regex: assert state_lock-held at the prim call sites

src/regex/re.c uses file-static globals (re_flags and re_g_state)
to hold per-match flag state and capture spans. Every current
caller -- prim_re_find, prim_re_matches, prim_split's regex arm,
prim_str_replace's regex arm -- runs inside mino_call, which
holds state_lock, so the globals are effectively serialized. The
contract was not enforced anywhere, so a future refactor that
elides state_lock around any of those prims would silently
corrupt the next match's capture spans.

Add MINO_ASSERT_STATE_SAFE(S) at each prim's regex call site so
a missing lock fires a debug-build assert at the offending site
rather than leaking into a torn re_g_state. No restructure of
the regex module itself (which would otherwise have meant adding
a context parameter and reflowing every internal helper).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: leifericf

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## v0.389.13 — Lock-Invariant Assert on Regex Prim Entries
+
+The regex engine in `src/regex/re.c` uses file-static globals
+(`re_flags`, `re_g_state`) for match state. All current callers
+go through `re-find`, `re-matches`, `split`, or `str-replace` --
+each runs inside `mino_call`, which holds `state_lock`, so the
+globals are effectively serialized in practice. The contract was
+not enforced anywhere, so a future refactor that elides
+`state_lock` around one of those prims would silently corrupt the
+next match's capture spans. Add `MINO_ASSERT_STATE_SAFE` at each
+prim's regex call site to surface a missing lock at the offending
+site under a debug build.
+
 ## v0.389.12 — Agent Spawn-Rollback Hands Off Concurrent Producer's Queue
 
 When `pthread_create` (or `_beginthreadex`) refuses the agent

src/mino.h

@@ -28,7 +28,7 @@
  */
 #define MINO_VERSION_MAJOR 0
 #define MINO_VERSION_MINOR 389
-#define MINO_VERSION_PATCH 12
+#define MINO_VERSION_PATCH 13
 
 /*
  * Human-readable version string of the *linked* runtime, e.g. "0.48.0".

src/prim/regex.c

@@ -115,6 +115,12 @@ mino_val *prim_re_find(mino_state *S, mino_val *args, mino_env *env)
     if (mino_type_of(text_val) != MINO_STRING) {
         return prim_throw_classified(S, "eval/type", "MTY001", "re-find: second argument must be a string");
     }
+    /* The regex engine uses file-static globals (re_flags +
+     * re_g_state) for match state, so every caller must serialize
+     * through state_lock. The debug-build assert surfaces a missing
+     * lock at the offending call site instead of silently corrupting
+     * the next match's capture spans. */
+    MINO_ASSERT_STATE_SAFE(S);
     compiled = re_compile(pat_data);
     if (compiled == NULL) {
         return prim_throw_classified(S, "eval/contract", "MCT001",
@@ -160,6 +166,7 @@ mino_val *prim_re_matches(mino_state *S, mino_val *args, mino_env *env)
     if (mino_type_of(text_val) != MINO_STRING) {
         return prim_throw_classified(S, "eval/type", "MTY001", "re-matches: second argument must be a string");
     }
+    MINO_ASSERT_STATE_SAFE(S);
     compiled = re_compile(pat_data);
     if (compiled == NULL) {
         return prim_throw_classified(S, "eval/contract", "MCT001",

src/prim/string.c

@@ -491,7 +491,12 @@ mino_val *prim_split(mino_state *S, mino_val *args, mino_env *env)
          * conflated 0 and negative for the literal-string path, so the
          * regex path matches that). */
         const char *pat_src = sep_val->as.regex.source->as.s.data;
-        re_t        compiled = re_compile(pat_src);
+        re_t        compiled;
+        /* See prim_re_find for the rationale: the regex engine's
+         * static-global match state requires every caller to be in
+         * a state-safe window (state_lock held). */
+        MINO_ASSERT_STATE_SAFE(S);
+        compiled = re_compile(pat_src);
         size_t      pos = 0;
         if (compiled == NULL) {
             return prim_throw_classified(S, "eval/contract", "MCT001",
@@ -908,6 +913,7 @@ mino_val *prim_str_replace(mino_state *S, mino_val *args,
                 "str-replace: regex has no source pattern");
         }
         pat_src  = match_val->as.regex.source->as.s.data;
+        MINO_ASSERT_STATE_SAFE(S);
         compiled = re_compile(pat_src);
         if (compiled == NULL) {
             return prim_throw_classified(S, "eval/contract", "MCT001",