fix: bounds check in Delete to prevent index out of range panic by Yanhu007 · Pull Request #280 · buger/jsonparser

Bug fixes:
- Fix Delete panic on truncated JSON (PR #280 class): tokenEnd returns
  len(data) as sentinel when no delimiter found, Delete used it as unchecked
  array index causing out-of-bounds panic on inputs like {"test":1
- Fix ArrayEach callback error swallowing: callback's err parameter was
  always nil despite the signature declaring it. Callers checking err in
  their callback had dead error handling code. Now the callback receives
  per-element parse errors before iteration stops.

Dead code removal (all verified safe by MC/DC analysis + 60 targeted tests):
- Remove tautological for-true loops (ArrayEach, Unescape, ObjectEach)
- Remove dead tokenEnd end==-1 guard in getType (tokenEnd never returns -1)
- Remove dead r<=basicMultilingualPlaneOffset in decodeUnicodeEscape (tautology)
- Remove dead data[i]=='{' block-skip in EachKey (structurally unreachable)
- Remove contradictory keys[level][0]!='[' in searchKeys (outer guard already checks ==)
- Remove dead e!=nil in ArrayEach o==0 branch (Get offset=0 always means error)
- Remove tautological ln>0 guard in findKeyStart (proven by prior nextToken check)

Formal verification (ReqProof):
- 92 requirements (7 stakeholder + 85 system) covering all API families
- 18 obligation classes including truncated_at_value_boundary, sentinel_value_boundary,
  error_propagation, and truncated_escape_sequence
- 100% requirement-level MC/DC (204/204 witness rows)
- 100% code-level MC/DC (203/203 decisions, 244/244 conditions)
- Kind2 realizability, consistency, and vacuity verification
- Z3 data property proofs and behavioral implication proofs
- 340 FLIP fixtures + 21 Z3 boundary fixtures
- CI integration via probelabs/proof-action@v1

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>