// Skipped under Miri: these tests compile+run wasm via wasmtime, whose

// Cranelift backend refuses to run under Miri.

#![cfg(not(miri))]

//! Runtime evaluation of UNWIND-PROTECT through the eval-mode (nomi-eval)

//! boundary wrapper: cleanup runs on normal completion AND on a raise, the

//! raise re-propagates after cleanup, and the form yields the body's value on

//! the normal path. Codegen-level validation lives in

//! `nomiscript/tests/codegen/unwind_protect.rs`.

use nms::interpreter::Interpreter;

use scripting::nomiscript::{Fraction, Value};

    }

#[test]

#[test]

    // The body is a runtime comparison (`WasmType::Bool`). The unwind-protect

    // eval-time type mirror must report `Bool` (not I32), so a bound result is

    // sized correctly and serializes as Nil/Bool — not Number. tag-count is 0:

    // (= 0 0) is true → Bool(true); (< 0 0) is false → Nil.

        Value::Bool(true)

    );

        Value::Nil

    );

#[test]

    // The cleanup mutates a binding visible after the form; proves cleanup

    // executed on the normal path. n: 0 → body leaves it, cleanup sets 9.

    );

#[test]

    // The body raises; cleanup must run, then the raise re-propagates and

    // escapes (no catch-all here), so eval surfaces an error.

        "a raise in unwind-protect body must re-propagate after cleanup"

    );

#[test]

    // The body raises; cleanup sets n=9; an enclosing handler-case catches the

    // re-raised condition and returns n. Proves cleanup ran on the exceptional

    // path BEFORE the catch saw the re-raise.

        ),

    );

#[test]

    // The re-raised condition keeps its code, so the matching outer clause

    // fires (returns 7), not a catch-all fallback.

        ),

    );

#[test]

    // The two cleanup splice copies (normal + exceptional) must not BOTH run

    // on a normal exit. n increments once per cleanup execution → 1, not 2.

    );

#[test]

    );

#[test]

    );

#[test]

    // Inner body raises; inner cleanup sets a=1, the re-raise crosses the

    // outer unwind-protect whose cleanup sets b=2, then the handler-case

    // catches it and returns a+b = 3. Both cleanups ran in order.

        ),

    );

#[test]

    // unwind-protect at effect position (non-tail of a BEGIN) still runs

    // cleanup; the trailing 5 is the program value.

    );

// The `RT` prefix forces `n` to a RUNTIME local: a tagbody go-loop promotes

// it (the loop var can't be const-folded), so a cleanup `(setf n …)` is a

// real wasm store the runtime must execute — a const-foldable `n` would make

// these pass even if cleanup were skipped. Required because the non-local-exit

// cleanup bug originally hid behind compile-time const-folding.

const RT_PROMOTE: &str = "(tagbody lp (setf n (+ n 1)) (when (< n 1) (go lp)))";

#[test]

    // A `(return-from out)` inside the body targets a block OUTSIDE the

    // unwind-protect — a non-local exit. CL semantics: cleanup MUST run as

    // control unwinds past it. With `n` promoted to a runtime local, cleanup's

    // `(setf n 9)` is a real store; n=9 proves it ran on the br-exit path.

    );

#[test]

    // The block's value is the return-from value (7), even though cleanup

    // runs as control unwinds past the unwind-protect. The `99` form after

    // the unwind-protect *inside* the block is dead (return-from exited).

    );

#[test]

    // A `(go done)` inside the body jumps to a tag in an OUTER tagbody,

    // crossing the unwind-protect. Cleanup `(setf n 9)` must run before the

    // jump. `n` is runtime-promoted by the same outer loop.

        ),

    );

#[test]

    // A non-local `(return-from out)` from inside two nested unwind-protects

    // must run BOTH cleanups, innermost-first. a=1 (inner) + b=2 (outer) = 3.

    );

#[test]

    // Strongest "exactly once" assertion: both nested cleanups INCREMENT one

    // isolated runtime counter `c`, so the result counts total cleanup runs.

    // `c` is promoted to a runtime local by `(setf c g)` after the loop (guard

    // is the SEPARATE var `g`, never the counter) — so the increment can't be

    // const-folded and the readout isn't contaminated. Two cleanups, once each

    // → 2 (a double-run would give 3+). Locks in the inline crossing-cleanup

    // mechanism against the const-fold/shared-counter measurement traps that

    // masked correctness during development.

        ),

    );

// --- Adversarial-review regression cases (opencode, Tier 3.4) ---

#[test]

    // A `(setf x v)` in cleanup of a `(return-from)` in ONE arm of a runtime

    // `if` must NOT mutate the compile-time value of a const `x` the OTHER arm

    // reads. The then-arm (compiled first) replays the crossing cleanup; if it

    // ran against the live symbol table it would set `x`'s const value to 7,

    // and the else-arm — taken at runtime since the host test is false — would

    // return 7 instead of the correct pre-cleanup 0. Cleanups at a crossing

    // site compile against a CLONE, so the sibling stays clean.

        ),

    );

#[test]

    // A `(return-from)` INSIDE a cleanup must not re-schedule that same cleanup

    // (which recursed to a compile-time stack overflow before the frame was

    // masked during its own emission). The cleanup's own `(return-from out 2)`

    // takes over the unwind and wins — CL: a non-local exit from cleanup

    // abandons the original exit.

    );

#[test]

    // A cleanup that always diverges (`(return-from b "x")`) makes the whole

    // unwind-protect diverge — the body's value never falls through. The tail

    // `3` after the form is dead, so BLOCK must type from the reachable string

    // exit, not conflict it against the dead ratio tail.

    );