fix: scan only direct aggregate members

AccessPlanner previously walked the full aggregate DIE subtree when resolving
a member chain. That let members of nested C++ types match as if they were
direct members of the parent aggregate, so invalid accesses such as
`o.shadow` could compile instead of failing.

Switch member lookup to direct DW_TAG_member children only, and add an e2e
regression that accepts `o.nested.shadow` while rejecting `o.shadow`.

Author: swananan

e2e-tests/tests/cpp_script_execution.rs

@@ -4,6 +4,24 @@ mod common;
 
 use common::{init, FIXTURES};
 
+const CPP_NESTED_MEMBER_TRACE_LINE: u32 = 44;
+
+async fn compile_cpp_complex_script(
+    script: &str,
+) -> anyhow::Result<ghostscope_compiler::CompilationResult> {
+    let binary_path = FIXTURES.get_test_binary("cpp_complex_program")?;
+    let mut analyzer = ghostscope_dwarf::DwarfAnalyzer::from_exec_path(&binary_path)
+        .await
+        .map_err(|e| anyhow::anyhow!("failed to load DWARF for cpp_complex_program: {e}"))?;
+    let compile_options = ghostscope_compiler::CompileOptions {
+        binary_path_hint: Some(binary_path.to_string_lossy().into_owned()),
+        ..Default::default()
+    };
+
+    ghostscope_compiler::compile_script(script, &mut analyzer, None, Some(1), &compile_options)
+        .map_err(|e| anyhow::anyhow!("compile_script failed: {e}"))
+}
+
 async fn run_ghostscope_with_script_for_target(
     script_content: &str,
     timeout_secs: u64,
@@ -31,6 +49,56 @@ async fn spawn_cpp_complex_program() -> anyhow::Result<common::targets::TargetHa
     Ok(target)
 }
 
+#[tokio::test]
+async fn test_cpp_nested_type_direct_child_member_access_is_not_recursive() -> anyhow::Result<()> {
+    init();
+
+    let binary_path = FIXTURES.get_test_binary("cpp_complex_program")?;
+    let source_path = binary_path
+        .parent()
+        .ok_or_else(|| anyhow::anyhow!("cpp_complex_program has no parent directory"))?
+        .join("main.cpp");
+
+    let valid_script = format!(
+        r#"
+trace {}:{CPP_NESTED_MEMBER_TRACE_LINE} {{
+    print o.nested.shadow;
+}}
+"#,
+        source_path.display()
+    );
+    let valid = compile_cpp_complex_script(&valid_script).await?;
+    assert!(
+        !valid.uprobe_configs.is_empty(),
+        "expected valid o.nested.shadow to compile; target_info={} failed_targets={:?}",
+        valid.target_info,
+        valid.failed_targets
+    );
+
+    let invalid_script = format!(
+        r#"
+trace {}:{CPP_NESTED_MEMBER_TRACE_LINE} {{
+    print o.shadow;
+}}
+"#,
+        source_path.display()
+    );
+    if let Ok(invalid) = compile_cpp_complex_script(&invalid_script).await {
+        assert!(
+            invalid.uprobe_configs.is_empty(),
+            "expected o.shadow to be rejected because shadow is only a member of o.nested; target_info={} failed_targets={:?}",
+            invalid.target_info,
+            invalid.failed_targets
+        );
+        assert!(
+            !invalid.failed_targets.is_empty(),
+            "expected at least one failed target for invalid o.shadow access"
+        );
+    }
+
+    Ok(())
+}
+
 #[tokio::test]
 async fn test_cpp_script_print_globals() -> anyhow::Result<()> {
     init();

e2e-tests/tests/fixtures/cpp_complex_program/main.cpp

@@ -2,6 +2,7 @@
 #include <string>
 #include <thread>
 #include <chrono>
+#include <cstdint>
 
 int g_counter = 0;
 const char* g_msg = "hello cpp";
@@ -10,6 +11,17 @@ static int s_internal = 123;
 namespace ns1 {
 struct Point { int x; int y; };
 
+struct Outer {
+    struct Nested {
+        int shadow;
+        int payload;
+    };
+
+    int tag;
+    Nested nested;
+    int tail;
+};
+
 class Foo {
 public:
     static int s_val;
@@ -22,6 +34,17 @@ int Foo::s_val = 7;
 __attribute__((noinline)) int add(int a, int b) { return a + b; }
 __attribute__((noinline)) int add(double a, double b) { return (int)(a + b); }
 
+__attribute__((noinline)) int nested_member_probe(int v) {
+    volatile Outer outer = {
+        101,
+        {202 + v, 303},
+        404,
+    };
+    Outer* o = (Outer*)&outer;
+    volatile std::uintptr_t sink = (std::uintptr_t)o + (std::uintptr_t)o->nested.shadow;
+    return (int)sink;
+}
+
 // Variables purposely ending with ::h and ::h264 to validate demangled leaf handling
 int h = 5;
 int h264 = 7;
@@ -40,6 +63,7 @@ int main() {
         acc += f.bar(i);
         acc += ns1::add(i, i+1);
         acc += ns1::add(1.5, 2.5);
+        acc += ns1::nested_member_probe(i);
         touch_globals();
         std::this_thread::sleep_for(std::chrono::milliseconds(1000));
     }

ghostscope-dwarf/src/objfile/access_planner.rs

@@ -159,11 +159,15 @@ impl<'dwarf> AccessPlanner<'dwarf> {
                     let header_now2 = self.dwarf.unit_header(current_cu_off)?;
                     let unit_now2 = self.dwarf.unit(header_now2)?;
                     let def_die = unit_now2.entry(def_off)?;
-                    // Scan members for the field
-                    let mut entries = unit_now2.entries_at_offset(def_die.offset())?;
-                    let _ = entries.next_entry()?; // self
+                    // Only direct DW_TAG_member children belong to this aggregate.
+                    // Nested class/struct DIEs may appear under a C++ aggregate, but
+                    // their members are not direct members of the parent type.
+                    let mut tree = unit_now2.entries_tree(Some(def_die.offset()))?;
+                    let root = tree.root()?;
+                    let mut children = root.children();
                     let mut found_member = false;
-                    while let Some(e) = entries.next_dfs()? {
+                    while let Some(child) = children.next()? {
+                        let e = child.entry();
                         if e.tag() == gimli::DW_TAG_member {
                             if let Some(attr) = e.attr(gimli::DW_AT_name) {
                                 if let Ok(s) = self.dwarf.attr_string(&unit_now2, attr.value()) {