F-015: refactor(services): document SAFETY invariants for cast truncation#18
Merged
Sephyi merged 1 commit intodevelopmentfrom Apr 22, 2026
Merged
Conversation
…cast truncation Add a one-line `// SAFETY:` comment immediately above each `#[allow(clippy::cast_possible_truncation)]` in analyzer.rs and differ.rs. Every annotated site performs an `i as u32` cast on a `usize` loop index to call `tree_sitter::Node::child(u32)`. The cast is sound because: 1. tree-sitter nodes cannot have more than `u32::MAX` children — the upstream API (`child_count() -> usize`) is bounded by an internally-stored `u32` count. 2. Each cast site's index originates from a loop bounded by `child_count()`, so the value is already `<= u32::MAX` by construction and truncation cannot lose information. All 16 sites use identical wording for easy grepping and future audit. No behavioural change. Closes audit entry F-015 from #3.
There was a problem hiding this comment.
Pull request overview
Documents the invariants behind #[allow(clippy::cast_possible_truncation)] in tree-sitter child indexing sites, addressing audit finding F-015 by making the truncation rationale explicit.
Changes:
- Added
// SAFETY:explanations adjacent tousize -> u32casts when iterating tree-sitter node children inAstDiffer. - Added matching
// SAFETY:explanations for the same cast pattern inAnalyzerService.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/services/differ.rs |
Adds SAFETY invariants next to clippy truncation allowances for tree-sitter child iteration. |
src/services/analyzer.rs |
Adds SAFETY invariants next to clippy truncation allowances for tree-sitter child iteration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
refactor(services): document SAFETY invariants for cast truncation.
Audit context
Closes audit entry F-015 from #3.
Verification
cargo fmt --checkcargo clippy --all-targets --all-features -- -D warningscargo test --all-targets