wip7

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll

@@ -197,7 +197,7 @@ class AssocFunctionType extends MkAssocFunctionType {
     exists(Function f, ImplOrTraitItemNode i, FunctionPosition pos | this.appliesTo(f, i, pos) |
       result = pos.getTypeMention(f)
       or
-      pos.isSelf() and
+      pos.isSelfOrTypeQualifier() and
       not f.hasSelfParam() and
       result = [i.(Impl).getSelfTy().(AstNode), i.(Trait).getName()]
     )

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -1385,6 +1385,38 @@ private module MethodResolution {
     )
   }
 
+  /**
+   * Holds if resolving the function `implFunction` in `impl` requires inspecting
+   * the type of applied _arguments_ or possibly knowing the return type.
+   *
+   * `traitTp` is a type parameter of the trait being implemented by `impl`, and
+   * we need to check that the type of `f` corresponding to `traitTp` is satisfied
+   * at any one of the positions `pos` in which that type occurs in `f` (at `path`).
+   *
+   * As for method resolution, we always check the type being implemented (corresponding
+   * to `traitTp` being the special `Self` type parameter).
+   */
+  pragma[nomagic]
+  private predicate traitFunctionResolutionDependsOnArgument(
+    TraitItemNode trait, NonMethodFunction traitFunction, FunctionPosition pos, ImplItemNode impl,
+    NonMethodFunction implFunction, TypePath path, TypeParameter traitTp
+  ) {
+    traitFunctionResolutionDependsOnArgument0(trait, traitFunction, pos, impl, implFunction, path,
+      traitTp) and
+    // Exclude functions where we cannot resolve all relevant type mentions; this allows
+    // for blanket implementations to be applied in those cases
+    forall(TypeParameter traitTp0 |
+      traitFunctionResolutionDependsOnArgument0(trait, traitFunction, _, impl, implFunction, _,
+        traitTp0)
+    |
+      exists(FunctionPosition pos0, TypePath path0 |
+        traitFunctionResolutionDependsOnArgument0(trait, traitFunction, pos0, impl, implFunction,
+          path0, traitTp0) and
+        exists(getAssocFunctionTypeAt(implFunction, impl, pos0, path0))
+      )
+    )
+  }
+
   /**
    * Holds if function `f` with the name `name` and the arity `arity` exists in
    * `i`, and the type of the `self` parameter is `selfType`.
@@ -1415,9 +1447,45 @@ private module MethodResolution {
         or
         traitFunctionResolutionDependsOnArgument0(_, _, selfPos, _, f, _, TSelfTypeParameter(trait))
       )
+    ) and
+    // Exclude functions where we cannot resolve all relevant type mentions; this allows
+    // for blanket implementations to be applied in those cases
+    forall(TraitItemNode trait, NonMethodFunction traitFunction, TypeParameter traitTp0 |
+      traitFunctionResolutionDependsOnArgument0(trait, traitFunction, _, i, f, _, traitTp0)
+    |
+      exists(FunctionPosition pos0, TypePath path0 |
+        traitFunctionResolutionDependsOnArgument0(trait, traitFunction, pos0, i, f, path0, traitTp0) and
+        exists(getAssocFunctionTypeAt(f, i, pos0, path0))
+      )
     )
   }
 
+  pragma[nomagic]
+  private predicate testassocFunctionInfo(
+    Function f, string name, int arity, FunctionPosition selfPos, FunctionPosition posAdj,
+    ImplOrTraitItemNode i, AssocFunctionType selfType, TypePath strippedTypePath, Type strippedType
+  ) {
+    assocFunctionInfo(f, name, arity, i, selfPos, selfType) and
+    strippedType = selfType.getTypeAt(strippedTypePath) and
+    (
+      isComplexRootStripped(strippedTypePath, strippedType)
+      or
+      selfPos.isTypeQualifier() and strippedTypePath.isEmpty()
+    ) and
+    posAdj = selfPos.getFunctionCallAdjusted(f) and
+    (
+      selfPos.isSelfOrTypeQualifier()
+      or
+      exists(TraitItemNode trait |
+        traitFunctionResolutionDependsOnArgument0(_, f, selfPos, _, _, _, TSelfTypeParameter(trait))
+        or
+        traitFunctionResolutionDependsOnArgument0(_, _, selfPos, _, f, _, TSelfTypeParameter(trait))
+      )
+    ) and
+    not assocFunctionInfo(f, name, arity, selfPos, posAdj, i, selfType, strippedTypePath,
+      strippedType)
+  }
+
   pragma[nomagic]
   private predicate assocFunctionInfoTypeParam(
     Function f, string name, int arity, FunctionPosition selfPos, FunctionPosition posAdj,
@@ -1756,6 +1824,24 @@ private module MethodResolution {
       )
     }
 
+    private predicate foo2(
+      FunctionPosition selfPos, DerefChain derefChain, TypePath strippedTypePath, Type strippedType
+    ) {
+      //ImplOrTraitItemNode i
+      this = Debug::getRelevantLocatable() and
+      derefChain.isEmpty() and
+      strippedType =
+        this.getComplexStrippedType(selfPos, derefChain, TNoBorrowKind(), strippedTypePath) and
+      this.hasNoCompatibleTargetCheck(selfPos, derefChain, TNoBorrowKind(), strippedTypePath,
+        getNthLookupType(strippedType, _))
+      // exists(Type t | t = getNthLookupType(strippedType, n) |
+      //   this.hasNoCompatibleNonBlanketLikeTargetCheck(selfPos, derefChain, TSomeBorrowKind(false),
+      //     strippedTypePath, t)
+      // ) and
+      // methodCallNonBlanketCandidate(this, _, selfPos, _, i, _, strippedTypePath, strippedType) //and
+      // not this.hasIncompatibleTarget(i, selfPos, derefChain, TSomeBorrowKind(false), strippedType)
+    }
+
     /**
      * Holds if the candidate receiver type represented by `derefChain` does not
      * have a matching method target.
@@ -1768,6 +1854,16 @@ private module MethodResolution {
       )
     }
 
+    private predicate testhasNoCompatibleTargetNoBorrow(
+      FunctionPosition selfPos, DerefChain derefChain
+    ) {
+      exists(Type strippedType |
+        this.hasNoCompatibleTargetNoBorrowToIndex(selfPos, derefChain, _, strippedType,
+          getLastLookupTypeIndex(strippedType))
+      ) and
+      this = Debug::getRelevantLocatable()
+    }
+
     // forex using recursion
     pragma[nomagic]
     private predicate hasNoCompatibleNonBlanketTargetNoBorrowToIndex(
@@ -1794,6 +1890,29 @@ private module MethodResolution {
       )
     }
 
+    private predicate sdf(
+      FunctionPosition selfPos, DerefChain derefChain, TypePath strippedTypePath, Type strippedType,
+      int n, ImplOrTraitItemNode i
+    ) {
+      (
+        this.supportsAutoDerefAndBorrow() and
+        selfPos.isSelf()
+        or
+        // needed for the `hasNoCompatibleTarget` check in
+        // `ReceiverSatisfiesBlanketLikeConstraintInput::hasBlanketCandidate`
+        derefChain.isEmpty()
+      ) and
+      strippedType =
+        this.getComplexStrippedType(selfPos, derefChain, TNoBorrowKind(), strippedTypePath) and
+      this = Debug::getRelevantLocatable() and
+      exists(Type t | t = getNthLookupType(strippedType, n) |
+        // this.hasNoCompatibleNonBlanketTargetCheck(selfPos, derefChain, TNoBorrowKind(),
+        // strippedTypePath, t)
+        methodCallNonBlanketCandidate(this, _, selfPos, _, i, _, strippedTypePath, strippedType) and
+        not this.hasIncompatibleTarget(i, selfPos, derefChain, TNoBorrowKind(), strippedType)
+      )
+    }
+
     /**
      * Holds if the candidate receiver type represented by `derefChain` does not have
      * a matching non-blanket method target.
@@ -1827,6 +1946,22 @@ private module MethodResolution {
       )
     }
 
+    private predicate foo(
+      FunctionPosition selfPos, DerefChain derefChain, TypePath strippedTypePath, Type strippedType
+    ) {
+      //ImplOrTraitItemNode i
+      this = Debug::getRelevantLocatable() and
+      this.hasNoCompatibleTargetNoBorrow(selfPos, derefChain) and
+      strippedType =
+        this.getComplexStrippedType(selfPos, derefChain, TSomeBorrowKind(false), strippedTypePath) //and
+      // exists(Type t | t = getNthLookupType(strippedType, n) |
+      //   this.hasNoCompatibleNonBlanketLikeTargetCheck(selfPos, derefChain, TSomeBorrowKind(false),
+      //     strippedTypePath, t)
+      // ) and
+      // methodCallNonBlanketCandidate(this, _, selfPos, _, i, _, strippedTypePath, strippedType) //and
+      // not this.hasIncompatibleTarget(i, selfPos, derefChain, TSomeBorrowKind(false), strippedType)
+    }
+
     /**
      * Holds if the candidate receiver type represented by `derefChain`, followed
      * by a shared borrow, does not have a matching method target.
@@ -2194,13 +2329,13 @@ private module MethodResolution {
 
     pragma[nomagic]
     predicate hasNoCompatibleNonBlanketTarget() {
-      mc_.hasNoCompatibleNonBlanketTargetSharedBorrow(selfPos, derefChain) and
+      mc_.hasNoCompatibleNonBlanketTargetSharedBorrow(_, derefChain) and
       borrow.isSharedBorrow()
       or
-      mc_.hasNoCompatibleNonBlanketTargetMutBorrow(selfPos, derefChain) and
+      mc_.hasNoCompatibleNonBlanketTargetMutBorrow(_, derefChain) and
       borrow.isMutableBorrow()
       or
-      mc_.hasNoCompatibleNonBlanketTargetNoBorrow(selfPos, derefChain) and
+      mc_.hasNoCompatibleNonBlanketTargetNoBorrow(_, derefChain) and
       borrow.isNoBorrow()
     }
 
@@ -2367,6 +2502,28 @@ private module MethodResolution {
         blanketPath.getHead() = borrow.getRefType().getPositionalTypeParameter(0)
       )
     }
+
+    pragma[nomagic]
+    predicate testhasBlanketCandidate(
+      MethodCallCand mcc, ImplItemNode impl, TypePath blanketPath, TypeParam blanketTypeParam
+    ) {
+      exists(MethodCall mc, FunctionPosition pos, BorrowKind borrow |
+        mcc = MkMethodCallCand(mc, _, pos, _, borrow) and
+        blanketPath.isEmpty() and
+        mc = Debug::getRelevantLocatable() and
+        methodCallBlanketLikeCandidate(mc, _, _, pos, impl, _, blanketPath, blanketTypeParam) and
+        impl.isBlanketImplementation() and
+        // Only apply blanket implementations when no other implementations are possible;
+        // this is to account for codebases that use the (unstable) specialization feature
+        // (https://rust-lang.github.io/rfcs/1210-impl-specialization.html), as well as
+        // cases where our blanket implementation filtering is not precise enough.
+        mcc.hasNoCompatibleNonBlanketTarget()
+      |
+        borrow.isNoBorrow()
+        or
+        blanketPath.getHead() = borrow.getRefType().getPositionalTypeParameter(0)
+      )
+    }
   }
 
   private module ReceiverSatisfiesBlanketLikeConstraint =
@@ -3937,7 +4094,7 @@ private module Debug {
     exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
       result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
       filepath.matches("%/main.rs") and
-      startline = 661
+      startline = 570
     )
   }
 

rust/ql/test/library-tests/dataflow/local/inline-flow.expected

@@ -307,6 +307,7 @@ edges
 | main.rs:575:10:575:10 | b | main.rs:575:10:575:17 | b.into() | provenance | MaD:3 |
 | main.rs:575:10:575:10 | b | main.rs:575:10:575:17 | b.into() | provenance | MaD:4 |
 | main.rs:576:20:576:20 | b | main.rs:576:10:576:21 | ...::from(...) | provenance | MaD:9 |
+| main.rs:576:20:576:20 | b | main.rs:576:10:576:21 | ...::from(...) | provenance | ReflexiveFrom |
 nodes
 | main.rs:19:10:19:18 | source(...) | semmle.label | source(...) |
 | main.rs:23:9:23:9 | s | semmle.label | s |

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -9885,12 +9885,16 @@ inferType
 | main.rs:1613:13:1616:13 | Vec2 {...} |  | main.rs:1493:5:1498:5 | Vec2 |
 | main.rs:1614:20:1614:23 | self |  | main.rs:1493:5:1498:5 | Vec2 |
 | main.rs:1614:20:1614:25 | self.x |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1614:20:1614:33 | ... \| ... |  | {EXTERNAL LOCATION} | NonZero |
 | main.rs:1614:20:1614:33 | ... \| ... |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1614:20:1614:33 | ... \| ... | T | {EXTERNAL LOCATION} | i64 |
 | main.rs:1614:29:1614:31 | rhs |  | main.rs:1493:5:1498:5 | Vec2 |
 | main.rs:1614:29:1614:33 | rhs.x |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1615:20:1615:23 | self |  | main.rs:1493:5:1498:5 | Vec2 |
 | main.rs:1615:20:1615:25 | self.y |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1615:20:1615:33 | ... \| ... |  | {EXTERNAL LOCATION} | NonZero |
 | main.rs:1615:20:1615:33 | ... \| ... |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1615:20:1615:33 | ... \| ... | T | {EXTERNAL LOCATION} | i64 |
 | main.rs:1615:29:1615:31 | rhs |  | main.rs:1493:5:1498:5 | Vec2 |
 | main.rs:1615:29:1615:33 | rhs.y |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1621:25:1621:33 | SelfParam |  | {EXTERNAL LOCATION} | &mut |
@@ -10245,9 +10249,13 @@ inferType
 | main.rs:1770:26:1770:30 | 33i64 |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1770:26:1770:38 | ... & ... |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1770:34:1770:38 | 34i64 |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1771:13:1771:21 | i64_bitor |  | {EXTERNAL LOCATION} | NonZero |
 | main.rs:1771:13:1771:21 | i64_bitor |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1771:13:1771:21 | i64_bitor | T | {EXTERNAL LOCATION} | i64 |
 | main.rs:1771:25:1771:29 | 35i64 |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1771:25:1771:37 | ... \| ... |  | {EXTERNAL LOCATION} | NonZero |
 | main.rs:1771:25:1771:37 | ... \| ... |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1771:25:1771:37 | ... \| ... | T | {EXTERNAL LOCATION} | i64 |
 | main.rs:1771:33:1771:37 | 36i64 |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1772:13:1772:22 | i64_bitxor |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1772:26:1772:30 | 37i64 |  | {EXTERNAL LOCATION} | i64 |
@@ -12655,15 +12663,25 @@ inferType
 | overloading.rs:397:10:397:10 | b |  | {EXTERNAL LOCATION} | bool |
 | overloading.rs:397:25:401:5 | { ... } |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:13:398:13 | s |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:13:398:13 | s |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:17:398:54 | if b {...} else {...} |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:17:398:54 | if b {...} else {...} |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:20:398:20 | b |  | {EXTERNAL LOCATION} | bool |
 | overloading.rs:398:22:398:26 | { ... } |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:22:398:26 | { ... } |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:24:398:24 | S |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:24:398:24 | S |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:33:398:54 | { ... } |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:33:398:54 | { ... } |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:398:35:398:52 | ...::default(...) |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:398:35:398:52 | ...::default(...) |  | overloading.rs:372:5:372:14 | S1 |
+| overloading.rs:399:13:399:13 | x |  | overloading.rs:364:5:365:13 | S |
 | overloading.rs:399:13:399:13 | x |  | overloading.rs:372:5:372:14 | S1 |
+| overloading.rs:399:17:399:29 | ...::from(...) |  | overloading.rs:364:5:365:13 | S |
 | overloading.rs:399:17:399:29 | ...::from(...) |  | overloading.rs:372:5:372:14 | S1 |
 | overloading.rs:399:28:399:28 | s |  | overloading.rs:364:5:365:13 | S |
+| overloading.rs:399:28:399:28 | s |  | overloading.rs:372:5:372:14 | S1 |
+| overloading.rs:400:9:400:9 | x |  | overloading.rs:364:5:365:13 | S |
 | overloading.rs:400:9:400:9 | x |  | overloading.rs:372:5:372:14 | S1 |
 | pattern_matching.rs:13:26:133:1 | { ... } |  | {EXTERNAL LOCATION} | Option |
 | pattern_matching.rs:13:26:133:1 | { ... } | T | {EXTERNAL LOCATION} | () |
@@ -14781,3 +14799,4 @@ inferType
 | regressions.rs:32:9:32:13 | opt_e | T | regressions.rs:5:5:7:5 | E |
 | regressions.rs:32:9:32:22 | opt_e.unwrap() |  | regressions.rs:5:5:7:5 | E |
 testFailures
+| overloading.rs:399:17:399:29 | ...::from(...) | Unexpected result: target=from |