rigortype 0.1.6 → 0.1.8

data/lib/rigor/analysis/runner.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "prism"
+require "tmpdir"
 
 require_relative "../environment"
 require_relative "../scope"
@@ -104,6 +105,9 @@ module Rigor
         @signature_paths_snapshot = [].freeze
         @cached_plugin_prepare_diagnostics = [].freeze
         @project_discovered_classes = {}.freeze
+        @project_discovered_def_nodes = {}.freeze
+        @project_discovered_superclasses = {}.freeze
+        @project_discovered_includes = {}.freeze
       end
 
       # ADR-pending editor mode — present when the runner is wired
@@ -241,6 +245,16 @@ module Rigor
         # can share parses with the existing scanner passes.
         @project_discovered_classes =
           Inference::ScopeIndexer.discovered_classes_for_paths(expansion.fetch(:files), buffer: @buffer)
+        # ADR-24 slice 2 — cross-file def-node + class->superclass
+        # index so an implicit-self call inside a subclass
+        # resolves a superclass `def` declared in a sibling
+        # file. One extra parse pass over the project; shares
+        # the cost profile of the class-discovery pass above.
+        def_index =
+          Inference::ScopeIndexer.discovered_def_index_for_paths(expansion.fetch(:files), buffer: @buffer)
+        @project_discovered_def_nodes = def_index.fetch(:def_nodes)
+        @project_discovered_superclasses = def_index.fetch(:superclasses)
+        @project_discovered_includes = def_index.fetch(:includes)
       end
 
       # Internal: adopts a frozen {ProjectScan} snapshot supplied
@@ -278,7 +292,7 @@ module Rigor
         return [] if files.empty?
 
         if pool_mode?
-          analyze_files_in_pool(files)
+          dispatch_pool(files)
         else
           environment = resolve_sequential_environment
           result = files.flat_map { |path| analyze_file(path, environment) }
@@ -460,6 +474,34 @@ module Rigor
         @buffer.nil?
       end
 
+      # ADR-15 Amendment (2026-05-20) — worker-pool backend selector.
+      # `fork` is the active backend: separate processes sidestep both
+      # the Ruby Bug #22075 use-after-free and the worker-side
+      # `Ractor::IsolationError` that make the Ractor pool unusable
+      # (see the ADR-15 Amendment +
+      # docs/notes/20260520-ractor-pool-cruby-uaf.md). The Ractor pool
+      # is preserved but off the default path — `RIGOR_POOL_BACKEND=ractor`
+      # opts back in so it stays testable. Platforms without `fork`
+      # (Windows) fall back to sequential.
+      def pool_backend
+        return :ractor if ENV["RIGOR_POOL_BACKEND"] == "ractor"
+        return :fork if Process.respond_to?(:fork)
+
+        :sequential
+      end
+
+      # Routes pool-mode analysis to the selected backend.
+      def dispatch_pool(files)
+        case pool_backend
+        when :ractor then analyze_files_in_pool(files)
+        when :fork   then analyze_files_in_fork_pool(files)
+        else
+          analyze_files_sequentially_fallback(
+            files, reason: "fork-based parallelism is unavailable on this platform"
+          )
+        end
+      end
+
       # Coordinator-side Environment used by the sequential code
       # path. Pool mode builds one Environment per worker inside
       # the worker Ractor's body instead.
@@ -598,6 +640,122 @@ module Rigor
         Array(prepare_diagnostics) + files.flat_map { |path| results_by_path.fetch(path, []) }
       end
 
+      # ADR-15 Amendment (2026-05-20) — fork-based worker pool, the
+      # active backend for `workers > 0`. Builds ONE {WorkerSession}
+      # on the parent, then `fork`s N children that copy-on-write
+      # inherit it. Each child analyses a contiguous slice of `files`
+      # and writes a Marshal'd `{results:, reporters:}` payload to a
+      # temp file; the parent `Process.wait`s every child, merges the
+      # payloads, and re-orders diagnostics by original path order.
+      #
+      # Separate processes have separate GC heaps and `vm->ci_table`
+      # (immune to Ruby Bug #22075) and copy-on-write-inherit every
+      # constant (no `Ractor.shareable?` constraint). See the ADR-15
+      # Amendment + docs/notes/20260520-ractor-pool-cruby-uaf.md.
+      #
+      # A child that exits non-zero (crash / unmarshalable payload) is
+      # degraded: the parent re-analyses that slice in-process and
+      # prepends a `pool-degraded` warning.
+      def analyze_files_in_fork_pool(files) # rubocop:disable Metrics/AbcSize
+        Environment::ClassRegistry.default
+
+        session = WorkerSession.new(
+          configuration: @configuration,
+          cache_store: @cache_store,
+          plugin_blueprints: @plugin_registry.blueprints,
+          explain: @explain,
+          synthetic_method_index: @synthetic_method_index,
+          project_patched_methods: @project_patched_methods
+        )
+        # Force the full RBS load on the parent so children
+        # copy-on-write inherit a warm Environment rather than each
+        # rebuilding it after the fork.
+        session.environment.rbs_loader&.prewarm
+        snapshot_fork_pool_stats(session) if @collect_stats
+
+        worker_count = [@workers, files.size].min
+        slices = files.each_slice((files.size.to_f / worker_count).ceil).to_a
+        results_by_path = {}
+
+        degraded = Dir.mktmpdir("rigor-fork-pool") do |tmpdir|
+          children = slices.each_with_index.map do |slice, index|
+            out_path = File.join(tmpdir, "worker-#{index}")
+            { pid: fork { run_fork_worker(session, slice, out_path) },
+              slice: slice, out_path: out_path }
+          end
+          collect_fork_results(children, results_by_path)
+        end
+
+        unless degraded.empty?
+          degraded.each { |path| results_by_path[path] = session.analyze(path) }
+          merge_worker_reporters(session.drain_reporters)
+        end
+
+        diagnostics = Array(session.prepare_diagnostics) +
+                      files.flat_map { |path| results_by_path.fetch(path, []) }
+        degraded.empty? ? diagnostics : diagnostics.unshift(fork_degraded_diagnostic(degraded.size))
+      end
+
+      # Child-process body for {#analyze_files_in_fork_pool}. Analyses
+      # the slice with the copy-on-write-inherited session and writes
+      # the Marshal'd payload to `out_path`. `exit!` skips `at_exit` /
+      # stdio flush — the payload is already durable on disk by then.
+      def run_fork_worker(session, slice, out_path)
+        results = slice.to_h { |path| [path, session.analyze(path)] }
+        payload = { results: results, reporters: session.drain_reporters }
+        File.binwrite(out_path, Marshal.dump(payload))
+        exit!(0)
+      rescue StandardError
+        exit!(1)
+      end
+
+      # Snapshots `class_decl_paths` from the parent session's loader
+      # so end-of-run {RunStats} can attribute the RBS class universe.
+      def snapshot_fork_pool_stats(session)
+        loader = session.environment.rbs_loader
+        @class_decl_paths_snapshot = loader&.class_decl_paths || {}.freeze
+        @signature_paths_snapshot = loader&.signature_paths || [].freeze
+      end
+
+      # Waits for every forked child, merges each successful payload
+      # into `results_by_path`, and returns the file paths whose
+      # worker exited abnormally (for in-process degrade).
+      def collect_fork_results(children, results_by_path)
+        degraded = []
+        children.each do |child|
+          _, status = Process.waitpid2(child[:pid])
+          payload = fork_worker_payload(status, child[:out_path])
+          if payload
+            results_by_path.merge!(payload.fetch(:results))
+            merge_worker_reporters(payload.fetch(:reporters))
+          else
+            degraded.concat(child[:slice])
+          end
+        end
+        degraded
+      end
+
+      # @return [Hash, nil] the child's `{results:, reporters:}`
+      #   payload, or nil when the child exited abnormally or wrote no
+      #   readable payload. `Marshal.load` is safe here: the blob was
+      #   written by our own forked child to a temp file we created.
+      def fork_worker_payload(status, out_path)
+        return nil unless status.success? && File.exist?(out_path)
+
+        Marshal.load(File.binread(out_path)) # rubocop:disable Security/MarshalLoad
+      rescue StandardError
+        nil
+      end
+
+      def fork_degraded_diagnostic(count)
+        Diagnostic.new(
+          path: ".rigor.yml", line: 1, column: 1,
+          message: "fork pool degraded: #{count} file(s) re-analysed in-process " \
+                   "after a worker exited abnormally",
+          severity: :warning, rule: "pool-degraded", source_family: :builtin
+        )
+      end
+
       # End-of-run telemetry. Walks the cached
       # `class_decl_paths` snapshot (sequential mode: from
       # the coordinator's environment; pool mode: from the
@@ -1221,12 +1379,29 @@ module Rigor
         Prism.parse(File.read(physical), filepath: path, version: @configuration.target_ruby)
       end
 
+      # Seeds the cross-file project pre-pass indexes onto a
+      # fresh per-file scope: discovered classes, and the ADR-24
+      # def-node / superclass / included-module maps. Each is
+      # applied only when non-empty so a runner constructed
+      # without the project pre-pass (e.g. a single-file probe)
+      # keeps an empty seed.
+      def seed_project_scope(scope)
+        scope = scope.with_discovered_classes(@project_discovered_classes) unless @project_discovered_classes.empty?
+        unless @project_discovered_def_nodes.empty?
+          scope = scope.with_discovered_def_nodes(@project_discovered_def_nodes)
+        end
+        unless @project_discovered_superclasses.empty?
+          scope = scope.with_discovered_superclasses(@project_discovered_superclasses)
+        end
+        scope = scope.with_discovered_includes(@project_discovered_includes) unless @project_discovered_includes.empty?
+        scope
+      end
+
       def analyze_file(path, environment) # rubocop:disable Metrics/MethodLength
         parse_result = parse_source(path)
         return parse_diagnostics(path, parse_result) unless parse_result.errors.empty?
 
-        scope = Scope.empty(environment: environment, source_path: path)
-        scope = scope.with_discovered_classes(@project_discovered_classes) unless @project_discovered_classes.empty?
+        scope = seed_project_scope(Scope.empty(environment: environment, source_path: path))
         index = Inference::ScopeIndexer.index(parse_result.value, default_scope: scope)
         diagnostics = CheckRules.diagnose(
           path: path,

data/lib/rigor/analysis/worker_session.rb

@@ -38,6 +38,12 @@ module Rigor
     # - `plugin_blueprints` — Phase 3a
     #   (`Array<Plugin::Blueprint>` is `Ractor.shareable?`).
     # - `explain` — Boolean.
+    # - `synthetic_method_index` / `project_patched_methods` —
+    #   optional (default `nil`). NOT `Ractor.shareable?`, so the
+    #   Ractor pool path leaves them unset; the fork backend
+    #   (ADR-15 Amendment), which builds the session pre-fork on the
+    #   parent, threads the runner's project-scan results through so
+    #   per-file inference matches the sequential path exactly.
     #
     # Internally the session OWNS (and never shares):
     #
@@ -70,7 +76,7 @@ module Rigor
     # output (modulo severity-profile re-stamping, which the
     # session leaves to the caller because it is a per-run
     # aggregate concern).
-    class WorkerSession
+    class WorkerSession # rubocop:disable Metrics/ClassLength
       attr_reader :configuration, :cache_store, :services, :plugin_registry,
                   :dependency_source_index, :environment,
                   :rbs_extended_reporter, :boundary_cross_reporter,
@@ -88,11 +94,14 @@ module Rigor
       #   directly-unrecognised node, mirroring
       #   {Rigor::Analysis::Runner#explain_diagnostics}.
       def initialize(configuration:, cache_store: nil, # rubocop:disable Metrics/MethodLength
-                     plugin_blueprints: [], explain: false, buffer: nil)
+                     plugin_blueprints: [], explain: false, buffer: nil,
+                     synthetic_method_index: nil, project_patched_methods: nil)
         @configuration = configuration
         @cache_store = cache_store
         @explain = explain
         @buffer = buffer
+        @synthetic_method_index = synthetic_method_index
+        @project_patched_methods = project_patched_methods
 
         # NOTE: `Inference::MethodDispatcher::FileFolding.fold_platform_specific_paths`
         # is process-global state. Writing it from a non-main
@@ -127,7 +136,9 @@ module Rigor
           bundler_auto_detect: configuration.bundler_auto_detect,
           bundler_lockfile: configuration.bundler_lockfile,
           rbs_collection_lockfile: configuration.rbs_collection_lockfile,
-          rbs_collection_auto_detect: configuration.rbs_collection_auto_detect
+          rbs_collection_auto_detect: configuration.rbs_collection_auto_detect,
+          synthetic_method_index: @synthetic_method_index,
+          project_patched_methods: @project_patched_methods
         )
         @prepare_diagnostics = run_plugin_prepare.freeze
       end

data/lib/rigor/builtins/static_return_refinements.rb

@@ -53,6 +53,9 @@ module Rigor
       ).freeze
       private_constant :NON_EMPTY_STRING_OR_NIL
 
+      NON_EMPTY_STRING = Type::Combinator.non_empty_string.freeze
+      private_constant :NON_EMPTY_STRING
+
       # `Kernel#__dir__` returns the canonical directory of the
       # source file the call appears in, or `nil` when the file
       # is invalid / not available (typically `-e` and similar
@@ -62,12 +65,31 @@ module Rigor
       KERNEL_DIR = ->(_arg_types) { NON_EMPTY_STRING_OR_NIL }
       private_constant :KERNEL_DIR
 
+      # `File.expand_path(path, ?dir_string)` always returns an
+      # absolute path string. Even `File.expand_path("")` expands
+      # to the current working directory's absolute path. The
+      # upstream RBS row is `(path file_name, ?path dir_string) ->
+      # String`; the refinement tightens to `non-empty-string`.
+      #
+      # `File.dirname(path, ?level)` always returns at least `"."`
+      # (or `"/"` for absolute roots), so the return is never the
+      # empty string. Upstream RBS returns `String`; the refinement
+      # tightens to `non-empty-string`.
+      #
+      # `File.basename` is intentionally NOT refined: it returns
+      # `""` for `File.basename("")`, so `non-empty-string` would
+      # be unsound.
+      FILE_NON_EMPTY = ->(_arg_types) { NON_EMPTY_STRING }
+      private_constant :FILE_NON_EMPTY
+
       # Frozen ((owner_class_name, method_name, kind) => handler)
       # table. The kind tag is `:both`, `:singleton`, or
       # `:instance`. New entries SHOULD prefer `:both` unless the
       # singleton- and instance-side shapes genuinely differ.
       OVERRIDES = {
-        ["Kernel", :__dir__, :both] => KERNEL_DIR
+        ["Kernel", :__dir__, :both] => KERNEL_DIR,
+        ["File", :expand_path, :singleton] => FILE_NON_EMPTY,
+        ["File", :dirname, :singleton] => FILE_NON_EMPTY
       }.freeze
       private_constant :OVERRIDES