Rust: Rework call resolution and type inference for calls

Author: hvitved

rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll

@@ -77,7 +77,7 @@ class CallableScopeTree extends StandardTree, PreOrderTree, PostOrderTree, Scope
 
   override AstNode getChildNode(int i) {
     i = 0 and
-    result = this.getParamList().getSelfParam()
+    result = this.getSelfParam()
     or
     result = this.getParam(i - 1)
     or

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll

@@ -102,7 +102,7 @@ module Impl {
       f = resolvePath(path) and
       path.getSegment().getIdentifier().getText() = methodName and
       exists(SelfParam self |
-        self = f.getParamList().getSelfParam() and
+        self = f.getSelfParam() and
         if self.isRef() then selfIsRef = true else selfIsRef = false
       )
     )

rust/ql/lib/codeql/rust/elements/internal/CallableImpl.qll

@@ -17,5 +17,15 @@ module Impl {
    */
   class Callable extends Generated::Callable {
     override Param getParam(int index) { result = this.getParamList().getParam(index) }
+
+    /**
+     * Gets the self parameter of this callable, if it exists.
+     */
+    SelfParam getSelfParam() { result = this.getParamList().getSelfParam() }
+
+    /**
+     * Holds if `getSelfParam()` exists.
+     */
+    predicate hasSelfParam() { exists(this.getSelfParam()) }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/OperationImpl.qll

@@ -12,7 +12,7 @@ private import codeql.rust.elements.internal.ExprImpl::Impl as ExprImpl
  * the canonical path `path` and the method name `method`, and if it borrows its
  * first `borrows` arguments.
  */
-private predicate isOverloaded(string op, int arity, string path, string method, int borrows) {
+predicate isOverloaded(string op, int arity, string path, string method, int borrows) {
   arity = 1 and
   (
     // Negation

rust/ql/lib/codeql/rust/elements/internal/UnionImpl.qll

@@ -21,6 +21,13 @@ module Impl {
    * ```
    */
   class Union extends Generated::Union {
+    /** Gets the record field named `name`, if any. */
+    pragma[nomagic]
+    StructField getStructField(string name) {
+      result = this.getStructFieldList().getAField() and
+      result.getName().getText() = name
+    }
+
     override string toStringImpl() { result = "union " + this.getName().getText() }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll

@@ -109,7 +109,7 @@ module Impl {
       text = name.getText() and
       // exclude self parameters from functions without a body as these are
       // trait method declarations without implementations
-      not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp)
+      not exists(Function f | not f.hasBody() and f.getSelfParam() = sp)
     )
     or
     exists(IdentPat pat |

rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll

@@ -213,3 +213,83 @@ class StringStruct extends Struct {
   pragma[nomagic]
   StringStruct() { this.getCanonicalPath() = "alloc::string::String" }
 }
+
+/**
+ * The [`Deref` trait][1].
+ *
+ * [1]: https://doc.rust-lang.org/core/ops/trait.Deref.html
+ */
+class DerefTrait extends Trait {
+  pragma[nomagic]
+  DerefTrait() { this.getCanonicalPath() = "core::ops::deref::Deref" }
+
+  /** Gets the `deref` function. */
+  Function getDerefFunction() { result = this.(TraitItemNode).getAssocItem("deref") }
+
+  /** Gets the `Target` associated type. */
+  pragma[nomagic]
+  TypeAlias getTargetType() {
+    result = this.getAssocItemList().getAnAssocItem() and
+    result.getName().getText() = "Target"
+  }
+}
+
+/**
+ * The [`Index` trait][1].
+ *
+ * [1]: https://doc.rust-lang.org/std/ops/trait.Index.html
+ */
+class IndexTrait extends Trait {
+  pragma[nomagic]
+  IndexTrait() { this.getCanonicalPath() = "core::ops::index::Index" }
+
+  /** Gets the `index` function. */
+  Function getIndexFunction() { result = this.(TraitItemNode).getAssocItem("index") }
+
+  /** Gets the `Output` associated type. */
+  pragma[nomagic]
+  TypeAlias getOutputType() {
+    result = this.getAssocItemList().getAnAssocItem() and
+    result.getName().getText() = "Output"
+  }
+}
+
+/**
+ * The [`Box` struct][1].
+ *
+ * [1]: https://doc.rust-lang.org/std/boxed/struct.Box.html
+ */
+class BoxStruct extends Struct {
+  pragma[nomagic]
+  BoxStruct() { this.getCanonicalPath() = "alloc::boxed::Box" }
+}
+
+/**
+ * The [`Rc` struct][1].
+ *
+ * [1]: https://doc.rust-lang.org/std/rc/struct.Rc.html
+ */
+class RcStruct extends Struct {
+  pragma[nomagic]
+  RcStruct() { this.getCanonicalPath() = "alloc::rc::Rc" }
+}
+
+/**
+ * The [`Arc` struct][1].
+ *
+ * [1]: https://doc.rust-lang.org/std/sync/struct.Arc.html
+ */
+class ArcStruct extends Struct {
+  pragma[nomagic]
+  ArcStruct() { this.getCanonicalPath() = "alloc::sync::Arc" }
+}
+
+/**
+ * The [`Pin` struct][1].
+ *
+ * [1]: https://doc.rust-lang.org/std/pin/struct.Pin.html
+ */
+class PinStruct extends Struct {
+  pragma[nomagic]
+  PinStruct() { this.getCanonicalPath() = "core::pin::Pin" }
+}

rust/ql/lib/codeql/rust/internal/PathResolution.qll

@@ -786,7 +786,7 @@ final class ImplItemNode extends ImplOrTraitItemNode instanceof Impl {
   }
 }
 
-final private class ImplTraitTypeReprItemNode extends TypeItemNode instanceof ImplTraitTypeRepr {
+final class ImplTraitTypeReprItemNode extends TypeItemNode instanceof ImplTraitTypeRepr {
   pragma[nomagic]
   Path getABoundPath() {
     result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath()
@@ -1317,6 +1317,12 @@ private predicate crateDependency(SourceFileItemNode file, string name, CrateIte
   exists(CrateItemNode c | dep = c.(Crate).getDependency(name) | file = c.getASourceFile())
 }
 
+pragma[nomagic]
+private predicate hasDeclOrDep(SourceFileItemNode file, string name) {
+  declaresDirectly(file, TTypeNamespace(), name) or
+  crateDependency(file, name, _)
+}
+
 /**
  * Holds if `file` depends on crate `dep` named `name`.
  */
@@ -1330,8 +1336,7 @@ private predicate crateDependencyEdge(SourceFileItemNode file, string name, Crat
   // a given file to its crate (for example, if the file is `mod` imported inside a macro that the
   // extractor is unable to expand).
   name = dep.getName() and
-  not declaresDirectly(file, TTypeNamespace(), name) and
-  not crateDependency(file, name, _)
+  not hasDeclOrDep(file, name)
 }
 
 private predicate useTreeDeclares(UseTree tree, string name) {
@@ -1505,25 +1510,55 @@ signature predicate relevantTraitVisibleSig(Element element, Trait trait);
  * at a given element.
  */
 module TraitIsVisible<relevantTraitVisibleSig/2 relevantTraitVisible> {
-  /** Holds if the trait might be looked up in `encl`. */
-  private predicate traitLookup(ItemNode encl, Element element, Trait trait) {
-    // lookup in immediately enclosing item
-    relevantTraitVisible(element, trait) and
-    encl.getADescendant() = element
+  private newtype TNode =
+    TTrait(Trait t) { relevantTraitVisible(_, t) } or
+    TItemNode(ItemNode i) or
+    TElement(Element e) { relevantTraitVisible(e, _) }
+
+  private predicate isTrait(TNode n) { n instanceof TTrait }
+
+  private predicate step(TNode n1, TNode n2) {
+    exists(Trait t1, ItemNode i2 |
+      n1 = TTrait(t1) and
+      n2 = TItemNode(i2) and
+      t1 = i2.getASuccessor(_, _, _)
+    )
     or
-    // lookup in an outer scope, but only if the trait is not declared in inner scope
-    exists(ItemNode mid |
-      traitLookup(mid, element, trait) and
-      not trait = mid.getASuccessor(_, _, _) and
-      encl = getOuterScope(mid)
+    exists(ItemNode i1, ItemNode i2 |
+      n1 = TItemNode(i1) and
+      n2 = TItemNode(i2) and
+      i1 = getOuterScope(i2)
+    )
+    or
+    exists(ItemNode i1, Element e2 |
+      n1 = TItemNode(i1) and
+      n2 = TElement(e2) and
+      i1.getADescendant() = e2
+    )
+  }
+
+  private predicate isElement(TNode n) { n instanceof TElement }
+
+  private predicate traitIsVisibleTC(TNode trait, TNode element) =
+    doublyBoundedFastTC(step/2, isTrait/1, isElement/1)(trait, element)
+
+  pragma[nomagic]
+  private predicate relevantTraitVisibleLift(TNode trait, TElement element) {
+    exists(Trait t, Element e |
+      trait = TTrait(t) and
+      element = TElement(e) and
+      relevantTraitVisible(e, t)
     )
   }
 
   /** Holds if the trait `trait` is visible at `element`. */
   pragma[nomagic]
   predicate traitIsVisible(Element element, Trait trait) {
-    exists(ItemNode encl |
-      traitLookup(encl, element, trait) and trait = encl.getASuccessor(_, _, _)
+    exists(TNode t, TNode e |
+      traitIsVisibleTC(t, e) and
+      relevantTraitVisibleLift(t, e) and
+      t = TTrait(trait) and
+      e = TElement(element)
     )
   }
 }

rust/ql/lib/codeql/rust/internal/Type.qll

@@ -42,11 +42,14 @@ newtype TType =
   TStruct(Struct s) or
   TEnum(Enum e) or
   TTrait(Trait t) or
+  TUnion(Union u) or
   TArrayType() or // todo: add size?
   TRefType() or // todo: add mut?
   TImplTraitType(ImplTraitTypeRepr impl) or
   TDynTraitType(Trait t) { t = any(DynTraitTypeRepr dt).getTrait() } or
   TSliceType() or
+  TNeverType() or
+  TPtrType() or
   TTupleTypeParameter(int arity, int i) { exists(TTuple(arity)) and i in [0 .. arity - 1] } or
   TTypeParamTypeParameter(TypeParam t) or
   TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getAnAssocItem() = t } or
@@ -57,7 +60,8 @@ newtype TType =
   } or
   TRefTypeParameter() or
   TSelfTypeParameter(Trait t) or
-  TSliceTypeParameter()
+  TSliceTypeParameter() or
+  TPtrTypeParameter()
 
 private predicate implTraitTypeParam(ImplTraitTypeRepr implTrait, int i, TypeParam tp) {
   implTrait.isInReturnPos() and
@@ -224,6 +228,31 @@ class TraitType extends Type, TTrait {
   override Location getLocation() { result = trait.getLocation() }
 }
 
+/** A union type. */
+class UnionType extends StructOrEnumType, TUnion {
+  private Union union;
+
+  UnionType() { this = TUnion(union) }
+
+  override ItemNode asItemNode() { result = union }
+
+  override StructField getStructField(string name) { result = union.getStructField(name) }
+
+  override TupleField getTupleField(int i) { none() }
+
+  override TypeParameter getPositionalTypeParameter(int i) {
+    result = TTypeParamTypeParameter(union.getGenericParamList().getTypeParam(i))
+  }
+
+  override TypeMention getTypeParameterDefault(int i) {
+    result = union.getGenericParamList().getTypeParam(i).getDefaultType()
+  }
+
+  override string toString() { result = union.getName().getText() }
+
+  override Location getLocation() { result = union.getLocation() }
+}
+
 /**
  * An array type.
  *
@@ -374,6 +403,33 @@ class SliceType extends Type, TSliceType {
   override Location getLocation() { result instanceof EmptyLocation }
 }
 
+class NeverType extends Type, TNeverType {
+  override StructField getStructField(string name) { none() }
+
+  override TupleField getTupleField(int i) { none() }
+
+  override TypeParameter getPositionalTypeParameter(int i) { none() }
+
+  override string toString() { result = "!" }
+
+  override Location getLocation() { result instanceof EmptyLocation }
+}
+
+class PtrType extends Type, TPtrType {
+  override StructField getStructField(string name) { none() }
+
+  override TupleField getTupleField(int i) { none() }
+
+  override TypeParameter getPositionalTypeParameter(int i) {
+    i = 0 and
+    result = TPtrTypeParameter()
+  }
+
+  override string toString() { result = "*" }
+
+  override Location getLocation() { result instanceof EmptyLocation }
+}
+
 /** A type parameter. */
 abstract class TypeParameter extends Type {
   override StructField getStructField(string name) { none() }
@@ -529,6 +585,12 @@ class SliceTypeParameter extends TypeParameter, TSliceTypeParameter {
   override Location getLocation() { result instanceof EmptyLocation }
 }
 
+class PtrTypeParameter extends TypeParameter, TPtrTypeParameter {
+  override string toString() { result = "*T" }
+
+  override Location getLocation() { result instanceof EmptyLocation }
+}
+
 /**
  * The implicit `Self` type parameter of a trait, that refers to the
  * implementing type of the trait.