wip3

hvitved · hvitved · commit eabd41880725 · 2026-02-23T13:11:21.000+01:00
diff --git a/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll b/rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll
@@ -32,7 +32,7 @@ class FunctionPosition extends TFunctionPosition {
   /** Gets the corresponding position when `f` is invoked via a function call. */
   bindingset[f]
   FunctionPosition getFunctionCallAdjusted(Function f) {
-    this.isReturn() and
+    (this.isReturn() or this.isTypeQualifier()) and
     result = this
     or
     if f.hasSelfParam()
diff --git a/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
@@ -1401,14 +1401,15 @@ private module MethodResolution {
    */
   pragma[inline]
   private predicate assocFunctionInfoNonBlanket(
-    Function f, string name, int arity, FunctionPosition selfPos, ImplOrTraitItemNode i,
-    AssocFunctionType selfType, TypePath strippedTypePath, Type strippedType
+    Function f, string name, int arity, FunctionPosition selfPos, FunctionPosition pos,
+    ImplOrTraitItemNode i, AssocFunctionType selfType, TypePath strippedTypePath, Type strippedType
   ) {
     (
       assocFunctionInfo(f, name, arity, selfPos, i, selfType, strippedTypePath, strippedType) or
       assocFunctionInfoTypeParam(f, name, arity, selfPos, i, selfType, strippedTypePath, _)
     ) and
-    not BlanketImplementation::isBlanketLike(i, _, _)
+    not BlanketImplementation::isBlanketLike(i, _, _) and
+    pos = selfPos.getFunctionCallAdjusted(f)
   }
 
   /**
@@ -1421,12 +1422,14 @@ private module MethodResolution {
    */
   pragma[nomagic]
   private predicate assocFunctionSelfInfoBlanketLike(
-    Function f, string name, int arity, FunctionPosition selfPos, ImplItemNode impl, Trait trait,
-    AssocFunctionType selfType, TypePath blanketPath, TypeParam blanketTypeParam
+    Function f, string name, int arity, FunctionPosition selfPos, FunctionPosition posAdj,
+    ImplItemNode impl, Trait trait, AssocFunctionType selfType, TypePath blanketPath,
+    TypeParam blanketTypeParam
   ) {
     assocFunctionInfoBlanketLike(f, name, arity, impl, trait, selfPos, selfType, blanketPath,
       blanketTypeParam) and
-    selfPos.isSelfOrTypeQualifier()
+    selfPos.isSelfOrTypeQualifier() and
+    posAdj = selfPos.getFunctionCallAdjusted(f)
   }
 
   pragma[nomagic]
@@ -1478,12 +1481,13 @@ private module MethodResolution {
   bindingset[mc, strippedTypePath, strippedType]
   pragma[inline_late]
   private predicate methodCallNonBlanketCandidate(
-    MethodCall mc, Function f, FunctionPosition selfPos, ImplOrTraitItemNode i,
-    AssocFunctionType self, TypePath strippedTypePath, Type strippedType
+    MethodCall mc, Function f, FunctionPosition selfPos, FunctionPosition pos,
+    ImplOrTraitItemNode i, AssocFunctionType self, TypePath strippedTypePath, Type strippedType
   ) {
     exists(string name, int arity |
       mc.hasNameAndArity(name, arity) and
-      assocFunctionInfoNonBlanket(f, name, arity, selfPos, i, self, strippedTypePath, strippedType)
+      assocFunctionInfoNonBlanket(f, name, arity, selfPos, pos, i, self, strippedTypePath,
+        strippedType)
     |
       i =
         any(Impl impl |
@@ -1512,12 +1516,12 @@ private module MethodResolution {
   bindingset[mc]
   pragma[inline_late]
   private predicate methodCallBlanketLikeCandidate(
-    MethodCall mc, Function f, FunctionPosition selfPos, ImplItemNode impl, AssocFunctionType self,
-    TypePath blanketPath, TypeParam blanketTypeParam
+    MethodCall mc, Function f, FunctionPosition selfPos, FunctionPosition pos, ImplItemNode impl,
+    AssocFunctionType self, TypePath blanketPath, TypeParam blanketTypeParam
   ) {
     exists(string name, int arity |
       mc.hasNameAndArity(name, arity) and
-      assocFunctionSelfInfoBlanketLike(f, name, arity, selfPos, impl, _, self, blanketPath,
+      assocFunctionSelfInfoBlanketLike(f, name, arity, selfPos, pos, impl, _, self, blanketPath,
         blanketTypeParam)
     |
       methodCallVisibleImplTraitCandidate(mc, impl)
@@ -1551,6 +1555,8 @@ private module MethodResolution {
 
     abstract Expr getArg(ArgumentPosition pos);
 
+    predicate hasReceiver() { exists(this.getArg(any(ArgumentPosition self | self.isSelf()))) }
+
     abstract predicate supportsAutoDerefAndBorrow();
 
     /** Gets the trait targeted by this call, if any. */
@@ -1577,7 +1583,6 @@ private module MethodResolution {
       FunctionPosition selfPos, DerefChain derefChain, TypePath path
     ) {
       result = this.getArgumentTypeAt(selfPos.asArgumentPosition(), path) and
-      selfPos.isSelfOrTypeQualifier() and
       derefChain.isEmpty()
       or
       exists(DerefImplItemNode impl, DerefChain suffix |
@@ -1602,7 +1607,7 @@ private module MethodResolution {
     ) {
       exists(TypePath path |
         ReceiverIsInstantiationOfSelfParam::argIsNotInstantiationOf(MkMethodCallCand(this, selfPos,
-            derefChain, borrow), i, _, path) and
+            _, derefChain, borrow), i, _, path) and
         path.isCons(root.getATypeParameter(), _)
       )
     }
@@ -1618,10 +1623,10 @@ private module MethodResolution {
       ImplItemNode impl, FunctionPosition selfPos, DerefChain derefChain, BorrowKind borrow
     ) {
       ReceiverIsNotInstantiationOfBlanketLikeSelfParam::argIsNotInstantiationOf(MkMethodCallCand(this,
-          selfPos, derefChain, borrow), impl, _, _)
+          selfPos, _, derefChain, borrow), impl, _, _)
       or
       ReceiverSatisfiesBlanketLikeConstraint::dissatisfiesBlanketConstraint(MkMethodCallCand(this,
-          selfPos, derefChain, borrow), impl)
+          selfPos, _, derefChain, borrow), impl)
     }
 
     /**
@@ -1651,7 +1656,7 @@ private module MethodResolution {
       Type strippedType
     ) {
       forall(ImplOrTraitItemNode i |
-        methodCallNonBlanketCandidate(this, _, selfPos, i, _, strippedTypePath, strippedType)
+        methodCallNonBlanketCandidate(this, _, selfPos, _, i, _, strippedTypePath, strippedType)
       |
         this.hasIncompatibleTarget(i, selfPos, derefChain, borrow, strippedType)
       )
@@ -1664,7 +1669,7 @@ private module MethodResolution {
     ) {
       this.hasNoCompatibleNonBlanketLikeTargetCheck(selfPos, derefChain, borrow, strippedTypePath,
         strippedType) and
-      forall(ImplItemNode i | methodCallBlanketLikeCandidate(this, _, selfPos, i, _, _, _) |
+      forall(ImplItemNode i | methodCallBlanketLikeCandidate(this, _, selfPos, _, i, _, _, _) |
         this.hasIncompatibleBlanketLikeTarget(i, selfPos, derefChain, borrow)
       )
     }
@@ -1677,7 +1682,7 @@ private module MethodResolution {
       this.hasNoCompatibleNonBlanketLikeTargetCheck(selfPos, derefChain, borrow, strippedTypePath,
         strippedType) and
       forall(ImplItemNode i |
-        methodCallBlanketLikeCandidate(this, _, selfPos, i, _, _, _) and
+        methodCallBlanketLikeCandidate(this, _, selfPos, _, i, _, _, _) and
         not i.isBlanketImplementation()
       |
         this.hasIncompatibleBlanketLikeTarget(i, selfPos, derefChain, borrow)
@@ -1691,7 +1696,8 @@ private module MethodResolution {
       int n
     ) {
       (
-        this.supportsAutoDerefAndBorrow()
+        this.supportsAutoDerefAndBorrow() and
+        selfPos.isSelf()
         or
         // needed for the `hasNoCompatibleTarget` check in
         // `ReceiverSatisfiesBlanketLikeConstraintInput::hasBlanketCandidate`
@@ -1727,7 +1733,8 @@ private module MethodResolution {
       int n
     ) {
       (
-        this.supportsAutoDerefAndBorrow()
+        this.supportsAutoDerefAndBorrow() and
+        selfPos.isSelf()
         or
         // needed for the `hasNoCompatibleTarget` check in
         // `ReceiverSatisfiesBlanketLikeConstraintInput::hasBlanketCandidate`
@@ -1909,6 +1916,7 @@ private module MethodResolution {
       exists(RefType rt |
         // first try shared borrow
         this.supportsAutoDerefAndBorrow() and
+        selfPos.isSelf() and
         this.hasNoCompatibleTargetNoBorrow(selfPos, derefChain) and
         borrow.isSharedBorrow()
         or
@@ -1937,7 +1945,7 @@ private module MethodResolution {
     pragma[nomagic]
     Function resolveCallTarget(ImplOrTraitItemNode i, DerefChain derefChain, BorrowKind borrow) {
       exists(MethodCallCand mcc |
-        mcc = MkMethodCallCand(this, _, derefChain, borrow) and
+        mcc = MkMethodCallCand(this, _, _, derefChain, borrow) and
         result = mcc.resolveCallTarget(i)
       )
     }
@@ -2031,7 +2039,7 @@ private module MethodResolution {
     pragma[nomagic]
     predicate hasNoInherentTarget() {
       // `_` is fine below, because auto-deref/borrow is not supported
-      MkMethodCallCand(this, _, _, _).(MethodCallCand).hasNoInherentTarget()
+      MkMethodCallCand(this, _, _, _, _).(MethodCallCand).hasNoInherentTarget()
     }
 
     override predicate supportsAutoDerefAndBorrow() { none() }
@@ -2107,19 +2115,32 @@ private module MethodResolution {
 
   private newtype TMethodCallCand =
     MkMethodCallCand(
-      MethodCall mc, FunctionPosition selfPos, DerefChain derefChain, BorrowKind borrow
+      MethodCall mc, FunctionPosition selfPos, FunctionPosition pos, DerefChain derefChain,
+      BorrowKind borrow
     ) {
-      exists(mc.getACandidateReceiverTypeAt(selfPos, derefChain, borrow, _))
+      exists(mc.getACandidateReceiverTypeAt(selfPos, derefChain, borrow, _)) and
+      if mc.hasReceiver()
+      then
+        pos.asPosition() = 0 and selfPos.isSelf()
+        or
+        pos.asPosition() = selfPos.asPosition() + 1
+        or
+        pos.isTypeQualifier() and selfPos.isTypeQualifier()
+      else
+        // or
+        // pos.isReturn() and selfPos.isReturn()
+        pos = selfPos
     }
 
   /** A method call with a dereference chain and a potential borrow. */
   private class MethodCallCand extends MkMethodCallCand {
     MethodCall mc_;
+    FunctionPosition pos;
     FunctionPosition selfPos;
     DerefChain derefChain;
     BorrowKind borrow;
 
-    MethodCallCand() { this = MkMethodCallCand(mc_, selfPos, derefChain, borrow) }
+    MethodCallCand() { this = MkMethodCallCand(mc_, selfPos, pos, derefChain, borrow) }
 
     MethodCall getMethodCall() { result = mc_ }
 
@@ -2143,14 +2164,14 @@ private module MethodResolution {
 
     pragma[nomagic]
     predicate hasSignature(
-      MethodCall mc, FunctionPosition selfPos_, TypePath strippedTypePath, Type strippedType,
+      MethodCall mc, FunctionPosition pos_, TypePath strippedTypePath, Type strippedType,
       string name, int arity
     ) {
       strippedType = this.getTypeAt(strippedTypePath) and
       isComplexRootStripped(strippedTypePath, strippedType) and
       mc = mc_ and
       mc.hasNameAndArity(name, arity) and
-      selfPos = selfPos_
+      pos = pos_
     }
 
     /**
@@ -2171,9 +2192,9 @@ private module MethodResolution {
       mc_.hasTrait()
       or
       exists(TypePath strippedTypePath, Type strippedType, string name, int arity |
-        this.hasSignature(_, selfPos, strippedTypePath, strippedType, name, arity) and
+        this.hasSignature(_, pos, strippedTypePath, strippedType, name, arity) and
         forall(Impl i |
-          assocFunctionInfoNonBlanket(_, name, arity, selfPos, i, _, strippedTypePath, strippedType) and
+          assocFunctionInfoNonBlanket(_, name, arity, _, pos, i, _, strippedTypePath, strippedType) and
           not i.hasTrait()
         |
           this.hasIncompatibleInherentTarget(i)
@@ -2218,6 +2239,7 @@ private module MethodResolution {
     private newtype TMethodCallDerefCand =
       MkMethodCallDerefCand(MethodCall mc, FunctionPosition selfPos, DerefChain derefChain) {
         mc.supportsAutoDerefAndBorrow() and
+        selfPos.isSelf() and
         mc.hasNoCompatibleTargetMutBorrow(selfPos, derefChain) and
         exists(mc.getACandidateReceiverTypeAtNoBorrow(selfPos, derefChain, TypePath::nil()))
       }
@@ -2285,9 +2307,9 @@ private module MethodResolution {
     predicate hasBlanketCandidate(
       MethodCallCand mcc, ImplItemNode impl, TypePath blanketPath, TypeParam blanketTypeParam
     ) {
-      exists(MethodCall mc, FunctionPosition selfPos, BorrowKind borrow |
-        mcc = MkMethodCallCand(mc, selfPos, _, borrow) and
-        methodCallBlanketLikeCandidate(mc, _, selfPos, impl, _, blanketPath, blanketTypeParam) and
+      exists(MethodCall mc, FunctionPosition pos, BorrowKind borrow |
+        mcc = MkMethodCallCand(mc, _, pos, _, borrow) and
+        methodCallBlanketLikeCandidate(mc, _, _, pos, impl, _, blanketPath, blanketTypeParam) and
         // Only apply blanket implementations when no other implementations are possible;
         // this is to account for codebases that use the (unstable) specialization feature
         // (https://rust-lang.github.io/rfcs/1210-impl-specialization.html), as well as
@@ -2317,14 +2339,14 @@ private module MethodResolution {
       MethodCallCand mcc, ImplOrTraitItemNode i, AssocFunctionType selfType
     ) {
       exists(
-        MethodCall mc, FunctionPosition selfPos, Function f, string name, int arity,
+        MethodCall mc, FunctionPosition pos, Function f, string name, int arity,
         TypePath strippedTypePath, Type strippedType
       |
-        mcc.hasSignature(mc, selfPos, strippedTypePath, strippedType, name, arity)
+        mcc.hasSignature(mc, pos, strippedTypePath, strippedType, name, arity)
       |
-        methodCallNonBlanketCandidate(mc, f, selfPos, i, selfType, strippedTypePath, strippedType)
+        methodCallNonBlanketCandidate(mc, f, _, pos, i, selfType, strippedTypePath, strippedType)
         or
-        methodCallBlanketLikeCandidate(mc, f, selfPos, i, selfType, _, _) and
+        methodCallBlanketLikeCandidate(mc, f, _, pos, i, selfType, _, _) and
         ReceiverSatisfiesBlanketLikeConstraint::satisfiesBlanketConstraint(mcc, i)
       )
     }
@@ -2361,9 +2383,9 @@ private module MethodResolution {
     predicate potentialInstantiationOf(
       MethodCallCand mcc, TypeAbstraction abs, AssocFunctionType constraint
     ) {
-      exists(MethodCall mc, FunctionPosition selfPos |
-        mcc = MkMethodCallCand(mc, selfPos, _, _) and
-        methodCallBlanketLikeCandidate(mc, _, selfPos, abs, constraint, _, _) and
+      exists(MethodCall mc, FunctionPosition pos |
+        mcc = MkMethodCallCand(mc, _, pos, _, _) and
+        methodCallBlanketLikeCandidate(mc, _, _, pos, abs, constraint, _, _) and
         if abs.(Impl).hasTrait()
         then
           // inherent methods take precedence over trait methods, so only allow
@@ -2406,11 +2428,11 @@ private module MethodResolution {
     }
 
     class Call extends MethodCallCand {
-      Type getArgType(FunctionPosition pos, TypePath path) {
-        result = mc_.getArgumentTypeAt(pos.asArgumentPosition(), path)
+      Type getArgType(FunctionPosition pos_, TypePath path) {
+        result = mc_.getArgumentTypeAt(pos_.asArgumentPosition(), path)
         or
-        pos.isReturn() and
-        result = inferType(mc_.getNodeAt(pos), path)
+        pos_.isReturn() and
+        result = inferType(mc_.getNodeAt(pos_), path)
       }
 
       predicate hasTargetCand(ImplOrTraitItemNode i, Function f) {
@@ -4227,7 +4249,7 @@ private module Debug {
     exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
       result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
       filepath.matches("%/main.rs") and
-      startline = 103
+      startline = 93
     )
   }
 
