Rust: Only infer types from trait bounds when their implementation is unambiguous

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/BlanketImplementation.qll

@@ -103,7 +103,7 @@ module SatisfiesBlanketConstraint<
   }
 
   private module SatisfiesBlanketConstraintInput implements
-    SatisfiesConstraintInputSig<ArgumentTypeAndBlanketOffset>
+    SatisfiesTypeInputSig<ArgumentTypeAndBlanketOffset>
   {
     pragma[nomagic]
     additional predicate relevantConstraint(
@@ -123,7 +123,7 @@ module SatisfiesBlanketConstraint<
   }
 
   private module SatisfiesBlanketConstraint =
-    SatisfiesConstraint<ArgumentTypeAndBlanketOffset, SatisfiesBlanketConstraintInput>;
+    SatisfiesType<ArgumentTypeAndBlanketOffset, SatisfiesBlanketConstraintInput>;
 
   /**
    * Holds if the argument type `at` satisfies the first non-trivial blanket

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -14,21 +14,21 @@ private import TypeInference
 private import FunctionType
 
 pragma[nomagic]
-private Type resolveNonTypeParameterTypeAt(TypeMention tm, TypePath path) {
+private Type resolveNonTypeParameterTypeAt(PreTypeMention tm, TypePath path) {
   result = tm.getTypeAt(path) and
   not result instanceof TypeParameter
 }
 
 bindingset[t1, t2]
-private predicate typeMentionEqual(TypeMention t1, TypeMention t2) {
+private predicate typeMentionEqual(PreTypeMention t1, PreTypeMention t2) {
   forex(TypePath path, Type type | resolveNonTypeParameterTypeAt(t1, path) = type |
     resolveNonTypeParameterTypeAt(t2, path) = type
   )
 }
 
 pragma[nomagic]
 private predicate implSiblingCandidate(
-  Impl impl, TraitItemNode trait, Type rootType, TypeMention selfTy
+  Impl impl, TraitItemNode trait, Type rootType, PreTypeMention selfTy
 ) {
   trait = impl.(ImplItemNode).resolveTraitTy() and
   selfTy = impl.getSelfTy() and
@@ -52,7 +52,7 @@ pragma[inline]
 private predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
   impl1 != impl2 and
   (
-    exists(Type rootType, TypeMention selfTy1, TypeMention selfTy2 |
+    exists(Type rootType, PreTypeMention selfTy1, PreTypeMention selfTy2 |
       implSiblingCandidate(impl1, trait, rootType, selfTy1) and
       implSiblingCandidate(impl2, trait, rootType, selfTy2) and
       // In principle the second conjunct below should be superflous, but we still
@@ -76,6 +76,15 @@ private predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
 pragma[nomagic]
 private predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
 
+pragma[nomagic]
+predicate implHasAmbigousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
+  exists(ImplItemNode impl2 |
+    implSiblings(trait, impl, impl2) and
+    resolveNonTypeParameterTypeAt(impl.getTraitPath(), path) !=
+      resolveNonTypeParameterTypeAt(impl2.getTraitPath(), path)
+  )
+}
+
 /**
  * Holds if `f` is a function declared inside `trait`, and the type of `f` at
  * `pos` and `path` is `traitTp`, which is a type parameter of `trait`.

rust/ql/lib/codeql/rust/internal/typeinference/Type.qll

@@ -439,11 +439,11 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter {
  */
 class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypeParameter {
   private Trait trait;
-  private TypeAlias typeAlias;
+  private AssocType typeAlias;
 
   AssociatedTypeTypeParameter() { this = TAssociatedTypeTypeParameter(trait, typeAlias) }
 
-  TypeAlias getTypeAlias() { result = typeAlias }
+  AssocType getTypeAlias() { result = typeAlias }
 
   /** Gets the trait that contains this associated type declaration. */
   TraitItemNode getTrait() { result = trait }
@@ -457,7 +457,13 @@ class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypePara
   override ItemNode getDeclaringItem() { result = trait }
 
   override string toString() {
-    result = typeAlias.getName().getText() + "[" + trait.getName().toString() + "]"
+    exists(string fromString, TraitItemNode trait2 |
+      result = typeAlias.getName().getText() + "[" + trait.getName() + fromString + "]" and
+      trait2 = typeAlias.getTrait() and
+      if trait = trait2
+      then fromString = ""
+      else fromString = " (inherited from " + trait2.getName() + ")"
+    )
   }
 
   override Location getLocation() { result = typeAlias.getLocation() }

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -41,6 +41,12 @@ private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
 
   class TypeAbstraction = TA::TypeAbstraction;
 
+  predicate typeAbstractionHasAmbigousConstraintAt(
+    TypeAbstraction abs, Type constraint, TypePath path
+  ) {
+    FunctionOverloading::implHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+  }
+
   class TypeArgumentPosition extends TTypeArgumentPosition {
     int asMethodTypeArgumentPosition() { this = TMethodTypeArgumentPosition(result) }
 
@@ -127,17 +133,15 @@ private module Input implements InputSig1<Location>, InputSig2<PreTypeMention> {
 
   PreTypeMention getABaseTypeMention(Type t) { none() }
 
-  Type getATypeParameterConstraint(TypeParameter tp, TypePath path) {
-    exists(TypeMention tm | result = tm.getTypeAt(path) |
-      tm = tp.(TypeParamTypeParameter).getTypeParam().getATypeBound().getTypeRepr() or
-      tm = tp.(SelfTypeParameter).getTrait() or
-      tm =
-        tp.(ImplTraitTypeTypeParameter)
-            .getImplTraitTypeRepr()
-            .getTypeBoundList()
-            .getABound()
-            .getTypeRepr()
-    )
+  PreTypeMention getATypeParameterConstraint(TypeParameter tp) {
+    result = tp.(TypeParamTypeParameter).getTypeParam().getATypeBound().getTypeRepr() or
+    result = tp.(SelfTypeParameter).getTrait() or
+    result =
+      tp.(ImplTraitTypeTypeParameter)
+          .getImplTraitTypeRepr()
+          .getTypeBoundList()
+          .getABound()
+          .getTypeRepr()
   }
 
   /**
@@ -1170,7 +1174,7 @@ private module ContextTyping {
     or
     exists(TypeParameter mid |
       assocFunctionMentionsTypeParameterAtNonRetPos(i, f, mid) and
-      tp = getATypeParameterConstraint(mid, _)
+      tp = getATypeParameterConstraint(mid).getTypeAt(_)
     )
   }
 
@@ -2544,8 +2548,7 @@ private module AssocFunctionResolution {
       Location getLocation() { result = afc.getLocation() }
     }
 
-    private module CallSatisfiesDerefConstraintInput implements
-      SatisfiesConstraintInputSig<CallDerefCand>
+    private module CallSatisfiesDerefConstraintInput implements SatisfiesTypeInputSig<CallDerefCand>
     {
       pragma[nomagic]
       predicate relevantConstraint(CallDerefCand mc, Type constraint) {
@@ -2555,7 +2558,7 @@ private module AssocFunctionResolution {
     }
 
     private module CallSatisfiesDerefConstraint =
-      SatisfiesConstraint<CallDerefCand, CallSatisfiesDerefConstraintInput>;
+      SatisfiesType<CallDerefCand, CallSatisfiesDerefConstraintInput>;
 
     pragma[nomagic]
     private AssociatedTypeTypeParameter getDerefTargetTypeParameter() {
@@ -3586,21 +3589,20 @@ final private class AwaitTarget extends Expr {
   Type getTypeAt(TypePath path) { result = inferType(this, path) }
 }
 
-private module AwaitSatisfiesConstraintInput implements SatisfiesConstraintInputSig<AwaitTarget> {
+private module AwaitSatisfiesTypeInput implements SatisfiesTypeInputSig<AwaitTarget> {
   pragma[nomagic]
   predicate relevantConstraint(AwaitTarget term, Type constraint) {
     exists(term) and
     constraint.(TraitType).getTrait() instanceof FutureTrait
   }
 }
 
-private module AwaitSatisfiesConstraint =
-  SatisfiesConstraint<AwaitTarget, AwaitSatisfiesConstraintInput>;
+private module AwaitSatisfiesType = SatisfiesType<AwaitTarget, AwaitSatisfiesTypeInput>;
 
 pragma[nomagic]
 private Type inferAwaitExprType(AstNode n, TypePath path) {
   exists(TypePath exprPath |
-    AwaitSatisfiesConstraint::satisfiesConstraintType(n.(AwaitExpr).getExpr(), _, exprPath, result) and
+    AwaitSatisfiesType::satisfiesConstraintType(n.(AwaitExpr).getExpr(), _, exprPath, result) and
     exprPath.isCons(getFutureOutputTypeParameter(), path)
   )
 }
@@ -3779,9 +3781,7 @@ final private class ForIterableExpr extends Expr {
   Type getTypeAt(TypePath path) { result = inferType(this, path) }
 }
 
-private module ForIterableSatisfiesConstraintInput implements
-  SatisfiesConstraintInputSig<ForIterableExpr>
-{
+private module ForIterableSatisfiesTypeInput implements SatisfiesTypeInputSig<ForIterableExpr> {
   predicate relevantConstraint(ForIterableExpr term, Type constraint) {
     exists(term) and
     exists(Trait t | t = constraint.(TraitType).getTrait() |
@@ -3802,15 +3802,15 @@ private AssociatedTypeTypeParameter getIntoIteratorItemTypeParameter() {
   result = getAssociatedTypeTypeParameter(any(IntoIteratorTrait t).getItemType())
 }
 
-private module ForIterableSatisfiesConstraint =
-  SatisfiesConstraint<ForIterableExpr, ForIterableSatisfiesConstraintInput>;
+private module ForIterableSatisfiesType =
+  SatisfiesType<ForIterableExpr, ForIterableSatisfiesTypeInput>;
 
 pragma[nomagic]
 private Type inferForLoopExprType(AstNode n, TypePath path) {
   // type of iterable -> type of pattern (loop variable)
   exists(ForExpr fe, TypePath exprPath, AssociatedTypeTypeParameter tp |
     n = fe.getPat() and
-    ForIterableSatisfiesConstraint::satisfiesConstraintType(fe.getIterable(), _, exprPath, result) and
+    ForIterableSatisfiesType::satisfiesConstraintType(fe.getIterable(), _, exprPath, result) and
     exprPath.isCons(tp, path)
   |
     tp = getIntoIteratorItemTypeParameter()
@@ -3836,21 +3836,20 @@ final private class InvokedClosureExpr extends Expr {
   CallExpr getCall() { result = call }
 }
 
-private module InvokedClosureSatisfiesConstraintInput implements
-  SatisfiesConstraintInputSig<InvokedClosureExpr>
+private module InvokedClosureSatisfiesTypeInput implements SatisfiesTypeInputSig<InvokedClosureExpr>
 {
   predicate relevantConstraint(InvokedClosureExpr term, Type constraint) {
     exists(term) and
     constraint.(TraitType).getTrait() instanceof FnOnceTrait
   }
 }
 
-private module InvokedClosureSatisfiesConstraint =
-  SatisfiesConstraint<InvokedClosureExpr, InvokedClosureSatisfiesConstraintInput>;
+private module InvokedClosureSatisfiesType =
+  SatisfiesType<InvokedClosureExpr, InvokedClosureSatisfiesTypeInput>;
 
 /** Gets the type of `ce` when viewed as an implementation of `FnOnce`. */
 private Type invokedClosureFnTypeAt(InvokedClosureExpr ce, TypePath path) {
-  InvokedClosureSatisfiesConstraint::satisfiesConstraintType(ce, _, path, result)
+  InvokedClosureSatisfiesType::satisfiesConstraintType(ce, _, path, result)
 }
 
 /**

rust/ql/lib/codeql/rust/internal/typeinference/TypeMention.qll

@@ -205,6 +205,13 @@ private module MkTypeMention<getAdditionalPathTypeAtSig/2 getAdditionalPathTypeA
       )
       or
       exists(TypeParamItemNode tp | this = tp.getABoundPath() and result = tp)
+      or
+      // `<result as this>::...`
+      exists(PathTypeRepr typeRepr, PathTypeRepr traitRepr |
+        pathTypeAsTraitAssoc(_, typeRepr, traitRepr, _, _) and
+        this = traitRepr.getPath() and
+        result = typeRepr.getPath()
+      )
     }
 
     pragma[nomagic]
@@ -696,6 +703,16 @@ private module PreTypeMention = MkTypeMention<preGetAdditionalPathTypeAt/2>;
 
 class PreTypeMention = PreTypeMention::TypeMention;
 
+private class TraitOrTmTrait extends AstNode {
+  Type getTypeAt(TypePath path) {
+    pathTypeAsTraitAssoc(_, _, this, _, _) and
+    result = this.(PreTypeMention).getTypeAt(path)
+    or
+    result = TTrait(this) and
+    path.isEmpty()
+  }
+}
+
 /**
  * Holds if `path` accesses an associated type `alias` from `trait` on a
  * concrete type given by `tm`.
@@ -705,7 +722,7 @@ class PreTypeMention = PreTypeMention::TypeMention;
  * when `path` is of the form `Self::AssocType`.
  */
 private predicate pathConcreteTypeAssocType(
-  Path path, PreTypeMention tm, TraitItemNode trait, AstNode implOrTmTrait, TypeAlias alias
+  Path path, PreTypeMention tm, TraitItemNode trait, TraitOrTmTrait traitOrTmTrait, TypeAlias alias
 ) {
   exists(Path qualifier |
     qualifier = path.getQualifier() and
@@ -714,57 +731,45 @@ private predicate pathConcreteTypeAssocType(
     // path of the form `<Type as Trait>::AssocType`
     //                    ^^^ tm          ^^^^^^^^^ name
     exists(string name |
-      pathTypeAsTraitAssoc(path, tm, implOrTmTrait, trait, name) and
+      pathTypeAsTraitAssoc(path, tm, traitOrTmTrait, trait, name) and
       getTraitAssocType(trait, name) = alias
     )
     or
     // path of the form `Self::AssocType` within an `impl` block
     //                tm ^^^^  ^^^^^^^^^ name
-    implOrTmTrait =
-      any(ImplItemNode impl |
-        alias = resolvePath(path) and
-        qualifier = impl.getASelfPath() and
-        tm = impl.(Impl).getSelfTy() and
-        trait.getAnAssocItem() = alias
-      )
+    exists(ImplItemNode impl |
+      alias = resolvePath(path) and
+      qualifier = impl.getASelfPath() and
+      tm = impl.(Impl).getSelfTy() and
+      trait.getAnAssocItem() = alias and
+      traitOrTmTrait = trait
+    )
   )
 }
 
-private module PathSatisfiesConstraintInput implements SatisfiesConstraintInputSig<PreTypeMention> {
-  predicate relevantConstraint(PreTypeMention tm, Type constraint) {
-    pathConcreteTypeAssocType(_, tm, constraint.(TraitType).getTrait(), _, _)
+private module PathSatisfiesConstraintInput implements
+  SatisfiesConstraintInputSig<PreTypeMention, TraitOrTmTrait>
+{
+  predicate relevantConstraint(PreTypeMention tm, TraitOrTmTrait constraint) {
+    pathConcreteTypeAssocType(_, tm, _, constraint, _)
   }
 }
 
 private module PathSatisfiesConstraint =
-  SatisfiesConstraint<PreTypeMention, PathSatisfiesConstraintInput>;
+  SatisfiesConstraint<PreTypeMention, TraitOrTmTrait, PathSatisfiesConstraintInput>;
 
 /**
  * Gets the type of `path` at `typePath` when `path` accesses an associated type
  * on a concrete type.
  */
 private Type getPathConcreteAssocTypeAt(Path path, TypePath typePath) {
   exists(
-    PreTypeMention tm, ImplItemNode impl, TraitItemNode trait, TraitType t, AstNode implOrTmTrait,
+    PreTypeMention tm, ImplItemNode impl, TraitItemNode trait, TraitOrTmTrait traitOrTmTrait,
     TypeAlias alias, TypePath path0
   |
-    pathConcreteTypeAssocType(path, tm, trait, implOrTmTrait, alias) and
-    t = TTrait(trait) and
-    PathSatisfiesConstraint::satisfiesConstraintTypeThrough(tm, impl, t, path0, result) and
+    pathConcreteTypeAssocType(path, tm, trait, traitOrTmTrait, alias) and
+    PathSatisfiesConstraint::satisfiesConstraintTypeThrough(tm, impl, traitOrTmTrait, path0, result) and
     path0.isCons(TAssociatedTypeTypeParameter(trait, alias), typePath)
-  |
-    implOrTmTrait instanceof Impl
-    or
-    // When `path` is of the form `<Type as Trait>::AssocType` we need to check
-    // that `impl` is not more specific than the mentioned trait
-    implOrTmTrait =
-      any(PreTypeMention tmTrait |
-        not exists(TypePath path1, Type t1 |
-          t1 = impl.getTraitPath().(PreTypeMention).getTypeAt(path1) and
-          not t1 instanceof TypeParameter and
-          t1 != tmTrait.getTypeAt(path1)
-        )
-      )
   )
 }
 

rust/ql/test/library-tests/type-inference/overloading.rs

@@ -509,15 +509,15 @@ mod trait_bound_impl_overlap {
 
     fn test() {
         let x = S(0);
-        let y = call_f(x); // $ target=call_f type=y:i32 $ SPURIOUS: type=y:i64
+        let y = call_f(x); // $ target=call_f type=y:i32
         let z: i32 = y;
 
         let x = S(0);
         let y = call_f::<i32, _>(x); // $ target=call_f type=y:i32
 
         let x = S(0);
-        let y = call_f2(S(0i32), x); // $ target=call_f2 type=y:i32 $ SPURIOUS: type=y:i64
+        let y = call_f2(S(0i32), x); // $ target=call_f2 $ MISSING: type=y:i32
         let x = S(0);
-        let y = call_f2(S(0i64), x); // $ target=call_f2 type=y:i64 $ SPURIOUS: type=y:i32
+        let y = call_f2(S(0i64), x); // $ target=call_f2 $ MISSING: type=y:i64
     }
 }