review quick-wins: JIT gate, crash guards, crit-2 signal-return, regen repair
Server (sx_server.ml):
- HTTP mode: JIT hook now opt-in via SX_SERVING_JIT, matching epoch mode
(was unconditional — live serving-JIT miscompiles J1/J2/J3 de-risked)
- command channel: malformed/non-ASCII line returns an error response
instead of killing the shared process (C1/C1b)
- response cache: soft error pages no longer cached (S4);
http_render_page returns (html, is_error)
Kernel spec + regen:
- crit-2: signal-return frame stored the saved kont under :f but the reader
looked up "saved-kont" — handler value became the whole program's result
and the covering test passed vacuously. Fixed; raise-continuable now also
resumes at the raise site (rest-k, not unwound-k), mirroring signal-condition
- quasiquote: R7RS longhand unquote-splicing aliased to splice-unquote
(used to serialize literally — silent zero-splice)
- guard: re-raise sentinel gensym'd per execution (was forgeable by any
(list '__guard-reraise__ x) value)
- do: IIFE-head form no longer misparses as a Scheme do-loop
- render: area/base/embed/param/track added to HTML_TAGS (were void-only
and rendered as Undefined symbol)
- REGEN REPAIR: checked-in sx_ref.ml carried hand-written additions that
every regeneration silently lost (let-values/define-values/delay/
delay-force registrations, AdtValue define-type) plus 5 regen blockers
(arrow-name mangling, 3-arg get, &rest defines, HO-position helper refs,
transpiler prim-table gaps). Moved into bootstrap.py FIXUPS/skips and the
transpiler prim table — regen is now reproducible, compiles, and tests
at baseline (CI Dockerfile.test steps 3-4 could not previously have
produced a compiling kernel)
Primitives:
- contains?: dict key-check arm per its spec doc
- expt: promotes to float on int63 overflow ((expt 2 100) returned 0)
- mcp_tree parity with sx_primitives: get (Integer indices + 3-arg default),
split (literal substring, was char-class — the historical gotcha lived
here), empty? on ""/{}, contains?, equal?, keyword-name, char-code
(Integer), parse-number (Integer-aware)
Python/docs:
- shared/sx/boundary.py: dead validation now logs a one-time WARNING instead
of silently no-oping (full revival gated: tier-1 declarations deleted and
SX_BOUNDARY_STRICT=1 is live in production compose)
- CLAUDE.md: canonical reference now points at spec/*.sx; island authoring
rules corrected (let IS sequential, bodies ARE implicit begin)
Verification: full suite 5762 passed / 274 failed — fail set byte-identical
to the pre-change baseline (273 in-progress hs-* + pre-existing r7rs radix
shadow). All repros verified fixed on both the native binary and the rebuilt
WASM browser kernel. Review findings: /tmp/sx-review/*.md
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -26,8 +26,21 @@ _DECLARED_IO: frozenset[str] | None = None
|
||||
_DECLARED_HELPERS: dict[str, frozenset[str]] | None = None
|
||||
|
||||
|
||||
_LOAD_FAILURE_WARNED = False
|
||||
|
||||
|
||||
def _load_declarations() -> None:
|
||||
global _DECLARED_PURE, _DECLARED_IO, _DECLARED_HELPERS
|
||||
# KNOWN-BROKEN (2026-07 review, finding C24): `.ref.boundary_parser` was
|
||||
# moved to hosts/python/boundary_parser.py AND its tier-1 declaration
|
||||
# source (shared/sx/ref/boundary.sx) was deleted, so this ImportError
|
||||
# fires on every call and boundary validation has been a silent no-op —
|
||||
# including under SX_BOUNDARY_STRICT=1, which production compose sets.
|
||||
# Do NOT "fix" the import in isolation: reviving validation while strict
|
||||
# mode is live in production requires first recreating the core
|
||||
# declarations and proving zero violations across all services
|
||||
# (remediation plan, Phase 2 "Python boundary"). Until then we make the
|
||||
# dead state visible instead of silent.
|
||||
global _DECLARED_PURE, _DECLARED_IO, _DECLARED_HELPERS, _LOAD_FAILURE_WARNED
|
||||
if _DECLARED_PURE is not None:
|
||||
return
|
||||
try:
|
||||
@@ -42,7 +55,15 @@ def _load_declarations() -> None:
|
||||
# Don't cache failure — parser may not be ready yet (circular import
|
||||
# during startup). Will retry on next call. Validation functions
|
||||
# skip checks when declarations aren't loaded.
|
||||
logger.debug("Boundary declarations not ready yet: %s", e)
|
||||
if not _LOAD_FAILURE_WARNED:
|
||||
_LOAD_FAILURE_WARNED = True
|
||||
logger.warning(
|
||||
"SX boundary validation is INACTIVE (declarations failed to "
|
||||
"load: %s). All validate_* calls are no-ops, even under "
|
||||
"SX_BOUNDARY_STRICT=1.", e,
|
||||
)
|
||||
else:
|
||||
logger.debug("Boundary declarations not ready yet: %s", e)
|
||||
|
||||
|
||||
def _is_strict() -> bool:
|
||||
|
||||
Reference in New Issue
Block a user