feat(parser): CORE-01 pt2 — &mut e exclusive-borrow surface (zero conflict delta)#269
Merged
Merged
Conversation
The pt2 residual was parser-gated: the shared-XOR-exclusive rules from pt1 (#240 UseWhileExclusivelyBorrowed / ConflictingBorrow) could never fire from real source because `&mut e` did not parse — only shared `&e` (OpRef) existed. This adds the exclusive-borrow expression surface. - ast.ml: new `unary_op` variant `OpMutRef` (`&mut e`). Documented: only the borrow checker distinguishes it from `OpRef`; every other backend treats `&mut e` exactly like `&e` (a reference is the same runtime pointer — exclusivity is a static property). - parser.mly: `expr_unary | AMP MUT e -> ExprUnary (OpMutRef, e)`, ordered before `AMP e`. `AMP MUT` is unambiguous (an expression cannot begin with the MUT keyword) — **zero Menhir conflict delta**: 21 S/R states + 1 R/R + 68/7 arbitrarily-resolved baseline held (ADR-012). - borrow.ml: `OpMutRef` => *Exclusive* borrow (vs `OpRef` Shared); `ref_target`/`is_copy` also match it. This is the soundness payload. - typecheck/codegen: `OpMutRef` folded into the `OpRef` arm (typed `TRef`, same heap-pointer codegen); `gen_unop` made exhaustive. Verified: `&mut x` parses; two `&mut x` => ConflictingBorrow; read `x` while `&mut x` live => UseWhileExclusivelyBorrowed; `return &mut local` => BorrowOutlivesOwner (composes with pt2 return-escape); shared `&x` unchanged; `&mut x` emits wasm (177 B). Full gate 278 -> 281 (+3 hermetic "E2E Borrow Graph" tests + 3 fixtures); all stdlib AOT green — zero over-rejection. Scope: `&`-in-`#{` literals + bare block-statements already parse on main; the `-> &T`/`&T` *type* sigil is deliberately NOT added (`ref T`/ `mut T` keyword types already express reference types — a `&T` sigil is duplicate surface, ADR territory, not a soundness gap). The pt2 residual is now the NLL/`outer=&x` *analysis* (expressible, no longer parser-gated), not surface. Ledger + borrow.ml comment truthed. Refs #177 (not Closes — NLL analysis remains). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 47 issues detected
View findings[
{
"reason": "Stray AI.a2ml in root -- use 0-AI-MANIFEST.a2ml only",
"type": "banned",
"file": "AI.a2ml",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Superseded by 0-AI-MANIFEST.a2ml",
"type": "banned",
"file": "AI.djot",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/checkout@v4 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/example/smoke_driver.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/cli.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
},
{
"reason": "TypeScript file detected -- banned language",
"type": "banned_language_file",
"file": "/home/runner/work/affinescript/affinescript/affinescript-deno-test/mod.ts",
"action": "flag",
"rule_module": "cicd_rules",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CORE-01 pt2 —
&mut eexclusive-borrow parser surfaceRefs #177(notCloses— the NLL/outer=&xanalysis remains; it isnow expressible, no longer parser-gated).
Why
pt1 (#240) shipped shared-XOR-exclusive (
UseWhileExclusivelyBorrowed,ConflictingBorrow) but those rules could never fire from realsource:
&mut edid not parse — only shared&e(OpRef) existed.The pt2 residual was parser-gated. This adds the missing surface.
Change
ast.mlunary_opOpMutRef(&mut e) — borrow-checker-only distinctionparser.mlyexpr_unary | AMP MUT ebeforeAMP e— zero conflict delta (21 S/R + 1 R/R baseline held;AMP MUTunambiguous)borrow.mlOpMutRef⇒ Exclusive borrow (the soundness payload);ref_target/is_copymatch ittypecheck.ml/codegen.mlOpMutReffolded intoOpRef(typedTRef, same pointer codegen);gen_unopexhaustiveVerified
&mut xparses ✓&mut x→ConflictingBorrow✓ (previously unrepresentable)xwhile&mut xlive →UseWhileExclusivelyBorrowed✓return &mut local→BorrowOutlivesOwner✓ (composes with pt2 return-escape)&xunchanged ✓;&mut xemits wasm (177 B) ✓AOT green — zero over-rejection
Scope (honest)
&-in-#{literals and bare block-statements already parse onmain.The
-> &T/&Ttype sigil is deliberately not added —ref T/mut Tkeyword types already express reference types; a&Tsigil wouldbe duplicate surface (ADR territory, not a soundness gap). The pt2
residual is now the NLL /
outer = &xdataflow analysis — nowexpressible (surface unblocked), no longer parser-gated. Ledger +
in-code comment truthed.
🤖 Generated with Claude Code