The Snowcat Bug That Misread String As BOUNDS

by Jule 46 views
The Snowcat Bug That Misread String As BOUNDS

When Apalacheā€™s Snowcat misinterprets string literals like "OUT_OF_BOUNDS" as BOUNDS (an integer interval), itā€™s not just a quirky error - it reveals a deeper tension in how type systems handle human-readable strings. In v0.55.0, the type checker flags that "OUT_OF_BOUNDS" cannot fit where a string literal is expected inside a Set literal, even though other elements parse fine. This isnā€™t a typo - itā€™s a blind spot in literal coercion, especially when string content mirrors internal type names. Think of it: a set with one element ā€˜OUT_OF_BOUNDSā€™ gets rejected as BOUNDS, the numeric type. The bug survives because annotations canā€™t override this inference, forcing developers to rename constants - often impractical in large codebases. This matters because it undermines clarity: a set meant to hold strings gets misread as a numeric range, confusing both machines and humans. The fix isnā€™t trivial - no workaround yet - because renaming breaks the literalā€™s purpose. But ask yourself: when a string meant to be literal becomes a type error, whoā€™s really miscommunicating?

Here is the deal: A set literal should reflect its elementsā€™ true types, not internal metadata. The error surfaces consistently, even in simple sets, revealing a disconnect between literals and inferred types.

This bug taps into a broader pattern: modern type-safe languages often struggle with human-centric literals. Snowcatā€™s checkers assume strings are text, not types - yet in practice, ā€œOUT_OF_BOUNDSā€ reads like a boundary. The real risk? Misinterpretation creeps into documentation, tests, and legacy code. Stay vigilant - this isnā€™t just a bug, itā€™s a warning about type system design.

Hereā€™s the core: String literals in set contexts are not always what they seem. When ā€œOUT_OF_BOUNDSā€ triggers a BOUNDS error, itā€™s a signal that type inference prioritizes structure over semantics.

Here is the catch: The error persists despite type annotations because the type checker treats the string as a contextual BOUNDS reference, not a literal. No fix exists yet that preserves intent without renaming.

Here is the takeaway: In Apalache 0.55.0, consider literal clarity over type shortcuts. When types clash with strings, transparency beats coercion. Are you sure your set literals reflect the real data you intend?

The Bottom Line: A string literal shouldnā€™t be a type trap. When types misread meaning, itā€™s time to rethink how literals and semantics coexist in your code. How often do you assume a string is a value when itā€™s actually a type hint?