — substituting protocol `Self`→concrete via `resolveProtoTypeSubSelf`
> (recurses through pointer/many-pointer/optional/slice/array so `[]Self`↔`[]T`
> etc. match; conservative `.unresolved` for `Self`-in-generic-arg). Comparison
> is by structural `formatTypeName` (alias/module/spelling independent), and
> `typesClearlyDiffer` skips when either side has an unresolved leaf at any depth
> — biased against false-positives. Mismatch → located diagnostic. Verified by
> 3+3 adversarial reviews (a mid-fix `[]Self` false-positive was found and
> closed); suite 792/0. Regressions:
> `examples/diagnostics/1201-diagnostics-protocol-impl-signature-mismatch.sx`
> (negative), `examples/protocols/0420-protocol-self-in-slice-param.sx`
> (positive). Known gaps (pre-existing, loud not silent — out of scope): a
> `Self`-through-generic-arg mismatch (`Box(Self)`) and by-value array protocol
> params (`[2]Self`) fail at LLVM verification, not silently.
## Symptom
An `impl P for T` whose method has the right NAME but a mismatched return type or