Skip to content

fix(registry): restrict same-module and unique-name suffix matches on receivers#1128

Open
sahil-mangla wants to merge 2 commits into
DeusData:mainfrom
sahil-mangla:fix/registry-resolution
Open

fix(registry): restrict same-module and unique-name suffix matches on receivers#1128
sahil-mangla wants to merge 2 commits into
DeusData:mainfrom
sahil-mangla:fix/registry-resolution

Conversation

@sahil-mangla

Copy link
Copy Markdown
Contributor

Description

This PR tightens the call-resolution core in the registry to prevent false-positive CALLS edge resolutions when dealing with qualified receivers, improving precision across all supported languages.

Changes

  • Restricted resolve_same_module on receivers: The resolve_same_module strategy now validates the receiver prefix. It will correctly resolve self-receivers (self.get), exact module prefixes (proj.pkg.service.get), and last-segment namespace matches (service.get). It actively rejects resolving to local functions when the receiver is clearly unrelated (e.g., axios.get or _get_store().get), preventing spurious edges to same-named functions within the current module.
  • Restricted resolve_name_lookup for qualified callees: Added a qn_ends_with_qualified check. If a callee name is explicitly qualified (e.g., contains . or ::), the resolution candidate's qualified name must properly terminate with that exact qualification (unless the candidate is explicitly labeled as a Method), preventing cross-namespace leakage on generic method names.

Impact

  • Precision vs Recall: This change heavily favors precision, eliminating wide blast-radius false positives on common method names (like get, add, update) when invoked on unrelated imported or delegated receiver objects.
  • Testing: Added regression tests for resolve_same_module_only_on_self_receiver and verified the full test suite runs cleanly.

@sahil-mangla sahil-mangla requested a review from DeusData as a code owner July 16, 2026 10:33
@DeusData DeusData added the bug Something isn't working label Jul 16, 2026
@DeusData DeusData added this to the 0.9.1-rc milestone Jul 16, 2026
@DeusData DeusData added parsing/quality Graph extraction bugs, false positives, missing edges priority/high Needs near-term maintainer attention; high-impact bug, regression, safety issue, or release blocker. labels Jul 16, 2026
@DeusData

Copy link
Copy Markdown
Owner

Thanks for taking on the receiver false-positive problem. The exact head is security-clean and DCO passes, but it is not correct enough to merge:

  1. Every full Unix/macOS/Windows test job fails deterministically at cp_enum_method_java: valid Java enum calls such as d.label() and d.isWeekend() become unresolved. This existing convergence guard must remain green.
  2. The blanket Method/type-like-parent exemption preserves the main false-positive class: an unrelated axios.get can still resolve through unique_name when the sole candidate is labeled Method. The new negative test uses a Function, so it does not exercise that common path.
  3. Add direct coverage for the unique and multi-candidate paths, imported receivers, . and :: qualification, and candidates labeled Method.
  4. Use the canonical cbm_label_is_type_like() policy rather than duplicating the label set in the registry.

The precision goal is valid, but the registry currently lacks enough receiver/language/type evidence for this global heuristic: it is simultaneously too strict for valid Java dispatch and too permissive for unrelated Method candidates. Please redesign the suppression around receiver-aware evidence, preserve the Java enum convergence test, and update the PR's “full suite clean” statement after the complete matrix is actually green.

@sahil-mangla sahil-mangla force-pushed the fix/registry-resolution branch 2 times, most recently from 25457d2 to 7c78413 Compare July 16, 2026 16:59
@sahil-mangla sahil-mangla marked this pull request as draft July 16, 2026 17:01
@sahil-mangla sahil-mangla force-pushed the fix/registry-resolution branch from 7c78413 to 0b22112 Compare July 16, 2026 19:00
@sahil-mangla sahil-mangla marked this pull request as ready for review July 16, 2026 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working parsing/quality Graph extraction bugs, false positives, missing edges priority/high Needs near-term maintainer attention; high-impact bug, regression, safety issue, or release blocker.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants