Context
Discovered while reviewing typed-wasm proposal 0001 (#402).
The producer-side and verifier-side currently each carry their own copy of the build_section encoder for typedwasm.ownership:
lib/codegen.ml:159-177 — producer-side section assembly (called at codegen.ml:2778)lib/tw_ownership_section.ml:77-96 — verifier-side reader's equivalent encoder (used by lib/tw_interface.ml)
Both encode the same fixed format today, so this is not a correctness bug right now. But:
Why this matters before proposal 0001 lands
typed-wasm proposal 0001 (hyperpolymath/typed-wasm#34 / PR #76) adds two more producer-neutral sections:
typedwasm.regions (L2–L6)typedwasm.capabilities (L15)
If we replicate the current 2-copy pattern naively, we end up with 3 sections × 2 copies = 6 encoders to keep in sync. Worse, the proposal's regions wire format is richer (field tables, ptr-kind enums, nullability bytes, cardinality) — drift between producer and verifier copies becomes a real correctness risk, not just a maintenance smell.
Proposed prep-work
Extract a single module (working name Tw_section.Encode) that both producer and verifier consume:
module Tw_section : sig
module Encode : sig
val ownership : Tw_ownership_section.t -> bytes
(* Add: regions : ...; capabilities : ... when proposal 0001 lands *)
end
module Decode : sig
val ownership : bytes -> (Tw_ownership_section.t, string) result
(* Symmetric add: regions, capabilities *)
end
endMigrate:
codegen.ml:2778 to call Tw_section.Encode.ownership instead of the inline encoder.tw_interface.ml to call Tw_section.Decode.ownership for read path.- Delete the duplicate
build_section at tw_ownership_section.ml:77-96 (or have it delegate).
Acceptance
- Single canonical encoder per section.
tw_verify.ml round-trip test still passes (encoder ↔ decoder symmetric).- No behaviour change at v0 (wire bytes byte-equal pre- and post-refactor).
Scope
- This is prep work; it does not implement proposal 0001.
- Touches OCaml only (
lib/); does not affect .affine surface or stdlib.
- Should land before typed-wasm proposal 0001 reaches
[accepted] and downstream codegen plumbing starts, otherwise the refactor becomes 3× harder.
References
Context
Discovered while reviewing typed-wasm proposal 0001 (#402).
The producer-side and verifier-side currently each carry their own copy of the
build_sectionencoder fortypedwasm.ownership:lib/codegen.ml:159-177— producer-side section assembly (called atcodegen.ml:2778)lib/tw_ownership_section.ml:77-96— verifier-side reader's equivalent encoder (used bylib/tw_interface.ml)Both encode the same fixed format today, so this is not a correctness bug right now. But:
Why this matters before proposal 0001 lands
typed-wasm proposal 0001 (hyperpolymath/typed-wasm#34 / PR #76) adds two more producer-neutral sections:
typedwasm.regions(L2–L6)typedwasm.capabilities(L15)If we replicate the current 2-copy pattern naively, we end up with 3 sections × 2 copies = 6 encoders to keep in sync. Worse, the proposal's
regionswire format is richer (field tables, ptr-kind enums, nullability bytes, cardinality) — drift between producer and verifier copies becomes a real correctness risk, not just a maintenance smell.Proposed prep-work
Extract a single module (working name
Tw_section.Encode) that both producer and verifier consume:Migrate:
codegen.ml:2778to callTw_section.Encode.ownershipinstead of the inline encoder.tw_interface.mlto callTw_section.Decode.ownershipfor read path.build_sectionattw_ownership_section.ml:77-96(or have it delegate).Acceptance
tw_verify.mlround-trip test still passes (encoder ↔ decoder symmetric).Scope
lib/); does not affect.affinesurface or stdlib.[accepted]and downstream codegen plumbing starts, otherwise the refactor becomes 3× harder.References