test(eql_v3): close CLLW-OPE migration coverage gaps (CIP-3491)#403
Conversation
Five test fixes/additions closing coverage gaps left by the block-ORE -> CLLW-OPE migration, where a naive rename left several controls vacuous or inverted: - R2a (v3_ore_fallback_tests): re-point the superuser positive control at `_ord_ore` (ORE, poisonable) instead of `_ord` (OPE, UNPOISONABLE by construction). The old control cast the OPE domain, which can never be poisoned, so it proved nothing; the ORE domain is the meaningful "superuser install does not poison" check. - PR#392 (edge_cases): split the stale `check_rejects_payload_missing_ob` into two tests. Post-flip `_ord` is OPE and its CHECK requires `op` (not `ob`), so the old test passed for the wrong reason. Now `_ord` rejects a payload missing `op` and `_ord_ore` rejects a payload missing `ob`, each proving the domain needs its own ordering term. - T18 (float_special): parameterise the signed-zero (-0.0 vs +0.0) pins over both `real` (F4) and `double` (F8) via a local `SignedZeroPair` trait and generic per-behaviour helpers. `real` shares the crypto path but was asserted nowhere; the `known_failure` inversion is preserved per type. - R3a (fixture_oracle): add `search_ore_fn_oracle` for `Variant::SearchOre` (`text_search_ore`, [Hm, Ore, Bloom]), the ORE twin of the existing `search_fn_oracle` (`text_search`, OPE). Mirrors it exactly but exercises the block-ORE extractor (`ord_term_ore`/`ob`). - T10 (v3_privilege_tests): add `runtime_role_ope_ok_ore_needs_extensions`, pinning the pgcrypto boundary. Under identical grants (eql_v3 + eql_v3_internal + fixture, but NOT `extensions`), the CLLW-OPE `_ord` path succeeds while the block-ORE `_ord_ore` path fails at pgcrypto `encrypt()`. NOT done: R2b (adding "1.0" to NUMERIC_FIXTURES). Empirically breaks CI: "1" and "1.0" parse to the same rust_decimal value, tripping the deliberate `numeric_value_guards::fixtures_are_distinct_by_value` guard (which names this exact pair) and producing duplicate-plaintext fixture rows that break `fetch_fixture_payload`'s `fetch_one` and the numeric oracle. `cargo test -p eql-domains` passes (a false green: the catalog keys numeric fixtures by literal string), but `cargo test --lib -p eql_tests` fails. Surfaced for a decision rather than shipping a CI-breaking change.
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses CIP-3491 — 5 of 6 items; item R2b is infeasible as specified (see below).
Tests that passed for the wrong reason, or didn't exist, after the block-ORE → CLLW-OPE flip. Ground truth:
_ord/_ord_opeare OPE (op,ord_term, native bytea, unpoisonable, no pgcrypto);_ord_ore/_search_oreare block-ORE (ob,ord_term_ore, poisonable, pgcryptoencrypt()).Done (5)
v3_ore_fallback_tests.rs). The superuser "poisons nothing" control castpublic.eql_v3_integer_ord— the OPE domain, which is unpoisonable by construction, so it could never fail. Re-pointed atpublic.eql_v3_integer_ord_ore(the poisonable ORE domain), making it a meaningful control.check_rejects_payload_missing_ob(edge_cases.rs). Post-flip_ordrequiresop, notob, so the old test passed for the wrong reason. Split intocheck_ord_rejects_payload_missing_op(_ord/OPE) andcheck_ord_ore_rejects_payload_missing_ob(_ord_ore/ORE), each proving its domain needs its own ordering term.real/F4 signed-zero untested (float_special.rs). The ±0.0 pins ran fordouble/F8 only, thoughrealshares the crypto path. Parameterised all five ±0.0 tests over F4 and F8 via a localSignedZeroPairtrait + generic helper bodies;known_failure(ISSUE_FLOAT_SIGNED_ZERO_EQ, …)inversion preserved per type (F4 arm now pinspublic.eql_v3_real_eq/_ord).fixture_oracle.rs). Addedsearch_ore_fn_oracleforVariant::SearchOre(text_search_ore,[Hm,Ore,Bloom]) — the block-ORE twin of the existing OPEsearch_fn_oracle, soSearchOregets all-pairs oracle coverage.v3_privilege_tests.rs). docs(eql_v3): fix stale/inverted CLLW-OPE migration comments (CIP-3490) #399 already dropped the deadextensionsgrant from the positive test (so_ord/OPE is now exercised without it). This addsruntime_role_ope_ok_ore_needs_extensions: under identical grants minusextensions, the OPE_ord<succeeds while the ORE_ord_ore<fails at pgcryptoencrypt()— pinning that the two paths diverge on exactly theextensionsgrant. The error assertion (assert_pgcrypto_boundary_error) matches on the message namingencrypt/extensionsrather than a fixed SQLSTATE, since a missingextensionsUSAGE surfaces asundefined_function(name resolution skips the schema), not necessarilyinsufficient_privilege.Not done — R2b is infeasible as specified
The ticket asks to add
"1.0"toNUMERIC_FIXTURESto exercise thenumeric._ordscale collision. This breaks CI.rust_decimalparses"1"and"1.0"to the same value, tripping the deliberatenumeric_value_guards::fixtures_are_distinct_by_valueguard — whose own doc (tests/sqlx/src/scalar_domains.rs:697) names this exact pair as forbidden, because the fixture table keysplaintextby numeric value and two aliasing rows breakfetch_fixture_payload'sfetch_one. Empirically:cargo test -p eql-domainspasses (a false green — the catalog keys numeric fixtures by literal string), butcargo test --lib -p eql_testsfails with "two numeric fixtures alias to the same Decimal value". The scale-collision intent needs a standalone fresh-encryption test (likefloat_special's NaN pins), not a one-line fixture-list addition — a larger change than R2b's stated scope, left for a decision. CIP-3491 should stay open for R2b (re-scoped).Verification (no creds locally)
cargo fmt --checkclean;cargo test -p eql-domains93 pass;cargo check --lib -p eql_testsclean;cargo check --tests -p eql_testsshows 0 real rustc errors — the only failures are the expectedcouldn't read fixtures/*.sqlmacro errors (integration targets need creds-generated fixtures; CI has them). Test-only change, no changeset.