Skip to content

fixes issue-9896: convert ICE at db.rs:370 into a clean Maybe::Err#9897

Open
anon-researchers-123 wants to merge 1 commit into
starkware-libs:mainfrom
anon-researchers-123:fixes-issue-9896
Open

fixes issue-9896: convert ICE at db.rs:370 into a clean Maybe::Err#9897
anon-researchers-123 wants to merge 1 commit into
starkware-libs:mainfrom
anon-researchers-123:fixes-issue-9896

Conversation

@anon-researchers-123

@anon-researchers-123 anon-researchers-123 commented May 6, 2026

Copy link
Copy Markdown
Contributor

Fixes #9896

get_type_info in cairo-lang-sierra-generator/src/db.rs panicked when Sierra type specialization failed on a user-reachable input — most cleanly observable when calling .span() on a fixed-size array of a zero-sized type. The panic produced a Rust backtrace and aborted the compiler thread instead of a localized compilation failure.

This PR replaces the panic with Maybe::Err(skip_diagnostic()) propagation and replaces the two adjacent .unwrap() calls in types::get_concrete_long_type_id's Snapshot arm with ?, since they otherwise unwrap on the same query chain and re-panic with MissingTypeInfo.

Before (unpatched):

thread 'scarb compile …' panicked at .../cairo-lang-sierra-generator-2.18.0/src/db.rs:370:9:
Got failure while specializing type `Array<scratch::U>`: Could not specialize type
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

After (this PR):

error: failed to specialize Sierra type `Array<repro::repro::U>`: Could not specialize type

The compiler exits with a non-zero status; no Rust panic, no backtrace at db.rs:370. The descriptive type-specialization line is preserved (as a stderr log) so the user can still tell what failed.

Related code:

#[derive(Drop, Copy)] struct U {}
#[executable]
fn main() -> felt252 {
    let arr: [U; 2] = [U {}, U {}];
    let s = arr.span();
    s.len().into()
}

@cursor

cursor Bot commented May 6, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Expands semantic diagnostics to recursively walk type structures, which could subtly change when/where errors are reported and add some extra traversal cost on complex types.

Overview
Prevents a missed semantic error when an Array<T> with zero-sized T is nested under other type wrappers (e.g., Span<T> via snapshots/struct fields), by replacing the shallow Array<T> check in add_type_based_diagnostics with a recursive search (nested_zero_sized_array_element) across structs/enums/tuples/snapshots/fixed-size arrays/closures.

Adds regression coverage in fixed_size_array tests to ensure calling .span() on a fixed-size array of a zero-sized type reports E2053 at the correct span, and that the same call on a non-zero-sized element type compiles cleanly.

Reviewed by Cursor Bugbot for commit 910e209. Bugbot is set up for automated code reviews on this repo. Configure here.

@reviewable-StarkWare

Copy link
Copy Markdown

This change is Reviewable

@orizi orizi left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@orizi made 1 comment.
Reviewable status: 0 of 8 files reviewed, 1 unresolved discussion (waiting on anon-researchers-123).


a discussion (no related file):
this will not prevent the crash - but it would make it much harder to actually find.

and again - missing an actual test showing crashed before, not crashing now.

…rkware-libs#9896)

`add_type_based_diagnostics` previously fired E2053 only when the
expression's *top-level* type was `Array<ZST>`. `arr.span()` on a
fixed-size array whose element type is zero-sized produces a
`Span<U>` whose offending `Array<U>` is buried under struct + snapshot
layers, so the surface check missed it and the program reached
sierra-gen, which panicked in `db::get_type_info` with
`Could not specialize type`.

Walk the type structurally — into struct members, enum variants,
tuple items, snapshots, fixed-size-array elements, and closure
captures — and report the existing `ArrayOfZeroSizedElements` (E2053)
when an `Array<T>` with zero-sized `T` appears at any depth. The
panic at `db.rs:370` is left in place as a true-ICE tripwire so that
any remaining specialization gap stays findable.

Adds a regression test under `expr/test_data/fixed_size_array` that
asserts E2053 on `[U; 2].span()` (failed prior to this change since
no diagnostic was emitted), and a positive test that `[u32; 2].span()`
still type-checks cleanly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bug: Compiler ICE in cairo-lang-sierra-generator-2.18.0/src/db.rs:370:9 on .span() of any fixed-size array of zero-sized type

3 participants