wip

Author: hvitved

rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll

@@ -212,8 +212,8 @@ final class MethodCallExprCfgNode extends Nodes::MethodCallExprCfgNode {
   MethodCallExprCfgNode() { node = this.getAstNode() }
 
   /** Gets the `i`th argument of this call. */
-  ExprCfgNode getArgument(int i) {
-    any(ChildMapping mapping).hasCfgChild(node, node.getArgList().getArg(i), this, result)
+  ExprCfgNode getPositionalArgument(int i) {
+    any(ChildMapping mapping).hasCfgChild(node, node.getPositionalArgument(i), this, result)
   }
 }
 
@@ -236,8 +236,8 @@ final class CallCfgNode extends ExprCfgNode {
   }
 
   /** Gets the `i`th argument of this call, if any. */
-  ExprCfgNode getArgument(int i) {
-    any(ChildMapping mapping).hasCfgChild(node, node.getArgument(i), this, result)
+  ExprCfgNode getPositionalArgument(int i) {
+    any(ChildMapping mapping).hasCfgChild(node, node.getPositionalArgument(i), this, result)
   }
 }
 
@@ -257,8 +257,8 @@ final class CallExprCfgNode extends Nodes::CallExprCfgNode {
   CallExprCfgNode() { node = this.getAstNode() }
 
   /** Gets the `i`th argument of this call. */
-  ExprCfgNode getArgument(int i) {
-    any(ChildMapping mapping).hasCfgChild(node, node.getArgList().getArg(i), this, result)
+  ExprCfgNode getSyntacticArgument(int i) {
+    any(ChildMapping mapping).hasCfgChild(node, node.getSyntacticArgument(i), this, result)
   }
 }
 

rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll

@@ -210,14 +210,13 @@ module ExprTrees {
     override AstNode getChildNode(int i) { i = 0 and result = super.getExpr() }
   }
 
-  class BinaryOpExprTree extends StandardPostOrderTree instanceof BinaryExpr {
-    BinaryOpExprTree() { not this instanceof BinaryLogicalOperation }
-
-    override AstNode getChildNode(int i) {
-      i = 0 and result = super.getLhs()
-      or
-      i = 1 and result = super.getRhs()
+  class ArgsExprTree extends StandardPostOrderTree instanceof ArgsExpr {
+    ArgsExprTree() {
+      not this instanceof CallExpr and
+      not this instanceof BinaryLogicalOperation
     }
+
+    override AstNode getChildNode(int i) { result = super.getSyntacticArgument(i) }
   }
 
   class LogicalOrExprTree extends PostOrderTree, LogicalOrExpr {
@@ -296,7 +295,7 @@ module ExprTrees {
     override AstNode getChildNode(int i) {
       i = 0 and result = super.getFunction()
       or
-      result = super.getArgList().getArg(i - 1)
+      result = super.getSyntacticArgument(i - 1)
     }
   }
 
@@ -371,14 +370,6 @@ module ExprTrees {
     }
   }
 
-  class IndexExprTree extends StandardPostOrderTree instanceof IndexExpr {
-    override AstNode getChildNode(int i) {
-      i = 0 and result = super.getBase()
-      or
-      i = 1 and result = super.getIndex()
-    }
-  }
-
   class LetExprTree extends StandardPostOrderTree, LetExpr {
     override AstNode getChildNode(int i) {
       i = 0 and
@@ -510,12 +501,6 @@ module ExprTrees {
     }
   }
 
-  class MethodCallExprTree extends StandardPostOrderTree, MethodCallExpr {
-    override AstNode getChildNode(int i) {
-      if i = 0 then result = this.getReceiver() else result = this.getArgList().getArg(i - 1)
-    }
-  }
-
   class OffsetOfExprTree extends LeafTree instanceof OffsetOfExpr { }
 
   class ParenExprTree extends ControlFlowTree, ParenExpr {
@@ -534,10 +519,6 @@ module ExprTrees {
 
   class PathExprTree extends LeafTree instanceof PathExpr { }
 
-  class PrefixExprTree extends StandardPostOrderTree instanceof PrefixExpr {
-    override AstNode getChildNode(int i) { i = 0 and result = super.getExpr() }
-  }
-
   class RangeExprTree extends StandardPostOrderTree instanceof RangeExpr {
     override AstNode getChildNode(int i) {
       i = 0 and result = super.getStart()

rust/ql/lib/codeql/rust/dataflow/internal/Content.qll

@@ -163,15 +163,15 @@ final class TuplePositionContent extends FieldContent, TTuplePositionContent {
 }
 
 /**
- * A content for the index of an argument to at function call.
+ * A content for the index of an argument to at closure call.
  *
  * Used by the model generator to create flow summaries for higher-order
  * functions.
  */
-final class FunctionCallArgumentContent extends Content, TFunctionCallArgumentContent {
+final class ClosureCallArgumentContent extends Content, TClosureCallArgumentContent {
   private int pos;
 
-  FunctionCallArgumentContent() { this = TFunctionCallArgumentContent(pos) }
+  ClosureCallArgumentContent() { this = TClosureCallArgumentContent(pos) }
 
   int getPosition() { result = pos }
 
@@ -269,6 +269,8 @@ newtype TContent =
         )]
   } or
   TFunctionCallReturnContent() or
-  TFunctionCallArgumentContent(int pos) { pos in [0 .. any(CallExpr c).getNumberOfArguments() - 1] } or
+  TClosureCallArgumentContent(int pos) {
+    pos in [0 .. any(ClosureCallExpr c).getNumberOfPositionalArguments()]
+  } or
   TCapturedVariableContent(VariableCapture::CapturedVariable v) or
   TReferenceContent()

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -131,7 +131,7 @@ final class ParameterPosition extends TParameterPosition {
 final class ArgumentPosition extends ParameterPosition {
   /** Gets the argument of `call` at this position, if any. */
   Expr getArgument(Call call) {
-    result = call.getArgument(this.getPosition())
+    result = call.getPositionalArgument(this.getPosition())
     or
     result = call.getReceiver() and this.isSelf()
   }
@@ -669,7 +669,7 @@ module RustDataFlow implements InputSig<Location> {
   pragma[nomagic]
   additional predicate storeContentStep(Node node1, Content c, Node node2) {
     exists(CallExpr call, int pos |
-      node1.asExpr() = call.getArgument(pragma[only_bind_into](pos)) and
+      node1.asExpr() = call.getSyntacticArgument(pragma[only_bind_into](pos)) and
       node2.asExpr() = call and
       c = TTupleFieldContent(getCallExprTupleField(call, pragma[only_bind_into](pos)))
     )
@@ -717,7 +717,7 @@ module RustDataFlow implements InputSig<Location> {
     exists(DataFlowCall call, int i |
       isArgumentNode(node1, call, TPositionalParameterPosition(i)) and
       lambdaCall(call, _, node2.(PostUpdateNode).getPreUpdateNode()) and
-      c.(FunctionCallArgumentContent).getPosition() = i
+      c.(ClosureCallArgumentContent).getPosition() = i
     )
     or
     VariableCapture::storeStep(node1, c, node2)

rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll

@@ -326,9 +326,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
   predicate ssaDefHasSource(WriteDefinition def) { none() } // handled in `DataFlowImpl.qll` instead
 
   private predicate isArg(Call call, Expr e) {
-    call.getAnArgument() = e
-    or
-    call.getReceiver() = e
+    call.getASyntacticArgument() = e
     or
     exists(Expr mid |
       isArg(call, mid) and

rust/ql/lib/codeql/rust/elements/internal/ArgsExprImpl.qll

@@ -10,14 +10,26 @@ module Impl {
    * Either a `CallExpr`, a `MethodCallExpr`, an `Operation`, or an `IndexExpr`.
    */
   abstract class ArgsExpr extends ExprImpl::Expr {
-    /** Gets the `i`th positional argument of this expression, if any. */
-    Expr getArgument(int i) { none() }
+    /**
+     * Gets the `i`th syntactic argument of this expression.
+     *
+     * Examples:
+     * ```rust
+     * foo(42, "bar"); // `42` is argument 0 and `"bar"` is argument 1
+     * foo.bar(42);    // `foo` is argument 0 and `42` is argument 1
+     * x + y;          // `x` is argument 0 and `y` is argument 1
+     * x[y];           // `x` is argument 0 and `y` is argument 1
+     * ```
+     */
+    Expr getSyntacticArgument(int i) { none() }
 
-    /** Gets a positional argument of this expression, if any. */
-    Expr getAnArgument() { result = this.getArgument(_) }
+    /** Gets an argument of this expression. */
+    Expr getASyntacticArgument() { result = this.getSyntacticArgument(_) }
 
-    /** Gets the number of positional arguments of this expression. */
-    int getNumberOfArguments() { result = count(Expr arg | arg = this.getArgument(_)) }
+    /** Gets the number of arguments of this expression. */
+    int getNumberOfSyntacticArguments() {
+      result = count(Expr arg | arg = this.getSyntacticArgument(_))
+    }
 
     /** Gets the resolved target (function or tuple struct/variant), if any. */
     Addressable getResolvedTarget() { result = TypeInference::resolveCallTarget(this) }

rust/ql/lib/codeql/rust/elements/internal/CallExprImpl.qll

@@ -42,13 +42,13 @@ module Impl {
   class CallExpr extends Generated::CallExpr, ArgsExprImpl::ArgsExpr {
     override string toStringImpl() { result = this.getFunction().toAbbreviatedString() + "(...)" }
 
-    override Expr getArgument(int i) { result = this.getArgList().getArg(i) }
+    override Expr getSyntacticArgument(int i) { result = this.getArgList().getArg(i) }
 
     // todo: remove once internal query has been updated
-    Expr getArg(int i) { result = this.getArgument(i) }
+    Expr getArg(int i) { result = this.getSyntacticArgument(i) }
 
     // todo: remove once internal query has been updated
-    int getNumberOfArgs() { result = this.getNumberOfArguments() }
+    int getNumberOfArgs() { result = this.getNumberOfSyntacticArguments() }
   }
 
   /**
@@ -74,10 +74,10 @@ module Impl {
 
     private predicate isMethodCall() { this.getResolvedTarget() instanceof Method }
 
-    override Expr getArgument(int i) {
+    override Expr getPositionalArgument(int i) {
       if this.isMethodCall()
-      then result = super.getArgList().getArg(i + 1)
-      else result = super.getArgList().getArg(i)
+      then result = this.getSyntacticArgument(i + 1)
+      else result = super.getSyntacticArgument(i)
     }
 
     override Expr getReceiver() { this.isMethodCall() and result = super.getArgList().getArg(0) }

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll

@@ -19,13 +19,37 @@ module Impl {
     /**
      * Gets the receiver of this call, if any.
      *
-     * This is either an actual receiver of a method call, the first argument of a call
-     * to a method
-     *  the first operand of an operation,
-     * or the base expression of an index expression.
+     * Examples:
+     * ```rust
+     * foo(42, "bar"); // no receiver
+     * foo.bar(42);    // `foo` is receiver
+     * x + y;          // `x` is receiver
+     * x[y];           // `x` is receiver
+     * ```
      */
     Expr getReceiver() { none() }
 
+    /**
+     * Gets the `i`th positional argument of this call, if any.
+     *
+     * Examples:
+     * ```rust
+     * foo(42, "bar"); // `42` is argument 0 and `"bar"` is argument 1
+     * foo.bar(42);    // `42` is argument 0
+     * x + y;          // `y` is argument 0
+     * x[y];           // `y` is argument 0
+     * ```
+     */
+    Expr getPositionalArgument(int i) { none() }
+
+    /** Gets a positional argument of this expression. */
+    Expr getAPositionalArgument() { result = this.getPositionalArgument(_) }
+
+    /** Gets the number of positional arguments of this expression. */
+    int getNumberOfPositionalArguments() {
+      result = count(Expr arg | arg = this.getPositionalArgument(_))
+    }
+
     /** Gets the resolved target of this call, if any. */
     Function getStaticTarget() { result = TypeInference::resolveCallTarget(this) }
 

rust/ql/lib/codeql/rust/elements/internal/IndexExprImpl.qll

@@ -28,7 +28,13 @@ module Impl {
         this.getBase().toAbbreviatedString() + "[" + this.getIndex().toAbbreviatedString() + "]"
     }
 
-    override Expr getArgument(int i) { i = 0 and result = this.getIndex() }
+    override Expr getSyntacticArgument(int i) {
+      i = 0 and result = this.getBase()
+      or
+      i = 1 and result = this.getIndex()
+    }
+
+    override Expr getPositionalArgument(int i) { i = 0 and result = this.getIndex() }
 
     override Expr getReceiver() { result = this.getBase() }
   }

rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll

@@ -46,7 +46,13 @@ module Impl {
       result = strictconcat(int i | | this.toStringPart(i) order by i)
     }
 
-    override Expr getArgument(int i) { result = this.getArgList().getArg(i) }
+    override Expr getSyntacticArgument(int i) {
+      i = 0 and result = this.getReceiver()
+      or
+      result = this.getPositionalArgument(i - 1)
+    }
+
+    override Expr getPositionalArgument(int i) { result = this.getArgList().getArg(i) }
 
     override Expr getReceiver() { result = Generated::MethodCallExpr.super.getReceiver() }
   }