lib: cfl: upgrade to v0.7.0

[edsiper]

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

[coderabbitai]

📝 Walkthrough

Walkthrough

CFL library enhanced from version 0.6 to 0.7 with platform-specific atomic operations (MSVC, GCC, generic pthread), recursive container containment detection to prevent cyclic structures, and systematic hardening throughout with NULL input validation, integer overflow protection, and JSON string escaping. Extensive test coverage added for atomic operations, null inputs, edge cases, and cycle prevention across all core modules.

Changes

CFL Core Library Enhancement

Layer / File(s)	Summary
Atomic Operations API and Header Infrastructure lib/cfl/include/cfl/cfl_atomic.h, lib/cfl/include/cfl/cfl.h, lib/cfl/include/cfl/cfl_*.h	New cfl_atomic.h declares cfl_atomic_initialize(), cfl_atomic_compare_exchange(), cfl_atomic_store(), cfl_atomic_load() for uint64_t operations. cfl.h includes new atomic and checksum headers. All other headers fixed with required includes (stddef.h, stdint.h, stdio.h) to resolve forward declarations and type dependencies.
Platform-Specific Atomic Implementations lib/cfl/src/cfl_atomic_msvc.c, lib/cfl/src/cfl_atomic_gcc.c, lib/cfl/src/cfl_atomic_clang.c, lib/cfl/src/cfl_atomic_generic.c	Four backend implementations: MSVC (CRITICAL_SECTION for 32-bit, intrinsics for 64-bit), GCC (__atomic builtins), Clang (dedicated __atomic wrapper), and generic (pthread_mutex_t with pthread_once bootstrap). All achieve sequential consistency.
Container Containment API and Cycle Detection lib/cfl/include/cfl/cfl_container.h, lib/cfl/src/cfl_container.c	New public API with nine functions (cfl_container_*_contains_*) and depth-guarded recursive helpers to detect whether nested containers form cycles, enabling insert validation.
List and Array Safety Hardening lib/cfl/include/cfl/cfl_list.h, lib/cfl/include/cfl/cfl_array.h, lib/cfl/src/cfl_array.c	cfl_list.h adds CFL_FALSE/CFL_TRUE macros and NULL guards in all list primitives (add, del, append, prepend, cat, size, is_empty, entry_is_orphan). cfl_array.c adds allocation overflow checks, cycle detection during append, defensive print error handling.
KV-List and Object Safety with Cycle Prevention lib/cfl/src/cfl_kvlist.c, lib/cfl/src/cfl_object.c, lib/cfl/src/cfl_kv.c	cfl_kvlist.c adds JSON string escaping, INT_MAX bounds on key_size, container cycle checks, and rewritten print with proper escaping. cfl_object.c adds containment helpers and validates object_set against cyclic assignments. cfl_kv.c hardens all functions with NULL checks and INT_MAX bounds on key/value lengths.
String/Variant/Utils Hardening with Overflow Protection lib/cfl/src/cfl_sds.c, lib/cfl/src/cfl_variant.c, lib/cfl/src/cfl_utils.c, lib/cfl/src/cfl_checksum.c	cfl_sds.c rewrites cat/printf with SIZE_MAX overflow guards and self-append support via memmove. cfl_variant.c adds JSON escaping, non-finite double handling, and INT_MAX bounds. cfl_utils.c hardens string operations with size_t arithmetic and SIZE_MAX/INT_MAX bounds. cfl_checksum.c adds NULL buffer guard.
Library Initialization and Version lib/cfl/src/cfl.c, lib/cfl/CMakeLists.txt, lib/cfl/src/CMakeLists.txt	cfl_init() now returns cfl_atomic_initialize() result. Version bumped to 0.7. Build system conditionally selects atomic backend based on compiler and links Threads when needed.
Atomic Operations Test Coverage lib/cfl/tests/atomic_operations.c	New file with multithreaded tests: atomic_initialize, atomic_basic_operations, atomic_full_width_values, atomic_operations (spawns THREAD_COUNT workers, validates final counter via compare-exchange loops).
Comprehensive Validation and Edge Case Tests lib/cfl/tests/checksum.c, lib/cfl/tests/headers.c, lib/cfl/tests/kv.c, lib/cfl/tests/kvlist.c, lib/cfl/tests/array.c, lib/cfl/tests/sds.c, lib/cfl/tests/utils.c, lib/cfl/tests/variant.c, lib/cfl/tests/object.c	New and expanded test files validate: NULL input handling, cycle/containment rejection, embedded NUL keys, string escaping, non-finite doubles, self-append, write failures on /dev/full, container reuse rejection across all core modules.
Test Infrastructure and Build Configuration lib/cfl/tests/CMakeLists.txt	Adds atomic_operations.c, checksum.c, headers.c to test files. Discovers Threads on non-Windows. Links Threads::Threads for atomic tests. Generates compile-only header test executables. Applies AddressSanitizer when enabled.
Documentation, Agents Guidelines, and CI Updates lib/cfl/README.md, lib/cfl/AGENTS.md, lib/cfl/.github/workflows/build.yaml, lib/cfl/.github/workflows/lint.yaml, lib/cfl/.github/workflows/packages.yaml	README restructured with detailed API docs (Core/Data Structures/Utilities/Support Headers). New AGENTS.md defines repository guidelines. Workflows upgrade to actions/checkout v6, artifact v6/v7, Windows 2022, Debian Buster archives, and cmake docker container.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• fluent/fluent-bit#11041: Modifies CFL public API and variant-based property handling that interacts with container types and new cycle detection added in this PR.

Suggested labels

docs-required

Suggested reviewers

• cosmo0920
• patrick-stephens
• celalettin1286

Poem

🐰 With atoms locked and cycles caught,
The CFL grows safer than thought—
No NULL shall pass, no int shall spill,
Bounds checked with lockstep and will,
Tests multithreaded, edge cases all,
A hardened library stands tall! 🔐

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 4.08% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'lib: cfl: upgrade to v0.7.0' clearly and concisely summarizes the main change: upgrading the CFL library to version 0.7.0, which aligns with the PR objectives and the comprehensive changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cfl-0.7.0

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c80159a0c0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Link libatomic for GCC/Clang atomic builtins

When CFL is built with GCC/Clang on targets that cannot inline 64-bit __atomic_* operations (for example several 32-bit embedded architectures), this branch selects cfl_atomic_gcc.c/cfl_atomic_clang.c but never adds -latomic; the new implementation uses 64-bit __atomic_compare_exchange, __atomic_store_n, and __atomic_load_n, so executables that reference the new cfl_atomic_* API can fail at link time with unresolved __atomic_*_8 symbols. Please either probe/link atomic for these compiler branches or fall back to the mutex implementation when the builtins are not linkable.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

lib/cfl/AGENTS.md (1)

1-77: ⚡ Quick win

Keep vendor bump PRs free of local process docs

Please avoid introducing lib/cfl/AGENTS.md in this dependency-upgrade PR. For Line 1 onward, this adds repo-local workflow policy inside vendored code and will likely increase drift/merge friction on future upstream CFL syncs. Consider moving this guidance to a top-level maintainer doc (or a separate PR) and keeping this PR limited to the v0.7.0 vendor update.

Based on learnings: "Prefer minimal patches that avoid unrelated formatting or refactoring churn" and "Do not mix unrelated code and documentation updates in one commit unless explicitly requested."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/cfl/AGENTS.md` around lines 1 - 77, Remove lib/cfl/AGENTS.md from this
vendor bump PR and keep the change focused on the v0.7.0 dependency update;
either relocate the guidance into a top-level maintainer document (e.g.,
MAINTAINERS.md) or open a separate PR for workflow/process docs, and ensure the
commit/PR only contains the vendor upgrade files referenced in this diff.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@lib/cfl/src/cfl_sds.c`:
- Around line 227-229: The bounds check in cfl_sds.c for self-append slice
validation is off-by-one: replace the conditional that currently uses "if
(append_len - 1 > head->alloc - source_offset)" with a comparison using ">=" so
that when the source slice ends exactly at head->alloc it is rejected; update
the check around the variables append_len, source_offset and head->alloc in the
same block (the self-append slice validation) to use ">=" to prevent reading
s[head->alloc].

---

Nitpick comments:
In `@lib/cfl/AGENTS.md`:
- Around line 1-77: Remove lib/cfl/AGENTS.md from this vendor bump PR and keep
the change focused on the v0.7.0 dependency update; either relocate the guidance
into a top-level maintainer document (e.g., MAINTAINERS.md) or open a separate
PR for workflow/process docs, and ensure the commit/PR only contains the vendor
upgrade files referenced in this diff.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f9000ea8-4e50-4221-a359-e81fc01b0ac0

📥 Commits

Reviewing files that changed from the base of the PR and between 7299905 and c80159a.

📒 Files selected for processing (45)

• lib/cfl/.github/workflows/build.yaml
• lib/cfl/.github/workflows/lint.yaml
• lib/cfl/.github/workflows/packages.yaml
• lib/cfl/AGENTS.md
• lib/cfl/CMakeLists.txt
• lib/cfl/README.md
• lib/cfl/include/cfl/cfl.h
• lib/cfl/include/cfl/cfl_array.h
• lib/cfl/include/cfl/cfl_atomic.h
• lib/cfl/include/cfl/cfl_checksum.h
• lib/cfl/include/cfl/cfl_container.h
• lib/cfl/include/cfl/cfl_kv.h
• lib/cfl/include/cfl/cfl_kvlist.h
• lib/cfl/include/cfl/cfl_list.h
• lib/cfl/include/cfl/cfl_object.h
• lib/cfl/include/cfl/cfl_sds.h
• lib/cfl/include/cfl/cfl_time.h
• lib/cfl/include/cfl/cfl_utils.h
• lib/cfl/include/cfl/cfl_variant.h
• lib/cfl/src/CMakeLists.txt
• lib/cfl/src/cfl.c
• lib/cfl/src/cfl_array.c
• lib/cfl/src/cfl_atomic_clang.c
• lib/cfl/src/cfl_atomic_gcc.c
• lib/cfl/src/cfl_atomic_generic.c
• lib/cfl/src/cfl_atomic_msvc.c
• lib/cfl/src/cfl_checksum.c
• lib/cfl/src/cfl_container.c
• lib/cfl/src/cfl_kv.c
• lib/cfl/src/cfl_kvlist.c
• lib/cfl/src/cfl_object.c
• lib/cfl/src/cfl_sds.c
• lib/cfl/src/cfl_utils.c
• lib/cfl/src/cfl_variant.c
• lib/cfl/tests/CMakeLists.txt
• lib/cfl/tests/array.c
• lib/cfl/tests/atomic_operations.c
• lib/cfl/tests/checksum.c
• lib/cfl/tests/headers.c
• lib/cfl/tests/kv.c
• lib/cfl/tests/kvlist.c
• lib/cfl/tests/object.c
• lib/cfl/tests/sds.c
• lib/cfl/tests/utils.c
• lib/cfl/tests/variant.c

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Off-by-one error in self-append slice validation.

The check on line 227 should use >= instead of >. When the source slice ends exactly at head->alloc, the last byte is out of bounds.

Example: if head->alloc = 10, source_offset = 5, and append_len = 6, the code attempts to read s[10] which is beyond the allocated buffer (valid indices are 0-9), but the current check 5 > 5 evaluates to false and allows it.

🔧 Proposed fix

-        if (append_len - 1 > head->alloc - source_offset) {
+        if (append_len > head->alloc - source_offset) {
             return NULL;
         }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@lib/cfl/src/cfl_sds.c` around lines 227 - 229, The bounds check in cfl_sds.c
for self-append slice validation is off-by-one: replace the conditional that
currently uses "if (append_len - 1 > head->alloc - source_offset)" with a
comparison using ">=" so that when the source slice ends exactly at head->alloc
it is rejected; update the check around the variables append_len, source_offset
and head->alloc in the same block (the self-append slice validation) to use ">="
to prevent reading s[head->alloc].