メニュー
Analyze behavior under adversarial or extreme API inputs
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
| name | audit-adversarial-input |
| description | Analyze behavior under adversarial or extreme API inputs |
| context | fork |
| agent | auditor |
| disable-model-invocation | true |
Analyze the cache for defects triggered by adversarial or extreme API inputs.
For each category, construct concrete inputs and trace the code path:
Weight extremes: Integer.MAX_VALUE for every entry (overflow?), MAX_VALUE→1 delta (overflow?), 0 for all (unbounded growth?), inconsistent weigher (divergence?).
Expiry extremes: Long.MAX_VALUE nanos (timer wheel overflow?), 0 or negative (infinite loops?), MAX→0 transitions, alternating durations.
Maximum size extremes: Long.MAX_VALUE (arithmetic overflow?), maximumSize(0) (graceful degeneration?), maximumSize(1) (temporary oversize?).
Key/value adversarial behavior: constant hashCode(0) (sketch degeneration?), slow equals() (lock hold explosion?), mutating hashCode (silent corruption?), huge values (allocation failure handling?).
Concurrency extremes: 10K threads on same computeIfAbsent, puts exceeding maintenance throughput (backpressure?), refresh storms from short refreshAfterWrite.
Frequency sketch saturation: all accesses to same key, all unique keys (reset cost?), counter overflow beyond 4-bit limit.
Time extremes: nanoTime near Long.MAX_VALUE (wrap-around?), non-monotonic ticker, large time jumps (timer wheel handling?).
For each issue: state input values, trace computation, state whether it causes incorrect behavior / OOM / infinite loop / degraded performance / graceful handling.
Do not report issues requiring API contract violations (e.g., null keys) unless the violation is undetected and causes silent corruption.
Audit the adaptive window hill-climber and region-resize logic for implementation defects (not algorithm quality)
JSR-107 (JCache) spec-conformance audit
Audit explicit state machines (drain status, node lifecycle, async-value lifecycle) for illegal or missed transitions
Heavyweight history-mining bug audit. Walks the caffeine module's git history chronologically (oldest to HEAD), maintains a forward-tracked issue database, and surfaces concerns introduced by past commits that were never resolved. Catches bugs that snapshot mining cannot — half-fixes invisible from current state, latent+trigger pairs across multi-commit interactions, and partial refactors. Slow (model/effort-dependent; ~24h on Opus + max effort) and rare-run (every several months or before a major release).
Differential audit comparing matched code paths that should behave identically. Spawns one auditor per sibling pair (sync/async, bounded/unbounded, view consistency, bulk vs single, generated node variants, read fast vs slow, adapter conformance) and requires a concrete witness scenario where the two paths diverge observably.
Find places where documented API contracts and the implementation diverge
