wip

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -13,78 +13,98 @@ private import TypeMention
 private import TypeInference
 private import FunctionType
 
-pragma[nomagic]
-private Type resolveNonTypeParameterTypeAt(PreTypeMention tm, TypePath path) {
-  result = tm.getTypeAt(path) and
-  not result instanceof TypeParameter
-}
+signature Type resolveTypeMentionAtSig(AstNode tm, TypePath path);
 
-bindingset[t1, t2]
-private predicate typeMentionEqual(PreTypeMention t1, PreTypeMention t2) {
-  forex(TypePath path, Type type | resolveNonTypeParameterTypeAt(t1, path) = type |
-    resolveNonTypeParameterTypeAt(t2, path) = type
-  )
-}
+private module MkSiblingImpls<resolveTypeMentionAtSig/2 resolveTypeMentionAt> {
+  pragma[nomagic]
+  private Type resolveNonTypeParameterTypeAt(AstNode tm, TypePath path) {
+    result = resolveTypeMentionAt(tm, path) and
+    not result instanceof TypeParameter
+  }
 
-pragma[nomagic]
-private predicate implSiblingCandidate(
-  Impl impl, TraitItemNode trait, Type rootType, PreTypeMention selfTy
-) {
-  trait = impl.(ImplItemNode).resolveTraitTy() and
-  selfTy = impl.getSelfTy() and
-  rootType = selfTy.getType()
-}
+  bindingset[t1, t2]
+  private predicate typeMentionEqual(AstNode t1, AstNode t2) {
+    forex(TypePath path, Type type | resolveNonTypeParameterTypeAt(t1, path) = type |
+      resolveNonTypeParameterTypeAt(t2, path) = type
+    )
+  }
 
-pragma[nomagic]
-private predicate blanketImplSiblingCandidate(ImplItemNode impl, Trait trait) {
-  impl.isBlanketImplementation() and
-  trait = impl.resolveTraitTy()
-}
+  pragma[nomagic]
+  private predicate implSiblingCandidate(
+    Impl impl, TraitItemNode trait, Type rootType, AstNode selfTy
+  ) {
+    trait = impl.(ImplItemNode).resolveTraitTy() and
+    selfTy = impl.getSelfTy() and
+    rootType = resolveTypeMentionAt(selfTy, TypePath::nil())
+  }
 
-/**
- * Holds if `impl1` and `impl2` are a sibling implementations of `trait`. We
- * consider implementations to be siblings if they implement the same trait for
- * the same type. In that case `Self` is the same type in both implementations,
- * and method calls to the implementations cannot be resolved unambiguously
- * based only on the receiver type.
- */
-pragma[inline]
-private predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
-  impl1 != impl2 and
-  (
-    exists(Type rootType, PreTypeMention selfTy1, PreTypeMention selfTy2 |
-      implSiblingCandidate(impl1, trait, rootType, selfTy1) and
-      implSiblingCandidate(impl2, trait, rootType, selfTy2) and
-      // In principle the second conjunct below should be superflous, but we still
-      // have ill-formed type mentions for types that we don't understand. For
-      // those checking both directions restricts further. Note also that we check
-      // syntactic equality, whereas equality up to renaming would be more
-      // correct.
-      typeMentionEqual(selfTy1, selfTy2) and
-      typeMentionEqual(selfTy2, selfTy1)
+  pragma[nomagic]
+  private predicate blanketImplSiblingCandidate(ImplItemNode impl, Trait trait) {
+    impl.isBlanketImplementation() and
+    trait = impl.resolveTraitTy()
+  }
+
+  /**
+   * Holds if `impl1` and `impl2` are a sibling implementations of `trait`. We
+   * consider implementations to be siblings if they implement the same trait for
+   * the same type. In that case `Self` is the same type in both implementations,
+   * and method calls to the implementations cannot be resolved unambiguously
+   * based only on the receiver type.
+   */
+  pragma[inline]
+  predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
+    impl1 != impl2 and
+    (
+      exists(Type rootType, AstNode selfTy1, AstNode selfTy2 |
+        implSiblingCandidate(impl1, trait, rootType, selfTy1) and
+        implSiblingCandidate(impl2, trait, rootType, selfTy2) and
+        // In principle the second conjunct below should be superflous, but we still
+        // have ill-formed type mentions for types that we don't understand. For
+        // those checking both directions restricts further. Note also that we check
+        // syntactic equality, whereas equality up to renaming would be more
+        // correct.
+        typeMentionEqual(selfTy1, selfTy2) and
+        typeMentionEqual(selfTy2, selfTy1)
+      )
+      or
+      blanketImplSiblingCandidate(impl1, trait) and
+      blanketImplSiblingCandidate(impl2, trait)
     )
-    or
-    blanketImplSiblingCandidate(impl1, trait) and
-    blanketImplSiblingCandidate(impl2, trait)
-  )
+  }
+
+  /**
+   * Holds if `impl` is an implementation of `trait` and if another implementation
+   * exists for the same type.
+   */
+  pragma[nomagic]
+  predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
+
+  pragma[nomagic]
+  predicate implHasAmbigousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
+    exists(ImplItemNode impl2, Type t |
+      implSiblings(trait, impl, impl2) and
+      t = resolveNonTypeParameterTypeAt(impl.getTraitPath(), path) and
+      t != resolveNonTypeParameterTypeAt(impl2.getTraitPath(), path)
+    )
+  }
 }
 
-/**
- * Holds if `impl` is an implementation of `trait` and if another implementation
- * exists for the same type.
- */
-pragma[nomagic]
-private predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
+private Type resolvePreTypeMention(AstNode tm, TypePath path) {
+  result = tm.(PreTypeMention).getTypeAt(path)
+}
 
-pragma[nomagic]
-predicate implHasAmbigousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
-  exists(ImplItemNode impl2 |
-    implSiblings(trait, impl, impl2) and
-    resolveNonTypeParameterTypeAt(impl.getTraitPath(), path) !=
-      resolveNonTypeParameterTypeAt(impl2.getTraitPath(), path)
-  )
+private module PreSiblingImpls = MkSiblingImpls<resolvePreTypeMention/2>;
+
+predicate preImplHasAmbigousSiblingAt = PreSiblingImpls::implHasAmbigousSiblingAt/3;
+
+private Type resolveTypeMention(AstNode tm, TypePath path) {
+  result = tm.(TypeMention).getTypeAt(path)
 }
 
+private module SiblingImpls = MkSiblingImpls<resolveTypeMention/2>;
+
+import SiblingImpls
+
 /**
  * Holds if `f` is a function declared inside `trait`, and the type of `f` at
  * `pos` and `path` is `traitTp`, which is a type parameter of `trait`.

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -2827,6 +2827,7 @@ private module FunctionCallMatchingInput implements MatchingWithEnvironmentInput
   }
 
   abstract class Access extends ContextTyping::ContextTypedCallCand {
+    // Access() { this = Debug::getRelevantLocatable() }
     abstract AstNode getNodeAt(FunctionPosition pos);
 
     bindingset[derefChainBorrow]
@@ -4125,7 +4126,7 @@ private module Debug {
     exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
       result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
       filepath.matches("%/main.rs") and
-      startline = 103
+      startline = 1751
     )
   }
 

rust/ql/lib/codeql/rust/internal/typeinference/TypeMention.qll

@@ -7,6 +7,7 @@ private import Type
 private import TypeAbstraction
 private import TypeInference
 private import AssociatedType
+private import FunctionOverloading
 
 bindingset[trait, name]
 pragma[inline_late]
@@ -717,9 +718,9 @@ private class TraitOrTmTrait extends AstNode {
  * Holds if `path` accesses an associated type `alias` from `trait` on a
  * concrete type given by `tm`.
  *
- * `implOrTmTrait` is either the mention that resolves to `trait` when `path`
- * is of the form `<Type as Trait>::AssocType`, or the enclosing `impl` block
- * when `path` is of the form `Self::AssocType`.
+ * `traitOrTmTrait` is either the mention that resolves to `trait` when `path`
+ * is of the form `<Type as Trait>::AssocType`, or the trait being implemented
+ * when `path` is of the form `Self::AssocType` within an `impl` block.
  */
 private predicate pathConcreteTypeAssocType(
   Path path, PreTypeMention tm, TraitItemNode trait, TraitOrTmTrait traitOrTmTrait, TypeAlias alias
@@ -730,6 +731,7 @@ private predicate pathConcreteTypeAssocType(
   |
     // path of the form `<Type as Trait>::AssocType`
     //                    ^^^ tm          ^^^^^^^^^ name
+    //                            ^^^^^ traitOrTmTrait
     exists(string name |
       pathTypeAsTraitAssoc(path, tm, traitOrTmTrait, trait, name) and
       getTraitAssocType(trait, name) = alias
@@ -753,6 +755,12 @@ private module PathSatisfiesConstraintInput implements
   predicate relevantConstraint(PreTypeMention tm, TraitOrTmTrait constraint) {
     pathConcreteTypeAssocType(_, tm, _, constraint, _)
   }
+
+  predicate typeAbstractionHasAmbigousConstraintAtOverride(
+    TypeAbstraction abs, Type constraint, TypePath path
+  ) {
+    preImplHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+  }
 }
 
 private module PathSatisfiesConstraint =

shared/typeinference/codeql/typeinference/internal/TypeInference.qll

@@ -853,6 +853,14 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
     signature module SatisfiesConstraintInputSig<HasTypeTreeSig Term, HasTypeTreeSig Constraint> {
       /** Holds if it is relevant to know if `term` satisfies `constraint`. */
       predicate relevantConstraint(Term term, Constraint constraint);
+
+      default Type foo(Term term, TypeParameter tp, TypePath path) { none() }
+
+      default predicate typeAbstractionHasAmbigousConstraintAtOverride(
+        TypeAbstraction abs, Type constraint, TypePath path
+      ) {
+        typeAbstractionHasAmbigousConstraintAt(abs, constraint, path)
+      }
     }
 
     module SatisfiesConstraint<
@@ -978,37 +986,68 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path, t)
       }
 
+      pragma[nomagic]
+      private predicate satisfiesConstraintTypeMention01(
+        Term tt, Constraint constraint, TypeAbstraction abs, TypePath prefix, TypeParameter tp
+      ) {
+        exists(Type constraintRoot |
+          satisfiesConstraintTypeMention0(tt, constraint, constraintRoot, _, abs, _, _, _) and
+          typeAbstractionHasAmbigousConstraintAtOverride(abs, constraintRoot, _) and
+          tp = constraint.getTypeAt(prefix)
+        )
+      }
+
+      bindingset[abs, path, t]
+      pragma[inline_late]
+      private predicate conditionSatisfiesConstraintTypeAtFilter(
+        TypeAbstraction abs, TypePath path, Type t
+      ) {
+        conditionSatisfiesConstraintTypeAt(abs, _, _, path, t)
+      }
+
+      pragma[nomagic]
+      private Type getConstraintType(Term tt, Constraint constraint, TypePath path) {
+        exists(TypeAbstraction abs, TypePath prefix, TypeParameter tp, TypePath suffix |
+          satisfiesConstraintTypeMention01(tt, constraint, abs, prefix, tp) and
+          result = foo(tt, tp, suffix) and
+          path = prefix.append(suffix) and
+          conditionSatisfiesConstraintTypeAtFilter(abs, path, result)
+        )
+      }
+
       pragma[nomagic]
       private predicate satisfiesConstraintTypeMention1(
-        Term tt, Constraint constraint, Type constraintRoot, TypeAbstraction abs, TypeMention sub,
-        TypePath path, Type t
+        Term tt, Constraint constraint, TypeAbstraction abs, TypeMention sub, TypePath path, Type t
       ) {
-        exists(TypeMention constraintMention |
+        exists(Type constraintRoot, TypeMention constraintMention |
           satisfiesConstraintTypeMention0(tt, constraint, constraintRoot, constraintMention, abs,
             sub, path, t)
         |
-          if typeAbstractionHasAmbigousConstraintAt(abs, constraintRoot, path.getAPrefix())
+          if typeAbstractionHasAmbigousConstraintAtOverride(abs, constraintRoot, path.getAPrefix())
           then
             // When the constraint is not uniquely satisfied, we check that the satisfying
             // abstraction is not more specific than the constraint to be satisfied. For example,
             // if the constraint is `MyTrait<i32>` and there is both `impl MyTrait<i32> for ...` and
             // `impl MyTrait<i64> for ...`, then the latter will be filtered away
-            not exists(TypePath path1, Type t1 |
+            forall(TypePath path1, Type t1 |
               conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path1, t1) and
-              not t1 instanceof TypeParameter and
-              t1 != constraint.getTypeAt(path1)
+              not t1 instanceof TypeParameter
+            |
+              not t1 != constraint.getTypeAt(path1)
+              or
+              t1 = getConstraintType(tt, constraint, path1)
             )
           else any()
         )
       }
 
       pragma[inline]
       private predicate satisfiesConstraintTypeMentionInline(
-        Term tt, Constraint constraint, Type constraintRoot, TypeAbstraction abs, TypePath path,
+        Term tt, Constraint constraint, TypeAbstraction abs, TypePath path,
         TypePath pathToTypeParamInSub
       ) {
         exists(TypeMention sub, TypeParameter tp |
-          satisfiesConstraintTypeMention1(tt, constraint, constraintRoot, abs, sub, path, tp) and
+          satisfiesConstraintTypeMention1(tt, constraint, abs, sub, path, tp) and
           tp = abs.getATypeParameter() and
           sub.getTypeAt(pathToTypeParamInSub) = tp
         )
@@ -1018,24 +1057,22 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       private predicate satisfiesConstraintTypeMention(
         Term tt, Constraint constraint, TypePath path, TypePath pathToTypeParamInSub
       ) {
-        satisfiesConstraintTypeMentionInline(tt, constraint, _, _, path, pathToTypeParamInSub)
+        satisfiesConstraintTypeMentionInline(tt, constraint, _, path, pathToTypeParamInSub)
       }
 
       pragma[nomagic]
       private predicate satisfiesConstraintTypeMentionThrough(
-        Term tt, TypeAbstraction abs, Constraint constraint, Type constraintRoot, TypePath path,
+        Term tt, TypeAbstraction abs, Constraint constraint, TypePath path,
         TypePath pathToTypeParamInSub
       ) {
-        satisfiesConstraintTypeMentionInline(tt, constraint, constraintRoot, abs, path,
-          pathToTypeParamInSub)
+        satisfiesConstraintTypeMentionInline(tt, constraint, abs, path, pathToTypeParamInSub)
       }
 
       pragma[inline]
       private predicate satisfiesConstraintTypeNonTypeParamInline(
-        Term tt, TypeAbstraction abs, Constraint constraint, Type constraintRoot, TypePath path,
-        Type t
+        Term tt, TypeAbstraction abs, Constraint constraint, TypePath path, Type t
       ) {
-        satisfiesConstraintTypeMention1(tt, constraint, constraintRoot, abs, _, path, t) and
+        satisfiesConstraintTypeMention1(tt, constraint, abs, _, path, t) and
         not t = abs.getATypeParameter()
       }
 
@@ -1052,7 +1089,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
        */
       pragma[nomagic]
       predicate satisfiesConstraintType(Term tt, Constraint constraint, TypePath path, Type t) {
-        satisfiesConstraintTypeNonTypeParamInline(tt, _, constraint, _, path, t)
+        satisfiesConstraintTypeNonTypeParamInline(tt, _, constraint, path, t)
         or
         exists(TypePath prefix0, TypePath pathToTypeParamInSub, TypePath suffix |
           satisfiesConstraintTypeMention(tt, constraint, prefix0, pathToTypeParamInSub) and
@@ -1072,11 +1109,10 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       predicate satisfiesConstraintTypeThrough(
         Term tt, TypeAbstraction abs, Constraint constraint, TypePath path, Type t
       ) {
-        satisfiesConstraintTypeNonTypeParamInline(tt, abs, constraint, _, path, t)
+        satisfiesConstraintTypeNonTypeParamInline(tt, abs, constraint, path, t)
         or
         exists(TypePath prefix0, TypePath pathToTypeParamInSub, TypePath suffix |
-          satisfiesConstraintTypeMentionThrough(tt, abs, constraint, _, prefix0,
-            pathToTypeParamInSub) and
+          satisfiesConstraintTypeMentionThrough(tt, abs, constraint, prefix0, pathToTypeParamInSub) and
           getTypeAt(tt, pathToTypeParamInSub.appendInverse(suffix)) = t and
           path = prefix0.append(suffix)
         )
@@ -1405,6 +1441,13 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           predicate relevantConstraint(RelevantAccess at, TypeMention constraint) {
             constraint = at.getConstraint(_)
           }
+
+          Type foo(RelevantAccess at, TypeParameter tp, TypePath path) {
+            exists(Access a, AccessEnvironment e, Declaration target |
+              at = MkRelevantAccess(a, _, e, _) and
+              typeMatch(a, e, target, path, result, tp)
+            )
+          }
         }
 
         predicate satisfiesConstraintType(