[Audit-Low] named.TryAdd silently drops duplicate scoped identifiers

[pepone]

AI-generated audit finding — this issue was opened from an automated security/correctness audit. It has not been triaged by a human yet; verify the reasoning, reproducibility, and severity before acting on it.

Low: _named.TryAdd silently drops duplicate scoped identifiers

Affected code:

• src/ZeroC.Slice.Symbols/SymbolConverter.cs:53-59 — the constructor builds _named via TryAdd; conflicts are discarded without notice

Description:

Two symbols with the same fully-scoped identifier (same moduleScope::id) in the _named index map to the same key. TryAdd keeps the first and drops the second silently. slicec shouldn't emit duplicates — it's the compiler's job to catch name collisions — but if two files share a scope and one defines a type already defined in the other, the second definition disappears from the symbol tree used by generators.

No diagnostic is emitted. The downstream generator sees a different tree from what the user wrote.

Impact:

• Silent drop of duplicate named types in the face of slicec bugs or multi-file scope collisions.
• No operator-visible signal when this happens.

Recommendation:

• Detect collisions explicitly and emit a Diagnostic at DiagnosticLevel.Error.
• Or assert that TryAdd must succeed (throwing InvalidOperationException with context) since this library operates on already-validated slicec output.

Severity: Low.

---

Source report: src-ZeroC.Slice.Symbols-audit-2026-04-14.md (finding ``_named.TryAdd silently drops duplicate scoped identifiers)

Severity (auditor-assigned): Low