rigortype 0.0.4 → 0.0.5

data/lib/rigor/inference/method_dispatcher/constant_folding.rb

@@ -8,6 +8,11 @@ require_relative "../builtins/hash_catalog"
 require_relative "../builtins/range_catalog"
 require_relative "../builtins/set_catalog"
 require_relative "../builtins/time_catalog"
+require_relative "../builtins/date_catalog"
+require_relative "../builtins/comparable_catalog"
+require_relative "../builtins/enumerable_catalog"
+require_relative "../builtins/rational_catalog"
+require_relative "../builtins/complex_catalog"
 
 module Rigor
   module Inference
@@ -109,9 +114,14 @@ module Rigor
           arg_sets = args.map { |a| numeric_set_of(a) }
           return nil if arg_sets.any?(&:nil?)
 
-          case args.size
+          dispatch_by_arity(receiver_set, method_name, arg_sets)
+        end
+
+        def dispatch_by_arity(receiver_set, method_name, arg_sets)
+          case arg_sets.size
           when 0 then try_fold_unary(receiver_set, method_name)
           when 1 then try_fold_binary(receiver_set, method_name, arg_sets.first)
+          when 2 then try_fold_ternary(receiver_set, method_name, arg_sets)
           end
         end
 
@@ -220,6 +230,38 @@ module Rigor
           build_constant_type(results, source: receiver_values + arg_values)
         end
 
+        # 2-arg fold dispatch. Used by `Comparable#between?(min, max)`,
+        # `Comparable#clamp(min, max)`, and `Integer#pow(exp, mod)` —
+        # methods the catalog classifies `:leaf` but that the prior
+        # 0/1-arg switch could not reach. Range receivers/args are
+        # held back: a precise 2-arg range fold (e.g.
+        # `int<0,10>.between?(0, 10)` → `Constant[true]`) is a
+        # follow-up; for now any IntegerRange operand bails to the
+        # RBS tier.
+        def try_fold_ternary(receiver_set, method_name, arg_sets)
+          return nil if receiver_set.is_a?(Type::IntegerRange)
+          return nil if arg_sets.any?(Type::IntegerRange)
+
+          try_fold_ternary_set(receiver_set, method_name, arg_sets)
+        end
+
+        def try_fold_ternary_set(receiver_values, method_name, arg_sets)
+          total = receiver_values.size * arg_sets[0].size * arg_sets[1].size
+          return nil if total > UNION_FOLD_INPUT_LIMIT
+          return nil unless receiver_values.all? { |rv| ternary_method_allowed?(rv, method_name) }
+
+          results = ternary_cartesian(receiver_values, method_name, arg_sets)
+          build_constant_type(results, source: receiver_values + arg_sets.flatten)
+        end
+
+        def ternary_cartesian(receiver_values, method_name, arg_sets)
+          receiver_values.flat_map do |rv|
+            arg_sets[0].flat_map do |av0|
+              arg_sets[1].flat_map { |av1| invoke_ternary(rv, method_name, av0, av1) || [] }
+            end
+          end
+        end
+
         def unary_method_allowed?(receiver_value, method_name)
           unary_ops_for(receiver_value).include?(method_name) ||
             catalog_allows?(receiver_value, method_name)
@@ -230,6 +272,13 @@ module Rigor
             catalog_allows?(receiver_value, method_name)
         end
 
+        # 2-arg methods have no hand-rolled allow list; the catalog
+        # is the sole gate. Adding a per-class arity-2 set is reserved
+        # for future cases that need it.
+        def ternary_method_allowed?(receiver_value, method_name)
+          catalog_allows?(receiver_value, method_name)
+        end
+
         # Builds a Constant or Union[Constant…] from a flat list of
         # Ruby values. When the deduped set exceeds
         # `UNION_FOLD_OUTPUT_LIMIT` and every result is an Integer,
@@ -598,6 +647,19 @@ module Rigor
           nil
         end
 
+        # Returns `[value]` on success, `nil` to signal "skip this triple".
+        # Mirrors `invoke_binary` but for the 2-argument shape; the wrap
+        # convention lets callers `flat_map` without losing
+        # legitimate `false`/`nil` folds.
+        def invoke_ternary(receiver_value, method_name, av0, av1)
+          return nil unless ternary_method_allowed?(receiver_value, method_name)
+
+          result = receiver_value.public_send(method_name, av0, av1)
+          foldable_constant_value?(result) ? [result] : nil
+        rescue StandardError
+          nil
+        end
+
         # Returns `[value]` on success, `nil` to signal "skip". See
         # `invoke_binary` for why we wrap.
         def invoke_unary(receiver_value, method_name)
@@ -623,11 +685,54 @@ module Rigor
         # implementation does not call back into user-redefinable
         # Ruby methods, so executing them on a literal Integer/Float
         # is safe regardless of monkey-patching.
+        #
+        # Resolution order:
+        #
+        # 1. Primary class catalog (e.g. NumericCatalog for an
+        #    Integer receiver). When the catalog has an entry —
+        #    even one classified `:dispatch` — that answer wins.
+        #    The class's direct `rb_define_method` registration is
+        #    authoritative; we MUST NOT fall through to a module
+        #    catalog and risk over-folding.
+        # 2. Module catalogs (Comparable, Enumerable, …) that the
+        #    receiver's class includes by ancestry. Reached only
+        #    when the primary catalog has NO entry for the method
+        #    — typically because the method is inherited purely
+        #    through `include Comparable` / `include Enumerable`
+        #    (e.g. `Integer#between?` / `Integer#clamp` are not in
+        #    numeric.yml because the Init block does not
+        #    `rb_define_method` them on Integer).
         def catalog_allows?(receiver_value, method_name)
           catalog, class_name = catalog_for(receiver_value)
-          return false unless catalog
+          return catalog.safe_for_folding?(class_name, method_name) if catalog&.method_entry(class_name, method_name)
 
-          catalog.safe_for_folding?(class_name, method_name)
+          module_catalogs_for(receiver_value).any? do |mod_catalog, mod_name|
+            mod_catalog.method_entry(mod_name, method_name) &&
+              mod_catalog.safe_for_folding?(mod_name, method_name)
+          end
+        end
+
+        # `(Module, catalog, class_name)` triples consulted as a
+        # fallthrough when the primary class catalog has no entry.
+        # Each triple's Module is matched against the receiver
+        # class's ancestor chain at lookup time; the catalog
+        # corresponds to the module-mode YAML at
+        # `data/builtins/ruby_core/<topic>.yml`.
+        MODULE_CATALOGS = [
+          [Comparable, Builtins::COMPARABLE_CATALOG, "Comparable"],
+          [Enumerable, Builtins::ENUMERABLE_CATALOG, "Enumerable"]
+        ].freeze
+        private_constant :MODULE_CATALOGS
+
+        # Returns the `(catalog, class_name)` pairs for every
+        # registered module that is in the receiver's ancestor
+        # chain. The receiver's class's `Module#ancestors` is
+        # cached by Ruby; the `Set` membership check is cheap.
+        def module_catalogs_for(receiver_value)
+          ancestors = Set.new(receiver_value.class.ancestors)
+          MODULE_CATALOGS.filter_map do |mod, catalog, class_name|
+            [catalog, class_name] if ancestors.include?(mod)
+          end
         end
 
         # `(catalog, class_name)` per receiver class. The class_name
@@ -637,16 +742,25 @@ module Rigor
         # before any base-class fallback would, and adding a new
         # class is a one-line addition rather than another `when`
         # arm on a growing case statement.
+        # Subclass-before-superclass ordering: `DateTime < Date`,
+        # so the `DateTime` row MUST come before the `Date` row.
+        # Otherwise a `DateTime` receiver would match the `Date`
+        # arm first and the catalog would consult the Date entry
+        # in `DATE_CATALOG` for the wrong class.
         CATALOG_BY_CLASS = [
-          [Integer, [Builtins::NumericCatalog, "Integer"]],
-          [Float,   [Builtins::NumericCatalog, "Float"]],
-          [String,  [Builtins::STRING_CATALOG, "String"]],
-          [Symbol,  [Builtins::STRING_CATALOG, "Symbol"]],
-          [Array,   [Builtins::ARRAY_CATALOG,  "Array"]],
-          [Hash,    [Builtins::HASH_CATALOG,   "Hash"]],
-          [Range,   [Builtins::RANGE_CATALOG,  "Range"]],
-          [::Set,   [Builtins::SET_CATALOG,    "Set"]],
-          [Time,    [Builtins::TIME_CATALOG,   "Time"]]
+          [Integer,  [Builtins::NumericCatalog, "Integer"]],
+          [Float,    [Builtins::NumericCatalog, "Float"]],
+          [String,   [Builtins::STRING_CATALOG, "String"]],
+          [Symbol,   [Builtins::STRING_CATALOG, "Symbol"]],
+          [Array,    [Builtins::ARRAY_CATALOG,  "Array"]],
+          [Hash,     [Builtins::HASH_CATALOG,   "Hash"]],
+          [Range,    [Builtins::RANGE_CATALOG,  "Range"]],
+          [::Set,    [Builtins::SET_CATALOG,    "Set"]],
+          [Time,     [Builtins::TIME_CATALOG,   "Time"]],
+          [DateTime, [Builtins::DATE_CATALOG,   "DateTime"]],
+          [Date,     [Builtins::DATE_CATALOG,   "Date"]],
+          [Rational, [Builtins::RATIONAL_CATALOG, "Rational"]],
+          [Complex,  [Builtins::COMPLEX_CATALOG,  "Complex"]]
         ].freeze
         private_constant :CATALOG_BY_CLASS
 

data/lib/rigor/inference/method_dispatcher/iterator_dispatch.rb

@@ -32,14 +32,20 @@ module Rigor
 
         # @return [Array<Rigor::Type>, nil] block-param types, or
         #   nil to fall through to the next tier.
+        # rubocop:disable Metrics/CyclomaticComplexity
         def block_param_types(receiver:, method_name:, args:)
           case method_name
           when :times then times_block_params(receiver)
           when :upto  then upto_block_params(receiver, args.first)
           when :downto then downto_block_params(receiver, args.first)
           when :each_with_index then each_with_index_block_params(receiver)
+          when :each_with_object then each_with_object_block_params(receiver, args.first)
+          when :inject, :reduce then inject_block_params(receiver, args)
+          when :group_by, :partition then single_element_block_params(receiver)
+          when :each_slice, :each_cons then slice_block_params(receiver)
           end
         end
+        # rubocop:enable Metrics/CyclomaticComplexity
 
         def times_block_params(receiver)
           return nil unless integer_rooted?(receiver)
@@ -88,6 +94,99 @@ module Rigor
           [element, Type::Combinator.non_negative_int]
         end
 
+        # `each_with_object(memo) { |elem, memo_inner| … }` yields
+        # `(element, memo)` where `memo` is the second argument's
+        # type (passed by reference and threaded across iterations
+        # at runtime — Rigor reflects that by binding the block's
+        # second parameter to whatever the call site supplied).
+        # When the call has no memo argument the dispatcher
+        # declines so the user's RBS / overload selector decides.
+        def each_with_object_block_params(receiver, memo_arg)
+          return nil if memo_arg.nil?
+
+          element = element_type_of(receiver)
+          return nil if element.nil?
+
+          [element, memo_arg]
+        end
+
+        # `inject(seed) { |memo, elem| … }` and `reduce` accept
+        # three call shapes:
+        #
+        # - `(seed) { |memo, elem| … }` — block params `[seed, element]`.
+        #   The memo's static type is the seed's; we cannot prove the
+        #   block return type here without round-tripping through the
+        #   block analyser, so the binding is the seed's type and
+        #   downstream inference widens as needed.
+        # - `() { |memo, elem| … }` — the first iteration uses the
+        #   first element as the memo, so `[element, element]` is the
+        #   sound binding.
+        # - `(seed, :sym)` / `(:sym)` — Symbol method-name forms have
+        #   no block. `inject` with a Symbol final arg is recognised
+        #   and declined (returns nil) so the dispatcher does not
+        #   pretend a block existed.
+        def inject_block_params(receiver, args)
+          element = element_type_of(receiver)
+          return nil if element.nil?
+
+          case args.size
+          when 0
+            [element, element]
+          when 1
+            seed = args.first
+            return nil if symbol_constant?(seed)
+
+            [seed, element]
+          when 2
+            # `inject(seed, :sym)` — Symbol-call form, no block.
+            return nil if symbol_constant?(args[1])
+
+            [args[0], element]
+          end
+        end
+
+        def symbol_constant?(type)
+          type.is_a?(Type::Constant) && type.value.is_a?(Symbol)
+        end
+
+        # Element-yielding Enumerable methods covered as a v0.0.5
+        # placeholder. RBS already binds the block parameter
+        # correctly for plain `Array[T]` / `Set[T]` / `Range[T]`
+        # receivers via generic substitution; this tier exists so
+        # Tuple- and HashShape-shaped receivers reach the block
+        # body with the precise per-position element union /
+        # `Tuple[K, V]` pair rather than the projected
+        # `Array[union]` / `Hash[K, V]` widening.
+        #
+        # NOTE (v0.0.5): the per-method coverage here (group_by,
+        # partition, each_slice, each_cons) is intentionally
+        # narrow. The longer-term direction is to move
+        # Enumerable-aware projections into a plugin tier modelled
+        # after PHPStan's extension API (ADR-2). The placeholders
+        # below stay until the plugin surface is in place; once it
+        # ships, this dispatcher loses these arms and the
+        # equivalent rules move into a built-in plugin loaded at
+        # boot.
+        def single_element_block_params(receiver)
+          element = element_type_of(receiver)
+          return nil if element.nil?
+
+          [element]
+        end
+
+        # `each_slice(n) { |slice| … }` and `each_cons(n) { |window| … }`
+        # both yield an `Array[element]` once per iteration. The
+        # tier ignores the slice-size argument (a Constant<Integer>
+        # `n` could in principle bound the slice's length, but a
+        # tighter Tuple-of-`n` carrier is reserved for the plugin
+        # tier per the NOTE above).
+        def slice_block_params(receiver)
+          element = element_type_of(receiver)
+          return nil if element.nil?
+
+          [Type::Combinator.nominal_of("Array", type_args: [element])]
+        end
+
         ELEMENT_BY_NOMINAL = {
           "Array" => :nominal_unary_element,
           "Set" => :nominal_unary_element,

data/lib/rigor/inference/method_dispatcher/kernel_dispatch.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require_relative "../../type"
+
+module Rigor
+  module Inference
+    module MethodDispatcher
+      # Kernel intrinsic shape-folding — precision tier for the
+      # `Kernel` module-functions whose return type is a function
+      # of the argument's *shape*, not just its class.
+      #
+      # Today the only catalogued intrinsic is `Kernel#Array`. The
+      # default RBS sig is `Array(untyped) -> Array[untyped]`, which
+      # collapses to `Array[Dynamic[top]]` for every caller. This
+      # tier short-circuits with a precise answer when the argument's
+      # type lattice tells us what the result element type MUST be:
+      #
+      #   Array(Constant[nil])         -> Array[bot]      # `[]`
+      #   Array(Nominal["Array",[E]])  -> Array[E]        # already an Array
+      #   Array(Tuple[T1,T2,…])        -> Array[T1|T2|…]
+      #   Array(Union[A,B,…])          -> distribute, then unify
+      #   Array(other Nominal[T])      -> Array[Nominal[T]]
+      #
+      # For receiver shapes we cannot prove (`Top`, `Dynamic`, …)
+      # the tier returns nil and the RBS tier answers with the
+      # generic `Array[untyped]` envelope.
+      #
+      # See `docs/type-specification/value-lattice.md` for the
+      # union-distribution contract this tier mirrors.
+      module KernelDispatch
+        module_function
+
+        def try_dispatch(receiver:, method_name:, args:)
+          return nil unless method_name == :Array
+          return nil if args.length != 1
+          return nil if receiver.nil?
+
+          arg = args.first
+          element = element_type_of(arg)
+          return nil if element.nil?
+
+          Type::Combinator.nominal_of("Array", type_args: [element])
+        end
+
+        # Computes the element type the argument contributes to the
+        # `Array(arg)` result, mirroring Ruby's coercion contract:
+        #
+        # - `nil` becomes `[]` (element type Bot — the empty array
+        #   contributes no inhabitants).
+        # - An existing `Array[E]` is returned as-is, so its element
+        #   type is `E`.
+        # - A `Tuple[T1, T2, …]` is materialised as `Array[T1|T2|…]`
+        #   (every tuple inhabitant is a tuple, hence Array-like).
+        # - Any other value `v` becomes `[v]`, so the element type
+        #   is the value's own type.
+        #
+        # Returns nil for receiver shapes the tier cannot prove
+        # (Top, Dynamic, Bot in pre-coercion position) so the
+        # caller falls back to the RBS-tier envelope.
+        def element_type_of(type)
+          case type
+          when Type::Union
+            distribute_over_union(type)
+          when Type::Constant
+            type.value.nil? ? Type::Combinator.bot : type
+          when Type::Nominal
+            array_element_or_self(type)
+          when Type::Tuple
+            tuple_element_union(type)
+          end
+        end
+
+        def distribute_over_union(union)
+          contributions = union.members.map { |member| element_type_of(member) }
+          return nil if contributions.any?(&:nil?)
+
+          Type::Combinator.union(*contributions)
+        end
+
+        def array_element_or_self(nominal)
+          return nominal unless nominal.class_name == "Array"
+          return Type::Combinator.untyped if nominal.type_args.empty?
+
+          Type::Combinator.union(*nominal.type_args)
+        end
+
+        def tuple_element_union(tuple)
+          return Type::Combinator.bot if tuple.elements.empty?
+
+          Type::Combinator.union(*tuple.elements)
+        end
+      end
+    end
+  end
+end

data/lib/rigor/inference/method_dispatcher.rb

@@ -6,6 +6,7 @@ require_relative "method_dispatcher/shape_dispatch"
 require_relative "method_dispatcher/rbs_dispatch"
 require_relative "method_dispatcher/iterator_dispatch"
 require_relative "method_dispatcher/file_folding"
+require_relative "method_dispatcher/kernel_dispatch"
 
 module Rigor
   module Inference
@@ -93,7 +94,8 @@ module Rigor
 
         ConstantFolding.try_fold(receiver: receiver_type, method_name: method_name, args: arg_types) ||
           ShapeDispatch.try_dispatch(receiver: receiver_type, method_name: method_name, args: arg_types) ||
-          FileFolding.try_dispatch(receiver: receiver_type, method_name: method_name, args: arg_types)
+          FileFolding.try_dispatch(receiver: receiver_type, method_name: method_name, args: arg_types) ||
+          KernelDispatch.try_dispatch(receiver: receiver_type, method_name: method_name, args: arg_types)
       end
 
       def try_user_class_fallback(receiver_type, method_name, arg_types, environment, block_type)

data/lib/rigor/inference/narrowing.rb

@@ -241,6 +241,55 @@ module Rigor
         narrow_class_dispatch(type, class_name, context)
       end
 
+      # Negation pair for `assert_value is ~refinement` /
+      # `predicate-if-* … is ~refinement` directives. Computes
+      # the complement of `refinement` within the current
+      # local's domain `current_type`.
+      #
+      # Carrier-by-carrier rules:
+      #
+      # - `Difference[base, Constant[v]]`. Complement of
+      #   `base \ {v}` within `current_type`. Walk the current
+      #   type's union members, keep each part disjoint from
+      #   `base`, and add the removed-value Constant once when
+      #   any current member covers it. `assert s is
+      #   ~non-empty-string` over `s: String | nil` narrows to
+      #   `Constant[""] | NilClass`.
+      # - `IntegerRange[a, b]` (v0.0.5+ slice). Complement is
+      #   the two open halves `int<min, a-1>` and
+      #   `int<b+1, max>`, each intersected with the
+      #   integer-domain parts of `current_type`. Non-integer
+      #   parts (nil, String, …) of a Union receiver survive
+      #   unchanged. `assert n is ~int<5, 10>` over `n:
+      #   Integer | nil` narrows to `int<min, 4> | int<11,
+      #   max> | NilClass`.
+      # - `Type::Intersection[M1, M2, …]` (v0.0.5+ slice). De
+      #   Morgan: `D \ (M1 ∩ M2) = (D \ M1) ∪ (D \ M2)`. Each
+      #   member's complement is computed independently within
+      #   `current_type` and the results are unioned. Members
+      #   the algebra cannot complement (Refined, non-Constant
+      #   Difference, …) contribute `current_type` itself, so
+      #   the union widens the answer to `current_type` —
+      #   sound but imprecise.
+      # - `Refined[base, predicate]`. Predicate complements are
+      #   not reducible to a finite carrier without a richer
+      #   shape (e.g. `~lowercase-string` is "uppercase OR
+      #   mixed-case"); `current_type` is returned unchanged.
+      def narrow_not_refinement(current_type, refinement_type)
+        case refinement_type
+        when Type::Difference
+          return current_type unless refinement_type.removed.is_a?(Type::Constant)
+
+          complement_difference(current_type, refinement_type)
+        when Type::IntegerRange
+          complement_integer_range(current_type, refinement_type)
+        when Type::Intersection
+          complement_intersection(current_type, refinement_type)
+        else
+          current_type
+        end
+      end
+
       # Public predicate analyser. Returns `[truthy_scope, falsey_scope]`,
       # always; when no narrowing rule matches the predicate node both
       # entries are the receiver scope unchanged.
@@ -321,6 +370,162 @@ module Rigor
       class << self
         private
 
+        # Complement of `Difference[base, Constant[v]]` within
+        # `current_type`. Walks the current type's union members,
+        # keeps each member disjoint from `base` (those values
+        # were never in the refinement to begin with), and adds
+        # the removed-value `Constant[v]` exactly once when any
+        # current member covers it. Members that are fully
+        # contained in the refinement (i.e. inside `base` and
+        # NOT equal to the removed value) are dropped — they are
+        # exactly the values the negation excludes.
+        def complement_difference(current_type, difference)
+          base = difference.base
+          removed = difference.removed
+          parts = current_type.is_a?(Type::Union) ? current_type.members : [current_type]
+
+          survivors = []
+          add_removed = false
+          parts.each do |part|
+            if base_disjoint?(base, part)
+              survivors << part
+            elsif part_covers_constant?(part, removed)
+              add_removed = true
+            end
+          end
+          survivors << removed if add_removed
+
+          return current_type if survivors.empty?
+
+          Type::Combinator.union(*survivors)
+        end
+
+        def base_disjoint?(base, part)
+          base.accepts(part, mode: :gradual).no?
+        end
+
+        def part_covers_constant?(part, constant)
+          result = part.accepts(constant, mode: :gradual)
+          result.yes? || result.maybe?
+        end
+
+        # Complement of an `IntegerRange[a, b]` within
+        # `current_type`. Splits the range complement into the
+        # two open halves `int<min, a-1>` and `int<b+1, max>`
+        # (skipping a half when its bound is infinity), then
+        # intersects each half with the integer-domain parts of
+        # `current_type`. Non-integer parts of a Union receiver
+        # (nil, String, …) survive unchanged.
+        # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+        def complement_integer_range(current_type, range)
+          halves = integer_range_complement_halves(range)
+          parts = current_type.is_a?(Type::Union) ? current_type.members : [current_type]
+
+          survivors = []
+          parts.each do |part|
+            if integer_member?(part)
+              halves.each do |half|
+                meet = intersect_integer_part(part, half)
+                survivors << meet unless meet.nil? || meet.is_a?(Type::Bot)
+              end
+            else
+              survivors << part
+            end
+          end
+
+          return current_type if survivors.empty?
+
+          Type::Combinator.union(*survivors)
+        end
+        # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+        # Returns the two open halves of an IntegerRange's
+        # complement: the left half `int<-∞, a-1>` (when `a` is
+        # finite) and the right half `int<b+1, ∞>` (when `b` is
+        # finite). Universal ranges (both bounds infinite) yield
+        # an empty array — the complement is empty.
+        def integer_range_complement_halves(range)
+          halves = []
+          left_max = range.min
+          right_min = range.max
+
+          if left_max.is_a?(Integer)
+            halves << Type::Combinator.integer_range(Type::IntegerRange::NEG_INFINITY, left_max - 1)
+          end
+          if right_min.is_a?(Integer)
+            halves << Type::Combinator.integer_range(right_min + 1, Type::IntegerRange::POS_INFINITY)
+          end
+          halves
+        end
+
+        def integer_member?(part)
+          case part
+          when Type::Constant then part.value.is_a?(Integer)
+          when Type::IntegerRange then true
+          when Type::Nominal then part.class_name == "Integer"
+          else false
+          end
+        end
+
+        # Intersect an integer-domain part with a complement
+        # half-range. For a Nominal[Integer] receiver the meet
+        # is the half itself; for an existing IntegerRange the
+        # meet narrows both bounds; for a Constant[Integer] the
+        # meet is the constant when the half covers it,
+        # otherwise nil.
+        def intersect_integer_part(part, half)
+          case part
+          when Type::Nominal
+            half
+          when Type::IntegerRange
+            integer_range_meet(part, half)
+          when Type::Constant
+            half.covers?(part.value) ? part : nil
+          end
+        end
+
+        def integer_range_meet(left, right)
+          low = numeric_to_bound([integer_bound_value(left.min), integer_bound_value(right.min)].max)
+          high = numeric_to_bound([integer_bound_value(left.max), integer_bound_value(right.max)].min)
+          return nil if integer_range_disjoint?(low, high)
+
+          Type::Combinator.integer_range(low, high)
+        end
+
+        def integer_bound_value(bound)
+          return -Float::INFINITY if bound == Type::IntegerRange::NEG_INFINITY
+          return Float::INFINITY if bound == Type::IntegerRange::POS_INFINITY
+
+          bound
+        end
+
+        def numeric_to_bound(value)
+          return Type::IntegerRange::NEG_INFINITY if value == -Float::INFINITY
+          return Type::IntegerRange::POS_INFINITY if value == Float::INFINITY
+
+          value.to_i
+        end
+
+        def integer_range_disjoint?(low, high)
+          return false if low == Type::IntegerRange::NEG_INFINITY
+          return false if high == Type::IntegerRange::POS_INFINITY
+
+          low > high
+        end
+
+        # De Morgan: `D \ (M1 ∩ M2 ∩ …) = (D \ M1) ∪ (D \ M2) ∪
+        # …`. Each member's complement is computed independently
+        # within `current_type` and the results are unioned.
+        # Members the algebra cannot complement contribute
+        # `current_type` itself, so the union widens to
+        # `current_type` overall — sound but imprecise.
+        def complement_intersection(current_type, intersection)
+          per_member = intersection.members.map do |member|
+            Narrowing.narrow_not_refinement(current_type, member)
+          end
+          Type::Combinator.union(*per_member)
+        end
+
         def falsey_value?(value)
           value.nil? || value == false
         end
@@ -1029,7 +1234,11 @@ module Rigor
         # the effect's `negative?` flag. Shared between
         # predicate-if-* and assert-if-* application paths.
         def narrow_for_effect(current, effect, environment)
-          return effect.refinement_type if effect.respond_to?(:refinement?) && effect.refinement?
+          if effect.respond_to?(:refinement?) && effect.refinement?
+            return narrow_not_refinement(current, effect.refinement_type) if effect.negative?
+
+            return effect.refinement_type
+          end
 
           if effect.negative?
             narrow_not_class(current, effect.class_name, exact: false, environment: environment)