lab/sx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
515ecebea7a0962e89cde3e1908d0f58cbe05d92
sx/examples/1047-errors-value-slot-liveness-reject.sx
agra 296c809d85 ERR/E1.8: path-sensitive value-slot liveness check 
A `v, err := failable()` destructure now binds the value slot(s) "live
only where `err` is proven absent". Reading `v` where the compiler cannot
prove `err == null` is a compile error.

New diagnostic-only Pass 1e (`checkErrorFlow` in ir/lower.zig): a
structured, path-sensitive walk over each main-file function body. A
proven-null set is threaded across branches and joined by intersection
at each `if`'s merge. Proof shapes recognized:

  - `if !err { … v … }`           (proven inside the guard)
  - `if err { return/raise } … v` (proven on the fall-through)
  - `if err { … } else { … v … }` (proven in the else branch)
  - `!err and <reads v>`          (short-circuit refinement)

Error-set tag compares (`if err == error.X`) prove nothing about
absence — they narrow the tag only. Nested lambdas are analyzed as their
own boundaries. Library modules are trusted (skipped).

Migrated the canon value-failable examples (1011/1012/1018/1044) to read
their value slots under `if !err` guards — output unchanged. New
regressions: 1046 (every proof shape compiles + runs, exit 210) and 1047
(unproven reads rejected, exit 1).

Gates: zig build, zig build test, run_examples.sh -> 338 passed, 0 failed.
2026-06-01 23:14:24 +03:00

36 lines
1.1 KiB
Plaintext
Raw Blame History

// Rejection counterpart to 1046 (ERR step E1.8). Reading a failable's value slot
// where its error is NOT proven absent is a compile error. Two unproven shapes:
//
// (A) reading the value inside the `if err { … }` error path itself
// (B) reading the value after a bare tag-compare (`if err == error.X`), which
// narrows the tag but proves nothing about absence
//
// Each read is rejected with the E1.8 diagnostic; the program never runs (exit 1).
#import "modules/std.sx";
E :: error { Bad }
parse :: (n: s32) -> (s32, !E) {
if n < 0 { raise error.Bad; }
return n * 10;
}
// (A) the read sits on the error path — `err` is present here, not absent.
bad_a :: () -> s32 {
v, err := parse(5);
if err { return v; } // REJECTED: err present on this path
return 0;
}
// (B) a tag-compare narrows which error, but does not prove there is none.
bad_b :: () -> s32 {
v, err := parse(5);
if err == error.Bad { return 1; }
return v; // REJECTED: err not proven absent
}
main :: () -> s32 {
return bad_a() + bad_b();
}
Reference in New Issue View Git Blame Copy Permalink