Merge worker-7

mohsen1 · mohsen1 · commit 3e92dee8360a · 2026-01-13T07:02:04.000-06:00
diff --git a/wasm/src/solver/subtype.rs b/wasm/src/solver/subtype.rs
@@ -290,9 +290,10 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {
         // =========================================================================
 
         if self.depth > 100 {
-            // Recursion too deep - return provisional true to prevent stack overflow
-            // This is a safety measure for deeply nested or expanding recursive types
-            return SubtypeResult::Provisional;
+            // Recursion too deep - return false to be conservative and prevent stack overflow
+            // This ensures complex generics don't silently accept invalid code
+            // Note: This differs from coinductive cycle detection which returns Provisional
+            return SubtypeResult::False;
         }
 
         // =========================================================================
@@ -510,9 +511,11 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {
                         (None, Some(_)) => {
                             return SubtypeResult::False;
                         }
-                        // Both unconstrained - they both act like unknown, so they're compatible
+                        // Both unconstrained - different type parameters are not guaranteed compatible
+                        // T <: U is only sound if we know T = U (handled above by name check)
+                        // Two different unconstrained parameters could be instantiated to incompatible types
                         (None, None) => {
-                            return SubtypeResult::True;
+                            return SubtypeResult::False;
                         }
                     }
                 }
@@ -524,9 +527,10 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {
                 }
 
                 // Unconstrained type parameter acts like `unknown` (top type)
-                // It is assignable to any type (but not vice versa)
-                // Since we're checking `source <: target`, unknown <: anything is TRUE
-                SubtypeResult::True
+                // Since unknown is a TOP type: T <: unknown is TRUE, but unknown <: T is FALSE
+                // An unconstrained type param as source cannot be assigned to a concrete target
+                // because the param could be instantiated to an incompatible type
+                SubtypeResult::False
             }
 
             // object keyword accepts any non-primitive type

Original file line number	Diff line number	Diff line change
`@@ -290,9 +290,10 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {`
`290`	`290`	`// =========================================================================`
`291`	`291`
`292`	`292`	`if self.depth > 100 {`
`293`		`- // Recursion too deep - return provisional true to prevent stack overflow`
`294`		`- // This is a safety measure for deeply nested or expanding recursive types`
`295`		`- return SubtypeResult::Provisional;`
	`293`	`+ // Recursion too deep - return false to be conservative and prevent stack overflow`
	`294`	`+ // This ensures complex generics don't silently accept invalid code`
	`295`	`+ // Note: This differs from coinductive cycle detection which returns Provisional`
	`296`	`+ return SubtypeResult::False;`
`296`	`297`	`}`
`297`	`298`
`298`	`299`	`// =========================================================================`
`@@ -510,9 +511,11 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {`
`510`	`511`	`(None, Some(_)) => {`
`511`	`512`	`return SubtypeResult::False;`
`512`	`513`	`}`
`513`		`- // Both unconstrained - they both act like unknown, so they're compatible`
	`514`	`+ // Both unconstrained - different type parameters are not guaranteed compatible`
	`515`	`+ // T <: U is only sound if we know T = U (handled above by name check)`
	`516`	`+ // Two different unconstrained parameters could be instantiated to incompatible types`
`514`	`517`	`(None, None) => {`
`515`		`- return SubtypeResult::True;`
	`518`	`+ return SubtypeResult::False;`
`516`	`519`	`}`
`517`	`520`	`}`
`518`	`521`	`}`
`@@ -524,9 +527,10 @@ impl<'a, R: TypeResolver> SubtypeChecker<'a, R> {`
`524`	`527`	`}`
`525`	`528`
`526`	`529`	// Unconstrained type parameter acts like `unknown` (top type)
`527`		`- // It is assignable to any type (but not vice versa)`
`528`		- // Since we're checking `source <: target`, unknown <: anything is TRUE
`529`		`- SubtypeResult::True`
	`530`	`+ // Since unknown is a TOP type: T <: unknown is TRUE, but unknown <: T is FALSE`
	`531`	`+ // An unconstrained type param as source cannot be assigned to a concrete target`
	`532`	`+ // because the param could be instantiated to an incompatible type`
	`533`	`+ SubtypeResult::False`
`530`	`534`	`}`
`531`	`535`
`532`	`536`	`// object keyword accepts any non-primitive type`