Added debug assertions for negative values in counter and histograms

[marcsnid]

Change Summary

Add debug_assert! checks to enforce non-negative values in Counter<f64> and Mmsc (Histogram bridge) instruments in otap_df_telemetry. Counters and Histogram-based instruments must only receive non-negative deltas for correctness. Their sums are exported as Prometheus counters, which require monotonicity.

Three guards added:

• Counter<f64>::add(v) — asserts v >= 0.0
• AddAssign<f64> for Counter<f64> — asserts rhs >= 0.0
• Mmsc::record(value) — asserts value >= 0.0

These use debug_assert! (zero cost in release builds) per the issue discussion.

What issue does this PR close?

#2100

How are these changes tested?

• Replaced the existing test_mmsc_negative_values test (which validated now-invalid behavior) with three #[cfg(debug_assertions)] #[should_panic] tests that verify the assertions fire on negative input:
  • test_mmsc_record_rejects_negative
  • test_counter_f64_add_rejects_negative
  • test_counter_f64_add_assign_rejects_negative
• Tests in otap-df-telemetry continue to pass.

Are there any user-facing changes?

No. debug_assert! is stripped in release builds. In debug builds, passing a negative value to Counter<f64>::add(), Counter<f64> +=, or Mmsc::record() will now panic with a descriptive message, catching incorrect usage during development.

[cijothomas]

if this is stripped off by compiler in release build, this is good. I don't know if any better solution than this.

[cijothomas]

Looks good, and welcome!

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.06%. Comparing base (993ba07) to head (ce30547).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2757      +/-   ##
==========================================
- Coverage   88.06%   88.06%   -0.01%     
==========================================
  Files         644      644              
  Lines      246791   246796       +5     
==========================================
- Hits       217340   217332       -8     
- Misses      28927    28940      +13     
  Partials      524      524              

Components	Coverage Δ
otap-dataflow	89.64% <100.00%> (-0.01%)	⬇️
query_abstraction	80.61% <ø> (ø)
query_engine	90.75% <ø> (ø)
otel-arrow-go	52.45% <ø> (ø)
quiver	92.25% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[lalitb]

Nice cleanup. One small consistency question: should Counter<f64>::new(...) / From<f64> also reject negative initial values in debug builds? This PR catches negative deltas through add() and +=, but callers can still create an invalid counter directly with Counter::new(-1.0f64) or Counter::::from(-1.0).

[marcsnid]

Nice cleanup. One small consistency question: should Counter<f64>::new(...) / From<f64> also reject negative initial values in debug builds? This PR catches negative deltas through add() and +=, but callers can still create an invalid counter directly with Counter::new(-1.0f64) or Counter::::from(-1.0).

Good catch! Since this PR is already in the merge queue, I'll address this in a follow-up PR covering Counter::new() and From.