Review C code changes for correctness, safety, and style. Use this when you want to review C code changes or PRs.
Systematically bisect an end-to-end performance regression between two refs (tags/branches/commits) down to the exact offending commit(s). Use this when CI/customer benchmarks show one version is measurably slower than another and you need to attribute the cost to specific PRs.
Run full verification before committing or creating a PR. Use this when you want to create a PR.
Review Rust code changes for unsafe correctness, security and robustness, documentation quality, and C-to-Rust porting fidelity. Use this when you want to review Rust changes before merging.
Compile the project to verify changes build successfully. Use this to verify your changes build properly together with the complete project and dependencies, and make sure to use it before running end to end tests.
Investigate a RediSearch flaky-test report from a Jira key, CI failure, test id, or local logs. Use this to collect evidence, identify a supported root cause, and propose a real fix; if the evidence is insufficient, say so and ask for the missing data instead of suggesting workaround-only fixes or skip_until.
Fix merge conflicts in a jj change and its ancestors, starting from the oldest conflict. Use this when a jj change or its ancestors have conflicts that need resolving.
| name | code-review |
| description | Review C code changes for correctness, safety, and style. Use this when you want to review C code changes or PRs. |
Review C code changes for memory safety, thread safety, Redis Module API correctness, and project conventions.
The input specifies what to review. Exactly one of the following forms:
Changesets:
<commit> or <commit1>..<commit2>: Git commit(s) — uses git diff / git show.pr:<number>: GitHub pull request — fetches the PR diff.Source files or directories:
<path>: Path to a C file or directory.<path1> <path2>: Multiple files or directories.If a path doesn't include src/, assume it to be in the src/ directory.
E.g. concurrent_ctx becomes src/concurrent_ctx.
If a path points to a directory, review all .c and .h files in that directory (recursively).
No argument: default to reviewing uncommitted working-tree changes (git diff).
Optional flags:
--include-nits: include minor style, formatting, naming, and preference comments
as non-blocking suggestions. Nits must still be actionable, non-duplicate, and grouped
by root cause when the same pattern appears in multiple places.When reviewing a GitHub PR:
When reviewing a changeset (commits or PR), obtain the full diff of C files:
# Single commit
git show <commit> -- '*.c' '*.h'
# Commit range
git diff <commit1>..<commit2> -- '*.c' '*.h'
For a GitHub PR (pr:<number>):
git fetch origin refs/pull/<number>/head
git diff origin/master...FETCH_HEAD -- '*.c' '*.h'
Read the full source of every C file that was added or significantly modified so that you have complete context (not just the diff hunks).
When reviewing source files or directories, read the full source of every .c and .h
file and review them in their entirety.
Run every check below on the changed C code. For each violation found, record:
rm_malloc / rm_calloc / rm_realloc has a matching rm_free on all code paths,
including error paths.goto cleanup pattern is used correctly: all resources allocated before the goto are
freed in the cleanup label, and resources not yet allocated are initialized to NULL so
that rm_free(NULL) is safe.NULL after free if they might be freed again in cleanup.Buffer_Write, Buffer_Read) check capacity before writing.ConcurrentSearchCtx / ConcurrentCTX is used correctly for thread handoff.GIL (Global Interpreter Lock) assumptions are documented when relevant.RedisModule_* functions must be called with the Redis global lock (GIL) held.
The GIL can be acquired via RedisModule_ThreadSafeContextLock (blocking) or
RedisModule_ThreadSafeContextTryLock (non-blocking; must check return value
and skip the API call on failure). Code running on worker threads (after
ConcurrentSearchCtx releases the lock) must not call Redis Module API
functions until the GIL is re-acquired.RedisModuleCtx is not used after the command handler returns or after the
blocked client is freed.RedisModule_AutoMemory scope is understood: auto-freed objects must not be
manually freed (and vice versa).RedisModule_ReplyWith* calls match the expected RESP protocol for the command.RedisModule_BlockClient / UnblockClient) correctly
handle client disconnection (the disconnect callback must clean up resources).RedisModule_CreateString / RedisModule_FreeString are paired correctly, accounting
for AutoMemory.int use REDISMODULE_OK / REDISMODULE_ERR consistently.RedisModule_ReplyWithError are descriptive.Only applies when changes touch src/rdb.c or serialization logic:
if (version >= X)).size_t, int, t_docId (uint64_t), t_fieldId (uint16_t) are
checked for truncation or sign issues.RedisModule_OpenKey, RedisModule_CallReplyStringPtr, etc.)
are checked for NULL before use.--include-nits is requested,
minor style, formatting, naming, or preference issues may be reported as
non-blocking suggestions..clang-format conventions (2-space indent, 100-col limit, attached braces).ModuleName_FunctionName naming.TODO or FIXME comments without a tracking issue reference.Treat security-sensitive C issues as in scope for automated review. Prioritize findings that can lead to crashes, memory corruption, data exposure, unauthorized access, or denial of service.
Check especially for:
RedisModuleCtx
usage, and blocked-client/context lifetime bugs.For any security-sensitive finding, state the concrete impact and the input or code path that can trigger it.
Only applies when reviewing a PR (not files or commits directly):
This PR requires release notes
or This PR does not require release notes). CI will fail if neither or both
are checked.Report only actionable, non-duplicate findings.
For each finding include:
Omit checklist sections with no findings. Do not include "No issues found" for every section.
At the end, provide a short summary: