datalog: reject body lits with reserved names
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 39s
Some checks failed
Test, Build, and Deploy / test-build-deploy (push) Failing after 39s
Nested `not(not(P))` silently misparsed: outer `not(...)` is recognised as negation, but the inner `not(banned(X))` was parsed as a positive call to a relation called `not`. With no `not` relation present, the inner match was empty, the outer negation succeeded vacuously, and `vip(X) :- u(X), not(not(banned(X))).` collapsed to `vip(X) :- u(X).` — a silent double-negation = identity fallacy. Fix in `dl-rule-check-safety`: the positive-literal branch and `dl-process-neg!` both reject any body literal whose relation name is in `dl-reserved-rel-names`. Error message names the relation and points the user at stratified negation through an intermediate relation. 1 regression test; conformance 260/260. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -15,7 +15,7 @@ for rose-ash data (e.g. federation graph, content relationships).
|
||||
|
||||
## Status (rolling)
|
||||
|
||||
`bash lib/datalog/conformance.sh` → **256/256 across 11 suites**
|
||||
`bash lib/datalog/conformance.sh` → **260/260 across 11 suites**
|
||||
(tokenize, parse, unify, eval, builtins, semi_naive, negation, aggregates,
|
||||
api, magic, demo). Source is ~3100 LOC, tests ~2900 LOC, public API
|
||||
documented in `lib/datalog/datalog.sx`.
|
||||
@@ -320,6 +320,19 @@ large graphs.
|
||||
|
||||
_Newest first._
|
||||
|
||||
- 2026-05-11 — Eval-semantics bug-hunt: nested `not(not(P))` was
|
||||
silently misinterpreted. Outer-level `not(...)` is parsed as
|
||||
negation, but the inner `not(banned(X))` was parsed as a regular
|
||||
positive literal naming a relation called `not`. Since no `not`
|
||||
relation existed, the inner match was empty and the outer
|
||||
negation succeeded vacuously, making `vip(X) :- u(X), not(not(banned(X))).`
|
||||
equivalent to `vip(X) :- u(X).` (a silent double-negation = identity
|
||||
fallacy). Fix in `dl-rule-check-safety`: both the positive-literal
|
||||
branch and `dl-process-neg!` now flag any body literal whose head
|
||||
is in `dl-reserved-rel-names`. Error message names the relation and
|
||||
points the user at intermediate-relation stratified negation. 1 new
|
||||
regression test; 260/260.
|
||||
|
||||
- 2026-05-10 — Bug-hunt round on parser/safety surfaced 7 real
|
||||
bugs, each fixed with regression tests:
|
||||
- Reserved relation names (`not`, `count`, `<`, `is`, ...) were
|
||||
|
||||
Reference in New Issue
Block a user