feat(cpp-phase2): PR-02 loader, resolver integration, linux validation#680
Open
shivasurya wants to merge 4 commits intoshiva/cpp-phase2-pr01-generatorfrom
Open
feat(cpp-phase2): PR-02 loader, resolver integration, linux validation#680shivasurya wants to merge 4 commits intoshiva/cpp-phase2-pr01-generatorfrom
shivasurya wants to merge 4 commits intoshiva/cpp-phase2-pr01-generatorfrom
Conversation
Introduces the loader infrastructure that PR-02 will plug into the Phase 1 call-graph resolvers: - core: CStdlibLoader / CppStdlibLoader interfaces, SecurityTag on CallSite, and StdlibRegistry / StdlibCppRegistry hooks on the C and C++ module registries plus a SystemIncludes index. - registry/c_stdlib_remote.go + cpp_stdlib_remote.go: dual-mode loaders (file:// active, HTTP stubbed for PR-03) with double-check locked header caches mirroring the Go stdlib loader. - registry/clike_platform_detector.go: macro + path-hint based linux/darwin/windows detection, host-platform fallback. - registry/clike_disk_cache.go: 24h-TTL on-disk cache wired for the PR-03 HTTP path; tested in isolation here. - registry/c_module.go: BuildCSystemIncludeMap so the resolver can walk a caller file's <header> list. Coverage: 91.4% on registry, 94.7% on core. HTTP fetch paths return explicit "PR-03" errors and stay tested via stub assertions. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Extends Phase 1's resolution chain with a final stdlib lookup so calls into <stdio.h>, <vector>, std::move, vector::push_back, etc. become resolved edges with type, confidence, and security-tag metadata. C builder (c_builder.go): - resolveCCallTarget signature → (string, bool, *CStdlibFunction). - New lookupCStdlib walks SystemIncludes for the caller file and consults StdlibRegistry; first include with a matching symbol wins. - buildCCallSite enriches the emitted CallSite from CStdlibFunction (TypeSource="stdlib", InferredType, TypeConfidence, SecurityTag). C++ builder (cpp_builder.go): - resolveCppCallTarget gains the same 3-tuple shape. - lookupCppStdlibMethod uses the type engine to read the receiver type, canonicalises std::vector<int> → std::vector, and substitutes T/U/V/K placeholders into the return type when present. - lookupCppStdlibFreeFunction handles std::move / std::swap via CppStdlibLoader.GetFreeFunction. - C-shape calls (printf, malloc) from .cpp files keep flowing through the embedded C registry. Project-internal resolution still wins (project printf shadows stdlib printf); receiver-less or untyped calls fall back to the unresolved path with no panics. Coverage: 85.1% on builder package, including the new stdlib paths. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Wires the C/C++ stdlib loaders into the CLI surface and adds smoke
fixtures that exercise the full pipeline.
scan.go / resolution_report.go:
- New --target=linux|darwin|windows flag overrides platform
auto-detection.
- New --stdlib-base-url flag selects the registry source. file://
paths and bare local paths read from disk; http(s):// will be
honoured by PR-03's HTTP loader. Empty value disables stdlib
resolution and keeps Phase 1 behavior.
- initClikeStdlib boots both loaders via DetectClikeTarget +
buildC{,pp}StdlibLoader, calls LoadManifest with a logger adapter,
and degrades to nil-loader-but-keep-scanning on every failure mode
so a missing manifest never breaks a scan.
- buildClikeCallGraphs takes a clikeStdlibConfig; the C and C++
merge helpers inject the loaders into the freshly-built registries
before invoking the call-graph builders.
testdata/c/stdlib/main.c + testdata/cpp/stl/main.cpp: small smoke
fixtures covering printf/malloc/strlen and vector::push_back /
std::move / std::printf for downstream e2e checks.
Coverage on the new cmd helpers: 100% across initClikeStdlib,
loadC{,pp}StdlibFromBase, buildC{,pp}StdlibLoader, and the logger
adapter.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
shivasurya
added
enhancement
shivasurya
added
enhancement
SafeDep Report Summary
No dependency changes detected. Nothing to scan. This report is generated by SafeDep Github App |
Code Pathfinder Security Scan
No security issues detected.
Powered by Code Pathfinder |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## shiva/cpp-phase2-pr01-generator #680 +/- ##
===================================================================
+ Coverage 85.55% 85.61% +0.06%
===================================================================
Files 196 200 +4
Lines 28341 28912 +571
===================================================================
+ Hits 24247 24754 +507
- Misses 3156 3195 +39
- Partials 938 963 +25 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Two changes that together push patch coverage past Codecov's 85.55% gate (84.98% → 85.7%): 1. White-box unit tests for the C++ stdlib helper suite: canonicalizeStdlibType, parseTemplateArgs, applyTemplateSubstitution, replaceWholeWord, substituteTemplateMethodReturn, plus the missing nil/empty-input guards in lookupCppStdlibMethod, lookupCStdlib, and lookupCppStdlibFreeFunction. All five helpers now hit 100%. 2. Bug fix uncovered while writing the K-alias test: the loop in applyTemplateSubstitution broke at V whenever args was shorter than 3, so K never ran. With map<K,V>-style return types written as "K", the placeholder stayed un-substituted. Drop the early break and rely on the per-iteration idx-bounds check. 3. clike_disk_cache_test.go gains an env-clearing test for the $HOME fallback branch in getStdlibCacheRoot (37.5% → 75%). Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR-02 of the C/C++ Phase 2 stdlib stack. Turns the per-header JSON manifests from PR-01 into a working stdlib resolution path inside Phase 1's call-graph builders. After this PR,
pathfinder ciandpathfinder scanresolveprintf,std::vector::push_back,std::move, etc. against the registries on disk.Stacked on #679 — must merge AFTER PR-01. Base branch is
shiva/cpp-phase2-pr01-generator; once #679 lands, this PR will auto-rebase ontomain.What's in here
CStdlibLoader/CppStdlibLoaderinterfaces, file:// + HTTP-stubbed loaders mirroringgo_stdlib_remote.go, platform detector (macros + path hints), 24h-TTL disk cache (consumed by PR-03's HTTP path),SystemIncludesindex.resolveCCallTargetandresolveCppCallTargetgain a 3-tuple return; newlookupCStdlib,lookupCppStdlibMethod,lookupCppStdlibFreeFunctionconsult the loaders after Phase 1 resolution. Template parameters (T/U/V/K) are substituted into stdlib return types when applicable. Project definitions still shadow stdlib symbols.--targetand--stdlib-base-urlflags onscanandresolution-report. Failures degrade to nil-loader-but-keep-scanning so a missing manifest never breaks a run.testdata/c/stdlib/main.candtestdata/cpp/stl/main.cppsmoke fixtures.Out of scope (per PR-02 spec)
--diagnose-stdlibmode + resolution-report stdlib line — PR-04Verification
gradle buildGo— cleango test ./...— all packages passgolangci-lint run ./...— 0 issuesinitClikeStdlib, loader builders, logger adapter)Test plan
pathfinder scan --project sast-engine/testdata/c/stdlib --stdlib-base-url=file://<pr01-output> --target=linuxresolves all 5 calls inmain.ctestdata/cpp/stl/main.cpp🤖 Generated with Claude Code