kit

check_no_cstr.sh (1768B)

---

 #!/usr/bin/env bash
 # Phase 6 gate: assert the NUL-terminated-string functions and printf %s have
 # been eliminated from the first-party tree (src/, lang/, driver/). rt/ is the
 # freestanding runtime/libc and is intentionally exempt. Test code is exempt.
 #
 # Allowed exceptions:
 #   - slice_from_cstr / kit_slice_cstr : the sanctioned boundary scan helpers
 #   - driver_strlen / driver_streq / driver_strneq : driver host-shim wrappers
 #   - reloc_kind_name / *_name returning canonical literals (not string ops)
 #   - ordering compares left intentionally (marked with a nearby comment)
 #
 # Usage: scripts/check_no_cstr.sh   (exit 1 on any disallowed hit)
 set -u
 cd "$(dirname "$0")/.."
 
 dirs="src lang driver"
 # Forbidden: bare libc string functions. We match the call form `name(`.
 banned='\b(strlen|strcmp|strncmp|strcpy|strncpy|strcat|strncat|strstr|strchr|strrchr|strdup)\s*\('
 # printf-family bare %s (not %.*s, not %%s, not width-padded %-Ns / %*s).
 pct_s='%[^%."*0-9-]*s|"[^"]*%s'
 
 fail=0
 
 echo "== banned string functions =="
 # src/core/slice.c is the one sanctioned home of a NUL scan (slice_from_cstr).
 hits=$(rg -n --pcre2 "$banned" $dirs -g '!*/tests/*' -g '!src/core/slice.c' 2>/dev/null \
   | rg -v 'slice_from_cstr|kit_slice_cstr|driver_strlen|driver_streq|driver_strneq|driver_strchr|driver_strdup' \
   | rg -v 'ordering|sort|/\* *TODO slice' )
 if [ -n "$hits" ]; then echo "$hits"; fail=1; else echo "  clean"; fi
 
 echo "== bare printf %s =="
 # Heuristic: lines containing "%s" inside a string literal, excluding the
 # allowed width/precision/.* forms. Manual review still recommended.
 shits=$(rg -n '"[^"]*%s' $dirs 2>/dev/null | rg -v '%\.\*s|%-[0-9]+s|%\*s|%%s')
 if [ -n "$shits" ]; then echo "$shits"; fail=1; else echo "  clean"; fi
 
 exit $fail