hjnormey/siloqy
Public Access
1
0
Fork 0
Code Issues 7 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

PINK: E2E trace analysis — Pass 13 FFI safety/dangling pointers/coverage (P1-P9)

Browse Source 
Thirteenth pass: dita_kernel_destroy double-free UB — Python doesn't null
handle.value (P1 Critical), CStr::from_ptr(payload) without null guard in
3 FFI exports (P2 High), _check_open_orders asyncio.run from async _verify
crashes live tests (P3 High), _get_rust() TOCTOU race concurrent cargo build
(P6 High), into_c_string NUL sanitizer produces invalid JSON (P4 Medium),
reconcile/snapshot_json null on failure no diagnostic (P5 Medium).
263 total flaws across 13 passes.

Co-authored-by: CommandCodeBot <noreply@commandcode.ai>
This commit is contained in:
Codex
2026-06-02 11:06:18 +02:00
parent d1a6be0d27
commit b922f5ff1c
2 changed files with 275 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
PINK_DITAv2_FLAW_ANALYSIS_2026-05-31.md
View File

@@ -27,7 +27,8 @@
| M | Pass 10 (Runtime/TestBugs/FSM/Persistence/Metrics) | 18 | 3 | 7 | 5 | 3 | 0 |
| N | Pass 11 (Async/Sync Seams/Locks/Threading) | 10 | 4 | 1 | 3 | 1 | 1 |
| O | Pass 12 (Sync/Async Wider Scope) | 11 | 0 | 3 | 7 | 1 | 0 |
| **Total** | | **254** | **20** | **70** | **73** | **60** | **28** |
| P | Pass 13 (FFI Safety/Dangling Pointers/Coverage) | 9 | 1 | 3 | 3 | 1 | 1 |
| **Total** | | **263** | **21** | **73** | **76** | **64** | **29** |
---
@@ -347,6 +348,24 @@
---
## P-Series: FFI Safety, Dangling Pointers, Coverage Gaps (Pass 13)
*Full detail in TRACE doc under "PASS 13 — FFI BOUNDARY SAFETY, DANGLING POINTERS, COVERAGE GAPS."*
| # | Flaw | Layer | Severity |
|---|------|-------|----------|
| P1 | `dita_kernel_destroy` double-free UB — Python doesn't null handle.value | Bridge | **Critical** |
| P2 | `CStr::from_ptr(payload)` without null guard in 3 FFI exports | Rust | **High** |
| P3 | `_check_open_orders` calls `asyncio.run()` from async `_verify` — RuntimeError | Test | **High** |
| P4 | `into_c_string` NUL sanitizer produces invalid JSON — json.loads fails | Rust | Medium |
| P5 | `reconcile_slots_json`/`snapshot_json` return null on failure — no diagnostic | Rust | Medium |
| P6 | `_get_rust()` TOCTOU race — concurrent cargo build corruption | Bridge | **High** |
| P7 | `KernelHandle` no Send/Sync — FFI bypasses Rust ownership rules | Rust | Info |
| P8 | No explicit Rust handle destroy path from bundle.close() | Launcher | Medium |
| P9 | `__del__` accesses module `_RUST` during shutdown — NameError leak | Bridge | Low |
---
## H-Series: Edge Domains — Dependencies, Error Handling, Types, Contracts (Pass 5)
*Full detail in TRACE doc under "PASS 5 — EDGE DOMAINS."*