makiri 0.2.0 → 0.4.0

data/script/check_alloc_failures.rb

@@ -0,0 +1,266 @@
+# frozen_string_literal: true
+
+# Allocation-failure injection sweep for the C extension (run via `rake oom`).
+#
+# The sanitizers and the leak gate prove the happy path is memory-safe; neither
+# proves the OOM branches are CORRECT. Makiri's contract is fail-closed: when a
+# core C allocation fails, a call must either raise a clean Makiri::Error /
+# NoMemoryError or complete with the exact same result as the unfailed run -
+# never a truncated/partial result (the property the XPath node-set caps and
+# the "build OOM -> walk fallback" designs exist for). This gate machine-checks
+# that contract: with the ext built under MAKIRI_ALLOC_INJECT=1, every core
+# allocation site routes through a hook that can be armed to fail the nth
+# attempt once. For each representative workload we record a failure-free
+# BASELINE result and the total number of allocation attempts, then re-run the
+# workload once per allocation site with exactly that site failing, and verify
+# each run either raised cleanly or returned a baseline-identical value.
+#
+# A segfault/abort kills this process; the caller (rake/CI) sees the nonzero
+# exit, which is the verdict too.
+#
+#   bundle exec rake oom                                    # rebuild + sweep
+#   bundle exec ruby -Ilib script/check_alloc_failures.rb   # sweep current build
+
+require "makiri"
+
+unless Makiri.send(:__alloc_inject?)
+  abort "check_alloc_failures: extension built without the injection hook - " \
+        "rebuild with MAKIRI_ALLOC_INJECT=1 (`rake oom` does this)"
+end
+
+# Each scenario runs one workload END-TO-END and returns a canonical String, so
+# an injected run's result can be compared (==) against the baseline. Fixtures
+# are built INSIDE the lambda (unless reuse is the point) so the sweep covers
+# their parse/build allocations too.
+SCENARIOS = {
+  # XML parse covering the syntax surface: declaration, DOCTYPE (SYSTEM id +
+  # internal subset), default + prefixed namespaces, prefixed attributes,
+  # references, comment, CDATA, PI, nesting, CRLF normalization in an attr.
+  "xml_parse" => lambda do
+    src = <<~XML
+      <?xml version="1.0" encoding="UTF-8"?>
+      <!DOCTYPE root SYSTEM "urn:example:dtd" [<!ENTITY local "subset">]>
+      <root xmlns="urn:d" xmlns:p="urn:p" p:pa="pv" mixed="A&amp;&#x41; x\r\ny">
+        <!-- a comment -->
+        <p:branch><leaf depth="2">text &amp; &#x41; refs</leaf></p:branch>
+        <![CDATA[raw < cdata & bytes]]>
+        <?pi-target some data?>
+        <empty/>
+      </root>
+    XML
+    Makiri::XML::Document.parse(src).to_xml
+  end,
+
+  # Fragment parse + serialize + splice into a host document.
+  "xml_fragment" => lambda do
+    doc  = Makiri::XML::Document.parse("<r xmlns='urn:d'><keep>k</keep></r>")
+    frag = doc.fragment("<a xmlns:p='u'><p:b>t</p:b></a>text")
+    out  = frag.to_xml
+    doc.root.add_child(frag)
+    out + doc.to_xml
+  end,
+
+  # XPath battery: predicates, functions, a union, axes, plus an XPathContext
+  # evaluation with a registered namespace and variable.
+  "xml_xpath" => lambda do
+    doc = Makiri::XML::Document.parse(<<~XML)
+      <root xmlns:p="urn:p">
+        <a v="1">alpha</a>
+        <a v="2">beta</a>
+        <b n="3"> gamma  delta </b>
+        <p:c><a v="9">nested</a></p:c>
+      </root>
+    XML
+    canon = lambda do |r|
+      r.is_a?(Makiri::NodeSet) ? r.map(&:to_xml).join("|") : r.inspect
+    end
+    exprs = [
+      "//a[@v='2']",
+      "//a[position()=2]",
+      "//a[last()]",
+      "count(//a)",
+      "sum(//b/@n)",
+      "concat(string(//a[1]), '-', substring('abcdef', 2, 3))",
+      "translate('abc', 'abc', 'xyz')",
+      "normalize-space(//b)",
+      "contains(//a[1], 'alp')",
+      "starts-with(//b, ' g')",
+      "//a | //b",
+      "//a[1]/ancestor::root",
+      "//a[1]/following-sibling::b",
+      "//root/descendant-or-self::a",
+    ]
+    parts = exprs.map { |e| canon.call(doc.xpath(e)) }
+    ctx = Makiri::XPathContext.new(doc)
+    ctx.register_namespace("p", "urn:p")
+    ctx.register_variable("want", "9")
+    parts << canon.call(ctx.evaluate("//p:c/a[@v=$want]"))
+    parts.join("\n")
+  end,
+
+  # Same battery shape over an HTML5-parsed document.
+  "html_xpath" => lambda do
+    doc = Makiri::HTML::Document.parse(<<~HTML)
+      <html><body>
+        <div id="top"><p class="x">one</p><p class="y">two</p></div>
+        <ul><li data-n="1">a</li><li data-n="2"> b  c </li></ul>
+      </body></html>
+    HTML
+    canon = lambda do |r|
+      r.is_a?(Makiri::NodeSet) ? r.map(&:to_html).join("|") : r.inspect
+    end
+    exprs = [
+      "//p[@class='y']",
+      "//li[position()=2]",
+      "//li[last()]",
+      "count(//p)",
+      "sum(//li/@data-n)",
+      "concat(string(//p[1]), '+', substring(//p[2], 1, 2))",
+      "translate('one', 'one', 'uno')",
+      "normalize-space(//li[2])",
+      "contains(//p[1], 'on')",
+      "starts-with(//p[2], 'tw')",
+      "//p | //li",
+      "//p[1]/ancestor::div",
+      "//p[1]/following-sibling::p",
+      "//div/descendant-or-self::p",
+    ]
+    parts = exprs.map { |e| canon.call(doc.xpath(e)) }
+    ctx = Makiri::XPathContext.new(doc)
+    ctx.register_variable("cls", "x")
+    parts << canon.call(ctx.evaluate("//p[@class=$cls]"))
+    parts.join("\n")
+  end,
+
+  # The mutation surface: create_*, insertion on every side, rename, content,
+  # attributes, replace, remove, and a fragment splice.
+  "xml_mutate" => lambda do
+    doc = Makiri::XML::Document.parse("<root><old>x</old><gone/></root>")
+    el = doc.create_element("made")
+    el.add_child(doc.create_text_node("inner"))
+    el["k"] = "v"
+    doc.root.add_child(el)
+    el.name = "renamed"
+    el.content = "rewritten"
+    el.add_previous_sibling(doc.create_element("before"))
+    el.add_next_sibling(doc.create_element("after"))
+    doc.root.at_xpath("old").replace(doc.create_element("new"))
+    doc.root.at_xpath("gone").remove
+    doc.root.add_child(doc.fragment("<f1/>tail<f2 a='b'/>"))
+    doc.to_xml
+  end,
+
+  # Serialization over a non-trivial tree (~200 elements built inside the
+  # lambda, so the parse is swept too), both tree and deep serializers.
+  "html_serialize" => lambda do
+    body = (1..50).map { |i|
+      "<div id='d#{i}' class='row'><p>cell #{i}</p><span>tail &amp; #{i}</span></div>"
+    }.join
+    doc = Makiri::HTML::Document.parse("<html><body>#{body}</body></html>")
+    doc.to_html + doc.at_css("body").inner_html
+  end,
+
+  # Full-document text extraction (exercises the text-index build, and its
+  # fail-closed OOM -> walk fallback).
+  "html_text" => lambda do
+    body = (1..80).map { |i| "<p>para #{i} <em>em#{i}</em> tail</p>" }.join
+    doc = Makiri::HTML::Document.parse("<html><body>#{body}</body></html>")
+    doc.text
+  end,
+
+  # CSS: a comma list with combinators through the reused engine, plus the
+  # at_css first-match path.
+  "css" => lambda do
+    doc = Makiri::HTML::Document.parse(<<~HTML)
+      <html><body>
+        <p class="c">one</p><p>skip</p><p class="c">two</p>
+        <div><span>in</span></div><span>out</span>
+        <section id="x">target</section>
+      </body></html>
+    HTML
+    doc.css("p.c, div > span").map { |n| n.name }.join(",") +
+      doc.at_css("#x")&.name.to_s
+  end,
+
+  # The Builder DSL (pure Ruby over create_*/add_child, so this sweeps the
+  # construction factories).
+  "xml_builder" => lambda do
+    Makiri::XML::Builder.new do |xml|
+      xml.feed("xmlns" => "urn:a", "xmlns:dc" => "urn:dc") do
+        xml.entry do
+          xml.title("Hello")
+          xml["dc"].id_("42")
+          xml.cdata("a < b")
+          xml.comment(" note ")
+        end
+      end
+    end.to_xml
+  end,
+}.freeze
+
+ALLOWED = [Makiri::Error, NoMemoryError].freeze
+TRUNCATE = 120
+
+def disarm = Makiri.send(:__alloc_inject, 0)
+
+failures_total = 0
+
+SCENARIOS.each do |name, work|
+  # Warm twice with injection off: process-global engines (CSS) and lazy
+  # builds settle, so the counted run below is representative and stable.
+  disarm
+  2.times { work.call }
+
+  # Counted baseline run: __alloc_inject(0) also resets the counter, so the
+  # calls reading right after is exactly this run's allocation-attempt total.
+  disarm
+  baseline = work.call
+  total = Makiri.send(:__alloc_inject_calls)
+
+  ok_raised = 0
+  ok_identical = 0
+  failures = []
+
+  (1..total).each do |n|
+    Makiri.send(:__alloc_inject, n)
+    begin
+      result = work.call
+      if result == baseline
+        ok_identical += 1
+      else
+        failures << [n, "truncated/wrong result",
+                     "baseline=#{baseline.to_s[0, TRUNCATE].inspect} " \
+                     "got=#{result.to_s[0, TRUNCATE].inspect}"]
+      end
+    rescue *ALLOWED
+      ok_raised += 1
+    rescue Exception => e # rubocop:disable Lint/RescueException -- the wrong class IS the finding
+      failures << [n, "wrong exception class",
+                   "#{e.class}: #{e.message.to_s[0, TRUNCATE]}"]
+    ensure
+      disarm
+    end
+  end
+
+  failures_total += failures.size
+  puts format("%-16s allocations=%-5d raised=%-5d identical=%-5d failed=%d",
+              name, total, ok_raised, ok_identical, failures.size)
+  failures.each do |n, kind, detail|
+    puts "    n=#{n} #{kind}: #{detail}"
+  end
+  if total.zero?
+    # A scenario that never reaches a core allocation sweeps nothing - that is
+    # a broken scenario, not a pass.
+    failures_total += 1
+    puts "    scenario performed ZERO core allocations - workload not reaching the C core"
+  end
+end
+
+if failures_total.zero?
+  puts "check_alloc_failures: OK - every injected allocation failure failed closed " \
+       "(clean raise or baseline-identical result)"
+else
+  puts "check_alloc_failures: FAILED - #{failures_total} injected failure(s) " \
+       "produced a wrong exception or a non-baseline result"
+  exit 1
+end

data/script/check_c_safety.rb

@@ -8,9 +8,26 @@ require "yaml"
 ROOT = Pathname.new(__dir__).join("..").expand_path
 ALLOWLIST_PATH = ROOT.join("script/check_c_safety_allowlist.yml")
 
-Rule = Struct.new(:id, :message, :regex, keyword_init: true)
+# A rule may carry `paths` (an array of path globs): it then applies ONLY to
+# matching files. Used for the parser-TU reader discipline, where the ban is
+# meaningful only in TUs whose input reads must go through mkr_span_t.
+Rule = Struct.new(:id, :message, :regex, :paths, keyword_init: true)
 Finding = Struct.new(:path, :line, :rule, :text, keyword_init: true)
 
+# Byte-scanning parser TUs: every input read goes through the bounded reader
+# (core/mkr_span.h) - see its header comment. The rules below turn that from a
+# convention into a machine-enforced invariant for these files.
+PARSER_TUS = %w[
+  ext/makiri/xml/mkr_xml_tree.c
+  ext/makiri/xml/mkr_xml_chars.c
+  ext/makiri/xml/mkr_xml_node.c
+  ext/makiri/xpath/mkr_xpath_lex.c
+  ext/makiri/xpath/mkr_xpath_funcs_body.h
+  ext/makiri/xpath/mkr_xpath_value_body.h
+  ext/makiri/bridge/ruby_string.c
+  ext/makiri/lexbor_compat/source_loc.c
+].freeze
+
 RULES = [
   Rule.new(
     id: "string_value_cstr",
@@ -60,7 +77,64 @@ RULES = [
   Rule.new(
     id: "verified_text_forge",
     message: "mkr_verified_text_t must be minted only by mkr_verified_text_from_view (the validated boundary)",
-    regex: /\(\s*mkr_verified_text_t\s*\)\s*\{/
+    # Both forge shapes: the compound-literal cast AND the declaration
+    # initializer (`mkr_verified_text_t x = {...}`), which the cast-only regex
+    # used to miss - that gap let a fuzz harness mint over a non-NUL-terminated
+    # buffer unnoticed.
+    regex: /\(\s*mkr_verified_text_t\s*\)\s*\{|\bmkr_verified_text_t\s+\w+\s*=\s*\{/
+  ),
+  # --- HTML/XML representation boundary (see docs/html_xml_boundary_hardening) ---
+  # These symbols assume one DOM representation; using them outside their
+  # representation-correct / kind-checked home is how shared glue (XPath, NodeSet,
+  # node identity) silently treats an XML node as HTML (or vice versa) - an
+  # assert-abort or memory type-confusion. Each is allowlisted only in the files
+  # that legitimately own it; anywhere else trips the lint.
+  Rule.new(
+    id: "html_doc_unwrap_boundary",
+    message: "mkr_html_doc_unwrap is HTML-only; shared/XML code must use the kind-aware mkr_node_unwrap",
+    regex: /\bmkr_html_doc_unwrap\s*\(/
+  ),
+  Rule.new(
+    id: "parsed_html_doc_boundary",
+    message: "mkr_parsed_html_doc (asserts kind==HTML) may only be used in a kind-checked / HTML-only site",
+    regex: /\bmkr_parsed_html_doc\s*\(/
+  ),
+  Rule.new(
+    id: "parsed_xml_doc_boundary",
+    message: "mkr_parsed_xml_doc may only be used in a kind-checked / XML-representation site",
+    regex: /\bmkr_parsed_xml_doc\s*\(/
+  ),
+  Rule.new(
+    id: "owner_document_boundary",
+    message: "owner_document is an HTML-only lxb field; shared code must compare documents via mkr_node_document",
+    regex: /\bowner_document\b/
+  ),
+  Rule.new(
+    id: "node_raw_boundary",
+    message: "mkr_node_raw is the kind-agnostic raw pointer (identity / kind-guaranteed only); " \
+             "to dereference a node use mkr_html_node or mkr_xml_node_unwrap (kind-checked)",
+    regex: /\bmkr_node_raw\s*\(/
+  ),
+  # --- parser-TU reader discipline (see core/mkr_span.h) ---
+  # In the byte-scanning parser TUs every input read must go through the
+  # bounded reader: a raw libc scan reintroduces the "forgot the bounds check"
+  # class the span made structurally impossible. memcpy stays allowed (an
+  # explicit-length copy, not a scan).
+  Rule.new(
+    id: "raw_scan_call",
+    message: "parser TUs must read input through mkr_span_* / mkr_bytes_eq / mkr_utf8_* " \
+             "(core), not raw libc scanning",
+    regex: /\b(?:memchr|memcmp|strchr|strrchr|strstr|strn?cmp|strcspn|strspn|strpbrk|strtod|strtol|strtoull?|sscanf)\s*\(/,
+    paths: PARSER_TUS
+  ),
+  # The span's own cursor/bound fields are private to core/mkr_span.h: touching
+  # `.p` / `.end` in a parser TU is how a hand-rolled (uncovered) cursor starts.
+  Rule.new(
+    id: "raw_cursor_member",
+    message: "parser TUs must not access a span's .p/.end (or keep a raw cursor struct); " \
+             "use the mkr_span_* helpers (mark/since for slice capture)",
+    regex: /(?:->|\.)\s*(?:p|end)\b/,
+    paths: PARSER_TUS
   ),
 ].freeze
 
@@ -131,6 +205,7 @@ def scan_findings(ignores)
       next [] unless code_line?(line)
 
       RULES.filter_map do |rule|
+        next if rule.paths && rule.paths.none? { |pat| path_matches?(pat, rel) }
         next unless line.match?(rule.regex)
         next if rule_ignored?(rel, rule.id, ignores)
 

data/script/check_c_safety_allowlist.yml

@@ -10,3 +10,105 @@ ignore_paths:
   - path: ext/makiri/bridge/text_token.c
     rule: verified_text_forge
     reason: mkr_verified_text_from_view, the sole sanctioned mint of mkr_verified_text_t; its input view is already validated by the bridge string helpers.
+  # --- HTML/XML representation boundary: each per-rep symbol is exempt only in
+  #     the files that own it (declaration, definition, or a kind-checked use), so
+  #     a new use anywhere else — especially shared glue — trips the lint ---
+  # mkr_html_doc_unwrap (HTML-only document unwrap)
+  - path: ext/makiri/glue/glue.h
+    rule: html_doc_unwrap_boundary
+    reason: declaration of the HTML-only document unwrap.
+  - path: ext/makiri/glue/ruby_doc.c
+    rule: html_doc_unwrap_boundary
+    reason: definition + HTML Document methods (parse/serialize/title/compat_mode) — all HTML-only.
+  - path: ext/makiri/glue/ruby_node.c
+    rule: html_doc_unwrap_boundary
+    reason: the kind-aware mkr_node_raw calls it only on its HTML branch (after a MKR_DOC_XML check).
+  - path: ext/makiri/glue/ruby_html_node.c
+    rule: html_doc_unwrap_boundary
+    reason: mkr_html_node_unwrap resolves an HTML Document (after rejecting an XML one at the type boundary).
+  - path: ext/makiri/glue/ruby_html_mutate.c
+    rule: html_doc_unwrap_boundary
+    reason: HTML tree/fragment mutation; XML mutation has its own arena path.
+  - path: ext/makiri/glue/ruby_xpath.c
+    rule: html_doc_unwrap_boundary
+    reason: the HTML branch of mkr_xpath_context_for, entered only after the XML kind returns early.
+  # mkr_parsed_html_doc (asserts kind == HTML)
+  - path: ext/makiri/lexbor_compat/compat.h
+    rule: parsed_html_doc_boundary
+    reason: declaration of the HTML parsed-document accessor.
+  - path: ext/makiri/lexbor_compat/post_parse.c
+    rule: parsed_html_doc_boundary
+    reason: definition (the kind assert lives here) + HTML post-parse pipeline.
+  - path: ext/makiri/glue/ruby_doc.c
+    rule: parsed_html_doc_boundary
+    reason: mkr_html_doc_unwrap is defined here over the HTML parsed document.
+  # mkr_parsed_xml_doc (XML arena accessor) — kept out of the pure-HTML glue files
+  - path: ext/makiri/lexbor_compat/compat.h
+    rule: parsed_xml_doc_boundary
+    reason: declaration of the XML parsed-document accessor.
+  - path: ext/makiri/lexbor_compat/post_parse.c
+    rule: parsed_xml_doc_boundary
+    reason: definition + XML document wrapping/teardown.
+  - path: ext/makiri/glue/ruby_xml.c
+    rule: parsed_xml_doc_boundary
+    reason: XML parse entry / Document construction.
+  - path: ext/makiri/glue/ruby_xml_node.c
+    rule: parsed_xml_doc_boundary
+    reason: XML node read + mutation surface over the arena.
+  - path: ext/makiri/glue/ruby_doc.c
+    rule: parsed_xml_doc_boundary
+    reason: shared Document glue, used only on kind-checked XML branches.
+  - path: ext/makiri/glue/ruby_xpath.c
+    rule: parsed_xml_doc_boundary
+    reason: the XML branch of mkr_xpath_context_for (kind-checked).
+  - path: ext/makiri/glue/ruby_node.c
+    rule: parsed_xml_doc_boundary
+    reason: the kind-aware mkr_node_raw resolves an XML Document only after a MKR_DOC_XML check.
+  # owner_document (HTML-only lxb_dom_node_t field)
+  - path: ext/makiri/lexbor_compat/post_parse.c
+    rule: owner_document_boundary
+    reason: mkr_lxb_document_bytes resolves a Lexbor node's owner document to size its mraw pools (HTML-only; the XML serializer uses arena_bytes instead).
+  - path: ext/makiri/glue/ruby_html_node.c
+    rule: owner_document_boundary
+    reason: HTML node readers operate on lxb_dom_node_t.
+  - path: ext/makiri/glue/ruby_doc.c
+    rule: owner_document_boundary
+    reason: HTML Document operations.
+  - path: ext/makiri/glue/ruby_html_mutate.c
+    rule: owner_document_boundary
+    reason: HTML tree mutation over Lexbor nodes.
+  - path: ext/makiri/xpath/mkr_xpath_node_access_html.h
+    rule: owner_document_boundary
+    reason: the HTML monomorphization of the engine's node-access layer.
+  # mkr_node_raw (kind-agnostic void* raw pointer; never dereferenced as a typed node)
+  - path: ext/makiri/glue/glue.h
+    rule: node_raw_boundary
+    reason: declaration of the kind-agnostic accessor.
+  - path: ext/makiri/glue/ruby_node.c
+    rule: node_raw_boundary
+    reason: defines mkr_node_raw / mkr_node_id (node identity — the pointer is only compared, never dereferenced).
+  - path: ext/makiri/glue/ruby_xpath.c
+    rule: node_raw_boundary
+    reason: the XPath context node / handler-result node, where same-document (hence the representation) is verified before the engine takes the raw pointer.
+  - path: ext/makiri/glue/ruby_node_set.c
+    rule: node_raw_boundary
+    reason: NodeSet.new stores representation-opaque pointers; mkr_node_raw takes a seed node's pointer only after same-document validation guarantees its kind matches the set.
+
+# --- parser-TU reader discipline (raw_scan_call / raw_cursor_member) ---
+allowlist:
+  - path: ext/makiri/xpath/mkr_xpath_funcs_body.h
+    rule: raw_scan_call
+    max: 3
+    reason: "mkr_lookup_function's three strcmp over compile-time function-name tables: both sides are NUL-terminated (table literals / owned AST text), and the lookup signature takes bare const char* from the evaluator."
+
+  # --- verified_text_forge: the two Ruby-free test entry points. Neither can use
+  #     mkr_verified_text_from_view (bridge = Ruby boundary), so each mints the
+  #     token itself and must supply the contract by construction. ---
+  - path: ext/makiri/xpath/mkr_xpath_xml_selftest.c
+    rule: verified_text_forge
+    max: 2
+    reason: "Selftest expressions are compile-time string literals: NUL-terminated, NUL-free, valid UTF-8 by construction."
+  - path: ext/makiri/fuzz/xpath_fuzz.c
+    rule: verified_text_forge
+    max: 1
+    reason: "The libFuzzer harness mints over an owned mkr_strndup copy, which supplies NUL-termination and no-interior-NUL; UTF-8 validity is deliberately left to the lexer's strict decoder (its rejection path is fuzz-target behavior)."

data/script/check_leaks.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+# Malloc-leak gate for the C extension (macOS only; run via `rake leaks`).
+#
+# ASan runs everywhere with detect_leaks=0 (Ruby and Lexbor are uninstrumented,
+# so LeakSanitizer drowns in their noise) - which means plain leaks were never
+# machine-checked. This gate fills that hole with macOS's `leaks` tool: it runs
+# script/leaks_harness.rb (the public surface in a loop, INCLUDING rescued
+# failure paths) under MallocStackLogging, then scans the leak report for
+# allocation stacks that (a) pass through makiri.bundle and (b) repeat in
+# proportion to the loop count - i.e. a leak per call, which is what a missing
+# free on some path looks like. One-time Init allocations and Ruby's own
+# at-exit/unscannable noise stay at 1-2 instances and are ignored.
+#
+# Found (and since fixed) by this harness: the transient fragment document
+# leaked by every inner_html=/outer_html=, and the partially-built step leaked
+# by every failing XPath parse.
+#
+#   ruby script/check_leaks.rb            # threshold = ITERATIONS / 4
+#   LEAKS_ITERATIONS=200 rake leaks       # more iterations, sharper signal
+
+require "rbconfig"
+require "tempfile"
+
+abort "check_leaks: the `leaks` tool is macOS-only" unless RUBY_PLATFORM.include?("darwin")
+
+iterations = Integer(ENV.fetch("LEAKS_ITERATIONS", "120"))
+threshold  = [iterations / 4, 10].max
+harness    = File.expand_path("leaks_harness.rb", __dir__)
+lib        = File.expand_path("../lib", __dir__)
+
+out = Tempfile.create("makiri-leaks")
+ok = system({ "MallocStackLogging" => "1", "LEAKS_ITERATIONS" => iterations.to_s },
+            "leaks", "--atExit", "--",
+            RbConfig.ruby, "-I#{lib}", harness,
+            out: out.path, err: out.path)
+report = File.read(out.path)
+# `leaks` exits non-zero whenever ANY leak exists (Ruby itself always reports
+# some at-exit noise), so the exit status is not the verdict - the scan below
+# is. But the harness itself must have completed.
+abort "check_leaks: harness did not complete:\n#{report[-2000..]}" unless report.include?("leaks harness done")
+abort "check_leaks: no leak report produced (leaks tool failed?)" unless report.include?("STACK OF") || ok
+
+offenders = report.split(/\n(?=STACK OF )/).filter_map do |stanza|
+  next unless stanza.include?("makiri.bundle")
+
+  instances = stanza[/STACK OF (\d+) INSTANCES?/, 1].to_i
+  next if instances < threshold
+
+  frames = stanza.lines.grep(/makiri\.bundle/).first(4).map(&:strip)
+  [instances, frames]
+end
+
+if offenders.empty?
+  puts "check_leaks: OK - no repeated (>= #{threshold}x) leak stacks through makiri.bundle " \
+       "(#{iterations} iterations)"
+else
+  puts "check_leaks: FAILED - #{offenders.size} repeated leak stack(s) through makiri.bundle:"
+  offenders.each do |instances, frames|
+    puts "  #{instances}x:"
+    frames.each { |f| puts "    #{f}" }
+  end
+  exit 1
+end

data/script/leaks_harness.rb

@@ -0,0 +1,64 @@
+# frozen_string_literal: true
+
+# Exercise script for the malloc-leak gate (script/check_leaks.rb runs this
+# under macOS `leaks --atExit`). It loops the public surface - parsing, queries,
+# serialization, mutation, fragments, the Builder, XPathContext - and, crucially,
+# RESCUED FAILURE paths (raises that skip cleanup are where leaks hide; both
+# leaks this gate was built on lived there or in a transient-document path).
+#
+# A per-call leak shows up as a leak stack with ~ITERATIONS instances, which the
+# driver flags; one-time/Init allocations stay at 1-2 instances and pass.
+
+require "makiri"
+
+ITERATIONS = Integer(ENV.fetch("LEAKS_ITERATIONS", "120"))
+
+HTML = "<div id=m class='a b'><ul><li class=item>x</li><li>y<svg><path/></svg></li></ul><p>t&amp;</p></div>"
+XML  = %(<r xmlns:p="urn:p" xmlns="urn:d"><a id="1">t</a><p:b/><!--c--><![CDATA[z]]></r>)
+
+handler = Class.new { def my_fn(nodes) = nodes.length.to_s }.new
+
+ITERATIONS.times do |i|
+  # --- HTML: parse / query / serialize / mutate / fragments ---
+  d = Makiri::HTML(HTML)
+  d.css("li.item"); d.at_css("#m"); d.at_css("li").matches?("li")
+  begin d.css("li[") rescue Makiri::CSS::SyntaxError; end             # selector syntax error (engine reset path)
+  d.xpath("//li"); d.at_xpath("//p"); d.xpath("count(//li)")
+  begin d.xpath("//li[") rescue Makiri::XPath::SyntaxError; end       # parse failure (partial-AST/step cleanup)
+  begin d.xpath("//li", handler) rescue nil; end
+  d.xpath("//*[local-name()='path']")
+  d.to_html; d.at_css("ul").inner_html; d.to_html(pretty: true); d.text
+  e = d.at_css("li"); e["k#{i}"] = "v"; e.name = "li2"; e.content = "c"
+  e.set_attribute_ns("urn:x", "x:y", "1"); e.remove_attribute_ns("urn:x", "y")
+  d.at_css("ul").inner_html = "<li>new</li>"                          # transient fragment document path
+  frag = d.fragment("<b>f</b>"); d.at_css("p") << frag
+  Makiri::DocumentFragment.parse("<tr><td>1</td></tr>", context: "tbody")
+  d.at_css("p").clone_node(true); d.dup
+  begin d.fragment("x", context: "no-such-tag") rescue ArgumentError; end
+
+  # --- XML: parse (ok + failures) / query / serialize / mutate / Builder ---
+  x = Makiri::XML(XML)
+  begin Makiri::XML("<r>\xC3</r>".b) rescue Makiri::XML::SyntaxError; end
+  begin Makiri::XML("<r><a></r>")    rescue Makiri::XML::SyntaxError; end
+  begin Makiri::XML("<r/>", max_bytes: 1) rescue Makiri::XML::LimitExceeded; end
+  begin Makiri::XML(%(<?xml version="1.1"?><r/>)) rescue Makiri::XML::SyntaxError; end
+  x.xpath("//d:a", "d" => "urn:d"); x.at_xpath("//p:b", "p" => "urn:p")
+  begin x.xpath("//unbound:a") rescue Makiri::Error; end
+  x.css("a"); x.at_css("p|b", "p" => "urn:p")
+  begin x.css("a[") rescue Makiri::CSS::SyntaxError; end
+  x.to_xml; x.to_xml(pretty: true); x.root.canonicalize
+  el = x.create_element("n", "t", "k" => "v"); x.root.add_child(el)
+  begin x.root.add_child(x.create_element("zz:q")) rescue Makiri::Error; end
+  x.root.children.first.replace(x.create_element("rep")); x.fragment("<f1/><f2/>")
+  Makiri::XML::Builder.new { |b| b.root("xmlns:d" => "urn:d") { b.item("a"); b["d"].q } }.to_xml
+
+  # --- XPathContext: AST cache / registrations / failing evaluate ---
+  ctx = Makiri::XPathContext.new(x)
+  ctx.register_namespace("d", "urn:d"); ctx.register_variable("v", "1")
+  ctx.evaluate("//d:a[@id=$v]"); ctx.evaluate("//d:a[@id=$v]")
+  begin ctx.evaluate("//(") rescue Makiri::XPath::SyntaxError; end
+end
+
+GC.start
+GC.start
+puts "leaks harness done (#{ITERATIONS} iterations)"

data/vendor/lexbor/CMakeLists.txt

@@ -203,6 +203,12 @@ ENDFOREACH()
 ## First, need to add target for shared and static library
 IF(LEXBOR_BUILD_SHARED)
     add_library(${LEXBOR_LIB_NAME} SHARED ${LEXBOR_SOURCES})
+    if(UNIX)
+        set_target_properties(${LEXBOR_LIB_NAME} PROPERTIES SOVERSION ${PROJECT_VERSION_MAJOR} VERSION ${PROJECT_VERSION})
+    endif()
+    if ((WIN32) AND (CMAKE_VERSION VERSION_GREATER_EQUAL "3.27"))
+        set_target_properties(${LEXBOR_LIB_NAME} PROPERTIES DLL_NAME_WITH_SOVERSION 1)
+    endif()
     target_include_directories(${LEXBOR_LIB_NAME} PUBLIC $<BUILD_INTERFACE:${LEXBOR_SOURCE}>
                                                          $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>)
     target_compile_definitions(${LEXBOR_LIB_NAME} PRIVATE "LEXBOR_BUILDING")

data/vendor/lexbor/README.md

@@ -39,6 +39,7 @@ https://lexbor.com/modules/.
 - **[SerpApi](https://serpapi.com/)** — uses Lexbor in production for HTML parsing at scale
 - **[Selectolax](https://github.com/rushter/selectolax)** — popular Python library for fast web scraping
 - **[Nokolexbor](https://github.com/serpapi/nokolexbor)** — high-performance Nokogiri alternative for Ruby
+- **[Nordstjernen](https://github.com/nordstjernen-web/nordstjernen)** - Web browser written entirely in C
 
 [More bindings](#external-bindings-and-wrappers) available for Elixir, Crystal, D, Julia, Erlang.
 
@@ -215,6 +216,7 @@ The `liblexbor-html` library already contains all the pointers to the required d
 
 ## External Bindings and Wrappers
 
+* [Elixir](https://github.com/dashbitco/lazy_html) Fast HTML parsing and querying. Default HTML engine in Phoenix LiveViewTest (since LiveView 1.1).
 * [Elixir](https://git.pleroma.social/pleroma/elixir-libraries/fast_html) binding for the HTML module (since 2.0 version)
 * [Erlang](https://hex.pm/packages/lexbor_erl) Fast HTML5 Parser with CSS selectors and DOM manipulation (since 2.6.0 version)
 * [Crystal](https://github.com/kostya/lexbor) Fast HTML5 Parser with CSS selectors for Crystal language
@@ -227,6 +229,16 @@ The `liblexbor-html` library already contains all the pointers to the required d
 
 You can create a binding or wrapper for the `lexbor` and place the link here!
 
+## AI Policy
+
+Lexbor draws a clear line between its core library and the surrounding ecosystem.
+
+**Core library** — all source code that compiles into the distributable binary — is written entirely by humans. This is an engineering choice, not an ideological one. Lexbor is a performance-critical, standards-compliant C library where every line of code must reflect a decision its author fully understands and can defend. We use AI tools in other areas of the project and see their value clearly; the core is simply not the right place for them.
+
+AI-assisted tools are welcome and actively used for bindings, WASM builds, benchmarks, documentation, examples, tests, and other supporting work. This section is one such example — it was drafted with AI and reviewed by a human. The em dashes are a giveaway.
+
+**For contributors:** pull requests targeting core library code are expected to be human-authored. The contributor — not an AI model — performed the reasoning, made the design choices, and wrote the code. The code you submit is yours, and you can speak to the intent and correctness of every line. We are not interested in policing workflows, but if a pull request reads like AI did the thinking, it will likely be rejected.
+
 ## Documentation
 
 Available on [lexbor.com](https://lexbor.com) in [Documentation](https://lexbor.com/documentation/) section.

data/vendor/lexbor/config.cmake

@@ -167,7 +167,7 @@ MACRO(INCLUDE_MODULE_CONFIG pname module module_dir)
 
         IF(EXISTS "${conf_path}")
             set(CURRENT_LIB_NAME "${PROJECT_NAME}-${module}")
-            set(CURRENT_LIB_NAME_STATIC "${PROJECT_NAME}-${module}-static")
+            set(CURRENT_LIB_NAME_STATIC "${PROJECT_NAME}-${module}_static")
 
             include("${conf_path}")
         ENDIF()