intern: assert state_lock-held on the shared-table mutators

intern_lookup_or_create_ns and mino_defrecord both mutate
state-wide tables (the open-addressing intern hash + entries array,
the record-type linked list) and their documented contract was
"caller holds state_lock", but nothing enforced it. A missing lock
anywhere would tear the table silently and only surface as a
collapsed lookup or a crashed entries[] read much later.

Add MINO_ASSERT_STATE_SAFE -- a debug-build invariant that fires
if the caller is on a multi-threaded state without holding
state_lock recursively -- to the head of both functions. Two real
missing-lock call sites surfaced under the assert and are fixed in
the same commit:

  - worker_run's convey-binding loop in runtime/host_threads.c
    interned symbols before mino_call acquired the lock. Take
    mino_lock around the loop.

  - agent_worker_run held the raw state_lock mutex via
    mino_state_lock_acquire, which does not bump lock_depth.
    Switch to mino_lock so the recursion counter and the assert
    see the held lock.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: leifericf

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## v0.389.9 — Lock-Invariant Asserts on Shared Tables
+
+The intern table and the record-type registry are shared across
+host worker threads but mutated with plain stores; the documented
+contract was "caller holds `state_lock`" and nothing enforced it.
+Add a debug-build assert (`MINO_ASSERT_STATE_SAFE`) at the head of
+`intern_lookup_or_create_ns` and `mino_defrecord` so a missing
+lock surfaces at the offending call site instead of letting a
+torn table escape into production.
+
+Two genuine missing-lock call sites were uncovered and fixed by
+the assert:
+
+- The future worker (`worker_run` in `runtime/host_threads.c`)
+  built its convey-binding chain before `mino_call` acquired
+  state_lock; the `mino_symbol` interns ran unprotected. The
+  convey loop now wraps the intern calls in `mino_lock` /
+  `mino_unlock`.
+- The agent worker (`agent_worker_run` in `prim/agent.c`) took
+  state_lock via the raw `mino_state_lock_acquire` mutex, which
+  does not bump `lock_depth`. Switch to `mino_lock` so the
+  recursion counter stays accurate; the assert and any future
+  lock-aware introspection now see the held lock.
+
 ## v0.389.8 — `eval_try` Catch-Rethrow Protection Hygiene
 
 The catch-with-finally branch was gated on

src/mino.h

@@ -28,7 +28,7 @@
  */
 #define MINO_VERSION_MAJOR 0
 #define MINO_VERSION_MINOR 389
-#define MINO_VERSION_PATCH 8
+#define MINO_VERSION_PATCH 9
 
 /*
  * Human-readable version string of the *linked* runtime, e.g. "0.48.0".

src/prim/agent.c

@@ -468,10 +468,15 @@ static void agent_worker_run(mino_state *S, agent_pool_kind_t kind,
         n = agent_runq_pop(S, kind);
         agent_mu_unlock(&S->agent.mu);
 
-        /* Run the action under state_lock so eval invariants hold. */
-        mino_state_lock_acquire(S);
+        /* Run the action under state_lock so eval invariants hold.
+         * Use mino_lock here rather than the raw state_lock_acquire so
+         * lock_depth tracks the recursion: the convey-binding build
+         * inside agent_worker_run_one interns symbols, and the intern
+         * table's caller-must-hold-lock assert checks lock_depth, not
+         * the underlying mutex. */
+        mino_lock(S);
         agent_worker_run_one(S, n);
-        mino_state_lock_release(S);
+        mino_unlock(S);
 
         /* Decrement the agent's in_flight and signal await waiters. */
         agent_mu_lock(&S->agent.mu);

src/runtime/coordination.h

@@ -73,4 +73,16 @@ void mino_worker_list_lock_release(mino_state *S);
 int  mino_yield_lock(mino_state *S);
 void mino_resume_lock(mino_state *S, int saved_depth);
 
+/* Debug-only invariant: assert that the caller is in a state-safe
+ * window -- either single-threaded (no other writer can interpose,
+ * including the init path before any future has been spawned) or
+ * holding state_lock recursively on this thread. Used to guard
+ * shared-table mutators (intern table, record-type registry) whose
+ * documented contract is "caller must hold state_lock"; the assert
+ * surfaces a missing lock at the offending call site under a debug
+ * build instead of letting a torn table escape into production. */
+#define MINO_ASSERT_STATE_SAFE(S) \
+    assert(!(S)->threading.multi_threaded \
+           || mino_current_ctx(S)->lock_depth > 0)
+
 #endif /* RUNTIME_COORDINATION_H */

src/runtime/host_threads.c

@@ -316,6 +316,12 @@ static void worker_run(mino_future *impl, char *stack_anchor)
             dyn_binding_t *bhead = NULL;
             size_t i;
             int    oom = 0;
+            /* Symbol interning mutates the shared intern table; on a
+             * multi-threaded state every writer must hold state_lock.
+             * The thunk's mino_call acquires it just below, but the
+             * convey-binding build runs before that, so take the lock
+             * explicitly for the symbol/string installs. */
+            mino_lock(S);
             for (i = 0; i < snap->as.map.len; i++) {
                 mino_val    *key = vec_nth(snap->as.map.key_order, i);
                 mino_val    *val = map_get_val(snap, key);
@@ -331,6 +337,7 @@ static void worker_run(mino_future *impl, char *stack_anchor)
                 b->next = bhead;
                 bhead   = b;
             }
+            mino_unlock(S);
             if (!oom) {
                 conveyed = (dyn_frame_t *)malloc(sizeof(*conveyed));
                 if (conveyed == NULL) { dyn_binding_list_free(bhead); }

src/values/val.c

@@ -182,6 +182,14 @@ mino_val *intern_lookup_or_create_ns(mino_state *S, intern_table_t *tbl,
     mino_val *v;
     size_t ns_len;
 
+    /* Caller-must-hold-state_lock contract: the intern table is shared
+     * across host worker threads, but its open-addressing hash, the
+     * append-only entries[] array, and the GC-coupled allocations
+     * inside the insert path all assume serialized writers. Surface
+     * a missing lock at the call site (debug builds) instead of
+     * letting a torn entries[] cell escape into production. */
+    MINO_ASSERT_STATE_SAFE(S);
+
     /* ns_len resolution: callers that constructed via 2-arg (keyword
      * ns name) pass an explicit `ns_len_hint`. Single-string callers
      * pass (size_t)-1; we derive ns_len from the LAST '/' in `s` so a
@@ -563,6 +571,13 @@ mino_val *mino_defrecord(mino_state *S,
         return NULL;
     }
 
+    /* Caller-must-hold-state_lock contract: the linked record-type
+     * registry is shared across host worker threads but mutated with
+     * a plain prepend below; concurrent defrecords would race on the
+     * head pointer. Surface a missing lock at the call site (debug
+     * builds) before the torn list escapes. */
+    MINO_ASSERT_STATE_SAFE(S);
+
     /* Intern ns and name strings via the symbol table so we can compare
      * with pointer equality and the storage outlives any caller-owned
      * buffer. */