fix(stdlib): error instead of panicking on reversed slice ranges 🔪#174
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 90471caf4f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
The reversed-range check ran after the inclusive +1 adjustment, so an off-by-one inclusive range like `1..=0` survived it and silently returned an empty slice instead of erroring. Move the check before the widening. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1bf004cc13
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
The pre-widening check compared clamped indices, so a reversed range whose endpoints both sit at or beyond the length (e.g. `6..=5` on a 5-char string) collapsed to equal indices and returned an empty slice instead of erroring. Detect reversal from the unclamped endpoints. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 participant
Context
The fuzzer didn't catch this, but a slice whose start index lands after its end (
"hello"[3..1]) crashes the interpreter withattempt to subtract with overflowinstead of returning an error. Found while hunting for panics in the lexer/parser/analyser/compiler/vm pipeline.Lists and tuples already handle reversed ranges gracefully because they slice via
slice.get(from..to), which returnsNone. Strings, deques, and slice assignment instead computetake(to - from), which underflows whenfrom > to.Changes
ndc_stdlib/src/index.rs:extract_vm_offsetnow rejects a range whose forward start exceeds its end, returning a{from}..{to} out of boundserror. Centralizing the check covers every container type (string, deque, slice assignment) and keeps the existing list/tuple error message unchanged.tests/functional/programs/009_slicing/cover the string, deque, and slice-assignment paths that used to panic.manual/src/snippets/slices.md: documents that a start-after-end range is out of bounds.The behavior now matches what lists and tuples already did, so the existing
006_negative_range.ndctest still passes against the same message.🤖