[bugfix] RootNode: declare CONTEXT_ITEM dependency

[joewiz]

[This response was co-authored with Claude Code. -Joe]

Summary

A one-line dependency-declaration fix in RootNode (the lone-slash root step /), plus a regression test. Without this, the optimizer's predicate hoister treats predicates whose only context-dependent leaf is / as context-independent and evaluates them once outside the iteration. With no context item to resolve against, RootNode.eval falls through to the static-context default branch (getStaticallyKnownDocuments()), which returns every XML resource the broker can read. Under admin that includes content from /db/system/security/, which then atomizes to multiple untypedAtomics and breaks arithmetic in the predicate.

Surfaced while preparing the exist-xqts-runner "assertion fixes only" PR (eXist-db/exist-xqts-runner#61), where commit 5 changes the runner's embedded server connection from getBroker() to authenticate("admin", "") — that change is a prerequisite for the in-flight EXPath File built-in PR (#6257). The runner change unblocks #6257; this fix removes the seven XQTS-HEAD regressions admin-context introduced.

The fix

+    @Override
+    public int getDependencies() {
+        // Declare CONTEXT_ITEM so the optimizer does not hoist predicates
+        // containing only / out of their iteration context.
+        return Dependency.CONTEXT_ITEM | Dependency.CONTEXT_SET;
+    }

RootNode extends Step extends AbstractExpression, which returns Dependency.DEFAULT_DEPENDENCIES = CONTEXT_SET. The default isn't enough: the optimizer's predicate hoister looks at CONTEXT_ITEM specifically to decide whether a sub-expression can be evaluated once outside the iteration. / evaluation depends on the context item to resolve the owner document, so the override is the correct dependency declaration.

RootNode.eval is unchanged. Top-level / in queries with no fn:doc() still falls through to the static-context default in its no-context cases, so the long-standing "absolute path without fn:doc" eXist convention is preserved for legitimate uses (e.g. //foo at the top of a query).

What it fixes

Per a measured before/after on XQTS HEAD against current develop, with two builds of exist-xqts-runner that differ only in broker authentication (guest vs admin):

Test set	Test case	Without fix (admin)	With fix (admin)
prod-PathExpr	PathExpr-1	XPTY0004 "Too many operands at the right of *"	pass
prod-PathExpr	PathExpr-2	XPTY0004	pass
prod-PathExpr	PathExpr-15	XPTY0004	pass
prod-StepExpr	Steps-leading-lone-slash-15	XPTY0004	pass
prod-StepExpr	Steps-leading-lone-slash-17	XPTY0004	pass
prod-StepExpr	Steps-leading-lone-slash-1a	XPTY0004	pass

All six are "leading lone slash" XPath syntax-constraint tests from Nicolae Brinza's 2009 contributions, of the shape fn:count(.[5 * /]) over a single-element document. The expected behavior per the spec, with the bid element as context item, is: / resolves to its owner document (single item), arithmetic produces a single numeric value, the positional predicate has no match, count is zero.

These tests pass under guest only because the static-context fallback returns the empty sequence there (guest can't read system collections). The fix removes the dependency on that accidental coincidence.

The diagnosis trail

Instrumenting OpNumeric.eval with one System.err.println of the operands made the issue obvious:

Admin: op=* user=admin lcount=1 rcount=3 ctxSeq=null ctxItem=null
       rseq[0] type=xs:untypedAtomic val=/authentication/login
       rseq[1] type=xs:untypedAtomic val={RIPEMD160}<hash>
       rseq[2] type=xs:untypedAtomic val={RIPEMD160}<hash>

Guest: op=* user=guest lcount=1 rcount=0 ctxSeq=null ctxItem=null

ctxItem=null in both cases is the smoking gun: the predicate isn't being iterated per-item. The 3-item rseq under admin is admin.xml atomized through the static-doc fallback. The cause is the missing CONTEXT_ITEM dependency on RootNode.

The "all documents in scope under admin" behavior of RootNode.eval is a vendor-specific static-context default that the XPath 3.1 spec permits (§2.1.1 — static context can define a default context item). What's not permitted is the optimizer mistaking a context-dependent expression for a context-independent one; that's the actual bug.

Test plan

• New JUnit regression test RootNodeContextItemDependencyTest covers three positive cases that all pass with the fix and (2 of 3) error without it. The test uses an in-memory <bid>23</bid> document bound via let $ctx := document {...}/bid and exercises fn:count($ctx[5 * /]), fn:count($ctx[(/) * 5]), and fn:count($ctx[fn:count(/) eq 1]).
• mvn test -pl exist-core — 6,592 tests, 0 failures, 0 errors, 106 skipped, 3:39 wall.
• XQTS HEAD with the runner's admin-auth change applied: net effect is +6 passes (the six lone-slash tests above flipping from fail to pass), 0 regressions.

Related

• exist-xqts-runner PR [bugfix] Pass-through for conversion to Item or Atomic #61 — the upstream where admin auth first surfaces this (link will be updated once that PR is open)
• [feature] Add EXPath File Module 4.0 as built-in extension module #6257 — EXPath File built-in extension, which requires admin context to operate; this fix is the precondition for shipping that.

[joewiz]

[This response was co-authored with Claude Code. -Joe]

@reinhapa Thanks Patrick — renamed all three test methods to camelCase in 7eeb631.