fix(dep-check): restrict collectCallees scan to body tokens only#71
Merged
Conversation
collectCallees was scanning from fn.tokenStart (the `unsafe`/`fn` keyword)
through tokenEnd, so idents in the parameter list and return-type annotation
could be mistaken for body calls. A parameter default like:
fn caller(x: string = helper()) -> string = x
would cause DEP001 to fire on `caller` for missing `reads { cache }` even
though `helper()` is evaluated at the call site, not in the body.
Fix: add `bodyTokenStart` to FnDecl (the token index of `{` or `=` that
opens the body) and start the collectCallees scan there instead of
fn.tokenStart.
Closes #70.
Co-Authored-By: Botkowski <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes DEP001 false-positives caused by collectCallees scanning the entire fn token range (including parameter lists and return-type annotations) instead of restricting analysis to the function body.
Changes:
- Add
bodyTokenStarttoFnDeclto record the token index where the function body begins ({or=). - Update
collectCalleesindep-check.tsto start scanning atfn.bodyTokenStartrather thanfn.tokenStart. - Add regression tests covering the parameter-default false-positive case and a body-call sanity check.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| packages/compiler/tests/dep-check.test.ts | Adds regression coverage for DEP001 behavior around parameter defaults (and asserts body calls still trigger). |
| packages/compiler/src/passes/dep-check.ts | Restricts callee token scanning to the body region via bodyTokenStart. |
| packages/compiler/src/parser/parse-fn.ts | Extends FnDecl with bodyTokenStart and populates it during parsing. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+195
to
+206
| // --------------------------------------------------------------------------- | ||
| // Parameter-default / return-type false-positive regression (issue #70) | ||
| // --------------------------------------------------------------------------- | ||
|
|
||
| describe("parameter default and return-type exclusion", () => { | ||
| it("does not fire DEP001 when callee appears only in a parameter default, not the body", () => { | ||
| // `helper` is called in the parameter default of `caller` (evaluated at the | ||
| // call site), not in caller's body. collectCallees must not pick it up. | ||
| const src = | ||
| "?bs 0.9\n" + | ||
| "fn helper() reads { cache } -> string = \"x\"\n" + | ||
| "fn caller(x: string = helper()) -> string = x\n"; |
Comment on lines
+109
to
+111
| * parameter list or return-type annotation. | ||
| */ | ||
| bodyTokenStart: number; |
- Make bodyTokenStart optional in FnDecl to avoid breaking downstream code that constructs FnDecl values structurally (mocks, tooling); add ?? fn.tokenStart fallback in collectCallees - Rename test describe block to accurately reflect parameter-default-only coverage; add comment explaining return-type exclusion is implicit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Merged
4 tasks
marcelofarias
added a commit
that referenced
this pull request
May 20, 2026
…01/INT002 on param types (#75) * fix(cap-check,intent-check): scan from bodyTokenStart to avoid false positives on parameter/return types CAP001/CAP002 (cap-check.ts) and INT002 (intent-check.ts) were scanning from fn.tokenStart, which includes the fn keyword, name, parameter list, and return type annotation. This caused false positives when a stdlib namespace identifier (http, fs, time, …) appeared in a type annotation rather than an actual capability call — for example: fn handleReq(client: http.Client) -> string = "ok" // ^^ CAP001 fired on http.Client even though no capability is consumed The fix mirrors the approach from PR #71 (dep-check) and the thr002 branch (thr-check): start the scan at fn.bodyTokenStart ?? fn.tokenStart so the parameter list and return type annotation are skipped entirely. Adds regression tests to cap-check.test.ts confirming stdlib namespace in parameter type annotations no longer triggers CAP001. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(cap-check): strengthen return-type annotation regression test Replace the assertion-free second test case with one that actually verifies no CAP001 fires when the stdlib namespace appears only in the return type (body is a plain literal, not a stdlib call). Also removes the misleading "double-fire" comment: cap-check short-circuits on first error so double-fire is impossible; the real concern is false positives from type annotations. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Marcelo Farias <mfarias@Marcelos-MacBook-Pro-4.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #70.
collectCalleesindep-check.tswas scanning fromfn.tokenStart(theunsafe/fnkeyword token) throughfn.tokenEnd. This means idents in the parameter list and return-type annotation could be mistaken for body calls.Concrete case from #70:
?bs 0.9 fn helper() reads { cache } -> string = "x" fn caller(x: string = helper()) -> string = xhelperappears incaller's parameter default — evaluated at the call site, not in the body. DEP001 was firing oncallerfor missingreads { cache }even though the body never callshelper.Fix
bodyTokenStart: numbertoFnDecl— the token-array index of the{or=that opens the body (i.e.typeEndfromparseFn).collectCalleesto start its scan atfn.bodyTokenStartinstead offn.tokenStart, skipping the parameter list and return-type annotation.Note on open PRs
The
botkowski/throws-header(PR #64) andbotkowski/thr002(PR #66) branches include_callgraph.tswhich extractscollectCalleesinto a shared module. Those PRs will need to pick upbodyTokenStartfromFnDecland apply the same fix tocollectCalleesin_callgraph.ts. Thebotkowski/uns005-v2branch also has a similar scan inuns-check.tsthat will need the same treatment.Test plan
pnpm -r build && pnpm test— 549/549 pass (2 new regression tests)caller(x = helper())— no DEP001caller() { helper() }— DEP001 still fires🤖 Generated with Claude Code