wip

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -84,7 +84,7 @@ private module MkSiblingImpls<resolveTypeMentionAtSig/2 resolveTypeMentionAt> {
   predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
 
   pragma[nomagic]
-  predicate implHasAmbigousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
+  predicate implHasAmbiguousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
     exists(ImplItemNode impl2, Type t1, Type t2 |
       implSiblings(trait, impl, impl2) and
       t1 = resolveTypeMentionAt(impl.getTraitPath(), path) and
@@ -103,7 +103,7 @@ private Type resolvePreTypeMention(AstNode tm, TypePath path) {
 
 private module PreSiblingImpls = MkSiblingImpls<resolvePreTypeMention/2>;
 
-predicate preImplHasAmbigousSiblingAt = PreSiblingImpls::implHasAmbigousSiblingAt/3;
+predicate preImplHasAmbiguousSiblingAt = PreSiblingImpls::implHasAmbiguousSiblingAt/3;
 
 private Type resolveTypeMention(AstNode tm, TypePath path) {
   result = tm.(TypeMention).getTypeAt(path)

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -212,6 +212,10 @@ private module Input2Common {
       )
     )
   }
+
+  predicate typeParameterIsFunctionallyDetermined(TypeParameter tp) {
+    tp instanceof AssociatedTypeTypeParameter
+  }
 }
 
 private module PreInput2 implements InputSig2<PreTypeMention> {
@@ -227,11 +231,14 @@ private module PreInput2 implements InputSig2<PreTypeMention> {
     Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
   }
 
-  predicate typeAbstractionHasAmbigousConstraintAt(
+  predicate typeAbstractionHasAmbiguousConstraintAt(
     TypeAbstraction abs, Type constraint, TypePath path
   ) {
-    FunctionOverloading::preImplHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+    FunctionOverloading::preImplHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
   }
+
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
 }
 
 /** Provides an instantiation of the shared type inference library for `PreTypeMention`s. */
@@ -250,11 +257,14 @@ private module Input2 implements InputSig2<TypeMention> {
     Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
   }
 
-  predicate typeAbstractionHasAmbigousConstraintAt(
+  predicate typeAbstractionHasAmbiguousConstraintAt(
     TypeAbstraction abs, Type constraint, TypePath path
   ) {
-    FunctionOverloading::implHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+    FunctionOverloading::implHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
   }
+
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
 }
 
 private import Input2

rust/ql/test/library-tests/type-inference/overloading.rs

@@ -516,8 +516,8 @@ mod trait_bound_impl_overlap {
         let y = call_f::<i32, _>(x); // $ target=call_f type=y:i32
 
         let x = S(0);
-        let y = call_f2(S(0i32), x); // $ target=call_f2 $ MISSING: type=y:i32
+        let y = call_f2(S(0i32), x); // $ target=call_f2 type=y:i32
         let x = S(0);
-        let y = call_f2(S(0i64), x); // $ target=call_f2 $ MISSING: type=y:i64
+        let y = call_f2(S(0i64), x); // $ target=call_f2 type=y:i64
     }
 }

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -12948,6 +12948,8 @@ inferType
 | overloading.rs:518:17:518:20 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:518:17:518:20 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:518:19:518:19 | 0 |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:519:13:519:13 | y |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:519:17:519:35 | call_f2(...) |  | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:519:25:519:31 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:519:25:519:31 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:519:27:519:30 | 0i32 |  | {EXTERNAL LOCATION} | i32 |
@@ -12958,6 +12960,8 @@ inferType
 | overloading.rs:520:17:520:20 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:520:17:520:20 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:520:19:520:19 | 0 |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:521:13:521:13 | y |  | {EXTERNAL LOCATION} | i64 |
+| overloading.rs:521:17:521:35 | call_f2(...) |  | {EXTERNAL LOCATION} | i64 |
 | overloading.rs:521:25:521:31 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:521:25:521:31 | S(...) | T | {EXTERNAL LOCATION} | i64 |
 | overloading.rs:521:27:521:30 | 0i64 |  | {EXTERNAL LOCATION} | i64 |

shared/typeinference/codeql/typeinference/internal/TypeInference.qll

@@ -388,7 +388,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
 
     /**
      * Holds if the constraint belonging to `abs` with root type `constraint` is
-     * ambigous at `path`, meaning that there is _some_ other abstraction `abs2`
+     * ambiguous at `path`, meaning that there is _some_ other abstraction `abs2`
      * with a structurally identical condition and same root constraint type
      * `constraint`, and where the constraints differ at `path`.
      *
@@ -412,9 +412,18 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
      * `condition` and `condition2`, and they differ at the path `"T1"`, but
      * not at the path `"T2"`.
      */
-    predicate typeAbstractionHasAmbigousConstraintAt(
+    predicate typeAbstractionHasAmbiguousConstraintAt(
       TypeAbstraction abs, Type constraint, TypePath path
     );
+
+    /**
+     * Holds if all instantiations of `tp` are functionally determined by the
+     * instantiations of the other type parameters in the same abstraction.
+     *
+     * For example, in Rust all associated types act as functionally determined
+     * type parameters.
+     */
+    predicate typeParameterIsFunctionallyDetermined(TypeParameter tp);
   }
 
   module Make2<HasTypeTreeSig TypeMention, InputSig2<TypeMention> Input2> {
@@ -691,6 +700,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
        * Holds if the type mention `condition` satisfies `constraint` with the
        * type `t` at the path `path`.
        */
+      pragma[nomagic]
       predicate conditionSatisfiesConstraintTypeAt(
         TypeAbstraction abs, TypeMention condition, TypeMention constraint, TypePath path, Type t
       ) {
@@ -854,6 +864,14 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
     signature module SatisfiesConstraintInputSig<HasTypeTreeSig Term, HasTypeTreeSig Constraint> {
       /** Holds if it is relevant to know if `term` satisfies `constraint`. */
       predicate relevantConstraint(Term term, Constraint constraint);
+
+      /**
+       * Holds if `tp` can be matched with the type `t` at `path` in the context of `term`.
+       *
+       * This may be used to disambiguate between multiple constraints that `term` may satisfy.
+       */
+      bindingset[term, tp]
+      default predicate typeMatch(Term term, TypeParameter tp, TypePath path, Type t) { none() }
     }
 
     module SatisfiesConstraint<
@@ -975,18 +993,63 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       pragma[nomagic]
       private predicate satisfiesConstraintTypeMention0(
         Term term, Constraint constraint, TypeMention constraintMention, TypeAbstraction abs,
-        TypeMention sub, TypePath path, Type t, boolean ambigous
+        TypeMention sub, TypePath path, Type t, boolean ambiguous
       ) {
         exists(Type constraintRoot |
           hasConstraintMention(term, abs, sub, constraint, constraintRoot, constraintMention) and
           conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path, t) and
           if
             exists(TypePath prefix |
-              typeAbstractionHasAmbigousConstraintAt(abs, constraintRoot, prefix) and
+              typeAbstractionHasAmbiguousConstraintAt(abs, constraintRoot, prefix) and
               prefix.isPrefixOf(path)
             )
-          then ambigous = true
-          else ambigous = false
+          then ambiguous = true
+          else ambiguous = false
+        )
+      }
+
+      pragma[nomagic]
+      private predicate conditionSatisfiesConstraintTypeAtForDisambiguation(
+        TypeAbstraction abs, TypeMention condition, TypeMention constraint, TypePath path, Type t
+      ) {
+        conditionSatisfiesConstraintTypeAt(abs, condition, constraint, path, t) and
+        not t instanceof TypeParameter and
+        not typeParameterIsFunctionallyDetermined(path.getHead())
+      }
+
+      pragma[nomagic]
+      private predicate constraintTypeMatchForDisambiguation0(
+        Term term, Constraint constraint, TypePath path
+      ) {
+        exists(TypeMention constraintMention, TypeAbstraction abs, TypeMention sub |
+          satisfiesConstraintTypeMention0(term, constraint, constraintMention, abs, sub, _, _, true) and
+          conditionSatisfiesConstraintTypeAtForDisambiguation(abs, sub, constraintMention, path, _)
+        )
+      }
+
+      /**
+       * Holds if the type of `constraint` at `path` is `t` because it is possible
+       * to match some type parameter that occurs in `constraint` at a prefix of
+       * `path` in the context of `term`.
+       *
+       * For example, if we have
+       *
+       * ```rust
+       * fn f<T1, T2: SomeTrait<T1>>(x: T1, y: T2) -> T2::Output { ... }
+       * ```
+       *
+       * then at a call like `f(true, ...)` the constraint `SomeTrait<T1>` has the
+       * type `bool` substituted for `T1`.
+       */
+      pragma[nomagic]
+      private predicate constraintTypeMatchForDisambiguation(
+        Term term, Constraint constraint, TypePath path, Type t
+      ) {
+        constraintTypeMatchForDisambiguation0(term, constraint, path) and
+        exists(TypeParameter tp, TypePath prefix, TypePath suffix |
+          tp = constraint.getTypeAt(prefix) and
+          typeMatch(term, tp, suffix, t) and
+          path = prefix.append(suffix)
         )
       }
 
@@ -995,20 +1058,24 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         Term term, Constraint constraint, TypeAbstraction abs, TypeMention sub, TypePath path,
         Type t
       ) {
-        exists(TypeMention constraintMention, boolean ambigous |
+        exists(TypeMention constraintMention, boolean ambiguous |
           satisfiesConstraintTypeMention0(term, constraint, constraintMention, abs, sub, path, t,
-            ambigous)
+            ambiguous)
         |
-          if ambigous = true
+          if ambiguous = true
           then
             // When the constraint is not uniquely satisfied, we check that the satisfying
             // abstraction is not more specific than the constraint to be satisfied. For example,
             // if the constraint is `MyTrait<i32>` and there is both `impl MyTrait<i32> for ...` and
             // `impl MyTrait<i64> for ...`, then the latter will be filtered away
-            not exists(TypePath path1, Type t1 |
-              conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path1, t1) and
-              not t1 instanceof TypeParameter and
-              t1 != constraint.getTypeAt(path1)
+            forall(TypePath path1, Type t1 |
+              conditionSatisfiesConstraintTypeAtForDisambiguation(abs, sub, constraintMention,
+                path1, t1)
+            |
+              t1 = constraint.getTypeAt(path1)
+              or
+              // The constraint may contain a type parameter, which we can match to the right type
+              constraintTypeMatchForDisambiguation(term, constraint, path1, t1)
             )
           else any()
         )
@@ -1367,7 +1434,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       }
 
       private module AccessConstraint {
-        predicate relevantAccessConstraint(
+        private predicate relevantAccessConstraint(
           Access a, AccessEnvironment e, Declaration target, AccessPosition apos, TypePath path,
           TypeMention constraint
         ) {
@@ -1376,7 +1443,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         }
 
         private newtype TRelevantAccess =
-          MkRelevantAccess(Access a, AccessPosition apos, AccessEnvironment e, TypePath path) {
+          MkRelevantAccess(Access a, AccessEnvironment e, AccessPosition apos, TypePath path) {
             relevantAccessConstraint(a, e, _, apos, path, _)
           }
 
@@ -1386,12 +1453,13 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
          */
         private class RelevantAccess extends MkRelevantAccess {
           Access a;
-          AccessPosition apos;
           AccessEnvironment e;
+          AccessPosition apos;
           TypePath path;
 
-          RelevantAccess() { this = MkRelevantAccess(a, apos, e, path) }
+          RelevantAccess() { this = MkRelevantAccess(a, e, apos, path) }
 
+          pragma[nomagic]
           Type getTypeAt(TypePath suffix) {
             result = a.getInferredType(e, apos, path.appendInverse(suffix))
           }
@@ -1414,6 +1482,14 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           predicate relevantConstraint(RelevantAccess at, TypeMention constraint) {
             constraint = at.getConstraint(_)
           }
+
+          bindingset[at, tp]
+          predicate typeMatch(RelevantAccess at, TypeParameter tp, TypePath path, Type t) {
+            exists(Access a, AccessEnvironment e |
+              at = MkRelevantAccess(a, e, _, _) and
+              typeMatch(a, e, _, path, t, tp)
+            )
+          }
         }
 
         private module SatisfiesTypeParameterConstraint =
@@ -1424,7 +1500,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           TypeMention constraint, TypePath path, Type t
         ) {
           exists(RelevantAccess ra |
-            ra = MkRelevantAccess(a, apos, e, prefix) and
+            ra = MkRelevantAccess(a, e, apos, prefix) and
             SatisfiesTypeParameterConstraint::satisfiesConstraintType(ra, constraint, path, t) and
             constraint = ra.getConstraint(target)
           )