navicore/patch-seq
1
0
Fork 0
Code Issues 1 Pull requests Releases 139 Packages Activity Actions

Phase 2 Lint: Data flow analysis for resource leak detection #142

New issue
Closed
opened 2025-12-30 15:33:42 +00:00 by navicore · 2 comments
navicore commented 2025-12-30 15:33:42 +00:00 (Migrated from github.com)
Copy link

Background

The current lint system (Phase 1) uses syntactic pattern matching on word sequences. This works well for detecting simple inefficiencies like swap swap or dup drop, but cannot detect resource leaks that depend on control flow.

PR #138 added simple weave lint rules:

  • weave-immediate-drop - catches strand.weave drop
  • unchecked-resume - catches strand.resume drop drop drop

These catch obvious mistakes but miss more subtle leaks.

Problem: Patterns Can't Track Data Flow

Example 1: Leak through control flow

: example ( -- )
  [ gen ] strand.weave
  some-condition if
    strand.weave-cancel  # Cancel in one branch ✓
  else
    drop                 # LEAK in other branch ✗
  then
;

Pattern matching can't see that drop in the else branch leaks the handle.

Example 2: Leak across word boundaries

: store-weave ( -- Handle )
  [ gen ] strand.weave ;  # Returns handle

: use-and-leak ( -- )
  store-weave drop ;      # LEAK - can't trace across words

Example 3: Conditional completion

: process-some ( -- )
  [ gen ] strand.weave
  0 strand.resume
  if
    drop strand.weave-cancel  # Handled ✓
  else
    drop drop                 # Completed naturally ✓
  then
;

This is correct but pattern matching can't verify both branches handle the resource.

Proposed Solution: Phase 2 Data Flow Analysis

Architecture

┌─────────────────────────────────────────────────────────────┐
│                     Phase 2 Lint Engine                      │
├─────────────────────────────────────────────────────────────┤
│  1. Resource Tagging                                         │
│     - Tag values returned by resource-creating words         │
│     - strand.weave → WeaveHandle                            │
│     - chan.make → Channel                                   │
│     - file.open → FileHandle (future)                       │
├─────────────────────────────────────────────────────────────┤
│  2. Flow Analysis                                            │
│     - Track tagged values through stack operations          │
│     - Follow branches (if/else/then)                        │
│     - Detect when tagged value is:                          │
│       • Consumed by cleanup word (cancel, close)            │
│       • Dropped without cleanup                             │
│       • Escapes scope (returned, stored)                    │
├─────────────────────────────────────────────────────────────┤
│  3. Escape Analysis                                          │
│     - If resource escapes (returned from word), no warning  │
│     - Caller becomes responsible                            │
│     - Could add @must_use annotation for stricter checking  │
├─────────────────────────────────────────────────────────────┤
│  4. Branch Unification                                       │
│     - All branches of if/else must handle resource          │
│     - Either all consume it, or all preserve it             │
│     - Mixed handling is an error                            │
└─────────────────────────────────────────────────────────────┘

Resource Definitions (Config)

# Resource tracking configuration
[[resource]]
id = "weave-handle"
created_by = ["strand.weave"]
consumed_by = ["strand.weave-cancel"]
completed_by_pattern = "strand.resume ... if ... else drop drop then"
message = "WeaveHandle must be cancelled or resumed to completion"

[[resource]]
id = "channel"
created_by = ["chan.make"]
consumed_by = ["chan.close"]
message = "Channel should be closed when no longer needed"

Implementation Phases

Phase 2a: Single-word analysis

  • Track resources within a single word definition
  • Detect leaks at word boundaries
  • No cross-word analysis

Phase 2b: Cross-word analysis

  • Track resources returned from words
  • Propagate "must handle" requirements
  • Detect leaks in callers

Phase 2c: Effect-based tracking

  • Integrate with type system effects
  • Words with Yield effect must be used with strand.weave
  • Automatic resource requirement propagation

Alternative: Linear Types (Long-term)

A more principled solution would be linear/affine types:

# Hypothetical syntax
: example ( -- )
  [ gen ] strand.weave  # Returns linear WeaveHandle!
  # ... handle MUST be used exactly once ...
  strand.weave-cancel   # Consumes the handle
;

This would be a type system change rather than a lint, providing compile-time guarantees.

Acceptance Criteria (Phase 2a MVP)

  • Define resource tracking data structure
  • Implement stack simulation through word body
  • Track resources through if/else/then
  • Emit warning when resource is dropped without cleanup
  • Handle strand.weave and strand.resume completion pattern
  • No false positives on valid code patterns
  • Integration with LSP for real-time feedback

Test Cases

# Should warn: immediate drop
: bad1 ( -- ) [ gen ] strand.weave drop ;

# Should warn: drop in one branch
: bad2 ( -- )
  [ gen ] strand.weave
  true if strand.weave-cancel else drop then ;

# Should NOT warn: both branches handle
: good1 ( -- )
  [ gen ] strand.weave
  true if strand.weave-cancel else strand.weave-cancel then ;

# Should NOT warn: completion pattern
: good2 ( -- )
  [ gen ] strand.weave
  0 strand.resume
  if drop strand.weave-cancel else drop drop then ;

# Should NOT warn: resource escapes (caller's responsibility)
: good3 ( -- Handle ) [ gen ] strand.weave ;

Related Issues

  • #139 - Remove panics from weave FFI
  • #140 - Use ADT for weave control flow
  • #141 - WeaveHandle Drop warning

References

  • Rust's #[must_use] attribute
  • Linear types in Clean, Idris, Linear Haskell
  • Escape analysis in JVM/Go compilers
## Background The current lint system (Phase 1) uses syntactic pattern matching on word sequences. This works well for detecting simple inefficiencies like `swap swap` or `dup drop`, but cannot detect resource leaks that depend on control flow. PR #138 added simple weave lint rules: - `weave-immediate-drop` - catches `strand.weave drop` - `unchecked-resume` - catches `strand.resume drop drop drop` These catch obvious mistakes but miss more subtle leaks. ## Problem: Patterns Can't Track Data Flow ### Example 1: Leak through control flow ```seq : example ( -- ) [ gen ] strand.weave some-condition if strand.weave-cancel # Cancel in one branch ✓ else drop # LEAK in other branch ✗ then ; ``` Pattern matching can't see that `drop` in the else branch leaks the handle. ### Example 2: Leak across word boundaries ```seq : store-weave ( -- Handle ) [ gen ] strand.weave ; # Returns handle : use-and-leak ( -- ) store-weave drop ; # LEAK - can't trace across words ``` ### Example 3: Conditional completion ```seq : process-some ( -- ) [ gen ] strand.weave 0 strand.resume if drop strand.weave-cancel # Handled ✓ else drop drop # Completed naturally ✓ then ; ``` This is correct but pattern matching can't verify both branches handle the resource. ## Proposed Solution: Phase 2 Data Flow Analysis ### Architecture ``` ┌─────────────────────────────────────────────────────────────┐ │ Phase 2 Lint Engine │ ├─────────────────────────────────────────────────────────────┤ │ 1. Resource Tagging │ │ - Tag values returned by resource-creating words │ │ - strand.weave → WeaveHandle │ │ - chan.make → Channel │ │ - file.open → FileHandle (future) │ ├─────────────────────────────────────────────────────────────┤ │ 2. Flow Analysis │ │ - Track tagged values through stack operations │ │ - Follow branches (if/else/then) │ │ - Detect when tagged value is: │ │ • Consumed by cleanup word (cancel, close) │ │ • Dropped without cleanup │ │ • Escapes scope (returned, stored) │ ├─────────────────────────────────────────────────────────────┤ │ 3. Escape Analysis │ │ - If resource escapes (returned from word), no warning │ │ - Caller becomes responsible │ │ - Could add @must_use annotation for stricter checking │ ├─────────────────────────────────────────────────────────────┤ │ 4. Branch Unification │ │ - All branches of if/else must handle resource │ │ - Either all consume it, or all preserve it │ │ - Mixed handling is an error │ └─────────────────────────────────────────────────────────────┘ ``` ### Resource Definitions (Config) ```toml # Resource tracking configuration [[resource]] id = "weave-handle" created_by = ["strand.weave"] consumed_by = ["strand.weave-cancel"] completed_by_pattern = "strand.resume ... if ... else drop drop then" message = "WeaveHandle must be cancelled or resumed to completion" [[resource]] id = "channel" created_by = ["chan.make"] consumed_by = ["chan.close"] message = "Channel should be closed when no longer needed" ``` ### Implementation Phases **Phase 2a: Single-word analysis** - Track resources within a single word definition - Detect leaks at word boundaries - No cross-word analysis **Phase 2b: Cross-word analysis** - Track resources returned from words - Propagate "must handle" requirements - Detect leaks in callers **Phase 2c: Effect-based tracking** - Integrate with type system effects - Words with `Yield` effect must be used with `strand.weave` - Automatic resource requirement propagation ## Alternative: Linear Types (Long-term) A more principled solution would be linear/affine types: ```seq # Hypothetical syntax : example ( -- ) [ gen ] strand.weave # Returns linear WeaveHandle! # ... handle MUST be used exactly once ... strand.weave-cancel # Consumes the handle ; ``` This would be a type system change rather than a lint, providing compile-time guarantees. ## Acceptance Criteria (Phase 2a MVP) - [ ] Define resource tracking data structure - [ ] Implement stack simulation through word body - [ ] Track resources through `if`/`else`/`then` - [ ] Emit warning when resource is dropped without cleanup - [ ] Handle `strand.weave` and `strand.resume` completion pattern - [ ] No false positives on valid code patterns - [ ] Integration with LSP for real-time feedback ## Test Cases ```seq # Should warn: immediate drop : bad1 ( -- ) [ gen ] strand.weave drop ; # Should warn: drop in one branch : bad2 ( -- ) [ gen ] strand.weave true if strand.weave-cancel else drop then ; # Should NOT warn: both branches handle : good1 ( -- ) [ gen ] strand.weave true if strand.weave-cancel else strand.weave-cancel then ; # Should NOT warn: completion pattern : good2 ( -- ) [ gen ] strand.weave 0 strand.resume if drop strand.weave-cancel else drop drop then ; # Should NOT warn: resource escapes (caller's responsibility) : good3 ( -- Handle ) [ gen ] strand.weave ; ``` ## Related Issues - #139 - Remove panics from weave FFI - #140 - Use ADT for weave control flow - #141 - WeaveHandle Drop warning ## References - Rust's `#[must_use]` attribute - Linear types in Clean, Idris, Linear Haskell - Escape analysis in JVM/Go compilers
navicore commented 2026-01-01 05:47:03 +00:00 (Migrated from github.com)
Copy link

https://github.com/navicore/patch-seq/pull/159

https://github.com/navicore/patch-seq/pull/159
navicore commented 2026-01-03 15:33:23 +00:00 (Migrated from github.com)
Copy link

https://github.com/navicore/patch-seq/pull/162

https://github.com/navicore/patch-seq/pull/162
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
test3
test2
test-runner-pr
v6.5.2
v6.5.1
v6.5.0
v6.4.2
v6.4.1
v6.4.0
v6.3.0
v6.2.2
v6.2.1
v6.2.0
v6.1.2
v6.1.1
v6.1.0
v6.0.0
v5.7.1
v5.7.0
v5.6.5
v5.6.4
v5.6.3
v5.6.2
v5.6.1
v5.6.0
v5.5.1
v5.5.0
v5.4.1
v5.4.0
v5.3.0
v5.2.1
v5.2.0
v5.1.1
v5.1.0
v5.0.0
v4.2.1
v4.2.0
v4.1.0
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.1.0
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.0
v2.1.0
v2.0.1
v2.0.0
v1.1.1
v1.1.0
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.21.0
v0.20.1
v0.20.0
v0.19.12
v0.19.11
v0.19.10
v0.19.9
v0.19.8
v0.19.7
v0.19.6
v0.19.5
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.8
v0.18.7
v0.18.6
v0.18.5
v0.18.4
v0.18.3
v0.18.2
v0.18.1
v0.18.0
v0.17.0
v0.16.0
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.0
v0.10.7
v0.10.6
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.5
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.4
v0.3.3
v0.3.2
v0.3.1
Labels
Clear labels   
bug
Something isn't working

  
dependencies
Pull requests that update a dependency file

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
refactor
Code refactoring and cleanup

  
rust
Pull requests that update rust code

  
technical-debt
Technical debt to address

  
wontfix
This will not be worked on

No labels
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
refactor
rust
technical-debt
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
navicore/patch-seq#142
No description provided.