Skip to content

refactor(difc): eliminate SecrecyLabel/IntegrityLabel structural duplication via Go generics#5545

Merged
lpcox merged 5 commits into
mainfrom
copilot/duplicate-code-secrecy-integrity-labels
May 12, 2026
Merged

refactor(difc): eliminate SecrecyLabel/IntegrityLabel structural duplication via Go generics#5545
lpcox merged 5 commits into
mainfrom
copilot/duplicate-code-secrecy-integrity-labels

Conversation

Copilot AI commented May 12, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

✨ Enhancement

SecrecyLabel and IntegrityLabel in internal/difc/labels.go were structurally identical types with 6 mirrored method pairs (~34 duplicated lines), diverging only in the checkSubset boolean passed to checkFlowHelper. Any new method added to one type had to be manually mirrored.

What does this improve?

Replaces both concrete structs with a single FlowLabel[T labelKind] generic type. The four duplicate method bodies (getLabel, CanFlowTo, CheckFlow, Clone) are now defined once.

Implementation approach:

  • labelKind interface constraint — phantom kind types encode their flow semantics directly via interface methods, avoiding runtime type assertions in the hot path:

    type secrecyKind struct{}
func (secrecyKind) isSubset() bool   { return true }
func (secrecyKind) typeName() string { return "Secrecy" }

type integrityKind struct{}
func (integrityKind) isSubset() bool   { return false }
func (integrityKind) typeName() string { return "Integrity" }

  • FlowLabel[T labelKind] — single generic struct with shared methods; var kind T in each method body dispatches statically to the kind's implementation:

    func (l *FlowLabel[T]) CanFlowTo(target *FlowLabel[T]) bool {
    var kind T
    ok, _ := checkFlowHelper(l.getLabel(), target.getLabel(), kind.isSubset(), kind.typeName())
    return ok
}

  • Type aliases preserve the public API unchanged — no call sites require modification:

    type SecrecyLabel  = FlowLabel[secrecyKind]
type IntegrityLabel = FlowLabel[integrityKind]

    Direct struct literals like &SecrecyLabel{Label: nil} continue to compile correctly since FlowLabel carries no extra fields.

Copilot AI linked an issue May 12, 2026 that may be closed by this pull request
[duplicate-code] Duplicate Code Pattern: SecrecyLabel/IntegrityLabel Structural Duplication #5518
Closed
6 tasks
Copilot AI added 2 commits May 12, 2026 14:04
refactor(difc): replace SecrecyLabel/IntegrityLabel with generic Flow…
0760d80 
…Label[T]

Eliminates ~34 lines of structural duplication by introducing a single
generic FlowLabel[T any] type parameterized by phantom kinds secrecyKind
and integrityKind. The four duplicate method pairs (getLabel, CanFlowTo,
CheckFlow, Clone) are now expressed once on FlowLabel[T].

Two thin type aliases preserve the public API unchanged:
  type SecrecyLabel  = FlowLabel[secrecyKind]
  type IntegrityLabel = FlowLabel[integrityKind]

Two package-private helper functions (flowIsSubset[T], flowTypeName[T])
derive the per-kind behaviour (subset vs superset semantics, log label)
from the type parameter at compile time, so no extra fields are needed
and direct struct literals such as &SecrecyLabel{Label: nil} continue to
work correctly.

All existing tests pass without modification.
refactor(difc): use labelKind interface constraint instead of type as…
7e98577 
…sertions

Replace the flowIsSubset[T]/flowTypeName[T] free functions (which used
runtime type assertions) with a labelKind interface constraint that the
phantom kind types implement directly. The compiler can now statically
dispatch isSubset() and typeName() calls without any type switch
overhead.

No behaviour changes; all tests continue to pass.
Copilot AI changed the title [WIP] Refactor duplicate code in SecrecyLabel and IntegrityLabel refactor(difc): eliminate SecrecyLabel/IntegrityLabel structural duplication via Go generics May 12, 2026
Copilot AI requested a review from lpcox May 12, 2026 14:07
Copilot finished work on behalf of lpcox May 12, 2026 14:07
@lpcox lpcox marked this pull request as ready for review May 12, 2026 14:51
Copilot AI review requested due to automatic review settings May 12, 2026 14:51
Copilot AI reviewed May 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Refactors DIFC label types to remove duplicated logic between SecrecyLabel and IntegrityLabel by introducing a single generic FlowLabel[T] parameterized by a phantom “kind” type that encodes flow semantics.

Changes:

  • Introduces labelKind plus secrecyKind / integrityKind phantom types to encode subset/superset flow rules.
  • Replaces the two concrete label structs with type aliases to FlowLabel[...], preserving existing call sites.
  • Consolidates duplicated methods (getLabel, CanFlowTo, CheckFlow, Clone) into the generic FlowLabel[T] implementation.
Show a summary per file
File Description
internal/difc/labels.go Replaces duplicated Secrecy/Integrity label implementations with a generic FlowLabel[T] plus kind-specific semantics.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 1

Comment thread internal/difc/labels.go Outdated
@lpcox
Potential fix for pull request finding
7562d6c 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@lpcox

lpcox commented May 12, 2026

Copy link
Copy Markdown
Collaborator

@copilot fix the failing ci check

fix(difc): complete FlowLabel→flowLabel rename in method receivers
63866b1 
The previous commit renamed the generic struct type from FlowLabel to
flowLabel but left the method receivers and return types still using
the old name, causing build failures. Update all receiver and return
type references to use flowLabel[T].

Copilot AI commented May 12, 2026

Copy link
Copy Markdown
Contributor Author

@copilot fix the failing ci check

The CI failure was caused by an incomplete rename in commit 7562d6cFlowLabel was renamed to flowLabel in the struct declaration and type aliases, but the four method receivers and return types still referenced FlowLabel, which the compiler rejected. Fixed in the latest commit by updating all remaining *FlowLabel[T] references to *flowLabel[T].

Copilot finished work on behalf of lpcox May 12, 2026 15:13
@lpcox lpcox merged commit ea4796b into main May 12, 2026
16 checks passed
@lpcox lpcox deleted the copilot/duplicate-code-secrecy-integrity-labels branch May 12, 2026 15:22
This was referenced May 12, 2026
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lpcox lpcox Awaiting requested review from lpcox

Assignees

@lpcox lpcox

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[duplicate-code] Duplicate Code Pattern: SecrecyLabel/IntegrityLabel Structural Duplication

3 participants

@lpcox