Skip to content

Call Graph Analyzer (CGA)#1

Merged
jerrysxie merged 14 commits into
mainfrom
upstream
Jun 30, 2026
Merged

Call Graph Analyzer (CGA)#1
jerrysxie merged 14 commits into
mainfrom
upstream

Conversation

@Wassasin

@Wassasin Wassasin commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

This pull request significantly rebrands and restructures the project, transforming it from an embedded Rust template into the "Call Graph Analyzer (CGA)" tool. The changes include major updates to project metadata, documentation, CI workflows, and development tooling. The new configuration supports CGA as a Rust call graph analysis tool, introduces new binaries, updates continuous integration, and improves developer experience.

Key changes:

Project Rebranding and Metadata

  • Renamed the project from embedded-rust-template to cga, updated the description, repository, authors, keywords, categories, and set up new binaries (cargo-cga, cga-driver) in Cargo.toml. Added relevant dependencies and configuration for development and testing.
  • Overhauled README.md to document CGA's purpose, usage, alternatives, examples, and development notes, replacing all template and embedded content.

CI/CD and Tooling Updates

  • Rewrote .github/workflows/check.yml to simplify and modernize CI: consolidated jobs, updated actions, removed target-specific and no-std checks, and improved dependency management.
  • Removed .github/workflows/nostd.yml, eliminating no-std CI checks, reflecting the project's new focus.
  • Updated .github/workflows/cargo-vet.yml to use cargo-vet version 0.10.2.

Developer Experience

  • Added .cargo/config.toml with helpful cargo aliases for test workflows (bless, uitest, uibless).
  • Updated .gitattributes to enforce LF line endings for .stderr and .stdout files.
  • Simplified .vscode/settings.json to only specify rust-analyzer.rustc.source, removing target and formatting settings.

Source and Binary Additions

  • Added bin/cargo-cga.rs as the entry point for the new cargo subcommand, delegating to cga_cargo::main().

These changes collectively establish CGA as a standalone Rust call graph analysis tool, with improved documentation, streamlined CI, and enhanced developer tooling.

@Wassasin Wassasin requested a review from jerrysxie June 30, 2026 13:28
@Wassasin

Copy link
Copy Markdown
Contributor Author

@jerrysxie How would you like to proceed wrt cargo-vet?

Record first-party cargo-vet audits for all 55 previously unvetted
crates, reviewed manually via the cargo-vet auditor agent. Each entry
certifies safe-to-deploy or safe-to-run criteria as required by the
dependency graph.

Also add the bytecode-alliance import source and refresh imports.lock.
cargo vet now reports "Vetting Succeeded (95 fully audited)".

Assisted-by: GitHub Copilot:claude-opus-4.8
@jerrysxie

Copy link
Copy Markdown
Contributor

@jerrysxie How would you like to proceed wrt cargo-vet?

I pushed an update with the audits.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Summary of changes

This PR replaces the existing embedded Rust template with the “Call Graph Analyzer (CGA)” toolchain, including a rustc-driver (cga-driver) and a cargo cga subcommand for checking/extracting callgraphs from post-monomorphization MIR. It adds a substantial UI test suite (including cargo-based UI tests) to validate panic detection, blacklist handling, and edge cases like dyn traits, drops, fn-ptr casts, and async. It also updates CI, toolchain pinning, and supply-chain metadata (cargo-vet imports/audits, cargo-deny config). Overall, the change is a large downstream merge that effectively repurposes the repository into a compiler-adjacent analysis tool with tests and automation to support it.

Step-by-step review guide (grouped by concept)

  1. Project repurpose + toolchain assumptions

    • The crate is renamed to cga, moved to edition 2024, and now includes binaries cargo-cga and cga-driver.
    • rust-toolchain.toml pins a specific nightly and adds rustc-dev components/targets; this is central to building/running a rustc-driver reliably.
  2. Driver + analysis pipeline (rustc_private)

    • bin/cga-driver.rs hooks into collect_and_partition_mono_items to run a post-mono MIR traversal, build a callgraph, emit lints, and optionally export per-crate callgraphs (joined by the cargo subcommand).
    • cga_analysis contains the core traversal (post_mono.rs), root collection (forked monomorphize logic), panic classification, dyn-trait/vtable expansion, and lint emission.
  3. Cargo UX (cargo cga)

    • cga_cargo implements CLI parsing (clap) and shells out to cargo +<nightly-date> -Z build-std check with the driver set as RUSTC.
    • For extract/test modes, it captures cga-emit: lines, merges multiple callgraph JSONs, and optionally writes DOT.
  4. Testing strategy

    • tests/compile-test.rs integrates ui_test for both tests/ui and tests/ui-cargo, supports bless workflows, and normalizes output.
    • The UI fixtures cover multiple panic sources and trace-dedup behavior.
  5. Automation & supply-chain

    • CI workflow is simplified into a single “check” job plus cargo-deny and cargo-machete.
    • supply-chain/ is expanded with imports and a large set of cargo-vet audits.

Potential issues

# Severity File Description Code
1 Medium cga_analysis/src/diagnostics/mod.rs:341-343 Async-specific “leaf” notes are attached to the first trace element, but the trace is constructed entrypoint→…→leaf and then reversed for display; this misplaces async panic notes. if let Some(leaf) = data.trace.first() { ... }
2 Medium cga_cargo/src/command.rs:20 RUSTUP_TOOLCHAIN is assumed to always include a suffix after the nightly date; common rustup values like nightly-YYYY-MM-DD will fail the regex and panic. Regex::new("^(nightly-...)-.+")
3 Medium cga_cargo/src/callgraph.rs:12-16 DOT name truncation slices by byte offset and can panic on valid Unicode identifiers (non-UTF8 boundary). &node.name[0..NAME_MAX_LEN]
4 Medium build.rs:2-6 Unconditionally injecting GNU ld-style rpath linker args is non-portable (notably breaks Windows/MSVC) and unwraps provide poor diagnostics; should be gated + use expect messages. cargo:rustc-link-arg=-Wl,-rpath=...

Reviewed changes

Copilot reviewed 74 out of 81 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
tests/ui/simple.stderr Adds UI stderr baseline for a simple panic lint trace/dedup case.
tests/ui/simple.rs Adds simple UI test source for panic detection and trace dedup.
tests/ui/large_std_process.stderr Adds UI stderr baseline covering large backtrace/path counts.
tests/ui/large_std_process.rs Adds UI test for panics in std::process::Command construction/drop.
tests/ui/fn_ptr.stderr Adds UI stderr baseline for fn-ptr cast conservatism.
tests/ui/fn_ptr.rs Adds UI test for fn-pointer casts producing conservative diagnostics.
tests/ui/extern_c.stderr Adds UI stderr baseline for exported C entrypoints.
tests/ui/extern_c.rs Adds UI test for exported extern "C" entrypoints vs uncalled functions.
tests/ui/dyn_trait.stderr Adds UI stderr baseline for dyn-trait/vtable conservative expansion.
tests/ui/dyn_trait.rs Adds UI test for dyn object ambiguity across multiple impls.
tests/ui/drop.stderr Adds UI stderr baseline for panics originating from Drop.
tests/ui/drop.rs Adds UI test for panic in Drop implementation.
tests/ui/cycle.stderr Adds UI stderr baseline for recursion/reachability expansion robustness.
tests/ui/cycle.rs Adds UI test for recursion without infinite expansion plus a panic site.
tests/ui/async.stderr Adds UI stderr baseline for implicit async panic + explicit panic sites.
tests/ui/async.rs Adds UI test covering async “poll after Ready” implicit panic handling.
tests/ui/assert_mir.stderr Adds UI stderr baseline for MIR terminator asserts.
tests/ui/assert_mir.rs Adds UI test for implicit MIR assert classification.
tests/ui/assert_macro.stderr Adds UI stderr baseline for assert! macro expansion classification.
tests/ui/assert_macro.rs Adds UI test for assert! macro and tool-lint registration.
tests/ui-cargo/fail-simple/src/main.rs Adds cargo-based UI fixture crate that triggers multiple lint errors.
tests/ui-cargo/fail-simple/Cargo.toml Adds manifest for cargo-based UI fixture crate.
tests/ui-cargo/fail-simple/Cargo.stderr Adds expected stderr output for cargo-based UI fixture crate.
tests/ui-cargo/fail-simple/Cargo.lock Adds lockfile for cargo-based UI fixture crate.
tests/ui-cargo/fail-embedded/target-triple Adds target triple file for embedded cargo-based UI fixture.
tests/ui-cargo/fail-embedded/src/main.rs Adds embedded/no_std cargo UI fixture using Embassy stack.
tests/ui-cargo/fail-embedded/cga.toml Adds CGA config fixture controlling allow_async_panic/allow_assert.
tests/ui-cargo/fail-embedded/Cargo.toml Adds manifest for embedded cargo-based UI fixture crate.
tests/ui-cargo/fail-embedded/Cargo.stderr Adds expected stderr output for embedded cargo-based UI fixture.
tests/ui-cargo/fail-embedded/.cargo/config.toml Adds per-fixture cargo config (target + runner) for embedded tests.
tests/ui-cargo/fail-blacklist/src/main.rs Adds cargo-based UI fixture for blacklist lint behavior.
tests/ui-cargo/fail-blacklist/cga.toml Adds blacklist configuration fixture.
tests/ui-cargo/fail-blacklist/Cargo.toml Adds manifest for blacklist fixture crate.
tests/ui-cargo/fail-blacklist/Cargo.stderr Adds expected stderr output for blacklist fixture crate.
tests/ui-cargo/fail-blacklist/Cargo.lock Adds lockfile for blacklist fixture crate.
tests/compile-test.rs Introduces the ui_test harness wiring for ui and ui-cargo tests.
supply-chain/config.toml Adds cargo-vet import for bytecodealliance audits feed.
supply-chain/audits.toml Replaces/expands audits list with many crate audit entries.
src/main.rs Removes embedded template binary entrypoint.
src/baremetal/mod.rs Removes baremetal panic handler module from template.
rust-toolchain.toml Pins nightly toolchain and adds required components/targets.
README.md Replaces template README with CGA documentation and usage examples.
LICENSE Normalizes/adjusts trailing newline/formatting in license text.
deny.toml Updates cargo-deny config (ignored advisories/licenses/org git allowlist).
cga_test_deps/src/lib.rs Adds helper crate for UI test dependency builds.
cga_test_deps/Cargo.toml Adds manifest/workspace isolation for UI test dependency crate.
cga_data/src/lib.rs Adds data crate module exports (callgraph + cmd).
cga_data/src/cmd.rs Adds serialized driver input/config schema (lint rules/options).
cga_data/src/callgraph.rs Adds callgraph export data model and merge logic.
cga_data/Cargo.toml Adds manifest for data crate (serde derive).
cga_cargo/src/lib.rs Adds cargo cga entrypoint and argument normalization for subcommand use.
cga_cargo/src/command.rs Adds cargo invocation/extract/check/test orchestration and output merging.
cga_cargo/src/callgraph.rs Adds DOT emitter for exported callgraphs.
cga_cargo/src/args/mod.rs Adds clap CLI structure for check, extract, and internal test.
cga_cargo/src/args/cargo.rs Adds supported Cargo arg forwarding surface for CGA commands.
cga_cargo/Cargo.toml Adds manifest for cargo-subcommand crate and deps.
cga_analysis/src/post_mono.rs Adds post-mono MIR traversal building callgraph edges from MIR uses.
cga_analysis/src/panics.rs Adds panic classification logic (panic impls, asserts, async panic).
cga_analysis/src/monomorphize.rs Adds forked root collection logic with extern/export-name handling.
cga_analysis/src/lib.rs Adds core analysis types, tool lints, and path canonicalization helpers.
cga_analysis/src/errors.rs Adds diagnostic type(s) used for fatal configuration/tooling errors.
cga_analysis/src/dyn_object.rs Adds dyn-trait implementor expansion for vtable call conservatism.
cga_analysis/src/diagnostics/rules.rs Adds whitelist/blacklist rule matching over paths/crate/span.
cga_analysis/src/diagnostics/mod.rs Adds boundary/leaf selection, trace building, and lint emission formatting.
cga_analysis/src/callgraph/mod.rs Adds internal callgraph representation, edge registration, and filtering.
cga_analysis/src/callgraph/data.rs Adds export adapter from internal callgraph to data crate schema.
cga_analysis/src/callgraph/bigraph.rs Adds bidirectional graph utilities for boundaries/traces/path counting.
cga_analysis/Cargo.toml Adds manifest for analysis crate and supporting deps.
Cargo.toml Repurposes root crate to CGA, adds binaries, deps, and test harness config.
Cargo.lock Updates lockfile for the new workspace/dependency set.
build.rs Adds build script that sets linker rpath for sysroot runtime libs.
bin/cga-driver.rs Adds rustc-driver binary that runs analysis/lints and exports callgraphs.
bin/cargo-cga.rs Adds cargo subcommand binary entrypoint delegating to cga_cargo.
.vscode/settings.json Updates rust-analyzer settings for rustc source discovery.
.gitignore Updates ignore rules for new tool outputs and nested targets/locks.
.github/workflows/nostd.yml Removes no-std workflow from the previous embedded template.
.github/workflows/check.yml Replaces prior Rust CI matrix with simplified build/fmt/clippy/test + deny/machete.
.gitattributes Adds consistent EOL handling for UI test stderr/stdout fixtures.
.cargo/config.toml Adds cargo aliases for uitest/uibless workflows.

Comment thread cga_analysis/src/diagnostics/mod.rs Outdated
Comment thread cga_cargo/src/command.rs Outdated
Comment thread cga_cargo/src/callgraph.rs Outdated
Comment thread build.rs Outdated
@Wassasin

Copy link
Copy Markdown
Contributor Author

@jerrysxie feedback has been processed

@Wassasin

Copy link
Copy Markdown
Contributor Author

Note that the Cargo vet PR comment workflow fails (silently)

@jerrysxie

Copy link
Copy Markdown
Contributor

Note that the Cargo vet PR comment workflow fails (silently)

Yeah, that CI workflow has permission problem on private repos. We can ignore for now.

@jerrysxie jerrysxie changed the title Merge from downstream repository Call Graph Analyzer (CGA) Jun 30, 2026
@jerrysxie jerrysxie merged commit f0dad1c into main Jun 30, 2026
4 checks passed
@jerrysxie

Copy link
Copy Markdown
Contributor

@Wassasin Any objection to make this repo public now?

@Wassasin

Copy link
Copy Markdown
Contributor Author

@jerrysxie no objection! Feel free to make it public

@jerrysxie jerrysxie deleted the upstream branch June 30, 2026 21:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants