Bump rand from 0.9.2 to 0.9.4#1
Open
dependabot[bot] wants to merge 1 commit intomasterfrom
Open
Conversation
Bumps [rand](https://github.com/rust-random/rand) from 0.9.2 to 0.9.4. - [Release notes](https://github.com/rust-random/rand/releases) - [Changelog](https://github.com/rust-random/rand/blob/0.9.4/CHANGELOG.md) - [Commits](rust-random/rand@rand_core-0.9.2...0.9.4) --- updated-dependencies: - dependency-name: rand dependency-version: 0.9.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
…cing, constants v11.26 change aeyakovenko#2 — Flat-close guard uses Eq_maint_raw_i >= 0: enforce_one_side_margin now checks account_equity_maint_raw_wide >= 0 for flat exits, not just pnl >= 0. Prevents flat exit with negative net wealth from fee debt (C + PNL - FeeDebt < 0). TDD: proof_v1126_flat_close_uses_eq_maint_raw (19s, PASS) v11.26 change #1 — Fee-neutral risk-reducing exemption: Buffer comparison now adds fee back: (Eq_maint_raw_post + fee) - MM_req_post. Also enforces shortfall guard: min(Eq_maint_raw_post + fee, 0) >= min(pre, 0). Pure fee friction no longer blocks genuine de-risking trades. TDD: proof_v1126_risk_reducing_fee_neutral (18s, 1/1 cover) Other fixes: - MAX_TRADE_SIZE_Q: 200T → MAX_POSITION_ABS_Q (100T) per spec §1.4 - liquidate_at_oracle OI assertion now unconditional per spec §10.6 step 10 - enforce_one_side_margin takes fee parameter for fee-neutral comparison Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
1. force_close_resolved atomicity: replaced settle_side_effects call (which interleaves mutations with fallible checked_sub) with a validate-then-mutate pattern. Phase 1 computes pnl_delta and pre-validates stale count. Phase 2 mutates only after all checks pass. No partial mutation on error. 2. LP fee accounting: charge_fee_to_insurance now returns the amount actually collected (capital paid + collectible debt recorded). execute_trade tracks fees_earned_total using the actual collected amount from the counterparty, not the nominal fee. Prevents overreporting when charge_fee_to_insurance drops uncollectible excess. 3. Version comments updated from v12.0.2 to v12.1.0 across all source and test files. Issue #1 (assert!/panic in internal helpers): acknowledged but not changed — validate_params is init-only, internal mutators use assert for invariants proven unreachable by upstream callers. On Solana SVM both panic and Err abort atomically. Issue aeyakovenko#4 (run_end_of_instruction_lifecycle missing OI check): by design — the helper is for non-exposure callers (resolved-market settlement). OI checks live in each exposure-mutating instruction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
1. enforce_post_trade_margin now receives per-side actual collected fees (fee_collected_a, fee_collected_b) instead of the shared nominal fee. The fee-neutral comparison in the strict risk-reducing exemption now correctly adds back only what each side actually paid, preventing overstated buffers when charge_fee_to_insurance caps at collectible headroom. 2. validate_params comment updated: "0 <= maintenance_bps <= initial_bps" (was incorrectly "0 < ... <"). Not changed: - #1 (resolved-market haircut order): inherent to the haircut model — convert_released_pnl and do_profit_conversion use the same release-then-haircut pattern. Not force_close-specific. - aeyakovenko#3 (invalid hints → None): spec §12 property 68 explicitly says "invalid keeper hints cause no liquidation action." - aeyakovenko#5 (non-atomic mutations): Solana SVM atomicity guarantee. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
1. force_close_resolved now decrements oi_eff_long_q / oi_eff_short_q
by the account's effective position before zeroing. Without this,
force-closing all accounts left stored_pos_count == 0 but OI > 0,
which could trigger CorruptState in subsequent lifecycle operations.
2. force_close_resolved now rejects a_basis == 0 as CorruptState
instead of silently treating pnl_delta as 0. A nonzero position
with a_basis == 0 is always corrupt ADL state.
3. New unit tests:
- test_force_close_decrements_oi: verifies OI goes to 0 after
force-closing both sides of a bilateral trade
- test_force_close_rejects_corrupt_a_basis: verifies CorruptState
error on a_basis == 0
4. Kani proof updated: proof_force_close_resolved_position_conservation
now asserts OI decreases after force_close.
Not changed:
- #1 (haircut order): inherent to sequential haircut model
- aeyakovenko#4 (non-atomic mutations): Solana SVM atomicity
- aeyakovenko#5 (recompute_aggregates incomplete): test-only helper
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
Proof fixes: - bounded_margin_withdrawal: added dust-guard constraint (post-withdrawal capital must be 0 or >= MIN_INITIAL_DEPOSIT) - t10_38_accrue_funding_payer_driven: fixed expected K-delta to use floor_div_signed_conservative_i128 (was using mul_div_ceil_u128) - proof_audit4_init_in_place_canonical: updated assertions for init_oracle_price=DEFAULT_ORACLE (was asserting 0 from pre-§2.7 era) Not changed from reviewer issues: - #1 (public fields): acknowledged as a structural weakness but changing field visibility requires wrapper-side refactor - aeyakovenko#2 (stored funding rate validation): addressed by validate_funding_rate at instruction entry; stored rate only changes via recompute_r_last - aeyakovenko#5 (saturating counters): acknowledged; these are non-critical paths Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
1. force_close_resolved: adds same-epoch phantom dust accounting before zeroing position (same logic as attach_effective_position detach path, spec §4.5/§4.6). Prevents understating phantom_dust_bound when resolved-closing accounts with fractional effective-position remainders. 2. Removed duplicate insurance_floor field from RiskEngine. Now reads exclusively from self.params.insurance_floor.get(). Eliminates split-brain risk between params and top-level field. Not changed (with rationale): - #1 (MAX_PNL_POS_TOT): reviewer said 1e41 but actual value is 1e38, which fits in u128 (max 3.4e38). Compiles correctly. - aeyakovenko#3/aeyakovenko#4 (non-atomic mutations): Solana SVM atomicity guarantee. - aeyakovenko#5 (assert!/panic in internal helpers): these guard invariants proven unreachable by upstream callers. On Solana, both panic and Err abort atomically. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
1. fees_earned_total now tracks only capital actually paid to insurance (realized revenue), not including collectible fee debt that may later be forgiven on close/reclaim. charge_fee_to_insurance returns (cash_paid, total_equity_impact) tuple. LP tracking uses cash_paid; margin enforcement uses total_equity_impact. 2. Removed liquidation_buffer_bps from RiskParams — dead parameter never read by the engine. Not in the spec. Not changed (with rationale): - #1-4 (non-atomic mutations): Solana SVM atomicity. The engine uses validate-then-mutate in critical paths (accrue_market_to, settle_side_effects, force_close_resolved) but the full-instruction atomicity relies on runtime rollback. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
palinatolmach
pushed a commit
that referenced
this pull request
Apr 30, 2026
…itions Three real bugs addressed via TDD (failing tests first, then impl): 1. free_slot head validation (reviewer finding #1) Tests: free_slot_rejects_when_free_head_points_to_used_slot, free_slot_rejects_when_free_head_is_not_head_of_list Fix: Before any mutation, validate free_head is either u16::MAX or a valid in-range free slot with prev_free == u16::MAX. A corrupt in-range head that points at a used slot would graft it into the free list; a corrupt head at a non-head free node would overwrite that node's prev_free pointer. Both now fail conservatively per spec §0 goal 24. 2. enqueue_adl OI_post==0 reset fidelity (reviewer finding aeyakovenko#5) Tests: enqueue_adl_sets_both_reset_flags_on_opp_oi_post_zero_symmetric, enqueue_adl_sets_both_reset_flags_on_opp_oi_post_zero_asymmetric Fix: Spec §5.6 step 8 requires BOTH pending-reset flags set unconditionally when OI_post == 0. The prior impl gated the liq_side flag on `self.get_oi_eff(liq_side) == 0`, which matched spec only under valid bilateral symmetry. Under corrupt imbalance the liq_side flag was silently left unset. Now unconditional. 3. assert_public_postconditions cheap O(1) invariants (reviewer aeyakovenko#6) Tests: public_postcondition_rejects_matured_exceeding_pos_tot, public_postcondition_rejects_rr_cursor_out_of_range, public_postcondition_rejects_neg_pnl_exceeding_materialized, public_postcondition_rejects_ready_snapshot_with_inverted_ratio Fix: Expand the assertion with five additional cheap global-invariant checks: pnl_matured_pos_tot <= pnl_pos_tot, materialized_account_count <= MAX_MATERIALIZED_ACCOUNTS, neg_pnl_account_count <= materialized_account_count, rr_cursor_position < MAX_MATERIALIZED_ACCOUNTS, and (ready → h_num <= h_den). These catch corruption from internal bugs or direct wrapper writes to public invariant-bearing fields. Also: - Module-level docstring: add ABI-affecting change log for the v2 migration (deposit_fee_credits return type change, top_up_insurance_fund bool → (), six deprecated shims). Tests: 248 unit (242 + 6 new TDD) + 3 e2e + 49 lib = 300 total. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps rand from 0.9.2 to 0.9.4.
Changelog
Sourced from rand's changelog.
Commits
ba4c4c6Prepare v0.9.4: fix doc build (#1766)4b8b686Document new error-handling behaviour for ReseedingRng6c25c6dPrepare v0.9.4: fix doc build1aeee9fPrepare v0.9.3: deprecate featurelog(#1764)98473eePrepare rand 0.9.2 (#1648)031a1f5examples/print-next.rs(#1647)6cb75eeMake UniformUsize serializable (#1646)0c955c5Add some tests for BlockRng, BlockRng64 and Xoshiro RNGs (#1639)204084aFix: Remove accidental editor swap file (#1636)86262acDeprecate rand::rngs::mock module and StepRng (#1634)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.