Motivation

Closes: CLU-137

Fixes two user-visible bugs in how reduce treats an erroring operand of a non-strict AND/OR:

• A materialized view or query whose mz_now() temporal filter sits under an OR of ANDs, e.g.

  WHERE (a AND ... AND mz_now() < t) OR (b AND ... AND mz_now() < t)

  could panic the compute worker (or fail to plan) with Unsupported temporal predicate. The shared mz_now() < t conjunct was left buried inside the OR instead of being factored out, so temporal-filter extraction failed. This is the CLU-137 panic.

• A query that should short-circuit, such as WHERE col AND (1/0 = 1), could spuriously fail at runtime (e.g. division by zero) even on rows where col is false. AND/OR are non-strict: false AND <error> is false and true OR <error> is true, so such rows must be filtered, not errored.

Description

The generic variadic fold in reduce replaced a call with any operand's literal error unconditionally, which is wrong for a function that is not strict in errors. Fold only for the strict variadics, excluding AND/OR and ErrorIfNull (which can absorb an operand's error at runtime — via a dominating false/true operand, or a non-null first argument respectively).

Keeping the erroring operand then reaches undistribute_and_or, which recombines operands across AND/OR's short-circuit boundary. That only preserves error semantics for operands common to every disjunct, so undistribution is skipped otherwise. A shared temporal predicate (mz_now() < t, whose cast can error) is common to every disjunct, so it is still factored out and stays extractable — unlike the reverted #37049's blunt could_error() skip, which disabled this factoring and caused the CLU-137 panic.

Note: pure factoring (a AND b) OR (a AND c) → a AND (b OR c) is not error-preserving in general (for NULL a, b true, c erroring, the original errors while the factored form yields NULL), so the guard keys on whether a could-error operand is common to all disjuncts, not on the "factoring vs absorption" distinction.

Verification

• Unit tests in src/expr/src/scalar.rs (test_reduce_and_or_preserves_operand_errors, test_reduce_and_or_undistributes_common_error) — verified red on the reverted base.
• test/sqllogictest/error_semantics.slt: AND/OR short-circuit-over-error queries — verified red without the fix (division by zero on rows that should be filtered).
• test/sqllogictest/temporal.slt: the CLU-137 mz_now() OR-of-ANDs materialized view — verified red under the reverted blunt guard (Unsupported temporal predicate).
• mz-expr + mz-transform unit suites and an slt sweep (predicate_pushdown, predicate_reduction, fold_constants) pass with no plan changes.